CN108881484A - A method of whether detection terminal can access internet - Google Patents
A method of whether detection terminal can access internet Download PDFInfo
- Publication number
- CN108881484A CN108881484A CN201810830754.8A CN201810830754A CN108881484A CN 108881484 A CN108881484 A CN 108881484A CN 201810830754 A CN201810830754 A CN 201810830754A CN 108881484 A CN108881484 A CN 108881484A
- Authority
- CN
- China
- Prior art keywords
- certificate
- server
- carries out
- preset
- detection terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/08—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
- H04L43/0805—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
- H04L43/0811—Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Environmental & Geological Engineering (AREA)
- Information Transfer Between Computers (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of methods whether detection terminal can access internet, include the following steps:A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset in client-side program;B) when occurring, client access server network occurs to interrupt and reconnection fails, or it when application progress server connection for the first time, carries out https connection simultaneously by choosing 2 from preset public web site URL pool at random first and carries out server authenticity verification with preset CA certificate.This method ensures the accessible internet of client local environment in the case where not increasing input additionally.Due to the server certificate of well-known website be all it is privately owned, cannot counterfeit, true network environment can be perceived.Scheme utilizes public resource, high reliablity and does not need additional input cost.
Description
Technical field
The present invention relates to a kind of methods whether detection terminal can access internet.
Background technique
When client accesses server disconnecting, client, which generally requires, does network reconnection to realize business continuity.But
Need to confirm whether current Internet is reachable under some network security scenes, then is carrying out the subsequent operation such as being connected to the network.
Malicious attacker can lure client into using local area network simulation internet using false dns resolution service arrangement false service device
Reconnection is initiated, and then analysis is carried out to mutual message and finds loophole.
Existing technology generally passes through the method that client sends keep alive Packet to server confirms whether server is reachable,
Or by purchase server certificate, client carry out server verification mode, this mode be easier to be held as a hostage and
False service device response is counterfeit, cannot really reflect current network connection situation.
Summary of the invention
In view of the above-mentioned deficiencies in the prior art, it is an object of the present invention to which whether provide a kind of detection terminal can access internet
Method.
In order to solve the above-mentioned technical problem, it adopts the following technical scheme that:
A method of whether detection terminal can access internet, include the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset to
In client-side program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server
When connection, https connection is carried out simultaneously and with preset by choosing 2 from preset public web site URL pool at random first
CA certificate carries out server authenticity verification.
Further, pass through if CA certificate carries out server authenticity verification, illustrate that the Internet connectivity is out of question, so
Just start to jump to next server ip progress service connection afterwards.
Further, do not pass through if CA certificate carries out server authenticity verification, illustrate Internet connectivity sexual abnormality, eventually
Only it is connected to the network.
Further, the mode that CA certificate carries out server authenticity verification realizes secure connection mistake using the library openssl
Journey, it is ensured that https shakes hands successfully and certificate verification passes through, and is otherwise the server of personation.
Relational language is explained as follows:
SSL:SSL (Secure Sockets Layer Secure Socket Layer), and its successor's Transport Layer Security
(Transport Layer Security, TLS) is that a kind of security protocol of safety and data integrity is provided for network communication.
TLS and SSL encrypts network connection in transport layer.
CA certificate:CA certificate (includes public key and private key, CA described herein refers to CertPubKey), the online public
User is by the signature of verifying CA to trust CA, anyone can obtain the certificate (containing public key) of CA, to verify its institute
The certificate signed and issued.As soon as he uses the public key of CA to the label on that certificate if user wants to identify the true and false of another certificate
Word is verified, once being verified, which is regarded as effectively.Certificate is really signed by certificate visa-granting office (CA)
The certification of the public key to user of hair.
Due to the adoption of the above technical scheme, it has the advantages that:
The present invention is a kind of method whether detection terminal can access internet, is ensured in the case where not increasing input additionally
The accessible internet of client local environment.Due to the server certificate of well-known website be all it is privately owned, cannot counterfeit, can be with
Perceive true network environment.Scheme utilizes public resource, high reliablity and does not need additional input cost.
Detailed description of the invention
The present invention will be further explained below with reference to the attached drawings:
Fig. 1 is a kind of flow diagram for detecting terminal and whether capable of accessing the method for internet in the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, a kind of method whether detection terminal can access internet, includes the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and be preset to
In client-side program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server
When connection, https connection is carried out simultaneously and with preset by choosing 2 from preset public web site URL pool at random first
CA certificate carries out server authenticity verification.
Pass through if CA certificate carries out server authenticity verification, illustrates that the Internet connectivity is out of question, then just open
Beginning jumps to next server ip and carries out service connection.
Do not pass through if CA certificate carries out server authenticity verification, illustrate Internet connectivity sexual abnormality, terminates network
Connection.
The mode that CA certificate carries out server authenticity verification realizes secure connection process using the library openssl, it is ensured that
Https shakes hands successfully and certificate verification passes through, and is otherwise the server of personation.
CA certificate carries out server authenticity verification, and detailed process is as follows:Secure connection is realized using the library openssl
Process calls the corresponding CA certificate of SSL_CTX_load_verify_locations function load URL, creates one according to ctx
Then bio object and ssl object call BIO_set_conn_hostname that the URL to be accessed is arranged, in order to confirm connection
Whether succeed, first BIO_do_connect function is called to judge whether return value is greater than 0, then call SSL_get_verify_
Result is trusted servers to check whether, illustrates that server is real server if return value is X509_V_OK, no
It is then the server of personation.
The above is only specific embodiments of the present invention, but technical characteristic of the invention is not limited thereto.It is any with this hair
Based on bright, to solve essentially identical technical problem, essentially identical technical effect is realized, made ground simple change, etc.
With replacement or modification etc., all it is covered by among protection scope of the present invention.
Claims (4)
1. a kind of method whether detection terminal can access internet, it is characterised in that include the following steps:
A) preset a collection of public web site URL pool and corresponding CA certificate list of public keys and CA certificate, and it is preset to client
It holds in program;
B) client access server network occurs to interrupt and reconnection fails when occurring, or application is first carries out server connection
When, first by the way that selection 2 carries out https connection simultaneously and demonstrate,proved with preset CA from preset public web site URL pool at random
Book carries out server authenticity verification.
2. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:If CA
Certificate carries out server authenticity verification and passes through, then illustrates that the Internet connectivity is out of question, then just start to jump to next
Server ip carries out service connection.
3. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:If CA
Certificate carries out server authenticity verification and does not pass through, then illustrates Internet connectivity sexual abnormality, terminates network connection.
4. a kind of method whether detection terminal can access internet according to claim 1, it is characterised in that:The CA
The mode that certificate carries out server authenticity verification realizes secure connection process using the library openssl, it is ensured that https shakes hands into
Function and certificate, which verify, to be passed through, and is otherwise the server of personation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810830754.8A CN108881484B (en) | 2018-07-26 | 2018-07-26 | Method for detecting whether terminal can access internet or not |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810830754.8A CN108881484B (en) | 2018-07-26 | 2018-07-26 | Method for detecting whether terminal can access internet or not |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108881484A true CN108881484A (en) | 2018-11-23 |
CN108881484B CN108881484B (en) | 2021-04-02 |
Family
ID=64305618
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810830754.8A Active CN108881484B (en) | 2018-07-26 | 2018-07-26 | Method for detecting whether terminal can access internet or not |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108881484B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109672587A (en) * | 2018-12-14 | 2019-04-23 | 北京酷云互动科技有限公司 | The recognition methods of common terminal, identifying system, server, computer-readable medium |
CN115021917A (en) * | 2022-06-24 | 2022-09-06 | 浪潮卓数大数据产业发展有限公司 | Security verification method, system, device and medium based on certificate |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
CN105634744A (en) * | 2015-12-31 | 2016-06-01 | 北京元心科技有限公司 | Root certificate storage device and safety access method |
US20170237716A1 (en) * | 2016-02-17 | 2017-08-17 | Electronics And Telecommunications Research Institute | System and method for interlocking intrusion information |
-
2018
- 2018-07-26 CN CN201810830754.8A patent/CN108881484B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104580172A (en) * | 2014-12-24 | 2015-04-29 | 北京奇虎科技有限公司 | Data communication method and device based on https (hypertext transfer protocol over secure socket layer) |
CN105634744A (en) * | 2015-12-31 | 2016-06-01 | 北京元心科技有限公司 | Root certificate storage device and safety access method |
US20170237716A1 (en) * | 2016-02-17 | 2017-08-17 | Electronics And Telecommunications Research Institute | System and method for interlocking intrusion information |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109672587A (en) * | 2018-12-14 | 2019-04-23 | 北京酷云互动科技有限公司 | The recognition methods of common terminal, identifying system, server, computer-readable medium |
CN115021917A (en) * | 2022-06-24 | 2022-09-06 | 浪潮卓数大数据产业发展有限公司 | Security verification method, system, device and medium based on certificate |
CN115021917B (en) * | 2022-06-24 | 2024-05-10 | 浪潮卓数大数据产业发展有限公司 | Certificate-based security verification method, system, equipment and medium |
Also Published As
Publication number | Publication date |
---|---|
CN108881484B (en) | 2021-04-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10362053B1 (en) | Computer security threat sharing | |
US20190354709A1 (en) | Enforcement of same origin policy for sensitive data | |
US8756697B2 (en) | Systems and methods for determining vulnerability to session stealing | |
Izhikevich et al. | {LZR}: Identifying unexpected internet services | |
US10255445B1 (en) | Identifying destinations of sensitive data | |
Buchanan et al. | Analysis of the adoption of security headers in HTTP | |
CN110198297B (en) | Flow data monitoring method and device, electronic equipment and computer readable medium | |
Hubbard et al. | A study of SSL proxy attacks on Android and iOS mobile applications | |
CN114598540A (en) | Access control system, method, device and storage medium | |
CN113341798A (en) | Method, system, device, equipment and storage medium for remotely accessing application | |
CN109067785A (en) | Cluster authentication method, device | |
US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
CN102271136A (en) | Access control method and equipment under NAT (Network Address Translation) network environment | |
CN111314381A (en) | Safety isolation gateway | |
CN110099129A (en) | A kind of data transmission method and equipment | |
CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
CN104955036B (en) | Safe networking method and apparatus under public Wi-Fi environment | |
US11601431B2 (en) | Split-tiered point-to-point inline authentication architecture | |
CN105518693B (en) | A kind of safety protecting method and device | |
CN108881484A (en) | A method of whether detection terminal can access internet | |
Wu et al. | IoT network traffic analysis: Opportunities and challenges for forensic investigators? | |
US10931713B1 (en) | Passive detection of genuine web browsers based on security parameters | |
CN116633725A (en) | All-channel access gateway | |
CN116962149A (en) | Network fault detection method and device, storage medium and electronic equipment | |
Sarieddine et al. | Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |