CN110958249A - Information processing method, information processing device, electronic equipment and storage medium - Google Patents

Information processing method, information processing device, electronic equipment and storage medium Download PDF

Info

Publication number
CN110958249A
CN110958249A CN201911219127.1A CN201911219127A CN110958249A CN 110958249 A CN110958249 A CN 110958249A CN 201911219127 A CN201911219127 A CN 201911219127A CN 110958249 A CN110958249 A CN 110958249A
Authority
CN
China
Prior art keywords
information
client
request message
data request
identification information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911219127.1A
Other languages
Chinese (zh)
Other versions
CN110958249B (en
Inventor
史先澳
娄景军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wanghai Kangxin Beijing Technology Co Ltd
Original Assignee
Wanghai Kangxin Beijing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wanghai Kangxin Beijing Technology Co Ltd filed Critical Wanghai Kangxin Beijing Technology Co Ltd
Priority to CN201911219127.1A priority Critical patent/CN110958249B/en
Publication of CN110958249A publication Critical patent/CN110958249A/en
Application granted granted Critical
Publication of CN110958249B publication Critical patent/CN110958249B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic

Abstract

The embodiment of the application provides an information processing method and device, electronic equipment and a storage medium. The method comprises the following steps: receiving a data request message sent by a client, wherein the data request message carries identification information, the identification information is randomly generated by the client, searching the identification information in a first preset cache, the first preset cache stores the identification information carried by each data request message received by a server, and if the identification information is not searched, sending response data corresponding to the data request message to the client. According to the embodiment of the application, the attacker is prevented from randomly acquiring the data requested by the client, and the purpose of preventing data leakage is achieved, so that the network security is improved, and the user experience is improved.

Description

Information processing method, information processing device, electronic equipment and storage medium
Technical Field
The present application relates to the field of network information security technologies, and in particular, to a message processing method, an apparatus, an electronic device, and a storage medium.
Background
With the continuous development of internet information, application programs have been developed from stand-alone application programs to distributed application programs, and currently, a large number of distributed application programs adopt Web services as a technical foundation to realize distributed computing and application.
When the application program adopts Web service as a technical basis, the client sends a request to the server through the Internet, the server responds to the request and sends data information corresponding to the request to the client, and the client receives the data information to realize distributed computation and application. For example, the client may send a request for obtaining the verification code to the server through the internet to request the server to return the verification code. However, in the process of sending a request to a server through the internet, an attacker may steal the request sent by the client by using a network monitoring method or the like and send the stolen request to the server to acquire data corresponding to the request sent by the server, which is called replay attack. However, this way of replaying attacks may cause an attacker to randomly obtain data requested by the client, resulting in data leakage, which leads to poor network security and thus poor user experience.
Disclosure of Invention
The application provides an information processing method, an information processing device, an electronic device and a storage medium, which can solve at least one technical problem.
In a first aspect, an information processing method is provided, and the method includes:
receiving a data request message sent by a client, wherein the data request message carries identification information, and the identification information is randomly generated by the client;
searching identification information in a first preset cache, wherein the identification information carried by each data request message received by the server is stored in the first preset cache;
and if the identification information is not found, sending response data corresponding to the data request message to the client.
In a second aspect, there is provided an information processing apparatus comprising:
the first receiving module is used for receiving a data request message sent by a client, wherein the data request message carries identification information, and the identification information is randomly generated by the client;
the first searching module is used for searching the identification information in a first preset cache, wherein the identification information carried by each data request message received by the server is stored in the first preset cache;
and the sending module is used for sending response data corresponding to the data request message to the client when the identification information is not found.
In a third aspect, an electronic device is provided, which includes:
one or more processors;
a memory;
one or more application programs, wherein the one or more application programs are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: the corresponding operation according to the information processing method shown in the first aspect is performed.
In a fourth aspect, there is provided a computer-readable storage medium on which a computer program is stored, the program, when executed by a processor, implementing the information processing method shown in the first aspect.
The beneficial effect that technical scheme that this application provided brought is:
the application provides an information processing method, a device, an electronic device and a storage medium, compared with the prior art, the method comprises the steps of receiving a data request message sent by a client, wherein the data request message carries identification information, the identification information is randomly generated by the client, searching the identification information in a first preset cache, the identification information carried by each data request message received by a server is stored in the first preset cache, if the identification information is not searched, sending response data corresponding to the data request message to the client, realizing that the identification information carried in the data request is searched in the first cache, judging whether the data request is the request sent by replay attack or not, when the identification information is not searched, judging that the data request is the request sent by non-replay attack, and sending the response data corresponding to the request to the client, the method and the device prevent an attacker from randomly acquiring data requested by the client, and achieve the purpose of preventing data leakage, thereby improving network security and further improving user experience.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below.
Fig. 1 is a schematic flowchart of an information processing method according to an embodiment of the present application;
fig. 2 is a schematic view illustrating an interaction flow between a server and a client according to an embodiment of the present disclosure;
fig. 3 is a schematic diagram illustrating an interaction structure between a server and a client according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an information processing apparatus according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to embodiments of the present application, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present application and are not to be construed as limiting the present application.
As used herein, the singular forms "a", "an", "the" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof. It will be understood that when an element is referred to as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Further, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combinations of one or more of the associated listed items.
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The following describes the technical solutions of the present application and how to solve the above technical problems with specific embodiments. The following several specific embodiments may be combined with each other, and details of the same or similar concepts or processes may not be repeated in some embodiments. Embodiments of the present application will be described below with reference to the accompanying drawings.
An embodiment of the present application provides an information processing method, which may be executed by a server, as shown in fig. 1, where the method includes:
step S101, receiving a data request message sent by a client.
The data request message carries identification information, and the identification information is randomly generated by the client.
For the embodiment of the present application, the client may generate a unique string, that is, identification information, by using a Universal Unique Identifier (UUID), and place the identification information in a request header in the data request message, so that the data request message carries the identification information. In this embodiment, when the client generates the identification information by using the UUID, the identification information may be generated by using at least one of a timestamp, a random number, a Media Access control address (MAC address), and a pseudo random number, which is not limited in this embodiment.
For the embodiment of the present application, a client sends a data request message to a server, and the server receives the data request message sent by the client, where the data request message may include at least one of a request for obtaining an authentication code, a request for obtaining user data, and a request for obtaining service data, and any request for obtaining data sent to the server belongs to the data request message of the embodiment of the present application, and is not limited in the embodiment of the present application.
Step S102, identification information is searched in a first preset cache.
The first preset cache stores identification information carried by each data request message received by the server.
For the embodiment of the application, identification information carried by each data request received by the server in history is stored in the first preset cache, when the server receives a data request message sent by the client, the data request message is analyzed to obtain the identification information, and whether the identification information exists is searched in the first preset cache. In this embodiment of the application, the server may clear the identification information stored in the first preset cache every preset time, for example, clear the identification information stored in the first preset cache every half hour; the expiration time of each identification information stored in the first preset cache may also be preset, and when it is detected that the storage time of any identification information reaches the expiration time, the identification information stored in the first preset cache is cleared, for example, when the expiration time of the identification information 1 stored in the first preset cache is preset to be half an hour, and when it is detected that the storage time of the identification information 1 reaches half an hour, the identification information 1 stored in the first preset cache is cleared. The method includes the steps that identification information stored in the first preset cache is cleared, so that the storage space of the first preset cache can be released, and the pressure of the first preset cache is reduced.
Step S103, if the identification information is not found, response data corresponding to the data request message is sent to the client.
For the embodiment of the application, if the server does not find the identification information in the first preset cache, the data request message carrying the identification information is represented as the data request message acquired by the server for the first time, so that the data request message is judged to be a reasonable data request message and is not the data request message sent by replay attack, and a response corresponding to the data request message can be sent to the client; if the server finds the identification information in the first preset cache, the representation server historically receives the data request message carrying the identification information, the received data request message is the data request message sent by replay attack, the server does not respond to the request for requesting to acquire the data requested by the client for an attacker.
Compared with the prior art, the information processing method provided by the embodiment of the application comprises the steps of receiving a data request message sent by a client, wherein the data request message carries identification information, the identification information is randomly generated by the client, searching the identification information in a first preset cache, storing the identification information carried by each data request message received by a server in the first preset cache, if the identification information is not searched, sending response data corresponding to the data request message to the client, searching the identification information carried in the data request in the first cache to judge whether the data request is a request sent by replay attack, and when the identification information is not searched, judging that the data request is the request sent by non-replay attack, sending the response data corresponding to the request to the client, the method and the device prevent an attacker from randomly acquiring data requested by the client, and achieve the purpose of preventing data leakage, thereby improving network security and further improving user experience.
In another possible implementation manner of the embodiment of the present application, the information processing method further includes: and if the identification information is not found, storing the identification information in a first preset cache.
For the embodiment of the present application, the step of storing the identification information in the first preset cache may be performed by the step of sending the response data corresponding to the data request message to the client, may also be performed after the step of sending the response data corresponding to the data request message to the client, and may also be performed simultaneously, which is not limited in the embodiment of the present application.
For the embodiment of the application, if the identification information is not found in the first preset cache, the identification information is stored in the first preset cache, so that when the server receives the data request message again, whether the data request message received again is the data request message sent by the replay attack or not is judged according to the identification information stored in the first preset cache.
The data request message in the embodiment of the present application may carry, in addition to the identification information, time stamp information, Token information (Token) and signature information, which will be described below one by one.
In another possible implementation manner of the embodiment of the present application, the data request message may further include time stamp information, and the information processing method in the embodiment of the present application may further include: a difference between the preset time information and the timestamp information is determined.
Wherein the preset time information may include: at least one of corresponding time information and current time information when the data request message is received.
For the embodiment of the present application, the step of determining the difference between the preset time information and the timestamp information may be performed after step S101, may be performed after step S102, may be performed simultaneously with step S102, and is not limited in the embodiment of the present application. The preset time information may be time information when the server receives the data request message, and if the server receives the data request message at 5:00, the preset time information is 5: 00; the preset time information may also be current time information of the server, and if the server 5:00 receives the data request message and the current time information is 5:05, the preset time information is 5: 05.
The sending of the response data corresponding to the data request message to the client specifically may include: and if the difference is not greater than the preset threshold, sending response data corresponding to the data request message to the client.
For the embodiment of the application, the client may generate the timestamp information according to the current time information or an event when the data request message is generated, and place the timestamp information in a request header in the data request message, so that the data request message carries the timestamp information, for example, if the current time is 1:02, the timestamp information is generated according to 1:02 and placed in the request header in the data request message.
For the embodiment of the application, the server analyzes the data request message sent by the client to obtain the timestamp information, and determines the difference between the preset time information and the timestamp information to determine whether the data request message is a valid message, specifically, if the difference between the preset time information and the timestamp information is greater than a preset threshold, the data request message is determined to be an expired message, and if the difference between the preset time information and the timestamp information is not greater than the preset threshold, the data request message is determined to be a valid message. The preset threshold may be half an hour, which is not limited in this embodiment.
For the embodiment of the application, when the data request message is an effective message, that is, the difference value between the preset time information and the timestamp information is not greater than the preset threshold value, the response data corresponding to the data request message is sent to the client, so that the data request message responded by the server is ensured to be an effective message, the response to an invalid message is prevented, and the operating pressure of the server is reduced.
Further, if the identification information is not found and the data request message is a valid message, that is, if the identification information is not found and the difference between the preset time information and the timestamp information is not greater than the preset threshold, sending response data corresponding to the data request message to the client.
In another possible implementation manner of the embodiment of the application, the data request message may also carry token information. The token information is used for representing identity information of the client.
The information processing method of the embodiment of the application may further include: analyzing the token information to obtain identity information corresponding to the client; and searching the identity information from the second preset cache. The second preset cache stores registered identity information.
For the embodiment of the present application, the step of analyzing the token information to obtain the identity information corresponding to the client, and searching the identity information from the second preset cache may be performed after step S101, may also be performed after step S102, and may also be performed simultaneously with step S102, which is not limited in the embodiment of the present application.
The sending of the response data corresponding to the data request message to the client may specifically further include: and if the identity information is found, sending response data corresponding to the data request message to the client.
For the embodiment of the application, the server analyzes the data request message sent by the client to obtain the token information, analyzes the token information to obtain the identity information corresponding to the client, and searches whether the identity information exists in the second preset cache to judge whether the client is a reasonable requester. In an embodiment of the present application, the identity information may include at least one of a user name, a user password, and user data information.
For the embodiment of the application, if the identity information of the client is found from the second preset cache, the response data corresponding to the data request message is sent to the client, so that the server is prevented from sending the response data to an unreasonable client, the purpose of data leakage is prevented, and the network security is improved.
For the embodiment of the application, if the identification information is not found and the identity information is found, or if the identification information is not found, the difference value between the preset time information and the timestamp information is not greater than the preset threshold value and the identity information is found, the response data corresponding to the data request message is sent to the client.
For the embodiment of the application, the client may place the token information in a request header of the data request message, so that the token information is carried in the data request message. The token information is generated by the server and sent to the client, and specifically, the manner in which the server generates the token information and sends the token information to the client is described in detail in the following embodiments.
In another possible implementation manner of the embodiment of the present application, before the step S101, the method may further include: receiving a login request sent by a client, wherein the login request carries a user name and a password; searching corresponding identity information from a second preset cache according to the user name and the password; and if so, generating token information based on the searched identity information, and sending the token information to the client.
For the embodiment of the application, the server can receive a login request sent by the client, generate verification information associated with the login request, send the verification information to the client, then receive an input result of a user based on the verification information sent by the client, and if the input result is consistent with a verification result corresponding to the verification information prestored in the server, search corresponding identity information from a second preset cache according to the user name and the password.
If the user presets the verification information as my birthday and the verification result corresponding to the verification information is 11 month and 5 days, the server prestores the verification information and the verification result corresponding to the verification information, and when the input result is consistent with 11 month and 5 days, the corresponding identity information is searched from a second preset cache according to the user name and the password.
Further, if the corresponding identity information is found from the second preset cache, token information is generated based on the found identity information, and the token information is sent to the client. In this embodiment of the application, when the client receives token information sent by the server, the token information may be stored in a corresponding cache, for example, the client may store the token information in a local storage (localStorage) or a session storage (sessionstorege). In the embodiment of the present application, the server may generate the token information in a jwt (json Web token) manner.
For the embodiment of the application, the login request carrying the user name and the password sent by the client is received, the corresponding identity information is searched from the second preset cache according to the user name and the password, if the corresponding identity information is searched, token information is generated based on the searched identity information, the token information is sent to the client, the identity information of the client is ensured to be reasonable, the client is prevented from randomly acquiring the token information, and the network security is improved.
In another possible implementation manner of the embodiment of the application, the data request message may further carry signature information, where the signature information is obtained by a client performing signature based on signature keyword information sent by a server, timestamp information and identification information carried in the data request message to be sent.
The information processing method of the embodiment of the application may further include: determining signature keyword information associated with identity information corresponding to the client; and signing the signature key word information and the timestamp information and the identification information carried in the data request message to obtain signed information.
For the embodiment of the present application, the step of determining the signature keyword information associated with the identity information corresponding to the client, and signing the signature keyword information and the timestamp information and the identification information carried in the data request message may be executed after step S101, or after step S102, or simultaneously with step S102, which is not limited in the embodiment of the present application.
The sending of the response data corresponding to the data request message to the client may specifically further include: and if the signed information is consistent with the signature information, sending response data corresponding to the data request message to the client.
For the embodiment of the present application, the server may generate a unique string, that is, signature keyword information, by using a Universal Unique Identifier (UUID). In this embodiment, when the server generates the signature key information by using the UUID, the signature key information may be generated by using at least one of a timestamp, a random number, a Media access control Address (MAC Address), and a pseudo random number, which is not limited in this embodiment. The signature keyword information generated by the server is associated with the identity information searched from the second preset cache, and the signature keyword information is stored in the third preset cache. In this embodiment of the application, the server may clear the signature keyword information stored in the third preset cache every preset time, for example, clear the signature keyword information stored in the third preset cache every half hour; the expiration time of each signature keyword information stored in the third preset cache may also be preset, and when it is detected that the storage time of any signature keyword information reaches the expiration time, the signature keyword information stored in the third preset cache is cleared, for example, when the expiration time of the signature keyword information 1 stored in the third preset cache is preset to be half an hour, and when it is detected that the storage time of the signature keyword information 1 reaches half an hour, the signature keyword information 1 stored in the third preset cache is cleared. The clearing of the identification information stored in the third preset cache can release the storage space of the third preset cache, and the pressure of the third preset cache is reduced.
For the embodiment of the application, the server may send the token information to the client while sending the token information to the client, and the client may receive the signature key information and store the signature key information in a corresponding cache, for example, the client may store the token information in a local storage (localStorage) or a session storage (sessionStorage). In this embodiment, after receiving the signature keyword information, the client may combine the signature keyword information, the timestamp information and the identification information carried in the data request Message to be sent by using a preset combination mode, and perform signature processing on the combined information by using a preset signature Algorithm to obtain the signature information, specifically, the combined information may include other information such as password information in addition to the signature keyword information, the timestamp information and the identification information, the preset signature Algorithm may include at least one of a Message Digest Algorithm fifth version (Message Digest Algorithm 5, MD5) and a secure hash Algorithm (secure hash Algorithm, SHA), and the SHA includes SHA-1, SHA-2, SHA-256, and the like, which is not limited in this embodiment.
Further, the client sends a data request message carrying signature information to the server, after the server receives the data request message, the data request message is analyzed to obtain token information, the token information is analyzed to obtain identity information corresponding to the client, signature keyword information associated with the identity information corresponding to the client is determined based on the identity information corresponding to the client, the determined signature keyword information, timestamp information and identification information carried in the data request message are combined in a preset combination mode, and the combined information is signed by a preset signature algorithm to obtain signed information. The method for the server to obtain the signed information is the same as the method for the client to obtain the signed information, and specific descriptions related to the client obtaining the signed information in the above embodiments can be found, which are not described herein again.
For the embodiment of the application, if the signed information is consistent with the signature information, the representation data request message is not tampered, and if the signed information is inconsistent with the signature information, the representation data request message is tampered. In the embodiment of the application, if the mode 1 or the mode 2 is satisfied, the response data corresponding to the data request message is sent to the client, where the mode 1 is to find the identity information if the identification information is not found, and the signed information is consistent with the signature information, and the mode 2 is to find the identity information if the identification information is not found, the difference between the preset time information and the timestamp information is not greater than the preset threshold, and the signed information is consistent with the signature information.
For the embodiment of the application, when the server determines that the signed information is consistent with the signature information, the server sends the response data corresponding to the data request message to the client, so that the data request message responded by the server is ensured to be an untampered message, an attacker is prevented from acquiring the data requested by the client at will, and the network security is improved.
The foregoing embodiment introduces the information processing method in detail, and the following specific implementation manner of the present application from the perspective of interaction between the server and the client is specifically as shown in fig. 2, and the specific implementation manner of the present application includes:
in step S201, the client sends a login request to the server.
In step S202, the server generates signature keyword information and token information.
In step S203, the server sends the signature keyword information and the token information to the client.
In step S204, the client generates identification information and signature information.
In step S205, the client sends a data acquisition request carrying the identification information, the token information, the timestamp information, and the signature information to the server.
In step S206, the server receives the data obtaining request and searches the identification information in the first preset cache.
In step S207, if the identification information is found, the server determines a difference between the preset time information and the timestamp information.
Step S208, if the difference value is not greater than the preset threshold value, the server analyzes the token information to obtain identity information corresponding to the client, and searches the identity information from a second preset cache.
Step S209, if the identity information is found, the server determines the signature keyword information, and signs the signature keyword information and the timestamp information and the identification information carried in the data request message to obtain signed information.
In step S210, if the signed information is consistent with the signature information, the server sends response data to the client.
In step S211, the client receives the response data.
For the description of each step from step S201 to step S211 in the embodiment of the present application, the description of the embodiments is referred to in detail, and is not repeated herein.
For the embodiment of the present application, the server is provided with a filter for intercepting the request sent by the client, as shown in fig. 3. Specifically, the client 30 sends a request to the server 31, the filter 311 intercepts the request sent by the client 30, wherein a white list is set in the filter 311, if the request belongs to the request in the white list, the request is sent to the service server 312, if the request does not belong to the request in the white list, such as various data request messages, the request is intercepted, and the identification information, the timestamp information, the token information, and the signature information carried in the request are respectively verified, and a specific verification manner is detailed in the above embodiment and will not be described herein again. In this embodiment of the application, if the identification information, the timestamp information, the token information, and the signature information carried in the request are verified respectively, the request is sent to the service server 312, and the service server 312 sends response data for the request to the client.
The information processing method is specifically described from the perspective of the method steps, and the following introduces the information processing apparatus from the perspective of the virtual module or the virtual unit, specifically as follows:
an embodiment of the present application provides an information apparatus, and as shown in fig. 4, the information processing apparatus 40 may include: a first receiving module 401, a first searching module 402 and a sending module 403, wherein,
the first receiving module 401 is configured to receive a data request message sent by a client, where the data request message carries identification information, and the identification information is randomly generated by the client.
A first searching module 402, configured to search for the identification information in a first preset cache, where the first preset cache stores the identification information carried in each data request message received by the server.
A sending module 403, configured to send, to the client, response data corresponding to the data request message when the identification information is not found.
In another possible implementation manner of the embodiment of the present application, the data request message further carries time stamp information, and the information processing apparatus 40 further includes a first determining module, wherein,
a first determining module, configured to determine a difference between preset time information and timestamp information, where the preset time information includes: at least one of corresponding time information and current time information when the data request message is received.
The sending module 403 is specifically configured to send response data corresponding to the data request message to the client when the difference is not greater than the preset threshold.
In another possible implementation manner of the embodiment of the present application, the data request message further carries token information, where the token information is used to represent identity information of the client, and the information processing apparatus 40 further includes an analysis module and a second lookup module, where,
and the analysis module is used for analyzing the token information to obtain the identity information corresponding to the client.
And the second searching module is used for searching the identity information from a second preset cache, and the registered identity information is stored in the second preset cache.
The sending module 403 is specifically configured to send response data corresponding to the data request message to the client if the identity information is found.
In another possible implementation manner of the embodiment of the present application, the information processing apparatus 40 further includes a second receiving module, a third searching module, and a generating and sending module, wherein,
and the second receiving module is used for receiving a login request sent by the client, wherein the login request carries a user name and a password.
And the third searching module is used for searching corresponding identity information from a second preset cache according to the user name and the password.
And the generating and sending module is used for generating token information based on the searched identity information when the token information is searched, and sending the token information to the client.
In another possible implementation manner of the embodiment of the application, the data request message further carries signature information, the signature information is obtained by a client performing signature based on signature keyword information sent by the server, timestamp information and identification information carried in the data request message to be sent, the information processing apparatus further includes a second determining module and a signature module, wherein,
and the second determining module is used for determining signature keyword information associated with the identity information corresponding to the client.
And the signature module is used for signing the signature key word information and the timestamp information and the identification information carried in the data request message to obtain signed information.
The sending module 403 is specifically configured to send response data corresponding to the data request message to the client when the signed information is consistent with the signature information.
In another possible implementation manner of the embodiment of the present application, the information processing apparatus 40 further includes a storage module, wherein,
and the storage module is used for storing the identification information in the first preset cache when the identification information is not found.
For the embodiment of the present application, the first receiving module 401 and the second receiving module may be the same receiving module or two different receiving modules, the first searching module 402, the second searching module, and the third searching module may be the same searching module or different searching modules, or any two of them may be the same searching module, and the first determining module and the second determining module may be the same determining module or two different determining modules, which is not described herein again.
The information processing apparatus of this embodiment can execute the information processing method provided in the embodiment of the method of this application, and the implementation principles thereof are similar, and are not described herein again.
Compared with the prior art, the information processing device provided by the embodiment of the application searches the identification information in the first preset cache by receiving the data request message sent by the client, wherein the data request message carries the identification information, the identification information is randomly generated by the client, the identification information is stored in the first preset cache, the identification information carried by each data request message received by the server is stored in the first preset cache, if the identification information is not found, the response data corresponding to the data request message is sent to the client, so that the identification information carried in the data request is searched in the first cache, whether the data request is the request sent by replay attack or not is judged, when the identification information is not found, the data request can be judged to be the request sent by non-replay attack, the response data corresponding to the request can be sent to the client, the method and the device prevent an attacker from randomly acquiring data requested by the client, and achieve the purpose of preventing data leakage, thereby improving network security and further improving user experience.
The information processing apparatus of the present application is described above from the perspective of a virtual module or a virtual unit, and the electronic device of the present application is described below from the perspective of a physical device.
An embodiment of the present application provides an electronic device, as shown in fig. 5, an electronic device 4000 shown in fig. 5 includes: a processor 4001 and a memory 4003. Processor 4001 is coupled to memory 4003, such as via bus 4002. Optionally, the electronic device 4000 may further comprise a transceiver 4004. In addition, the transceiver 4004 is not limited to one in practical applications, and the structure of the electronic device 4000 is not limited to the embodiment of the present application.
Processor 4001 may be a CPU, general purpose processor, DSP, ASIC, FPGA or other programmable logic device, transistor logic device, hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 4001 may also be a combination that performs a computational function, including, for example, a combination of one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 4002 may include a path that carries information between the aforementioned components. Bus 4002 may be a PCI bus, EISA bus, or the like. The bus 4002 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 5, but this is not intended to represent only one bus or type of bus.
Memory 4003 may be, but is not limited to, a ROM or other type of static storage device that can store static information and instructions, a RAM or other type of dynamic storage device that can store information and instructions, an EEPROM, a CD-ROM or other optical disk storage, an optical disk storage (including compact disk, laser disk, optical disk, digital versatile disk, blu-ray disk, etc.), a magnetic disk storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer.
The memory 4003 is used for storing application codes for executing the scheme of the present application, and the execution is controlled by the processor 4001. Processor 4001 is configured to execute application code stored in memory 4003 to implement what is shown in any of the foregoing method embodiments.
An embodiment of the present application provides an electronic device, where the electronic device includes: a memory and a processor; at least one program stored in the memory for execution by the processor, which when executed by the processor, implements: by receiving a data request message sent by a client, wherein the data request message carries identification information, the identification information is randomly generated by the client, the identification information is searched in a first preset cache, the identification information carried by each data request message received by a server is stored in the first preset cache, if the identification information is not searched, response data corresponding to the data request message is sent to the client, the identification information carried in the data request is searched in the first cache, so that whether the data request is a request sent by replay attack or not is judged, when the identification information is not searched, the data request can be judged to be the request sent by non-replay attack, the response data corresponding to the request can be sent to the client, an attacker is prevented from randomly acquiring the data requested by the client, and the purpose of preventing data leakage is achieved, therefore, the network security is improved, and the user experience is further improved.
The electronic device of the present application is described above from the perspective of a physical device, and the computer-readable storage medium of the present application is described below from the perspective of a storage medium.
The present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content in the foregoing method embodiments. Compared with the prior art, the data request message sent by the client is received, the data request message carries identification information, the identification information is randomly generated by the client, the identification information is searched in the first preset cache, the identification information carried by each data request message received by the server is stored in the first preset cache, if the identification information is not searched, response data corresponding to the data request message is sent to the client, the identification information carried in the data request is searched in the first cache, whether the data request is the request sent by the replay attack or not is judged, when the identification information is not searched, the data request can be judged to be the request sent by the non-replay attack, the response data corresponding to the request can be sent to the client, an attacker is prevented from randomly obtaining the data requested by the client, and the purpose of preventing data leakage is achieved, therefore, the network security is improved, and the user experience is further improved.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, several modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (10)

1. An information processing method characterized by comprising:
receiving a data request message sent by a client, wherein the data request message carries identification information, and the identification information is randomly generated by the client;
searching the identification information in a first preset cache, wherein the identification information carried by each data request message received by the server is stored in the first preset cache;
and if the identification information is not found, sending response data corresponding to the data request message to the client.
2. The method of claim 1, wherein the data request message further carries time stamp information, and wherein the method further comprises:
determining a difference between preset time information and the timestamp information, wherein the preset time information comprises: at least one of corresponding time information and current time information when the data request message is received;
the sending of the response data corresponding to the data request message to the client includes:
and if the difference is not greater than the preset threshold, sending response data corresponding to the data request message to the client.
3. The method according to claim 1 or 2, wherein the data request message further carries token information, and the token information is used for characterizing identity information of a client, and the method further comprises:
analyzing the token information to obtain identity information corresponding to the client;
searching the identity information from a second preset cache, wherein the second preset cache stores registered identity information;
wherein the sending of the response data corresponding to the data request message to the client includes:
and if the identity information is found, sending response data corresponding to the data request message to the client.
4. The method of claim 3, wherein the receiving the data request message sent by the client further comprises:
receiving a login request sent by the client, wherein the login request carries a user name and a password;
searching corresponding identity information from the second preset cache according to the user name and the password;
and if the token information is found, generating the token information based on the found identity information, and sending the token information to the client.
5. The method according to claim 3 or 4, wherein the data request message further carries signature information, and the signature information is obtained by the client through signature based on signature keyword information sent by the server, timestamp information and identification information carried in the data request message to be sent, and the method further comprises:
determining signature keyword information associated with identity information corresponding to the client;
signing the signature keyword information and the timestamp information and the identification information carried in the data request message to obtain signed information;
wherein the sending of the response data corresponding to the data request message to the client includes:
and if the signed information is consistent with the signature information, sending response data corresponding to the data request message to the client.
6. The method of claim 1, further comprising:
and if the identification information is not found, storing the identification information in the first preset cache.
7. An information processing apparatus characterized by comprising:
the first receiving module is used for receiving a data request message sent by a client, wherein the data request message carries identification information, and the identification information is randomly generated by the client;
the first searching module is used for searching the identification information in a first preset cache, wherein the identification information carried by each data request message received by the server is stored in the first preset cache;
and the sending module is used for sending response data corresponding to the data request message to the client when the identification information is not found.
8. The apparatus of claim 7, wherein the data request message further carries time stamp information, wherein the apparatus further comprises a first determining module,
the first determining module is configured to determine a difference between preset time information and the timestamp information, where the preset time information includes: at least one of corresponding time information and current time information when the data request message is received;
the sending module is specifically configured to send response data corresponding to the data request message to the client when the difference is not greater than a preset threshold.
9. An electronic device, comprising:
one or more processors;
a memory;
one or more applications, wherein the one or more applications are stored in the memory and configured to be executed by the one or more processors, the one or more programs configured to: executing the information processing method according to any one of claims 1 to 6.
10. A computer-readable storage medium on which a computer program is stored, characterized in that the program, when executed by a processor, implements the information processing method of any one of claims 1 to 6.
CN201911219127.1A 2019-12-03 2019-12-03 Information processing method, information processing device, electronic equipment and storage medium Active CN110958249B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911219127.1A CN110958249B (en) 2019-12-03 2019-12-03 Information processing method, information processing device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911219127.1A CN110958249B (en) 2019-12-03 2019-12-03 Information processing method, information processing device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN110958249A true CN110958249A (en) 2020-04-03
CN110958249B CN110958249B (en) 2022-07-19

Family

ID=69979500

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911219127.1A Active CN110958249B (en) 2019-12-03 2019-12-03 Information processing method, information processing device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN110958249B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111782422A (en) * 2020-06-30 2020-10-16 百度在线网络技术(北京)有限公司 Distributed message processing method and device, electronic equipment and storage medium
CN112235363A (en) * 2020-09-28 2021-01-15 华云数据控股集团有限公司 Data processing method, device, electronic equipment, storage medium and system
CN113452602A (en) * 2021-06-21 2021-09-28 网易(杭州)网络有限公司 Message transmission method and device, electronic equipment and storage medium
CN113835908A (en) * 2021-09-30 2021-12-24 武汉虹信技术服务有限责任公司 Method, system, medium and device for realizing ordered retransmission based on WebSocket
CN114666411A (en) * 2022-03-02 2022-06-24 中国建设银行股份有限公司 Request processing method, device, server, storage medium and product
CN115150164A (en) * 2022-06-30 2022-10-04 北京天融信网络安全技术有限公司 Request verification method and device, electronic equipment and computer-readable storage medium

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300364A1 (en) * 2008-05-29 2009-12-03 James Paul Schneider Username based authentication security
US20120117639A1 (en) * 2010-11-09 2012-05-10 International Business Machines Corporation Remote authentication based on challenge-response using digital certificates
CN105516186A (en) * 2015-12-31 2016-04-20 华为技术有限公司 Method for preventing replay attack and server
CN107124407A (en) * 2017-04-21 2017-09-01 东软集团股份有限公司 Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system
CN108234653A (en) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 A kind of method and device of processing business request
CN108322469A (en) * 2018-02-05 2018-07-24 北京百度网讯科技有限公司 Information processing system, method and apparatus
CN109150898A (en) * 2018-09-18 2019-01-04 厦门安胜网络科技有限公司 Method and apparatus for handling information
CN109347835A (en) * 2018-10-24 2019-02-15 苏州科达科技股份有限公司 Information transferring method, client, server and computer readable storage medium
WO2019210758A1 (en) * 2018-05-02 2019-11-07 中兴通讯股份有限公司 Data protection method and device and storage medium
CN110490005A (en) * 2019-08-20 2019-11-22 腾讯科技(深圳)有限公司 Processing method, device and the computer readable storage medium of resource transfers request

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300364A1 (en) * 2008-05-29 2009-12-03 James Paul Schneider Username based authentication security
US20120117639A1 (en) * 2010-11-09 2012-05-10 International Business Machines Corporation Remote authentication based on challenge-response using digital certificates
CN105516186A (en) * 2015-12-31 2016-04-20 华为技术有限公司 Method for preventing replay attack and server
CN107124407A (en) * 2017-04-21 2017-09-01 东软集团股份有限公司 Data transmission method, device, readable storage medium storing program for executing, electronic equipment and system
CN108234653A (en) * 2018-01-03 2018-06-29 马上消费金融股份有限公司 A kind of method and device of processing business request
CN108322469A (en) * 2018-02-05 2018-07-24 北京百度网讯科技有限公司 Information processing system, method and apparatus
WO2019210758A1 (en) * 2018-05-02 2019-11-07 中兴通讯股份有限公司 Data protection method and device and storage medium
CN109150898A (en) * 2018-09-18 2019-01-04 厦门安胜网络科技有限公司 Method and apparatus for handling information
CN109347835A (en) * 2018-10-24 2019-02-15 苏州科达科技股份有限公司 Information transferring method, client, server and computer readable storage medium
CN110490005A (en) * 2019-08-20 2019-11-22 腾讯科技(深圳)有限公司 Processing method, device and the computer readable storage medium of resource transfers request

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111782422A (en) * 2020-06-30 2020-10-16 百度在线网络技术(北京)有限公司 Distributed message processing method and device, electronic equipment and storage medium
CN111782422B (en) * 2020-06-30 2023-08-15 百度在线网络技术(北京)有限公司 Distributed message processing method, device, electronic equipment and storage medium
CN112235363A (en) * 2020-09-28 2021-01-15 华云数据控股集团有限公司 Data processing method, device, electronic equipment, storage medium and system
CN112235363B (en) * 2020-09-28 2022-02-01 华云数据控股集团有限公司 Data processing method, device, electronic equipment, storage medium and system
CN113452602A (en) * 2021-06-21 2021-09-28 网易(杭州)网络有限公司 Message transmission method and device, electronic equipment and storage medium
CN113835908A (en) * 2021-09-30 2021-12-24 武汉虹信技术服务有限责任公司 Method, system, medium and device for realizing ordered retransmission based on WebSocket
CN114666411A (en) * 2022-03-02 2022-06-24 中国建设银行股份有限公司 Request processing method, device, server, storage medium and product
CN115150164A (en) * 2022-06-30 2022-10-04 北京天融信网络安全技术有限公司 Request verification method and device, electronic equipment and computer-readable storage medium
CN115150164B (en) * 2022-06-30 2023-09-26 北京天融信网络安全技术有限公司 Request verification method, apparatus, electronic device and computer readable storage medium

Also Published As

Publication number Publication date
CN110958249B (en) 2022-07-19

Similar Documents

Publication Publication Date Title
CN110958249B (en) Information processing method, information processing device, electronic equipment and storage medium
US9853964B2 (en) System and method for authenticating the legitimacy of a request for a resource by a user
JP6574168B2 (en) Terminal identification method, and method, system, and apparatus for registering machine identification code
WO2017076193A1 (en) Method and apparatus for processing request from client
US8621630B2 (en) System, method and device for cloud-based content inspection for mobile devices
WO2019200799A1 (en) Short message verification code pushing method, electronic device and readable storage medium
US10116693B1 (en) Server using proof-of-work technique for hardening against denial of service attacks
CN110247894B (en) Method and device for identifying fake handle server
CN110008719B (en) File processing method and device, and file detection method and device
US9544266B2 (en) NSEC3 performance in DNSSEC
CN110619022B (en) Node detection method, device, equipment and storage medium based on block chain network
CN110110551B (en) Data storage method and device
CN111510442A (en) User verification method and device, electronic equipment and storage medium
CN111294337A (en) Token-based authentication method and device
CN109495471B (en) Method, device and equipment for judging WEB attack result and readable storage medium
CN112804222B (en) Data transmission method, device, equipment and storage medium based on cloud deployment
CN107770183B (en) Data transmission method and device
CN111147235B (en) Object access method and device, electronic equipment and machine-readable storage medium
CN111597537A (en) Block chain network-based certificate issuing method, related equipment and medium
CN115550060B (en) Trusted certificate verification method, device, equipment and medium based on block chain
US10079856B2 (en) Rotation of web site content to prevent e-mail spam/phishing attacks
CN113225348B (en) Request anti-replay verification method and device
CN111935122B (en) Data security processing method and device
CN112865981B (en) Token acquisition and verification method and device
CN112685706A (en) Request authentication method and related equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant