CN112187760B - Network request tamper-proof method based on data splitting - Google Patents
Network request tamper-proof method based on data splitting Download PDFInfo
- Publication number
- CN112187760B CN112187760B CN202011000095.9A CN202011000095A CN112187760B CN 112187760 B CN112187760 B CN 112187760B CN 202011000095 A CN202011000095 A CN 202011000095A CN 112187760 B CN112187760 B CN 112187760B
- Authority
- CN
- China
- Prior art keywords
- data
- request
- packet
- current time
- data division
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/06—Notations for structuring of protocol data, e.g. abstract syntax notation one [ASN.1]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a network request tamper-proof method based on data splitting, in the method, a plurality of data items of a data segment of a request data packet are separated by a preset identifier, a request end and an access end need to interact with each other at the current time, then the data segment of the request data packet is randomly divided into a data front segment and a data rear segment according to the preset identifier, a protocol head and the request head respectively form a first data division packet and a second data division packet with the data front segment and the data rear segment, and the access end recombines the protocol head, the request head, the data front segment and the data rear segment into the request data packet when the current time of the request end in the first data division packet is consistent with the current time of the request end in a first time label and the current time of the access end in the second data division packet is consistent with the current time of the access end in a second time label. The invention can realize the tamper resistance of the network request.
Description
Technical Field
The invention relates to the technical field of logistics networks, in particular to a network request anti-tampering method based on data splitting.
Background
With the explosive development of the logistics industry, the logistics network security becomes an issue that must be considered. The network request is the most common event and also becomes the most important step of network security defense, and the effective protection of the network request plays a key role in network security. However, the prior art cannot well protect the integrity of the network request.
Disclosure of Invention
The invention aims to provide a network request tamper-proofing method based on data splitting, which can realize network request tamper-proofing.
In order to solve the technical problems, the invention adopts a technical scheme that: a network request tamper-proofing method based on data splitting is provided, which comprises the following steps;
s1: a request end generates a request data packet, wherein the request data packet comprises a protocol header, a request header and a data section, the data section comprises a plurality of data items, and the data items are separated from each other through a preset identifier;
s2: the request end sends a first time tag to the access end, wherein the first time tag is composed of a first request serial number and the current time of the request end;
s3: after receiving the first time tag, the access terminal sends a second time tag to the request terminal, wherein the second time tag is composed of a second request sequence number and the current time of the access terminal;
s4: after receiving the second time tag, the requesting end randomly divides the data segment of the request data packet into a data front segment and a data rear segment according to a preset identifier, and forms a first data division packet by the protocol head, the request head and the data front segment and forms a second data division packet by the protocol head, the request head and the data rear segment;
s5: the request end adds the current time of the request end at the tail part of a first data division packet, adds the current time of the access end at the tail part of a second data division packet, and sends the first data division packet and the second data division packet to the access end;
s6: the access terminal compares whether the current time of the request terminal in the first data division packet is consistent with the current time of the request terminal in the first time tag and whether the current time of the access terminal in the second data division packet is consistent with the current time of the access terminal in the second time tag, and if so, the step S7 is carried out;
s7: the access terminal merges the data front segment and the data rear segment in the first data division packet and the second data division packet into data segments according to the front-back sequence, and recombines the protocol header, the request header and the data segments in the first data division packet and the second data division packet into a request data packet.
Preferably, the step S6 further includes: if the current time of the request end in the first data division packet is not consistent with the current time of the request end in the first time label or the current time of the access end in the second data division packet is not consistent with the current time of the access end in the second time label by comparison, the step S8 is carried out;
s8: the first data partition packet and the second data partition packet are discarded.
Preferably, before the first data partition packet and the second data partition packet are sent to the access terminal, the step S5 further includes:
encrypting the first data division packet or the second data division packet by adopting an encryption algorithm;
before step S6, the method further includes:
and the access terminal decrypts the encrypted first data partition packet or the encrypted second data partition packet after receiving the first data partition packet and the second data partition packet.
Preferably, the encryption algorithm is an MD5 algorithm or a sha128 algorithm.
Preferably, the first request sequence number and the second request sequence number are both random values.
Preferably, the predetermined identifier is a non-numeric and non-alphabetic symbol.
Different from the prior art, the invention has the beneficial effects that:
1. the purpose of network request tamper resistance is achieved by carrying out three times of verification on the data packet;
2. the time tag is used for verification, so that the randomness is increased, and the verification accuracy is increased;
3. and splitting the data packet by using the predetermined identifier to ensure the integrity of the data packet.
Drawings
Fig. 1 is a schematic flowchart of a method for preventing network request from being tampered based on data splitting according to an embodiment of the present invention.
Fig. 2 is a schematic data flow diagram of a network request tamper-proofing method based on data splitting according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Referring to fig. 1, a network request tamper-proofing method based on data splitting according to an embodiment of the present invention includes the following steps;
s1: the request end generates a request data packet, wherein the request data packet comprises a protocol header, a request header and a data section, the data section comprises a plurality of data items, and the data items are separated from each other through a preset identifier.
As shown in fig. 2, the request packet generated by the request end is represented by data.
In this embodiment, the predetermined identifier is a non-numeric and non-alphabetic symbol, such as &. For example, the data segment includes two data items, user = XXX and passswd = XXX, and then the data segment is represented as user = XXX & passswd = XXX.
S2: the request end sends a first time label to the access end, wherein the first time label consists of a first request sequence number and the current time of the request end.
As shown in fig. 2, the first timestamp sent by the request end includes seq1 and tame1, where seq1 represents a first request serial number, and tame1 represents the current time of the request end.
S3: and after receiving the first time tag, the access terminal sends a second time tag to the request terminal, wherein the second time tag comprises a second request sequence number and the current time of the access terminal.
As shown in fig. 2, the second time tag sent by the access terminal includes seq2 and tame2, seq2 represents the second request sequence number, and tame2 represents the current time of the access terminal. In this embodiment, the first request sequence number and the second request sequence number are both random values.
S4: and after the request end receives the second time tag, the data segment of the request data packet is randomly divided into a data front segment and a data rear segment according to the preset identifier, the protocol head, the request head and the data front segment form a first data division packet, and the protocol head, the request head and the data rear segment form a second data division packet.
Wherein, if the data segment includes only 2 data items, then there is only one kind of segmentation result, i.e. the 1 st data item is used as the data front segment and the 2 nd data item is used as the data back segment, if the data segment includes more than 2 data items, then there are many kinds of segmentation results, e.g. the data segment includes 4 data items, and the segmentation results are: the 1 st data item is used as a data front section and the 2 nd, 3 rd and 4 th data items are used as data rear sections; 1, 2 data items are used as a data front segment and 3, 4 data items are used as a data rear segment; the 1 st, 2 nd and 3 rd data items are used as data front sections and the 4 th data item is used as a data rear section. It should be noted that the protocol header and the request header of the first data partition packet and the second data partition packet are the same, and only the data segment is different.
As shown in fig. 2, the first data division packet obtained by the request side is represented by data1, and the second data division packet is represented by data 2.
S5: the request end adds the current time of the request end at the tail part of the first data division packet, adds the current time of the access end at the tail part of the second data division packet, and sends the first data division packet and the second data division packet to the access end.
As shown in fig. 2, the request end adds tame1 to the tail of the first data partition package, and adds tame2 to the tail of the second data partition package. It should be noted that, in some other embodiments, the requester may add tame2 at the tail of the first data partition and add tame1 at the tail of the second data partition.
S6: and the access terminal compares whether the current time of the request terminal in the first data division packet is consistent with the current time of the request terminal in the first time tag or not and whether the current time of the access terminal in the second data division packet is consistent with the current time of the access terminal in the second time tag or not, and if so, the step S7 is carried out.
Wherein, if the network request is consistent, the network request of the requesting end is safe.
S7: the access terminal merges the data front section and the data rear section in the first data division packet and the second data division packet into the data section according to the front-back sequence, and recombines the protocol head, the request head and the data section in the first data division packet and the second data division packet into the request data packet.
The data segment of the request data packet is segmented according to the sequence, that is, the part before a certain predetermined identifier of the data segment is the data front segment, the part after the certain predetermined identifier of the data segment is the data rear segment, the access terminal combines the data front segment and the data rear segment according to the same sequence to obtain the correct data segment, and then the protocol header, the request header and the data segment are recombined to obtain the correct request data packet. The request end and the access end can continuously process the network request on the basis of the correct request data packet.
In this embodiment, step S6 further includes: if the current time of the request end in the first data division packet is not consistent with the current time of the request end in the first time label or the current time of the access end in the second data division packet is not consistent with the current time of the access end in the second time label by comparison, the step S8 is carried out;
s8: the first data partition packet and the second data partition packet are discarded.
In order to further improve the security, in this embodiment, before sending the first data partition packet and the second data partition packet to the access end, the step S5 further includes:
encrypting the first data division packet or the second data division packet by adopting an encryption algorithm;
before step S6, the method further includes:
and the access terminal decrypts the encrypted first data division packet or the encrypted second data division packet after receiving the first data division packet and the second data division packet.
As shown in fig. 2, the lock of the first data split packet indicates that the requesting end encrypts the first data split packet. In this embodiment, the encryption algorithm may be a common encryption algorithm such as an MD5 algorithm or a sha128 algorithm.
Through the mode, the network request anti-tampering method based on data splitting divides the request data packet into two data split packets, adds time in the data split packets, and encrypts one data split packet at the same time, so that network request anti-tampering can be realized, and other network operations are facilitated.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (3)
1. A network request tamper-proofing method based on data splitting is characterized by comprising the following steps;
s1: a request end generates a request data packet, wherein the request data packet comprises a protocol header, a request header and a data section, the data section comprises a plurality of data items, the data items are separated from each other through a predetermined identifier, and the predetermined identifier is a non-numeric and non-alphabetic symbol;
s2: the request end sends a first time tag to the access end, wherein the first time tag is composed of a first request sequence number and the current time of the request end;
s3: after receiving the first time tag, the access terminal sends a second time tag to the request terminal, wherein the second time tag is composed of a second request sequence number and the current time of the access terminal;
the first request sequence number and the second request sequence number are both random values;
s4: after receiving the second time tag, the request end randomly divides the data segment of the request data packet into a data front segment and a data rear segment according to a preset identifier, and forms a first data division packet by the protocol head, the request head and the data front segment and a second data division packet by the protocol head, the request head and the data rear segment;
s5: the method comprises the steps that a request end adds request end current time at the tail of a first data division packet, an access end current time is added at the tail of a second data division packet, the first data division packet or the second data division packet is encrypted by adopting an encryption algorithm and is sent to the access end, and the access end decrypts the encrypted first data division packet or the encrypted second data division packet after receiving the first data division packet and the second data division packet;
s6: the access terminal compares whether the current time of the request terminal in the first data division packet is consistent with the current time of the request terminal in the first time tag and whether the current time of the access terminal in the second data division packet is consistent with the current time of the access terminal in the second time tag, and if so, the step S7 is carried out;
s7: the access terminal merges the data front section and the data rear section in the first data division packet and the second data division packet into the data section according to the front-back sequence, and recombines the protocol header, the request header and the data section in the first data division packet and the second data division packet into the request data packet.
2. The network request tamper-proofing method according to claim 1, wherein the step S6 further comprises: if the current time of the request end in the first data division packet is not consistent with the current time of the request end in the first time label or the current time of the access end in the second data division packet is not consistent with the current time of the access end in the second time label by comparison, the step S8 is carried out;
s8: the first data partition packet and the second data partition packet are discarded.
3. The method according to claim 1, wherein the encryption algorithm is MD5 algorithm or sha128 algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011000095.9A CN112187760B (en) | 2020-09-22 | 2020-09-22 | Network request tamper-proof method based on data splitting |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011000095.9A CN112187760B (en) | 2020-09-22 | 2020-09-22 | Network request tamper-proof method based on data splitting |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112187760A CN112187760A (en) | 2021-01-05 |
| CN112187760B true CN112187760B (en) | 2022-11-08 |
Family
ID=73956728
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011000095.9A Active CN112187760B (en) | 2020-09-22 | 2020-09-22 | Network request tamper-proof method based on data splitting |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112187760B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101102506A (en) * | 2007-08-01 | 2008-01-09 | 北京创毅视讯科技有限公司 | A multi-media broadcast data transmission method, device and system |
| CN101622596A (en) * | 2006-12-06 | 2010-01-06 | 弗森多系统公司(dba弗森-艾奥) | Apparatus, system, and method for managing data in a storage device with an empty data token directive |
| CN101783789A (en) * | 2009-01-16 | 2010-07-21 | 深圳市维信联合科技有限公司 | Method, device and system for transmitting and processing network packet |
| WO2013147807A1 (en) * | 2012-03-29 | 2013-10-03 | Intel Corporation | Techniques for forwarding or receiving data segments associated with a large data packet |
| CN103618754A (en) * | 2013-12-20 | 2014-03-05 | 山东中创软件商用中间件股份有限公司 | Cookie anti-tamper method and device |
| CN106375406A (en) * | 2016-08-31 | 2017-02-01 | 浙江创佳数字技术有限公司 | Terminal system upgrading method |
| CN106664290A (en) * | 2015-05-26 | 2017-05-10 | 华为技术有限公司 | Data transmission method and device for photoelectric hybrid network |
| CN107733875A (en) * | 2017-09-21 | 2018-02-23 | 深圳市盛路物联通讯技术有限公司 | A kind of data transmission method and system |
| CN108023884A (en) * | 2017-12-05 | 2018-05-11 | 北京军秀咨询有限公司 | A kind of encryption method of Networks and information security |
| CN109586896A (en) * | 2018-11-14 | 2019-04-05 | 陕西师范大学 | A kind of data integrity verification method based on Hash prefix trees |
| CN109962888A (en) * | 2017-12-22 | 2019-07-02 | 航天信息股份有限公司 | A kind of anti-tamper business access method, client and server |
| CN110943999A (en) * | 2019-12-05 | 2020-03-31 | 拉货宝网络科技有限责任公司 | Logistics multi-bin network intercommunication and monitoring method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9686190B2 (en) * | 2012-03-29 | 2017-06-20 | Intel Corporation | Techniques for forwarding or receiving data segments associated with a large data packet |
| US20150032798A1 (en) * | 2013-07-24 | 2015-01-29 | Alcatel-Lucent Canada Inc. | Method And Apparatus For Providing Redundant Data Access |
-
2020
- 2020-09-22 CN CN202011000095.9A patent/CN112187760B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101622596A (en) * | 2006-12-06 | 2010-01-06 | 弗森多系统公司(dba弗森-艾奥) | Apparatus, system, and method for managing data in a storage device with an empty data token directive |
| CN101102506A (en) * | 2007-08-01 | 2008-01-09 | 北京创毅视讯科技有限公司 | A multi-media broadcast data transmission method, device and system |
| CN101783789A (en) * | 2009-01-16 | 2010-07-21 | 深圳市维信联合科技有限公司 | Method, device and system for transmitting and processing network packet |
| WO2013147807A1 (en) * | 2012-03-29 | 2013-10-03 | Intel Corporation | Techniques for forwarding or receiving data segments associated with a large data packet |
| CN103618754A (en) * | 2013-12-20 | 2014-03-05 | 山东中创软件商用中间件股份有限公司 | Cookie anti-tamper method and device |
| CN106664290A (en) * | 2015-05-26 | 2017-05-10 | 华为技术有限公司 | Data transmission method and device for photoelectric hybrid network |
| CN106375406A (en) * | 2016-08-31 | 2017-02-01 | 浙江创佳数字技术有限公司 | Terminal system upgrading method |
| CN107733875A (en) * | 2017-09-21 | 2018-02-23 | 深圳市盛路物联通讯技术有限公司 | A kind of data transmission method and system |
| CN108023884A (en) * | 2017-12-05 | 2018-05-11 | 北京军秀咨询有限公司 | A kind of encryption method of Networks and information security |
| CN109962888A (en) * | 2017-12-22 | 2019-07-02 | 航天信息股份有限公司 | A kind of anti-tamper business access method, client and server |
| CN109586896A (en) * | 2018-11-14 | 2019-04-05 | 陕西师范大学 | A kind of data integrity verification method based on Hash prefix trees |
| CN110943999A (en) * | 2019-12-05 | 2020-03-31 | 拉货宝网络科技有限责任公司 | Logistics multi-bin network intercommunication and monitoring method |
Non-Patent Citations (1)
| Title |
|---|
| 基于广播加密的P2P社交网络方案的设计与实现;周大伟;《计算机应用与软件》;20170515(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112187760A (en) | 2021-01-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3356988B1 (en) | Method and system for verifiable searchable symmetric encryption | |
| CN111209334B (en) | Power terminal data security management method based on block chain | |
| US8423770B2 (en) | Method and system for providing secure codes for marking on items | |
| KR20040033159A (en) | Method for cryptographing wireless data and apparatus thereof | |
| CN106533658A (en) | URL tamper-proofing signature and signature verification method based on MD5 algorithm | |
| CN110912921B (en) | Safety data verification system and method for industrial control system | |
| CN113379420A (en) | Block chain execution intelligent contract method, computer equipment and block chain system | |
| CN113365270A (en) | RFID multi-label joint authentication system and method based on application of Internet of things | |
| CN115733659B (en) | Encryption intelligent contract detection system based on block chain | |
| EP3180889A2 (en) | Protecting against malicious modification in cryptographic operations | |
| EP2306377A1 (en) | Method and system for providing secure codes for marking on items | |
| EP3167399B1 (en) | Method for providing encrypted information and encrypting entity | |
| CN112351040B (en) | Network request validity verification method applied to logistics network | |
| CN112187760B (en) | Network request tamper-proof method based on data splitting | |
| CN117439799A (en) | Anti-tampering method for http request data | |
| CN110177116B (en) | Secure data transmission method and device for intelligent identification network | |
| Lipp | A mechanised computational analysis of the wireguard virtual private network protocol | |
| CN107261502A (en) | A kind of anti-external store system of game on line based on procotol and method | |
| CN114510734B (en) | Data access control method, device and computer readable storage medium | |
| Fenske et al. | Security notions for fully encrypted protocols | |
| CN106936834B (en) | Method for intrusion detection of IEC61850 digital substation SMV message | |
| CN114499995B (en) | Method, device and system for preventing replay attack | |
| CN110881029B (en) | Data transmission control method and device, storage medium and terminal | |
| CN112134881B (en) | Network request tamper-proof method based on serial number | |
| CN113411397A (en) | Data secure transmission method and system based on Internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |