CN110493225B - Request transmission method, device, equipment and readable storage medium - Google Patents
Request transmission method, device, equipment and readable storage medium Download PDFInfo
- Publication number
- CN110493225B CN110493225B CN201910769443.XA CN201910769443A CN110493225B CN 110493225 B CN110493225 B CN 110493225B CN 201910769443 A CN201910769443 A CN 201910769443A CN 110493225 B CN110493225 B CN 110493225B
- Authority
- CN
- China
- Prior art keywords
- request
- target
- information
- device fingerprint
- encryption sequence
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The application discloses a request transmission method, which comprises the following steps: generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side. The font format information and audio-video format information, audio-video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser for generating the device fingerprint are all information with reliable safety, so that the correctness and safety of the device fingerprint and the request data can be guaranteed, and a reliable judgment basis can be provided for a server. Accordingly, the request transmission device, the apparatus and the readable storage medium disclosed in the present application also have the above technical effects.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a request transmission method, apparatus, device, and readable storage medium.
Background
In the prior art, in order to ensure the correctness and the security of the front-end request, a corresponding device fingerprint may be generated, and the device fingerprint and the request data are simultaneously sent to the server, so that the server determines whether the request data is correct according to the received device fingerprint.
Information used in the existing device fingerprint generation method may be tampered or forged, for example: generating information for a device fingerprint generally includes: client IP address, client user agent information and refer information, but in an actual scene, the client IP address and the refer information often have a fake behavior. That is to say, in the existing device fingerprint generation process, the used client IP address and refer information may be wrong, and therefore, the correctness and the security of the generated device fingerprint cannot be guaranteed, and thus, the security of the request data cannot be guaranteed, and a reliable determination basis is provided for the server.
Therefore, how to improve the correctness and security of the requested data is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a request transmission method, apparatus, device and readable storage medium, so as to improve correctness and security of device fingerprint and request data. The specific scheme is as follows:
in a first aspect, the present application provides a request transmission method, including:
generating a target request according to the operation of a user;
generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
and transmitting the target request and the device fingerprint to the server side.
Preferably, transmitting the target request and the device fingerprint to the server includes:
signing the target request by using the device fingerprint to obtain a request signature;
and transmitting the request signature, the target request and the device fingerprint to a server.
Preferably, signing the target request with the device fingerprint comprises:
a hash value of the device fingerprint is computed and the target request is signed with the hash value.
Preferably, transmitting the target request and the device fingerprint to the server includes:
encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
and transmitting the request signature, the target encryption sequence and the hash value to the server.
Preferably, signing the target encrypted sequence by using the hash value of the device fingerprint, and before obtaining the request signature, further comprising:
randomly generating a preset number of random numbers;
respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
Preferably, after obtaining the concatenated encryption sequence, the method further includes:
and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
Preferably, before transmitting the target request and the device fingerprint to the server, the method further includes:
calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
judging whether the probability value exceeds a preset threshold value or not;
if yes, executing the step of transmitting the target request and the device fingerprint to the server;
if not, the transmission of the target request and the device fingerprint is blocked.
In a second aspect, the present application provides a request transmission apparatus, including:
the request generation module is used for generating a target request according to the operation of a user;
the device fingerprint generating module is used for generating a device fingerprint according to the generation environment information of the target request, and the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
and the transmission module is used for transmitting the target request and the device fingerprint to the server.
In a third aspect, the present application provides a request transmission device, including:
a memory for storing a computer program;
a processor for executing the computer program to implement the request transmission method disclosed in the foregoing.
In a fourth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method disclosed in the foregoing.
According to the above scheme, the present application provides a request transmission method, including: generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side.
In the above method, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by the browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server.
Accordingly, the request transmission device, the request transmission equipment and the readable storage medium provided by the application also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a first request transmission method disclosed in the present application;
FIG. 2 is a flow chart of a second request transmission method disclosed in the present application;
FIG. 3 is a flow chart of a third method for request transmission disclosed herein;
FIG. 4 is a schematic diagram of a request transmission apparatus disclosed herein;
fig. 5 is a schematic diagram of a request transmission device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Currently, the information used by existing device fingerprint generation methods may be tampered or forged, for example: generating information for a device fingerprint generally includes: client IP address, client user agent information and refer information, but in an actual scene, the client IP address and the refer information often have a fake behavior. That is to say, in the existing device fingerprint generation process, the used client IP address and refer information may be wrong, and therefore, the correctness and security of the generated device fingerprint cannot be guaranteed, and a reliable determination basis cannot be provided for the server. Therefore, the request transmission scheme is provided, the correctness and the safety of the device fingerprints can be guaranteed, and a reliable judgment basis is provided for the server side.
Referring to fig. 1, an embodiment of the present application discloses a first request transmission method, including:
s101, generating a target request according to the operation of a user;
s102, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s103, transmitting the target request and the device fingerprint to a server.
In this embodiment, transmitting the target request and the device fingerprint to the server includes: signing the target request by using the device fingerprint to obtain a request signature; and transmitting the request signature, the target request and the device fingerprint to a server. Wherein signing the target request with the device fingerprint comprises: a hash value of the device fingerprint is computed and the target request is signed with the hash value.
It will be appreciated that signing the target request with the device fingerprint may further improve the security of the requested data.
In this embodiment, a probability value that a user is a real user is calculated according to a difference between a generated parameter of a target request and a parameter in a preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; if not, the transmission of the target request and the device fingerprint is blocked.
It should be noted that, when a user initiates a request based on a browser at the front end, the local device may generate a corresponding request based on an operation of the user. The user who initiates the request is typically a real user, and sometimes may also be a simulated user such as a scanner. Scanners typically perform a crawler operation.
In order to discriminate whether the current user is a simulated user or an actual user, a decision may be made based on the generation parameters of the current request. The generation parameter of the current request is the parameter of the browser which initiates the request, if the current user is a real user, the generation parameter of the current request is the real parameter of the browser; if the current user is a simulation user, the generation parameters of the current request are different from the real parameters of the browser. Specifically, real parameters of various browsers are stored in a preset parameter library, so that the difference between the generated parameter of the target request and the real parameter can be determined by comparing the generated parameter of the target request with the parameters in the preset parameter library, and the probability value that the current user is the real user can be calculated according to the difference.
For example: if the generated parameters of the target request are 5, 3 of them are inconsistent with the parameters in the parameter library, and the preset threshold is 60%, the probability value that the current user is a real user may be 2 ÷ 5 ═ 40%, and 40% is less than 60%, so that the current user may be considered as a simulated user, thereby blocking the transmission of the target request. Therefore, abnormal requests can be filtered out at the front end, so that computer resources can be saved, the request processing amount of the server can be reduced, and the pressure of the server is relieved.
Of course, simulation parameters used by various scanners can be stored in advance, so that whether the generation parameters and the simulation parameters of the current request are consistent or not can be directly compared; if the request is consistent with the request initiated by the simulation user, the current request is a request initiated by the simulation user, and the transmission of the request is blocked; if not, calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; and if not, blocking the transmission of the target request and the device fingerprint.
Some common parameters of the browser and the scanner are listed below, and the complete parameters of each browser and scanner may refer to the prior art, which is not described herein again.
See tables 1-4 for parameters for different browsers.
TABLE 1
TABLE 2
TABLE 3
TABLE 4
In the Windows 7 operating system, a representative browser includes: chrome and Firefox; a QtWebEngine-based QupZilla browser; the scanner Burpesitite 2.0 is also based on Qtwebkit \ QtWebEngine. Some of their parameter differences can be seen in tables 1-4. Scanners often utilize open source browser engines such as QtWebkit, Phantomjs, etc. to implement user-simulated operations. It can be seen that the parameters of the browser used by the real user, the browser based on the QtWebEngine, and the burpresuite 2.0 scanner are clearly different. In different operating systems, there are many differences between different browsers, and this description does not give any more description.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server.
Referring to fig. 2, an embodiment of the present application discloses a second request transmission method, including:
s201, generating a target request according to the operation of a user;
s202, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s203, encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
s204, randomly generating a preset number of random numbers;
s205, respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
s206, splicing the random encryption sequences corresponding to the random numbers to obtain spliced encryption sequences;
s207, encrypting the splicing encryption sequence by using a preset base64 sequence, updating the splicing encryption sequence into an encrypted splicing encryption sequence, and taking the splicing encryption sequence as a target encryption sequence.
S208, signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
s209, the request signature, the target encryption sequence and the hash value of the device fingerprint are transmitted to the server.
In this embodiment, before sending the target request, the target request is encrypted, and the encrypted target request is signed by using the hash value of the device fingerprint, so that the security of the target request is further ensured.
The base64 encryption algorithm in the present embodiment may be replaced with other encryption algorithms. The security of the target request can be further enhanced by encrypting the spliced encryption sequence by using the preset base64 sequence. When the base64 encryption algorithm is used for encrypting data, a dynamic default sequence can be used for encryption, and a user-defined sequence can also be used for encryption. Wherein the security of the dynamic default sequence is lower than the security of the custom sequence.
In this embodiment, the encryption steps described in S204-S206 are customized encryption steps in this embodiment, so that the security of the target request can be further improved. Wherein, random generation presets a quantity of random numbers, includes: a preset number of random numbers are randomly generated based on different time stamps.
Wherein, S204-S206 are based on time and random number encryption, which can increase the difficulty of the encryption algorithm being reversed. Because the encrypted result is not fixed when a request is issued; meanwhile, the server may determine whether the received request ciphertext needs to be further processed based on the maximum time interval difference. If the difference between the timestamp of the received request and the timestamp of the request sent exceeds the maximum time interval (the maximum time interval is a preset time length) for many times, it indicates that the current request may be a replay attack to a great extent or an attacker is passing a malicious tampered packet analysis test.
That is, the difference between the time point at which the request is issued and the time point at which the request is received is compared with the set interval (i.e., the maximum time interval). For example, if the interval is 5 seconds, and the difference between the time point of request transmission and the time point of request reception is 10 seconds, it indicates that the current request is probably a replay attack to a large extent or an attacker is passing a malicious packet analysis test.
When the difference between the timestamp of the received request and the timestamp of the sent request exceeds the maximum time interval (the maximum time interval is a preset time length) for a plurality of times, the current request may be discarded. Meanwhile, the integrity of the data can be ensured by adopting a base64 encryption algorithm, and the data cannot be well identified and processed by a server due to differences of character set encoding and the like; the dynamic default sequence of base64 can be maintained through time synchronization, and the dynamic default sequence also enables the generated ciphertext to be dynamic, so that the difficulty of ciphertext cracking can be effectively enhanced.
It should be noted that other implementation steps in this embodiment are the same as or similar to those in the above embodiment, and therefore, the description of this embodiment is omitted here.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server. Meanwhile, the request data is transmitted in a ciphertext mode, and the safety of the request data is improved.
Referring to fig. 3, an embodiment of the present application discloses a third request transmission method, including:
s301, generating a target request according to the operation of a user;
s302, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s303, encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
s304, randomly generating a preset number of random numbers;
s305, respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
s306, splicing the random encryption sequences corresponding to the random numbers to obtain spliced encryption sequences;
s307, encrypting the splicing encryption sequence by using a preset base64 sequence, updating the splicing encryption sequence into an encrypted splicing encryption sequence, and taking the splicing encryption sequence as a target encryption sequence.
S308, signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
s309, calculating a probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
s310, judging whether the probability value exceeds a preset threshold value or not; if yes, go to S311; if not, go to S312;
s311, transmitting the request signature, the target encryption sequence and the hash value of the device fingerprint to a server;
and S312, blocking the transmission of the request signature, the target encryption sequence and the hash value of the device fingerprint.
Among them, ASCII Code (American Standard Code for Information exchange Code) is a computer Code system based on latin letters, and has extremely high versatility.
It should be noted that the device fingerprinting technology is mainly used for user tracking at present. By using the device fingerprint technology, the user identity can be effectively identified in service, the initiating environment of the user request is judged, and the user identity is uniquely calibrated, so that whether the user is a potential service attacker or a normal user is judged. In a webpage, in order to bring a good experience to a user, Ajax (Asynchronous Javascript And XML) in the mainstream technology at present is widely applied. The ajax technology realized by the XML HTTP Request provided by the browser can asynchronously refresh data, does not block the current thread, and can greatly enhance the user experience.
In this embodiment, for different requests initiated by different browsers, the principle of implementing encryption is as follows: and directly before all javascript files of the webpage are loaded, overwriting a window.XMLHttpRequest object (xhr for short) and overwriting xhr requested open and send methods. When xhr used by other frameworks sends a request, the effect of automatic encryption tagging can be achieved. In this way, for any request initiated by the browser, the request can be rewritten into the request ciphertext in the present embodiment.
To further improve the effectiveness of the device fingerprint, generating the environmental information may further include: the support of the browser to Web GL (Web Graphics Library, a 3D drawing technology), whether an intranet IP address and a DNT (Do Not Track, a tracking prohibition function in a browser) fingerprint can be acquired by a Web RTC (Web Real-Time Communication, a Web page instant messaging technology), and the like. Of course, other unrecited information can be included, the more the information types are included, the higher the dimensionality is, the stronger the anti-counterfeiting capability is, and the higher the security of the device fingerprint is.
It should be noted that other implementation steps in this embodiment are the same as or similar to those in the above embodiment, and therefore, the description of this embodiment is omitted here.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server. Meanwhile, the request data is transmitted in a ciphertext mode, and the safety of the request data is improved. The authenticity of the request can be judged at the front end, so that the computer resources can be saved, the request processing amount of the server can be reduced, and the pressure of the server is relieved.
In the following, a request transmission apparatus provided by an embodiment of the present application is introduced, and a request transmission apparatus described below and a request transmission method described above may be referred to each other.
Referring to fig. 4, an embodiment of the present application discloses a request transmission apparatus, including:
a request generating module 401, configured to generate a target request according to an operation of a user;
a device fingerprint generating module 402, configured to generate a device fingerprint according to the generation environment information of the target request, where the generation environment information at least includes: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
a transmission module 403, configured to transmit the target request and the device fingerprint to the server.
In one embodiment, the transmission module includes:
the first signature unit is used for signing the target request by using the device fingerprint to obtain a request signature;
and the first transmission unit is used for transmitting the request signature, the target request and the device fingerprint to the server.
In one embodiment, the signature unit is specifically configured to:
a hash value of the device fingerprint is computed and the target request is signed with the hash value.
In one embodiment, the transmission module includes:
the encryption unit is used for encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
the second signature unit is used for signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
and the second transmission unit is used for transmitting the request signature, the target encryption sequence and the hash value to the server.
In one embodiment, the transmission module further comprises:
the generating unit is used for randomly generating a preset number of random numbers;
the displacement unit is used for respectively displacing the target encryption sequence by utilizing a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
and the splicing unit is used for splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
In one embodiment, the transmission module further comprises:
and the updating unit is used for encrypting the splicing encryption sequence by using a preset base64 sequence and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
In one embodiment, the request transmission device further includes: further comprising:
the calculation module is used for calculating the probability value of the user as the real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
the judging module is used for judging whether the probability value exceeds a preset threshold value or not;
the execution module is used for executing the steps in the transmission module when the probability value exceeds a preset threshold value;
and the blocking module is used for blocking the transmission of the target request and the device fingerprint when the probability value does not exceed a preset threshold value.
For more specific working processes of each module and unit in this embodiment, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described here again.
It can be seen that, the present embodiment provides a request transmission apparatus, including: the device comprises a request generation module, a device fingerprint generation module and a transmission module. Firstly, a request generating module generates a target request according to the operation of a user; then the device fingerprint generating module generates a device fingerprint according to the generation environment information of the target request, wherein the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and finally, the transmission module is used for transmitting the target request and the device fingerprint to the server. Therefore, all modules are in work and cooperation and each takes its own role, so that the correctness and the safety of the equipment fingerprint are guaranteed, and a reliable judgment basis can be provided for a server.
In the following, a request transmission device provided in the embodiments of the present application is introduced, and a request transmission device described below and a request transmission method and apparatus described above may be referred to each other.
Referring to fig. 5, an embodiment of the present application discloses a request transmission device, including:
a memory 501 for storing a computer program;
a processor 502 for executing the computer program to implement the steps of:
generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: signing the target request by using the device fingerprint to obtain a request signature; and transmitting the request signature, the target request and the device fingerprint to a server.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: a hash value of the device fingerprint is computed and the target request is signed with the hash value.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence; signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature; and transmitting the request signature, the target encryption sequence and the hash value to the server.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: randomly generating a preset number of random numbers; respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number; and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; if not, the transmission of the target request and the device fingerprint is blocked.
A readable storage medium provided in the embodiments of the present application is introduced below, and a readable storage medium described below and a request transmission method, apparatus, and device described above may be referred to each other.
A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method disclosed in the foregoing embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.
Claims (8)
1. A method for request transmission, comprising:
generating a target request according to the operation of a user;
generating a device fingerprint according to the generation environment information of the target request, wherein the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
transmitting the target request and the device fingerprint to a server;
wherein the transmitting the target request and the device fingerprint to a server comprises:
encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
transmitting the request signature, the target encryption sequence and the hash value to the server;
wherein, the signing the target encryption sequence by using the hash value of the device fingerprint further comprises, before obtaining a request signature:
randomly generating a preset number of random numbers based on different timestamps;
shifting the target encryption sequence by utilizing the preset number of random numbers and the ASCII codes respectively to obtain a random encryption sequence corresponding to each random number;
and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as the target encryption sequence.
2. The request transmission method according to claim 1, wherein the transmitting the target request and the device fingerprint to a server comprises:
signing the target request by using the device fingerprint to obtain a request signature;
transmitting the request signature, the target request, and the device fingerprint to the server.
3. The request transmission method according to claim 2, wherein said signing the target request with the device fingerprint comprises:
and calculating a hash value of the device fingerprint, and signing the target request by using the hash value.
4. The method for requesting transmission according to claim 1, wherein after obtaining the concatenation encryption sequence, the method further comprises:
and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
5. The request transmission method according to any one of claims 1 to 4, wherein before transmitting the target request and the device fingerprint to a server, the method further comprises:
calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in a preset parameter library;
judging whether the probability value exceeds a preset threshold value or not;
if yes, the step of transmitting the target request and the device fingerprint to a server is executed;
and if not, blocking the transmission of the target request and the device fingerprint.
6. A request transmission apparatus, comprising:
the request generation module is used for generating a target request according to the operation of a user;
a device fingerprint generation module, configured to generate a device fingerprint according to the generation environment information of the target request, where the generation environment information at least includes: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
the transmission module is used for transmitting the target request and the device fingerprint to a server;
wherein, the transmission module includes:
the encryption unit is used for encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
the second signature unit is used for signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
a second transmission unit, configured to transmit the request signature, the target encryption sequence, and the hash value to the server;
wherein, transmission module still includes:
a generation unit for randomly generating a preset number of random numbers based on different time stamps;
the shifting unit is used for shifting the target encryption sequence by utilizing the preset number of random numbers and the ASCII codes respectively to obtain a random encryption sequence corresponding to each random number;
and the splicing unit is used for splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as the target encryption sequence.
7. A request transmission device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the request transmission method of any one of claims 1 to 5.
8. A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method according to any one of claims 1 to 5.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910769443.XA CN110493225B (en) | 2019-08-20 | 2019-08-20 | Request transmission method, device, equipment and readable storage medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910769443.XA CN110493225B (en) | 2019-08-20 | 2019-08-20 | Request transmission method, device, equipment and readable storage medium |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110493225A CN110493225A (en) | 2019-11-22 |
CN110493225B true CN110493225B (en) | 2021-12-03 |
Family
ID=68552291
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910769443.XA Active CN110493225B (en) | 2019-08-20 | 2019-08-20 | Request transmission method, device, equipment and readable storage medium |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110493225B (en) |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111666596B (en) * | 2020-07-10 | 2023-05-05 | 腾讯科技(深圳)有限公司 | Data processing method, device and medium |
CN112073375B (en) * | 2020-08-07 | 2023-09-26 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for client side of electric power Internet of things |
CN112215622A (en) * | 2020-09-18 | 2021-01-12 | 南京欣网互联网络科技有限公司 | Risk prevention and control method and system based on order information |
CN113239308B (en) * | 2021-05-26 | 2023-07-18 | 杭州安恒信息技术股份有限公司 | Page access method, device, equipment and storage medium |
CN114173081A (en) * | 2021-12-13 | 2022-03-11 | 济南大学 | Remote audio and video method and system |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
CN106549925A (en) * | 2015-09-23 | 2017-03-29 | 阿里巴巴集团控股有限公司 | Prevent method, the apparatus and system of cross-site request forgery |
CN107426181A (en) * | 2017-06-20 | 2017-12-01 | 竞技世界(北京)网络技术有限公司 | The hold-up interception method and device of malice web access request |
CN109587133A (en) * | 2018-11-30 | 2019-04-05 | 武汉烽火众智智慧之星科技有限公司 | A kind of single-node login system and method |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP3108612B1 (en) * | 2014-02-18 | 2020-07-22 | Secureauth Corporation | Fingerprint based authentication for single sign on |
CN106446202A (en) * | 2016-09-30 | 2017-02-22 | 福建北卡科技有限公司 | Anti-interference browser fingerprint generation method based on implicit characteristic acquisition |
CN106878265B (en) * | 2016-12-21 | 2020-09-18 | 重庆华龙艾迪信息技术有限公司 | Data processing method and device |
CN109246062B (en) * | 2017-07-11 | 2022-06-21 | 沪江教育科技(上海)股份有限公司 | Authentication method and system based on browser plug-in |
-
2019
- 2019-08-20 CN CN201910769443.XA patent/CN110493225B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106549925A (en) * | 2015-09-23 | 2017-03-29 | 阿里巴巴集团控股有限公司 | Prevent method, the apparatus and system of cross-site request forgery |
CN105430011A (en) * | 2015-12-25 | 2016-03-23 | 杭州朗和科技有限公司 | Method and device for detecting distributed denial of service attack |
CN107426181A (en) * | 2017-06-20 | 2017-12-01 | 竞技世界(北京)网络技术有限公司 | The hold-up interception method and device of malice web access request |
CN109587133A (en) * | 2018-11-30 | 2019-04-05 | 武汉烽火众智智慧之星科技有限公司 | A kind of single-node login system and method |
Also Published As
Publication number | Publication date |
---|---|
CN110493225A (en) | 2019-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110493225B (en) | Request transmission method, device, equipment and readable storage medium | |
CN107426181B (en) | The hold-up interception method and device of malice web access request | |
US8533328B2 (en) | Method and system of determining vulnerability of web application | |
US9356958B2 (en) | Apparatus and method for protecting communication pattern of network traffic | |
KR101086451B1 (en) | Apparatus and method for defending a modulation of the client screen | |
US20150271202A1 (en) | Method, device, and system for detecting link layer hijacking, user equipment, and analyzing server | |
CN102571846A (en) | Method and device for forwarding hyper text transport protocol (HTTP) request | |
CN108737110B (en) | Data encryption transmission method and device for preventing replay attack | |
CN105635064B (en) | CSRF attack detection method and device | |
CN109756460B (en) | Replay attack prevention method and device | |
CN110782374A (en) | Electronic evidence obtaining method and system based on block chain | |
CN109818906B (en) | Equipment fingerprint information processing method and device and server | |
CN110958249A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
CN110619022B (en) | Node detection method, device, equipment and storage medium based on block chain network | |
CN103873430A (en) | Method, client and system for page information verification | |
CN114065093A (en) | Data protection method, system, electronic equipment and computer readable storage medium | |
CN103873493A (en) | Method, device and system for page information verification | |
CN111949955B (en) | Single sign-on method, device and equipment for web system and readable storage medium | |
CN112087455B (en) | WAF site protection rule generation method, system, equipment and medium | |
CN110457900B (en) | Website monitoring method, device and equipment and readable storage medium | |
KR100956452B1 (en) | A method for protecting from phishing attack | |
CN109361712B (en) | Information processing method and information processing device | |
CN107995167B (en) | Equipment identification method and server | |
CN111371743A (en) | Security defense method, device and system | |
US20150365434A1 (en) | Rotation of web site content to prevent e-mail spam/phishing attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |