CN107294921A - The processing method and processing device that a kind of web terminal is accessed - Google Patents
The processing method and processing device that a kind of web terminal is accessed Download PDFInfo
- Publication number
- CN107294921A CN107294921A CN201610201940.6A CN201610201940A CN107294921A CN 107294921 A CN107294921 A CN 107294921A CN 201610201940 A CN201610201940 A CN 201610201940A CN 107294921 A CN107294921 A CN 107294921A
- Authority
- CN
- China
- Prior art keywords
- web terminal
- encryption
- encryption key
- data
- feedback data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Abstract
This application provides the processing method and processing device that a kind of web terminal is accessed.Methods described includes:Access request for web terminal generates feedback data;The feedback data is encrypted using predetermined encryption key;Feedback data after encryption is sent to the web terminal, so that the web terminal accesses server according to the feedback data after encryption.According to the scheme of the application, the variable data in feedback data is encrypted, and attacker can not improve web security by changing the access parameter of system variable data configuration newly, prevent all kinds of security attack behaviors including horizontal authority leak;Meanwhile, the requirement to the awareness of safety of developer to operation system development is reduced, human input cost is reduced.
Description
Technical field
The application is related to technical field of network information, the processing side that more particularly to a kind of web terminal is accessed
Method, and the processing unit that a kind of web terminal is accessed.
Background technology
The Internet, applications based on web environment are more and more extensive, and what is come one after another is exactly web security threats
Highlight.Attacker utilizes cross-site scripting attack XSS, SQL injection leak, the water of web services program
Equal rights limit leak etc. obtains the control authority of web server, distorts web page contents, steals important internal number
According to, or even malicious code can be implanted into webpage so that website caller is encroached on.
Solution common at present is, for each safety problem, offer one kind correspondence of customization
The security code of development language writes mode, in operation system R&D process, is compiled using the security code
WriteMode writes code.This scheme has the drawback that:
On the one hand, in web R & D of complexes, it is still desirable to which developer has good awareness of safety
To be write using these safe methods, the awareness of safety to developer requires very high.
On the other hand, mode is write as a result of the Multiple Code of customization, it is impossible in standardized form
It is automatically performed whole checkings, it is still desirable to which safety engineer is manually verified, is weighed especially for level
Leak is limited, can only be by the way of verifying one by one, human input cost is high.
Finally, this excessively to rely on human input and artificial horizontal scheme, essence can not simultaneously be controlled well
Web risks processed.
The content of the invention
In view of the above problems, it is proposed that the embodiment of the present application so as to provide one kind overcome above mentioned problem or
The processing dress that the processing method and web terminal that the web terminal solved the above problems at least in part is accessed are accessed
Put.
In order to solve the above problems, this application discloses the processing method that a kind of web terminal is accessed, bag
Include:
Access request for web terminal generates feedback data;
The feedback data is encrypted using predetermined encryption key;
Feedback data after encryption is sent to the web terminal, for the web terminal according to encryption after
Feedback data accesses server.
Preferably, the encryption key is the encryption key of this login generation for the web terminal.
Preferably, the encryption key is stored in the session information of this this login of correspondence;
Before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped
Include:
Session identification according to this login is corresponded to searches corresponding session information, and from the session information
Middle extraction encryption key.
Preferably, the access request is logging request, in the use predetermined encryption key to described anti-
Before feedback data are encrypted, methods described also includes:
For this login generation encryption key of the web terminal.
Preferably, described this login generation encryption key for the web terminal includes:
Obtain the unique identification information of the web terminal, the random number for corresponding to this login and this login
Server time;
The encryption key is generated according to the unique identification information, random number and server time.
Preferably, the ID of the unique identification information including the login user, entry address with
And at least one of device identification of user equipment residing for the web terminal, the random information include and this
It is secondary to log at least one of corresponding server time and random number.
Preferably, before described this login generation encryption key for the web terminal, methods described
Also include:
After this is logined successfully, the session information and session identification of this login of correspondence are created;
After described this login generation encryption key for the web terminal, methods described also includes:
The encryption key is stored into the session information.
Preferably, the use predetermined encryption key feedback data is encrypted including:
The variable data in the feedback data is encrypted using predetermined encryption key;
The feedback data by after encryption, which is sent to the web terminal, to be included:
The variable data of assembly encryption is into the feedback data;
The feedback data is fed back into the web terminal.
Preferably, the variable data includes web page address and/or accesses parameter, and the encryption uses RSA
Public key encryption algorithm.
Present invention also provides the processing method that a kind of web terminal is accessed, including:
The access request of web terminal is received, the access request carries the encryption data of this access of triggering,
The encryption data is encrypted using predetermined encryption key;
The encryption data is decrypted, and the web terminal is responded based on decrypted result.
Preferably, the encryption data is the variable data after encryption, and the encryption key is for described
This of web terminal logs in the encryption key generated.
Preferably, the access request carries the correspondence session identification that this is logged in;
Before the decryption encryption data, methods described also includes:
Respective session information is searched from according to the session identification, and extracts advance from the session information
The encryption key of storage;
The decryption encryption data includes:
The encryption data is decrypted according to the encryption key of extraction.
Preferably, methods described also includes:
To the response web terminal, this feedback data accessed is encrypted.
Present invention also provides the processing unit that a kind of web terminal is accessed, including:
Feedback data generation module, feedback data is generated for the access request for web terminal;
Encrypting module, for the feedback data to be encrypted using predetermined encryption key;
Feedback module, for the feedback data after encryption to be sent to the web terminal, for the web
Hold and server is accessed according to the feedback data after encryption.
Preferably, the encryption key is the encryption key of this login generation for the web terminal.
Preferably, the encryption key is stored in the session information of this this login of correspondence;
Described device also includes:
Key Acquisition Module, for the feedback data to be encrypted in the use predetermined encryption key
Before, according to correspondence, this session identification logged in searches corresponding session information, and believes from the session
Encryption key is extracted in breath.
Preferably, the access request is logging request, and described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key
Before, for this login generation encryption key of the web terminal.
Preferably, the key production module includes:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login
Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time
Into the encryption key.
Preferably, the ID of the unique identification information including the login user, entry address with
And at least one of device identification of user equipment residing for the web terminal, the random information include and this
It is secondary to log at least one of corresponding server time and random number.
Present invention also provides the processing unit that a kind of web terminal is accessed, including:
Request receiving module, the access request for receiving web terminal, the access request carries triggering originally
The encryption data of secondary access, the encryption data is encrypted using predetermined encryption key;
Deciphering module, for decrypting the encryption data;
Respond module, for responding the web terminal based on decrypted result.
The embodiment of the present application includes advantages below:
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band
The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used
Feedback data is encrypted encryption key, and the variable data in feedback data is encrypted, can be with
So that the follow-up variable data according to after encryption of web terminal accesses server, attacker can not be by changing
The variable data of system constructs new access parameter, improves web security, has prevented horizontal authority leak
All kinds of security attack behaviors inside;Meanwhile, reduce to operation system development to developer's
The requirement of awareness of safety, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say
Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in
Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping
Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Brief description of the drawings
Fig. 1 is the operation system processes of research & development schematic diagram of background technology;
Fig. 2 is a kind of step flow chart of the processing method embodiment 1 of web terminal access of the application;
Fig. 3 is a kind of step flow chart of the processing method embodiment 2 of web terminal access of the application;
Fig. 4 is a kind of step flow chart of the processing method embodiment 3 of web terminal access of the application;
Fig. 5 be the application an example in web terminal access process chart;
Fig. 6 is a system architecture diagram for implementing the embodiment of the present application;
Fig. 7 be the application an example in web terminal and server interaction schematic diagram;
Fig. 8 is a kind of structured flowchart of the processing unit embodiment 1 of web terminal access of the application;
Fig. 9 is a kind of structured flowchart of the processing unit embodiment 2 of web terminal access of the application.
Embodiment
To enable above-mentioned purpose, the feature and advantage of the application more obvious understandable, with reference to attached
Figure and embodiment are described in further detail to the application.
Web attackers generally using cross-site scripting attack XSS, the SQL injection leak of web services program,
Horizontal authority leak etc. obtains the control authority of web server.
By taking horizontal authority leak as an example, developer is easily habitually in generation database manipulation list
When, the object to be operated ID that it has permission is found out according to the user identity logined successfully, and there is provided entrance
Submit and ask for user, need not now verify other i.e. operable related objects of user right.Due to most
Number the object to be operated ID both be set to from increase integer, as long as attacker add 1 to correlation ID, subtract 1,
Until traversal, it is possible in the case of without verifying authorization, the operation of the object to other associations is obtained
Authority.
Such as Fig. 1 is the operation system processes of research & development schematic diagram of background technology, first according to the exploitation language of company
The code development specification of speech customization safety, and research and develop the specification literary style for judging to be applicable.Writing phase is by researching and developing
Engineer is write, and security audit is carried out to writing result by safety engineer.To defend XSS leaks,
Research and development engineer needs to carry out HTML HTML escapes;Accordingly, safety engineer needs
The corresponding output point of manual examination and verification, or confirm framework default configuration.For defence SQL injection, according to opening
Hair language does corresponding AQL Variable-Bindings;Accordingly, safety engineer needs to check expanding for binding
Markup language xml is opened up, or the artificial code for reading over related to SQL is audited.For level power
Leak is limited, it is necessary to research staff has awareness of safety, the coding-control at corresponding code;Safety engineering
Teacher has no general scheme in examination & verification, is all to audit one by one in most cases.
As can be seen here, the scheme of background technology is thrown the awareness of safety of developer, the manpower of verification stage
Enter and propose higher requirement, and web safety can not be ensured.In view of this, present applicant proposes one
The web terminal access mechanism fully or partially solved the above problems is planted, is specifically described below.
Embodiment of the method 1
Reference picture 2, the step of showing the processing method embodiment 1 that a kind of web terminal of the application is accessed
Flow chart, specifically may include steps of:
Step 101, the access request for web terminal generates feedback data.
Wherein, web terminal can be the client of browser end or other offer web page access, specifically may be used
With applied to mobile terminal (such as mobile phone) or other fixed terminals.
The embodiment of the present application can send to server and visit in the corresponding server implementation of web terminal, web terminal
Request is asked, the access request can be logged on request or by clicking on Web page or access entrance
The access request of (such as button) triggering.
Access request for web terminal can correspond to offer feedback data, for example, anti-for logging request
It is the login page redirected after logining successfully to present data, the web page interlinkage or access entrance for Web page
The feedback data of access request is the web page interlinkage or the corresponding page of access entrance.Feedback data can be by
Operation system is generated according to access request.
Step 102, the feedback data is encrypted using predetermined encryption key.
Encryption described herein can complete feedback data is encrypted or to feedback data
In partial data be encrypted, the variable data in feedback data can be for example encrypted.
For example, former reference address is<A href=" http://suddy.org/abc/dkkrId=49586&name
=suddy ">, to wherein "/abc/dkkrId=49586&name=suddy " is encrypted, and obtains
/ uyYkK8&hrkJY&*5374324523e ", the reference address after encryption is<A href=
“http://suddy.org/uyYkK8&hrkJY&*5374324523e”>;Just like, for<Input name=
" email " type=" text " value=" suddy@suddy.org ">The access parameter " email " included
And " suddy@suddy.org " are encrypted, and respectively obtain " X12d3De4 " and " 7!hHk3kdxyorF”.
The embodiment of the present application can be encrypted using any suitable AES, for example, RSA public keys add
Close algorithm, or DSA rivest, shamir, adelmans, preferably complex algorithm.
Step 103, the feedback data after encryption is sent to the web terminal, for the web terminal root
Server is accessed according to the feedback data after encryption.
For there are some variable datas, such as webpage in the feedback data of web terminal access request in server
Address, access parameter etc., attacker by according to existing web page address or access parameter can structure again
Make new web page address or access parameter, so as to get the access rights to server resource.
And the variable data in feedback data is encrypted using encryption key for the embodiment of the present application, specifically
It can be that feedback data is integrally encrypted or only variable data is encrypted, and use after encryption
Ciphertext replace plaintext in former feedback data so that web terminal is connect according to the variable number after the encryption received
According to server is accessed, attacker can not be carried by changing the access parameter of system variable data configuration newly
High web security, and prevented all kinds of security attack behaviors including horizontal authority leak;Meanwhile,
The requirement to the awareness of safety of developer to operation system development is reduced, human input is reduced
Cost.
Preferably, the encryption key can be the encryption key that this logs in generation for web terminal.
Wherein, logging in can trigger under different scenes, for example, directly logging in, being realized by registering
Login, the switching of overtime identity realizes and the identity handoff scenario such as logs in.
Encryption key can be generated after login, can specifically be given birth to according to any suitable one or more information
Into, only need to ensure its uniqueness.Because the encryption key that the embodiment of the present application is used is only used for web
This login at end, in other words, the variable data through the encryption keys is only when time User logs in
In effectively, second log in after fail so that it is directly invalid from principle to replicate other people link so that
At utmost prevent attacker from distorting request and attempting attack there is provided a kind of tight complete Prevention-Security machine
System.
In the embodiment of the present application, it is preferable that the encryption key is stored in session letter of this this login of correspondence
In breath, accordingly, before being encrypted using predetermined encryption key, this it can also be stepped on according to correspondence
The session identification of record searches corresponding session information, and extracts encryption key from the session information.Will
Encryption key is stored in the session information of this login of correspondence web terminal, the new storage without redistributing
Position, facilitates subsequent extracted.
In the embodiment of the present application, it is preferable that feedback data is encrypted above-mentioned use predetermined encryption key
Can be that the variable data in feedback data is encrypted using predetermined encryption key, accordingly, institute
State and feed back to the web terminal and can include:The variable data of assembly encryption is into the feedback data;Will
The feedback data feeds back to the web terminal.Before being encrypted, first extract and become from feedback data
Data are measured, after encryption, the variable data of encryption is spliced into feedback data again, then by feedback data
Send to web terminal.
Embodiment of the method 2
Reference picture 3, the step of showing the processing method embodiment 2 that a kind of web terminal of the application is accessed
Flow chart, the present embodiment can be performed specifically in web terminal login process, can specifically include following step
Suddenly:
Step 201, after receiving logging request and this logins successfully, correspondence this login is created
Session information and session identification.
In the present embodiment, web terminal initiates logging request to server, and web terminal is carried out in server
Authentication can accordingly create corresponding by rear Successful login, further server for this login
Session information session, the unique session identification sessionid of session information correspondence.
Step 202, for this login generation encryption key of web terminal.
After web terminal is logined successfully, the encryption key for being only used for this login can be further created.
The application preserves this that be uniquely used for for web terminal and logs in encryption key, and encryption key can be with
It is stored in default position.
Encryption key can be generated after login, the random number (random salt that for example this is logged according to correspondence
Salt), or using the server time generation encryption key of this login;Or combine at least one web
Client information and random number and/or server time generation encryption key;It can also add other any suitable
Information, the application is not limited to this.Wherein, random number can be occurred using random random numbers
Device is obtained, by being obtained to seed using complicated algorithm computing;Server time can precisely arrive millisecond
Level, when being applied to the scene of magnanimity access, accurately can be made a distinction to access every time;web
Client information can be the unique identification information of web terminal or other relevant informations of web terminal.
, can be using default algorithm or rule to a variety of letters when combining much information generation encryption key
Breath is combined or computing, and the application is not limited to this.
In the embodiment of the present application, it is preferable that described this login generation encryption for the web terminal is close
Key can include:
Sub-step S11, obtains the unique identification information of the web terminal, corresponds to the random number of this login
And the server time of this login;
Sub-step S13, adds according to the generation of the unique identification information, random number and server time
Key.
Wherein, unique identification information can be logged on the user name of user, ID (such as UID,
User identity is proved), or the current entry address of login user (such as IP address, MAC Address
Deng), or the device identification, such as unique mark user equipment of user equipment residing for web terminal equipment
Coding, the session id of this server generation logged in of correspondence or the session of client generation
The combination of the above-mentioned much informations of id.
Further, according to the generation of unique identification information, random number and server time it is corresponding this log in
Encryption key, specifically can carry out computing to above- mentioned information according to default algorithm and obtain encryption key.Example
Such as, to taking MD5 after unique identification information, random number and server ageing, (the 5th edition information is plucked
Want algorithm) value, MD5 values can also be further taken again to the MD5 values of acquisition, reducing data volume
Also cause that to crack the encryption key increasingly difficult simultaneously.
Or unique identification information and random information according to default rule are combined into encryption key.Specifically
Rule of combination can set according to the actual requirements, for example, connection combination before and after directly, or according to each
It is combined, or two kinds of information is carried out from a part of data are intercepted according to various applicable preset algorithms
One group of new data of computing generation, or obtain combined result with reference to multiple combinations mode.For example, to only
One identification information, random number and server time progress XOR, then take the result of the XOR
8 are used as encryption key afterwards.
Step 203, the encryption key is stored into the session information.
Encryption key is stored into session information, with when this login process needs encryption, or subsequently
To in other access process of server, encryption key is directly extracted from session information.Encryption key can
To be stored in any suitable mode in session information, the application is not limited to this.
Step 204, the logging request for web terminal generates feedback data.
Web ends jump to login page after logining successfully, therefore, server pin after logining successfully
To the detailed content that the data that logging request is fed back are login page.
Step 205, according to correspondence, this session identification logged in searches corresponding session information, and from institute
State and encryption key is extracted in session information.
Server preserves the session information of multiple web terminals, and part web terminal even can correspond to multiple generations
In the session information of different periods, meeting of some web terminal of session identification uniquely tagged in some session period
Information is talked about, some session of the web terminal can be found out from substantial amounts of session information according to session identification
Information.The embodiment of the present application searches session letter of this login of the current web terminal of correspondence according to session identification
Breath, can further extract encryption key from session information.
Step 206, the variable data in the feedback data is encrypted using the encryption key.
Step 207, the feedback data after encryption is sent to the web terminal, for the web terminal root
Server is accessed according to the variable data after encryption.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band
The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used
Variable data in feedback data is encrypted encryption key, so that web terminal is follow-up according to encryption
Variable data afterwards accesses server, and attacker can not be by changing the visit of system variable data configuration newly
Parameter is asked, web security is improved, has prevented all kinds of security attack behaviors including horizontal authority leak;
Meanwhile, the requirement to the awareness of safety of developer to operation system development is reduced, people is reduced
Power input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say
Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in
Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping
Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Embodiment of the method 3
Reference picture 4, the step of showing the processing method embodiment 3 that a kind of web terminal of the application is accessed
Flow chart, the present embodiment can be performed specifically after web terminal login, specifically may include steps of:
Step 301, the access request of web terminal is received, the access request, which is carried, triggers what this was accessed
Encryption data, the encryption data is encrypted using predetermined encryption key.
Wherein encryption data can be the variable data after encryption, the page that web terminal is provided by server
Server is accessed, because variable data therein is encrypted using encryption key, then web terminal base
When the variable data conducts interviews, entrained by access request is also the data after encryption, so that
Attacker can not improve web safety by changing the access parameter of system variable data configuration newly
Property, prevent all kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to business system
Requirement of the development of uniting to the awareness of safety of developer, reduces human input cost.
Step 302, the encryption data is decrypted, and the web terminal is responded based on decrypted result.
Server extracts encryption data from access request, and is decrypted, and is based further on the encryption number
According to generation feedback data, and feedback data response web terminal accordingly.If it should be noted that decryption not into
Work(, then regarding the source of the access request and non-security, can directly abandon and not process.
In the embodiment of the present application, it is preferable that encryption key can be this login generation for web terminal
Encryption key, due to the embodiment of the present application use encryption key be only used for web terminal this login,
In other words, during when encryption data for the variable data after encrypting, the variable number through the encryption keys
According to effective only in time User logs in is worked as, failure after second of login so that replicate other people link from original
It is directly invalid in reason, so as at utmost prevent attacker from distorting request and attempting to attack tight there is provided one kind
Close complete Prevention-Security mechanism.
During specific decryption, decruption key can be extracted from default position.In the embodiment of the present application, preferably
Ground, decruption key is identical with encryption key, that is to say the mode for employing symmetric cryptography.Can be in encryption
Encryption key is preserved in the session information that this is logged in correspondence afterwards, further extracted from session information
Encryption key is used to decrypt.
Specifically, the access request can carry the correspondence session identification that this is logged in, and use
According to the corresponding session information of session identification extraction.
Accordingly, decryption encryption data before, it is necessary to from according to session identification search respective session information,
And the encryption key prestored is extracted from session information.
Accordingly, when decrypting the encryption data, encryption data can be entered according to the encryption key of extraction
Row decryption.
In the embodiment of the present application, it is preferable that methods described can also include:To responding the web terminal sheet
The feedback data of secondary access is encrypted, further by the feedback data for the variable data being packaged with after encryption
Web terminal is sent to, so that the follow-up variable data according to after encryption of web terminal accesses server, is kept away
Exempt from attacker and threaten web safety using variable data.Can be specifically to the variable data in feedback data
It is encrypted, so that web terminal accesses server according to the variable data after encryption, lifts web security.
To make those skilled in the art more fully understand the application, below by way of a specific example to this
The processing method that a kind of web terminal of application embodiment is accessed is illustrated, and with reference to Fig. 5, shows this Shen
The process chart that web terminal is accessed in an example please, including the web access since being logged in web
Process, specifically includes following steps:
Login system generates the key (key1) of the user this time session according to enchancement factor, and the key is random
Generation, for example, user name+server Millisecond time.
Operation system generates the response for being handed down to user;, will further according to the key1 of above-mentioned generation
After all parameters and URL encryptions in this response, response is to user browser.In user's point
The link or button for hitting the page are initiated server to ask, and the parameter and URL that the request is carried are
Ciphertext after encryption.Server decrypts the request for submitting according to the key key1 of the session, if
Successful decryption, then can transfer the processing of backend services system, if decryption failure, directly be considered as abnormal lose
Abandon.
The above-mentioned handling process of correspondence, a system architecture for implementing the embodiment of the present application is shown with reference to Fig. 6
Figure.So that web terminal is user browser as an example, compared to the scheme of prior art, user browser with
The functional module of increase generation key, sends in user browser between the original operation system of server
After request, generate key for this login and write conversation message, it will words mark and access request
Send in the lump to original operation system, to obtain feedback data.Unification of the increase for general frame simultaneously
Encryption and decryption layer, on the one hand, sent after the variable data in request is decrypted using key to original
Operation system, on the other hand, is added using key to the variable data in the response of original operation system
User browser is fed back to after close again.
Show that web terminal and the interaction of server are illustrated in the example of the application with reference to Fig. 7
Figure, increases web Prevention-Security modules, wherein, account authentication module, web Prevention-Security modules
Same server or same server cluster, account body can be deployed in backend services service module
Part authentication module and web Prevention-Securities module can be deployed on front-end server, backend services service mould
Block can be deployed on back-end server.
Specific interaction is divided into login process and normal access process.
Wherein, login process specifically includes following steps:
1.1st, user browser is logged in by sending account name and password request.
1.2nd, whether account authentication module checking account name and password are correct, if correctly, it is determined that step on
The session and corresponding sessionid of login sessions are recorded successfully and create, conversely, then feeding back account name
And code error, point out user to re-enter.
1.3rd, account authentication module is by sessionid, the number ID (uid) of the login user
And the server time time logged in is sent to web Prevention-Security modules.
1.4th, web Prevention-Securities module generates encryption key according to uid, time and random salt salt
Key=md5 (md5 (uid+time+salt)), and by key storages into the corresponding session of the session.
1.5th, web Prevention-Securities module notifies encryption key key generation to complete, and by this session
Sessionid and log in after the URL that redirects send to backend services service module.
1.6th, backend services service module needs the response rendered for the URL generations redirected after logging in
In the variable used, further obtain the key in session, output will be needed using RSA cryptographic algorithms
Variable encryption into response, i.e. URL/Param=RSA (" URL/Param ", key).
1.7th, backend services service module renders assembled response using the URL and Param after encryption,
And feed back to web terminal.
Normal access process specifically includes following steps:
2.1st, it is ciphertext that web terminal sends request, wherein URL and Param to service end.
2.2nd, the sessionID that web Prevention-Securities module is carried according to access request extracts correspondence session
The encryption key of middle storage, and the URL in request and Param is forced to decrypt, decryption failure is then lost
Abandon, then rear end business service module transmits the request of successful decryption in plain text to successful decryption.
2.3rd, backend services service module carries out business logic processing, and generating needs according to request renders
Response in the variable used.
2.4th, backend services service module further extracts the key in session, it would be desirable to output
Variable encryption in response, i.e. URL/Param=RSA (" URL/Param ", key).
2.5th, backend services service module renders assembled response using the URL and Param after encryption,
And feed back to web terminal.
It should be noted that for embodiment of the method, in order to be briefly described, therefore it is all expressed as into one
The combination of actions of series, but those skilled in the art should know, the embodiment of the present application is not by institute
The limitation of the sequence of movement of description, because according to the embodiment of the present application, some steps can use other
Order is carried out simultaneously.Secondly, those skilled in the art should also know, described in the specification
Embodiment belong to preferred embodiment, involved action not necessarily the embodiment of the present application must
Must.
Device embodiment 1
Reference picture 8, shows the structure for the processing unit embodiment 1 that a kind of web terminal of the application is accessed
Block diagram, can specifically include following module:
Feedback data generation module 401, feedback data is generated for the access request for web terminal;
Encrypting module 402, for the feedback data to be encrypted using predetermined encryption key;
Feedback module 403, for the feedback data after encryption to be sent to the web terminal, for described
Web terminal accesses server according to the feedback data after encryption.
In the embodiment of the present application, it is preferable that the encryption key is this login for the web terminal
The encryption key of generation.
In the embodiment of the present application, it is preferable that the encryption key is stored in session letter of this this login of correspondence
In breath;Described device can also include Key Acquisition Module, in the use predetermined encryption key pair
Before the feedback data is encrypted, according to correspondence, this session identification logged in searches corresponding session
Information, and extract encryption key from the session information.
In the embodiment of the present application, it is preferable that the access request is logging request, described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key
Before, for this login generation encryption key of the web terminal.
In the embodiment of the present application, it is preferable that the key production module includes:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login
Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time
Into the encryption key.
In the embodiment of the present application, it is preferable that the unique identification information includes the user of the login user
At least one of ID, entry address and user equipment residing for the web terminal device identification, it is described with
Machine information includes and this login at least one of corresponding server time and random number.
In the embodiment of the present application, it is preferable that described device also includes:
Creation module, for it is described for the web terminal this log in generation encryption key before,
After this is logined successfully, the session information and session identification of this login of correspondence are created;
Described device also includes:
Memory module, for after described this login generation encryption key for the web terminal, inciting somebody to action
The encryption key is stored into the session information.
In the embodiment of the present application, it is preferable that the encrypting module, specifically for using predetermined encryption key
Variable data in the feedback data is encrypted;The feedback module includes:
Assembled submodule, the variable data for assembly encryption is into the feedback data;
Data feedback submodule, for the feedback data to be fed back into the web terminal.
In the embodiment of the present application, it is preferable that the variable data includes web page address and/or accesses parameter,
The encryption uses RSA public key encryption algorithms.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band
The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used
Variable data in feedback data is encrypted encryption key, and the variable data in feedback data is entered
Row encryption, can cause web terminal follow-up and access server according to the variable data after encryption, attacker without
Method improves web security, prevented by changing the access parameter of system variable data configuration newly
All kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to operation system development
Requirement to the awareness of safety of developer, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say
Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in
Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping
Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
Device embodiment 2
Reference picture 9, shows the structure for the processing unit embodiment 2 that a kind of web terminal of the application is accessed
Block diagram, can specifically include following module:
Request receiving module 501, the access request for receiving web terminal, the access request, which is carried, to be touched
The encryption data of this access is sent out, the encryption data is encrypted using predetermined encryption key;
Deciphering module 502, for decrypting the encryption data;
Respond module 503, for responding the web terminal based on decrypted result.
In the embodiment of the present application, it is preferable that the encryption data is the variable data after encryption.
In the embodiment of the present application, it is preferable that the encryption key is this login for the web terminal
The encryption key of generation.
In the embodiment of the present application, it is preferable that the access request carries the correspondence session that this is logged in
Mark;
Described device also includes:
Session information searching modul, for before the decryption encryption data, from according to the meeting
Talk about identifier lookup respective session information;
Key extraction module, for extracting the encryption key prestored from the session information;
The deciphering module, is solved specifically for the encryption key according to extraction to the encryption data
It is close.
In the embodiment of the present application, it is preferable that described device also includes:
Encrypting module, is encrypted for this feedback data accessed to the response web terminal.
Framework adjustment of the embodiment of the present application based on server easily solves operation system research and development may band
The web safety problems come, specifically, the access request for web terminal generates feedback data, and are used
Variable data in feedback data is encrypted encryption key, and the variable data in feedback data is entered
Row encryption, can cause web terminal follow-up and access server according to the variable data after encryption, attacker without
Method improves web security, prevented by changing the access parameter of system variable data configuration newly
All kinds of security attack behaviors including horizontal authority leak;Meanwhile, reduce to operation system development
Requirement to the awareness of safety of developer, reduces human input cost.
Also, the encryption key that the embodiment of the present application is used is only used for this login of web terminal, that is to say
Say, the variable data through the encryption keys is effective only in time User logs in is worked as, after second logs in
Failure so that replicate other people link from principle directly it is invalid, so as at utmost prevent attacker from usurping
Changing request trial attack, there is provided a kind of tight complete Prevention-Security mechanism.
For device embodiment, because it is substantially similar to embodiment of the method, so the ratio of description
Relatively simple, the relevent part can refer to the partial explaination of embodiments of method.
Each embodiment in this specification is described by the way of progressive, and each embodiment is stressed
Be all between difference with other embodiment, each embodiment identical similar part mutually referring to
.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present application can be provided as method, dress
Put or computer program product.Therefore, the embodiment of the present application can using complete hardware embodiment, completely
The form of embodiment in terms of software implementation or combination software and hardware.Moreover, the embodiment of the present application
Can use can be situated between in one or more computers for wherein including computer usable program code with storage
The computer journey that matter is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of sequence product.
In a typical configuration, the computer equipment includes one or more processors
(CPU), input/output interface, network interface and internal memory.Internal memory potentially includes computer-readable Jie
Volatile memory in matter, the shape such as random access memory (RAM) and/or Nonvolatile memory
Formula, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is showing for computer-readable medium
Example.Computer-readable medium includes permanent and non-permanent, removable and non-removable media can
To realize that information is stored by any method or technique.Information can be computer-readable instruction, number
According to structure, the module of program or other data.The example of the storage medium of computer includes, but not
It is limited to phase transition internal memory (PRAM), static RAM (SRAM), dynamic randon access to deposit
Reservoir (DRAM), other kinds of random access memory (RAM), read-only storage (ROM),
Electrically Erasable Read Only Memory (EEPROM), fast flash memory bank or other memory techniques,
Read-only optical disc read-only storage (CD-ROM), digital versatile disc (DVD) or other optical storages,
Magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus or any other non-transmitting are situated between
Matter, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include the computer readable media (transitory media) of non-standing, such as the number of modulation
It is believed that number and carrier wave.
The embodiment of the present application is with reference to according to the method for the embodiment of the present application, terminal device (system) and meter
The flow chart and/or block diagram of calculation machine program product is described.It should be understood that can be by computer program instructions
Each flow and/or square frame and flow chart and/or square frame in implementation process figure and/or block diagram
The combination of flow and/or square frame in figure.Can provide these computer program instructions to all-purpose computer,
The processor of special-purpose computer, Embedded Processor or other programmable data processing terminal equipments is to produce
One machine so that pass through the computing devices of computer or other programmable data processing terminal equipments
Instruction produce be used to realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The device for the function of being specified in multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable datas to handle
In the computer-readable memory that terminal device works in a specific way so that be stored in this computer-readable
Instruction in memory, which is produced, includes the manufacture of command device, and command device realization is in flow chart one
The function of being specified in flow or multiple flows and/or one square frame of block diagram or multiple square frames.
These computer program instructions can also be loaded into computer or other programmable data processing terminals are set
It is standby upper so that series of operation steps is performed on computer or other programmable terminal equipments in terms of producing
The processing that calculation machine is realized, so that the instruction performed on computer or other programmable terminal equipments provides use
In realization in one flow of flow chart or multiple flows and/or one square frame of block diagram or multiple square frames
The step of function of specifying.
Although having been described for the preferred embodiment of the embodiment of the present application, those skilled in the art are once
Basic creative concept is known, then other change and modification can be made to these embodiments.So,
Appended claims are intended to be construed to include preferred embodiment and fall into the institute of the embodiment of the present application scope
Have altered and change.
Finally, in addition it is also necessary to explanation, herein, such as first and second or the like relation art
Language is used merely to make a distinction an entity or operation with another entity or operation, and not necessarily
It is required that or implying between these entities or operation there is any this actual relation or order.And
And, term " comprising ", "comprising" or its any other variant are intended to the bag of nonexcludability
Contain, so that process, method, article or terminal device including a series of key elements not only include
Those key elements, but also other key elements including being not expressly set out, or also include being this mistake
Journey, method, article or the intrinsic key element of terminal device.In the absence of more restrictions,
The key element limited by sentence "including a ...", it is not excluded that the process including the key element,
Also there is other identical element in method, article or terminal device.
The processing method and processing device accessed above a kind of web terminal provided herein, has been carried out in detail
Thin to introduce, specific case used herein is set forth to the principle and embodiment of the application,
The explanation of above example is only intended to help and understands the present processes and its core concept;Meanwhile,
For those of ordinary skill in the art, according to the thought of the application, in embodiment and application
It will change in scope, in summary, this specification content should not be construed as to the application's
Limitation.
Claims (20)
1. the processing method that a kind of web terminal is accessed, it is characterised in that including:
Access request for web terminal generates feedback data;
The feedback data is encrypted using predetermined encryption key;
Feedback data after encryption is sent to the web terminal, for the web terminal according to encryption after
Feedback data accesses server.
2. according to the method described in claim 1, it is characterised in that the encryption key is for institute
State the encryption key of this login generation of web terminal.
3. method according to claim 2, it is characterised in that the encryption key is stored in pair
In the session information for answering this this login;
Before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped
Include:
Session identification according to this login is corresponded to searches corresponding session information, and from the session information
Middle extraction encryption key.
4. method according to claim 2, it is characterised in that the access request please to log in
Ask, before the feedback data is encrypted the use predetermined encryption key, methods described is also wrapped
Include:
For this login generation encryption key of the web terminal.
5. method according to claim 4, it is characterised in that described for the web terminal
This, which logs in generation encryption key, includes:
Obtain the unique identification information of the web terminal, the random number for corresponding to this login and this login
Server time;
The encryption key is generated according to the unique identification information, random number and server time.
6. method according to claim 5, it is characterised in that the unique identification information includes
The equipment mark of the ID of the login user, entry address and user equipment residing for the web terminal
Know at least one of, the random information include with this login corresponding server time and random number
It is at least one.
7. method according to claim 4, it is characterised in that be directed to the web terminal described
This is logged in before generation encryption key, and methods described also includes:
After this is logined successfully, the session information and session identification of this login of correspondence are created;
After described this login generation encryption key for the web terminal, methods described also includes:
The encryption key is stored into the session information.
8. according to the method described in claim 1, it is characterised in that the use predetermined encryption key
The feedback data is encrypted including:
The variable data in the feedback data is encrypted using predetermined encryption key;
The feedback data by after encryption, which is sent to the web terminal, to be included:
The variable data of assembly encryption is into the feedback data;
The feedback data is fed back into the web terminal.
9. method according to claim 8, it is characterised in that the variable data includes webpage
Address and/or access parameter, the encryption use RSA public key encryption algorithms.
10. the processing method that a kind of web terminal is accessed, it is characterised in that including:
The access request of web terminal is received, the access request carries the encryption data of this access of triggering,
The encryption data is encrypted using predetermined encryption key;
The encryption data is decrypted, and the web terminal is responded based on decrypted result.
11. method according to claim 10, it is characterised in that the encryption data is encryption
Variable data afterwards, encryption of the encryption key to log in generation for this of the web terminal is close
Key.
12. method according to claim 10, it is characterised in that the access request carrying pair
Should the session identification that this is logged in;
Before the decryption encryption data, methods described also includes:
Respective session information is searched from according to the session identification, and extracts advance from the session information
The encryption key of storage;
The decryption encryption data includes:
The encryption data is decrypted according to the encryption key of extraction.
13. method according to claim 10, it is characterised in that methods described also includes:
To the response web terminal, this feedback data accessed is encrypted.
14. the processing unit that a kind of web terminal is accessed, it is characterised in that including:
Feedback data generation module, feedback data is generated for the access request for web terminal;
Encrypting module, for the feedback data to be encrypted using predetermined encryption key;
Feedback module, for the feedback data after encryption to be sent to the web terminal, for the web
Hold and server is accessed according to the feedback data after encryption.
15. device according to claim 14, it is characterised in that the encryption key be for
This of the web terminal logs in the encryption key generated.
16. device according to claim 15, it is characterised in that the encryption key is stored in
In the session information of this this login of correspondence;
Described device also includes:
Key Acquisition Module, for the feedback data to be encrypted in the use predetermined encryption key
Before, according to correspondence, this session identification logged in searches corresponding session information, and believes from the session
Encryption key is extracted in breath.
17. device according to claim 14, it is characterised in that the access request is login
Request, described device also includes:
Key production module, for the feedback data to be encrypted in the use predetermined encryption key
Before, for this login generation encryption key of the web terminal.
18. device according to claim 17, it is characterised in that the key production module bag
Include:
Acquisition of information submodule, for obtaining the unique identification information of the web terminal, corresponding to this login
Random number and this log in server time;
Key generates submodule, for being given birth to according to the unique identification information, random number and server time
Into the encryption key.
19. device according to claim 18, it is characterised in that the unique identification information bag
The equipment for including user equipment residing for ID, entry address and the web terminal of the login user
At least one of mark, the random information includes and this corresponding server time of login and random number
At least one of.
20. the processing unit that a kind of web terminal is accessed, it is characterised in that including:
Request receiving module, the access request for receiving web terminal, the access request carries triggering originally
The encryption data of secondary access, the encryption data is encrypted using predetermined encryption key;
Deciphering module, for decrypting the encryption data;
Respond module, for responding the web terminal based on decrypted result.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610201940.6A CN107294921A (en) | 2016-03-31 | 2016-03-31 | The processing method and processing device that a kind of web terminal is accessed |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610201940.6A CN107294921A (en) | 2016-03-31 | 2016-03-31 | The processing method and processing device that a kind of web terminal is accessed |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107294921A true CN107294921A (en) | 2017-10-24 |
Family
ID=60087871
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610201940.6A Pending CN107294921A (en) | 2016-03-31 | 2016-03-31 | The processing method and processing device that a kind of web terminal is accessed |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107294921A (en) |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819579A (en) * | 2017-12-13 | 2018-03-20 | 西安Tcl软件开发有限公司 | A kind of processing method, server and the computer-readable recording medium of user's request |
CN108737531A (en) * | 2018-05-11 | 2018-11-02 | 北京奇艺世纪科技有限公司 | A kind of method and apparatus of business processing |
CN109547426A (en) * | 2018-11-14 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Service response method and server |
CN109873818A (en) * | 2019-02-01 | 2019-06-11 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of method and system preventing unauthorized access server |
CN110049032A (en) * | 2019-04-09 | 2019-07-23 | 有光创新(北京)信息技术有限公司 | A kind of the data content encryption method and device of two-way authentication |
CN111541758A (en) * | 2020-04-17 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Page updating method and device |
CN113709188A (en) * | 2021-10-27 | 2021-11-26 | 北京蓝莓时节科技有限公司 | Session control information processing method, device, system and storage medium |
CN113935059A (en) * | 2021-12-16 | 2022-01-14 | 国网浙江省电力有限公司杭州供电公司 | Dynamic encryption method and device suitable for financial data and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1801824A (en) * | 2006-01-16 | 2006-07-12 | 北京北方烽火科技有限公司 | Anti-theft chain method for WEB service |
US20070136809A1 (en) * | 2005-12-08 | 2007-06-14 | Kim Hwan K | Apparatus and method for blocking attack against Web application |
CN103229181A (en) * | 2010-10-13 | 2013-07-31 | 阿卡麦科技公司 | Protecting websites and website users by obscuring URLs |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
CN104639503A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | Method, devices and system for protecting sensitive information |
-
2016
- 2016-03-31 CN CN201610201940.6A patent/CN107294921A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070136809A1 (en) * | 2005-12-08 | 2007-06-14 | Kim Hwan K | Apparatus and method for blocking attack against Web application |
CN1801824A (en) * | 2006-01-16 | 2006-07-12 | 北京北方烽火科技有限公司 | Anti-theft chain method for WEB service |
CN103229181A (en) * | 2010-10-13 | 2013-07-31 | 阿卡麦科技公司 | Protecting websites and website users by obscuring URLs |
CN104639503A (en) * | 2013-11-11 | 2015-05-20 | 国际商业机器公司 | Method, devices and system for protecting sensitive information |
CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819579A (en) * | 2017-12-13 | 2018-03-20 | 西安Tcl软件开发有限公司 | A kind of processing method, server and the computer-readable recording medium of user's request |
CN107819579B (en) * | 2017-12-13 | 2021-08-24 | 西安Tcl软件开发有限公司 | User request processing method, server and computer readable storage medium |
CN108737531A (en) * | 2018-05-11 | 2018-11-02 | 北京奇艺世纪科技有限公司 | A kind of method and apparatus of business processing |
CN109547426A (en) * | 2018-11-14 | 2019-03-29 | 腾讯科技(深圳)有限公司 | Service response method and server |
CN109873818A (en) * | 2019-02-01 | 2019-06-11 | 湖南快乐阳光互动娱乐传媒有限公司 | A kind of method and system preventing unauthorized access server |
CN110049032A (en) * | 2019-04-09 | 2019-07-23 | 有光创新(北京)信息技术有限公司 | A kind of the data content encryption method and device of two-way authentication |
CN111541758A (en) * | 2020-04-17 | 2020-08-14 | 支付宝(杭州)信息技术有限公司 | Page updating method and device |
CN113709188A (en) * | 2021-10-27 | 2021-11-26 | 北京蓝莓时节科技有限公司 | Session control information processing method, device, system and storage medium |
CN113935059A (en) * | 2021-12-16 | 2022-01-14 | 国网浙江省电力有限公司杭州供电公司 | Dynamic encryption method and device suitable for financial data and storage medium |
CN113935059B (en) * | 2021-12-16 | 2022-03-15 | 国网浙江省电力有限公司杭州供电公司 | Dynamic encryption method and device suitable for financial data and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107294921A (en) | The processing method and processing device that a kind of web terminal is accessed | |
US11888974B1 (en) | Secret sharing information management and security system | |
Zhang et al. | Cryptographic public verification of data integrity for cloud storage systems | |
Miculan et al. | Formal analysis of Facebook Connect single sign-on authentication protocol | |
CN109792386A (en) | Method and apparatus for trust computing | |
CN106341493A (en) | Entity rights oriented digitalized electronic contract signing method | |
KR20210017432A (en) | Apparatus and method for managing personal information based on blockchain | |
CN105450413B (en) | A kind of setting method of password, device and system | |
US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
CN106685973A (en) | Method and device for remembering log in information, log in control method and device | |
Mishra et al. | An anonymous and secure biometric‐based enterprise digital rights management system for mobile environment | |
Bhargavan et al. | Verified implementations of the information card federated identity-management protocol | |
Armando et al. | Model-checking driven security testing of web-based applications | |
CN114946152A (en) | Decentralized techniques for authenticating data in transport layer security and other contexts | |
CN109614825A (en) | Contract Signing method, apparatus, computer equipment and storage medium | |
CN115580413B (en) | Zero-trust multi-party data fusion calculation method and device | |
Brandão et al. | Toward Mending Two Nation-Scale Brokered Identification Systems. | |
CN108011717A (en) | A kind of method, apparatus and system for asking user data | |
CN104683327A (en) | Method for detecting safety of user login interface of Android software | |
Dadeau et al. | Model‐based mutation testing from security protocols in HLPSL | |
CN105516066A (en) | Method and device for identifying existence of intermediary | |
Rocchetto et al. | Model-based detection of CSRF | |
CN110166471A (en) | A kind of portal authentication method and device | |
Mazmudar et al. | Mitigator: Privacy policy compliance using trusted hardware | |
Jordan et al. | Viceroy: Gdpr-/ccpa-compliant enforcement of verifiable accountless consumer requests |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20171024 |
|
RJ01 | Rejection of invention patent application after publication |