CN112804201B - Method and device for acquiring equipment information - Google Patents

Method and device for acquiring equipment information Download PDF

Info

Publication number
CN112804201B
CN112804201B CN202011612787.9A CN202011612787A CN112804201B CN 112804201 B CN112804201 B CN 112804201B CN 202011612787 A CN202011612787 A CN 202011612787A CN 112804201 B CN112804201 B CN 112804201B
Authority
CN
China
Prior art keywords
information
login
port
authentication server
equipment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011612787.9A
Other languages
Chinese (zh)
Other versions
CN112804201A (en
Inventor
梁永波
叶晓虎
李凯
何坤
郑彬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhou Lvmeng Chengdu Technology Co ltd
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Original Assignee
Shenzhou Lvmeng Chengdu Technology Co ltd
Nsfocus Technologies Inc
Nsfocus Technologies Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhou Lvmeng Chengdu Technology Co ltd, Nsfocus Technologies Inc, Nsfocus Technologies Group Co Ltd filed Critical Shenzhou Lvmeng Chengdu Technology Co ltd
Priority to CN202011612787.9A priority Critical patent/CN112804201B/en
Publication of CN112804201A publication Critical patent/CN112804201A/en
Application granted granted Critical
Publication of CN112804201B publication Critical patent/CN112804201B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The disclosure relates to the technical field of network security, in particular to a method and a device for acquiring equipment information, which solve the problems of high difficulty in acquiring the equipment information and high development cost when logging in a webpage for authentication on a browser, and the method comprises the following steps: and sending a page access request aiming at a login page to an authentication server, and receiving a webpage code of the login page sent by the authentication server, wherein the webpage code comprises an operation script for acquiring equipment information of terminal equipment, loading the webpage code, determining a monitoring port of the terminal software, and accessing the monitoring port according to the operation defined by the operation script to acquire the equipment information. Therefore, the development cost is greatly reduced without modifying the content of the interactive data, the acquisition difficulty of the browser for acquiring the equipment information is greatly reduced by means of the configured monitoring port, and the development cost is saved.

Description

Method and device for acquiring equipment information
Technical Field
The disclosure relates to the technical field of network security, and in particular relates to a method and a device for acquiring equipment information.
Background
When a user logs in the system through the browser, login verification needs to be completed on an authentication server corresponding to the system to judge the authority or the grade of the user logging in the system on the current equipment, so that user credentials and equipment information need to be uploaded during authentication.
Currently, the method for the authentication server to acquire the device information includes: the method comprises the steps that firstly, terminal software is deployed on equipment to obtain equipment information, and data interacted by a browser and an authentication server flows through the terminal software to realize adding the equipment information into the data; the second mode is that the device information acquired by the terminal software is added to a designated position in the message, wherein the position of the device information in the message is realized by modifying a hypertext transfer protocol (HyperText Transfer Protocol, http) of an authentication request, and the position can be a message header or an extension field of a ssl handshake stage of an https protocol; and thirdly, collecting the equipment information by configuring the browser plug-in.
However, in the implementation of the first embodiment, when the device information is added by using the forward proxy method, the maintenance cost for the authentication certificate is high; for the implementation mode II, the technology is difficult to implement and the maintenance cost is high; for the implementation manner of the third mode, as the implementation manners of different browser plug-ins are different, different browsers need to be configured with a set of plug-ins separately, so that development cost is greatly increased.
Disclosure of Invention
The embodiment of the disclosure provides a method and a device for acquiring equipment information, which are used for solving the problems of high difficulty in realizing equipment information acquisition and high development cost in the prior art when a webpage is logged in a browser for authentication.
The specific technical scheme provided by the embodiment of the disclosure is as follows:
in a first aspect, a method for acquiring device information is provided, which is applied to a browser, and includes:
sending a page access request for a login page to an authentication server, and receiving a webpage code of the login page sent by the authentication server, wherein the webpage code comprises an operation script for acquiring equipment information of terminal equipment, and the browser and terminal software for acquiring the equipment information are installed in the terminal equipment;
and loading the webpage codes, determining a monitoring port of the terminal software, and accessing the monitoring port according to the operation defined by the operation script to acquire the equipment information.
Optionally, the determining a listening port of the terminal software includes:
when the port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information; or alternatively, the process may be performed,
When the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
Optionally, the accessing the listening port to obtain the device information according to the operation defined by the operation script includes:
presenting the login page, responding to login verification operation triggered on the login page, acquiring corresponding login verification information, and accessing the monitoring port to acquire the equipment information according to operation defined by the operation script; or alternatively, the process may be performed,
and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
Optionally, the storing the device information in a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page includes:
when determining that the login verification information on the login page is a third party authentication source, storing the equipment information into a small text file Cookie; or alternatively, the process may be performed,
When determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a local storage area localStorage; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a session storage area sessionStorage; or alternatively, the process may be performed,
and when the authentication server is used for determining to authenticate the login verification information on the login page, storing the equipment information into a configured storage area.
Optionally, after the accessing the listening port to obtain the device information, the method further includes:
acquiring login verification information for completing verification on the login page, packaging the login verification information and the equipment information into a character string with a specified format, and sending the character string to the authentication server;
and receiving a login verification result sent by the authentication server and presenting the login verification result.
In a second aspect, an apparatus for acquiring device information is provided, and is applied to a browser, and includes:
a sending unit, configured to send a page access request for a login page to an authentication server, and receive a web page code of the login page sent by the authentication server, where the web page code includes an operation script for acquiring device information of a terminal device, and the terminal device is installed with the browser and terminal software for acquiring the device information;
And the acquisition unit is used for loading the webpage codes, determining a monitoring port of the terminal software, and accessing the monitoring port according to the operation defined by the operation script to acquire the equipment information.
Optionally, when determining the listening port of the terminal software, the obtaining unit is specifically configured to:
when the port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information; or alternatively, the process may be performed,
when the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
Optionally, when the monitor port is accessed to obtain the device information according to the operation defined by the operation script, the obtaining unit is specifically configured to:
presenting the login page, responding to login verification operation triggered on the login page, acquiring corresponding login verification information, and accessing the monitoring port to acquire the equipment information according to operation defined by the operation script; or alternatively, the process may be performed,
and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
Optionally, when the device information is stored in the storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page, the obtaining unit is configured to:
when determining that the login verification information on the login page is a third party authentication source, storing the equipment information into a small text file Cookie; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a local storage area localStorage; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a session storage area sessionStorage; or alternatively, the process may be performed,
and when the authentication server is used for determining to authenticate the login verification information on the login page, storing the equipment information into a configured storage area.
Optionally, after the accessing the listening port to acquire the device information, the acquiring unit is further configured to:
acquiring login verification information for completing verification on the login page, packaging the login verification information and the equipment information into a character string with a specified format, and sending the character string to the authentication server;
And receiving a login verification result sent by the authentication server and presenting the login verification result.
In a third aspect, an electronic device is provided, including:
a memory for storing executable instructions;
a processor configured to read and execute executable instructions stored in a memory, to implement the method for acquiring device information according to any one of the first aspect.
In a fourth aspect, a computer readable storage medium is presented, which when executed by an electronic device, causes the electronic device to perform the method of obtaining device information of any of the above first aspects.
The beneficial effects of the present disclosure are as follows:
in the embodiment of the disclosure, a browser sends a page access request for a login page to an authentication server, and receives a webpage code of the login page sent by the authentication server, wherein the webpage code comprises an operation script for acquiring equipment information of terminal equipment, the terminal equipment is provided with the browser and terminal software for acquiring the equipment information, the webpage code is reloaded, a monitoring port of the terminal software is determined, and the monitoring port is accessed to acquire the equipment information according to operation defined by the operation script. In this way, by embedding the operation script in the webpage code of the login page, when the browser requests to access the login page, the operation script can be issued to the browser, the operation script issued by the authentication server is easy to maintain, the content of the interaction data is not required to be modified, the development cost is greatly reduced, in addition, by means of the configured monitoring port, the effective acquisition of the equipment information of the terminal equipment can be realized, the acquisition difficulty of acquiring the equipment information from the terminal equipment is greatly reduced, and the whole acquisition process does not need to additionally configure a browser plug-in to make up the defect of acquiring the equipment information by configuring the browser plug-in the prior art, and the development cost is saved.
Drawings
Fig. 1 is a schematic flow chart of acquiring device information in an embodiment of the disclosure;
FIG. 2 is an interactive schematic diagram of a user authenticating a login on a browser in an embodiment of the disclosure;
fig. 3 is a schematic logic structure diagram of an apparatus for acquiring device information in an embodiment of the disclosure;
fig. 4 is a schematic entity structure of an apparatus for acquiring device information in an embodiment of the disclosure.
Detailed Description
In order to make the objects, technical solutions and advantageous effects of the present disclosure more apparent, the present disclosure will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the present disclosure.
Those skilled in the art will appreciate that embodiments of the present disclosure may be implemented as a system, apparatus, device, method, or computer program product. Accordingly, the present disclosure may be embodied in the following forms, namely: complete hardware, complete software (including firmware, resident software, micro-code, etc.), or a combination of hardware and software.
For ease of understanding, the terms involved in the embodiments of the present disclosure are explained below:
terminal software: for collecting environmental information in an installed environment, in this disclosure, installed on a terminal device, for collecting device information of the terminal device, including, but not limited to, a device identification of the terminal device, a device type of the terminal device, an operating system of the terminal device, and risk level information of the terminal device.
Operation script: the specific embodiment forms of the language script applied to client webpage development include, but are not limited to, JS script (JavaScript, JS), in the present disclosure, the operation script is configured by the authentication server, and is contained in a webpage code of a login page, and at least an operation of acquiring device information of a terminal device provided with a browser is limited in the operation script.
http: the hypertext transfer protocol is a protocol (Transmission Control Protocol/Internet Protocol, TCP/IP) for transferring data based on a transmission control protocol/internet protocol communication protocol for initiating a data request.
In order to solve the problems of high difficulty in realizing and high development cost in acquiring equipment information when a webpage is logged in a browser for authentication in the prior art, the disclosure provides a method for acquiring the equipment information in a targeted manner, wherein the method comprises the steps of sending a page access request for a login page to an authentication server, receiving a webpage code of the login page sent by the authentication server, wherein the webpage code comprises an operation script for acquiring the equipment information of terminal equipment, the browser and terminal software for acquiring the equipment information are installed in the terminal equipment, loading the webpage code, determining a monitoring port of the terminal software, and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script.
It should be noted that, in the embodiment of the present disclosure, the web page code may include a plurality of operation scripts, which respectively define different operations, and the operation scripts mentioned in the present disclosure refer to only operation scripts configured for obtaining device information of the terminal device, and disclosure of operation scripts for implementing other functions is not specifically described.
Preferred implementations of the examples of the present disclosure are described in further detail below with reference to the accompanying drawings:
referring to fig. 1, which is a schematic flow chart of acquiring device information in an embodiment of the disclosure, a process of acquiring device information is described in detail below with reference to fig. 1:
step 101: the browser sends a page access request for a login page to an authentication server and receives a webpage code of the login page sent by the authentication server.
The browser sends a page access request aiming at the login page to an authentication server and receives a webpage code of the login page sent by the authentication server, wherein the page access request carries address information of the login page, the webpage code comprises an operation script for acquiring equipment information of terminal equipment, the terminal equipment is provided with the browser and terminal software for acquiring the equipment information, the equipment information comprises but not limited to equipment identification information, equipment type information, operation system information and risk level information of the terminal equipment, and the operation script can be a JS script.
In some embodiments of the present disclosure, the address information of the login page may be address information directly input by the user in the browser, and in other embodiments of the present disclosure, the address information of the login page may be address information triggering access by the browser, for example, address information corresponding to a triggered jump link.
It should be noted that, in the embodiment of the present disclosure, the terminal software may be associated with the authentication server, that is, in the operation script configured by the authentication server, a listening port for accessing the terminal software is written, so that when the browser executes the operation script, the browser can obtain the device information through the listening port; the terminal software can be not associated with the authentication server, and is installed in the terminal equipment and used for collecting equipment information of the terminal equipment, and when port information of the monitoring port is not written in an operation script configured by the authentication server, the port configuration is obtained from the authentication server.
In the embodiment of the disclosure, the terminal software collects device information, starts http service, monitors a configured monitoring port, and enables the device information collected by the terminal software to be obtained through the monitoring port when a browser accesses the monitoring port, wherein the monitoring port can be configured according to actual conditions, for example, can be selectively configured as 80 ports.
In this way, by means of the acquired webpage codes, the operation script can be acquired, the browser can acquire the equipment information of the terminal equipment acquired by the acquisition equipment by means of the acquired operation script, the webpage codes issued by the authentication server have universality, and the webpage codes and the operation script are not required to be configured for different browsers respectively, so that the maintenance of the webpage codes and the operation script is simple, and the development difficulty is reduced.
Step 102: and the browser loads the webpage codes, determines a monitoring port of the terminal software, and accesses the monitoring port according to the operation defined by the operation script to acquire the equipment information.
After the browser obtains the webpage code of the login page, the operation script in the webpage code is obtained, the login page is presented after the webpage code is loaded, and the operation script is configured to be executed according to actual conditions. In some embodiments, the browser may be configured to execute the operation script before performing the login authentication operation, and in other embodiments, the browser may execute the operation script after performing the login authentication operation.
Further, the browser determines a listening port of the terminal software, where the browser may determine the listening port of the terminal software by using the following manner:
A1, when port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information.
When the browser loads the webpage code and determines that port information exists in the received operation script, the port information of a monitoring port is preconfigured in the operation script sent by the received authentication server, and the monitoring port is used for monitoring terminal software to obtain equipment information of terminal equipment acquired by the terminal software, wherein the terminal software is installed on the terminal equipment.
A2, when the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
Specifically, after acquiring a webpage code sent by an authentication server, a browser loads the webpage code, requests the authentication server to acquire port configuration information when determining that port information is not configured in an operation script, and determines a monitoring port of the terminal software according to the acquired port configuration information, wherein the authentication server stores port information of the monitoring port of the terminal software.
After determining the monitoring port of the terminal software, the browser accesses the monitoring port to acquire the device information according to the operation defined by the operation script, wherein the mode of accessing the monitoring port to acquire the device information can be any one of the following modes:
the first mode is that the browser presents a login page, responds to login verification operation triggered on the login page, acquires corresponding login verification information, and accesses the monitoring port to acquire the equipment information according to operation defined by the operation script.
After the browser presents the login page, responding to the login verification operation triggered on the login page to obtain corresponding login verification information, wherein the mode of triggering the login verification operation can be clicking a button for login verification on the login page, or the mode of triggering the login verification operation can be operating other controls for characterizing to trigger the login verification, and the login verification information comprises any one or combination of the following components: face information; fingerprint information; password information; and (5) short message information.
Further, the browser accesses the monitoring port according to the operation defined by the operation script to obtain the device information of the terminal device, specifically, the browser accesses the monitoring port according to the operation defined by the operation script and obtains the device information collected by the terminal software through an http protocol, and the monitoring port can be configured according to an actual communication condition, for example, the monitoring port can be configured to monitor an 80 port of a local address.
After the browser finishes loading the login page, executing an operation script: the JS script initiates an http request to an 80 port with a local address of 127.0.0.1 to acquire local equipment information, and the received data is JS object numbered musical notation (JavaScript Object Notation, JSON) data for example and is illustrated as follows:
it should be noted that, in the embodiment of the present disclosure, for the acquired data format, the data format may be JSON format or extensible markup language (Extensible Markup Language, XML) format, and the acquiring logic of the present disclosure is the same for data in different formats, and in the following description, only JSON data will be taken as an example.
Referring to table 1, the request parameter diagram is shown in an http request initiated by a browser, the browser requests to obtain an asset_info parameter by adopting an http REST request, where the asset_info parameter includes device identification information (Identity, ID) of a terminal device, a device type, an operating system type, and risk level information. Host characterizes the direction of the request, here localhost specifically refers to the local machine.
TABLE 1
REST GET /v1.0/get_assert_info
HEADER Host localhost
Further, the browser accesses the 80 port to obtain the device information of the terminal device collected by the terminal software, and the return parameter received by the browser is shown in table 2, wherein STATUS:200 indicates that the request has been successfully processed, content-Type indicates the Type of data obtained, and BODY indicates the feedback Content of the request, including parameters "ret" and "msg" for describing successful processing, and specific device information.
TABLE 2
Figure BDA0002873358490000101
In the current implementation manner, under the condition of triggering login verification, the login verification information and the equipment information on the login page are acquired in the sequence that the login verification information is acquired first, then the equipment information is acquired through the monitoring port, and the acquired login verification information and equipment information are directly sent to an authentication source for authenticating whether the login authority exists or not after the equipment information is acquired, wherein the authentication source can be an authentication server, or the authentication source can be a third party authentication source approved by the authentication server, and in the following description, only the authentication source is taken as an authentication server for illustrative purposes.
That is, in the current embodiment, after acquiring the device information of the terminal device, the browser does not need to consider the storage of the device information since the device information is directly transmitted to the corresponding authentication source together with the acquired login authentication information.
Further, when the browser sends the obtained login verification information and the device information to the authentication server, the login verification information and the device information may be submitted separately or simultaneously, in some embodiments, after the browser obtains the login verification information, the login verification information may be packaged into a JSON string, and sent directly to the authentication server, and after the device information is received, the device information is also packaged into a JSON string, and sent to the authentication server, in other embodiments, the browser sends the obtained login verification information and the device information together to the authentication server, and in particular, after the browser obtains the login verification information and the device information, the login verification information and the device information are uniformly packaged into a JSON string, and the packaged string is sent to the authentication server.
In this way, by means of the monitoring port, the device information acquired by the terminal software can be acquired, and the transmission modes of the device information and the login verification information are adaptively configured in consideration of the acquisition sequence of the device information and the login verification information, so that the device information is acquired through the browser, and the reliability of login verification on a login page of the browser is ensured.
And accessing the monitoring port by the browser according to the operation defined by the operation script to acquire equipment information, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
After loading a webpage code and determining a monitoring port of terminal software, the browser presents a login page, accesses the monitoring port to acquire equipment information according to operation limited by an operation script, and stores the acquired equipment information into a storage area corresponding to an authentication source according to the authentication source for authenticating login verification information on the login page.
In the current implementation manner, before acquiring login verification information, the browser acquires the equipment information of the terminal equipment through the access monitoring port, further stores the acquired equipment information, waits for completion of acquisition of the login verification information, and then performs information reporting operation.
It should be noted that, for the storage location of the device information, the authentication source may be an authentication server, or the authentication source may be a third party authentication source approved by the authentication server, depending on the authentication source of the authentication login verification information.
Specifically, the browser may store device information for different authentication sources in several storage manners including, but not limited to:
and B1, storing the equipment information into a Cookie when determining that the login verification information on the login page is a third party authentication source.
Specifically, when the browser determines that the login verification information on the login page is the third party authentication source, the browser stores the obtained equipment information into the Cookie, so that the obtained login verification information and the equipment information are uploaded to the third party authentication source later.
And B2, when the authentication server is used for authenticating the login verification information on the login page, storing the equipment information into a local storage area localStorage.
Specifically, when determining that the login verification information on the login page is the authentication server, the browser stores the monitored equipment information into a local storage area localStorage, acquires the equipment information stored in the local storage area after the login verification information is acquired later, and sends the acquired equipment information and the login verification information to the authentication server.
And B3, when the authentication server is used for authenticating the login verification information on the login page, storing the equipment information into a session storage area sessionStorage.
Specifically, when determining that the login verification information on the login page is the authentication server, the browser stores the monitored equipment information into a session storage area sessionStorage, acquires the equipment information stored in the session storage area after the login verification information is acquired subsequently, and sends the acquired equipment information and the login verification information to the authentication server.
And B4, when the authentication server is confirmed to authenticate the login verification information on the login page, storing the equipment information into a configured storage area.
When the login verification information on the login page is the authentication server, the monitored device information may be stored in the local storage area, the session storage area, or other configured available storage areas, where the login verification information is preferably stored in the session storage area. The specific request manner for obtaining the device information is the same as that illustrated in the foregoing table 1 and table 2, and the disclosure is not repeated here.
In addition, by means of the configured monitoring port, effective acquisition of the equipment information of the terminal equipment can be realized, the acquisition difficulty of the equipment information acquired by a browser is greatly reduced, the defect that the equipment information is acquired by configuring a browser plug-in under the prior art is overcome by the whole acquisition process without additionally configuring the browser plug-in, and development cost is saved.
Further, after the browser accesses the monitoring port to obtain the device information, the obtained device information and login verification information for completing verification on the login page are sent to the authentication server, where the device information and the login verification information may be sent to the authentication server in a manner of being sent separately, or may be sent to the authentication server in a manner of being sent simultaneously.
In the following description, only the case where the device information and the login authentication information are simultaneously transmitted to the authentication server will be described as an example.
The browser acquires login verification information for completing verification on the login page, packages the login verification information and the equipment information into a character string in a specified format, sends the character string to the authentication server, receives a login verification result sent by the authentication server, and presents the login verification result.
Continuing to schematically illustrate the content acquired in tables 1 and 2, after the browser acquires the device information, the browser stores the JSON string corresponding to the assert_info field in the designated storage location through the sessionstorage. Storage locations include, but are not limited to: the browser's sessionStorage, the browser's localStorage, cookie, and other storage areas configured.
And (3) submitting the device information and the login verification information to a parameter sketch table of an authentication server for initiating an http request by a browser, triggering login verification operation by the browser after responding to the login verification information input on a login interface, calling sessionStorage. Getitem () to take out the stored device information data aset_info, encapsulating the device information data aset_info and the login verification information user_info into a JSON string, initiating an http request through a send () function, and submitting the http request to the authentication server, wherein the initiating request mode comprises, but is not limited to, a fetch () function of a reaction frame and an ajax () function of a jquery frame because of different writing frames of web page codes. And packaging the equipment information and the login verification information into a JSON character string by referring to a browser, sending the JSON character string to an authentication server in the form of an http request, wherein the login verification information is included in a user_info, and the equipment information obtained by monitoring is included in an server_info.
TABLE 3 Table 3
Figure BDA0002873358490000141
TABLE 4 Table 4
Figure BDA0002873358490000142
Further, after the authentication server receives the device information and the login verification information, the authentication server verifies according to the self judgment strategy, and feeds a verification result back to the browser, and the browser presents the verification result on the login page.
Reference is made to table 4, which shows a return comment received by the browser when authentication is successful. The feedback parameter 'ret' value of 0 indicates that verification is successful, and the feedback parameter 'ret' value of non-0 indicates that verification is failed.
In this way, by means of the feedback information of the authentication server, the authentication result can be presented, so that the subsequent operation can be performed in a targeted manner according to the obtained authentication result.
Referring to fig. 2, which is an interaction diagram of a user authenticating login on a browser in an embodiment of the disclosure, a process of performing login verification on a terminal device installed with the browser by the user through the browser is described below with reference to fig. 2.
Step 201: terminal software on terminal equipment collects equipment information of the terminal equipment.
Terminal software installed on terminal equipment collects equipment information of the terminal equipment in real time, wherein the equipment information comprises, but is not limited to, equipment identification, equipment type, operating system, vulnerability patches, risk grade scores and other information of the terminal equipment, the terminal software can be monitored through a monitoring port, and other software can obtain the equipment information collected by the terminal software.
Step 202: the browser on the terminal device sends a page access request of the login page to the authentication server.
Specifically, the user triggers an access operation to the authentication server on the browser, and intends to complete authentication login on the login page, so that the browser initiates a page access request to the login page to the authentication server, wherein the page access request carries address information of the login page, and the address information is used for determining and acquiring a corresponding webpage code.
Step 203: the authentication server transmits a web page code of a login page containing an operation script to a browser of the terminal device.
Specifically, after receiving a page access request sent by a browser of a terminal device, an authentication server determines a webpage code corresponding to the page access request, and sends the webpage code to the browser of the terminal device, wherein the webpage code comprises an operation script for instructing the browser to acquire device information of the terminal device.
Step 204: and the browser of the terminal equipment executes the operation script and accesses the monitoring port.
The browser of the terminal equipment loads the obtained webpage codes, presents the login page, determines a monitoring port of the terminal software, executes the operation limited by the operation script, and accesses the monitoring port to obtain the equipment information of the terminal equipment. Specifically, the browser accesses a local monitoring port through an http protocol.
Step 205: and the terminal software of the terminal equipment sends the acquired equipment information to the browser.
Step 206: and the browser of the terminal equipment acquires the login verification information.
Specifically, the browser responds to login verification operation of the user on the login page, and obtains login verification information for user identity verification.
Step 207: the browser of the terminal device transmits the login verification information and the device information to the authentication server.
Specifically, after the browser obtains the login verification information and the device information, the login verification information and the device information are packaged in a character string form and sent to the authentication server, wherein the packaging mode and the sending mode of the login verification information and the device information are described in detail in the flowchart of fig. 1, and the disclosure is not repeated here.
Step 208: the authentication server feeds back an authentication result to a browser of the terminal equipment.
After receiving the login verification information and the equipment information, the authentication server verifies the login verification information and the equipment information according to the self verification policy and feeds back an authentication result to a browser of the terminal equipment.
Based on the same inventive concept, referring to fig. 3, which is a schematic logic structure diagram of an apparatus for acquiring device information in an embodiment of the present disclosure, an apparatus for acquiring device information is provided, including: a transmitting unit 301 and an acquiring unit 302, wherein,
A sending unit 301, configured to send a page access request for a login page to an authentication server, and receive a web page code of the login page sent by the authentication server, where the web page code includes an operation script for acquiring device information of a terminal device, and the terminal device is installed with the browser and terminal software for acquiring the device information;
and the acquisition unit 302 loads the webpage codes, determines a monitoring port of the terminal software, and accesses the monitoring port to acquire the equipment information according to the operation defined by the operation script.
Optionally, when determining the listening port of the terminal software, the obtaining unit 302 is specifically configured to:
when the port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information; or alternatively, the process may be performed,
when the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
Optionally, when the listening port is accessed to acquire the device information according to the operation defined by the operation script, the acquiring unit 302 is specifically configured to:
Presenting the login page, responding to login verification operation triggered on the login page, acquiring corresponding login verification information, and accessing the monitoring port to acquire the equipment information according to operation defined by the operation script; or alternatively, the process may be performed,
and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
Optionally, when the device information is stored in the storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page, the obtaining unit 302 is configured to:
when determining that the login verification information on the login page is a third party authentication source, storing the equipment information into a small text file; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a local storage area; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a session storage area; or alternatively, the process may be performed,
And when the authentication server is used for determining to authenticate the login verification information on the login page, storing the equipment information into a configured storage area.
Optionally, after the accessing the listening port to acquire the device information, the acquiring unit 302 is further configured to:
acquiring login verification information for completing verification on the login page, packaging the login verification information and the equipment information into a character string with a specified format, and sending the character string to the authentication server;
and receiving a login verification result sent by the authentication server and presenting the login verification result.
Based on the same inventive concept, referring to fig. 4, which is a schematic physical structure of an apparatus for acquiring device information in an embodiment of the present disclosure, an apparatus 400 for acquiring device information, specifically a terminal device carrying a browser, includes a processing component 422, further including one or more processors, and a memory resource represented by a memory 432, for storing instructions executable by the processing component 422, such as an application program. The application program stored in memory 432 may include one or more modules each corresponding to a set of instructions. Further, the processing component 422 is configured to execute instructions to perform the above-described methods.
The apparatus 400 may also include a power component 426 configured to perform power management of the apparatus 400, a wired or wireless network interface 450 configured to connect the apparatus 400 to a network, and an input output (I/O) interface 458. The apparatus 400 may operate based on an operating system stored in the memory 432, such as Windows Server, mac OS XTM, unixTM, linuxTM, freeBSDTM or the like.
Based on the same inventive concept, a storage medium is provided in an embodiment based on acquiring device information in the embodiments of the present disclosure, which when instructions in the storage medium are executed by an electronic device, enables the electronic device to perform any one of the methods described above.
In summary, in the embodiment of the present disclosure, a browser sends a page access request for a login page to an authentication server, and receives a web page code of the login page sent by the authentication server, where the web page code includes an operation script for acquiring device information of a terminal device, the terminal device is installed with the browser and terminal software for acquiring the device information, the web page code is reloaded, a listening port of the terminal software is determined, and the listening port is accessed to acquire the device information according to an operation defined by the operation script. In this way, by embedding the operation script in the webpage code of the login page, when the browser requests to access the login page, the operation script can be issued to the browser, the operation script issued by the authentication server is easy to maintain, the content of the interaction data is not required to be modified, the development cost is greatly reduced, in addition, by means of the configured monitoring port, the effective acquisition of the equipment information of the terminal equipment can be realized, the acquisition difficulty of the equipment information acquired by the browser is greatly reduced, and the defect that the equipment information is acquired by the configuration of the browser plug-in under the prior art is overcome by the whole acquisition process without additionally configuring the browser plug-in, so that the development cost is saved.
It will be apparent to those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While the preferred embodiments of the present disclosure have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. It is therefore intended that the following claims be interpreted as including the preferred embodiments and all such alterations and modifications as fall within the scope of the disclosure.
It will be apparent to those skilled in the art that various modifications and variations can be made to the disclosed embodiments without departing from the spirit and scope of the disclosed embodiments. Thus, given that such modifications and variations of the disclosed embodiments fall within the scope of the claims of the present disclosure and their equivalents, the present disclosure is also intended to encompass such modifications and variations.

Claims (10)

1. A method for obtaining device information, applied to a browser, comprising:
sending a page access request for a login page to an authentication server, and receiving a webpage code of the login page sent by the authentication server, wherein the webpage code comprises an operation script for acquiring equipment information of terminal equipment, and the browser and terminal software for acquiring the equipment information are installed in the terminal equipment;
loading the webpage codes, determining a monitoring port of the terminal software, and accessing the monitoring port according to the operation defined by the operation script to acquire the equipment information;
and after the monitoring port is accessed to acquire the equipment information, the equipment information and login verification information for finishing verification on a login page are sent to the authentication server so that the authentication server verifies whether the login authority exists.
2. The method of claim 1, wherein the determining the listening port of the terminal software comprises:
when the port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information; or alternatively, the process may be performed,
when the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
3. The method of claim 1, wherein accessing the listening port to obtain the device information according to the operation defined by the operation script comprises:
presenting the login page, responding to login verification operation triggered on the login page, acquiring corresponding login verification information, and accessing the monitoring port to acquire the equipment information according to operation defined by the operation script; or alternatively, the process may be performed,
and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
4. The method of claim 3, wherein the storing the device information to the storage area corresponding to the authentication source according to the authentication source authenticating the login verification information on the login page comprises:
when determining that the login verification information on the login page is a third party authentication source, storing the equipment information into a small text file Cookie; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a local storage area localStorage; or alternatively, the process may be performed,
when determining that the login verification information on the login page is authenticated by the authentication server, storing the equipment information into a session storage area sessionStorage; or alternatively, the process may be performed,
and when the authentication server is used for determining to authenticate the login verification information on the login page, storing the equipment information into a configured storage area.
5. The method of any of claims 1-4, wherein after the accessing the listening port to obtain the device information, further comprising:
acquiring login verification information for completing verification on the login page, packaging the login verification information and the equipment information into a character string with a specified format, and sending the character string to the authentication server;
And receiving a login verification result sent by the authentication server and presenting the login verification result.
6. An apparatus for obtaining device information, applied to a browser, comprising:
a sending unit, configured to send a page access request for a login page to an authentication server, and receive a web page code of the login page sent by the authentication server, where the web page code includes an operation script for acquiring device information of a terminal device, and the terminal device is installed with the browser and terminal software for acquiring the device information;
the acquisition unit is used for loading the webpage codes, determining a monitoring port of the terminal software and accessing the monitoring port according to the operation defined by the operation script to acquire the equipment information; and after the monitoring port is accessed to acquire the equipment information, the equipment information and login verification information for finishing verification on a login page are sent to the authentication server so that the authentication server verifies whether the login authority exists.
7. The apparatus of claim 6, wherein the acquiring unit is specifically configured to:
When the port information is configured in the operation script, determining a monitoring port of the terminal software according to the port information; or alternatively, the process may be performed,
when the port information is not configured in the operation script, requesting to acquire the port configuration information from the authentication server, and determining a monitoring port of the terminal software according to the acquired port configuration information.
8. The apparatus of claim 6, wherein the obtaining unit is specifically configured to, when accessing the listening port to obtain the device information according to the operation defined by the operation script:
presenting the login page, responding to login verification operation triggered on the login page, acquiring corresponding login verification information, and accessing the monitoring port to acquire the equipment information according to operation defined by the operation script; or alternatively, the process may be performed,
and accessing the monitoring port to acquire the equipment information according to the operation defined by the operation script, and storing the equipment information into a storage area corresponding to the authentication source according to the authentication source for authenticating the login verification information on the login page.
9. An electronic device, comprising:
A memory for storing executable instructions;
a processor for reading and executing executable instructions stored in a memory to implement the method of obtaining device information as claimed in any one of claims 1 to 5.
10. A computer-readable storage medium, characterized in that instructions in the storage medium, when executed by an electronic device, cause the electronic device to perform the method of acquiring device information according to any one of claims 1 to 5.
CN202011612787.9A 2020-12-30 2020-12-30 Method and device for acquiring equipment information Active CN112804201B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011612787.9A CN112804201B (en) 2020-12-30 2020-12-30 Method and device for acquiring equipment information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011612787.9A CN112804201B (en) 2020-12-30 2020-12-30 Method and device for acquiring equipment information

Publications (2)

Publication Number Publication Date
CN112804201A CN112804201A (en) 2021-05-14
CN112804201B true CN112804201B (en) 2023-04-28

Family

ID=75805879

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011612787.9A Active CN112804201B (en) 2020-12-30 2020-12-30 Method and device for acquiring equipment information

Country Status (1)

Country Link
CN (1) CN112804201B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113377621B (en) * 2021-07-01 2022-08-02 武汉斗鱼鱼乐网络科技有限公司 Data monitoring method and device, storage medium and electronic equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065616A (en) * 2013-03-20 2014-09-24 中国移动通信集团公司 Single sign-on method and system
CN109743233A (en) * 2019-02-19 2019-05-10 南威软件股份有限公司 A kind of pair of strong identity authentication system carries out the method and computer equipment of data acquisition
CN111859235A (en) * 2020-06-08 2020-10-30 瑞数信息技术(上海)有限公司 Webpage data acquisition method, device, equipment and computer storage medium

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8528066B2 (en) * 2009-08-25 2013-09-03 Microsoft Corporation Methods and apparatus for enabling context sharing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065616A (en) * 2013-03-20 2014-09-24 中国移动通信集团公司 Single sign-on method and system
CN109743233A (en) * 2019-02-19 2019-05-10 南威软件股份有限公司 A kind of pair of strong identity authentication system carries out the method and computer equipment of data acquisition
CN111859235A (en) * 2020-06-08 2020-10-30 瑞数信息技术(上海)有限公司 Webpage data acquisition method, device, equipment and computer storage medium

Also Published As

Publication number Publication date
CN112804201A (en) 2021-05-14

Similar Documents

Publication Publication Date Title
US10721320B2 (en) Redirection method, apparatus, and system
US11381629B2 (en) Passive detection of forged web browsers
CN110781482B (en) Login method, login device, computer equipment and storage medium
CN102685081B (en) A kind of web-page requests security processing and system
US8448233B2 (en) Dealing with web attacks using cryptographically signed HTTP cookies
US10250483B2 (en) System and method thereof for dynamically testing networked target systems through simulation by a mobile device
WO2020237799A1 (en) Website detection method and system
WO2021083083A1 (en) Upgrading method and system, server, and terminal device
US20140019957A1 (en) Method, apparatus, and system for sharing software among terminals
CN113341798A (en) Method, system, device, equipment and storage medium for remotely accessing application
US20240154962A1 (en) Secure identity provider authentication for native application to access web service
CN112491776A (en) Security authentication method and related equipment
CN103647652B (en) A kind of method for realizing data transfer, device and server
CN112804201B (en) Method and device for acquiring equipment information
CN116827601A (en) Data transmission method, device, electronic equipment and storage medium
WO2019237950A1 (en) Security verification method and device
US8972543B1 (en) Managing clients utilizing reverse transactions
US9762535B2 (en) Information processing apparatus, system, method and medium
CN104954331A (en) Login authentication configuration device and method
CN109286665B (en) Real-time mobile game long link processing method and device
US20130144620A1 (en) Method, system and program for verifying the authenticity of a website using a reliable telecommunication channel and pre-login message
CN113992446B (en) Cross-domain browser user authentication method, system and computer storage medium
CN115001840A (en) Agent-based authentication method, system and computer storage medium
CN105554170A (en) DNS message processing method, device and system
US10491654B2 (en) Communicating with a remote service through a hypertext transfer protocol (HTTP) session

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant