CN112699374A - Integrity checking vulnerability security protection method and system - Google Patents
Integrity checking vulnerability security protection method and system Download PDFInfo
- Publication number
- CN112699374A CN112699374A CN202011575626.7A CN202011575626A CN112699374A CN 112699374 A CN112699374 A CN 112699374A CN 202011575626 A CN202011575626 A CN 202011575626A CN 112699374 A CN112699374 A CN 112699374A
- Authority
- CN
- China
- Prior art keywords
- request
- data
- client
- information
- signature
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 27
- 238000012545 processing Methods 0.000 claims abstract description 20
- 238000012795 verification Methods 0.000 claims description 17
- 230000001174 ascending effect Effects 0.000 claims description 6
- 230000005540 biological transmission Effects 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 6
- 238000011161 development Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 150000003839 salts Chemical class 0.000 description 5
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Abstract
The invention discloses a method and a system for integrity checking vulnerability security protection, wherein the method comprises the following steps: the client generates data to be signed of the client according to the URL information, the head information and the data information of the splicing request; the client carries out digital signature processing according to the user session signature identification information and the data to be signed of the client to obtain the signature information of the client, and sends a data request containing the signature information of the client to a server; and after receiving the data request, the server performs integrity check vulnerability security protection by using the client signature information in the data request.
Description
Technical Field
The invention relates to the field of application software security protection, in particular to a method and a system for integrity check vulnerability security protection.
Background
The integrity check vulnerability refers to that the system does not check the data integrity of the data submitted by the client at the server, so that the tampered data can be normally stored and read during the request sending process, and potential safety hazards exist, as shown in fig. 3.
At present, two solutions for integrity checking vulnerabilities are generally available:
one is to adopt a data encryption mechanism, and ensure data security by encrypting data in the transmission process. The disadvantage is that this scheme relies heavily on encryption algorithms, and if a simpler algorithm or code is used, once the person has obtained enough "samples", it will likely be possible to back-guess the decryption algorithm, revealing important data.
And the other is that the https communication protocol is adopted for data transmission, so that the safety of a data transmission channel is ensured. However, in an actual service application scenario, https cannot be used in the transmission process due to the limitation of factors such as the operating environment. The drawback of this scheme is that it is not suitable for all traffic scenarios.
Disclosure of Invention
In order to solve the problems that a data encryption algorithm is selected improperly, https cannot be used in a data transmission process and the like in the existing integrity check vulnerability solution, the invention provides a method and a system for carrying out security protection on integrity check vulnerabilities through a data signature check mechanism based on user session signature identifications.
The integrity check vulnerability security protection method provided by the embodiment of the invention comprises the following steps:
the client generates data to be signed of the client according to the URL information, the head information and the data information of the splicing request;
the client carries out digital signature processing according to the user session signature identification information and the data to be signed of the client to obtain the signature information of the client, and sends a data request containing the signature information of the client to a server;
and after receiving the data request, the server performs integrity check vulnerability security protection by using the client signature information in the data request.
Preferably, the method further includes that the client receives and stores the user session signature identification information sent by the server, and the method specifically includes:
after the client successfully logs in the server, establishing a user session with the server;
and the server generates user session signature identification information related to the user session according to the user session and sends the user session signature identification information to the client.
Preferably, the generating, by the client, the data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request, and the data information of the splicing request includes:
the client side respectively acquires the URL information and the head information of the splicing request;
the client-side sorts the data according to name information of each parameter in the request data and in an ascending order mode of the letter dictionary to obtain data information of the splicing request;
and the client performs splicing processing according to the splicing sequence of the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request to generate the data to be signed of the client.
Preferably, the client performs digital signature processing according to the user session signature identification information and the data to be signed of the client, and obtaining the signature information of the client includes:
and the client performs digital signature processing on the user session signature identification information and the data to be signed of the client by using an MD5 algorithm to obtain signature information of the client.
Preferably, the data request further includes:
the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
Preferably, after receiving the data request, the performing integrity check vulnerability security protection by using the client signature information in the data request by the server includes:
after receiving the data request, the server side judges whether the data request is an invalid request or a valid request by carrying out validity verification on the splicing request URL information, the splicing request header information and the data information of the splicing request in the data request;
when the data request is judged to be an invalid request, the server discards the data request;
and when the data request is judged to be an effective request, the server side utilizes the client side signature information in the data request to perform integrity check vulnerability security protection.
Preferably, the performing, by the server, integrity check vulnerability security protection by using the client signature information in the data request includes:
the server side judges whether the data request has an integrity check vulnerability or not by verifying the validity of the client side signature information in the data request;
when the data request is judged to have no integrity check loophole, taking the data request as an effective data request;
and when the data request is judged to have the integrity check loophole, discarding the data request.
Preferably, the step of the server verifying the validity of the client signature information in the data request and judging whether the data request has an integrity check vulnerability includes:
the server side generates data to be signed according to the splicing request URL information, the splicing request head information and the splicing request data information;
after the server generates data to be signed, reading user session signature identification information corresponding to the client, and performing digital signature processing on the read user session signature identification information and the data to be signed by using an MD5 algorithm to obtain signature information;
when the signature information is the same as the signature information of the client, the server judges that the data request has no integrity check loophole;
and when the signature information is different from the signature information of the client, the server judges that the data request has an integrity check vulnerability and discards the data request.
The integrity check vulnerability security protection system provided by the embodiment of the invention comprises:
the client is used for generating data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request and the data information of the splicing request, performing digital signature processing according to the session signature identification information of the user and the data to be signed of the client to obtain the signature information of the client, and sending a data request containing the signature information of the client to the server;
and the server is used for carrying out integrity check vulnerability security protection by using the client signature information in the data request after receiving the data request sent by the client.
Preferably, the data request further includes: the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
According to the scheme provided by the embodiment of the invention, the integrity verification loophole can be effectively solved and the coding safety can be improved by using the safety protection tool.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
fig. 1 is a flowchart of a method for integrity check vulnerability security protection according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a system for integrity check vulnerability security protection according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an integrity check vulnerability provided by the prior art;
FIG. 4 is a business system and security component relationship diagram provided by an embodiment of the present invention;
FIG. 5 is a flow diagram for client security component signature computation and transmission provided by an embodiment of the present invention;
fig. 6 is a flowchart of a process of generating data to be signed according to an embodiment of the present invention;
FIG. 7 is a flow diagram illustrating the signature computation and verification process of the server-side security component according to an embodiment of the present invention;
fig. 8 is a flowchart for generating and accessing a user session signature id according to an embodiment of the present invention.
Detailed Description
The preferred embodiments of the present invention will be described in detail below with reference to the accompanying drawings, and it should be understood that the preferred embodiments described below are only for the purpose of illustrating and explaining the present invention, and are not to be construed as limiting the present invention.
Fig. 1 is a flowchart of a method for integrity check vulnerability security protection according to an embodiment of the present invention, as shown in fig. 1, including:
step S101: the client generates data to be signed of the client according to the URL information, the head information and the data information of the splicing request;
step S102: the client carries out digital signature processing according to the user session signature identification information and the data to be signed of the client to obtain the signature information of the client, and sends a data request containing the signature information of the client to a server;
step S103: and after receiving the data request, the server performs integrity check vulnerability security protection by using the client signature information in the data request.
Preferably, the method further includes that the client receives and stores the user session signature identification information sent by the server, and the method specifically includes: after the client successfully logs in the server, establishing a user session with the server; and the server generates user session signature identification information related to the user session according to the user session and sends the user session signature identification information to the client.
Preferably, the generating, by the client, the data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request, and the data information of the splicing request includes: the client side respectively acquires the URL information and the head information of the splicing request; the client-side sorts the data according to name information of each parameter in the request data and in an ascending order mode of the letter dictionary to obtain data information of the splicing request; and the client performs splicing processing according to the splicing sequence of the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request to generate the data to be signed of the client.
Preferably, the client performs digital signature processing according to the user session signature identification information and the data to be signed of the client, and obtaining the signature information of the client includes: and the client performs digital signature processing on the user session signature identification information and the data to be signed of the client by using an MD5 algorithm to obtain signature information of the client.
Preferably, the data request further includes: the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
Preferably, after receiving the data request, the performing integrity check vulnerability security protection by using the client signature information in the data request by the server includes: after receiving the data request, the server side judges whether the data request is an invalid request or a valid request by carrying out validity verification on the splicing request URL information, the splicing request header information and the data information of the splicing request in the data request; when the data request is judged to be an invalid request, the server discards the data request; and when the data request is judged to be an effective request, the server side utilizes the client side signature information in the data request to perform integrity check vulnerability security protection.
Preferably, the performing, by the server, integrity check vulnerability security protection by using the client signature information in the data request includes: the server side judges whether the data request has an integrity check vulnerability or not by verifying the validity of the client side signature information in the data request; when the data request is judged to have no integrity check loophole, taking the data request as an effective data request; and when the data request is judged to have the integrity check loophole, discarding the data request.
Preferably, the step of the server verifying the validity of the client signature information in the data request and judging whether the data request has an integrity check vulnerability includes: the server side generates data to be signed according to the splicing request URL information, the splicing request head information and the splicing request data information; after the server generates data to be signed, reading user session signature identification information corresponding to the client, and performing digital signature processing on the read user session signature identification information and the data to be signed by using an MD5 algorithm to obtain signature information; when the signature information is the same as the signature information of the client, the server judges that the data request has no integrity check loophole; and when the signature information is different from the signature information of the client, the server judges that the data request has an integrity check vulnerability and discards the data request.
Fig. 2 is a schematic diagram of a system for integrity check vulnerability security protection according to an embodiment of the present invention, as shown in fig. 2, including: the client 201 is used for generating data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request and the data information of the splicing request, performing digital signature processing according to the session signature identification information of the user and the data to be signed of the client to obtain the signature information of the client, and sending the data request containing the signature information of the client to the server; and the server 202 is configured to perform integrity verification vulnerability security protection by using the client signature information in the data request after receiving the data request sent by the client.
Preferably, the data request further includes: the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
The technical solution of the present invention will be explained below with reference to the accompanying drawings.
The invention mainly comprises an integrity verification security component client and an integrity verification security component server. As shown in fig. 4, in order to ensure the integrity of data, the integrity verification security component tool agrees that a session signature identifier uid is a key (valid only in a session period once, encrypted and transmitted to a client by a server in a key exchange manner, strictly controlled to be stored at both ends, and not sent with a request in the transmission process) for signature calculation through a data signature verification mechanism, and when the client sends a request, splices the request data and the uid to calculate a signature; after receiving the request, the server calculates the signature according to the same algorithm. If so, the request is from a trusted client and the request is complete. The session signature identifier uid is used as a salt value for calculating the signature in integrity verification, and is a key for effectively solving the integrity verification vulnerability, so that the generation and access mechanism of the uid is particularly important.
The service system introduces an integrity check security component (the service system client introduces an integrity check security component client, and the service system server introduces an integrity check security component server), after the integrity check function is started, the server feeds back related error information (an error code: 471, an error prompt: an illegal request) to the client when receiving an integrity vulnerability attack request.
When used in the development process, the method specifically comprises 2 steps of a business system client and a business system server:
step 1: usage steps of business system client during development
A. Introducing a js package of security components
B. Opening integrity check vulnerability configurations
And starting an integrity checking function in the global configuration file of the client through an integrity checking configuration item, namely, the security component server can be in butt joint with the security component server, and the security component server has an integrity checking protection function. The configuration file for starting the integrity check by the client is as follows: js, the configuration item for starting integrity check is isOpenIntegrityChecks, true represents the starting configuration, and false represents the closing configuration.
Step 2: usage steps of service end of business system in development
(1) Integrated security component
1) Introducing a security component jar package
2) Adding a security component to a scan path
3) Assigning SpringContext to SecurityAPI
4) Property is put under the resource directory.
(2) Open session component
1) Sessionttoolfilter provided by enabling security component server
2) The specific session component help class provided by the security component used by the ESAPI.sessionToolHelper is configured in ESAPI.properties according to whether the service microservice selects session or token authentication mechanism.
(3) Opening integrity check function
And enabling IntegrityFilter provided by the security component server.
Fig. 5 is a flow chart of signature calculation and transmission of a client security component according to an embodiment of the present invention, as shown in fig. 5, including:
step 51: the client reads the user session signature identifier uid;
as shown in fig. 8, the flow chart for generating and accessing the user session signature id includes:
(81) after a user accesses a system for the first time and establishes a first user session, a client requests a server to obtain a public key related to the user;
(82) the server generates a public and private key (valid in a session period) related to the first user session, and sends the public key public _ server to the client;
(83) after the user login authentication passes and a second user session is established, the server replaces the original user session (first user session) identifier and stores the original user session (first user session) identifier in the server;
(84) a client generates a public and private key pair, encrypts a client public key by using a server public key (public key _ client, public key _ server) through RSA, and sends the encrypted client public key to the server;
(85) after receiving the request, the server decrypts the request by using the server private key to obtain a client public key public _ client (rsa).
(86) The server generates a user session signature identifier uid related to a user session (the uid is effective in a session period, and a storage scheme can be selected according to development convenience and service requirements, for example, a session mechanism is used by a system and can be stored in a session, or the storage scheme can be selected and stored in a cache or a database), and the uid is encrypted by using a client public key and then sent to the client, wherein the encrypted uid is rsa.
(87) After the client obtains the response data, the client decrypts the response data by using a client private key to obtain a plaintext uid, which is rsa.
Step 52: the client generates data to be signed according to a certain regular arrangement;
and (3) generating data to be signed: firstly, the url of the request (such as/api/person/add) is spliced, then the header information of the request (session token, origin, refer, etc.) is spliced, then the request data arranged in ascending order according to the letter dictionary is spliced, and finally the data to be signed is generated, which is url + session token + origin + reference + sort, (content), as shown in fig. 6.
Wherein sort (content) is exemplified as follows:
request data content: the meaning of sort is to sort the letter dictionary of each parameter name (name, city parameter) in the content in ascending order (i.e. the sequence of city, name parameters), and then to splice the sorted parameter values into a character string "shanghaiming".
Step 53: the client side performs signature calculation by using an MD5 hash algorithm;
after the client generates data to be signed according to a certain ordering rule, salt is added (the salt value in the scheme is the user session signature identifier uid), then an MD5 digest algorithm is used for calculating a digest, and the obtained hash value is the client signature sign _ client ═ MD5(uid + data).
Step 54: and the client sends the signature sign _ client to the server in the form of an http header.
An example of a request sent by a client is as follows:
POST/api/person/add HTTP/1.1
Accept:application/json,text/javascript,*/*;
Accept-Encoding:gzip,deflate
Accept-Language:zh-CN,zh;
Connection:keep-alive
Host:http://ip:port
Referer:http://ip:port/api/person/
origin:http://ip:port
a:[sign_replay]
b:[sign_integrity]
Authorization:[token]
name=mingming&city=shanghai
fig. 7 is a flowchart of signature calculation and verification of a server-side security component according to an embodiment of the present invention, as shown in fig. 7, including:
step 71: the server receives the request and checks the request;
and the server receives the client request data, verifies whether parameters such as client signature, request header information, request data and the like are legal or not, acquires the uid according to the user session information or not, and if the parameters are not in accordance with the requirements, determines the request as an invalid request.
Step 72: the server side generates data to be signed according to the same rule arrangement;
arranging data to be signed by the server side according to the same rule as the client side, and generating data to be signed: firstly, splicing the url (such as/api/person/add) of the request, then splicing the header information (session token, origin, refer and the like) of the request, then splicing the request data content arranged in ascending order according to the letter dictionary, and finally generating the data to be signed as url + session token + origin + refer + sort (content).
Step 73: the server side performs signature calculation by using an MD5 hash algorithm;
after the server generates data to be signed, the same key (user session signature identifier uid) as the client is used, then the MD5 digest algorithm is used to calculate a digest, and the obtained hash value is the server signature sign _ server which is MD5(uid + data).
Step 74: and the server side verifies whether the signatures are consistent.
And verifying whether the two signatures (the signature sign _ client sent by the client and the signature sign _ server generated by the server) are consistent. If the data are consistent, the data are not tampered, and response operation is executed; if the data is inconsistent with the signature verification result, the signature verification is abnormal, the data is falsified, and the data is regarded as an invalid request.
According to the scheme provided by the embodiment of the invention, the transmission and storage safety of the uid are comprehensively considered, the hijacking of a man in the middle is prevented, and the uid of each user in each session period can be ensured to be different and cannot be forged or falsified (the uid is generated by a server). Through the generation and access mechanism of the uid, the uid is used as a salt value, and the hash processing is performed on the data by combining the hash and salt algorithm, so that the integrity verification vulnerability can be effectively solved. During signature calculation, the problems of brute force cracking, cross-domain attack, cross-site request forgery and the like caused by data override and function override can be solved at one time through the url of the request and the request header information (session token, origin, refer and the like). By packaging the security component into an integrity check security component, the development difficulty and the development workload can be effectively reduced after the security component is introduced into the business system.
Although the present invention has been described in detail hereinabove, the present invention is not limited thereto, and various modifications can be made by those skilled in the art in light of the principle of the present invention. Thus, modifications made in accordance with the principles of the present invention should be understood to fall within the scope of the present invention.
Claims (10)
1. A method for integrity checking vulnerability security protection, comprising:
the client generates data to be signed of the client according to the URL information, the head information and the data information of the splicing request;
the client carries out digital signature processing according to the user session signature identification information and the data to be signed of the client to obtain the signature information of the client, and sends a data request containing the signature information of the client to a server;
and after receiving the data request, the server performs integrity check vulnerability security protection by using the client signature information in the data request.
2. The method according to claim 1, further comprising the step of receiving and storing, by the client, the user session signature identification information sent by the server, which specifically includes:
after the client successfully logs in the server, establishing a user session with the server;
and the server generates user session signature identification information related to the user session according to the user session and sends the user session signature identification information to the client.
3. The method of claim 1, wherein the generating, by the client, the data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request, and the data information of the splicing request comprises:
the client side respectively acquires the URL information and the head information of the splicing request;
the client-side sorts the data according to name information of each parameter in the request data and in an ascending order mode of the letter dictionary to obtain data information of the splicing request;
and the client performs splicing processing according to the splicing sequence of the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request to generate the data to be signed of the client.
4. The method of claim 1, wherein the client performs digital signature processing according to the user session signature identification information and the data to be signed of the client, and obtaining the signature information of the client comprises:
and the client performs digital signature processing on the user session signature identification information and the data to be signed of the client by using an MD5 algorithm to obtain signature information of the client.
5. The method of claim 1, wherein the data request further comprises:
the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
6. The method of claim 5, wherein after the server receives the data request, performing integrity check vulnerability security using the client signature information in the data request comprises:
after receiving the data request, the server side judges whether the data request is an invalid request or a valid request by carrying out validity verification on the splicing request URL information, the splicing request header information and the data information of the splicing request in the data request;
when the data request is judged to be an invalid request, the server discards the data request;
and when the data request is judged to be an effective request, the server side utilizes the client side signature information in the data request to perform integrity check vulnerability security protection.
7. The method of claim 6, wherein the performing, by the server, integrity check vulnerability security protection using the client signature information in the data request comprises:
the server side judges whether the data request has an integrity check vulnerability or not by verifying the validity of the client side signature information in the data request;
when the data request is judged to have no integrity check loophole, taking the data request as an effective data request;
and when the data request is judged to have the integrity check loophole, discarding the data request.
8. The method of claim 7, wherein the server side determines whether the data request has an integrity check vulnerability by performing validity verification on the client side signature information in the data request, and the method comprises the following steps:
the server side generates data to be signed according to the splicing request URL information, the splicing request head information and the splicing request data information;
after the server generates data to be signed, reading user session signature identification information corresponding to the client, and performing digital signature processing on the read user session signature identification information and the data to be signed by using an MD5 algorithm to obtain signature information;
when the signature information is the same as the signature information of the client, the server judges that the data request has no integrity check loophole;
and when the signature information is different from the signature information of the client, the server judges that the data request has an integrity check vulnerability and discards the data request.
9. A system for integrity-verifying vulnerability security protection, comprising:
the client is used for generating data to be signed of the client according to the URL information of the splicing request, the header information of the splicing request and the data information of the splicing request, performing digital signature processing according to the session signature identification information of the user and the data to be signed of the client to obtain the signature information of the client, and sending a data request containing the signature information of the client to the server;
and the server is used for carrying out integrity check vulnerability security protection by using the client signature information in the data request after receiving the data request sent by the client.
10. The system of claim 9, wherein the data request further comprises: the URL information of the splicing request, the head information of the splicing request and the data information of the splicing request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011575626.7A CN112699374A (en) | 2020-12-28 | 2020-12-28 | Integrity checking vulnerability security protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011575626.7A CN112699374A (en) | 2020-12-28 | 2020-12-28 | Integrity checking vulnerability security protection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112699374A true CN112699374A (en) | 2021-04-23 |
Family
ID=75511340
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011575626.7A Pending CN112699374A (en) | 2020-12-28 | 2020-12-28 | Integrity checking vulnerability security protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112699374A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338114A (en) * | 2021-12-21 | 2022-04-12 | 中国农业银行股份有限公司 | Intrusion detection method, device, equipment and storage medium |
| CN114745202A (en) * | 2022-05-10 | 2022-07-12 | 山东鲁软数字科技有限公司 | Method for actively defending web attack and web security gateway based on active defense |
| CN114884730A (en) * | 2022-05-07 | 2022-08-09 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1820481A (en) * | 2003-07-11 | 2006-08-16 | 国际商业机器公司 | System and method for authenticating clients in a client-server environment |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN103973695A (en) * | 2014-05-16 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Signature algorithm for server validation |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN109150898A (en) * | 2018-09-18 | 2019-01-04 | 厦门安胜网络科技有限公司 | Method and apparatus for handling information |
| CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
-
2020
- 2020-12-28 CN CN202011575626.7A patent/CN112699374A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1820481A (en) * | 2003-07-11 | 2006-08-16 | 国际商业机器公司 | System and method for authenticating clients in a client-server environment |
| CN102394749A (en) * | 2011-09-26 | 2012-03-28 | 深圳市文鼎创数据科技有限公司 | Line protection method, system, information safety equipment and application equipment for data transmission |
| CN103973695A (en) * | 2014-05-16 | 2014-08-06 | 浪潮电子信息产业股份有限公司 | Signature algorithm for server validation |
| CN107911219A (en) * | 2017-11-09 | 2018-04-13 | 成都知道创宇信息技术有限公司 | A kind of anti-CC methods of API based on key signature |
| CN109150898A (en) * | 2018-09-18 | 2019-01-04 | 厦门安胜网络科技有限公司 | Method and apparatus for handling information |
| CN109450649A (en) * | 2018-12-28 | 2019-03-08 | 北京金山安全软件有限公司 | Gateway verification method and device based on application program interface and electronic equipment |
| CN110611564A (en) * | 2019-07-30 | 2019-12-24 | 云南昆钢电子信息科技有限公司 | System and method for defending API replay attack based on timestamp |
Non-Patent Citations (1)
| Title |
|---|
| 邓才宝: "《计算机网络技术与网络安全问题研究》", 西北工业大学出版社 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114338114A (en) * | 2021-12-21 | 2022-04-12 | 中国农业银行股份有限公司 | Intrusion detection method, device, equipment and storage medium |
| CN114884730A (en) * | 2022-05-07 | 2022-08-09 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
| CN114884730B (en) * | 2022-05-07 | 2023-12-29 | 深信服科技股份有限公司 | Request detection method, device, equipment and readable storage medium |
| CN114745202A (en) * | 2022-05-10 | 2022-07-12 | 山东鲁软数字科技有限公司 | Method for actively defending web attack and web security gateway based on active defense |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11089032B2 (en) | Signed envelope encryption | |
| US10447674B2 (en) | Key exchange through partially trusted third party | |
| US10516662B2 (en) | System and method for authenticating the legitimacy of a request for a resource by a user | |
| US8302170B2 (en) | Method for enhancing network application security | |
| US10122692B2 (en) | Handshake offload | |
| US8825999B2 (en) | Extending encrypting web service | |
| US7861087B2 (en) | Systems and methods for state signing of internet resources | |
| CN112699374A (en) | Integrity checking vulnerability security protection method and system | |
| US8689339B2 (en) | Method, system and apparatus for game data transmission | |
| US20060288220A1 (en) | In-line website securing system with HTML processor and link verification | |
| US10122689B2 (en) | Load balancing with handshake offload | |
| CN110198297B (en) | Flow data monitoring method and device, electronic equipment and computer readable medium | |
| CN106911684B (en) | Authentication method and system | |
| CN112711759A (en) | Method and system for preventing replay attack vulnerability security protection | |
| US20130103944A1 (en) | Hypertext Link Verification In Encrypted E-Mail For Mobile Devices | |
| CN109714370B (en) | HTTP (hyper text transport protocol) -based cloud security communication implementation method | |
| CN110071937B (en) | Login method, system and storage medium based on block chain | |
| CN113204772B (en) | Data processing method, device, system, terminal, server and storage medium | |
| CN107517194B (en) | Return source authentication method and device of content distribution network | |
| CN114124441A (en) | JWT (just-before-wt) -based client authentication method and system | |
| CA2793422C (en) | Hypertext link verification in encrypted e-mail for mobile devices | |
| CN114726606A (en) | User authentication method, client, gateway and authentication server | |
| Diaz et al. | On securing online registration protocols: Formal verification of a new proposal | |
| CN116233276A (en) | Socket data transmission method and device, electronic equipment and computer readable storage medium | |
| Sporny | HTTP Message Signatures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210423 |