CN110493225A - A kind of request transmission method, device, equipment and readable storage medium storing program for executing - Google Patents

A kind of request transmission method, device, equipment and readable storage medium storing program for executing Download PDF

Info

Publication number
CN110493225A
CN110493225A CN201910769443.XA CN201910769443A CN110493225A CN 110493225 A CN110493225 A CN 110493225A CN 201910769443 A CN201910769443 A CN 201910769443A CN 110493225 A CN110493225 A CN 110493225A
Authority
CN
China
Prior art keywords
request
fingerprint
information
destination request
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910769443.XA
Other languages
Chinese (zh)
Other versions
CN110493225B (en
Inventor
李金鑫
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201910769443.XA priority Critical patent/CN110493225B/en
Publication of CN110493225A publication Critical patent/CN110493225A/en
Application granted granted Critical
Publication of CN110493225B publication Critical patent/CN110493225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Collating Specific Patterns (AREA)

Abstract

This application discloses a kind of request transmission methods, comprising: generates destination request depending on the user's operation;According to the build environment information generating device fingerprint of destination request, build environment information is included at least: the font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu information that browser is supported;Destination request and device-fingerprint are transmitted to server-side.Wherein, the font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu information that browser for generating device fingerprint is supported are to have the information of secure safety, so the correctness and safety of device-fingerprint and request data can be ensured, reliable judgment basis can be provided for server-side.Correspondingly, a kind of request transmitting device, equipment and readable storage medium storing program for executing disclosed in the present application, similarly have above-mentioned technique effect.

Description

A kind of request transmission method, device, equipment and readable storage medium storing program for executing
Technical field
This application involves field of computer technology, in particular to a kind of request transmission method, device, equipment and readable storage Medium.
Background technique
In the prior art, in order to ensure front end request correctness and safety, corresponding device-fingerprint can be generated, And device-fingerprint and request data are sent to server-side simultaneously, so that server-side is according to the device-fingerprint decision request received Whether data are correct.
Wherein, the information that existing device-fingerprint generating mode is used may be tampered or forge, such as: generating device The information of fingerprint generally comprises: client ip address, client user's proxy information, Referer information, but in actual scene In, client ip address and Referer information are commonly present forgery behavior.That is, in existing device-fingerprint generating process In, used client ip address and Referer information may be mistake, therefore will be unable to ensure the device-fingerprint generated Correctness and safety provide reliable judgment basis so that the safety of request data can not be ensured for server-side.
Therefore, the correctness and safety for how improving request data are those skilled in the art's problems to be solved.
Summary of the invention
In view of this, the application's is designed to provide a kind of request transmission method, device, equipment and readable storage medium Matter, to improve the correctness and safety of device-fingerprint and request data.Its concrete scheme is as follows:
In a first aspect, this application provides a kind of request transmission methods, comprising:
Destination request is generated depending on the user's operation;
According to the build environment information generating device fingerprint of destination request, build environment information is included at least: browser branch The font format information and audio-video format information held, audio-video spatial cue, graphical rendering information, locally store information and Local cpu information;
Destination request and device-fingerprint are transmitted to server-side.
Preferably, destination request and device-fingerprint are transmitted to server-side, comprising:
It is signed, is asked for an autograph to destination request using device-fingerprint;
It will ask for an autograph, destination request and device-fingerprint are transmitted to server-side.
Preferably, it is signed using device-fingerprint to destination request, comprising:
The cryptographic Hash of device-fingerprint is calculated, and is signed using cryptographic Hash to destination request.
Preferably, destination request and device-fingerprint are transmitted to server-side, comprising:
Destination request is encrypted using base64 Encryption Algorithm, obtains target ciphering sequence;
It is signed, is asked for an autograph to target ciphering sequence using the cryptographic Hash of device-fingerprint;
It will ask for an autograph, target ciphering sequence and cryptographic Hash are transmitted to server-side.
Preferably, it is signed using the cryptographic Hash of device-fingerprint to target ciphering sequence, before being asked for an autograph, also Include:
It is random to generate preset quantity random number;
Using preset quantity random number and ASCII coding target ciphering sequence is shifted respectively, obtain with each The corresponding accidental enciphering sequence of random number;
Splice accidental enciphering sequence corresponding with each random number, obtains splicing ciphering sequence, and ciphering sequence will be spliced As target ciphering sequence.
Preferably, obtain splicing ciphering sequence after, further includes:
Splicing ciphering sequence is encrypted using preset base64 sequence, and splicing ciphering sequence is updated to encrypt Splicing ciphering sequence afterwards.
Preferably, destination request and device-fingerprint are transmitted to before server-side, further includes:
According to the difference of the parameter in the generation parameter of destination request and preset parameter library, calculating user is real user Probability value;
Judge whether probability value is more than preset threshold value;
If so, executing the step of destination request and device-fingerprint are transmitted to server-side;
If it is not, then blocking the transmission of destination request and device-fingerprint.
Second aspect, this application provides a kind of request transmitting devices, comprising:
Generation module is requested, for generating destination request depending on the user's operation;
Device-fingerprint generation module, for the build environment information generating device fingerprint according to destination request, build environment Information includes at least: the font format information and audio-video format information of browser support, audio-video spatial cue, figure rendering Information, locally store information and local cpu information;
Transmission module, for destination request and device-fingerprint to be transmitted to server-side.
The third aspect, this application provides a kind of request transmission devices, comprising:
Memory, for storing computer program;
Processor, for executing the computer program, to realize aforementioned disclosed request transmission method.
Fourth aspect, this application provides a kind of readable storage medium storing program for executing, for saving computer program, wherein the meter Calculation machine program realizes aforementioned disclosed request transmission method when being executed by processor.
By above scheme it is found that this application provides a kind of request transmission methods, comprising: generate depending on the user's operation Destination request;According to the build environment information generating device fingerprint of destination request, build environment information is included at least: browser branch The font format information and audio-video format information held, audio-video spatial cue, graphical rendering information, locally store information and Local cpu information;Destination request and device-fingerprint are transmitted to server-side.
In the above-mentioned methods, the font lattice that browser is supported are included at least for the build environment information of generating device fingerprint Formula information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu letter Breath.Wherein, above- mentioned information are the information for generating the browser of request and carrying, since browser type is limited, and each browsing The information of device will not be changed arbitrarily, will not be tampered, so these information have reliable safety, so as to ensure equipment The correctness and safety of fingerprint and request data;It can also be service when device-fingerprint and request data are sent to server-side End provides reliable judgment basis.
Correspondingly, a kind of request transmitting device, equipment and readable storage medium storing program for executing provided by the present application similarly have above-mentioned Technical effect.
Detailed description of the invention
In order to illustrate the technical solutions in the embodiments of the present application or in the prior art more clearly, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this The embodiment of application for those of ordinary skill in the art without creative efforts, can also basis The attached drawing of offer obtains other attached drawings.
Fig. 1 is the first request transmission method flow chart disclosed in the present application;
Fig. 2 is second of request transmission method flow chart disclosed in the present application;
Fig. 3 is the third request transmission method flow chart disclosed in the present application;
Fig. 4 is a kind of request transmitting device schematic diagram disclosed in the present application;
Fig. 5 is a kind of request transmission device schematic diagram disclosed in the present application.
Specific embodiment
Below in conjunction with the attached drawing in the embodiment of the present application, technical solutions in the embodiments of the present application carries out clear, complete Site preparation description, it is clear that described embodiments are only a part of embodiments of the present application, instead of all the embodiments.It is based on Embodiment in the application, it is obtained by those of ordinary skill in the art without making creative efforts every other Embodiment shall fall in the protection scope of this application.
Currently, the information that existing device-fingerprint generating mode is used may be tampered or forge, and such as: generating device The information of fingerprint generally comprises: client ip address, client user's proxy information, Referer information, but in actual scene In, client ip address and Referer information are commonly present forgery behavior.That is, in existing device-fingerprint generating process In, used client ip address and Referer information may be mistake, therefore will be unable to ensure the device-fingerprint generated Correctness and safety, so that reliable judgment basis can not be provided for server-side.For this purpose, this application provides a kind of requests Transmission plan, can ensure the correctness and safety of device-fingerprint, provide reliable judgment basis for server-side.
Shown in Figure 1, the embodiment of the present application discloses the first request transmission method, comprising:
S101, destination request is generated depending on the user's operation;
S102, the build environment information generating device fingerprint according to destination request, build environment information include at least: browsing The font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information that device is supported And local cpu information;
S103, destination request and device-fingerprint are transmitted to server-side.
In the present embodiment, destination request and device-fingerprint are transmitted to server-side, comprising: using device-fingerprint to target Request is signed, and is asked for an autograph;It will ask for an autograph, destination request and device-fingerprint are transmitted to server-side.Wherein, it utilizes Device-fingerprint signs to destination request, comprising: calculate the cryptographic Hash of device-fingerprint, and using cryptographic Hash to destination request into Row signature.
It is understood that signing using device-fingerprint to destination request, the peace of request data can further improve Quan Xing.
In the present embodiment, it according to the difference of the parameter in the generation parameter of destination request and preset parameter library, calculates User is the probability value of real user;Judge whether probability value is more than preset threshold value;If so, executing destination request and setting The step of standby fingerprint is transmitted to server-side;If it is not, then blocking the transmission of destination request and device-fingerprint.
It should be noted that local device can be based on user's when user is when front end is based on browser initiation request Operation generates corresponding request.Wherein, the user for initiating request is real user under normal circumstances, is also possible to be scanner sometimes Equal analog subscribers.Scanner general execution is crawler operation.
In order to distinguish that active user is analog subscriber or real user, can be carried out based on the generation parameter of current request Determine.The generation parameter of current request is to initiate the parameter of the browser of request, if active user is real user, then when The generation parameter of preceding request is the actual parameter of browser;If active user is analog subscriber, then the generation of current request Parameter by with the actual parameter of browser just difference.Specifically, being stored in the pre-set parameter library of the application various The actual parameter of browser, therefore the generation parameter of destination request is compared with the parameter in preset parameter library, so that it may It is true use so as to calculate active user according to the difference to determine the generation parameter of destination request and the difference of actual parameter The probability value at family.
Such as: the generation parameter of destination request has 5, wherein the parameter in 3 and parameter library is inconsistent, and preset threshold Value is 60%, then the probability value that active user is real user can be 2 ÷ 5=40%, and 40% less than 60%, so can Think that active user is analog subscriber, therefore blocks the transmission of destination request.Thus can front end filter out it is some it is non-just Often request, so as to save computer resource, can also reduce the request treating capacity of server-side, mitigate the pressure of server-side.
It is, of course, also possible to which the analog parameter that various scanners use is stored in advance, it thus can directly compare and currently ask Whether the generation parameter asked is consistent with analog parameter;If consistent, current request is the request that analog subscriber is initiated, this is blocked to ask The transmission asked;If inconsistent, the difference according to the parameter in the generation parameter of destination request and preset parameter library, meter are executed Calculate the probability value that user is real user;Judge whether probability value is more than preset threshold value;If so, execute destination request and Device-fingerprint is transmitted to the step of server-side;If it is not, the step of then blocking the transmission of destination request and device-fingerprint.
It is set forth below the parameter of some common browsers and scanner, the complete parameter of each browser and scanner can be with With reference to the prior art, details are not described herein for the present embodiment.
The parameter of different browsers refers to table 1- table 4.
Table 1
Table 2
Table 3
Table 4
It should be noted that in 7 operating system of Windows, representative browser include: Chrome and Firefox;QupZilla browser based on QtWebEngine;Scanner Burpsuite2.0 be similarly based on Qtwebkit QtWebEngine.Their certain parameter differences can be found in table 1- table 4.Scanner often utilizes open source browser engine for example QtWebkit, Phantomjs etc. realize user's simulated operation.As it can be seen that the parameter for the browser that real user uses, being based on The browser of QtWebEngine and the parameter of Burpsuite2.0 scanner have significant difference.In different operating system, For the difference of different browsers there are also very much, this specification will not enumerate explanation.
In the present embodiment, the font lattice that browser is supported are included at least for the build environment information of generating device fingerprint Formula information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu letter Breath.Wherein, above- mentioned information are the information for generating the browser of request and carrying, since browser type is limited, and each browsing The information of device will not be changed arbitrarily, will not be tampered, so these information have reliable safety, so as to ensure equipment The correctness and safety of fingerprint and request data;It can also be service when device-fingerprint and request data are sent to server-side End provides reliable judgment basis.
Shown in Figure 2, the embodiment of the present application discloses second of request transmission method, comprising:
S201, destination request is generated depending on the user's operation;
S202, the build environment information generating device fingerprint according to destination request, build environment information include at least: browsing The font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information that device is supported And local cpu information;
S203, destination request is encrypted using base64 Encryption Algorithm, obtains target ciphering sequence;
S204, random generation preset quantity random number;
S205, using preset quantity random number and ASCII coding target ciphering sequence is shifted respectively, obtain with The corresponding accidental enciphering sequence of each random number;
S206, splicing accidental enciphering sequence corresponding with each random number, obtain splicing ciphering sequence;
S207, splicing ciphering sequence is encrypted using preset base64 sequence, splicing ciphering sequence is updated to Encrypted splicing ciphering sequence, and ciphering sequence will be spliced as target ciphering sequence.
S208, it is signed, is asked for an autograph to target ciphering sequence using the cryptographic Hash of device-fingerprint;
S209, will ask for an autograph, the cryptographic Hash of target ciphering sequence and device-fingerprint is transmitted to server-side.
In the present embodiment, before sending destination request, destination request is encrypted, and utilizes device-fingerprint Cryptographic Hash signs to encrypted destination request, to further ensure the safety of destination request.
Wherein, the base64 Encryption Algorithm in the present embodiment can be replaced other Encryption Algorithm.Utilize preset base64 Sequence encrypts splicing ciphering sequence, can further enhance the safety of destination request.Base64 Encryption Algorithm is to data When being encrypted, dynamic Fault Sequence can be used and encrypted, also can customize sequence and encrypted.Wherein, dynamic default sequence The safety of column is lower than the safety of custom list.
In the present embodiment, the encrypting step of S204-S206 description is the customized encrypting step of the present embodiment, in this way may be used Further increase the safety of destination request.Wherein, preset quantity random number is generated at random, comprising: based on the different time Stamp is random to generate preset quantity random number.
Wherein, S204-S206 is the encryption carried out based on time and random number, and it is reverse can to increase Encryption Algorithm in this way Difficulty.Because encrypted result is not fixed when a request issues;Meanwhile server-side can be based between maximum time Judge whether the request ciphertext received needs to be further processed every difference.If receiving the timestamp of request and sending the request The difference of timestamp be repeatedly more than maximum time interval (maximum time interval is preset duration), then show that current request is very big It may be that Replay Attack or attacker are passing through the data packet analysis that malice is distorted and testing in degree.
It is, the difference at time point and request received time point that request issues and the interval set are (i.e. Maximum time interval) it is compared.For example interval is 5 seconds, requests the time point issued and requests received time point Difference is 10 seconds, then showing current request largely may be that Replay Attack or attacker are passing through malice and distorting Data packet analysis test.
When receive request timestamp and send the request timestamp difference be repeatedly more than maximum time interval (most Big time interval is preset duration), then it can abandon current request.Meanwhile data can be guaranteed using base64 Encryption Algorithm Integrality, guarantee data server-side will not be caused not identify and handle well because of differences such as character set encodings;base64 Dynamic Fault Sequence can be safeguarded by time synchronization, dynamic Fault Sequence but also the ciphertext generated be it is dynamic, can Effectively to enhance the difficulty that ciphertext is cracked.
It should be noted that other in the present embodiment realize that step is same as the previously described embodiments or similar, therefore this implementation Details are not described herein for example.
In the present embodiment, the font lattice that browser is supported are included at least for the build environment information of generating device fingerprint Formula information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu letter Breath.Wherein, above- mentioned information are the information for generating the browser of request and carrying, since browser type is limited, and each browsing The information of device will not be changed arbitrarily, will not be tampered, so these information have reliable safety, so as to ensure equipment The correctness and safety of fingerprint and request data;It can also be service when device-fingerprint and request data are sent to server-side End provides reliable judgment basis.Meanwhile request data is transmitted with ciphertext, improves the safety of request data.
Shown in Figure 3, the embodiment of the present application discloses the third request transmission method, comprising:
S301, destination request is generated depending on the user's operation;
S302, the build environment information generating device fingerprint according to destination request, build environment information include at least: browsing The font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information that device is supported And local cpu information;
S303, destination request is encrypted using base64 Encryption Algorithm, obtains target ciphering sequence;
S304, random generation preset quantity random number;
S305, using preset quantity random number and ASCII coding target ciphering sequence is shifted respectively, obtain with The corresponding accidental enciphering sequence of each random number;
S306, splicing accidental enciphering sequence corresponding with each random number, obtain splicing ciphering sequence;
S307, splicing ciphering sequence is encrypted using preset base64 sequence, splicing ciphering sequence is updated to Encrypted splicing ciphering sequence, and ciphering sequence will be spliced as target ciphering sequence.
S308, it is signed, is asked for an autograph to target ciphering sequence using the cryptographic Hash of device-fingerprint;
S309, according to the difference of the parameter in the generation parameter of destination request and preset parameter library, it is true for calculating user The probability value of real user;
S310, judge whether probability value is more than preset threshold value;If so, executing S311;If it is not, then executing S312;
S311, will ask for an autograph, the cryptographic Hash of target ciphering sequence and device-fingerprint is transmitted to server-side;
S312, blocking ask for an autograph, the transmission of the cryptographic Hash of target ciphering sequence and device-fingerprint.
Wherein, ASCII coding (American Standard Code for Information Interchange, beauty State's standard code for information interchange) it is computer code's system based on the Latin alphabet, there is high versatility.
It should be noted that device-fingerprint technology is currently used primarily in user tracking.Using device-fingerprint technology, in business It can effectively identify user identity, the initiation environment of user's request be judged, and the identity of user is uniquely demarcated, To judge that user is potential service attacks person or normal user.In webpage, in order to bring body well to user It tests, at present Ajax (Asynchronous Javascript And XML, asynchronous JavaScript and XML) in the technology of mainstream It is very widely used.The ajax technology that the XML HTTP Request provided using browser is realized can accomplish asynchronous refresh number According to, do not block current thread, user experience greatly can be enhanced.
In the present embodiment, the different requests initiated for different browsers, realize the principle of encryption are as follows: directly in webpage It before all javascript file loads, covers window.XMLHttpRequest object (abbreviation xhr), overriding xhr request Open and send method.When the xhr that other frames use sends request, so that it may achieve the effect that endorse automatically.Such as This can will all request the request ciphertext that be rewritten as in the present embodiment for the request that any browser is initiated.
In order to further increase the validity of device-fingerprint, build environment information can also include: browser to Web GL Whether the support situation of (Web Graphics Library, a kind of 3D drawing technique) can pass through Web RTC (Web Real- Time Communication, the timely communication technology of webpage) obtain IP address of internal network, DNT (Do Not Track, in browser Forbid tracking function) fingerprint etc..It is, of course, also possible to include other unlisted information, including information category it is more, dimension Higher, anti-counterfeit capability is stronger, and the safety of device-fingerprint is higher.
It should be noted that other in the present embodiment realize that step is same as the previously described embodiments or similar, therefore this implementation Details are not described herein for example.
In the present embodiment, the font lattice that browser is supported are included at least for the build environment information of generating device fingerprint Formula information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local cpu letter Breath.Wherein, above- mentioned information are the information for generating the browser of request and carrying, since browser type is limited, and each browsing The information of device will not be changed arbitrarily, will not be tampered, so these information have reliable safety, so as to ensure equipment The correctness and safety of fingerprint and request data;It can also be service when device-fingerprint and request data are sent to server-side End provides reliable judgment basis.Meanwhile request data is transmitted with ciphertext, improves the safety of request data.It can also be The true or false of front end judgement request can also reduce the request treating capacity of server-side so as to save computer resource, mitigate clothes The pressure at business end.
A kind of request transmitting device provided by the embodiments of the present application is introduced below, a kind of request described below passes Defeated device can be cross-referenced with a kind of above-described request transmission method.
Shown in Figure 4, the embodiment of the present application discloses a kind of request transmitting device, comprising:
Generation module 401 is requested, for generating destination request depending on the user's operation;
Device-fingerprint generation module 402 generates ring for the build environment information generating device fingerprint according to destination request Border information includes at least: the font format information and audio-video format information, audio-video spatial cue, figure wash with watercolours that browser is supported Contaminate information, locally store information and local cpu information;
Transmission module 403, for destination request and device-fingerprint to be transmitted to server-side.
In a specific embodiment, transmission module includes:
First signature unit is asked for an autograph for being signed using device-fingerprint to destination request;
First transmission unit, for that will ask for an autograph, destination request and device-fingerprint be transmitted to server-side.
In a specific embodiment, signature unit is specifically used for:
The cryptographic Hash of device-fingerprint is calculated, and is signed using cryptographic Hash to destination request.
In a specific embodiment, transmission module includes:
Encryption unit obtains target ciphering sequence for encrypting destination request using base64 Encryption Algorithm;
Second signature unit is signed to target ciphering sequence for the cryptographic Hash using device-fingerprint, is requested Signature;
Second transmission unit, for that will ask for an autograph, target ciphering sequence and cryptographic Hash be transmitted to server-side.
In a specific embodiment, transmission module further include:
Generation unit, for generating preset quantity random number at random;
Shift unit, for being moved respectively to target ciphering sequence using preset quantity random number and ASCII coding Position, obtains accidental enciphering sequence corresponding with each random number;
Concatenation unit obtains splicing ciphering sequence, and will for splicing accidental enciphering sequence corresponding with each random number Splice ciphering sequence as target ciphering sequence.
In a specific embodiment, transmission module further include:
Updating unit for being encrypted using preset base64 sequence to splicing ciphering sequence, and splicing is encrypted Sequence is updated to encrypted splicing ciphering sequence.
In a specific embodiment, transmitting device is requested further include: further include:
Computing module is calculated for the difference according to the parameter in the generation parameter of destination request and preset parameter library User is the probability value of real user;
Judgment module, for judging whether probability value is more than preset threshold value;
Execution module then executes the step in transmission module for being more than preset threshold value when probability value;
Module is blocked, for being less than preset threshold value when probability value, then blocks the transmission of destination request and device-fingerprint.
Wherein, previous embodiment can be referred to by closing the more specifical course of work of modules, unit in this present embodiment Disclosed in corresponding contents, no longer repeated herein.
As it can be seen that present embodiments providing a kind of request transmitting device, comprising: request generation module, device-fingerprint generate mould Block and transmission module.Destination request is generated by request generation module depending on the user's operation first;Then device-fingerprint generates Module is included at least according to the build environment information generating device fingerprint of destination request, build environment information: what browser was supported Font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information and local CPU information;Last transmission module, for destination request and device-fingerprint to be transmitted to server-side.Divide between such modules Work cooperation, Each performs its own functions, to ensure the correctness and safety of device-fingerprint, reliable judgement can be provided for server-side Foundation.
A kind of request transmission device provided by the embodiments of the present application is introduced below, a kind of request described below passes Transfer device can be cross-referenced with a kind of above-described request transmission method and device.
Shown in Figure 5, the embodiment of the present application discloses a kind of request transmission device, comprising:
Memory 501, for saving computer program;
Processor 502, for executing the computer program, to perform the steps of
Destination request is generated depending on the user's operation;It is raw according to the build environment information generating device fingerprint of destination request It is included at least at environmental information: the font format information and audio-video format information of browser support, audio-video spatial cue, figure Shape spatial cue, locally store information and local cpu information;Destination request and device-fingerprint are transmitted to server-side.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory It performs the steps of and is signed using device-fingerprint to destination request, asked for an autograph;It will ask for an autograph, destination request Server-side is transmitted to device-fingerprint.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory The cryptographic Hash for calculating device-fingerprint is performed the steps of, and is signed using cryptographic Hash to destination request.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory It performs the steps of and encrypts destination request using base64 Encryption Algorithm, obtain target ciphering sequence;Utilize the Kazakhstan of device-fingerprint Uncommon value signs to target ciphering sequence, is asked for an autograph;It will ask for an autograph, target ciphering sequence and cryptographic Hash are transmitted to Server-side.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory Perform the steps of random generation preset quantity random number;Using preset quantity random number and ASCII coding respectively to mesh Mark ciphering sequence is shifted, and accidental enciphering sequence corresponding with each random number is obtained;Splice corresponding with each random number Accidental enciphering sequence obtains splicing ciphering sequence, and will splice ciphering sequence as target ciphering sequence.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory It performs the steps of and splicing ciphering sequence is encrypted using preset base64 sequence, and splicing ciphering sequence is updated For encrypted splicing ciphering sequence.
It in the present embodiment, can be specific when the processor executes the computer subprogram saved in the memory The difference according to the parameter in the generation parameter of destination request and preset parameter library is performed the steps of, it is true for calculating user The probability value of real user;Judge whether probability value is more than preset threshold value;Destination request and device-fingerprint are passed if so, executing The step of transporting to server-side;If it is not, then blocking the transmission of destination request and device-fingerprint.
A kind of readable storage medium storing program for executing provided by the embodiments of the present application is introduced below, one kind described below is readable to deposit Storage media can be cross-referenced with a kind of above-described request transmission method, device and equipment.
A kind of readable storage medium storing program for executing, for saving computer program, wherein when the computer program is executed by processor It realizes that previous embodiment is disclosed and requests transmission method.Specific steps about this method, which can refer in previous embodiment, to be disclosed Corresponding contents, no longer repeated herein.
This application involves " first ", " second ", " third ", the (if present)s such as " the 4th " be for distinguishing similar right As without being used to describe a particular order or precedence order.It should be understood that the data used in this way in the appropriate case can be with It exchanges, so that the embodiments described herein can be implemented with the sequence other than the content for illustrating or describing herein.In addition, Term " includes " and " having " and their any deformation, it is intended that cover it is non-exclusive include, for example, containing a system The process, method or equipment of column step or unit those of are not necessarily limited to be clearly listed step or unit, but may include not having There are other step or units being clearly listed or intrinsic for these process, methods or equipment.
It should be noted that the description for being related to " first ", " second " etc. in this application is used for description purposes only, and cannot It is interpreted as its relative importance of indication or suggestion or implicitly indicates the quantity of indicated technical characteristic.Define as a result, " the One ", the feature of " second " can explicitly or implicitly include at least one of the features.In addition, the skill between each embodiment Art scheme can be combined with each other, but must be based on can be realized by those of ordinary skill in the art, when technical solution Will be understood that the combination of this technical solution is not present in conjunction with there is conflicting or cannot achieve when, also not this application claims Protection scope within.
Each embodiment in this specification is described in a progressive manner, the highlights of each of the examples are with it is other The difference of embodiment, same or similar part may refer to each other between each embodiment.
The step of method described in conjunction with the examples disclosed in this document or algorithm, can directly be held with hardware, processor The combination of capable software module or the two is implemented.Software module can be placed in random access memory (RAM), memory, read-only deposit Reservoir (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or technology In any other form of readable storage medium storing program for executing well known in field.
Specific examples are used herein to illustrate the principle and implementation manner of the present application, and above embodiments are said It is bright to be merely used to help understand the present processes and its core concept;At the same time, for those skilled in the art, foundation The thought of the application, there will be changes in the specific implementation manner and application range, in conclusion the content of the present specification is not It is interpreted as the limitation to the application.

Claims (10)

1. a kind of request transmission method characterized by comprising
Destination request is generated depending on the user's operation;
According to the build environment information generating device fingerprint of the destination request, the build environment information is included at least: browsing The font format information and audio-video format information, audio-video spatial cue, graphical rendering information, locally store information that device is supported And local cpu information;
The destination request and the device-fingerprint are transmitted to server-side.
2. request transmission method according to claim 1, which is characterized in that described by the destination request and the equipment Fingerprint is transmitted to server-side, comprising:
It is signed, is asked for an autograph to the destination request using the device-fingerprint;
By it is described ask for an autograph, the destination request and the device-fingerprint are transmitted to the server-side.
3. request transmission method according to claim 2, which is characterized in that described to utilize the device-fingerprint to the mesh Mark request is signed, comprising:
The cryptographic Hash of the device-fingerprint is calculated, and is signed using the cryptographic Hash to the destination request.
4. request transmission method according to claim 1, which is characterized in that described by the destination request and the equipment Fingerprint is transmitted to server-side, comprising:
The destination request is encrypted using base64 Encryption Algorithm, obtains target ciphering sequence;
It is signed, is asked for an autograph to the target ciphering sequence using the cryptographic Hash of the device-fingerprint;
By it is described ask for an autograph, the target ciphering sequence and the cryptographic Hash are transmitted to the server-side.
5. request transmission method according to claim 4, which is characterized in that the cryptographic Hash using the device-fingerprint It signs to the target ciphering sequence, before being asked for an autograph, further includes:
It is random to generate preset quantity random number;
Using the preset quantity random number and ASCII coding the target ciphering sequence is shifted respectively, obtain with The corresponding accidental enciphering sequence of each random number;
Splice corresponding with each random number accidental enciphering sequence, obtain splicing ciphering sequence, and by the splicing ciphering sequence As the target ciphering sequence.
6. request transmission method according to claim 5, which is characterized in that it is described to obtain after splicing ciphering sequence, also Include:
The splicing ciphering sequence is encrypted using preset base64 sequence, and the splicing ciphering sequence is updated to Encrypted splicing ciphering sequence.
7. request transmission method described in -6 any one according to claim 1, which is characterized in that described by the destination request It is transmitted to before server-side with the device-fingerprint, further includes:
According to the difference of the parameter in the generation parameter of the destination request and preset parameter library, it is true for calculating the user The probability value of user;
Judge whether the probability value is more than preset threshold value;
If so, executing the described the step of destination request and the device-fingerprint are transmitted to server-side;
If it is not, then blocking the transmission of the destination request and the device-fingerprint.
8. a kind of request transmitting device characterized by comprising
Generation module is requested, for generating destination request depending on the user's operation;
Device-fingerprint generation module, for the build environment information generating device fingerprint according to the destination request, the generation Environmental information includes at least: the font format information and audio-video format information, audio-video spatial cue, figure that browser is supported Spatial cue, locally store information and local cpu information;
Transmission module, for the destination request and the device-fingerprint to be transmitted to server-side.
9. a kind of request transmission device characterized by comprising
Memory, for storing computer program;
Processor, for executing the computer program, to realize request transmission side as described in any one of claim 1 to 7 Method.
10. a kind of readable storage medium storing program for executing, which is characterized in that for saving computer program, wherein the computer program is located Reason device realizes request transmission method as described in any one of claim 1 to 7 when executing.
CN201910769443.XA 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium Active CN110493225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910769443.XA CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910769443.XA CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN110493225A true CN110493225A (en) 2019-11-22
CN110493225B CN110493225B (en) 2021-12-03

Family

ID=68552291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910769443.XA Active CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN110493225B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666596A (en) * 2020-07-10 2020-09-15 腾讯科技(深圳)有限公司 Data processing method, device and medium
CN112073375A (en) * 2020-08-07 2020-12-11 中国电力科学研究院有限公司 Isolation device and isolation method suitable for power Internet of things client side
CN112215622A (en) * 2020-09-18 2021-01-12 南京欣网互联网络科技有限公司 Risk prevention and control method and system based on order information
CN113239308A (en) * 2021-05-26 2021-08-10 杭州安恒信息技术股份有限公司 Page access method, device, equipment and storage medium
CN114173081A (en) * 2021-12-13 2022-03-11 济南大学 Remote audio and video method and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150237038A1 (en) * 2014-02-18 2015-08-20 Secureauth Corporation Fingerprint based authentication for single sign on
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack
CN106446202A (en) * 2016-09-30 2017-02-22 福建北卡科技有限公司 Anti-interference browser fingerprint generation method based on implicit characteristic acquisition
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery
CN106878265A (en) * 2016-12-21 2017-06-20 重庆华龙艾迪信息技术有限公司 A kind of data processing method and device
CN107426181A (en) * 2017-06-20 2017-12-01 竞技世界(北京)网络技术有限公司 The hold-up interception method and device of malice web access request
CN109246062A (en) * 2017-07-11 2019-01-18 沪江教育科技(上海)股份有限公司 A kind of authentication method and system based on browser plug-in
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150237038A1 (en) * 2014-02-18 2015-08-20 Secureauth Corporation Fingerprint based authentication for single sign on
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack
CN106446202A (en) * 2016-09-30 2017-02-22 福建北卡科技有限公司 Anti-interference browser fingerprint generation method based on implicit characteristic acquisition
CN106878265A (en) * 2016-12-21 2017-06-20 重庆华龙艾迪信息技术有限公司 A kind of data processing method and device
CN107426181A (en) * 2017-06-20 2017-12-01 竞技世界(北京)网络技术有限公司 The hold-up interception method and device of malice web access request
CN109246062A (en) * 2017-07-11 2019-01-18 沪江教育科技(上海)股份有限公司 A kind of authentication method and system based on browser plug-in
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
AMIN FAIZ KHADEMI: "Browser Fingerprinting: Analysis, Detection, and Prevention at Runtime", 《HTTPS://QSPACE.LIBRARY.QUEENSU.CA/HANDLE/1974/12604》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666596A (en) * 2020-07-10 2020-09-15 腾讯科技(深圳)有限公司 Data processing method, device and medium
CN112073375A (en) * 2020-08-07 2020-12-11 中国电力科学研究院有限公司 Isolation device and isolation method suitable for power Internet of things client side
CN112073375B (en) * 2020-08-07 2023-09-26 中国电力科学研究院有限公司 Isolation device and isolation method suitable for client side of electric power Internet of things
CN112215622A (en) * 2020-09-18 2021-01-12 南京欣网互联网络科技有限公司 Risk prevention and control method and system based on order information
CN113239308A (en) * 2021-05-26 2021-08-10 杭州安恒信息技术股份有限公司 Page access method, device, equipment and storage medium
CN113239308B (en) * 2021-05-26 2023-07-18 杭州安恒信息技术股份有限公司 Page access method, device, equipment and storage medium
CN114173081A (en) * 2021-12-13 2022-03-11 济南大学 Remote audio and video method and system

Also Published As

Publication number Publication date
CN110493225B (en) 2021-12-03

Similar Documents

Publication Publication Date Title
CN110493225A (en) A kind of request transmission method, device, equipment and readable storage medium storing program for executing
CN105260663B (en) A kind of safe storage service system and method based on TrustZone technologies
CN107770159B (en) Vehicle accident data recording method and related device and readable storage medium
CN111835511A (en) Data security transmission method and device, computer equipment and storage medium
CN110493202A (en) Log in generation and the verification method, device and server of token
CN106899571B (en) Information interaction method and device
WO2017039775A2 (en) Making cryptographic claims about stored data using an anchoring system
CN110175466B (en) Security management method and device for open platform, computer equipment and storage medium
US20080229109A1 (en) Human-recognizable cryptographic keys
CN106411830A (en) Method for preventing access data from being tampered and mobile terminal
CN109756460B (en) Replay attack prevention method and device
CN106897761A (en) A kind of two-dimensional code generation method and device
CN110312054B (en) Image encryption and decryption method, related device and storage medium
CN105847000A (en) Token generation method and communication system based on same
CN112235301B (en) Access right verification method and device and electronic equipment
CN107040520A (en) A kind of cloud computing data-sharing systems and method
CN112804133A (en) Encrypted group chat method and system based on block chain technology
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN111371555A (en) Signature authentication method and system
CN108496194A (en) A kind of method, server-side and the system of verification terminal legality
CN109698806A (en) A kind of user data method of calibration and system
CN111294354A (en) Signature verification method, apparatus, device and storage medium for distributed environment
CN103200179A (en) Website certification, deployment and identification method
CN105791244A (en) Method, boundary router and system for controlling inter-domain routing change
CN117725598A (en) An Zhuoduan data encryption and decryption method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant