CN109309666A - Interface security control method and terminal device in a kind of network security - Google Patents
Interface security control method and terminal device in a kind of network security Download PDFInfo
- Publication number
- CN109309666A CN109309666A CN201810961338.1A CN201810961338A CN109309666A CN 109309666 A CN109309666 A CN 109309666A CN 201810961338 A CN201810961338 A CN 201810961338A CN 109309666 A CN109309666 A CN 109309666A
- Authority
- CN
- China
- Prior art keywords
- security
- http request
- interface
- strategy
- micro services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
- H04L63/205—Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Technology Law (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention is suitable for technical field of network security, provides interface security control method and terminal device in a kind of network security.The described method includes: receiving the HTTP request that client is sent, the request is parsed, obtains URI;Determine that its corresponding security strategy, the security strategy include signature check, subscription authentication, reset one of verification and black and white lists verification or a variety of;HTTP request is verified according to the security strategy;If passing through verification, it is determined that the corresponding current limliting strategy of URI;HTTP request is verified according to the current limliting strategy;If passing through verification, it is determined that HTTP request is forwarded to micro services interface by the corresponding micro services interface of URI;The response that micro services interface returns is received, and sends the response to client, public network can be requested to be intercepted, verified, realization is uniformly controlled micro services interface security, and outer net is avoided directly with micro services interactive interfacing, to guarantee micro services interface security.
Description
Technical field
The invention belongs in technical field of network security more particularly to a kind of network security interface security control method and
Terminal device.
Background technique
Micro services are an emerging software architectures, exactly a large-scale single application program and service are split as counting
Ten support micro services.The strategy of one micro services can allow work to become more easy, its expansible single component without
It is entire application heap, to meet service-level agreement.Under the tide of micro services, business carries out fine-grained tear open
Point, it ensure that business module and availability.But the application after micro services, interface service is large number of and spreads, and is easy
There is safety issue.So, the interface security that each service is exposed to outer net just seems particularly significant.
Summary of the invention
The embodiment of the present invention provides interface security control method and terminal device in a kind of network security, for outer net and
Between micro services interface, micro services interface security is uniformly controlled, outer net is avoided directly with micro services interactive interfacing, to guarantee
Micro services interface security.
The first aspect of the embodiment of the present invention provides the interface security control method in a kind of network security, comprising:
Hypertext transfer protocol (HyperText Transfer Protocol, the HTTP) request that client is sent is received,
The HTTP request is parsed, is obtained uniform resource identifier (UniformResourceIdentifier, URI);
Determine that the corresponding security strategy of the URI, the security strategy include signature check, subscription authentication, reset verification
With black and white lists verification one of or it is a variety of;
The HTTP request is verified according to the security strategy;
It is verified if the HTTP request passes through security strategy, it is determined that the corresponding current limliting strategy of the URI;
The HTTP request is verified according to the current limliting strategy;
If the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI, it will be described
HTTP request is forwarded to the micro services interface;
The response that the micro services interface returns is received, and the response is sent to the client.
The second aspect of the embodiment of the present invention provides a kind of interface security controlling terminal equipment, including memory, processing
Device and storage in the memory and the computer program that can run on the processor, described in the processor execution
Following steps are realized when computer program:
The HTTP request that client is sent is received, the HTTP request is parsed, obtains URI;
Determine that the corresponding security strategy of the URI, the security strategy include signature check, subscription authentication, reset verification
With black and white lists verification one of or it is a variety of;
The HTTP request is verified according to the security strategy;
It is verified if the HTTP request passes through security strategy, it is determined that the corresponding current limliting strategy of the URI;
The HTTP request is verified according to the current limliting strategy;
If the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI, it will be described
HTTP request is forwarded to the micro services interface;
The response that the micro services interface returns is received, and the response is sent to the client.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, is realized when the computer program is executed by processor such as the interface peace in above-mentioned network security
The step of full control method.
Existing beneficial effect is the embodiment of the present invention compared with prior art: the embodiment of the present invention is for outer net and in incognito
It is engaged between interface, the HTTP request that parsing client is sent obtains URI, asked according to the corresponding security strategy of URI to above-mentioned HTTP
It asks and carries out security strategy verification, if verified by security strategy, according to the corresponding current limliting strategy of URI further to above-mentioned HTTP
Request carries out current limliting policy check, if it is corresponding in incognito that above-mentioned HTTP request is just forwarded to URI by current limliting policy check
Business interface can be requested be intercepted, be verified to public network, and realization is uniformly controlled micro services interface security, avoids outer net
Directly with micro services interactive interfacing, guarantee micro services interface security, while being conducive to after micro services to micro services interface authority
Tightening and adjustment, be suitble to application.
Detailed description of the invention
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description is only of the invention some
Embodiment for those of ordinary skill in the art without any creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is the schematic flow diagram of the interface security control method in a kind of network security provided in an embodiment of the present invention;
Fig. 2 be another embodiment of the present invention provides a kind of network security in interface security control method exemplary flow
Figure;
Fig. 3 is the exemplary flow of the interface security control method in a kind of network security that yet another embodiment of the invention provides
Figure;
Fig. 4 is a kind of schematic block diagram of interface security controlling terminal equipment provided in an embodiment of the present invention;
Fig. 5 is a kind of schematic block diagram of interface security control program provided in an embodiment of the present invention.
Specific embodiment
In being described below, for illustration and not for limitation, the tool of such as particular system structure, technology etc is proposed
Body details, to understand thoroughly the embodiment of the present invention.However, it will be clear to one skilled in the art that there is no these specific
The present invention also may be implemented in the other embodiments of details.In other situations, it omits to well-known system, device, electricity
The detailed description of road and method, in case unnecessary details interferes description of the invention.
In order to illustrate technical solutions according to the invention, the following is a description of specific embodiments.
It is the signal of the interface security control method in a kind of network security provided in an embodiment of the present invention referring to Fig. 1, Fig. 1
Flow chart is illustrated by taking the triggering of the angle of HTTP gateway as an example in this embodiment, here, the basic function of HTTP gateway
It is all HTTP requests for receiving client and sending, the micro services interface of rear end is then forwarded to, as all requests of public network
Entrance, what can be made requests is uniformly controlled.As shown in Figure 1, in this embodiment, the treatment process of HTTP gateway may include
Following steps:
S101: the HTTP request that client is sent is received, the HTTP request is parsed, obtains URI.
Here, user can send HTTP by client (application program of mobile phone (Application, App), webpage etc.)
HTTP gateway is requested, HTTP gateway receives above-mentioned HTTP request, parses the HTTP request, obtains uniform resource identifier URI.
Wherein, HTTP request is the request message from client to server end, comprising: in message first trip, to the requesting method of resource,
The identifier of resource and the agreement used.URI is one for identifying the character string of a certain Internet resources, i.e., a certain internet
The identifier of resource, available every kind of resource on internet, such as HyperText Markup Language (HyperText Markup
Language, HTML) document, image, video clip, program etc. be identified by a universal resource identifier URI.With HTML
For document, it is assumed that all html documents have unique number, are denoted as html:xxxxx, and xxxxx is a character string, i.e.,
The identifier of html document, this energy one html document of unique identification, then this identifier is exactly a URI.
Specifically, before sending HTTP request to HTTP gateway by client, being logged in can just hold user
Row follow-up process.User by client send logging request, the request carry user information, HTTP gateway receive it is above-mentioned
After logging request, the user information that above-mentioned logging request carries is inquired in the user information prestored to be allowed to use if inquired
Family logs in, and does not otherwise allow user to log in.User after logging in the success of HTTP gateway by client, issue to user by HTTP gateway
One TOKEN (token) of cloth.
Here, client can be with to the communications protocol of HTTP gateway and the communications protocol of HTTP gateway to micro services interface
Arbitrarily displacement.Under the weak net environment of mobile Internet, HTTP2.0 communications protocol, such client to HTTP can be replaced into
The performance of gateway will become more preferably, and delay becomes very low.
S102: determine that the corresponding security strategy of the URI, the security strategy include signature check, subscription authentication, playback
One of verification and black and white lists verification are a variety of.
Specifically, HTTP gateway can prestore the corresponding relationship of URI Yu micro services interface, be determined according to the relationship above-mentioned
The corresponding micro services interface of URI, obtains the demand for security of the micro services interface, and available above-mentioned HTTP request is corresponding asks
The demand for security of resource and the demand for security of present communications network are asked, according to the demand for security of micro services interface, HTTP request pair
The demand for security for the request resource answered and the demand for security of present communications network, determine the corresponding security strategy of above-mentioned URI.
Such as: the security strategy of URI (/test/security) configuration is signature check and user authentication, when URI is /test/
When gateway is passed through in the request of security, gateway can carry out signature check to the request and the security strategy of user authentication verifies.
The security strategy includes signature check, subscription authentication, playback verification, black and white lists verification etc..Here, security strategy can be with
It is arranged according to the actual situation, that is, supports customized any interception to request.
S103: the HTTP request is verified according to the security strategy.
Here, HTTP gateway verifies received above-mentioned HTTP request based on the security strategy of above-mentioned determination.
Specifically, above-mentioned HTTP request can carry digital signature, which is to send the visitor of above-mentioned HTTP request
Family end passes through the digital signature that associated digital signature algorithm carries out above-mentioned HTTP request.If above-mentioned security strategy is signature school
It tests, it may include: that HTTP gateway obtains the number label saved that HTTP gateway, which carries out signature check to received above-mentioned HTTP request,
Name algorithm, client and HTTP gateway consult Digital Signature Algorithm here, using same Digital Signature Algorithm to above-mentioned HTTP
Request is digitally signed.HTTP gateway carries out digital label to received above-mentioned HTTP request according to the Digital Signature Algorithm of preservation
Name, the digital signature of acquisition is compared with the digital signature that above-mentioned HTTP request carries, if unanimously, passing through school of signing
It tests, if passing through verification, it was demonstrated that above-mentioned HTTP request is not tampered with.
Here, above-mentioned HTTP request can also carry TOKEN, and TOKEN is that above-mentioned user logs in by client here
After the success of HTTP gateway, a TOKEN that HTTP gateway is promulgated to user.If above-mentioned security strategy is subscription authentication, HTTP
It may include: that the above-mentioned received HTTP request of HTTP gateway detection is that gateway, which carries out subscription authentication to received above-mentioned HTTP request,
No carrying TOKEN, if carrying TOKEN illustrates that user is to pass through subscription authentication by associated authorization.
If above-mentioned security strategy is to reset verification, HTTP gateway carries out playback verification to received above-mentioned HTTP request can
To include: HTTP gateway Test database, such as the digital signature of above-mentioned HTTP request carrying whether is stored in Redis, if
It does not store in Redis, is verified by resetting.Here the micro- of HTTP request and rear end is initiated by client for the first time in user
After service interface carries out information exchange, the digital signature of HTTP request can be deposited into database by HTTP gateway, if this
HTTP request is re-requested by hacker's packet capturing, by comparing with the information stored in database, if having existed, then table
Show that the request is to reset.
Specifically, above-mentioned HTTP request can also carry user information, if above-mentioned security strategy is black and white lists verification,
It may include: HTTP gateway in the user information prestored that HTTP gateway, which carries out black and white lists verification to received above-mentioned HTTP request,
The user information that blacklist inquiry above-mentioned HTTP request carries illustrates not to be black list user, by black if do not inquired
White list verification.
S104: if the HTTP request passes through security strategy and verifies, it is determined that the corresponding current limliting strategy of the URI.
Here, HTTP gateway can prestore the corresponding relationship of URI Yu current limliting strategy, determine above-mentioned URI pairs according to the relationship
The current limliting strategy answered, such as: the calling frequency that URI (/test/flow-limit) configures interface thus is 1000 times per minute,
When URI is /request of test/flow-limit pass through gateway when, gateway can check whether the request call frequency is more than every point
Clock 1000 times, related prompt message is returned to if being more than, if not above subsequent step can be executed.Wherein, the purpose of current limliting
Be speed limit is carried out to protect system by the request carried out in speed limit or a time window to concurrent access/request, once
Service can be refused, be lined up or wait, degrade by reaching limiting speed then.
Specifically current limliting strategy may include: the total number of concurrent of limitation, the instantaneous number of concurrent of limitation, limit putting down in time window
Equal rate etc., in addition it can according to number of network connections, network flow, server load etc. come current limliting.
If verified not over security strategy, HTTP gateway returns to relevant error information to client, and can be by phase
The error result answered is counted, and database is synchronized to, and the displaying of safe multi-dimensional report can be carried out according to these data.
S105: the HTTP request is verified according to the current limliting strategy.
Here, above-mentioned HTTP request is verified according to determining current limliting strategy, if verification passes through, after can executing
Continuous step stops operation if verification does not pass through, and the prompt of current limliting policy check failure can be generated, and the prompt is sent
To above-mentioned client.
S106: if the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI, it will
The HTTP request is forwarded to the micro services interface.
Specifically, HTTP gateway can prestore the corresponding relationship of URI Yu micro services interface, if above-mentioned HTTP request meets
Current limliting strategy, HTTP gateway check the corresponding micro services interface of above-mentioned URI by above-mentioned relation, above-mentioned HTTP request are forwarded
To the micro services interface.
S107: the response that the micro services interface returns is received, and the response is sent to the client.
Here, above-mentioned micro services interface above-mentioned HTTP request returns to relevant response and gives HTTP gateway, and HTTP gateway exists
After the relevant response for receiving micro services interface, relevant response is returned into client.
If HTTP gateway does not receive the relevant response of micro services interface return, Ke Yizai by prefixed time interval
It is secondary to execute the above-mentioned the step of HTTP request is forwarded to the micro services interface, the phase until receiving the return of micro services interface
Close response.
Here, each function of above-mentioned HTTP gateway can be realized by Filter mechanism, while can also be by making by oneself
Adopted Filter carrys out the common logic of arbitrary extension HTTP gateway different business.
It is evidenced from the above discussion that the interface security control method in the network security of the embodiment of the present invention, it can be to public network
Request is intercepted, is verified, and realization is uniformly controlled micro services interface security, and outer net is avoided directly to hand over micro services interface
Mutually, guarantee micro services interface security, while being conducive to the tightening and adjustment after micro services to micro services interface authority, be suitble to answer
With.
Referring to Fig. 2, Fig. 2 be another embodiment of the present invention provides a kind of network security in interface security control method
Schematic flow diagram.The difference of embodiment corresponding with Fig. 1 is: the corresponding security strategy of the determination URI can wrap
Include S202.Wherein S201 is identical as the S101 in a upper embodiment, S103~S107 in S203~S207 and a upper embodiment
It is identical, referring specifically to S101, S103 in above-described embodiment~S107 associated description, do not repeat herein.Specifically, S202 can
To include S2021~S2022:
S2021: the safety of the demand for security, the corresponding request resource of the HTTP request that obtain the micro services interface needs
It asks and the demand for security of present communications network.
Here it is possible to prestore the corresponding relationship of micro services interface and demand for security, request resource is corresponding with demand for security
The corresponding relationship of relationship and communication network and demand for security obtains the safe need of above-mentioned micro services interface according to above-mentioned relation
Ask, above-mentioned HTTP request it is corresponding request resource demand for security and present communications network demand for security.
S2022: according to the demand for security of the micro services interface, the safe need of the corresponding request resource of the HTTP request
It asks and the demand for security of the present communications network, determines the corresponding security strategy of the URI.
Specifically, for example, above-mentioned micro services interface requirement access data it is accurate, by authorization etc., can determine above-mentioned URI
Corresponding security strategy includes signature check and subscription authentication etc., and the relative users of the corresponding request resource of above-mentioned HTTP request are
Legitimate user determines that the corresponding security strategy of above-mentioned URI includes black and white lists verification.Present communications network is required to be not present and be reset
Attack determines that the corresponding security strategy of above-mentioned URI includes resetting verification.
Optionally, the interface security control method in above-mentioned network security further include:
Label is added in the HTTP request, according to the label, records the security strategy verification of the HTTP request
The corresponding relationship of process and current limliting policy check process and the HTTP request and the micro services interface
Here, the request that gateway receives can be very much, when needing to some request tracing, can enter net in the request
Guan Shi, adds a label, and the movement for the associated safety that gateway does above-mentioned request in gateway according to the label records, i.e.,
Record which micro services interface above-mentioned request by gateway has invoked and carried out which security strategy, current limliting strategy is held
Row.
Specifically, if the new system of online support micro services, the interface of new system need to carry out safety-related match
It sets, public network can access the interface of new system.For example, the corresponding security strategy of configuration/api/new-system/** and current limliting
Strategy includes: signature check, and -- > resetting verification -- > prevents the -- > subscription authentication -- verification of > black and white lists -- > limit of parameter SQL injection
Interface processed calls frequency.When the URI of HTTP request is with all requests of/api/new-system/ beginning, can be stamped for request
Label (entirely requests all security strategies executed, current limliting strategy according to the label record and has invoked which micro services connects
Mouthful), the associated check made requests in the order described above, if not passing through in any one link check, then request will not flow
Enter into the application of micro services, background data center can be recorded in corresponding information.It here, can be with by the label stamped
Record request has passed through those verifications, not over information such as which verifications, so as to form safe base report.
Referring to Fig. 3, the interface security control method in a kind of network security that Fig. 3 provides for yet another embodiment of the invention
Schematic flow diagram.The difference of the present embodiment and above-described embodiment is S301~S302, S303~S308 and a upper embodiment
In S103~S107 it is identical, referring specifically to the associated description of S103~S107 in above-described embodiment, do not repeat herein.This reality
The interface security control method applied in the network security in example can also include:
S301: receiving the HTTP request that client is sent, and carries out structuring to the parameters in the HTTP request and looks into
Ask language (Structured Query Language, SQL) syntax check.
Here, above-mentioned SQL syntax inspection is to check in above-mentioned HTTP request and attack with the presence or absence of SQL injection, wherein
SQL injection is exactly to be finally reached the SQL that spoofing server executes malice by the way that sql command is inserted into the places such as HTTP header
Order.Specifically, it is that the sql command of malice is injected into the execution of background data base engine using existing application
Ability.SQL injection harm is huge, can data in the case where without permission in operating database, including read, distort,
The behaviors such as addition and deletion.
S302: if SQL statement is all not present in the parameters of the HTTP request, the HTTP request is parsed, is obtained
Obtain URI.
Specifically, to SQL syntax inspection is carried out in above-mentioned HTTP request, if one or more ginsengs of above-mentioned HTTP request
There are SQL statements in number, then, it is malicious user that judging above-mentioned HTTP request, there are SQL injection attacks, if above-mentioned HTTP is asked
SQL statement is all not present in the parameters asked, judges that above-mentioned HTTP request there is no SQL injection attack, can execute subsequent
Step prevents the SQL injection risk of interface.
Optionally, above-mentioned HTTP request can carry digital signature and user information etc., above-mentioned according to the security strategy
Carrying out verification to the HTTP request may include:
The security strategy is signature check, is digitally signed by prestoring algorithm to the HTTP request;
If the digital signature obtained is consistent with the digital signature that the HTTP request carries, determine that the HTTP request is logical
Cross signature check.
Here, received user's HTTP request is sended over from client, will before client initiates request
The request body of HTTP has carried out digital signature by related algorithm, and when request touching reaches HTTP gateway, HTTP uses same algorithm
Digital signature is carried out to the request, whether the front and back signature for verifying HTTP request is consistent.If inconsistent, judgement is asking for forgery
It asks, not over signature check.If consistent, by signature check, prevent request to be tampered, guarantee the correctness of subsequent processing.
Or
The security strategy is subscription authentication, detects whether the HTTP request carries token, and the token is logical for user
It crosses the client and logs in the token successfully obtained afterwards;
If the HTTP request carries the token, determine that the HTTP request passes through subscription authentication.
Specifically, user needs to carry out login process before entering HTTP gateway by client, logs in user
After certification, HTTP gateway can give user promulgate a TOKEN, when user carries out other requests, HTTP gateway will to
The TOKEN that family is promulgated is verified, and judges whether user passes through associated authorization.If above-mentioned request carries what HTTP gateway was promulgated
TOKEN determines that user passes through associated authorization, can execute follow-up process, otherwise, it is determined that user does not pass through associated authorization, refuse
Follow-up process is executed absolutely, is avoided user from executing relevant operation without permission, is caused security risk.
Or
The security strategy is to reset verification, and the number label that the HTTP request carries whether are stored in Test database
Name;
If not storing the digital signature that the HTTP request carries in the database, determine that the HTTP request is logical
Cross playback verification.
Here, the micro services interface for initiating HTTP request and rear end for the first time by client as user carries out information exchange
Afterwards, the digital signature of request can be stored in database, such as Redis by HTTP gateway, if this HTTP request is by hacker's packet capturing
It is re-requested, by the comparison signed in Redis, discovery is had existed, and can determine that the request is to reset, refusal is held
Row subsequent operation avoids hacker from obtaining corresponding information by packet capturing, causes information leakage.
Or
The security strategy is black and white lists verification, inquires the HTTP request in the user information blacklist prestored and takes
The user information of band;
If not inquiring the user information that the HTTP request carries in the user information blacklist prestored, determine
The HTTP request is verified by black and white lists.
Here, the source of black and white lists can configure backstage by HTTP gateway and obtain, generally can be by configuring user's
Relevant information carries out the configuration of black and white lists, such as: the user that discovery phone number is 12345678910 is hacker user, can
With by the information configuration, in blacklist, whether the user information that detection above-mentioned HTTP request carries is in user information blacklist
In, if not, being verified by black and white lists, if refusing this user and carrying out the association requests such as logging in, avoiding illegally using
Family access obtains relevant information, meets using needs.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Corresponding to the interface security control method in network security described in foregoing embodiments, Fig. 4 shows of the invention real
The running environment schematic diagram of the interface security control program of example offer is provided.For ease of description, it illustrates only and the present embodiment phase
The part of pass.
In the present embodiment, interface security control program 400 is installed and is run in terminal device 40.The terminal
Equipment 40 can be mobile terminal, palm PC, server etc..The terminal device 40 may include, but be not limited only to, memory
401, processor 402 and display 403.Fig. 4 illustrates only the terminal device 40 with component 401-403, it should be understood that
It is, it is not required that implement all components shown, the implementation that can be substituted is more or less component.
The memory 401 can be the internal storage unit of the terminal device 40 in some embodiments, such as should
The hard disk or memory of terminal device 40.The memory 401 is also possible to the terminal device 40 in further embodiments
The plug-in type hard disk being equipped on External memory equipment, such as the terminal device 40, intelligent memory card (Smart Media
Card, SMC), secure digital (Secure Digital, SD) card, flash card (Flash Card) etc..Further, described to deposit
Reservoir 401 can also both including the terminal device 40 internal storage unit and also including External memory equipment.The memory
401 for storing the application software and Various types of data for being installed on the terminal device 40, such as interface security control program
400 program code etc..The memory 401 can be also used for temporarily storing the data that has exported or will export.
The processor 402 can be a central processing unit (Central Processing in some embodiments
Unit, CPU), microprocessor or other data processing chips, for run the program code stored in the memory 401 or
Handle data, such as execute the interface security control program 400 etc..
The display 403 can be light-emitting diode display, liquid crystal display, touch control type LCD in some embodiments and show
Device and Organic Light Emitting Diode (Organic Light-Emitting Diode, OLED) touch device etc..The display 403
For being shown in the information handled in the terminal device 40 and for showing visual user interface, such as application menu
Interface, application icon interface etc..The component 401-403 of the terminal device 40 is in communication with each other by system bus.
Referring to Fig. 5, being the functional block diagram of interface security control program 400 provided in an embodiment of the present invention.In this reality
It applies in example, the interface security control program 400 can be divided into one or more modules, one or more of moulds
Block is stored in the memory 401, and is held by one or more processors (the present embodiment is by the processor 402)
Row, to complete the present invention.For example, the interface security control program 400 can be divided into HTTP request and connect in Fig. 5
Receive unit 501, security strategy determination unit 502, security strategy verification unit 503, current limliting policy determining unit 504, current limliting plan
Slightly verification unit 505, micro services interface determination unit 506 and response transmission unit 507.The so-called unit of the present invention is to refer to
The series of computation machine program instruction section for completing specific function controls program more suitable for describing the interface security than program
400 implementation procedure in the terminal device 40.The function of the module 501-507 will specifically be introduced by being described below.
Wherein, HTTP request receiving unit 501 parses the HTTP and asks for receiving the HTTP request of client transmission
It asks, obtains URI.Security strategy determination unit 502, for determining that the corresponding security strategy of the URI, the security strategy include
One of verification and black and white lists verification or a variety of are reset in signature check, subscription authentication.Security strategy verification unit 503 is used
In being verified according to the security strategy to the HTTP request.Current limliting policy determining unit 504, if being asked for the HTTP
It asks and is verified by security strategy, it is determined that the corresponding current limliting strategy of the URI.Current limliting policy check unit 505, for according to institute
Current limliting strategy is stated to verify the HTTP request.Micro services interface determination unit 506, if passing through for the HTTP request
Current limliting policy check, it is determined that the HTTP request is forwarded to the micro services and connect by the corresponding micro services interface of the URI
Mouthful.Transmission unit 507 is responded, the response returned for receiving the micro services interface, and the response is sent to the visitor
Family end.
Optionally, the security strategy determination unit 502 can be divided into demand for security acquiring unit 5021 and peace
Full demand processing unit 5022.
Wherein, demand for security acquiring unit 5021, for obtaining the demand for security of the micro services interface, the HTTP is asked
Ask the demand for security of corresponding request resource and the demand for security of present communications network.Demand for security processing unit 5022 is used
According to the demand for security of the corresponding request resource of the demand for security of the micro services interface, the HTTP request and described
The demand for security of present communications network determines the corresponding security strategy of the URI.
Optionally, interface security control program 400 can also be divided into information recording unit 508.
Wherein, information recording unit 508, for adding label in the HTTP request, according to the label record institute
The security strategy checking procedure and current limliting policy check process and the HTTP request for stating HTTP request connect with the micro services
The corresponding relationship of mouth.
Optionally, the HTTP request receiving unit 501 is also used to carry out the parameters in the HTTP request
SQL syntax inspection parses the HTTP request if SQL statement is all not present in the parameters of the HTTP request, obtains
URI。
Optionally, the HTTP request carries digital signature and user information.
The security strategy verification unit 503, if being also used to the security strategy is signature check, by prestoring calculation
Method is digitally signed the HTTP request;
If the digital signature obtained is consistent with the digital signature that the HTTP request carries, determine that the HTTP request is logical
Cross signature check;
Or
If the security strategy is subscription authentication, detect whether the HTTP request carries token, the token is to use
Family logs in successfully obtain afterwards token by the client;
If the HTTP request carries the token, determine that the HTTP request passes through subscription authentication;
Or
If the security strategy is to reset verification, the number that the HTTP request carries whether is stored in Test database
Signature;
If not storing the digital signature that the HTTP request carries in the database, determine that the HTTP request is logical
Cross playback verification;
Or
If the security strategy is black and white lists verification, the HTTP is inquired in the user information blacklist prestored and is asked
Seek the user information of carrying;
If not inquiring the user information that the HTTP request carries in the user information blacklist prestored, determine
The HTTP request is verified by black and white lists.
It is apparent to those skilled in the art that for convenience of description and succinctly, only with above-mentioned each function
Can unit, module division progress for example, in practical application, can according to need and by above-mentioned function distribution by different
Functional unit, module are completed, i.e., the internal structure of described device is divided into different functional unit or module, more than completing
The all or part of function of description.Each functional unit in embodiment, module can integrate in one processing unit, can also
To be that each unit physically exists alone, can also be integrated in one unit with two or more units, it is above-mentioned integrated
Unit both can take the form of hardware realization, can also realize in the form of software functional units.In addition, each function list
Member, the specific name of module are also only for convenience of distinguishing each other, the protection scope being not intended to limit this application.Above system
The specific work process of middle unit, module, can refer to corresponding processes in the foregoing method embodiment, and details are not described herein.
In the above-described embodiments, it all emphasizes particularly on different fields to the description of each embodiment, is not described in detail or remembers in some embodiment
The part of load may refer to the associated description of other embodiments.
Those of ordinary skill in the art may be aware that list described in conjunction with the examples disclosed in the embodiments of the present disclosure
Member and algorithm steps can be realized with the combination of electronic hardware or computer software and electronic hardware.These functions are actually
It is implemented in hardware or software, the specific application and design constraint depending on technical solution.Professional technician
Each specific application can be used different methods to achieve the described function, but this realization is it is not considered that exceed
The scope of the present invention.
In embodiment provided by the present invention, it should be understood that disclosed device/terminal device and method, it can be with
It realizes by another way.For example, device described above/terminal device embodiment is only schematical, for example, institute
The division of module or unit is stated, only a kind of logical function partition, there may be another division manner in actual implementation, such as
Multiple units or components can be combined or can be integrated into another system, or some features can be ignored or not executed.Separately
A bit, shown or discussed mutual coupling or direct-coupling or communication connection can be through some interfaces, device
Or the INDIRECT COUPLING or communication connection of unit, it can be electrical property, mechanical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit
The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple
In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme
's.
It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit
It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list
Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated module/unit be realized in the form of SFU software functional unit and as independent product sale or
In use, can store in a computer readable storage medium.Based on this understanding, the present invention realizes above-mentioned implementation
All or part of the process in example method, can also instruct relevant hardware to complete, the meter by computer program
Calculation machine program can be stored in a computer readable storage medium, the computer program when being executed by processor, it can be achieved that on
The step of stating each embodiment of the method.Wherein, the computer program includes computer program code, the computer program generation
Code can be source code form, object identification code form, executable file or certain intermediate forms etc..The computer-readable medium
It may include: any entity or device, recording medium, USB flash disk, mobile hard disk, magnetic that can carry the computer program code
Dish, CD, computer storage, read-only memory (Read-Only Memory, ROM), random access memory (Random
Access Memory, RAM), electric carrier signal, telecommunication signal and software distribution medium etc..It should be noted that the meter
The content that calculation machine readable medium includes can carry out increase and decrease appropriate according to the requirement made laws in jurisdiction with patent practice,
It such as does not include electric carrier signal and telecommunications according to legislation and patent practice, computer-readable medium in certain jurisdictions
Signal.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although referring to aforementioned reality
Applying example, invention is explained in detail, those skilled in the art should understand that: it still can be to aforementioned each
Technical solution documented by embodiment is modified or equivalent replacement of some of the technical features;And these are modified
Or replacement, the spirit and scope for technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. the interface security control method in a kind of network security characterized by comprising
The HTTP request that client is sent is received, the HTTP request is parsed, obtains uniform resource identifier
Accord with URI;
Determine the corresponding security strategy of the URI, the security strategy includes signature check, subscription authentication, resets verification and black
One of white list verification is a variety of;
The HTTP request is verified according to the security strategy;
It is verified if the HTTP request passes through security strategy, it is determined that the corresponding current limliting strategy of the URI;
The HTTP request is verified according to the current limliting strategy;
If the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI asks the HTTP
It asks and is forwarded to the micro services interface;
The response that the micro services interface returns is received, and the response is sent to the client.
2. the interface security control method in network security as described in claim 1, which is characterized in that described in the determination
The corresponding security strategy of URI includes:
The demand for security of the micro services interface, the demand for security of the corresponding request resource of the HTTP request are obtained, and is worked as
The demand for security of preceding communication network;
According to the demand for security of the micro services interface, the demand for security of the corresponding request resource of the HTTP request, Yi Jisuo
The demand for security for stating present communications network determines the corresponding security strategy of the URI.
3. the interface security control method in network security as described in claim 1, which is characterized in that further include:
Add label in the HTTP request, according to the security strategy checking procedure of HTTP request described in the label record and
The corresponding relationship of current limliting policy check process and the HTTP request and the micro services interface.
4. the interface security control method in network security as described in claim 1, which is characterized in that further include:
The inspection of structured query language SQL syntax is carried out to the parameters in the HTTP request;
If SQL statement is all not present in the parameters of the HTTP request, the step of the parsing HTTP request is executed
Suddenly.
5. the interface security control method in network security as described in claim 1, which is characterized in that the HTTP request is taken
Band digital signature and user information;
It is described according to the security strategy to the HTTP request carry out verification include:
If the security strategy is signature check, the HTTP request is digitally signed by prestoring algorithm;
If the digital signature obtained is consistent with the digital signature that the HTTP request carries, determine that the HTTP request passes through label
Name verification;
Or
If the security strategy is subscription authentication, detect whether the HTTP request carries token, the token is logical for user
It crosses the client and logs in the token successfully obtained afterwards;
If the HTTP request carries the token, determine that the HTTP request passes through subscription authentication;
Or
If the security strategy is to reset verification, the number label that the HTTP request carries whether are stored in Test database
Name;
If not storing the digital signature that the HTTP request carries in the database, determine that the HTTP request passes through weight
Put verification;
Or
If the security strategy is black and white lists verification, the HTTP request is inquired in the user information blacklist prestored and is taken
The user information of band;
If not inquiring the user information that the HTTP request carries in the user information blacklist prestored, described in judgement
HTTP request is verified by black and white lists.
6. a kind of interface security controlling terminal equipment, which is characterized in that including memory, processor and be stored in the storage
In device and the computer program that can run on the processor, the processor are realized as follows when executing the computer program
Step:
The HTTP request that client is sent is received, the HTTP request is parsed, obtains URI;
Determine the corresponding security strategy of the URI, the security strategy includes signature check, subscription authentication, resets verification and black
One of white list verification is a variety of;
The HTTP request is verified according to the security strategy;
It is verified if the HTTP request passes through security strategy, it is determined that the corresponding current limliting strategy of the URI;
The HTTP request is verified according to the current limliting strategy;
If the HTTP request passes through current limliting policy check, it is determined that the corresponding micro services interface of the URI asks the HTTP
It asks and is forwarded to the micro services interface;
The response that the micro services interface returns is received, and the response is sent to the client.
7. interface security controlling terminal equipment as claimed in claim 6, which is characterized in that the determination URI is corresponding
Security strategy includes:
The demand for security of the micro services interface, the demand for security of the corresponding request resource of the HTTP request are obtained, and is worked as
The demand for security of preceding communication network;
According to the demand for security of the micro services interface, the demand for security of the corresponding request resource of the HTTP request, Yi Jisuo
The demand for security for stating present communications network determines the corresponding security strategy of the URI.
8. interface security controlling terminal equipment as claimed in claim 6, which is characterized in that the processor executes the calculating
Following steps are realized when machine program:
Add label in the HTTP request, according to the security strategy checking procedure of HTTP request described in the label record and
The corresponding relationship of current limliting policy check process and the HTTP request and the micro services interface.
9. interface security controlling terminal equipment as claimed in claim 6, which is characterized in that the processor executes the calculating
Following steps are realized when machine program:
SQL syntax inspection is carried out to the parameters in the HTTP request;
If SQL statement is all not present in the parameters of the HTTP request, the step of the parsing HTTP request is executed
Suddenly.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, and feature exists
In interface peace of the realization as described in any one of claim 1 to 5 in network security when the computer program is executed by processor
The step of full control method.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810961338.1A CN109309666A (en) | 2018-08-22 | 2018-08-22 | Interface security control method and terminal device in a kind of network security |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810961338.1A CN109309666A (en) | 2018-08-22 | 2018-08-22 | Interface security control method and terminal device in a kind of network security |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109309666A true CN109309666A (en) | 2019-02-05 |
Family
ID=65223866
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810961338.1A Pending CN109309666A (en) | 2018-08-22 | 2018-08-22 | Interface security control method and terminal device in a kind of network security |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109309666A (en) |
Cited By (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110221972A (en) * | 2019-05-21 | 2019-09-10 | 深圳壹账通智能科技有限公司 | A kind of plug-in unit method of calibration, equipment, server and the storage medium of application program |
| CN110365701A (en) * | 2019-07-30 | 2019-10-22 | 深圳前海达闼云端智能科技有限公司 | The management method of customer terminal equipment, calculates equipment and storage medium at device |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
| WO2020233361A1 (en) * | 2019-05-21 | 2020-11-26 | 深圳壹账通智能科技有限公司 | Internal service invoking method and apparatus based on gateway, and terminal device |
| CN112019522A (en) * | 2020-08-07 | 2020-12-01 | 苏州浪潮智能科技有限公司 | Network security policy configuration method and system for micro-service application in cloud management platform |
| CN112231617A (en) * | 2020-10-12 | 2021-01-15 | 深圳市欢太科技有限公司 | Service call checking method and device, storage medium and electronic equipment |
| CN112836199A (en) * | 2021-02-08 | 2021-05-25 | 浪潮云信息技术股份公司 | Tool and method for realizing unified authentication |
| CN112929290A (en) * | 2021-02-02 | 2021-06-08 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
| CN113468491A (en) * | 2021-06-07 | 2021-10-01 | 深圳供电局有限公司 | API service engine method, system, electronic equipment and computer readable storage medium |
| CN113630310A (en) * | 2020-05-06 | 2021-11-09 | 北京农信互联科技集团有限公司 | Distributed high-availability gateway system |
| CN113905031A (en) * | 2021-10-09 | 2022-01-07 | 上海得帆信息技术有限公司 | Multifunctional HTTP service request preprocessing system and method |
| CN114095238A (en) * | 2021-11-17 | 2022-02-25 | 中国银行股份有限公司 | Attack early warning system and method for mobile terminal application program |
| CN114531426A (en) * | 2022-01-05 | 2022-05-24 | 万蚓网络科技(上海)有限公司 | End-to-end streaming media routing method based on back-to-back authentication mode |
| CN114826612A (en) * | 2022-04-20 | 2022-07-29 | 微位(深圳)网络科技有限公司 | Data interaction method, device, equipment and storage medium |
| CN115037789A (en) * | 2022-06-09 | 2022-09-09 | 中国工商银行股份有限公司 | Current limiting method, device, apparatus, storage medium and program product |
| CN115134113A (en) * | 2022-05-13 | 2022-09-30 | 山东鲁软数字科技有限公司 | Platform data security authentication method, system, terminal and storage medium |
| CN116781317A (en) * | 2023-03-21 | 2023-09-19 | 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) | Front-end and back-end data transmission tamper-proof replay method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| US20170195885A1 (en) * | 2010-09-15 | 2017-07-06 | At&T Intellectual Property I, L.P. | System for managing resources accessible to a mobile device server |
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN108234653A (en) * | 2018-01-03 | 2018-06-29 | 马上消费金融股份有限公司 | A kind of method and device of processing business request |
-
2018
- 2018-08-22 CN CN201810961338.1A patent/CN109309666A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101267357A (en) * | 2007-03-13 | 2008-09-17 | 北京启明星辰信息技术有限公司 | A SQL injection attack detection method and system |
| US20170195885A1 (en) * | 2010-09-15 | 2017-07-06 | At&T Intellectual Property I, L.P. | System for managing resources accessible to a mobile device server |
| CN107528853A (en) * | 2017-09-12 | 2017-12-29 | 上海艾融软件股份有限公司 | The implementation method of micro services control of authority |
| CN108234653A (en) * | 2018-01-03 | 2018-06-29 | 马上消费金融股份有限公司 | A kind of method and device of processing business request |
Non-Patent Citations (2)
| Title |
|---|
| EAII企业架构创新研究院: "《微服务架构下的安全认证与鉴权》", 《简书》 * |
| 张晶等: "《微服务框架的设计与实现》", 《计算机系统应用》 * |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020233361A1 (en) * | 2019-05-21 | 2020-11-26 | 深圳壹账通智能科技有限公司 | Internal service invoking method and apparatus based on gateway, and terminal device |
| CN110221972A (en) * | 2019-05-21 | 2019-09-10 | 深圳壹账通智能科技有限公司 | A kind of plug-in unit method of calibration, equipment, server and the storage medium of application program |
| CN110365701B (en) * | 2019-07-30 | 2021-12-31 | 达闼机器人有限公司 | Client terminal equipment management method and device, computing equipment and storage medium |
| CN110365701A (en) * | 2019-07-30 | 2019-10-22 | 深圳前海达闼云端智能科技有限公司 | The management method of customer terminal equipment, calculates equipment and storage medium at device |
| CN111031008A (en) * | 2019-11-25 | 2020-04-17 | 集奥聚合(北京)人工智能科技有限公司 | Method for gateway to uniformly intercept user request and judge whether to release |
| CN111031008B (en) * | 2019-11-25 | 2022-05-24 | 北京小向创新人工智能科技有限公司 | Method for gateway to uniformly intercept and judge whether user request is released |
| CN113630310B (en) * | 2020-05-06 | 2024-02-02 | 北京农信数智科技有限公司 | Distributed high-availability gateway system |
| CN113630310A (en) * | 2020-05-06 | 2021-11-09 | 北京农信互联科技集团有限公司 | Distributed high-availability gateway system |
| CN112019522A (en) * | 2020-08-07 | 2020-12-01 | 苏州浪潮智能科技有限公司 | Network security policy configuration method and system for micro-service application in cloud management platform |
| CN112019522B (en) * | 2020-08-07 | 2022-12-09 | 苏州浪潮智能科技有限公司 | Network security policy configuration method and system for micro-service application in cloud management platform |
| CN112231617A (en) * | 2020-10-12 | 2021-01-15 | 深圳市欢太科技有限公司 | Service call checking method and device, storage medium and electronic equipment |
| CN112929290A (en) * | 2021-02-02 | 2021-06-08 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN112929290B (en) * | 2021-02-02 | 2023-02-24 | 湖南快乐阳光互动娱乐传媒有限公司 | Current limiting method, device, system, storage medium, equipment and gateway |
| CN112836199A (en) * | 2021-02-08 | 2021-05-25 | 浪潮云信息技术股份公司 | Tool and method for realizing unified authentication |
| CN113179277A (en) * | 2021-05-07 | 2021-07-27 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
| CN113179277B (en) * | 2021-05-07 | 2022-08-02 | 济南云拓互动传媒有限公司 | Verification method hidden in standard HTTP plaintext message header |
| CN113468491B (en) * | 2021-06-07 | 2024-02-23 | 深圳供电局有限公司 | API service engine method, system, electronic device and computer readable storage medium |
| CN113468491A (en) * | 2021-06-07 | 2021-10-01 | 深圳供电局有限公司 | API service engine method, system, electronic equipment and computer readable storage medium |
| CN113905031A (en) * | 2021-10-09 | 2022-01-07 | 上海得帆信息技术有限公司 | Multifunctional HTTP service request preprocessing system and method |
| CN114095238A (en) * | 2021-11-17 | 2022-02-25 | 中国银行股份有限公司 | Attack early warning system and method for mobile terminal application program |
| CN114531426A (en) * | 2022-01-05 | 2022-05-24 | 万蚓网络科技(上海)有限公司 | End-to-end streaming media routing method based on back-to-back authentication mode |
| CN114826612B (en) * | 2022-04-20 | 2024-01-30 | 微位(深圳)网络科技有限公司 | Data interaction method, device, equipment and storage medium |
| CN114826612A (en) * | 2022-04-20 | 2022-07-29 | 微位(深圳)网络科技有限公司 | Data interaction method, device, equipment and storage medium |
| CN115134113A (en) * | 2022-05-13 | 2022-09-30 | 山东鲁软数字科技有限公司 | Platform data security authentication method, system, terminal and storage medium |
| CN115134113B (en) * | 2022-05-13 | 2024-04-09 | 山东鲁软数字科技有限公司 | Platform data security authentication method, system, terminal and storage medium |
| CN115037789A (en) * | 2022-06-09 | 2022-09-09 | 中国工商银行股份有限公司 | Current limiting method, device, apparatus, storage medium and program product |
| CN115037789B (en) * | 2022-06-09 | 2024-03-26 | 中国工商银行股份有限公司 | Method, apparatus, device, storage medium and program product for limiting current |
| CN116781317A (en) * | 2023-03-21 | 2023-09-19 | 山东省国土空间数据和遥感技术研究院(山东省海域动态监视监测中心) | Front-end and back-end data transmission tamper-proof replay method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109309666A (en) | Interface security control method and terminal device in a kind of network security | |
| CN101562621B (en) | User authorization method and system and device thereof | |
| JP5719871B2 (en) | Method and apparatus for preventing phishing attacks | |
| CN105592065B (en) | A kind of Website logging method and its login system based on SMS | |
| CN104917721B (en) | Authorization method, device and system based on oAuth agreement | |
| WO2016188256A1 (en) | Application access authentication method, system, apparatus and terminal | |
| CN101478396B (en) | Uni-directional cross-domain identity verification based on low correlation of private cipher key and application thereof | |
| CN107148019B (en) | It is a kind of for connecting the method and apparatus of wireless access point | |
| WO2016173199A1 (en) | Mobile application single sign-on method and device | |
| CN106487774A (en) | A kind of cloud host services authority control method, device and system | |
| CN110266642A (en) | Identity identifying method and server, electronic equipment | |
| CN109150904A (en) | Interface service call method and terminal device | |
| CN108605037B (en) | Method for transmitting digital information | |
| CN108900561A (en) | The method, apparatus and system of single-sign-on | |
| KR20100038990A (en) | Apparatus and method of secrity authenticate in network authenticate system | |
| CN103747076A (en) | Cloud platform access method and device | |
| CN109428893A (en) | A kind of identity identifying method, apparatus and system | |
| CN106817228A (en) | Data charging method and device | |
| JP6067005B2 (en) | System and method for integrating OpenID into a telecommunications network | |
| CN111371811B (en) | Resource calling method, resource calling device, client and service server | |
| CN109495458A (en) | A kind of method, system and the associated component of data transmission | |
| CN109525613B (en) | Request processing system and method | |
| CN105635060B (en) | It is a kind of to obtain method, authentication server and the gateway for applying data | |
| CN115412294A (en) | Platform service-based access method and device, storage medium and electronic equipment | |
| CN106470237A (en) | A kind of asynchronous method for down loading and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190205 |
|
| RJ01 | Rejection of invention patent application after publication |