CN112217810A - Request response method, device, equipment and medium - Google Patents
Request response method, device, equipment and medium Download PDFInfo
- Publication number
- CN112217810A CN112217810A CN202011034810.0A CN202011034810A CN112217810A CN 112217810 A CN112217810 A CN 112217810A CN 202011034810 A CN202011034810 A CN 202011034810A CN 112217810 A CN112217810 A CN 112217810A
- Authority
- CN
- China
- Prior art keywords
- target
- request
- encryption
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 112
- 230000004044 response Effects 0.000 title claims abstract description 76
- 230000003287 optical effect Effects 0.000 claims abstract description 13
- 238000004590 computer program Methods 0.000 claims description 13
- 230000006854 communication Effects 0.000 abstract description 33
- 239000003795 chemical substances by application Substances 0.000 description 55
- 230000006870 function Effects 0.000 description 16
- 238000004891 communication Methods 0.000 description 14
- 230000005540 biological transmission Effects 0.000 description 13
- 238000012545 processing Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 238000010586 diagram Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 6
- 238000012544 monitoring process Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 230000008878 coupling Effects 0.000 description 1
- 238000010168 coupling process Methods 0.000 description 1
- 238000005859 coupling reaction Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000008571 general function Effects 0.000 description 1
- 230000008707 rearrangement Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention discloses a request response method, a request response device, request response equipment and a request response medium. The method comprises the following steps: intercepting a target request pointing to a server through a preset target agent when the target request is monitored, and encrypting the target request to obtain a target encryption request; and sending the target encryption request to a server so that the server decrypts the target encryption request in a pre-established AOP (automatic optical plane) section, and responding to the decrypted target request through a matched target back-end service. The technical scheme ensures the data integrity and security in the whole communication process, solves the data security problem in the network communication process, is decoupled from the service logic and is convenient to maintain the code function.
Description
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a request response method, apparatus, device, and medium.
Background
With the continuous development of scientific technology, the status of communication security is gradually rising, and more enterprises and individuals begin to pay attention to whether information related to the enterprises and individuals is safe or not. In the financial industry, with the rapid development of financial services, service data transmission between financial units is more and more frequent, and the number of private data related to users or enterprises is very large, so that it is very necessary to construct a secure financial service network platform to provide a reliable and secure environment for transmitting service data for financial users.
Currently, HTTP (Hyper Text Transfer Protocol) is the most widely applied transmission Protocol in the current market, and clear Text transmission is adopted, so that the integrity and the security of data in the transmission process cannot be guaranteed. HTTPS is an HTTP channel with Security as a target, and is a network protocol that is constructed by adding TLS (Transport Layer Security)/SSL (Secure Sockets Layer) protocol based on HTTP and can perform encrypted transmission and identity authentication.
Although HTTPS introduces a digital authentication and encryption mechanism, HTTPS can only prevent a user from being monitored communications unknowingly, and if the user trusts an untrusted address actively, a "man-in-the-middle" network can still be constructed, causing "man-in-the-middle attack", and then decrypting the transmission content. Moreover, the HTTPS connection cache is not as efficient as HTTP, and under the same network environment, HTTPS prolongs page loading time, and a large-traffic website needs to consider traffic cost. Besides, the digital certificate in the HTTPS needs to pay, the more powerful the certificate, the higher the certificate fee, the personal website and the small website are generally not used, and the coverage rate of the HTTPS is not high.
Disclosure of Invention
The embodiment of the invention provides a request response method, a request response device, request response equipment and a request response medium, and aims to solve the problem of data security in a network communication process.
In a first aspect, an embodiment of the present invention provides a request response method, applied to a client, including:
intercepting a target request pointing to a server through a preset target agent when the target request is monitored, and encrypting the target request to obtain a target encryption request;
and sending the target encryption request to a server, so that the server decrypts the target encryption request in a pre-established AOP (Aspect Oriented Programming) section, and responds to the decrypted target request through a matched target back-end service.
In a second aspect, an embodiment of the present invention further provides a request response method, applied to a server, including:
receiving a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
in a pre-established AOP section, decrypting the target encryption request to obtain a target request, and transmitting the target request to a matched target back-end service;
responding to the target request through the target backend service.
In a third aspect, an embodiment of the present invention further provides a request response apparatus, applied to a client, including:
the request intercepting and encrypting module is set to intercept a target request pointing to a server through a preset target agent and encrypt the target request to obtain a target encrypting request;
and the encryption request sending module is used for sending the target encryption request to a server so as to enable the server to decrypt the target encryption request in a pre-established AOP (automatic optical plane) section and respond to the decrypted target request through a matched target back-end service.
In a fourth aspect, an embodiment of the present invention further provides a request response apparatus, which is applied to a server, and includes:
an encryption request receiving module configured to receive a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
the encryption request decryption module is arranged for decrypting the target encryption request in a pre-established AOP section to obtain a target request and transmitting the target request to a matched target back-end service;
and the request response module is set to respond to the target request through the target back-end service.
In a fifth aspect, an embodiment of the present invention further provides a client, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the request response method applied to the client according to any embodiment of the present invention when executing the program.
In a sixth aspect, an embodiment of the present invention further provides a server, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor executes the computer program to implement the request response method applied to the server according to any embodiment of the present invention.
In a seventh aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the request response method applied to the client according to any embodiment of the present invention.
In an eighth aspect, the embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the request response method applied to a server according to any embodiment of the present invention.
In the technical scheme provided by the embodiment of the invention, when a target agent preset in a client monitors a target request pointing to a server, the target request is intercepted and encrypted, so that the client sends the obtained target encryption request to the server, after the server receives the target encryption request, the target encryption request is decrypted in a pre-established AOP section, and the target request obtained after decryption is sent to a matched target back-end service for response, thereby ensuring the data integrity and security in the whole communication process, further solving the data security problem in the network communication process, being decoupled from service logic and facilitating the maintenance of the code function.
Drawings
Fig. 1 is a flowchart illustrating a request response method according to a first embodiment of the present invention;
fig. 2 is a flowchart illustrating a request response method according to a second embodiment of the present invention;
fig. 3 is a flowchart illustrating a request response method according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a request response device in the fourth embodiment of the present invention;
fig. 5 is a schematic structural diagram of a request response device in a fifth embodiment of the present invention;
fig. 6 is a schematic hardware structure diagram of a client according to a sixth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.
Example one
Fig. 1 is a flowchart of a request response method according to an embodiment of the present invention, which may be applied to solve a data security problem in a network communication process, for example, a transmission security problem of financial data, and the method may be executed by a request response apparatus applied to a client according to an embodiment of the present invention, where the apparatus may be implemented in software and/or hardware, and may be generally integrated in the client.
As shown in fig. 1, the request response method provided in this embodiment is applied to a client, and specifically includes:
s110, intercepting a target request when the preset target agent monitors the target request pointing to a server, and encrypting the target request to obtain a target encryption request.
The target Proxy, which refers to a service Proxy in the client, must pass any access to the target object. Through the target agent, operations such as filtering, rewriting and the like can be performed on external access, and for example, some operations (such as attribute lookup, assignment, enumeration, function call and the like) can be customized by using the target agent.
In this embodiment, the target agent is configured to monitor a target request directed to the server, intercept the target request when the target request is monitored, encrypt the intercepted target request, and generate a target encryption request corresponding to the target request. The target agent can block the target object of the request and uniformly process various target requests.
Optionally, there are one or more encryption algorithms pre-stored in the target agent. The pre-stored encryption algorithm may be a symmetric encryption algorithm or an asymmetric encryption algorithm.
Symmetric encryption algorithms, also known as single key encryption algorithms, refer to encryption methods that employ single key cryptosystems, where one key is used to both encrypt and decrypt information.
The asymmetric encryption algorithm is a secret key encryption method, two different secret keys of a public key and a private key exist, the public key corresponds to the private key one by one, the public key is usually used for encrypting encrypted data, and the private key corresponding to the public key is used for decrypting the encrypted data.
S120, the target encryption request is sent to the server so that the server decrypts the target encryption request in a pre-established AOP section, and the target request obtained after decryption is responded through the matched target back-end service.
The client sends a target encryption request corresponding to the target request to the server, after the server receives the target encryption request, the server intercepts the target encryption request through an AOP method, decrypts the target encryption request in a pre-established AOP section to obtain the target request corresponding to the target encryption request, and transmits the target request obtained through decryption to a matched target back-end service so that the target back-end service can respond to the target request.
The AOP is a programming idea that a Spring frame faces to a section, adopts a technology called transverse cutting, extracts and independently packages general functions related to multiple business processes to form independent sections, and transversely cuts the sections into positions designated by the business processes at proper time.
In this embodiment, the pre-established AOP section is used to decrypt the received target encryption request, and isolate the decryption process of the target encryption request from the response process of the target encryption request (i.e., the target request corresponding to the target encryption request), so that the coupling degree between the decryption method and the response method of the target encryption request is reduced, and the decryption code of the target encryption request does not need to be added to the corresponding backend service program, so that the code maintenance is more convenient and efficient.
Optionally, under the condition that multiple encryption algorithms exist between the server and the client, encrypting the target request through a preset target agent to obtain a target encryption request may include:
the method comprises the steps that a preset target agent selects one encryption algorithm from a plurality of encryption algorithms as a target encryption algorithm, encrypts a target request according to the target encryption algorithm, and adds a target zone bit corresponding to the target encryption algorithm to obtain the target encryption request, so that a server decrypts the target encryption request according to the target encryption algorithm in a pre-established AOP section matched with the target zone bit.
In the case that multiple encryption algorithms are pre-stored correspondingly between the server and the client, in order to improve the security of data transmission, the target agent may select any one of the encryption algorithms as a target encryption algorithm, and encrypt the target request, for example, one encryption algorithm may be randomly selected, or one encryption algorithm may be selected according to a preset policy, and the like, which is not specifically limited in this embodiment.
Each pre-stored encryption algorithm corresponds to an identity, and the corresponding relation between the encryption algorithm and the identity is pre-stored in the client and the server. The identity of the encryption algorithm selected by the target agent can be notified to the server through a preset target zone bit. Optionally, the target flag bit is added to a request header of the target encryption request.
Optionally, under the condition that multiple encryption algorithms are pre-stored correspondingly between the server and the client, an AOP section corresponding to each encryption algorithm may be pre-established in the server, and one AOP section corresponds to one encryption algorithm, and is used to implement decryption of the target encryption request according to the encryption algorithm, so as to obtain a real target request.
When the server receives the target encryption request, the target zone bit in the target encryption request is analyzed, a target encryption algorithm corresponding to the target zone bit is determined, namely the target encryption algorithm corresponding to the identity in the target zone bit is determined based on the corresponding relation between the encryption algorithm and the identity, and the target encryption request is decrypted in the AOP section corresponding to the target zone bit, namely the AOP section corresponding to the target encryption algorithm.
Optionally, in a case that only one encryption algorithm correspondingly exists between the server and the client, encrypting the target request through a preset target agent to obtain a target encryption request may include:
and encrypting the target request according to a preset target encryption algorithm by using a preset target agent to obtain a target encryption request, so that the server decrypts the target encryption request according to the target encryption algorithm in a pre-established AOP section.
Under the condition that only one encryption algorithm is prestored correspondingly between the server and the client, the target agent encrypts the target request according to the encryption algorithm. Under the condition, a target zone bit for indicating the identity of the encryption algorithm does not need to be added in the target encryption request, and further, an AOP (automatic optical plane) section for decrypting the target encryption request is pre-established in the server. And after the server receives the target encryption request, decrypting the target encryption request according to a pre-stored target encryption algorithm in a pre-established AOP section.
To increase the complexity of the target encryption algorithm, the target encryption algorithm may be an encryption method combining a symmetric encryption method and an asymmetric encryption method.
As an alternative embodiment, the symmetric encryption method includes an AES encryption algorithm, and the asymmetric encryption method includes an RSA encryption algorithm; correspondingly, encrypting the target request according to a preset target encryption algorithm by a preset target agent to obtain a target encryption request may include:
randomly generating a target symmetric key of an AES encryption algorithm through a preset target agent, and encrypting a target request by using the target symmetric key to generate a first encrypted data string; encrypting a target symmetric secret key by using a pre-stored RSA encryption algorithm public key corresponding to the server through a preset target agent to generate a second encrypted data string; and combining the first encrypted data string and the second encrypted data string to form a target encryption request.
After a target agent in a client intercepts a target request, a target symmetric key1 of AES can be randomly generated in a self-defined function, data to be requested to a back-end service in a target object corresponding to the target request is symmetrically encrypted by using a target symmetric key1 to generate a first encrypted data string data1, the randomly generated target symmetric key1 is encrypted by using an RSA encryption algorithm public key agreed with a server to generate a second encrypted data string data2, and the first encrypted data string data1 and the second encrypted data string data2 are assembled in a json format to form the target encrypted request and are sent to the server. Optionally, the second encrypted data string data2 is located in the request header of the target encryption request, and the first encrypted data string data1 is located in the request body of the target encryption request.
The method comprises the steps that after a server receives a target encryption request, the target encryption request is intercepted based on an AOP (automatic optic protocol) intercepting method, a second encryption data string data2 in the target encryption request is firstly obtained in a pre-constructed AOP section, a pre-stored RSA encryption algorithm private key agreed with a client side is used for decrypting the second encryption data string data2 to obtain a target symmetric key1, then a first encryption data string data1 in the target encryption request is obtained, and the first encryption data string data1 is decrypted by using the target symmetric key1 to obtain the target request. Furthermore, the backend service that actually processes the target request is called by using the data bit of the decrypted first encrypted data string data1, so that the backend service responds to the target request.
In the technical scheme, the encryption mode of RSA + AES is adopted, so that the security level of the communication data is improved, the data is not required to be intercepted and tampered or the integrity of the data is not damaged, and the integrity and the security of the communication data are also ensured.
In the technical scheme provided by the embodiment of the invention, when a target agent preset in a client monitors a target request pointing to a server, the target request is intercepted and encrypted, so that the client sends the obtained target encryption request to the server, after the server receives the target encryption request, the target encryption request is decrypted in a pre-established AOP section, and the target request obtained after decryption is sent to a matched target back-end service for response, thereby ensuring the data integrity and security in the whole communication process, further solving the data security problem in the network communication process, being decoupled from service logic and facilitating the maintenance of the code function.
The technical scheme provided by the embodiment of the invention can be suitable for various HTTP or HTTPS communication scenes, makes up the possibility of interception and tampering of HTTP data, and can make up the problem of user data security threat possibly caused by the fact that a user trusts an untrusted third party mechanism in the HTTPS scene, and can realize secure communication without depending on SSL secure communication and paying extra cost for any large, medium or small websites.
Further, on the basis of the above technical solution, after sending the target encryption request to the server, the method further includes:
receiving target response data corresponding to the target request fed back by the server and a target token of the session; intercepting a subsequent request carrying a target token when the subsequent request is monitored by a preset target agent, and encrypting the subsequent request by using a target symmetric key to obtain a subsequent encryption request; and sending the subsequent encryption request to the server so that the server decrypts the subsequent encryption request in the matched AOP section according to the target symmetric key corresponding to the target token carried by the subsequent encryption request.
After the server decrypts the second encrypted data string data2 by using the pre-stored private key of the RSA encryption algorithm agreed with the client to obtain the target symmetric key1, the server may generate the target token of the session, associate and store the target token and the target symmetric key1, and when feeding back the target response data corresponding to the target request to the client, return the target token of the session together. Optionally, the target token is added to the response header for feedback, or the target token is added to the response body for feedback, which is not specifically limited in this embodiment.
And after receiving the target token of the session, the client adds the target token in a subsequent request of the session. When the target agent in the client intercepts the subsequent request carrying the target token, the target agent continues to encrypt the subsequent request by using the target symmetric key1 to obtain a subsequent encryption request (the subsequent encryption request also carries the target token). After the client sends the subsequent encryption request to the server, the server intercepts the subsequent encryption request based on an AOP method, obtains a target symmetric key1 which is stored in a relevant mode according to the target token in a preset AOP section, decrypts the subsequent encryption request by using the target symmetric key1, and then calls a matched back-end service to respond to the decrypted subsequent encryption request. And repeating the following requests in the session until the session is ended.
In the technical scheme, only one-time RSA asymmetric encryption is needed, the target token is used for saving the session state subsequently, and the AES symmetric key is used for encryption and decryption, so that the problem of low encryption and decryption efficiency of the RSA asymmetric encryption algorithm is solved, the problem of unsafety in saving the symmetric key of the AES symmetric encryption algorithm is solved, the occupation of network communication resources is reduced, and the service processing efficiency is improved.
Example two
Fig. 2 is a flowchart of a request response method according to a second embodiment of the present invention, which may be applied to solve a data security problem in a network communication process, for example, a transmission security problem of financial data, and the method may be executed by a request response apparatus applied to a server according to the second embodiment of the present invention, where the apparatus may be implemented in software and/or hardware, and may be generally integrated in the server.
As shown in fig. 2, the request response method provided in this embodiment is applied to a server, and specifically includes:
s210, receiving a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in the client monitors the target request pointing to the server.
When monitoring a target request pointing to a server, a preset target agent in a client intercepts the target request, encrypts the target request to obtain a target encryption request, and sends the target encryption request to the server.
S220, in the pre-established AOP section, the target encryption request is decrypted to obtain a target request, and the target request is transmitted to the matched target back-end service.
After receiving the target encryption request, the server intercepts the target encryption request through an AOP method, decrypts the target encryption request in a pre-established AOP section to obtain a target request corresponding to the target encryption request, and transmits the target request obtained by decryption to a matched target back-end service so that the target back-end service responds to the target request.
Optionally, in a case that multiple encryption algorithms exist between the server and the client, decrypting the target encryption request in a pre-established AOP section to obtain the target request includes:
and in a pre-established AOP section matched with a target zone bit carried by the target encryption request, decrypting the target encryption request according to a target encryption algorithm corresponding to the target zone bit to obtain the target request.
In the case that multiple encryption algorithms are pre-stored correspondingly between the server and the client, in order to improve the security of data transmission, the target agent may select any one of the encryption algorithms as a target encryption algorithm, and encrypt the target request, for example, one encryption algorithm may be randomly selected, or one encryption algorithm may be selected according to a preset policy, and the like, which is not specifically limited in this embodiment.
Under the condition that a plurality of encryption algorithms are correspondingly pre-stored between the server and the client, an AOP section corresponding to each encryption algorithm can be pre-established in the server, and one AOP section corresponds to one encryption algorithm and is used for decrypting a target encryption request according to the encryption algorithm to obtain a real target request.
Each pre-stored encryption algorithm corresponds to an identity, and the corresponding relation between the encryption algorithm and the identity is pre-stored in the client and the server. The identity of the encryption algorithm selected by the target agent can be notified to the server through a preset target zone bit. Optionally, the target flag bit is added to a request header of the target encryption request.
When the server receives the target encryption request, the target zone bit in the target encryption request is analyzed, a target encryption algorithm corresponding to the target zone bit is determined, namely the target encryption algorithm corresponding to the identity in the target zone bit is determined based on the corresponding relation between the encryption algorithm and the identity, and the target encryption request is decrypted in the AOP section corresponding to the target zone bit, namely the AOP section corresponding to the target encryption algorithm.
Optionally, in a case that only one encryption algorithm exists between the server and the client, decrypting the target encryption request in a pre-established AOP section to obtain the target request includes:
and in the pre-established AOP section, decrypting the target encryption request according to a preset target encryption algorithm to obtain the target request.
Under the condition that only one encryption algorithm is prestored correspondingly between the server and the client, the target agent encrypts the target request according to the encryption algorithm. Under the condition, a target zone bit for indicating the identity of the encryption algorithm does not need to be added in the target encryption request, and further, an AOP (automatic optical plane) section for decrypting the target encryption request is pre-established in the server. And after the server receives the target encryption request, decrypting the target encryption request according to a pre-stored target encryption algorithm in a pre-established AOP section.
To increase the complexity of the target encryption algorithm, the target encryption algorithm may be an encryption method combining a symmetric encryption method and an asymmetric encryption method.
As an alternative embodiment, the symmetric encryption method includes an AES encryption algorithm, and the asymmetric encryption method includes an RSA encryption algorithm; correspondingly, decrypting the target encryption request according to the target encryption algorithm to obtain the target request may include:
acquiring a second encrypted data string in the target encryption request, and decrypting the second encrypted data string by using a prestored RSA encryption algorithm private key corresponding to the client to obtain a target symmetric secret key; and acquiring a first encrypted data string in the target encryption request, and decrypting the first encrypted data string by using the target symmetric key to obtain the target request.
After a target agent in a client intercepts a target request, a target symmetric key1 of AES can be randomly generated in a self-defined function, data to be requested to a back-end service in a target object corresponding to the target request is symmetrically encrypted by using a target symmetric key1 to generate a first encrypted data string data1, the randomly generated target symmetric key1 is encrypted by using an RSA encryption algorithm public key agreed with a server to generate a second encrypted data string data2, and the first encrypted data string data1 and the second encrypted data string data2 are assembled in a json format to form the target encrypted request and are sent to the server. Optionally, the second encrypted data string data2 is located in the request header of the target encryption request, and the first encrypted data string data1 is located in the request body of the target encryption request.
The method comprises the steps that after a server receives a target encryption request, the target encryption request is intercepted based on an AOP (automatic optic protocol) intercepting method, a second encryption data string data2 in the target encryption request is firstly obtained in a pre-constructed AOP section, a pre-stored RSA encryption algorithm private key agreed with a client side is used for decrypting the second encryption data string data2 to obtain a target symmetric key1, then a first encryption data string data1 in the target encryption request is obtained, and the first encryption data string data1 is decrypted by using the target symmetric key1 to obtain the target request.
In the technical scheme, the encryption mode of RSA + AES is adopted, so that the security level of the communication data is improved, the data is not required to be intercepted and tampered or the integrity of the data is not damaged, and the integrity and the security of the communication data are also ensured.
And S230, responding to the target request through the target back-end service.
And calling a target back-end service for really processing the target request by using the data bit of the decrypted first encrypted data string data1, responding to the target request by the target back-end service, and feeding back response data to the client.
For those parts of this embodiment that are not explained in detail, reference is made to the aforementioned embodiments, which are not repeated herein.
In the technical scheme provided by the embodiment of the invention, when a target agent preset in a client monitors a target request pointing to a server, the target request is intercepted and encrypted, so that the client sends the obtained target encryption request to the server, after the server receives the target encryption request, the target encryption request is decrypted in a pre-established AOP section, and the target request obtained after decryption is sent to a matched target back-end service for response, thereby ensuring the data integrity and security in the whole communication process, further solving the data security problem in the network communication process, being decoupled from service logic and facilitating the maintenance of the code function.
Further, on the basis of the above technical solution, after obtaining the target request, the method further includes: generating a target token of the session, and performing associated storage on the target token and a target symmetric key; correspondingly, responding to the target request through the target backend service may include:
target response data corresponding to the target request and a target token of the session are fed back to the client; and if a subsequent encryption request carrying the target token is received, decrypting the subsequent encryption request by using the target symmetric key stored in association with the target token.
After the server decrypts the second encrypted data string data2 by using the pre-stored private key of the RSA encryption algorithm agreed with the client to obtain the target symmetric key1, the server may generate the target token of the session, associate and store the target token and the target symmetric key1, and when feeding back the target response data corresponding to the target request to the client, return the target token of the session together. Optionally, the target token is added to the response header for feedback, or the target token is added to the response body for feedback, which is not specifically limited in this embodiment.
And after receiving the target token of the session, the client adds the target token in a subsequent request of the session. When the target agent in the client intercepts the subsequent request carrying the target token, the target agent continues to encrypt the subsequent request by using the target symmetric key1 to obtain a subsequent encryption request (the subsequent encryption request also carries the target token). After the client sends the subsequent encryption request to the server, the server intercepts the subsequent encryption request based on an AOP method, obtains a target symmetric key1 which is stored in a relevant mode according to the target token in a preset AOP section, decrypts the subsequent encryption request by using the target symmetric key1, and then calls a matched back-end service to respond to the decrypted subsequent encryption request. And repeating the following requests in the session until the session is ended.
In the technical scheme, only one-time RSA asymmetric encryption is needed, the target token is used for saving the session state subsequently, and the AES symmetric key is used for encryption and decryption, so that the problem of low encryption and decryption efficiency of the RSA asymmetric encryption algorithm is solved, the problem of unsafety in saving the symmetric key of the AES symmetric encryption algorithm is solved, the occupation of network communication resources is reduced, and the service processing efficiency is improved.
EXAMPLE III
Fig. 3 is a flowchart of a request response method according to a third embodiment of the present invention. The present embodiment provides a specific implementation manner based on the above embodiments.
As shown in fig. 3, the request response method provided in this embodiment specifically includes:
s310, the client intercepts a target request pointing to the server when monitoring the target request through a preset target agent.
S320, the client randomly generates a target symmetric key1 of the AES in a self-defined function through a preset target agent, and symmetrically encrypts the target request by using the target symmetric key1 to generate a first encrypted data string data 1.
S330, the client encrypts the target symmetric key1 by using a preset target agent through an RSA encryption algorithm public key agreed with the server to generate a second encrypted data string data 2.
S340, the client assembles the first encrypted data string data1 and the second encrypted data string data2 in a json format through a preset target agent to form a target encryption request.
And S350, the client sends the target encryption request to the server.
And S360, after receiving the target encryption request, the server intercepts the target encryption request by using an AOP method.
S370, the server obtains the second encrypted data string data2 in the target encryption request in the pre-established AOP section, and decrypts the second encrypted data string data2 by using a pre-stored private key of the RSA encryption algorithm agreed with the client, so as to obtain a target symmetric key 1.
S380, the server obtains the first encrypted data string data1 in the target encryption request in a pre-established AOP section, and decrypts the first encrypted data string data1 by using a target symmetric key1 to obtain the target request.
S390, the server generates a target token of the session in a pre-established AOP section, and stores the target token and the target symmetric key1 in an associated manner.
S3100, the server participates in the decrypted data bit of the first encrypted data string data1 in a pre-established AOP section to call the matched target back-end service.
S3110, the server responds to the target request through the target back-end service, and feeds back response data corresponding to the target request and the target token of the session to the client.
S3120, the client receives the target token of the session, when the subsequent request carrying the target token is intercepted by the target agent, the subsequent request is encrypted by continuously using the target symmetric key1 to obtain a subsequent encryption request, and the subsequent encryption request is sent to the server.
And S3130, the server receives the subsequent encryption request, intercepts the subsequent encryption request based on an AOP method, acquires a target symmetric key1 which is stored in a relevant manner according to the target token in a preset AOP section, decrypts the subsequent encryption request by using the target symmetric key1, and puts the data bits obtained by decryption into a reference call matched target back-end service.
For those parts of this embodiment that are not explained in detail, reference is made to the aforementioned embodiments, which are not repeated herein.
In the front-end and back-end secure communication scheme based on target agent monitoring, a target object requesting back-end service is intercepted through a target agent, data are encrypted by using RSA and AES in a self-defined function, an encryption string is assembled in a json format and then transmitted to the corresponding back-end service, the back-end service is intercepted by an AOP party firstly, decrypted by using a corresponding decryption mode and then transmitted to a back-end function service method for actually processing the request, the returned data comprise a token, the token can be carried before the session is finished, and the token is associated with a symmetric key so as to perform encryption and decryption of each subsequent request. Therefore, the technical scheme provided by the embodiment ensures the data integrity and the security in the whole communication process, further solves the data security problem in the network communication process, is decoupled from the service logic, and is convenient for maintaining the code function.
Example four
Fig. 4 is a schematic structural diagram of a request response device according to a fourth embodiment of the present invention, which is applicable to solve a data security problem in a network communication process, for example, a transmission security problem of financial data, and the device may be implemented in a software and/or hardware manner, and may be generally integrated in a client.
As shown in fig. 4, the request response device, applied to a client, specifically includes: a request interception encryption module 410 and an encryption request transmission module 420. Wherein the content of the first and second substances,
a request interception encryption module 410, configured to intercept a target request directed to a server when the target request is monitored by a preset target agent, and encrypt the target request to obtain a target encryption request;
an encryption request sending module 420 configured to send the target encryption request to a server, so that the server decrypts the target encryption request in a pre-established AOP profile, and responds to the decrypted target request through a matched target backend service.
In the technical scheme provided by the embodiment of the invention, when a target agent preset in a client monitors a target request pointing to a server, the target request is intercepted and encrypted, so that the client sends the obtained target encryption request to the server, after the server receives the target encryption request, the target encryption request is decrypted in a pre-established AOP section, and the target request obtained after decryption is sent to a matched target back-end service for response, thereby ensuring the data integrity and security in the whole communication process, further solving the data security problem in the network communication process, being decoupled from service logic and facilitating the maintenance of the code function.
Optionally, under the condition that multiple encryption algorithms exist between the server and the client, the request intercepting and encrypting module 410 is specifically configured to intercept a target request directed to the server when the target request is monitored by a preset target agent, select one encryption algorithm from the multiple encryption algorithms as a target encryption algorithm, encrypt the target request according to the target encryption algorithm, and obtain a target encryption request after adding a target flag bit corresponding to the target encryption algorithm, so that the server decrypts the target encryption request according to the target encryption algorithm in a pre-established AOP section matched with the target flag bit.
Optionally, under the condition that only one encryption algorithm exists between the server and the client, the request intercepting and encrypting module 410 is specifically configured to intercept the target request when monitoring the target request directed to the server through a preset target agent, and encrypt the target request according to a preset target encryption algorithm to obtain a target encryption request, so that the server decrypts the target encryption request according to the target encryption algorithm in a pre-established AOP section.
Optionally, the target encryption algorithm includes an encryption method combining a symmetric encryption method and an asymmetric encryption method.
Optionally, the symmetric encryption method includes an AES encryption algorithm, and the asymmetric encryption method includes an RSA encryption algorithm;
correspondingly, the request interception encryption module 410 is specifically configured to randomly generate a target symmetric key of an AES encryption algorithm through a preset target agent, encrypt the target request by using the target symmetric key, and generate a first encrypted data string; encrypting the target symmetric secret key by using a pre-stored RSA encryption algorithm public key corresponding to the server through a preset target agent to generate a second encrypted data string; and combining the first encrypted data string and the second encrypted data string to form the target encryption request.
Further, the above apparatus further comprises: the session token receiving module is configured to receive target response data corresponding to the target request and fed back by the server after the target encryption request is sent to the server, and a target token of the session;
correspondingly, the session subsequent request processing module is configured to intercept a subsequent request carrying the target token when the subsequent request is monitored through a preset target agent, and encrypt the subsequent request by using the target symmetric key to obtain a subsequent encryption request; and sending the subsequent encryption request to a server so that the server decrypts the subsequent encryption request in the matched AOP section according to the target symmetric key corresponding to the target token carried by the subsequent encryption request.
The request response device applied to the client can execute the request response method applied to the client provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects for executing the request response method applied to the client.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a request response device according to a fifth embodiment of the present invention, which is applicable to solve a data security problem in a network communication process, for example, a transmission security problem of financial data, and the device may be implemented in software and/or hardware, and may be generally integrated in a server.
As shown in fig. 5, the request response device, applied to a server, specifically includes: an encryption request receiving module 510, an encryption request decrypting module 520, and a request responding module 530. Wherein the content of the first and second substances,
an encryption request receiving module 510 configured to receive a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
an encryption request decryption module 520 configured to decrypt the target encryption request in a pre-established AOP section to obtain a target request, and transmit the target request to a matched target backend service;
a request response module 530 configured to respond to the target request via the target backend service.
In the technical scheme provided by the embodiment of the invention, when a target agent preset in a client monitors a target request pointing to a server, the target request is intercepted and encrypted, so that the client sends the obtained target encryption request to the server, after the server receives the target encryption request, the target encryption request is decrypted in a pre-established AOP section, and the target request obtained after decryption is sent to a matched target back-end service for response, thereby ensuring the data integrity and security in the whole communication process, further solving the data security problem in the network communication process, being decoupled from service logic and facilitating the maintenance of the code function.
Optionally, under the condition that multiple encryption algorithms exist between the server and the client, the encryption request decryption module 520 is specifically configured to decrypt, in a pre-established AOP slice that matches a target zone bit carried by the target encryption request, the target encryption request according to the target encryption algorithm corresponding to the target zone bit, so as to obtain the target request.
Optionally, under the condition that only one encryption algorithm exists between the server and the client, the encryption request decryption module 520 is specifically configured to decrypt the target encryption request according to a preset target encryption algorithm in a pre-established AOP section to obtain the target request.
Optionally, the target encryption algorithm includes an encryption method combining a symmetric encryption method and an asymmetric encryption method.
Optionally, the symmetric encryption method includes an AES encryption algorithm, and the asymmetric encryption method includes an RSA encryption algorithm;
correspondingly, the encryption request decryption module 520 is specifically configured to obtain a second encrypted data string in the target encryption request, and decrypt the second encrypted data string by using a pre-stored RSA encryption algorithm private key corresponding to the client to obtain a target symmetric key; and acquiring a first encrypted data string in the target encryption request, and decrypting the first encrypted data string by using the target symmetric key to obtain the target request.
Further, the above apparatus further comprises: the session token generation module is set to generate a target token of the session after a target request is obtained, and store the target token and the target symmetric key in a correlation manner;
correspondingly, the request response module 530 is specifically configured to set target response data corresponding to the target request and the target token of the current session, which are fed back to the client; and if a subsequent encryption request carrying the target token is received, decrypting the subsequent encryption request by using the target symmetric secret key stored in association with the target token.
The request response device applied to the server can execute the request response method applied to the server provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects for executing the request response method applied to the server.
EXAMPLE six
Fig. 6 is a schematic diagram of a hardware structure of a client according to a sixth embodiment of the present invention. Fig. 6 illustrates a block diagram of an exemplary client 12 suitable for use in implementing embodiments of the present invention. The client 12 shown in fig. 6 is only an example and should not bring any limitation to the function and scope of use of the embodiments of the present invention.
As shown in fig. 6, the client 12 is in the form of a general purpose computing device. The components of the client 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The client 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by client 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM)30 and/or cache memory 32. The client 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 6, and commonly referred to as a "hard drive"). Although not shown in FIG. 6, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The client 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with the client 12, and/or with any devices (e.g., network card, modem, etc.) that enable the client 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the client 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the client 12 over the bus 18. It should be appreciated that although not shown in FIG. 6, other hardware and/or software modules may be used in conjunction with the client 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, implementing a request response method applied to a client provided by an embodiment of the present invention. That is, the processing unit implements, when executing the program:
intercepting a target request pointing to a server through a preset target agent when the target request is monitored, and encrypting the target request to obtain a target encryption request; and sending the target encryption request to a server so that the server decrypts the target encryption request in a pre-established AOP (automatic optical plane) section, and responding to the decrypted target request through a matched target back-end service.
EXAMPLE seven
The embodiment of the invention provides a server for executing the request response method applied to the server, and the server comprises the following steps: one or more processors; a memory for storing one or more programs; when the one or more programs are executed by the one or more processors, the one or more processors implement the request response method applied to the server according to the embodiment of the present invention: receiving a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server; in a pre-established AOP section, decrypting the target encryption request to obtain a target request, and transmitting the target request to a matched target back-end service; responding to the target request through the target backend service. The specific structure and the details thereof can be referred to fig. 6 and the sixth embodiment.
Example eight
An eighth embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements a request response method applied to a client as provided in all the inventive embodiments of this application: that is, the program when executed by the processor implements:
intercepting a target request pointing to a server through a preset target agent when the target request is monitored, and encrypting the target request to obtain a target encryption request;
and sending the target encryption request to a server so that the server decrypts the target encryption request in a pre-established AOP (automatic optical plane) section, and responding to the decrypted target request through a matched target back-end service.
Or, the program is executed by a processor to implement a request response method applied to a server as provided in all inventive embodiments of this application: that is, the program when executed by the processor implements:
receiving a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
in a pre-established AOP section, decrypting the target encryption request to obtain a target request, and transmitting the target request to a matched target back-end service;
responding to the target request through the target backend service.
Any combination of one or more computer-readable media may be employed. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + +, or the like, as well as conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (17)
1. A request response method is applied to a client and comprises the following steps:
intercepting a target request pointing to a server through a preset target agent when the target request is monitored, and encrypting the target request to obtain a target encryption request;
and sending the target encryption request to a server so that the server decrypts the target encryption request in a pre-established section-oriented programming (AOP) section, and responding to the decrypted target request through a matched target back-end service.
2. The method according to claim 1, wherein in a case that a plurality of encryption algorithms exist between the server and the client, encrypting the target request through a preset target agent to obtain a target encryption request comprises:
the method comprises the steps that a preset target agent selects one encryption algorithm from a plurality of encryption algorithms as a target encryption algorithm, encrypts a target request according to the target encryption algorithm, and adds a target zone bit corresponding to the target encryption algorithm to obtain the target encryption request, so that a server decrypts the target encryption request according to the target encryption algorithm in a pre-established AOP section matched with the target zone bit.
3. The method according to claim 1, wherein in a case that only one encryption algorithm exists between the server and the client, encrypting the target request through a preset target agent to obtain a target encryption request comprises:
and encrypting the target request according to a preset target encryption algorithm by a preset target agent to obtain a target encryption request, so that the server decrypts the target encryption request in a pre-established AOP section according to the target encryption algorithm.
4. A method according to claim 2 or 3, wherein the target encryption algorithm comprises an encryption method combining a symmetric encryption method and an asymmetric encryption method.
5. The method of claim 4, wherein the symmetric encryption method comprises an AES encryption algorithm and the asymmetric encryption method comprises an RSA encryption algorithm;
encrypting the target request through a preset target agent according to a preset target encryption algorithm to obtain a target encryption request, wherein the method comprises the following steps:
randomly generating a target symmetric key of an AES encryption algorithm through a preset target agent, and encrypting the target request by using the target symmetric key to generate a first encrypted data string;
encrypting the target symmetric secret key by using a pre-stored RSA encryption algorithm public key corresponding to the server through a preset target agent to generate a second encrypted data string;
and combining the first encrypted data string and the second encrypted data string to form the target encryption request.
6. The method of claim 4, after sending the target encryption request to the server, further comprising:
receiving target response data corresponding to the target request and fed back by the server, and a target token of the session;
intercepting a subsequent request carrying the target token when the subsequent request is monitored by a preset target agent, and encrypting the subsequent request by using the target symmetric key to obtain a subsequent encryption request;
and sending the subsequent encryption request to a server so that the server decrypts the subsequent encryption request in the matched AOP section according to the target symmetric key corresponding to the target token carried by the subsequent encryption request.
7. A request response method is applied to a server and comprises the following steps:
receiving a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
in a pre-established AOP section, decrypting the target encryption request to obtain a target request, and transmitting the target request to a matched target back-end service;
responding to the target request through the target backend service.
8. The method according to claim 7, wherein in a case that multiple encryption algorithms exist between the server and the client, decrypting the target encryption request in a pre-established AOP section to obtain a target request comprises:
and in a pre-established AOP section matched with a target zone bit carried by the target encryption request, decrypting the target encryption request according to a target encryption algorithm corresponding to the target zone bit to obtain the target request.
9. The method according to claim 7, wherein in a case that only one encryption algorithm exists between the server and the client, decrypting the target encryption request in a pre-established AOP section to obtain a target request comprises:
and in the pre-established AOP section, decrypting the target encryption request according to a preset target encryption algorithm to obtain a target request.
10. The method of claim 8 or 9, wherein the target encryption algorithm comprises an encryption method that combines a symmetric encryption method and an asymmetric encryption method.
11. The method of claim 10, wherein the symmetric encryption method comprises an AES encryption algorithm and the asymmetric encryption method comprises an RSA encryption algorithm;
decrypting the target encryption request according to the target encryption algorithm to obtain a target request, comprising:
acquiring a second encrypted data string in the target encryption request, and decrypting the second encrypted data string by using a prestored RSA encryption algorithm private key corresponding to the client to obtain a target symmetric secret key;
and acquiring a first encrypted data string in the target encryption request, and decrypting the first encrypted data string by using the target symmetric key to obtain the target request.
12. The method of claim 11, after obtaining the target request, further comprising: generating a target token of the session, and storing the target token and the target symmetric key in an associated manner;
responding to the target request through the target backend service, including:
target response data corresponding to the target request and a target token of the session are fed back to the client;
and if a subsequent encryption request carrying the target token is received, decrypting the subsequent encryption request by using the target symmetric secret key stored in association with the target token.
13. A request response device, applied to a client, comprising:
the request intercepting and encrypting module is set to intercept a target request pointing to a server through a preset target agent and encrypt the target request to obtain a target encrypting request;
and the encryption request sending module is used for sending the target encryption request to a server so as to enable the server to decrypt the target encryption request in a pre-established AOP (automatic optical plane) section and respond to the decrypted target request through a matched target back-end service.
14. A request response device, applied to a server, comprising:
an encryption request receiving module configured to receive a target encryption request; the target encryption request is obtained by intercepting a target request and encrypting the target request when a target agent preset in a client monitors the target request pointing to a server;
the encryption request decryption module is arranged for decrypting the target encryption request in a pre-established AOP section to obtain a target request and transmitting the target request to a matched target back-end service;
and the request response module is set to respond to the target request through the target back-end service.
15. A client comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements the method of any one of claims 1-6 when executing the program.
16. A server comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 7-12 when executing the program.
17. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method of any one of claims 1 to 6, or carries out the method of any one of claims 7 to 12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011034810.0A CN112217810A (en) | 2020-09-27 | 2020-09-27 | Request response method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011034810.0A CN112217810A (en) | 2020-09-27 | 2020-09-27 | Request response method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112217810A true CN112217810A (en) | 2021-01-12 |
Family
ID=74051160
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011034810.0A Pending CN112217810A (en) | 2020-09-27 | 2020-09-27 | Request response method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112217810A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080019507A1 (en) * | 2006-06-29 | 2008-01-24 | Incard S.A. | Method for Protecting IC Cards Against Power Analysis Attacks |
| CN105516161A (en) * | 2015-12-18 | 2016-04-20 | 福建天晴数码有限公司 | Method and system for safely obtaining http request |
| CN109857479A (en) * | 2018-12-14 | 2019-06-07 | 平安科技(深圳)有限公司 | Interface data processing method, device, computer equipment and storage medium |
| CN111132138A (en) * | 2019-12-06 | 2020-05-08 | 中国电子科技集团公司电子科学研究院 | Transparent communication protection method and device for mobile application program |
-
2020
- 2020-09-27 CN CN202011034810.0A patent/CN112217810A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080019507A1 (en) * | 2006-06-29 | 2008-01-24 | Incard S.A. | Method for Protecting IC Cards Against Power Analysis Attacks |
| CN105516161A (en) * | 2015-12-18 | 2016-04-20 | 福建天晴数码有限公司 | Method and system for safely obtaining http request |
| CN109857479A (en) * | 2018-12-14 | 2019-06-07 | 平安科技(深圳)有限公司 | Interface data processing method, device, computer equipment and storage medium |
| CN111132138A (en) * | 2019-12-06 | 2020-05-08 | 中国电子科技集团公司电子科学研究院 | Transparent communication protection method and device for mobile application program |
Non-Patent Citations (1)
| Title |
|---|
| 阿格琉斯的微笑: "SpringBoot自定义注解使用AOP实现请求参数解密以及响应数据加密", 《HTTPS://WWW.JIANSHU.COM/P/BC556A018C1B》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124534A (en) * | 2021-11-24 | 2022-03-01 | 航天信息股份有限公司 | Data interaction system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11102191B2 (en) | Enabling single sign-on authentication for accessing protected network services | |
| US9571471B1 (en) | System and method of encrypted transmission of web pages | |
| US9852300B2 (en) | Secure audit logging | |
| US20190014094A1 (en) | Systems and methods for secure multi-party communications using a proxy | |
| US10749667B2 (en) | System and method for providing satellite GTP acceleration for secure cellular backhaul over satellite | |
| US8745394B1 (en) | Methods and systems for secure electronic communication | |
| JP7420779B2 (en) | Key protection processing method, device, equipment and storage medium | |
| CN108964893B (en) | Key processing method, device, equipment and medium | |
| US10291600B2 (en) | Synchronizing secure session keys | |
| US10015144B2 (en) | Method and system for protecting data using data passports | |
| CN114826733B (en) | File transmission method, device, system, equipment, medium and program product | |
| CN109257347A (en) | Communication means and relevant apparatus, storage medium suitable for data interaction between bank | |
| CN112437044B (en) | Instant messaging method and device | |
| CN112966287A (en) | Method, system, device and computer readable medium for acquiring user data | |
| CN111698264A (en) | Method and apparatus for maintaining user authentication sessions | |
| KR101246818B1 (en) | Method for encryption of Finance transaction data | |
| CN112217810A (en) | Request response method, device, equipment and medium | |
| CN114650181B (en) | E-mail encryption and decryption method, system, equipment and computer readable storage medium | |
| CN115001828A (en) | Secure access method, system, electronic device and medium for transaction data | |
| CN110995730B (en) | Data transmission method and device, proxy server and proxy server cluster | |
| CN114584299A (en) | Data processing method and device, electronic equipment and storage medium | |
| US10686592B1 (en) | System and method to provide a secure communication of information | |
| CN113676482B (en) | Data transmission system and method and data transmission system and method based on double-layer SSL | |
| US12019778B1 (en) | Systems and methods to perform end to end encryption | |
| US20220069982A1 (en) | Caching encrypted content in an oblivious content distribution network, and system, compter-readable medium, and terminal for the same |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210112 |