CN109960945B - Active safety protection method and system for browser - Google Patents
Active safety protection method and system for browser Download PDFInfo
- Publication number
- CN109960945B CN109960945B CN201711435918.9A CN201711435918A CN109960945B CN 109960945 B CN109960945 B CN 109960945B CN 201711435918 A CN201711435918 A CN 201711435918A CN 109960945 B CN109960945 B CN 109960945B
- Authority
- CN
- China
- Prior art keywords
- user
- browser
- certificate
- module
- verification
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention relates to a method and a system for active safety protection of a browser, wherein the method comprises the following steps: step S1: the user inputs the correct user name and password; step S2: searching a corresponding certificate according to the user name and the password of the user, if the certificate is not found, requiring the user to insert the certificate, then executing the step S3, and if the certificate is found, directly executing the step S3; and step S3: verifying the corresponding certificate, if the verification is successful, opening up an independent storage space for the user to browse the corresponding certificate, storing private data generated in the user browsing process, and displaying that the login is successful; if the verification is not successful, the login failure is displayed. The active security protection method and the active security protection system for the browser can enhance the security of user data information from the aspects of user identity authentication, isolated storage of user data, encryption and decryption of user information, control script execution and the like, and further realize the active defense function of the browser.
Description
Technical Field
The invention relates to the technical field of internet data security, in particular to a method and a system for actively protecting the security of a browser.
Background
The browser is used as an entrance for connecting the Internet, and the safety of the browser is very important. Browsers such as chrome and the like have potential safety hazards, and audio decoding applications can be automatically installed by default in the background, and can monitor and record all heard sounds, so that serious safety threats are brought to the privacy of users. However, the protection of the current security software and antivirus software on the browser is more focused on the IE browser, so that other browsers cannot be effectively protected, and the potential risk is obvious. In China, research and development and investment for browser safety are small, and due to the fact that browsers are frequently updated and program designs of manufacturers are different, safety software is difficult to update and protect in time, so that potential safety hazards such as horse hanging, fishing and high-risk plug-ins are prone to occurring when users use the browsers, and further information leakage and even safety accidents occur. Therefore, it is important to enhance the active security function of the browser.
Fig. 1 is a schematic flow chart of a conventional browser security control, as shown in the figure, in the prior art, the browser security control may be divided into the following steps:
step 108: browser network user registration, wherein user registration information is stored in a remote server;
101 to 104: the browser network user logs in: a user inputs a user name and a password on a login interface, a remote server verifies user information and returns a verification result;
step 105: a user inputs a URL of content to be accessed in a browser;
step 106 to step 107: obtaining the access content of the remote server through the network and returning the access content to the browser user;
step 109: the user can choose to log in anonymously without registering a network account, but the access information of the anonymous login browser can be acquired by the network user.
Fig. 2 is a system architecture diagram of a conventional browser security control system, as shown in fig. 2, which includes a client browser 201 and a server 205. The client browser 201 includes a registration request module 202, an access request module 203, and a security processing module 204. The server 205 includes a registration processing module 206 and an access processing module 207, wherein:
the client browser 201 and the server 205 communicate through network signals;
the registration request module 202 is used for a browser user to initiate an account registration request to the server 205;
the access request module 203 is used for the browser to send a URL access request to the server 205;
the security processing module 204 is configured to receive access content returned by the server 205 and perform security processing;
the registration processing module 206 is configured to receive a registration request of a browser user and store registration information in a database for facilitating authentication processing during login;
the access processing module 207 is configured to obtain the content of the website specified by the URL and send the content to the browser of the client 201.
Therefore, the existing browser security control method and system mainly have the following disadvantages:
1. and only the user name and the password are verified for the user identity authentication, so that sensitive privacy data of the user are easily leaked due to the fact that the user name and the password are stolen.
2. The privacy sensitive data of the user is stored in the remote server, so that the privacy sensitive data can be easily obtained by a third party for illegal sale.
3. The user starts the browser to use the browser without logging in, and the access information in the non-account logging-in state is transparent and visible to any user.
Therefore, a new method and system for securing a browser are needed.
Disclosure of Invention
In order to solve the defects in the prior art, the invention provides an active safety protection method for a browser, which comprises the following steps:
step S1: if the user selects anonymous login, the browser does not store the browsing information of the user; if the user selects account login, executing the step S2 to the step S3 after the user inputs a correct user name and a correct password;
step S2: searching a corresponding certificate according to the user name and the password of the user, if the certificate is not found, requiring the user to insert the certificate, and then executing the step S3, if the certificate is found, directly executing the step S3;
and step S3: verifying the corresponding certificate, if the verification is successful, opening up an independent storage space for the user to browse the corresponding certificate, storing private data generated in the user browsing process, and displaying that the login is successful; if the verification is not successful, the login failure is displayed.
In step S3, the browser encrypts the private data generated during the browsing process of the user, and stores the private data in the local computer.
In step S3, after the user logs in the browser, the browser executes and controls the malicious script at the remote server to execute locally through the control of the script.
In step S3, after the user logs in the browser, the browser decrypts and displays the history private data of the user to the user.
The invention further provides an active safety protection system of the browser, which comprises a client and a server which are connected with each other, wherein the server is used for completing registration, certificate generation and issuance of a user, and the browser of the client is used for completing identity verification, script control, data encryption and decryption and private data storage of the user.
The server comprises a user registration module for completing the registration of a new user; and the user certificate generating and issuing module in the user registration module is used for generating a digital certificate for the registered user and issuing the digital certificate to the user.
Wherein, the browser of the client comprises a user identity authentication module, a script control execution module, an encryption module and a decryption module,
the user identity authentication module is connected with the server end and used for verifying the user identity and the certificate when a user logs in and storing the private data of the user;
the script control execution module is connected with the user identity authentication module and is used for controlling the malicious script of the remote server to be executed locally in the process that the user uses the browser after the user identity and certificate authentication is passed;
the encryption module and the decryption module are both connected with the user identity authentication module, the encryption module is used for encrypting and storing the private data in the process that the user uses the browser, and the decryption module is used for decrypting the historical private data of the user and displaying the historical private data to the user.
The user identity authentication module comprises a certificate and password verification module and a user information storage module, wherein the certificate and password verification module is connected with the server end and used for verifying the user identity and the certificate when a user logs in; the user information storage module is connected with the encryption module and the decryption module and is used for storing private data generated in the process of using the browser by a user.
When the user identity authentication module verifies the certificate, the verified content comprises a CA certificate authority, a certificate validity period and whether the certificate is revoked.
When the user identity authentication module verifies the certificate, the verification method comprises any one of online verification or offline verification.
The active security protection method and the active security protection system for the browser can enhance the security of user data information from the aspects of user identity authentication, isolated storage of user data, encryption and decryption of user information, execution of control scripts and the like, and further realize the active defense function of the browser.
Drawings
FIG. 1: the existing browser security control flow diagram;
FIG. 2: the structure block diagram of the existing browser safety control system;
FIG. 3: the invention relates to a system block diagram of a browser active safety protection system;
FIG. 4: the invention relates to a flow chart for realizing the active safety protection method of a browser;
FIG. 5: the invention relates to a specific realization flow chart of a login link of an active safety protection method of a browser;
FIG. 6: the invention relates to a specific implementation flow chart of a safety technical link of an active safety protection method of a browser.
Description of the reference numerals
10. Client terminal
20. Server terminal
21. User registration module
22. User certificate generation and issuance module
30. Browser with a browser interface
31. User identity authentication module
311. Certificate and password verification module
312. User information storage module
32. Script control execution module
33. Encryption module
34. And a decryption module.
Detailed Description
In order to further understand the technical scheme and the advantages of the present invention, the following detailed description of the technical scheme and the advantages thereof is provided in conjunction with the accompanying drawings.
In view of the importance of the browser security to the internet field, the invention provides a security login and access mechanism of a browser, which performs digital authentication and access control on different users of the browser, encrypts access information and strictly controls local execution of scripts; the user must perform identity authentication before using the browser; encrypting access information of a user using a browser, wherein only the user can see the access information, and other users cannot see the access information; the user can strictly control the remote script to run locally when using the browser. Namely, the invention enhances the safety of the user data information from four aspects of user identity authentication, isolated storage of the user data, encryption and decryption of the user information and script control execution, thereby realizing the active defense function of the browser.
Specifically, please refer to fig. 3, which is a system block diagram of the active browser security protection system of the present invention, and as shown in the figure, the present invention provides an active browser security protection system, which includes a client 10 and a server 20 connected to each other through a Ukey.
At the server 20, the administrator completes the registration of the user in the user registration module 21, and the user certificate generation and issuance module 22 in the user registration module 21 generates a digital certificate for each user who has completed the registration and issues the digital certificate to the user.
In the client 10, after the user starts the browser 30, if the user selects the account login mode to log in, the browser 30 starts the certificate and password verification module 311 in the user identity authentication module 31 to detect the validity of the user, that is, to verify the user name and password of the user and the certificate of the user; if the user is legal, the user information storage module 312 in the user identity authentication module 31 is started, and an independent storage space is opened up locally for the user to store the relevant data of the user; if the user is verified to be illegal, the browser 30 cannot be used, and the user can select anonymous login for seamless browsing.
After the user identity authentication module 31 verifies that the user is a legal user, the user can normally use the browser 30 to access the internet, in the access process, the browser 30 controls the malicious script of the remote server to be executed locally by using the script control execution module 32, encrypts the access information (bookmark and history) of the user by using the encryption module 33, and stores the encrypted information in the user information storage module 312 in the user identity authentication module 31. When the user starts up next time, the history data stored locally is decrypted by the decryption module 34 and displayed to the user.
Fig. 4 is a flowchart of an implementation of the active security protection method for a browser according to the present invention, please refer to fig. 3, which is a flowchart of an implementation of the active security protection method for a browser according to the present invention:
1. browser launch
After the browser 30 is started, the user must select a login method before normal use, otherwise the browser 30 cannot be used.
2. User login
(1) The user can select the anonymous login browser 30, in this way, a user name and a password do not need to be input, certainly, the browser 30 does not keep any browsing information in the browsing process, and other users who log in anonymously do not see the browsing content of the user who logs in anonymously last time.
(2) The user may also choose to browse the browser 30 by logging in to an account, which requires the user to enter a valid username and password and insert a digital certificate issued to the user by the server.
3. Script controlled execution
No matter which way the user selects to log in, the browser 30 controls the execution of the script through the script control execution module 32 in the process that the user uses the browser 30, so as to control the illegal malicious script of the remote server to be executed locally, and avoid malicious tampering or illegal acquisition of the user information.
4. Data encryption and decryption
For a user logging in an account, after the browser 30 is normally started, the encryption module 33 in the browser 30 encrypts browsing information (private data information such as bookmarks and history records) of the user and the like through an encryption algorithm (preferably, a national encryption algorithm), and when the user starts the browser next time, the historical browsing information is decrypted through the decryption module 34 and displayed to the user.
5. User data storage
For the user who logs in for the first time, the browser 30 will open up an independent storage space for the user to store the private data of the user. In the process of using the browser 30, the browsing information encrypted by the encryption module 33 is stored in the local database by the user information storage module 312, and since the browsing information is encrypted and then stored, the sensitive information of the user cannot be easily decrypted and obtained even if the local database is illegally intruded.
Specifically, please refer to fig. 5 and fig. 6, which respectively show a specific login link implementation flow and a specific security technical link implementation flow in the implementation process of the active security protection method for a browser according to the present invention.
Referring to fig. 5, the active security protection method for a browser according to the present invention includes the following steps:
step 200: the user opens the browser, inputs the user name and password, and executes step 201;
step 201: the browser searches for the certificate according to the user name and the password, if the certificate is found, step 204 is executed, otherwise step 205 is executed;
step 204: the browser verifies the searched certificate, and the verification content mainly comprises a CA certificate authority, a certificate validity period and whether the certificate is revoked; the verification method comprises online verification and offline verification; if the verification is successful, executing step 206, otherwise, executing step 205;
step 205: requesting the user to insert the matched digital certificate through the medium;
step 206: the user is legal, and an independent storage space is opened up for the user to store the private data of the user;
step 207: the browser can be normally used after logging in successfully.
Referring to fig. 6, a specific implementation flow of a security technical link of the active security protection method for a browser of the present invention includes:
step 300: a user starts a browser;
step 301: the browser account is logged in, and after logging in, steps 302-305 are automatically executed;
step 302: reading the content in a bookmark database in a user information storage module;
step 303: reading the content in a history record database in a user information storage module;
step 304: respectively decrypting the bookmark and the content in the historical record database;
step 305: displaying the decrypted bookmark and the history record to a user in a plaintext form;
step 306: encrypting the newly added bookmark of the user and inserting the encrypted bookmark into a bookmark database;
step 307: encrypting a new historical record of a user and then inserting the encrypted new historical record into a historical record database;
step 308: the malicious script in the remote server is controlled to be executed locally in the whole process of using the browser by the user;
step 309: and exiting the browser.
In the present invention, the "URL" refers to a uniform resource locator.
In the present invention, the "Ukey" is a small storage device.
The invention has the following beneficial effects:
1. in the invention, the user starts the browser and must select a login mode (anonymous or account login), otherwise the user cannot use the browser, the browser account is registered by an administrator, and the safety of the user using the browser can be enhanced.
2. The invention enhances the safety of user privacy by encrypting the sensitive information (bookmarks, history records, etc.) of the user and then storing the information in the local client.
3. The invention adopts double authentication for the identity authentication of the user: username password and digital certificate. Even if the user name and the password are stolen, the user can not log in without the corresponding digital certificate, and the safety of using the browser is further ensured.
4. According to the invention, the privacy sensitive data of different users are isolated and stored, so that no access authority of other users is ensured, and the privacy of the users is protected.
Although the present invention has been described with reference to the preferred embodiments, it should be understood that the scope of the present invention is not limited thereto, and those skilled in the art will appreciate that various changes and modifications can be made without departing from the spirit and scope of the present invention.
Claims (8)
1. An active safety protection method for a browser is characterized by comprising the following steps:
step S1: if the user selects anonymous login, the browser does not save the browsing information of the user; if the user selects account login, executing the step S2 to the step S3 after the user inputs a correct user name and a correct password;
step S2: searching a corresponding certificate according to the user name and the password of the user, if the certificate is not found, requiring the user to insert the certificate, then executing the step S3, and if the certificate is found, directly executing the step S3;
and step S3: verifying the corresponding certificate, if the verification is successful, opening up an independent storage space for the current browsing of the user to store the private data generated in the browsing process of the user, and displaying the successful login; if the verification is not successful, the login failure is displayed;
wherein the browser is a remote server.
2. The active browser security protection method of claim 1, wherein: in step S3, the browser encrypts the private data generated during the browsing process of the user, and stores the private data in the local computer.
3. The active browser security protection method of claim 1, wherein: in the step S3, after the user logs in the browser, the browser executes and controls the malicious script at the remote server to be executed locally through the control of the script.
4. The active browser security protection method of claim 1, wherein: in the step S3, after the user logs in the browser, the browser decrypts and displays the history private data of the user to the user.
5. A browser active safety protection system is characterized by comprising a client and a server which are connected with each other, wherein the server is used for completing registration, certificate generation and issuance of a user, and a browser of the client is used for completing identity verification, script control, data encryption and decryption and private data storage of the user; the browser of the client comprises a user identity authentication module, a script control execution module, an encryption module and a decryption module,
the user identity authentication module is connected with the server end and used for verifying the user identity and the certificate when a user logs in and storing the private data of the user;
the script control execution module is connected with the user identity authentication module and is used for controlling the malicious script of the remote server to be executed locally in the process that the user uses the browser after the user identity and certificate authentication is passed;
the encryption module and the decryption module are both connected with the user identity authentication module, the encryption module is used for encrypting and storing the private data in the process that a user uses the browser, and the decryption module is used for decrypting and displaying the historical private data of the user to the user;
the user identity authentication module comprises a certificate and password verification module and a user information storage module, wherein the certificate and password verification module is connected with the server side and is used for verifying the user identity and the certificate when a user logs in; the user information storage module is connected with the encryption module and the decryption module and is used for storing private data generated in the process of using the browser by a user;
at a client, after a user starts a browser, if the user logs in by selecting an account login mode, the browser starts a certificate and password verification module in a user identity authentication module to detect the legality of the user, namely, the user name and the password of the user and the certificate of the user are verified; if the user is legal, starting a user information storage module in the user identity authentication module, and opening up an independent storage space for the user locally to store the related data of the user; if the user is verified to be illegal, the browser cannot be used, and the user can select anonymous login to perform traceless browsing;
after the user identity authentication module verifies that the user is a legal user, the user can normally use the browser to access the Internet, and in the access process, the browser controls the malicious script of the remote server to be executed locally by using the script control execution module.
6. The active browser security protection system of claim 5, wherein: the server comprises a user registration module for completing the registration of a new user; and the user certificate generating and issuing module in the user registration module is used for generating a digital certificate for the registered user and issuing the digital certificate to the user.
7. The active browser security protection system of claim 5, wherein: when the user identity authentication module verifies the certificate, the verified content comprises a CA certificate authority, a certificate validity period and whether the certificate is revoked.
8. The active browser security protection system of claim 5, wherein: when the user identity authentication module verifies the certificate, the verification method comprises any one of online verification or offline verification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711435918.9A CN109960945B (en) | 2017-12-26 | 2017-12-26 | Active safety protection method and system for browser |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711435918.9A CN109960945B (en) | 2017-12-26 | 2017-12-26 | Active safety protection method and system for browser |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109960945A CN109960945A (en) | 2019-07-02 |
| CN109960945B true CN109960945B (en) | 2023-03-21 |
Family
ID=67022480
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711435918.9A Active CN109960945B (en) | 2017-12-26 | 2017-12-26 | Active safety protection method and system for browser |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109960945B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111125665A (en) * | 2019-12-04 | 2020-05-08 | 中国联合网络通信集团有限公司 | Authentication method and device |
| CN112613025A (en) * | 2020-12-30 | 2021-04-06 | 宁波三星医疗电气股份有限公司 | Communication method of USB (universal serial bus) equipment and browser on computer |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
| WO2013089771A1 (en) * | 2011-12-16 | 2013-06-20 | Intel Corporation | Secure user attestation and authentication to a remote server |
| CN103490896A (en) * | 2013-09-16 | 2014-01-01 | 北京鹏宇成软件技术有限公司 | Multi-user website automatic logger and achieving method thereof |
| WO2014187168A1 (en) * | 2013-05-22 | 2014-11-27 | 福建联迪商用设备有限公司 | Information storage and management method and apparatus based on webkit browser |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8924714B2 (en) * | 2008-06-27 | 2014-12-30 | Microsoft Corporation | Authentication with an untrusted root |
| ES2644593T3 (en) * | 2012-06-29 | 2017-11-29 | Huawei Technologies Co., Ltd. | Identity authentication method and device |
| US10462135B2 (en) * | 2015-10-23 | 2019-10-29 | Intel Corporation | Systems and methods for providing confidentiality and privacy of user data for web browsers |
-
2017
- 2017-12-26 CN CN201711435918.9A patent/CN109960945B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101697540A (en) * | 2009-10-15 | 2010-04-21 | 浙江大学 | Method for authenticating user identity through P2P service request |
| WO2013089771A1 (en) * | 2011-12-16 | 2013-06-20 | Intel Corporation | Secure user attestation and authentication to a remote server |
| WO2014187168A1 (en) * | 2013-05-22 | 2014-11-27 | 福建联迪商用设备有限公司 | Information storage and management method and apparatus based on webkit browser |
| CN103490896A (en) * | 2013-09-16 | 2014-01-01 | 北京鹏宇成软件技术有限公司 | Multi-user website automatic logger and achieving method thereof |
Non-Patent Citations (2)
| Title |
|---|
| Browser"s "search form" issues and countermeasures;Yuji Suga;《2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS)》;20171102;全文 * |
| 浏览器隐私信息存储与保护技术研究;卢永强等;《信息安全与通信保密》;20130410(第04期);第84-85页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109960945A (en) | 2019-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108322461B (en) | Method, system, device, equipment and medium for automatically logging in application program | |
| US9996679B2 (en) | Methods and apparatus for device authentication and secure data exchange between a server application and a device | |
| US9021254B2 (en) | Multi-platform user device malicious website protection system | |
| US9026788B2 (en) | Managing credentials | |
| US9070112B2 (en) | Method and system for securing documents on a remote shared storage resource | |
| US9485254B2 (en) | Method and system for authenticating a security device | |
| CN109409045B (en) | Safety protection method and device for automatic login account of browser | |
| CA2689847C (en) | Network transaction verification and authentication | |
| JP6010139B2 (en) | Account management for multiple network sites | |
| US9787689B2 (en) | Network authentication of multiple profile accesses from a single remote device | |
| US20120036565A1 (en) | Personal data protection suite | |
| US20080148057A1 (en) | Security token | |
| US20180026953A1 (en) | Encryption on computing device | |
| JP2015511356A5 (en) | ||
| US8813200B2 (en) | Online password management | |
| CN109960945B (en) | Active safety protection method and system for browser | |
| US20100146605A1 (en) | Method and system for providing secure online authentication | |
| US20220353081A1 (en) | User authentication techniques across applications on a user device | |
| JP6464544B1 (en) | Information processing apparatus, information processing method, information processing program, and information processing system | |
| Kimak et al. | HTML5 IndexedDB Encryption: Prevention against Potential Attacks | |
| JP6562370B1 (en) | Information processing apparatus, information processing method, information processing program, and information processing system | |
| US20220138310A1 (en) | Keystroke Cipher Password Management System and Method | |
| TWM551721U (en) | Login system implemented along with a mobile device without password | |
| TWI670618B (en) | Login system implemented along with a mobile device without password and method thereof | |
| Nash et al. | Password Managers and Vault Application Security and Forensics: Research Challenges and Future Opportunities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |