CN110493225B - Request transmission method, device, equipment and readable storage medium - Google Patents

Request transmission method, device, equipment and readable storage medium Download PDF

Info

Publication number
CN110493225B
CN110493225B CN201910769443.XA CN201910769443A CN110493225B CN 110493225 B CN110493225 B CN 110493225B CN 201910769443 A CN201910769443 A CN 201910769443A CN 110493225 B CN110493225 B CN 110493225B
Authority
CN
China
Prior art keywords
request
target
information
device fingerprint
encryption sequence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910769443.XA
Other languages
Chinese (zh)
Other versions
CN110493225A (en
Inventor
李金鑫
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
DBAPPSecurity Co Ltd
Original Assignee
DBAPPSecurity Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by DBAPPSecurity Co Ltd filed Critical DBAPPSecurity Co Ltd
Priority to CN201910769443.XA priority Critical patent/CN110493225B/en
Publication of CN110493225A publication Critical patent/CN110493225A/en
Application granted granted Critical
Publication of CN110493225B publication Critical patent/CN110493225B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The application discloses a request transmission method, which comprises the following steps: generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side. The font format information and audio-video format information, audio-video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser for generating the device fingerprint are all information with reliable safety, so that the correctness and safety of the device fingerprint and the request data can be guaranteed, and a reliable judgment basis can be provided for a server. Accordingly, the request transmission device, the apparatus and the readable storage medium disclosed in the present application also have the above technical effects.

Description

Request transmission method, device, equipment and readable storage medium
Technical Field
The present application relates to the field of computer technologies, and in particular, to a request transmission method, apparatus, device, and readable storage medium.
Background
In the prior art, in order to ensure the correctness and the security of the front-end request, a corresponding device fingerprint may be generated, and the device fingerprint and the request data are simultaneously sent to the server, so that the server determines whether the request data is correct according to the received device fingerprint.
Information used in the existing device fingerprint generation method may be tampered or forged, for example: generating information for a device fingerprint generally includes: client IP address, client user agent information and refer information, but in an actual scene, the client IP address and the refer information often have a fake behavior. That is to say, in the existing device fingerprint generation process, the used client IP address and refer information may be wrong, and therefore, the correctness and the security of the generated device fingerprint cannot be guaranteed, and thus, the security of the request data cannot be guaranteed, and a reliable determination basis is provided for the server.
Therefore, how to improve the correctness and security of the requested data is a problem to be solved by those skilled in the art.
Disclosure of Invention
In view of the above, an object of the present application is to provide a request transmission method, apparatus, device and readable storage medium, so as to improve correctness and security of device fingerprint and request data. The specific scheme is as follows:
in a first aspect, the present application provides a request transmission method, including:
generating a target request according to the operation of a user;
generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
and transmitting the target request and the device fingerprint to the server side.
Preferably, transmitting the target request and the device fingerprint to the server includes:
signing the target request by using the device fingerprint to obtain a request signature;
and transmitting the request signature, the target request and the device fingerprint to a server.
Preferably, signing the target request with the device fingerprint comprises:
a hash value of the device fingerprint is computed and the target request is signed with the hash value.
Preferably, transmitting the target request and the device fingerprint to the server includes:
encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
and transmitting the request signature, the target encryption sequence and the hash value to the server.
Preferably, signing the target encrypted sequence by using the hash value of the device fingerprint, and before obtaining the request signature, further comprising:
randomly generating a preset number of random numbers;
respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
Preferably, after obtaining the concatenated encryption sequence, the method further includes:
and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
Preferably, before transmitting the target request and the device fingerprint to the server, the method further includes:
calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
judging whether the probability value exceeds a preset threshold value or not;
if yes, executing the step of transmitting the target request and the device fingerprint to the server;
if not, the transmission of the target request and the device fingerprint is blocked.
In a second aspect, the present application provides a request transmission apparatus, including:
the request generation module is used for generating a target request according to the operation of a user;
the device fingerprint generating module is used for generating a device fingerprint according to the generation environment information of the target request, and the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
and the transmission module is used for transmitting the target request and the device fingerprint to the server.
In a third aspect, the present application provides a request transmission device, including:
a memory for storing a computer program;
a processor for executing the computer program to implement the request transmission method disclosed in the foregoing.
In a fourth aspect, the present application provides a readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method disclosed in the foregoing.
According to the above scheme, the present application provides a request transmission method, including: generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side.
In the above method, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by the browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server.
Accordingly, the request transmission device, the request transmission equipment and the readable storage medium provided by the application also have the technical effects.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
FIG. 1 is a flow chart of a first request transmission method disclosed in the present application;
FIG. 2 is a flow chart of a second request transmission method disclosed in the present application;
FIG. 3 is a flow chart of a third method for request transmission disclosed herein;
FIG. 4 is a schematic diagram of a request transmission apparatus disclosed herein;
fig. 5 is a schematic diagram of a request transmission device disclosed in the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Currently, the information used by existing device fingerprint generation methods may be tampered or forged, for example: generating information for a device fingerprint generally includes: client IP address, client user agent information and refer information, but in an actual scene, the client IP address and the refer information often have a fake behavior. That is to say, in the existing device fingerprint generation process, the used client IP address and refer information may be wrong, and therefore, the correctness and security of the generated device fingerprint cannot be guaranteed, and a reliable determination basis cannot be provided for the server. Therefore, the request transmission scheme is provided, the correctness and the safety of the device fingerprints can be guaranteed, and a reliable judgment basis is provided for the server side.
Referring to fig. 1, an embodiment of the present application discloses a first request transmission method, including:
s101, generating a target request according to the operation of a user;
s102, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s103, transmitting the target request and the device fingerprint to a server.
In this embodiment, transmitting the target request and the device fingerprint to the server includes: signing the target request by using the device fingerprint to obtain a request signature; and transmitting the request signature, the target request and the device fingerprint to a server. Wherein signing the target request with the device fingerprint comprises: a hash value of the device fingerprint is computed and the target request is signed with the hash value.
It will be appreciated that signing the target request with the device fingerprint may further improve the security of the requested data.
In this embodiment, a probability value that a user is a real user is calculated according to a difference between a generated parameter of a target request and a parameter in a preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; if not, the transmission of the target request and the device fingerprint is blocked.
It should be noted that, when a user initiates a request based on a browser at the front end, the local device may generate a corresponding request based on an operation of the user. The user who initiates the request is typically a real user, and sometimes may also be a simulated user such as a scanner. Scanners typically perform a crawler operation.
In order to discriminate whether the current user is a simulated user or an actual user, a decision may be made based on the generation parameters of the current request. The generation parameter of the current request is the parameter of the browser which initiates the request, if the current user is a real user, the generation parameter of the current request is the real parameter of the browser; if the current user is a simulation user, the generation parameters of the current request are different from the real parameters of the browser. Specifically, real parameters of various browsers are stored in a preset parameter library, so that the difference between the generated parameter of the target request and the real parameter can be determined by comparing the generated parameter of the target request with the parameters in the preset parameter library, and the probability value that the current user is the real user can be calculated according to the difference.
For example: if the generated parameters of the target request are 5, 3 of them are inconsistent with the parameters in the parameter library, and the preset threshold is 60%, the probability value that the current user is a real user may be 2 ÷ 5 ═ 40%, and 40% is less than 60%, so that the current user may be considered as a simulated user, thereby blocking the transmission of the target request. Therefore, abnormal requests can be filtered out at the front end, so that computer resources can be saved, the request processing amount of the server can be reduced, and the pressure of the server is relieved.
Of course, simulation parameters used by various scanners can be stored in advance, so that whether the generation parameters and the simulation parameters of the current request are consistent or not can be directly compared; if the request is consistent with the request initiated by the simulation user, the current request is a request initiated by the simulation user, and the transmission of the request is blocked; if not, calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; and if not, blocking the transmission of the target request and the device fingerprint.
Some common parameters of the browser and the scanner are listed below, and the complete parameters of each browser and scanner may refer to the prior art, which is not described herein again.
See tables 1-4 for parameters for different browsers.
TABLE 1
Figure BDA0002173082330000061
TABLE 2
Figure BDA0002173082330000062
TABLE 3
Figure BDA0002173082330000063
TABLE 4
Figure BDA0002173082330000071
In the Windows 7 operating system, a representative browser includes: chrome and Firefox; a QtWebEngine-based QupZilla browser; the scanner Burpesitite 2.0 is also based on Qtwebkit \ QtWebEngine. Some of their parameter differences can be seen in tables 1-4. Scanners often utilize open source browser engines such as QtWebkit, Phantomjs, etc. to implement user-simulated operations. It can be seen that the parameters of the browser used by the real user, the browser based on the QtWebEngine, and the burpresuite 2.0 scanner are clearly different. In different operating systems, there are many differences between different browsers, and this description does not give any more description.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server.
Referring to fig. 2, an embodiment of the present application discloses a second request transmission method, including:
s201, generating a target request according to the operation of a user;
s202, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s203, encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
s204, randomly generating a preset number of random numbers;
s205, respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
s206, splicing the random encryption sequences corresponding to the random numbers to obtain spliced encryption sequences;
s207, encrypting the splicing encryption sequence by using a preset base64 sequence, updating the splicing encryption sequence into an encrypted splicing encryption sequence, and taking the splicing encryption sequence as a target encryption sequence.
S208, signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
s209, the request signature, the target encryption sequence and the hash value of the device fingerprint are transmitted to the server.
In this embodiment, before sending the target request, the target request is encrypted, and the encrypted target request is signed by using the hash value of the device fingerprint, so that the security of the target request is further ensured.
The base64 encryption algorithm in the present embodiment may be replaced with other encryption algorithms. The security of the target request can be further enhanced by encrypting the spliced encryption sequence by using the preset base64 sequence. When the base64 encryption algorithm is used for encrypting data, a dynamic default sequence can be used for encryption, and a user-defined sequence can also be used for encryption. Wherein the security of the dynamic default sequence is lower than the security of the custom sequence.
In this embodiment, the encryption steps described in S204-S206 are customized encryption steps in this embodiment, so that the security of the target request can be further improved. Wherein, random generation presets a quantity of random numbers, includes: a preset number of random numbers are randomly generated based on different time stamps.
Wherein, S204-S206 are based on time and random number encryption, which can increase the difficulty of the encryption algorithm being reversed. Because the encrypted result is not fixed when a request is issued; meanwhile, the server may determine whether the received request ciphertext needs to be further processed based on the maximum time interval difference. If the difference between the timestamp of the received request and the timestamp of the request sent exceeds the maximum time interval (the maximum time interval is a preset time length) for many times, it indicates that the current request may be a replay attack to a great extent or an attacker is passing a malicious tampered packet analysis test.
That is, the difference between the time point at which the request is issued and the time point at which the request is received is compared with the set interval (i.e., the maximum time interval). For example, if the interval is 5 seconds, and the difference between the time point of request transmission and the time point of request reception is 10 seconds, it indicates that the current request is probably a replay attack to a large extent or an attacker is passing a malicious packet analysis test.
When the difference between the timestamp of the received request and the timestamp of the sent request exceeds the maximum time interval (the maximum time interval is a preset time length) for a plurality of times, the current request may be discarded. Meanwhile, the integrity of the data can be ensured by adopting a base64 encryption algorithm, and the data cannot be well identified and processed by a server due to differences of character set encoding and the like; the dynamic default sequence of base64 can be maintained through time synchronization, and the dynamic default sequence also enables the generated ciphertext to be dynamic, so that the difficulty of ciphertext cracking can be effectively enhanced.
It should be noted that other implementation steps in this embodiment are the same as or similar to those in the above embodiment, and therefore, the description of this embodiment is omitted here.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server. Meanwhile, the request data is transmitted in a ciphertext mode, and the safety of the request data is improved.
Referring to fig. 3, an embodiment of the present application discloses a third request transmission method, including:
s301, generating a target request according to the operation of a user;
s302, generating a device fingerprint according to the generated environment information of the target request, wherein the generated environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
s303, encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
s304, randomly generating a preset number of random numbers;
s305, respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
s306, splicing the random encryption sequences corresponding to the random numbers to obtain spliced encryption sequences;
s307, encrypting the splicing encryption sequence by using a preset base64 sequence, updating the splicing encryption sequence into an encrypted splicing encryption sequence, and taking the splicing encryption sequence as a target encryption sequence.
S308, signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
s309, calculating a probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
s310, judging whether the probability value exceeds a preset threshold value or not; if yes, go to S311; if not, go to S312;
s311, transmitting the request signature, the target encryption sequence and the hash value of the device fingerprint to a server;
and S312, blocking the transmission of the request signature, the target encryption sequence and the hash value of the device fingerprint.
Among them, ASCII Code (American Standard Code for Information exchange Code) is a computer Code system based on latin letters, and has extremely high versatility.
It should be noted that the device fingerprinting technology is mainly used for user tracking at present. By using the device fingerprint technology, the user identity can be effectively identified in service, the initiating environment of the user request is judged, and the user identity is uniquely calibrated, so that whether the user is a potential service attacker or a normal user is judged. In a webpage, in order to bring a good experience to a user, Ajax (Asynchronous Javascript And XML) in the mainstream technology at present is widely applied. The ajax technology realized by the XML HTTP Request provided by the browser can asynchronously refresh data, does not block the current thread, and can greatly enhance the user experience.
In this embodiment, for different requests initiated by different browsers, the principle of implementing encryption is as follows: and directly before all javascript files of the webpage are loaded, overwriting a window.XMLHttpRequest object (xhr for short) and overwriting xhr requested open and send methods. When xhr used by other frameworks sends a request, the effect of automatic encryption tagging can be achieved. In this way, for any request initiated by the browser, the request can be rewritten into the request ciphertext in the present embodiment.
To further improve the effectiveness of the device fingerprint, generating the environmental information may further include: the support of the browser to Web GL (Web Graphics Library, a 3D drawing technology), whether an intranet IP address and a DNT (Do Not Track, a tracking prohibition function in a browser) fingerprint can be acquired by a Web RTC (Web Real-Time Communication, a Web page instant messaging technology), and the like. Of course, other unrecited information can be included, the more the information types are included, the higher the dimensionality is, the stronger the anti-counterfeiting capability is, and the higher the security of the device fingerprint is.
It should be noted that other implementation steps in this embodiment are the same as or similar to those in the above embodiment, and therefore, the description of this embodiment is omitted here.
In this embodiment, the generation environment information for generating the device fingerprint includes at least font format information and audio-video format information supported by a browser, audio-video rendering information, graphics rendering information, local storage information, and local CPU information. The information is carried by the browser which generates the request, and the information has reliable safety because the browser type is limited, and the information of each browser cannot be changed at will and cannot be tampered, so that the accuracy and the safety of the device fingerprint and the request data can be guaranteed; when the device fingerprint and the request data are sent to the server, a reliable judgment basis can be provided for the server. Meanwhile, the request data is transmitted in a ciphertext mode, and the safety of the request data is improved. The authenticity of the request can be judged at the front end, so that the computer resources can be saved, the request processing amount of the server can be reduced, and the pressure of the server is relieved.
In the following, a request transmission apparatus provided by an embodiment of the present application is introduced, and a request transmission apparatus described below and a request transmission method described above may be referred to each other.
Referring to fig. 4, an embodiment of the present application discloses a request transmission apparatus, including:
a request generating module 401, configured to generate a target request according to an operation of a user;
a device fingerprint generating module 402, configured to generate a device fingerprint according to the generation environment information of the target request, where the generation environment information at least includes: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
a transmission module 403, configured to transmit the target request and the device fingerprint to the server.
In one embodiment, the transmission module includes:
the first signature unit is used for signing the target request by using the device fingerprint to obtain a request signature;
and the first transmission unit is used for transmitting the request signature, the target request and the device fingerprint to the server.
In one embodiment, the signature unit is specifically configured to:
a hash value of the device fingerprint is computed and the target request is signed with the hash value.
In one embodiment, the transmission module includes:
the encryption unit is used for encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
the second signature unit is used for signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
and the second transmission unit is used for transmitting the request signature, the target encryption sequence and the hash value to the server.
In one embodiment, the transmission module further comprises:
the generating unit is used for randomly generating a preset number of random numbers;
the displacement unit is used for respectively displacing the target encryption sequence by utilizing a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number;
and the splicing unit is used for splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
In one embodiment, the transmission module further comprises:
and the updating unit is used for encrypting the splicing encryption sequence by using a preset base64 sequence and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
In one embodiment, the request transmission device further includes: further comprising:
the calculation module is used for calculating the probability value of the user as the real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library;
the judging module is used for judging whether the probability value exceeds a preset threshold value or not;
the execution module is used for executing the steps in the transmission module when the probability value exceeds a preset threshold value;
and the blocking module is used for blocking the transmission of the target request and the device fingerprint when the probability value does not exceed a preset threshold value.
For more specific working processes of each module and unit in this embodiment, reference may be made to corresponding contents disclosed in the foregoing embodiments, and details are not described here again.
It can be seen that, the present embodiment provides a request transmission apparatus, including: the device comprises a request generation module, a device fingerprint generation module and a transmission module. Firstly, a request generating module generates a target request according to the operation of a user; then the device fingerprint generating module generates a device fingerprint according to the generation environment information of the target request, wherein the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and finally, the transmission module is used for transmitting the target request and the device fingerprint to the server. Therefore, all modules are in work and cooperation and each takes its own role, so that the correctness and the safety of the equipment fingerprint are guaranteed, and a reliable judgment basis can be provided for a server.
In the following, a request transmission device provided in the embodiments of the present application is introduced, and a request transmission device described below and a request transmission method and apparatus described above may be referred to each other.
Referring to fig. 5, an embodiment of the present application discloses a request transmission device, including:
a memory 501 for storing a computer program;
a processor 502 for executing the computer program to implement the steps of:
generating a target request according to the operation of a user; generating a device fingerprint according to the generated environment information of the target request, the generated environment information at least comprising: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser; and transmitting the target request and the device fingerprint to the server side.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: signing the target request by using the device fingerprint to obtain a request signature; and transmitting the request signature, the target request and the device fingerprint to a server.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: a hash value of the device fingerprint is computed and the target request is signed with the hash value.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence; signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature; and transmitting the request signature, the target encryption sequence and the hash value to the server.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: randomly generating a preset number of random numbers; respectively shifting the target encryption sequence by using a preset number of random numbers and ASCII codes to obtain a random encryption sequence corresponding to each random number; and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as a target encryption sequence.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
In this embodiment, when the processor executes the computer subprogram stored in the memory, the following steps may be specifically implemented: calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in the preset parameter library; judging whether the probability value exceeds a preset threshold value or not; if yes, executing the step of transmitting the target request and the device fingerprint to the server; if not, the transmission of the target request and the device fingerprint is blocked.
A readable storage medium provided in the embodiments of the present application is introduced below, and a readable storage medium described below and a request transmission method, apparatus, and device described above may be referred to each other.
A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method disclosed in the foregoing embodiments. For the specific steps of the method, reference may be made to the corresponding contents disclosed in the foregoing embodiments, which are not described herein again.
References in this application to "first," "second," "third," "fourth," etc., if any, are intended to distinguish between similar elements and not necessarily to describe a particular order or sequence. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises" and "comprising," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, or apparatus.
It should be noted that the descriptions in this application referring to "first", "second", etc. are for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present application.
The embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same or similar parts among the embodiments are referred to each other.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may reside in Random Access Memory (RAM), memory, Read Only Memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, a removable disk, a CD-ROM, or any other form of readable storage medium known in the art.
The principle and the implementation of the present application are explained herein by applying specific examples, and the above description of the embodiments is only used to help understand the method and the core idea of the present application; meanwhile, for a person skilled in the art, according to the idea of the present application, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present application.

Claims (8)

1. A method for request transmission, comprising:
generating a target request according to the operation of a user;
generating a device fingerprint according to the generation environment information of the target request, wherein the generation environment information at least comprises: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
transmitting the target request and the device fingerprint to a server;
wherein the transmitting the target request and the device fingerprint to a server comprises:
encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
transmitting the request signature, the target encryption sequence and the hash value to the server;
wherein, the signing the target encryption sequence by using the hash value of the device fingerprint further comprises, before obtaining a request signature:
randomly generating a preset number of random numbers based on different timestamps;
shifting the target encryption sequence by utilizing the preset number of random numbers and the ASCII codes respectively to obtain a random encryption sequence corresponding to each random number;
and splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as the target encryption sequence.
2. The request transmission method according to claim 1, wherein the transmitting the target request and the device fingerprint to a server comprises:
signing the target request by using the device fingerprint to obtain a request signature;
transmitting the request signature, the target request, and the device fingerprint to the server.
3. The request transmission method according to claim 2, wherein said signing the target request with the device fingerprint comprises:
and calculating a hash value of the device fingerprint, and signing the target request by using the hash value.
4. The method for requesting transmission according to claim 1, wherein after obtaining the concatenation encryption sequence, the method further comprises:
and encrypting the splicing encryption sequence by using a preset base64 sequence, and updating the splicing encryption sequence into an encrypted splicing encryption sequence.
5. The request transmission method according to any one of claims 1 to 4, wherein before transmitting the target request and the device fingerprint to a server, the method further comprises:
calculating the probability value of the user as a real user according to the difference between the generated parameter of the target request and the parameter in a preset parameter library;
judging whether the probability value exceeds a preset threshold value or not;
if yes, the step of transmitting the target request and the device fingerprint to a server is executed;
and if not, blocking the transmission of the target request and the device fingerprint.
6. A request transmission apparatus, comprising:
the request generation module is used for generating a target request according to the operation of a user;
a device fingerprint generation module, configured to generate a device fingerprint according to the generation environment information of the target request, where the generation environment information at least includes: font format information and audio and video format information, audio and video rendering information, graphic rendering information, local storage information and local CPU information supported by the browser;
the transmission module is used for transmitting the target request and the device fingerprint to a server;
wherein, the transmission module includes:
the encryption unit is used for encrypting the target request by using a base64 encryption algorithm to obtain a target encryption sequence;
the second signature unit is used for signing the target encryption sequence by utilizing the hash value of the device fingerprint to obtain a request signature;
a second transmission unit, configured to transmit the request signature, the target encryption sequence, and the hash value to the server;
wherein, transmission module still includes:
a generation unit for randomly generating a preset number of random numbers based on different time stamps;
the shifting unit is used for shifting the target encryption sequence by utilizing the preset number of random numbers and the ASCII codes respectively to obtain a random encryption sequence corresponding to each random number;
and the splicing unit is used for splicing the random encryption sequence corresponding to each random number to obtain a spliced encryption sequence, and taking the spliced encryption sequence as the target encryption sequence.
7. A request transmission device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the request transmission method of any one of claims 1 to 5.
8. A readable storage medium for storing a computer program, wherein the computer program, when executed by a processor, implements the request transmission method according to any one of claims 1 to 5.
CN201910769443.XA 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium Active CN110493225B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910769443.XA CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910769443.XA CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Publications (2)

Publication Number Publication Date
CN110493225A CN110493225A (en) 2019-11-22
CN110493225B true CN110493225B (en) 2021-12-03

Family

ID=68552291

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910769443.XA Active CN110493225B (en) 2019-08-20 2019-08-20 Request transmission method, device, equipment and readable storage medium

Country Status (1)

Country Link
CN (1) CN110493225B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111666596B (en) * 2020-07-10 2023-05-05 腾讯科技(深圳)有限公司 Data processing method, device and medium
CN112073375B (en) * 2020-08-07 2023-09-26 中国电力科学研究院有限公司 Isolation device and isolation method suitable for client side of electric power Internet of things
CN112215622A (en) * 2020-09-18 2021-01-12 南京欣网互联网络科技有限公司 Risk prevention and control method and system based on order information
CN113239308B (en) * 2021-05-26 2023-07-18 杭州安恒信息技术股份有限公司 Page access method, device, equipment and storage medium
CN114173081A (en) * 2021-12-13 2022-03-11 济南大学 Remote audio and video method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery
CN107426181A (en) * 2017-06-20 2017-12-01 竞技世界(北京)网络技术有限公司 The hold-up interception method and device of malice web access request
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP3108612B1 (en) * 2014-02-18 2020-07-22 Secureauth Corporation Fingerprint based authentication for single sign on
CN106446202A (en) * 2016-09-30 2017-02-22 福建北卡科技有限公司 Anti-interference browser fingerprint generation method based on implicit characteristic acquisition
CN106878265B (en) * 2016-12-21 2020-09-18 重庆华龙艾迪信息技术有限公司 Data processing method and device
CN109246062B (en) * 2017-07-11 2022-06-21 沪江教育科技(上海)股份有限公司 Authentication method and system based on browser plug-in

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery
CN105430011A (en) * 2015-12-25 2016-03-23 杭州朗和科技有限公司 Method and device for detecting distributed denial of service attack
CN107426181A (en) * 2017-06-20 2017-12-01 竞技世界(北京)网络技术有限公司 The hold-up interception method and device of malice web access request
CN109587133A (en) * 2018-11-30 2019-04-05 武汉烽火众智智慧之星科技有限公司 A kind of single-node login system and method

Also Published As

Publication number Publication date
CN110493225A (en) 2019-11-22

Similar Documents

Publication Publication Date Title
CN110493225B (en) Request transmission method, device, equipment and readable storage medium
CN107426181B (en) The hold-up interception method and device of malice web access request
US8533328B2 (en) Method and system of determining vulnerability of web application
US9356958B2 (en) Apparatus and method for protecting communication pattern of network traffic
KR101086451B1 (en) Apparatus and method for defending a modulation of the client screen
US20150271202A1 (en) Method, device, and system for detecting link layer hijacking, user equipment, and analyzing server
CN102571846A (en) Method and device for forwarding hyper text transport protocol (HTTP) request
CN108737110B (en) Data encryption transmission method and device for preventing replay attack
CN105635064B (en) CSRF attack detection method and device
CN109756460B (en) Replay attack prevention method and device
CN110782374A (en) Electronic evidence obtaining method and system based on block chain
CN109818906B (en) Equipment fingerprint information processing method and device and server
CN110958249A (en) Information processing method, information processing device, electronic equipment and storage medium
CN110619022B (en) Node detection method, device, equipment and storage medium based on block chain network
CN103873430A (en) Method, client and system for page information verification
CN114065093A (en) Data protection method, system, electronic equipment and computer readable storage medium
CN103873493A (en) Method, device and system for page information verification
CN111949955B (en) Single sign-on method, device and equipment for web system and readable storage medium
CN112087455B (en) WAF site protection rule generation method, system, equipment and medium
CN110457900B (en) Website monitoring method, device and equipment and readable storage medium
KR100956452B1 (en) A method for protecting from phishing attack
CN109361712B (en) Information processing method and information processing device
CN107995167B (en) Equipment identification method and server
CN111371743A (en) Security defense method, device and system
US20150365434A1 (en) Rotation of web site content to prevent e-mail spam/phishing attacks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant