CN108712367A - A kind of message processing method, device and equipment - Google Patents
A kind of message processing method, device and equipment Download PDFInfo
- Publication number
- CN108712367A CN108712367A CN201810264579.0A CN201810264579A CN108712367A CN 108712367 A CN108712367 A CN 108712367A CN 201810264579 A CN201810264579 A CN 201810264579A CN 108712367 A CN108712367 A CN 108712367A
- Authority
- CN
- China
- Prior art keywords
- address
- domain name
- http
- message
- address information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
An embodiment of the present invention provides a kind of message processing method, device and equipment, method includes:Receive the HTTP message that HTTP server is sent, URL in the HTTP message the first address informations carried are compared with the second address information of the HTTP server, if the two is different, which is determined as invalid packet, default processing is carried out for invalid packet;The address information in reference address field in the aggressive code of CSRF attack messages is different from the address information of server of message is sent, address information can be domain name or IP address, the address information for the website Web1 for namely including in " URL of the websites src=Web1 " is different from the address information of website Web2, both is compared, it can identify CSRF attack messages, the processing such as abandoned or alerted for CSRF attack messages, the protection attacked CSRF is realized, security risk is reduced.
Description
Technical field
The present invention relates to fields of communication technology, more particularly to a kind of message processing method, device and equipment.
Background technology
CSRF (Cross-Site Request Forgery, cross-site request is forged, or is abbreviated as XSRF) attack,
By the malicious exploitation to website, larger security risk is brought to user.The Attack Theory of CSRF attacks is lifted below
Example explanation:
Assuming that user by terminal device browser access legitimate site Web1, had input in the Web1 of website user name,
The personal information such as password;Website Web1 generates Cookie according to the personal information, which is added in back message, will
The back message is sent to browser;Illegal website Web2 is opened while user opens website Web1 in a browser again,
After website Web2 receives the access request of user, the back message for carrying aggressive code is sent to browser, this is attacked
Include " the URL of the websites src=Web1 in hitting property codeOperating parameter sequence ", the field after " src=" can be understood as drawing
With address field, reference address field includes the address information of reference, and the address information of reference can be IP address, Huo Zheye
It can be domain name, the address information of website Web1, the address information are included in " URL (uniform resource locator) of website Web1 "
Can be the domain name or IP address of website Web1;It, can be in the unwitting feelings of user after browser receives the aggressiveness code
Under condition, according to the request of illegal website Web2, the message for carrying the Cookie is sent to legitimate site Web1;Legitimate site
After Web1 receives the message for carrying Cookie, the message can be handled according to the permission of the user, that is to say, that non-
Net of justice station Web2 accesses legitimate site Web1 using the permission of user;In this way, larger security risk can be brought to user.
Invention content
The embodiment of the present invention is designed to provide a kind of message processing method, device and equipment, is attacked to CSRF with realizing
The protection hit reduces security risk.
In order to achieve the above objectives, an embodiment of the present invention provides a kind of message processing methods, are applied to safeguard, packet
It includes:
Receive the HTTP message that HTTP server is sent;
Obtain the first address information that the URL in the HTTP message is carried;
Determine the second address information of the HTTP server;
Judge whether first address information different from second address information;
If it is present the HTTP message is determined as invalid packet, default processing is carried out for the invalid packet.
In order to achieve the above objectives, the embodiment of the present invention additionally provides a kind of message process device, which is characterized in that is applied to
Safeguard, including:
First receiving module, the HTTP message for receiving HTTP server transmission;
First acquisition module, the first address information for obtaining the carryings of the URL in the HTTP message;
First determining module, the second address information for determining the HTTP server;
First judgment module, for judging whether first address information different from second address information;
Processing module, it is in the case of for being in the first judgment module judging result, the HTTP message is true
It is set to invalid packet, default processing is carried out for the invalid packet.
In order to achieve the above objectives, the embodiment of the present invention additionally provides a kind of electronic equipment, including processor, communication interface,
Memory and communication bus, wherein processor, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any of the above-described kind of message processing method.
In order to achieve the above objectives, the embodiment of the present invention additionally provides a kind of computer readable storage medium, the computer
Computer program is stored in readable storage medium storing program for executing, the computer program realizes any of the above-described kind of message when being executed by processor
Processing method.
Using illustrated embodiment of the present invention, the HTTP message that HTTP server is sent is received, by the URL in the HTTP message
The first address information carried is compared with the second address information of the HTTP server for sending the message, if the two is not
Together, then the message is determined as invalid packet, default processing is carried out for the invalid packet;The aggressive generation of CSRF attack messages
The address information in reference address field in code is different with the transmission address information of server of message, which can be with
Address information for the website Web1 that includes in domain name or IP address, that is, " URL of the websites src=Web1 " and website
The address information of Web2 is different, both is compared, can identify CSRF attack messages, for the CSRF attack messages
It the processing such as is abandoned or is alerted, realize the protection attacked CSRF, reduce security risk.
Description of the drawings
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technology description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
Obtain other attached drawings according to these attached drawings.
Fig. 1 is the first flow diagram of message processing method provided in an embodiment of the present invention;
Fig. 2 is second of flow diagram of message processing method provided in an embodiment of the present invention;
Fig. 3 is a kind of application scenarios schematic diagram provided in an embodiment of the present invention;
Fig. 4 is that a kind of CSRF detection modules provided in an embodiment of the present invention execute flow diagram;
Fig. 5 is a kind of structural schematic diagram of message process device provided in an embodiment of the present invention;
Fig. 6 is the structural schematic diagram of a kind of electronic equipment provided in an embodiment of the present invention.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
In order to solve the above-mentioned technical problem, an embodiment of the present invention provides a kind of message processing method, device and electronics to set
Standby, this method and device can be applied to safeguard, which can be terminal device, alternatively, the safeguard
Can be the other equipment being connect with terminal equipment in communication, which carries out security protection to the terminal device.The terminal
Equipment can be the various electronic equipments such as mobile phone, tablet computer, desktop computer, not limit specifically.
A kind of message processing method provided in an embodiment of the present invention is described in detail first below.
Fig. 1 is the first flow diagram of message processing method provided in an embodiment of the present invention, including:
S101:Receive what HTTP (hypertext transfer protocol, HyperText Transfer Protocol) server was sent
HTTP message.
For example, terminal device first can send HTTP request message to server, and server is receiving the HTTP
After request message, HTTP message is fed back to terminal device, the HTTP message can be handled using the embodiment of the present invention.
S102:Obtain the first address information that the URL in the HTTP message is carried.
For example, the field in URL after " src=" can be understood as reference address field, in reference address field
Address information including reference, the address information of reference can be IP address, either or domain name by the IP address or
Domain name is as the first address information.If including multiple " src=" in HTTP message, multiple first address letters are got
Breath.
S103:Determine the second address information of the HTTP server.
In order to which aspect describes, the address informations carried of the URL in HTTP message are known as the first address information, HTTP is taken
The address information of business device is known as the second address information.
If the first address information is IP address, the source IP address of the HTTP message can be determined as to the second address letter
Breath.
If the first address information is domain name, the source IP address that the HTTP message can be searched from session entry corresponds to
Domain name;The corresponding domain name of the source IP address is determined as the second address information.Wherein, session entry includes IP address and IP
The corresponding domain name in address.
In general, IP address is generally included in session entry, further includes that IP address is corresponding in session entry here
Domain name.Specifically, the process for establishing session entry may include:Obtain the first HTTP request message that terminal device is sent;Root
The first domain name is determined according to the URL in the first HTTP request message;First domain name is added to the first HTTP to ask
It asks in the corresponding session entry of message.
For example, securing software can be installed in terminal device, which executes this programme, obtains terminal and sets
The standby HTTP request message sent to server, reads the URL in the HTTP request message, determines the domain name that the URL is determined, will
Identified domain name is added in session entry;In this way, session entry includes IP address and its corresponding domain name.
As another example, an independent safeguard can be set except terminal device, which executes we
Case obtains the HTTP request message that terminal device is sent to server, reads the URL in the HTTP request message, determine the URL
Determining domain name, and the domain name determined is added in session entry.
It is understood that if the URL in HTTP request message carries domain name, the domain name is directly added to conversational list
Xiang Zhong.If the URL in HTTP request message carries IP address, it can determine that the IP address corresponds to by domain name reverse resolution
Domain name, do not limit specifically.
S104:First address information different from second address information is judged whether, if it does, executing
S105。
S105:The HTTP message is determined as invalid packet, default processing is carried out for the invalid packet.
As described above, the first address information read can there are one, it is possibility to have it is multiple.There are one if, directly
It connects and judges whether the first address information and second address information are identical, if it is different, then the HTTP message is determined as illegally
Message, that is, determine that the HTTP message is CSRF attack messages, if identical, it is determined that the HTTP message is legal message.
If there is multiple, then multiple first address informations are compared with second address information respectively, if there is
One or more first address informations different from second address information, then be determined as invalid packet by the HTTP message,
Just it is to determine that the HTTP message is CSRF attack messages.
The processing mode for invalid packet can be preset, for example abandons, show warning information, etc. to user,
It does not limit specifically.If it is determined that HTTP message is invalid packet, then according to the processing mode, at the HTTP message
Reason.
It as an implementation, can be first in the protection table pre-established in the case where S104 judging results are to be
In, search first address information different from second address information;If found, then execute S105.
It can be easier to the server domain name attacked and/or IP address comprising some in protection list item, for example, bank's net
Domain name and IP address, the domain name of shopping website and IP address for standing etc., these websites are related to user's personal information and property peace
Entirely, these websites can be directed to and generates protection list item.
For example, input interface can be set, and user can be by these with needing the server domain name protected and/or IP
Location is input to the input interface, according to server domain name input by user and/or IP address, generates protection list item.
Alternatively, another way can also be used to establish protection list item, can specifically include:
Obtain the second HTTP request message that terminal device is sent;It is true according to the URL in the second HTTP request message
Fixed second domain name;Addition protection list item, the protection list item include in protecting table:The destination IP of the second HTTP request message
Address and second domain name.
In order to distinguish description, the above-mentioned list item established that inputted according to user is known as static protection list item, by above-mentioned basis
The list item established that interacts of terminal device and second server is known as dynamic protection list item, in other words, above-mentioned to pre-establish
Protection table may include static protection table and/or dynamic protection table.
In order to distinguish description, the HTTP request message being related to when establishing dynamic protection list item is known as the second HTTP request report
The HTTP request message being related to when establishing session entry is known as the first HTTP request message by text, the first HTTP request message with
Second HTTP request message can be identical message, or different messages.
For example, it can be sent to the HTTP request message of server with monitor terminal equipment, read HTTP request message
In URL:If carrying domain name in the URL, dynamic protection list item is added in dynamic protection table, in the dynamic protection list item
Include the purpose IP address of the domain name and the HTTP request message that are carried in the URL;If carrying IP address in the URL,
By domain name reverse resolution, the corresponding domain name of the IP address is determined, dynamic protection list item is added in dynamic protection table, the dynamic
Protection list item includes the purpose IP address of the corresponding domain name of the IP address and the HTTP request message determined.
, can be simultaneously in such a way that above two establish protection list item in the case of one kind, in other words, above-mentioned protection table was both
Include dynamic protection table again including static state protection table.
In this case, before adding dynamic protection list item in dynamic protection table, it can first protect in table, look into static state
Look for the purpose IP address of the second HTTP request message and second domain name;If do not found, then add in dynamic protection table
Add dynamic protection list item;If found, dynamic protection list item need not be added in dynamic protection table again.In this way, avoiding
Establish the dynamic protection list item repeated.
Alternatively, as another embodiment, after getting the second HTTP request message, described second can be first judged
Whether include Cookie in HTTP request message;If including being protected in table in static state, the second HTTP request message is searched
Purpose IP address and second domain name;If do not found, then dynamic protection list item is added in dynamic protection table.
It will be understood by those skilled in the art that being tracked to distinguish user identity or carry out session (session), clothes
Be engaged in device would generally in terminal device stored cookie, Cookie is what the private data based on user generated, if HTTP is asked
Ask in message includes Cookie, then it represents that needs protect the destination address of the request message.In present embodiment, for
Including the HTTP request message of Cookie establishes protection list item, protect the specific aim of list item stronger.
As an implementation, another way can also be used to establish static protection list item, it, will in order to distinguish description
The above-mentioned static protection list item established that inputted according to user is known as the first static protection list item, quiet by being established using following manner
State protection list item is known as the second static protection list item:
Obtain preconfigured domain name;DNS request message is sent to name server, the DNS request carries described pre-
The domain name first configured;The DNS response messages that domain name server is sent are received, are pre-configured with described in the response message carrying
The corresponding IP address of domain name;The static protection list item of addition second in the static protection table, the described second static protection table
Include:The preconfigured domain name and the corresponding IP address of the preconfigured domain name.
Name server i.e. DNS (Domain Name System, domain name system) server, pass through dns server
Domain name (domain name) can be converted into corresponding IP address.In present embodiment, user can only configure domain name, and
The corresponding IP address of domain name is obtained by dns server, according to the domain name and the static protection list item of corresponding foundation.This embodiment party
In formula, user need not be manually entered IP address, and experience is more preferably.
As an implementation, can also include the second HTTP request message pair in the dynamic protection list item of above-mentioned foundation
The session identification (ID) answered;In this way, when the corresponding session of the session id is deleted, it includes to be somebody's turn to do that can be deleted from dynamic protection table
The dynamic protection list item of session id.
In present embodiment, dynamic protection list item is deleted in time, saves memory space, improves entry lookup efficiency.
Using embodiment illustrated in fig. 1 of the present invention, the HTTP message that HTTP server is sent is received, it will be in the HTTP message
The first address information that URL is carried is compared with the second address information of the HTTP server for sending the message, if the two
The message is then determined as invalid packet by difference, and default processing is carried out for the invalid packet;The aggressiveness of CSRF attack messages
The address information in reference address field in code is different from the address information of server of message is sent, which can
Think address information and the website of the website Web1 for including in domain name or IP address, that is, " URL of the websites src=Web1 "
The address information of Web2 is different, both is compared, can identify CSRF attack messages, realizes and attacks CSRF
Protection, reduces security risk.
Fig. 2 is second of flow diagram of message processing method provided in an embodiment of the present invention, including:
S201:Receive the HTTP message that HTTP server is sent.
S202:Obtain the first address information that the URL in the HTTP message is carried.
For example, the field in URL after " src=" can be understood as reference address field, in reference address field
Address information including reference, the address information of reference can be IP address, either or domain name by the IP address or
Domain name is as the first address information.If including multiple " src=" in HTTP message, multiple first address letters are got
Breath.
S203:Determine the second address information of the HTTP server.
In order to which aspect describes, the address informations carried of the URL in HTTP message are known as the first address information, HTTP is taken
The address information of business device is known as the second address information.
If the first address information is IP address, the source IP address of the HTTP message can be determined as to the second address letter
Breath.If the first address information is domain name, the corresponding domain of source IP address of the HTTP message can be searched from session entry
Name;The corresponding domain name of the source IP address is determined as the second address information.Wherein, session entry includes IP address and IP address
Corresponding domain name.
S204:Judge whether first address information different from second address information.If it does, executing
S205, if it does not, executing S208.
S205:In the static protection table pre-established, the first address letter different from second address information is searched
Breath.If do not found, S206 is executed, if found, executes S207.
There are many modes for establishing static protection table, such as:
As an implementation, input interface, the server domain name that user can protect these needs can be set
And/or IP address is input to the input interface, and according to server domain name input by user and/or IP address, it is static to generate first
List item is protected, the first of generation the static protection list item is added in static protection table.
As another embodiment, preconfigured domain name can be obtained;DNS request report is sent to name server
Text, the DNS request carry the preconfigured domain name;The DNS response messages that domain name server is sent are received, it is described
Response message carries the corresponding IP address of the preconfigured domain name;The static protection table of addition second in table is protected in static state
, the described second static protection list item includes:The preconfigured domain name and the corresponding IP of the preconfigured domain name
Address.
Name server i.e. dns server can translate domain names into corresponding IP address by dns server.
In present embodiment, user can only configure domain name, and obtain the corresponding IP address of domain name by dns server, according to the domain
Name and the static protection list item of corresponding foundation.In present embodiment, user need not be manually entered IP address, and experience is more preferably.
S206:In the dynamic protection table pre-established, first address information different from second address information is searched.
If do not found, S208 is executed, if found, executes S207.
There are many modes for establishing dynamic protection table, such as:
Obtain the second HTTP request message that terminal device is sent;It is true according to the URL in the second HTTP request message
Fixed second domain name;Dynamic protection list item is added in dynamic protection table, the dynamic protection list item includes:2nd HTTP is asked
Ask the purpose IP address of message and second domain name.
In order to distinguish description, the HTTP request message being related to when establishing dynamic protection list item is known as the second HTTP request report
The HTTP request message being related to when establishing session entry is known as the first HTTP request message by text, the first HTTP request message with
Second HTTP request message can be identical message, or different messages.
For example, it can be sent to the HTTP request message of server with monitor terminal equipment, read HTTP request message
In URL:If carrying domain name in the URL, dynamic protection list item is added in dynamic protection table, in the dynamic protection list item
Include the purpose IP address of the domain name and the HTTP request message that are carried in the URL;If carrying IP address in the URL,
By domain name reverse resolution, the corresponding domain name of the IP address is determined, dynamic protection list item is added in dynamic protection table, the dynamic
It includes the corresponding domain name of the IP address and the purpose IP address of the HTTP request message to protect list item.
S207:The HTTP message is determined as invalid packet, default processing is carried out for the invalid packet.
S208:The HTTP message is determined as legal message.
Fig. 3 is that a kind of application scenarios of the embodiment of the present invention provide a kind of specific embodiment party with reference to Fig. 2 and Fig. 3
Formula:
As shown in figure 3, installing CSRF protectors in terminal device, protection table is established in CSRF protectors, protects table
Including static state protection table and dynamic protection table.
The process of establishing of static protection table may include:Server domain name input by user is received, is carried out for the domain name
DNS request obtains the corresponding IP address of the domain name, and the domain name and its corresponding IP address constitute a static protection list item, will
Static state protection list item is added to static protection table.The structure of static state protection list item can be as follows:
Domain (domain name) | IP Address |
The message interacted between CSRF protector monitor terminal device navigators and each server.It for example, can be with
It is arranged http protocol port (HTTP-Port), source port or destination interface is monitored simultaneously for the message of the HTTP-Port
Processing.
CSRF protectors can be directed to the communication between terminal device and server, establish session entry.Session entry can
To include server side IP, server side ports, domain name, CSRF warning signs and session status, the structure of session entry can be with
As follows:
Server side IP | Server side ports | Domain name | CSRF warning signs | Session status |
Wherein, domain name is the corresponding domain names of server side IP;CSRF warning signs can include 0,1,2 three kind of state, 0 table
Show and CSRF protection is not carried out to the corresponding server of session entry, the domain name for including in 1 expression session entry has been added to dynamic
List item, the domain name for including in 2 expression session entries is protected to have been added to static protection list item;Session status and terminal device are to clothes
The state of Transmission Control Protocol between business device is identical, and session status is for indicating current TCP connection state in which.
The process for establishing session entry may include:Obtain the HTTP request message that terminal device is sent;According to the HTTP
URL in request message determines domain name;Identified domain name is added in the corresponding session entry of HTTP request message.
For example, it can be sent to the HTTP request message of server with monitor terminal equipment, read HTTP request message
In URL:If carrying the domain name of server in the URL, the domain of the server carried in the URL is added in session entry
Name;If the IP address for carrying server in the URL determines the corresponding domain name of the IP address by domain name reverse resolution,
Domain name determined by being added in session entry.
Specifically, when terminal device sends TCP connection to server, session entry is established, when connecting disconnection, is deleted
Session entry;The direction for sending HTTP request to server in terminal device, according to the destination IP of HTTP request message, destination
Mouthful, search the session entry to match;The direction that HTTP is replied is sent to terminal device in server, according to the source of back message
IP, source port search the session entry to match.
Assuming that CSRF protectors listen to terminal device to server A send HTTP request message, CSRF protectors according to
The destination IP and destination interface of the HTTP request message, search the session entry to match.If wrapped in the HTTP request message
Containing Cookie, and CSRF warning signs are 0 in the session entry found, then CSRF protectors read the HTTP request message
In URL:If what is carried in the URL is the IP address of server A, by domain name reverse resolution, the IP address pair is determined
The domain name answered;If what is carried in the URL is the domain name of server A, it can determine that the domain name is corresponding by domain name mapping
IP address, alternatively, the purpose IP address of the HTTP request message can also directly be determined, as the corresponding IP address of the domain name.
The domain name of server A and its corresponding IP address are searched in list item in static protect, if found, CSRF protection
CSRF warning signs in the session entry are set to 2 by device, if do not found, CSRF protectors establish dynamic protection list item, and
CSRF warning signs in the session entry are set to 1.
CSRF protectors establish dynamic protection list item include:The domain name of server A, the destination IP of the request message
The structure of (namely server side IP), Session ID (session id), dynamic protection list item can be as follows:
Session ID | Domain (domain name) | IP Address |
If session entry is deleted, CSRF protectors delete the corresponding dynamic protection list item of the session entry, should
The session entry that Session ID are directed toward is the corresponding session entry of dynamic protection list item.
As an example it is assumed that the browser in terminal device is closed or server disconnects, then terminal device with
Conversation end between server first reads the CSRF warning signs in session entry, if CSRF warning signs are 0, directly
It connects and deletes the session entry, if CSRF warning signs are 1, read the Session ID in the session entry, lookup includes
The dynamic protection list item of the Session ID deletes the dynamic protection list item and the session entry.
It is the process that list item is established and safeguarded above, the process that terminal device carries out CSRF protection is described below:
Assuming that terminal device receives the back message of server transmission, that is, HTTP described in the present embodiment reports
Text.The source IP address and source port for reading the HTTP message search the conversational list to match according to the source IP address and source port
.Specifically, the source IP address is matched with the server side IP address in session entry, by the source port and conversational list
Server side ports in are matched.
If there is no the session entry to match, then the HTTP message can be abandoned, or not to the HTTP message
Carry out subsequent processing.If there is the session entry to match, then the HTTP message is parsed, extracts " src=" URL afterwards
In include domain name or IP address, as the first address information.By the number for the first address information for including in the HTTP message
Amount is denoted as count, and the numerical value of count is identical as the quantity of " src=" in HTTP message.
Establish array AssertUrl[], the initial value of array index i can be 0, and each element is one first in array
Address information, that is to say, that each element can be a domain name in array, or can be an IP address.It will
AssertUrl[], Session ID, the count of the session entry that match as input, call in CSRF protectors
CSRF detection modules.
The flow that CSRF detection modules execute can be as shown in Figure 4:
S401:Judge whether i is less than count, if it is lower, executing S402, if be equal to, flow terminates, by the HTTP
Message is determined as legal message.Wherein, the initial value of i is 0.
S402:Judge AssertUrl[]In whether comprising IP address or comprising domain name, if including IP address, executes
S403, if including domain name, executes S407.
S403:Judge AssertUrl[]In include IP address and HTTP message source IP address it is whether identical, if phase
Together, S404 is executed, if it is different, executing S405.
S404:I=i+1, and return and execute S401.
S405:It judges whether and AssertUrl[]In include the static protection list item that matches of IP address, if
In the presence of execution S411, if it does not, executing S406.
S406:It judges whether and AssertUrl[]In include the dynamic protection list item that matches of IP address, if
In the presence of execution S411, if it does not, executing S404.
S407:Judge AssertUrl[]In include domain name and the session entry that matches in include domain name whether phase
Together, if it is identical, S408 is executed, if it is different, executing S409.
In the case of one kind, if AssertUrl[]In include is IP address, then need not utilize session entry, directly
Determine the source IP address of HTTP message, and by AssertUrl[]In include IP address be compared with the source IP address;And
If AssertUrl[]In include is domain name, then need to obtain the domain name of server in the matched session entry of slave phase, and
By AssertUrl[]In include domain name be compared with the domain name of obtained server.
Alternatively, in another case, the source IP address of HTTP message can also be obtained in the matched session entry of slave phase, this
Also it is reasonable.
S408:I=i+1, and return and execute S401.
S409:It judges whether and AssertUrl[]In include the static protection list item that matches of domain name, if deposited
S411 is being executed, if it does not, executing S410.
S410:It judges whether and AssertUrl[]In include the dynamic protection list item that matches of domain name, if deposited
S411 is being executed, if it does not, executing S408.
S411:The HTTP message is determined as invalid packet, default processing is carried out for the invalid packet.
As shown in Figure 4, the flow that CSRF detection modules execute is circulation process, recycles situation there are two types of terminating, a kind of feelings
Condition is i==count, in this case, HTTP message is determined as legal message, flow terminates;Another situation is to execute
HTTP message is determined as invalid packet by S411, and after carrying out default processing for the invalid packet, flow terminates.That is,
If AssertUrl[]It is middle different from the second address information of HTTP message there are an element and be present in protection table
, then HTTP message is determined as invalid packet, carries out default processing for the invalid packet, flow terminates.If
AssertUrl[]In each element it is as the second address information of HTTP message identical or be not present in protection list item
In the case of, then the HTTP message is determined as legal message, flow terminates.
If the HTTP message is determined as legal message, which can be sent to terminal by CSRF protectors
Other processing modules of equipment are handled.CSRF protectors for invalid packet processing mode there are many, such as can be to
User shows warning information, generation attack logs etc.;Or other processing can also be carried out, for example the HTTP message is abandoned;
Alternatively, multiple options can be provided a user, for example, the option etc. for continuing the option accessed, deleting message, according to user's
Selection carries out subsequent processing.
In the more existing scheme protected CSRF attacks, protected in server side, in this scheme, and
It cannot be guaranteed that all servers are all protected, security risk when user access server cannot be also reduced, and
User is not aware which server can protect, which server cannot be protected, and user experience is poor.
And present embodiment is applied, CSRF attack protection can be carried out to the message that arbitrary server is sent, on the one hand
Safety and user experience are improved, on the other hand, the format of message interaction does not limit between server and terminal device,
Versatility is preferable.
In addition, in present embodiment, user can add static protection list item, protection effect is more preferably according to self-demand;
If there is no the static protection list item that the message matches, but Cookie data is carried in message, in this case, establish dynamic
State protects list item, further improves protection effect.
Corresponding with above method embodiment, the embodiment of the present invention also provides a kind of message process device, as shown in figure 5,
Including:
First receiving module 501, the HTTP message for receiving HTTP server transmission;
First acquisition module 502, the first address information for obtaining the carryings of the URL in the HTTP message;
First determining module 503, the second address information for determining the HTTP server;
First judgment module 504, for judging whether first address information different from second address information;
Processing module 505, in the case of for being in 504 judging result of the first judgment module, by the HTTP message
It is determined as invalid packet, default processing is carried out for the invalid packet.
As an implementation, the first determining module 503, specifically can be used for:If first address information is IP
The source IP address of the HTTP message is then determined as second address information by address.
As an implementation, the first determining module 503, specifically can be used for:If first address information is domain
Name, then search the corresponding domain name of source IP address of the HTTP message from session entry;By the corresponding domain of the source IP address
Name is determined as second address information;
Wherein, session entry includes IP address and the corresponding domain name of IP address.
As an implementation, described device can also include:Second acquisition module, the second determining module and first add
Add module (not shown), wherein
Second acquisition module, the first HTTP request message for obtaining terminal device transmission;
Second determining module, for determining the first domain name according to the URL in the first HTTP request message;
First add module, for first domain name to be added to the corresponding conversational list of the first HTTP request message
Xiang Zhong.
As an implementation, described device can also include:
First searching module (not shown), in the case of for being in 504 judging result of the first judgment module,
In the protection table pre-established, first address information different from second address information is searched;If found, triggering
Processing module 505.
As an implementation, the protection table includes dynamic protection table;Described device can also include:Third obtains
Module, third determining module and the second add module (not shown), wherein
Third acquisition module, the second HTTP request message for obtaining terminal device transmission;
Third determining module, for determining the second domain name according to the URL in the second HTTP request message;
Second add module, for adding dynamic protection list item, the dynamic protection list item in the dynamic protection table
Including:The purpose IP address of the second HTTP request message and second domain name.
As an implementation, the protection table further includes pre-stored static protection table, the static protection table
It include the first static protection list item that contents in table is address information input by user;Second add module, can wrap
It includes:
Submodule is searched, for being protected in table in the static state, with searching the destination IP of the second HTTP request message
Location and second domain name;If do not found, triggering addition submodule;
Submodule is added, for adding dynamic protection list item, the dynamic protection list item packet in the dynamic protection table
It includes:The purpose IP address of the second HTTP request message and second domain name.
As an implementation, described device can also include:
Second judgment module (not shown), for judge in the second HTTP request message whether include
Cookie;If including triggering the lookup submodule.
As an implementation, the protection table includes static protection table;Described device can also include:4th obtains
Module, sending module, the second receiving module and third add module (not shown), wherein
4th acquisition module, for obtaining preconfigured domain name;
Sending module is pre-configured with for sending DNS request message to name server described in the DNS request carrying
Domain name;
Second receiving module, the DNS response messages for receiving the transmission of domain name server, the response message carry
The corresponding IP address of the preconfigured domain name;
Third add module, for the static protection list item of addition second in the static protection table, described second is static
Protection list item include:The preconfigured domain name and the corresponding IP address of the preconfigured domain name.
As an implementation, further include in the dynamic protection list item:The second HTTP request message is corresponding
Session id;Described device can also include:
Removing module (not shown) is used for when the corresponding session of the session id is deleted, from the dynamic protection
The dynamic protection list item for including the session id is deleted in table.
Using embodiment illustrated in fig. 5 of the present invention, the HTTP message that HTTP server is sent is received, it will be in the HTTP message
The first address information that URL is carried is compared with the second address information of the HTTP server for sending the message, if the two
The message is then determined as invalid packet by difference, and default processing is carried out for the invalid packet;The aggressiveness of CSRF attack messages
The address information in reference address field in code is different from the address information of server of message is sent, which can
Think address information and the website of the website Web1 for including in domain name or IP address, that is, " URL of the websites src=Web1 "
The address information of Web2 is different, both is compared, can identify CSRF attack messages, realizes and attacks CSRF
Protection, reduces security risk.
The embodiment of the present invention additionally provides a kind of electronic equipment, as shown in fig. 6, including processor 601, communication interface 602,
Memory 603 and communication bus 604, wherein processor 601, communication interface 602, memory 603 are complete by communication bus 604
At mutual communication,
Memory 603, for storing computer program;
Processor 601 when for executing the program stored on memory 603, realizes any of the above-described kind of Message processing side
Method.
The communication bus that above-mentioned electronic equipment is mentioned can be Peripheral Component Interconnect standard (Peripheral Component
Interconnect, PCI) bus or expanding the industrial standard structure (Extended Industry Standard
Architecture, EISA) bus etc..The communication bus can be divided into address bus, data/address bus, controlling bus etc..For just
It is only indicated with a thick line in expression, figure, it is not intended that an only bus or a type of bus.
Communication interface is for the communication between above-mentioned electronic equipment and other equipment.
Memory may include random access memory (Random Access Memory, RAM), can also include non-easy
The property lost memory (Non-Volatile Memory, NVM), for example, at least a magnetic disk storage.Optionally, memory may be used also
To be at least one storage device for being located remotely from aforementioned processor.
Above-mentioned processor can be general processor, including central processing unit (Central Processing Unit,
CPU), network processing unit (Network Processor, NP) etc.;It can also be digital signal processor (Digital Signal
Processing, DSP), it is application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), existing
It is field programmable gate array (Field-Programmable Gate Array, FPGA) or other programmable logic device, discrete
Door or transistor logic, discrete hardware components.
The embodiment of the present invention also provides a kind of computer readable storage medium, is stored in the computer readable storage medium
There are computer program, the computer program to realize any of the above-described kind of message processing method when being executed by processor.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to
Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those
Element, but also include other elements that are not explicitly listed, or further include for this process, method, article or equipment
Intrinsic element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that
There is also other identical elements in process, method, article or equipment including the element.
Each embodiment in this specification is all made of relevant mode and describes, identical similar portion between each embodiment
Point just to refer each other, and each embodiment focuses on the differences from other embodiments.Especially for Fig. 5 institutes
Message process device embodiment, electronic equipment embodiment shown in fig. 6 and the above computer readable storage medium storing program for executing shown is implemented
For example, since it is substantially similar to message processing method embodiment shown in Fig. 1-4, so description is fairly simple, it is related
Place illustrates referring to the part of message processing method embodiment shown in Fig. 1-4.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Any modification, equivalent replacement, improvement and so within the spirit and principles in the present invention, are all contained in protection scope of the present invention
It is interior.
Claims (22)
1. a kind of message processing method, which is characterized in that it is applied to safeguard, including:
Receive the HTTP message that HTTP server is sent;
Obtain the first address information that the uniform resource position mark URL in the HTTP message carries;
Determine the second address information of the HTTP server;
Judge whether first address information different from second address information;
If it is present the HTTP message is determined as invalid packet, default processing is carried out for the invalid packet.
2. according to the method described in claim 1, it is characterized in that, the second address information of the determination HTTP server
Including:
If first address information is IP address, the source IP address of the HTTP message is determined as second address and is believed
Breath.
3. according to the method described in claim 1, it is characterized in that, the second address information of the determination HTTP server
Including:
If first address information is domain name, the corresponding domain of source IP address of the HTTP message is searched from session entry
Name;
The corresponding domain name of the source IP address is determined as second address information;
Wherein, session entry includes IP address and the corresponding domain name of IP address.
4. according to the method described in claim 3, it is characterized in that, the method further includes:
Obtain the first HTTP request message that terminal device is sent;
The first domain name is determined according to the URL in the first HTTP request message;
First domain name is added in the corresponding session entry of the first HTTP request message.
5. according to the method described in claim 1, it is characterized in that, having different from second address information the in judgement
In the case of one address information, the method further includes:
In the protection table pre-established, first address information different from second address information is searched;
If found, execution is described to be determined as invalid packet by the HTTP message, is preset for the invalid packet
The step of processing.
6. according to the method described in claim 5, it is characterized in that, the protection table includes dynamic protection table;It is anti-to establish dynamic
Shield list item process include:
Obtain the second HTTP request message that terminal device is sent;
The second domain name is determined according to the URL in the second HTTP request message;
Dynamic protection list item is added in the dynamic protection table, the dynamic protection list item includes:Second HTTP request
The purpose IP address of message and second domain name.
7. according to the method described in claim 6, it is characterized in that, the protection table further includes pre-stored static protection
Table, the static protection table include the first static protection list item that contents in table is address information input by user;
The addition dynamic protection list item in the dynamic protection table, including:
In the static protection table, the purpose IP address of the second HTTP request message and second domain name are searched;
If do not found, the dynamic protection list item is added in the dynamic protection table.
8. the method according to the description of claim 7 is characterized in that in the static protection table, the 2nd HTTP is searched
Before the purpose IP address of request message and second domain name, further include:
Judge in the second HTTP request message whether to include Cookie;
If including executing described in the static protection table, the purpose IP address of lookup the second HTTP request message
And the step of second domain name.
9. the method according to claim 5 or 7, which is characterized in that the protection table includes static protection table;The method
Further include:
Obtain preconfigured domain name;
DNS request message is sent to name server, the DNS request carries the preconfigured domain name;
The DNS response messages that domain name server is sent are received, the response message carries the preconfigured domain name pair
The IP address answered;
The static protection list item of addition second in the static protection table, the described second static protection list item include:It is described advance
The domain name of configuration and the corresponding IP address of the preconfigured domain name.
10. according to the method described in claim 6, it is characterized in that, further including in the dynamic protection list item:Described second
The corresponding session identification ID of HTTP request message;
The method further includes:
When the corresponding session of the session id is deleted, it is anti-that the dynamic comprising the session id is deleted from the dynamic protection table
Protect list item.
11. a kind of message process device, which is characterized in that it is applied to safeguard, including:
First receiving module, the HTTP message for receiving HTTP server transmission;
First acquisition module, the first address information for obtaining the carryings of the URL in the HTTP message;
First determining module, the second address information for determining the HTTP server;
First judgment module, for judging whether first address information different from second address information;
Processing module, in the case where the first judgment module judging result is to be, the HTTP message to be determined as
Invalid packet carries out default processing for the invalid packet.
12. according to the devices described in claim 11, which is characterized in that first determining module is specifically used for:If described
One address information is IP address, then the source IP address of the HTTP message is determined as second address information.
13. according to the devices described in claim 11, which is characterized in that first determining module is specifically used for:If described
One address information is domain name, then the corresponding domain name of source IP address of the HTTP message is searched from session entry;By the source
The corresponding domain name of IP address is determined as second address information;
Wherein, session entry includes IP address and the corresponding domain name of IP address.
14. device according to claim 13, which is characterized in that described device further includes:
Second acquisition module, the first HTTP request message for obtaining terminal device transmission;
Second determining module, for determining the first domain name according to the URL in the first HTTP request message;
First add module, for first domain name to be added to the corresponding session entry of the first HTTP request message
In.
15. according to the devices described in claim 11, which is characterized in that described device further includes:
First searching module, in the case of for being in the first judgment module judging result, in the protection pre-established
In table, first address information different from second address information is searched;If found, the processing mould is triggered
Block.
16. device according to claim 15, which is characterized in that the protection table includes dynamic protection table;Described device
Further include:
Third acquisition module, the second HTTP request message for obtaining terminal device transmission;
Third determining module, for determining the second domain name according to the URL in the second HTTP request message;
Second add module, for adding dynamic protection list item in the dynamic protection table, the dynamic protection list item includes:
The purpose IP address of the second HTTP request message and second domain name.
17. device according to claim 16, which is characterized in that the protection table further includes pre-stored static protection
Table, the static protection table include the first static protection list item that contents in table is address information input by user;Described
Two add modules, including:
Search submodule, purpose IP address in the static protection table, searching the second HTTP request message and
Second domain name;If do not found, triggering addition submodule;
Submodule is added, for adding dynamic protection list item in the dynamic protection table, the dynamic protection list item includes:Institute
State the purpose IP address of the second HTTP request message and second domain name.
18. device according to claim 17, which is characterized in that described device further includes:
Second judgment module, for judging in the second HTTP request message whether to include Cookie;If including triggering institute
State lookup submodule.
19. the device according to claim 15 or 17, which is characterized in that the protection table includes static protection table;It is described
Device further includes:
4th acquisition module, for obtaining preconfigured domain name;
Sending module, for sending DNS request message to name server, the DNS request carries the preconfigured domain
Name;
Second receiving module, the DNS response messages for receiving the transmission of domain name server, described in the response message carries
The corresponding IP address of preconfigured domain name;
Third add module, for the static protection list item of addition second, the described second static protection in the static protection table
List item includes:The preconfigured domain name and the corresponding IP address of the preconfigured domain name.
20. device according to claim 16, which is characterized in that further include in the dynamic protection list item:Described second
The corresponding session id of HTTP request message;Described device further includes:
Removing module, for when the corresponding session of the session id is deleted, being deleted comprising described from the dynamic protection table
The dynamic protection list item of session id.
21. a kind of electronic equipment, which is characterized in that including processor, communication interface, memory and communication bus, wherein processing
Device, communication interface, memory complete mutual communication by communication bus;
Memory, for storing computer program;
Processor when for executing the program stored on memory, realizes any method and steps of claim 1-10.
22. a kind of computer readable storage medium, which is characterized in that be stored with computer in the computer readable storage medium
Program realizes claim 1-10 any method and steps when the computer program is executed by processor.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810264579.0A CN108712367A (en) | 2018-03-28 | 2018-03-28 | A kind of message processing method, device and equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810264579.0A CN108712367A (en) | 2018-03-28 | 2018-03-28 | A kind of message processing method, device and equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108712367A true CN108712367A (en) | 2018-10-26 |
Family
ID=63866501
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810264579.0A Pending CN108712367A (en) | 2018-03-28 | 2018-03-28 | A kind of message processing method, device and equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108712367A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677396A (en) * | 2019-09-16 | 2020-01-10 | 杭州迪普科技股份有限公司 | Security policy configuration method and device |
CN111756771A (en) * | 2020-07-21 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
CN113626736A (en) * | 2021-08-10 | 2021-11-09 | 迈普通信技术股份有限公司 | URL feature learning method and device, electronic equipment and computer readable storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103207863A (en) * | 2012-01-13 | 2013-07-17 | 腾讯科技(深圳)有限公司 | Page cross-domain interacting method and terminal |
CN103312666A (en) * | 2012-03-09 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method, system and device for preventing CSRF (cross site request forgery) attack |
CN104079611A (en) * | 2013-03-29 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Method for preventing cross-site request forgery, related device and system |
CN104144142A (en) * | 2013-05-07 | 2014-11-12 | 阿里巴巴集团控股有限公司 | Web vulnerability discovery method and system |
CN104301314A (en) * | 2014-10-31 | 2015-01-21 | 电子科技大学 | Intrusion detection method and device based on browser tag attributes |
US20170149803A1 (en) * | 2015-11-20 | 2017-05-25 | International Business Machines Corporation | Guarding against cross-site request forgery (CSRF) attacks |
-
2018
- 2018-03-28 CN CN201810264579.0A patent/CN108712367A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103207863A (en) * | 2012-01-13 | 2013-07-17 | 腾讯科技(深圳)有限公司 | Page cross-domain interacting method and terminal |
CN103312666A (en) * | 2012-03-09 | 2013-09-18 | 腾讯科技(深圳)有限公司 | Method, system and device for preventing CSRF (cross site request forgery) attack |
CN104079611A (en) * | 2013-03-29 | 2014-10-01 | 腾讯科技(深圳)有限公司 | Method for preventing cross-site request forgery, related device and system |
CN104144142A (en) * | 2013-05-07 | 2014-11-12 | 阿里巴巴集团控股有限公司 | Web vulnerability discovery method and system |
CN104301314A (en) * | 2014-10-31 | 2015-01-21 | 电子科技大学 | Intrusion detection method and device based on browser tag attributes |
US20170149803A1 (en) * | 2015-11-20 | 2017-05-25 | International Business Machines Corporation | Guarding against cross-site request forgery (CSRF) attacks |
Non-Patent Citations (1)
Title |
---|
侯莉: "Web应用安全分析与解决方案研究", 《电脑知识与技术》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110677396A (en) * | 2019-09-16 | 2020-01-10 | 杭州迪普科技股份有限公司 | Security policy configuration method and device |
CN111756771A (en) * | 2020-07-21 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
CN111756771B (en) * | 2020-07-21 | 2023-04-18 | 腾讯科技(深圳)有限公司 | Detection method and device for cross-site scripting attack |
CN113626736A (en) * | 2021-08-10 | 2021-11-09 | 迈普通信技术股份有限公司 | URL feature learning method and device, electronic equipment and computer readable storage medium |
CN113626736B (en) * | 2021-08-10 | 2023-11-17 | 迈普通信技术股份有限公司 | URL feature learning method, device, electronic equipment and computer readable storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP2532136B1 (en) | System and method for risk rating and detecting redirection activities | |
US8621604B2 (en) | Evaluating a questionable network communication | |
CN101304418B (en) | Client side protection method and system against drive-by pharming via referrer checking | |
JP2016532381A (en) | Evaluation of suspicious network communication | |
US20150229609A1 (en) | Evaluating a questionable network communication | |
CN111917705B (en) | System and method for automatic intrusion detection | |
US8522336B2 (en) | Gateway device and method for using the same to prevent phishing attacks | |
CN110768999B (en) | Method and device for detecting illegal external connection of equipment | |
CN107295116B (en) | Domain name resolution method, device and system | |
US20190081952A1 (en) | System and Method for Blocking of DNS Tunnels | |
CN103607385A (en) | Method and apparatus for security detection based on browser | |
US20170237749A1 (en) | System and Method for Blocking Persistent Malware | |
US8959626B2 (en) | Detecting a suspicious entity in a communication network | |
CN108712367A (en) | A kind of message processing method, device and equipment | |
US20210112093A1 (en) | Measuring address resolution protocol spoofing success | |
JP2007200323A (en) | Method for protecting sip-based application | |
CN105100048A (en) | WiFi network security identification method, server, client device and system | |
CN111935123B (en) | Method, equipment and storage medium for detecting DNS spoofing attack | |
JP5699162B2 (en) | How to detect hijacking of computer resources | |
WO2016008212A1 (en) | Terminal as well as method for detecting security of terminal data interaction, and storage medium | |
JP2007310781A (en) | Fake website prevention method and intermediate node | |
CN105939321A (en) | DNS (Domain Name System) attack detection method and device | |
CN107040401A (en) | Wired local network user management system and method with safety and function expansion | |
CN112217770B (en) | Security detection method, security detection device, computer equipment and storage medium | |
JP2014150504A (en) | Network monitoring device, network monitoring method, and computer program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181026 |
|
RJ01 | Rejection of invention patent application after publication |