CN108881484A - A method of whether detection terminal can access internet - Google Patents

A method of whether detection terminal can access internet Download PDF

Info

Publication number
CN108881484A
CN108881484A CN201810830754.8A CN201810830754A CN108881484A CN 108881484 A CN108881484 A CN 108881484A CN 201810830754 A CN201810830754 A CN 201810830754A CN 108881484 A CN108881484 A CN 108881484A
Authority
CN
China
Prior art keywords
certificate
server
carries out
preset
detection terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810830754.8A
Other languages
Chinese (zh)
Other versions
CN108881484B (en
Inventor
赵飞
郑晓峰
周毅
李宗宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Yun Meng Meng Technology Co Ltd
Original Assignee
Hangzhou Yun Meng Meng Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Yun Meng Meng Technology Co Ltd filed Critical Hangzhou Yun Meng Meng Technology Co Ltd
Priority to CN201810830754.8A priority Critical patent/CN108881484B/en
Publication of CN108881484A publication Critical patent/CN108881484A/en
Application granted granted Critical
Publication of CN108881484B publication Critical patent/CN108881484B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/08Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
    • H04L43/0805Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
    • H04L43/0811Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Environmental & Geological Engineering (AREA)
  • Information Transfer Between Computers (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a kind of methods whether detection terminal can access internet, include the following steps:A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset in client-side program;B) when occurring, client access server network occurs to interrupt and reconnection fails, or it when application progress server connection for the first time, carries out https connection simultaneously by choosing 2 from preset public web site URL pool at random first and carries out server authenticity verification with preset CA certificate.This method ensures the accessible internet of client local environment in the case where not increasing input additionally.Due to the server certificate of well-known website be all it is privately owned, cannot counterfeit, true network environment can be perceived.Scheme utilizes public resource, high reliablity and does not need additional input cost.

Description

A method of whether detection terminal can access internet
Technical field
The present invention relates to a kind of methods whether detection terminal can access internet.
Background technique
When client accesses server disconnecting, client, which generally requires, does network reconnection to realize business continuity.But Need to confirm whether current Internet is reachable under some network security scenes, then is carrying out the subsequent operation such as being connected to the network. Malicious attacker can lure client into using local area network simulation internet using false dns resolution service arrangement false service device Reconnection is initiated, and then analysis is carried out to mutual message and finds loophole.
Existing technology generally passes through the method that client sends keep alive Packet to server confirms whether server is reachable, Or by purchase server certificate, client carry out server verification mode, this mode be easier to be held as a hostage and False service device response is counterfeit, cannot really reflect current network connection situation.
Summary of the invention
In view of the above-mentioned deficiencies in the prior art, it is an object of the present invention to which whether provide a kind of detection terminal can access internet Method.
In order to solve the above-mentioned technical problem, it adopts the following technical scheme that:
A method of whether detection terminal can access internet, include the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset to In client-side program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server When connection, https connection is carried out simultaneously and with preset by choosing 2 from preset public web site URL pool at random first CA certificate carries out server authenticity verification.
Further, pass through if CA certificate carries out server authenticity verification, illustrate that the Internet connectivity is out of question, so Just start to jump to next server ip progress service connection afterwards.
Further, do not pass through if CA certificate carries out server authenticity verification, illustrate Internet connectivity sexual abnormality, eventually Only it is connected to the network.
Further, the mode that CA certificate carries out server authenticity verification realizes secure connection mistake using the library openssl Journey, it is ensured that https shakes hands successfully and certificate verification passes through, and is otherwise the server of personation.
Relational language is explained as follows:
SSL:SSL (Secure Sockets Layer Secure Socket Layer), and its successor's Transport Layer Security (Transport Layer Security, TLS) is that a kind of security protocol of safety and data integrity is provided for network communication. TLS and SSL encrypts network connection in transport layer.
CA certificate:CA certificate (includes public key and private key, CA described herein refers to CertPubKey), the online public User is by the signature of verifying CA to trust CA, anyone can obtain the certificate (containing public key) of CA, to verify its institute The certificate signed and issued.As soon as he uses the public key of CA to the label on that certificate if user wants to identify the true and false of another certificate Word is verified, once being verified, which is regarded as effectively.Certificate is really signed by certificate visa-granting office (CA) The certification of the public key to user of hair.
Due to the adoption of the above technical scheme, it has the advantages that:
The present invention is a kind of method whether detection terminal can access internet, is ensured in the case where not increasing input additionally The accessible internet of client local environment.Due to the server certificate of well-known website be all it is privately owned, cannot counterfeit, can be with Perceive true network environment.Scheme utilizes public resource, high reliablity and does not need additional input cost.
Detailed description of the invention
The present invention will be further explained below with reference to the attached drawings:
Fig. 1 is a kind of flow diagram for detecting terminal and whether capable of accessing the method for internet in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, a kind of method whether detection terminal can access internet, includes the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset to In client-side program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server When connection, https connection is carried out simultaneously and with preset by choosing 2 from preset public web site URL pool at random first CA certificate carries out server authenticity verification.
Pass through if CA certificate carries out server authenticity verification, illustrates that the Internet connectivity is out of question, then just open Beginning jumps to next server ip and carries out service connection.
Do not pass through if CA certificate carries out server authenticity verification, illustrate Internet connectivity sexual abnormality, terminates network Connection.
The mode that CA certificate carries out server authenticity verification realizes secure connection process using the library openssl, it is ensured that Https shakes hands successfully and certificate verification passes through, and is otherwise the server of personation.
CA certificate carries out server authenticity verification, and detailed process is as follows:Secure connection is realized using the library openssl Process calls the corresponding CA certificate of SSL_CTX_load_verify_locations function load URL, creates one according to ctx Then bio object and ssl object call BIO_set_conn_hostname that the URL to be accessed is arranged, in order to confirm connection Whether succeed, first BIO_do_connect function is called to judge whether return value is greater than 0, then call SSL_get_verify_ Result is trusted servers to check whether, illustrates that server is real server if return value is X509_V_OK, no It is then the server of personation.
The above is only specific embodiments of the present invention, but technical characteristic of the invention is not limited thereto.It is any with this hair Based on bright, to solve essentially identical technical problem, essentially identical technical effect is realized, made ground simple change, etc. With replacement or modification etc., all it is covered by among protection scope of the present invention.

Claims (4)

1. a kind of method whether detection terminal can access internet, it is characterised in that include the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and it is preset to client It holds in program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server connection When, first by the way that selection 2 carries out https connection simultaneously and demonstrate,proved with preset CA from preset public web site URL pool at random Book carries out server authenticity verification.
2. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:If CA Certificate carries out server authenticity verification and passes through, then illustrates that the Internet connectivity is out of question, then just start to jump to next Server ip carries out service connection.
3. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:If CA Certificate carries out server authenticity verification and does not pass through, then illustrates Internet connectivity sexual abnormality, terminates network connection.
4. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:The CA The mode that certificate carries out server authenticity verification realizes secure connection process using the library openssl, it is ensured that https shakes hands into Function and certificate, which verify, to be passed through, and is otherwise the server of personation.
CN201810830754.8A 2018-07-26 2018-07-26 Method for detecting whether terminal can access internet or not Active CN108881484B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810830754.8A CN108881484B (en) 2018-07-26 2018-07-26 Method for detecting whether terminal can access internet or not

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810830754.8A CN108881484B (en) 2018-07-26 2018-07-26 Method for detecting whether terminal can access internet or not

Publications (2)

Publication Number Publication Date
CN108881484A true CN108881484A (en) 2018-11-23
CN108881484B CN108881484B (en) 2021-04-02

Family

ID=64305618

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810830754.8A Active CN108881484B (en) 2018-07-26 2018-07-26 Method for detecting whether terminal can access internet or not

Country Status (1)

Country Link
CN (1) CN108881484B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672587A (en) * 2018-12-14 2019-04-23 北京酷云互动科技有限公司 The recognition methods of common terminal, identifying system, server, computer-readable medium
CN115021917A (en) * 2022-06-24 2022-09-06 浪潮卓数大数据产业发展有限公司 Security verification method, system, device and medium based on certificate

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580172A (en) * 2014-12-24 2015-04-29 北京奇虎科技有限公司 Data communication method and device based on https (hypertext transfer protocol over secure socket layer)
CN105634744A (en) * 2015-12-31 2016-06-01 北京元心科技有限公司 Root certificate storage device and safety access method
US20170237716A1 (en) * 2016-02-17 2017-08-17 Electronics And Telecommunications Research Institute System and method for interlocking intrusion information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104580172A (en) * 2014-12-24 2015-04-29 北京奇虎科技有限公司 Data communication method and device based on https (hypertext transfer protocol over secure socket layer)
CN105634744A (en) * 2015-12-31 2016-06-01 北京元心科技有限公司 Root certificate storage device and safety access method
US20170237716A1 (en) * 2016-02-17 2017-08-17 Electronics And Telecommunications Research Institute System and method for interlocking intrusion information

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109672587A (en) * 2018-12-14 2019-04-23 北京酷云互动科技有限公司 The recognition methods of common terminal, identifying system, server, computer-readable medium
CN115021917A (en) * 2022-06-24 2022-09-06 浪潮卓数大数据产业发展有限公司 Security verification method, system, device and medium based on certificate
CN115021917B (en) * 2022-06-24 2024-05-10 浪潮卓数大数据产业发展有限公司 Certificate-based security verification method, system, equipment and medium

Also Published As

Publication number Publication date
CN108881484B (en) 2021-04-02

Similar Documents

Publication Publication Date Title
US10362053B1 (en) Computer security threat sharing
US20190354709A1 (en) Enforcement of same origin policy for sensitive data
US8756697B2 (en) Systems and methods for determining vulnerability to session stealing
Izhikevich et al. {LZR}: Identifying unexpected internet services
US10255445B1 (en) Identifying destinations of sensitive data
Buchanan et al. Analysis of the adoption of security headers in HTTP
CN110198297B (en) Flow data monitoring method and device, electronic equipment and computer readable medium
Hubbard et al. A study of SSL proxy attacks on Android and iOS mobile applications
CN114598540A (en) Access control system, method, device and storage medium
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
CN109067785A (en) Cluster authentication method, device
US11784993B2 (en) Cross site request forgery (CSRF) protection for web browsers
CN102271136A (en) Access control method and equipment under NAT (Network Address Translation) network environment
CN111314381A (en) Safety isolation gateway
CN110099129A (en) A kind of data transmission method and equipment
CN108011873A (en) A kind of illegal connection determination methods based on set covering
CN104955036B (en) Safe networking method and apparatus under public Wi-Fi environment
US11601431B2 (en) Split-tiered point-to-point inline authentication architecture
CN105518693B (en) A kind of safety protecting method and device
CN108881484A (en) A method of whether detection terminal can access internet
Wu et al. IoT network traffic analysis: Opportunities and challenges for forensic investigators?
US10931713B1 (en) Passive detection of genuine web browsers based on security parameters
CN116633725A (en) All-channel access gateway
CN116962149A (en) Network fault detection method and device, storage medium and electronic equipment
Sarieddine et al. Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant