CN107294921A - The processing method and processing device that a kind of web terminal is accessed - Google Patents

The processing method and processing device that a kind of web terminal is accessed Download PDF

Info

Publication number
CN107294921A
CN107294921A CN201610201940.6A CN201610201940A CN107294921A CN 107294921 A CN107294921 A CN 107294921A CN 201610201940 A CN201610201940 A CN 201610201940A CN 107294921 A CN107294921 A CN 107294921A
Authority
CN
China
Prior art keywords
web terminal
encryption
encryption key
data
feedback data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201610201940.6A
Other languages
Chinese (zh)
Inventor
林松英
吴翰清
钱磊
余金波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201610201940.6A priority Critical patent/CN107294921A/en
Publication of CN107294921A publication Critical patent/CN107294921A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics

Abstract

This application provides the processing method and processing device that a kind of web terminal is accessed.Methods described includes:Access request for web terminal generates feedback data;The feedback data is encrypted using predetermined encryption key;Feedback data after encryption is sent to the web terminal, so that the web terminal accesses server according to the feedback data after encryption.According to the scheme of the application, the variable data in feedback data is encrypted, and attacker can not improve web security by changing the access parameter of system variable data configuration newly, prevent all kinds of security attack behaviors including horizontal authority leak;Meanwhile, the requirement to the awareness of safety of developer to operation system development is reduced, human input cost is reduced.

Description

The processing method and processing device that a kind of web terminal is accessed
Technical field
The application is related to technical field of network information, the processing side that more particularly to a kind of web terminal is accessed Method, and the processing unit that a kind of web terminal is accessed.
Background technology
The Internet, applications based on web environment are more and more extensive, and what is come one after another is exactly web security threats Highlight.Attacker utilizes cross-site scripting attack XSS, SQL injection leak, the water of web services program Equal rights limit leak etc. obtains the control authority of web server, distorts web page contents, steals important internal number According to, or even malicious code can be implanted into webpage so that website caller is encroached on.
Solution common at present is, for each safety problem, offer one kind correspondence of customization The security code of development language writes mode, in operation system R&D process, is compiled using the security code WriteMode writes code.This scheme has the drawback that:
On the one hand, in web R & D of complexes, it is still desirable to which developer has good awareness of safety To be write using these safe methods, the awareness of safety to developer requires very high.
On the other hand, mode is write as a result of the Multiple Code of customization, it is impossible in standardized form It is automatically performed whole checkings, it is still desirable to which safety engineer is manually verified, is weighed especially for level Leak is limited, can only be by the way of verifying one by one, human input cost is high.
Finally, this excessively to rely on human input and artificial horizontal scheme, essence can not simultaneously be controlled well Web risks processed.
The content of the invention
In view of the above problems, it is proposed that the embodiment of the present application so as to provide one kind overcome above mentioned problem or The processing dress that the processing method and web terminal that the web terminal solved the above problems at least in part is accessed are accessed Put.
In order to solve the above problems, this application discloses the processing method that a kind of web terminal is accessed, bag Include:
Access request for web terminal generates feedback data;
The feedback data is encrypted using predetermined encryption key;
Feedback data after encryption is sent to the web terminal, for the web terminal according to encryption after Feedback data accesses server.
Preferably, the encryption key is the encryption key of this login generation for the web terminal.
Preferably, the encryption key is stored in the session information of this this login of correspondence;
Before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped Include:
Session identification according to this login is corresponded to searches corresponding session information, and from the session information Middle extraction encryption key.
Preferably, the access request is logging request, in the use predetermined encryption key to described anti- Before feedback data are encrypted, methods described also includes:
For this login generation encryption key of the web terminal.
Preferably, described this login generation encryption key for the web terminal includes:
Obtain the unique identification information of the web terminal, the random number for corresponding to this login and this login Server time;
The encryption key is generated according to the unique identification information, random number and server time.
Preferably, the ID of the unique identification information including the login user, entry address with And at least one of device identification of user equipment residing for the web terminal, the random information include and this It is secondary to log at least one of corresponding server time and random number.
Preferably, before described this login generation encryption key for the web terminal, methods described Also include:
After this is logined successfully, the session information and session identification of this login of correspondence are created;
After described this login generation encryption key for the web terminal, methods described also includes:
The encryption key is stored into the session information.
Preferably, the use predetermined encryption key feedback data is encrypted including:
The variable data in the feedback data is encrypted using predetermined encryption key;
The feedback data by after encryption, which is sent to the web terminal, to be included:
The variable data of assembly encryption is into the feedback data;
The feedback data is fed back into the web terminal.
Preferably, the variable data includes web page address and/or accesses parameter, and the encryption uses RSA Public key encryption algorithm.
Present invention also provides the processing method that a kind of web terminal is accessed, including:
The access request of web terminal is received, the access request carries the encryption data of this access of triggering, The encryption data is encrypted using predetermined encryption key;
The encryption data is decrypted, and the web terminal is responded based on decrypted result.
Preferably, the encryption data is the variable data after encryption, and the encryption key is for described This of web terminal logs in the encryption key generated.
Preferably, the access request carries the correspondence session identification that this is logged in;
Before the decryption encryption data, methods described also includes:
Respective session information is searched from according to the session identification, and extracts advance from the session information The encryption key of storage;
The decryption encryption data includes:
The encryption data is decrypted according to the encryption key of extraction.
Preferably, methods described also includes:
To the response web terminal, this feedback data accessed is encrypted.
Present invention also provides the processing unit that a kind of web terminal is accessed, including:
Feedback data generation module, feedback data is generated for the access request for web terminal;
Encrypting module, for the feedback data to be encrypted using predetermined encryption key;
Feedback module, for the feedback data after encryption to be sent to the web terminal, for the web Hold and server is accessed according to the feedback data after encryption.
Preferably, the encryption key is the encryption key of this login generation for the web terminal.
Preferably, the encryption key is stored in the session information of this this login of correspondence;
Described device also includes:
Key Acquisition Module, for the feedback data to be encrypted in the use predetermined encryption key Before, according to correspondence, this session identification logged in searches corresponding session information, and believes from the session Encryption key is extracted in breath.
Preferably, the access request is logging request, and described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key Before, for this login generation encryption key of the web terminal.
Preferably, the key production module includes:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time Into the encryption key.
Preferably, the ID of the unique identification information including the login user, entry address with And at least one of device identification of user equipment residing for the web terminal, the random information include and this It is secondary to log at least one of corresponding server time and random number.
Present invention also provides the processing unit that a kind of web terminal is accessed, including:
Request receiving module, the access request for receiving web terminal, the access request carries triggering originally The encryption data of secondary access, the encryption data is encrypted using predetermined encryption key;
Deciphering module, for decrypting the encryption data;
Respond module, for responding the web terminal based on decrypted result.
The embodiment of the present application includes advantages below:
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used Feedback data is encrypted encryption key, and the variable data in feedback data is encrypted, can be with So that the follow-up variable data according to after encryption of web terminal accesses server, attacker can not be by changing The variable data of system constructs new access parameter, improves web security, has prevented horizontal authority leak All kinds of security attack behaviors inside;Meanwhile, reduce to operation system development to developer's The requirement of awareness of safety, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Brief description of the drawings
Fig. 1 is the operation system processes of research & development schematic diagram of background technology;
Fig. 2 is a kind of step flow chart of the processing method embodiment 1 of web terminal access of the application;
Fig. 3 is a kind of step flow chart of the processing method embodiment 2 of web terminal access of the application;
Fig. 4 is a kind of step flow chart of the processing method embodiment 3 of web terminal access of the application;
Fig. 5 be the application an example in web terminal access process chart;
Fig. 6 is a system architecture diagram for implementing the embodiment of the present application;
Fig. 7 be the application an example in web terminal and server interaction schematic diagram;
Fig. 8 is a kind of structured flowchart of the processing unit embodiment 1 of web terminal access of the application;
Fig. 9 is a kind of structured flowchart of the processing unit embodiment 2 of web terminal access of the application.
Embodiment
To enable above-mentioned purpose, the feature and advantage of the application more obvious understandable, with reference to attached Figure and embodiment are described in further detail to the application.
Web attackers generally using cross-site scripting attack XSS, the SQL injection leak of web services program, Horizontal authority leak etc. obtains the control authority of web server.
By taking horizontal authority leak as an example, developer is easily habitually in generation database manipulation list When, the object to be operated ID that it has permission is found out according to the user identity logined successfully, and there is provided entrance Submit and ask for user, need not now verify other i.e. operable related objects of user right.Due to most Number the object to be operated ID both be set to from increase integer, as long as attacker add 1 to correlation ID, subtract 1, Until traversal, it is possible in the case of without verifying authorization, the operation of the object to other associations is obtained Authority.
Such as Fig. 1 is the operation system processes of research & development schematic diagram of background technology, first according to the exploitation language of company The code development specification of speech customization safety, and research and develop the specification literary style for judging to be applicable.Writing phase is by researching and developing Engineer is write, and security audit is carried out to writing result by safety engineer.To defend XSS leaks, Research and development engineer needs to carry out HTML HTML escapes;Accordingly, safety engineer needs The corresponding output point of manual examination and verification, or confirm framework default configuration.For defence SQL injection, according to opening Hair language does corresponding AQL Variable-Bindings;Accordingly, safety engineer needs to check expanding for binding Markup language xml is opened up, or the artificial code for reading over related to SQL is audited.For level power Leak is limited, it is necessary to research staff has awareness of safety, the coding-control at corresponding code;Safety engineering Teacher has no general scheme in examination & verification, is all to audit one by one in most cases.
As can be seen here, the scheme of background technology is thrown the awareness of safety of developer, the manpower of verification stage Enter and propose higher requirement, and web safety can not be ensured.In view of this, present applicant proposes one The web terminal access mechanism fully or partially solved the above problems is planted, is specifically described below.
Embodiment of the method 1
Reference picture 2, the step of showing the processing method embodiment 1 that a kind of web terminal of the application is accessed Flow chart, specifically may include steps of:
Step 101, the access request for web terminal generates feedback data.
Wherein, web terminal can be the client of browser end or other offer web page access, specifically may be used With applied to mobile terminal (such as mobile phone) or other fixed terminals.
The embodiment of the present application can send to server and visit in the corresponding server implementation of web terminal, web terminal Request is asked, the access request can be logged on request or by clicking on Web page or access entrance The access request of (such as button) triggering.
Access request for web terminal can correspond to offer feedback data, for example, anti-for logging request It is the login page redirected after logining successfully to present data, the web page interlinkage or access entrance for Web page The feedback data of access request is the web page interlinkage or the corresponding page of access entrance.Feedback data can be by Operation system is generated according to access request.
Step 102, the feedback data is encrypted using predetermined encryption key.
Encryption described herein can complete feedback data is encrypted or to feedback data In partial data be encrypted, the variable data in feedback data can be for example encrypted.
For example, former reference address is<A href=" http://suddy.org/abc/dkkrId=49586&name =suddy ">, to wherein "/abc/dkkrId=49586&name=suddy " is encrypted, and obtains / uyYkK8&hrkJY&*5374324523e ", the reference address after encryption is<A href= “http://suddy.org/uyYkK8&hrkJY&*5374324523e”>;Just like, for<Input name= " email " type=" text " value=" suddy@suddy.org ">The access parameter " email " included And " suddy@suddy.org " are encrypted, and respectively obtain " X12d3De4 " and " 7!hHk3kdxyorF”.
The embodiment of the present application can be encrypted using any suitable AES, for example, RSA public keys add Close algorithm, or DSA rivest, shamir, adelmans, preferably complex algorithm.
Step 103, the feedback data after encryption is sent to the web terminal, for the web terminal root Server is accessed according to the feedback data after encryption.
For there are some variable datas, such as webpage in the feedback data of web terminal access request in server Address, access parameter etc., attacker by according to existing web page address or access parameter can structure again Make new web page address or access parameter, so as to get the access rights to server resource.
And the variable data in feedback data is encrypted using encryption key for the embodiment of the present application, specifically It can be that feedback data is integrally encrypted or only variable data is encrypted, and use after encryption Ciphertext replace plaintext in former feedback data so that web terminal is connect according to the variable number after the encryption received According to server is accessed, attacker can not be carried by changing the access parameter of system variable data configuration newly High web security, and prevented all kinds of security attack behaviors including horizontal authority leak;Meanwhile, The requirement to the awareness of safety of developer to operation system development is reduced, human input is reduced Cost.
Preferably, the encryption key can be the encryption key that this logs in generation for web terminal.
Wherein, logging in can trigger under different scenes, for example, directly logging in, being realized by registering Login, the switching of overtime identity realizes and the identity handoff scenario such as logs in.
Encryption key can be generated after login, can specifically be given birth to according to any suitable one or more information Into, only need to ensure its uniqueness.Because the encryption key that the embodiment of the present application is used is only used for web This login at end, in other words, the variable data through the encryption keys is only when time User logs in In effectively, second log in after fail so that it is directly invalid from principle to replicate other people link so that At utmost prevent attacker from distorting request and attempting attack there is provided a kind of tight complete Prevention-Security machine System.
In the embodiment of the present application, it is preferable that the encryption key is stored in session letter of this this login of correspondence In breath, accordingly, before being encrypted using predetermined encryption key, this it can also be stepped on according to correspondence The session identification of record searches corresponding session information, and extracts encryption key from the session information.Will Encryption key is stored in the session information of this login of correspondence web terminal, the new storage without redistributing Position, facilitates subsequent extracted.
In the embodiment of the present application, it is preferable that feedback data is encrypted above-mentioned use predetermined encryption key Can be that the variable data in feedback data is encrypted using predetermined encryption key, accordingly, institute State and feed back to the web terminal and can include:The variable data of assembly encryption is into the feedback data;Will The feedback data feeds back to the web terminal.Before being encrypted, first extract and become from feedback data Data are measured, after encryption, the variable data of encryption is spliced into feedback data again, then by feedback data Send to web terminal.
Embodiment of the method 2
Reference picture 3, the step of showing the processing method embodiment 2 that a kind of web terminal of the application is accessed Flow chart, the present embodiment can be performed specifically in web terminal login process, can specifically include following step Suddenly:
Step 201, after receiving logging request and this logins successfully, correspondence this login is created Session information and session identification.
In the present embodiment, web terminal initiates logging request to server, and web terminal is carried out in server Authentication can accordingly create corresponding by rear Successful login, further server for this login Session information session, the unique session identification sessionid of session information correspondence.
Step 202, for this login generation encryption key of web terminal.
After web terminal is logined successfully, the encryption key for being only used for this login can be further created.
The application preserves this that be uniquely used for for web terminal and logs in encryption key, and encryption key can be with It is stored in default position.
Encryption key can be generated after login, the random number (random salt that for example this is logged according to correspondence Salt), or using the server time generation encryption key of this login;Or combine at least one web Client information and random number and/or server time generation encryption key;It can also add other any suitable Information, the application is not limited to this.Wherein, random number can be occurred using random random numbers Device is obtained, by being obtained to seed using complicated algorithm computing;Server time can precisely arrive millisecond Level, when being applied to the scene of magnanimity access, accurately can be made a distinction to access every time;web Client information can be the unique identification information of web terminal or other relevant informations of web terminal.
, can be using default algorithm or rule to a variety of letters when combining much information generation encryption key Breath is combined or computing, and the application is not limited to this.
In the embodiment of the present application, it is preferable that described this login generation encryption for the web terminal is close Key can include:
Sub-step S11, obtains the unique identification information of the web terminal, corresponds to the random number of this login And the server time of this login;
Sub-step S13, adds according to the generation of the unique identification information, random number and server time Key.
Wherein, unique identification information can be logged on the user name of user, ID (such as UID, User identity is proved), or the current entry address of login user (such as IP address, MAC Address Deng), or the device identification, such as unique mark user equipment of user equipment residing for web terminal equipment Coding, the session id of this server generation logged in of correspondence or the session of client generation The combination of the above-mentioned much informations of id.
Further, according to the generation of unique identification information, random number and server time it is corresponding this log in Encryption key, specifically can carry out computing to above- mentioned information according to default algorithm and obtain encryption key.Example Such as, to taking MD5 after unique identification information, random number and server ageing, (the 5th edition information is plucked Want algorithm) value, MD5 values can also be further taken again to the MD5 values of acquisition, reducing data volume Also cause that to crack the encryption key increasingly difficult simultaneously.
Or unique identification information and random information according to default rule are combined into encryption key.Specifically Rule of combination can set according to the actual requirements, for example, connection combination before and after directly, or according to each It is combined, or two kinds of information is carried out from a part of data are intercepted according to various applicable preset algorithms One group of new data of computing generation, or obtain combined result with reference to multiple combinations mode.For example, to only One identification information, random number and server time progress XOR, then take the result of the XOR 8 are used as encryption key afterwards.
Step 203, the encryption key is stored into the session information.
Encryption key is stored into session information, with when this login process needs encryption, or subsequently To in other access process of server, encryption key is directly extracted from session information.Encryption key can To be stored in any suitable mode in session information, the application is not limited to this.
Step 204, the logging request for web terminal generates feedback data.
Web ends jump to login page after logining successfully, therefore, server pin after logining successfully To the detailed content that the data that logging request is fed back are login page.
Step 205, according to correspondence, this session identification logged in searches corresponding session information, and from institute State and encryption key is extracted in session information.
Server preserves the session information of multiple web terminals, and part web terminal even can correspond to multiple generations In the session information of different periods, meeting of some web terminal of session identification uniquely tagged in some session period Information is talked about, some session of the web terminal can be found out from substantial amounts of session information according to session identification Information.The embodiment of the present application searches session letter of this login of the current web terminal of correspondence according to session identification Breath, can further extract encryption key from session information.
Step 206, the variable data in the feedback data is encrypted using the encryption key.
Step 207, the feedback data after encryption is sent to the web terminal, for the web terminal root Server is accessed according to the variable data after encryption.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used Variable data in feedback data is encrypted encryption key, so that web terminal is follow-up according to encryption Variable data afterwards accesses server, and attacker can not be by changing the visit of system variable data configuration newly Parameter is asked, web security is improved, has prevented all kinds of security attack behaviors including horizontal authority leak; Meanwhile, the requirement to the awareness of safety of developer to operation system development is reduced, people is reduced Power input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Embodiment of the method 3
Reference picture 4, the step of showing the processing method embodiment 3 that a kind of web terminal of the application is accessed Flow chart, the present embodiment can be performed specifically after web terminal login, specifically may include steps of:
Step 301, the access request of web terminal is received, the access request, which is carried, triggers what this was accessed Encryption data, the encryption data is encrypted using predetermined encryption key.
Wherein encryption data can be the variable data after encryption, the page that web terminal is provided by server Server is accessed, because variable data therein is encrypted using encryption key, then web terminal base When the variable data conducts interviews, entrained by access request is also the data after encryption, so that Attacker can not improve web safety by changing the access parameter of system variable data configuration newly Property, prevent all kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to business system Requirement of the development of uniting to the awareness of safety of developer, reduces human input cost.
Step 302, the encryption data is decrypted, and the web terminal is responded based on decrypted result.
Server extracts encryption data from access request, and is decrypted, and is based further on the encryption number According to generation feedback data, and feedback data response web terminal accordingly.If it should be noted that decryption not into Work(, then regarding the source of the access request and non-security, can directly abandon and not process.
In the embodiment of the present application, it is preferable that encryption key can be this login generation for web terminal Encryption key, due to the embodiment of the present application use encryption key be only used for web terminal this login, In other words, during when encryption data for the variable data after encrypting, the variable number through the encryption keys According to effective only in time User logs in is worked as, failure after second of login so that replicate other people link from original It is directly invalid in reason, so as at utmost prevent attacker from distorting request and attempting to attack tight there is provided one kind Close complete Prevention-Security mechanism.
During specific decryption, decruption key can be extracted from default position.In the embodiment of the present application, preferably Ground, decruption key is identical with encryption key, that is to say the mode for employing symmetric cryptography.Can be in encryption Encryption key is preserved in the session information that this is logged in correspondence afterwards, further extracted from session information Encryption key is used to decrypt.
Specifically, the access request can carry the correspondence session identification that this is logged in, and use According to the corresponding session information of session identification extraction.
Accordingly, decryption encryption data before, it is necessary to from according to session identification search respective session information, And the encryption key prestored is extracted from session information.
Accordingly, when decrypting the encryption data, encryption data can be entered according to the encryption key of extraction Row decryption.
In the embodiment of the present application, it is preferable that methods described can also include:To responding the web terminal sheet The feedback data of secondary access is encrypted, further by the feedback data for the variable data being packaged with after encryption Web terminal is sent to, so that the follow-up variable data according to after encryption of web terminal accesses server, is kept away Exempt from attacker and threaten web safety using variable data.Can be specifically to the variable data in feedback data It is encrypted, so that web terminal accesses server according to the variable data after encryption, lifts web security.
To make those skilled in the art more fully understand the application, below by way of a specific example to this The processing method that a kind of web terminal of application embodiment is accessed is illustrated, and with reference to Fig. 5, shows this Shen The process chart that web terminal is accessed in an example please, including the web access since being logged in web Process, specifically includes following steps:
Login system generates the key (key1) of the user this time session according to enchancement factor, and the key is random Generation, for example, user name+server Millisecond time.
Operation system generates the response for being handed down to user;, will further according to the key1 of above-mentioned generation After all parameters and URL encryptions in this response, response is to user browser.In user's point The link or button for hitting the page are initiated server to ask, and the parameter and URL that the request is carried are Ciphertext after encryption.Server decrypts the request for submitting according to the key key1 of the session, if Successful decryption, then can transfer the processing of backend services system, if decryption failure, directly be considered as abnormal lose Abandon.
The above-mentioned handling process of correspondence, a system architecture for implementing the embodiment of the present application is shown with reference to Fig. 6 Figure.So that web terminal is user browser as an example, compared to the scheme of prior art, user browser with The functional module of increase generation key, sends in user browser between the original operation system of server After request, generate key for this login and write conversation message, it will words mark and access request Send in the lump to original operation system, to obtain feedback data.Unification of the increase for general frame simultaneously Encryption and decryption layer, on the one hand, sent after the variable data in request is decrypted using key to original Operation system, on the other hand, is added using key to the variable data in the response of original operation system User browser is fed back to after close again.
Show that web terminal and the interaction of server are illustrated in the example of the application with reference to Fig. 7 Figure, increases web Prevention-Security modules, wherein, account authentication module, web Prevention-Security modules Same server or same server cluster, account body can be deployed in backend services service module Part authentication module and web Prevention-Securities module can be deployed on front-end server, backend services service mould Block can be deployed on back-end server.
Specific interaction is divided into login process and normal access process.
Wherein, login process specifically includes following steps:
1.1st, user browser is logged in by sending account name and password request.
1.2nd, whether account authentication module checking account name and password are correct, if correctly, it is determined that step on The session and corresponding sessionid of login sessions are recorded successfully and create, conversely, then feeding back account name And code error, point out user to re-enter.
1.3rd, account authentication module is by sessionid, the number ID (uid) of the login user And the server time time logged in is sent to web Prevention-Security modules.
1.4th, web Prevention-Securities module generates encryption key according to uid, time and random salt salt Key=md5 (md5 (uid+time+salt)), and by key storages into the corresponding session of the session.
1.5th, web Prevention-Securities module notifies encryption key key generation to complete, and by this session Sessionid and log in after the URL that redirects send to backend services service module.
1.6th, backend services service module needs the response rendered for the URL generations redirected after logging in In the variable used, further obtain the key in session, output will be needed using RSA cryptographic algorithms Variable encryption into response, i.e. URL/Param=RSA (" URL/Param ", key).
1.7th, backend services service module renders assembled response using the URL and Param after encryption, And feed back to web terminal.
Normal access process specifically includes following steps:
2.1st, it is ciphertext that web terminal sends request, wherein URL and Param to service end.
2.2nd, the sessionID that web Prevention-Securities module is carried according to access request extracts correspondence session The encryption key of middle storage, and the URL in request and Param is forced to decrypt, decryption failure is then lost Abandon, then rear end business service module transmits the request of successful decryption in plain text to successful decryption.
2.3rd, backend services service module carries out business logic processing, and generating needs according to request renders Response in the variable used.
2.4th, backend services service module further extracts the key in session, it would be desirable to output Variable encryption in response, i.e. URL/Param=RSA (" URL/Param ", key).
2.5th, backend services service module renders assembled response using the URL and Param after encryption, And feed back to web terminal.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as into one The combination of actions of series, but those skilled in the art should know, the embodiment of the present application is not by institute The limitation of the sequence of movement of description, because according to the embodiment of the present application, some steps can use other Order is carried out simultaneously.Secondly, those skilled in the art should also know, described in the specification Embodiment belong to preferred embodiment, involved action not necessarily the embodiment of the present application must Must.
Device embodiment 1
Reference picture 8, shows the structure for the processing unit embodiment 1 that a kind of web terminal of the application is accessed Block diagram, can specifically include following module:
Feedback data generation module 401, feedback data is generated for the access request for web terminal;
Encrypting module 402, for the feedback data to be encrypted using predetermined encryption key;
Feedback module 403, for the feedback data after encryption to be sent to the web terminal, for described Web terminal accesses server according to the feedback data after encryption.
In the embodiment of the present application, it is preferable that the encryption key is this login for the web terminal The encryption key of generation.
In the embodiment of the present application, it is preferable that the encryption key is stored in session letter of this this login of correspondence In breath;Described device can also include Key Acquisition Module, in the use predetermined encryption key pair Before the feedback data is encrypted, according to correspondence, this session identification logged in searches corresponding session Information, and extract encryption key from the session information.
In the embodiment of the present application, it is preferable that the access request is logging request, described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key Before, for this login generation encryption key of the web terminal.
In the embodiment of the present application, it is preferable that the key production module includes:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time Into the encryption key.
In the embodiment of the present application, it is preferable that the unique identification information includes the user of the login user At least one of ID, entry address and user equipment residing for the web terminal device identification, it is described with Machine information includes and this login at least one of corresponding server time and random number.
In the embodiment of the present application, it is preferable that described device also includes:
Creation module, for it is described for the web terminal this log in generation encryption key before, After this is logined successfully, the session information and session identification of this login of correspondence are created;
Described device also includes:
Memory module, for after described this login generation encryption key for the web terminal, inciting somebody to action The encryption key is stored into the session information.
In the embodiment of the present application, it is preferable that the encrypting module, specifically for using predetermined encryption key Variable data in the feedback data is encrypted;The feedback module includes:
Assembled submodule, the variable data for assembly encryption is into the feedback data;
Data feedback submodule, for the feedback data to be fed back into the web terminal.
In the embodiment of the present application, it is preferable that the variable data includes web page address and/or accesses parameter, The encryption uses RSA public key encryption algorithms.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used Variable data in feedback data is encrypted encryption key, and the variable data in feedback data is entered Row encryption, can cause web terminal follow-up and access server according to the variable data after encryption, attacker without Method improves web security, prevented by changing the access parameter of system variable data configuration newly All kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to operation system development Requirement to the awareness of safety of developer, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Device embodiment 2
Reference picture 9, shows the structure for the processing unit embodiment 2 that a kind of web terminal of the application is accessed Block diagram, can specifically include following module:
Request receiving module 501, the access request for receiving web terminal, the access request, which is carried, to be touched The encryption data of this access is sent out, the encryption data is encrypted using predetermined encryption key;
Deciphering module 502, for decrypting the encryption data;
Respond module 503, for responding the web terminal based on decrypted result.
In the embodiment of the present application, it is preferable that the encryption data is the variable data after encryption.
In the embodiment of the present application, it is preferable that the encryption key is this login for the web terminal The encryption key of generation.
In the embodiment of the present application, it is preferable that the access request carries the correspondence session that this is logged in Mark;
Described device also includes:
Session information searching modul, for before the decryption encryption data, from according to the meeting Talk about identifier lookup respective session information;
Key extraction module, for extracting the encryption key prestored from the session information;
The deciphering module, is solved specifically for the encryption key according to extraction to the encryption data It is close.
In the embodiment of the present application, it is preferable that described device also includes:
Encrypting module, is encrypted for this feedback data accessed to the response web terminal.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used Variable data in feedback data is encrypted encryption key, and the variable data in feedback data is entered Row encryption, can cause web terminal follow-up and access server according to the variable data after encryption, attacker without Method improves web security, prevented by changing the access parameter of system variable data configuration newly All kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to operation system development Requirement to the awareness of safety of developer, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
For device embodiment, because it is substantially similar to embodiment of the method, so the ratio of description Relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, and each embodiment is stressed Be all between difference with other embodiment, each embodiment identical similar part mutually referring to .
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present application can be provided as method, dress Put or computer program product.Therefore, the embodiment of the present application can using complete hardware embodiment, completely The form of embodiment in terms of software implementation or combination software and hardware.Moreover, the embodiment of the present application Can use can be situated between in one or more computers for wherein including computer usable program code with storage The computer journey that matter is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of sequence product.
In a typical configuration, the computer equipment includes one or more processors (CPU), input/output interface, network interface and internal memory.Internal memory potentially includes computer-readable Jie Volatile memory in matter, the shape such as random access memory (RAM) and/or Nonvolatile memory Formula, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is showing for computer-readable medium Example.Computer-readable medium includes permanent and non-permanent, removable and non-removable media can To realize that information is stored by any method or technique.Information can be computer-readable instruction, number According to structure, the module of program or other data.The example of the storage medium of computer includes, but not It is limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic randon access to deposit Reservoir (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques, Read-only optical disc read-only storage (CD-ROM), digital versatile disc (DVD) or other optical storages, Magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus or any other non-transmitting are situated between Matter, the information that can be accessed by a computing device available for storage.Define, calculate according to herein Machine computer-readable recording medium does not include the computer readable media (transitory media) of non-standing, such as the number of modulation It is believed that number and carrier wave.
The embodiment of the present application is with reference to according to the method for the embodiment of the present application, terminal device (system) and meter The flow chart and/or block diagram of calculation machine program product is described.It should be understood that can be by computer program instructions Each flow and/or square frame and flow chart and/or square frame in implementation process figure and/or block diagram The combination of flow and/or square frame in figure.Can provide these computer program instructions to all-purpose computer, The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipments is to produce One machine so that pass through the computing devices of computer or other programmable data processing terminal equipments Instruction produce be used to realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The device for the function of being specified in multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable datas to handle In the computer-readable memory that terminal device works in a specific way so that be stored in this computer-readable Instruction in memory, which is produced, includes the manufacture of command device, and command device realization is in flow chart one The function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing terminals are set It is standby upper so that series of operation steps is performed on computer or other programmable terminal equipments in terms of producing The processing that calculation machine is realized, so that the instruction performed on computer or other programmable terminal equipments provides use In realization in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames The step of function of specifying.
Although having been described for the preferred embodiment of the embodiment of the present application, those skilled in the art are once Basic creative concept is known, then other change and modification can be made to these embodiments.So, Appended claims are intended to be construed to include preferred embodiment and fall into the institute of the embodiment of the present application scope Have altered and change.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relation art Language is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily It is required that or implying between these entities or operation there is any this actual relation or order.And And, term " comprising ", "comprising" or its any other variant are intended to the bag of nonexcludability Contain, so that process, method, article or terminal device including a series of key elements not only include Those key elements, but also other key elements including being not expressly set out, or also include being this mistake Journey, method, article or the intrinsic key element of terminal device.In the absence of more restrictions, The key element limited by sentence "including a ...", it is not excluded that the process including the key element, Also there is other identical element in method, article or terminal device.
The processing method and processing device accessed above a kind of web terminal provided herein, has been carried out in detail Thin to introduce, specific case used herein is set forth to the principle and embodiment of the application, The explanation of above example is only intended to help and understands the present processes and its core concept;Meanwhile, For those of ordinary skill in the art, according to the thought of the application, in embodiment and application It will change in scope, in summary, this specification content should not be construed as to the application's Limitation.

Claims (20)

1. the processing method that a kind of web terminal is accessed, it is characterised in that including:
Access request for web terminal generates feedback data;
The feedback data is encrypted using predetermined encryption key;
Feedback data after encryption is sent to the web terminal, for the web terminal according to encryption after Feedback data accesses server.
2. according to the method described in claim 1, it is characterised in that the encryption key is for institute State the encryption key of this login generation of web terminal.
3. method according to claim 2, it is characterised in that the encryption key is stored in pair In the session information for answering this this login;
Before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped Include:
Session identification according to this login is corresponded to searches corresponding session information, and from the session information Middle extraction encryption key.
4. method according to claim 2, it is characterised in that the access request please to log in Ask, before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped Include:
For this login generation encryption key of the web terminal.
5. method according to claim 4, it is characterised in that described for the web terminal This, which logs in generation encryption key, includes:
Obtain the unique identification information of the web terminal, the random number for corresponding to this login and this login Server time;
The encryption key is generated according to the unique identification information, random number and server time.
6. method according to claim 5, it is characterised in that the unique identification information includes The equipment mark of the ID of the login user, entry address and user equipment residing for the web terminal Know at least one of, the random information include with this login corresponding server time and random number It is at least one.
7. method according to claim 4, it is characterised in that be directed to the web terminal described This is logged in before generation encryption key, and methods described also includes:
After this is logined successfully, the session information and session identification of this login of correspondence are created;
After described this login generation encryption key for the web terminal, methods described also includes:
The encryption key is stored into the session information.
8. according to the method described in claim 1, it is characterised in that the use predetermined encryption key The feedback data is encrypted including:
The variable data in the feedback data is encrypted using predetermined encryption key;
The feedback data by after encryption, which is sent to the web terminal, to be included:
The variable data of assembly encryption is into the feedback data;
The feedback data is fed back into the web terminal.
9. method according to claim 8, it is characterised in that the variable data includes webpage Address and/or access parameter, the encryption use RSA public key encryption algorithms.
10. the processing method that a kind of web terminal is accessed, it is characterised in that including:
The access request of web terminal is received, the access request carries the encryption data of this access of triggering, The encryption data is encrypted using predetermined encryption key;
The encryption data is decrypted, and the web terminal is responded based on decrypted result.
11. method according to claim 10, it is characterised in that the encryption data is encryption Variable data afterwards, encryption of the encryption key to log in generation for this of the web terminal is close Key.
12. method according to claim 10, it is characterised in that the access request carrying pair Should the session identification that this is logged in;
Before the decryption encryption data, methods described also includes:
Respective session information is searched from according to the session identification, and extracts advance from the session information The encryption key of storage;
The decryption encryption data includes:
The encryption data is decrypted according to the encryption key of extraction.
13. method according to claim 10, it is characterised in that methods described also includes:
To the response web terminal, this feedback data accessed is encrypted.
14. the processing unit that a kind of web terminal is accessed, it is characterised in that including:
Feedback data generation module, feedback data is generated for the access request for web terminal;
Encrypting module, for the feedback data to be encrypted using predetermined encryption key;
Feedback module, for the feedback data after encryption to be sent to the web terminal, for the web Hold and server is accessed according to the feedback data after encryption.
15. device according to claim 14, it is characterised in that the encryption key be for This of the web terminal logs in the encryption key generated.
16. device according to claim 15, it is characterised in that the encryption key is stored in In the session information of this this login of correspondence;
Described device also includes:
Key Acquisition Module, for the feedback data to be encrypted in the use predetermined encryption key Before, according to correspondence, this session identification logged in searches corresponding session information, and believes from the session Encryption key is extracted in breath.
17. device according to claim 14, it is characterised in that the access request is login Request, described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key Before, for this login generation encryption key of the web terminal.
18. device according to claim 17, it is characterised in that the key production module bag Include:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time Into the encryption key.
19. device according to claim 18, it is characterised in that the unique identification information bag The equipment for including user equipment residing for ID, entry address and the web terminal of the login user At least one of mark, the random information includes and this corresponding server time of login and random number At least one of.
20. the processing unit that a kind of web terminal is accessed, it is characterised in that including:
Request receiving module, the access request for receiving web terminal, the access request carries triggering originally The encryption data of secondary access, the encryption data is encrypted using predetermined encryption key;
Deciphering module, for decrypting the encryption data;
Respond module, for responding the web terminal based on decrypted result.
CN201610201940.6A 2016-03-31 2016-03-31 The processing method and processing device that a kind of web terminal is accessed Pending CN107294921A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610201940.6A CN107294921A (en) 2016-03-31 2016-03-31 The processing method and processing device that a kind of web terminal is accessed

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610201940.6A CN107294921A (en) 2016-03-31 2016-03-31 The processing method and processing device that a kind of web terminal is accessed

Publications (1)

Publication Number Publication Date
CN107294921A true CN107294921A (en) 2017-10-24

Family

ID=60087871

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610201940.6A Pending CN107294921A (en) 2016-03-31 2016-03-31 The processing method and processing device that a kind of web terminal is accessed

Country Status (1)

Country Link
CN (1) CN107294921A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819579A (en) * 2017-12-13 2018-03-20 西安Tcl软件开发有限公司 A kind of processing method, server and the computer-readable recording medium of user's request
CN108737531A (en) * 2018-05-11 2018-11-02 北京奇艺世纪科技有限公司 A kind of method and apparatus of business processing
CN109547426A (en) * 2018-11-14 2019-03-29 腾讯科技(深圳)有限公司 Service response method and server
CN109873818A (en) * 2019-02-01 2019-06-11 湖南快乐阳光互动娱乐传媒有限公司 A kind of method and system preventing unauthorized access server
CN110049032A (en) * 2019-04-09 2019-07-23 有光创新(北京)信息技术有限公司 A kind of the data content encryption method and device of two-way authentication
CN111541758A (en) * 2020-04-17 2020-08-14 支付宝(杭州)信息技术有限公司 Page updating method and device
CN113709188A (en) * 2021-10-27 2021-11-26 北京蓝莓时节科技有限公司 Session control information processing method, device, system and storage medium
CN113935059A (en) * 2021-12-16 2022-01-14 国网浙江省电力有限公司杭州供电公司 Dynamic encryption method and device suitable for financial data and storage medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1801824A (en) * 2006-01-16 2006-07-12 北京北方烽火科技有限公司 Anti-theft chain method for WEB service
US20070136809A1 (en) * 2005-12-08 2007-06-14 Kim Hwan K Apparatus and method for blocking attack against Web application
CN103229181A (en) * 2010-10-13 2013-07-31 阿卡麦科技公司 Protecting websites and website users by obscuring URLs
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption
CN104639503A (en) * 2013-11-11 2015-05-20 国际商业机器公司 Method, devices and system for protecting sensitive information

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070136809A1 (en) * 2005-12-08 2007-06-14 Kim Hwan K Apparatus and method for blocking attack against Web application
CN1801824A (en) * 2006-01-16 2006-07-12 北京北方烽火科技有限公司 Anti-theft chain method for WEB service
CN103229181A (en) * 2010-10-13 2013-07-31 阿卡麦科技公司 Protecting websites and website users by obscuring URLs
CN104639503A (en) * 2013-11-11 2015-05-20 国际商业机器公司 Method, devices and system for protecting sensitive information
CN103944900A (en) * 2014-04-18 2014-07-23 中国科学院计算技术研究所 Cross-station request attack defense method and device based on encryption

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819579A (en) * 2017-12-13 2018-03-20 西安Tcl软件开发有限公司 A kind of processing method, server and the computer-readable recording medium of user's request
CN107819579B (en) * 2017-12-13 2021-08-24 西安Tcl软件开发有限公司 User request processing method, server and computer readable storage medium
CN108737531A (en) * 2018-05-11 2018-11-02 北京奇艺世纪科技有限公司 A kind of method and apparatus of business processing
CN109547426A (en) * 2018-11-14 2019-03-29 腾讯科技(深圳)有限公司 Service response method and server
CN109873818A (en) * 2019-02-01 2019-06-11 湖南快乐阳光互动娱乐传媒有限公司 A kind of method and system preventing unauthorized access server
CN110049032A (en) * 2019-04-09 2019-07-23 有光创新(北京)信息技术有限公司 A kind of the data content encryption method and device of two-way authentication
CN111541758A (en) * 2020-04-17 2020-08-14 支付宝(杭州)信息技术有限公司 Page updating method and device
CN113709188A (en) * 2021-10-27 2021-11-26 北京蓝莓时节科技有限公司 Session control information processing method, device, system and storage medium
CN113935059A (en) * 2021-12-16 2022-01-14 国网浙江省电力有限公司杭州供电公司 Dynamic encryption method and device suitable for financial data and storage medium
CN113935059B (en) * 2021-12-16 2022-03-15 国网浙江省电力有限公司杭州供电公司 Dynamic encryption method and device suitable for financial data and storage medium

Similar Documents

Publication Publication Date Title
CN107294921A (en) The processing method and processing device that a kind of web terminal is accessed
US11888974B1 (en) Secret sharing information management and security system
Zhang et al. Cryptographic public verification of data integrity for cloud storage systems
Miculan et al. Formal analysis of Facebook Connect single sign-on authentication protocol
CN109792386A (en) Method and apparatus for trust computing
CN106341493A (en) Entity rights oriented digitalized electronic contract signing method
KR20210017432A (en) Apparatus and method for managing personal information based on blockchain
CN105450413B (en) A kind of setting method of password, device and system
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
CN106685973A (en) Method and device for remembering log in information, log in control method and device
Mishra et al. An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment
Bhargavan et al. Verified implementations of the information card federated identity-management protocol
Armando et al. Model-checking driven security testing of web-based applications
CN114946152A (en) Decentralized techniques for authenticating data in transport layer security and other contexts
CN109614825A (en) Contract Signing method, apparatus, computer equipment and storage medium
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
Brandão et al. Toward Mending Two Nation-Scale Brokered Identification Systems.
CN108011717A (en) A kind of method, apparatus and system for asking user data
CN104683327A (en) Method for detecting safety of user login interface of Android software
Dadeau et al. Model‐based mutation testing from security protocols in HLPSL
CN105516066A (en) Method and device for identifying existence of intermediary
Rocchetto et al. Model-based detection of CSRF
CN110166471A (en) A kind of portal authentication method and device
Mazmudar et al. Mitigator: Privacy policy compliance using trusted hardware
Jordan et al. Viceroy: Gdpr-/ccpa-compliant enforcement of verifiable accountless consumer requests

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20171024

RJ01 Rejection of invention patent application after publication