CN113297591B - Webpage resource encryption method, equipment and storage medium - Google Patents
Webpage resource encryption method, equipment and storage medium Download PDFInfo
- Publication number
- CN113297591B CN113297591B CN202110495532.7A CN202110495532A CN113297591B CN 113297591 B CN113297591 B CN 113297591B CN 202110495532 A CN202110495532 A CN 202110495532A CN 113297591 B CN113297591 B CN 113297591B
- Authority
- CN
- China
- Prior art keywords
- sequence
- encrypted
- symbol
- server
- encoding
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a webpage resource encryption method, equipment and a storage medium, wherein the method comprises the following steps: receiving a webpage resource request instruction sent by a browser; converting the webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adding a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted as a binary sequence; carrying out information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted; coding the third sequence to be encrypted based on the weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits; and sending the ciphertext to the browser so that the browser decodes the ciphertext according to the weighted probability model and detects a decoding result based on a result of information source processing. The invention not only can realize the encryption and decryption of the webpage resources, but also can effectively protect the safety of the encrypted webpage resources.
Description
Technical Field
The present invention relates to the field of web resource protection technologies, and in particular, to a method, an apparatus, and a storage medium for encrypting web resources.
Background
Webpage programs (such as Html, CSS, JavaScript, connection addresses, websocket data transmission and the like) and webpage contents (such as news, comments, pictures and texts, videos, audios and the like) are all embodied by source codes, so that various content acquisition tools (such as CMS, web crawlers, hundredth Google and other search engines) can easily acquire the contents of the webpage, and a great number of false titles, false softwares and pictures and videos are copied and abused. The direct source code acquisition also causes the primary reason why Html5 cannot be operated commercially in the gaming field.
Taking JavaScript as an example, the conventional method can only perform obfuscation processing on a JavaScript program, so that the program lacks readability and is difficult to read, but decryption only needs to be performed by anti-obfuscation. For some creative programs, for example, games need to be protected by not only JavaScript programs, but also resources of games (text, images, even game interaction data, etc.). Therefore, the traditional method cannot realize the encryption and decryption of webpage resource safety.
Disclosure of Invention
The present invention is directed to at least solving the problems of the prior art. Therefore, the invention provides a webpage resource encryption method, equipment and a storage medium. The encryption and decryption of the webpage resources can be realized, and the safety of the encrypted webpage resources can be effectively protected.
The invention provides a webpage resource encryption method, which is applied to a server and comprises the following steps:
receiving a webpage resource request instruction sent by a browser;
converting the webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adding a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted as a binary system;
carrying out information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted;
coding the third sequence to be encrypted based on a weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits;
and sending the ciphertext to the browser so that the browser decodes the ciphertext according to the weighted probability model and detects a decoding result based on a result of the information source processing.
According to the embodiment of the invention, at least the following technical effects are achieved:
(1) the traditional method only can perform confusion processing on a JavaScript program, so that the program is lack of readability and large in reading difficulty, but the decryption only needs to be performed by anti-confusion, and creative programs, such as games, need to be protected, not only the JavaScript program but also game resources are included, so that the traditional method cannot realize encryption and decryption of webpage resources. The method can realize stream encryption and data encryption, can encrypt and decrypt the webpage resources, cannot decrypt a ciphertext to obtain a correct plaintext under the condition of unknown password and password length for any attacker, can effectively protect the safety of the ciphertext, and ensures that the webpage resources are safely applied. The method has the double effects of symmetric encryption and lossless compression, and can improve the load capacity of the server by more than 10% when the webpage resources are repeatedly requested.
(2) According to the method, the random number is added before the first sequence to be encrypted, so that the random number is encoded before a certain plaintext is encoded, because the random number is unknown, the random number in front of the linear coding and decoding characteristic of the weighted probability model cannot be correctly decrypted, and the subsequent plaintext cannot be correctly decrypted, therefore, the random number plays a role of a secret key, the safety can be greatly improved, and the guarantee is promoted.
The second aspect of the present invention provides a method for encrypting web page resources, which is applied to a browser and comprises the following steps:
sending a webpage resource request instruction to a server so that the server converts webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adding a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted which is used as a binary system; the server performs information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted; enabling the server to encode the third sequence to be encrypted based on a weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits;
and receiving a ciphertext sent by the server, decoding the ciphertext according to the weighted probability model, and detecting a decoding result based on a result of the information source processing.
According to the embodiment of the invention, at least the following technical effects are achieved:
(1) the traditional method only can perform confusion processing on a JavaScript program, so that the program is lack of readability and large in reading difficulty, but the decryption only needs to be performed by anti-confusion, and creative programs, such as games, need to be protected, not only the JavaScript program but also game resources are included, so that the traditional method cannot realize encryption and decryption of webpage resources. The method can realize stream encryption and data encryption, can encrypt and decrypt the webpage resources, cannot decrypt a ciphertext to obtain a correct plaintext under the condition of unknown password and password length for any attacker, can effectively protect the safety of the ciphertext, and ensures that the webpage resources are safely applied. The method has the double effects of symmetric encryption and lossless compression, and can improve the load capacity of the server by more than 10% when the webpage resources are repeatedly requested.
(2) According to the method, the random number is added before the first sequence to be encrypted, so that the random number is encoded before a certain plaintext is encoded, because the random number is unknown, and the random number in front of the linear coding and decoding characteristic of the weighted probability model cannot be correctly decrypted, the subsequent plaintext cannot be correctly decrypted, and therefore the random number plays a role of a secret key, the safety can be greatly improved, and the guarantee is improved.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The above and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a diagram illustrating an encoding operation process of a binary weighting model according to the present invention;
FIG. 2 is a schematic diagram of a relationship between a coding rate R of the weighting model and a probability p of a symbol 0 in a sequence X according to the present invention;
FIG. 3 is a schematic representation of the present invention
Time of day and
when the formula is shown in the figure, the relation between R and p is shown in the figure;
fig. 4 is a schematic flowchart of a method for encrypting web page resources according to a first embodiment of the present invention;
FIG. 5 is a flowchart illustrating a direct decryption method based on a password according to a first embodiment of the present invention;
fig. 6 is a schematic flowchart of a method for encrypting web page resources according to a second embodiment of the present invention;
fig. 7 is a flowchart illustrating a decryption method based on authentication according to a second embodiment of the present invention;
fig. 8 is a schematic flow chart of the jielin code hash encryption according to the second embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
For facilitating understanding of those skilled in the art, before introducing the embodiment of the present invention, reasoning is performed on the principle of the technical solution of the embodiment of the present invention, which mainly includes three parts, namely, an information source processing part, a weighted probability model coding and decoding method, and an encryption coding and decoding part, and the following are specifically shown:
firstly, processing a signal source.
The source at the transmitting end generates a binary bernoulli sequence X of length n (n 1, 2. -), with all possibilities. For example: linearly replacing "1" in X with "10" results in a binary sequence Q, which then satisfies the following constraint: "the number of consecutive symbols 1 is at most 1". The sequence X is processed to obtain a sequence Q which must satisfy the condition that the number of continuous symbols 1 is at most 1. For example: x is 0110111100101, and Q is 010100101010100010010, which is obtained by "the number of consecutive symbols 1 is at most 1". From left to right, replacing "10" in sequence Q with "1" results in sequence X. The length of sequence Q is denoted as l.
And the sequence Q is encoded through a weighted probability model with the cipher length of k to obtain a cipher text, the receiving end cannot determine whether the cipher information is correct or not to perform weighted probability model decoding on the cipher text, and Y is a decoded binary sequence. There are many possibilities for sequence Y, since it is uncertain whether the cryptographic information is correct or not. However, if the sequence Y does not satisfy "the number of consecutive symbols 1 is at most 1", the cipher information is erroneous or the ciphertext data is falsified.
Let event E denote a set of sequences Y satisfying "the number of consecutive symbols 1 is at most 1", and event E has f (l) sequences Y.
When l is 1, E is (0, 1), f (1) is 2, and the complementary event is
When l is 2, E is (00, 01, 10), f (2) is 3,
when l is 3, E is (000,001, 010, 100, 101), f (3) is 5,
by analogy, when l is more than or equal to 3:
f(l)=f(l-1)+f(l-2) (1)
the probability of an available event E is:
let f (l) sequences Y in event E obey a uniform distribution, then:
then, the probability that Y ∈ E and Y ═ Q is:
p (Y ═ Q | Y ∈ E) is a wrong cipher and the probability of correct decryption is recorded as PerrI.e. Perr=P(Y=Q|Y∈E)。
Theorem 1: the sequence Y satisfies the condition that the number of continuous symbols 1 is at most 1, liml→∞Perr=0。
And (3) proving that: because the rate of l → ∞ is,
so liml→∞Perr=0。
By theorem 1, it is easy to obtain that the longer the information source X is, the probability that the plaintext is decrypted by the wrong password of the receiving end is 0. By passing
It can be judged that the encryption system is attempted to be decrypted by an illegal password. A password self-verifying password system can be constructed without the need for storage or independent verification of the password. Namely that
The password is wrong; y belongs to E, then the password is correct.
Also, since the password is self-verifiable, it provides an attacker with a way to try and error, but needs to do 2kAnd (4) trial and error. k is a custom value, and when k is large enough, the number of attempts approaches infinity. There are two main ways to increase the length of the password: (1) different bits are encrypted and encoded by adopting independent passwords; (2) and each bit of the same password is encrypted and encoded by using different parts of the password.
And secondly, a coding and decoding method of the weighted probability model.
Based on the above "source processing" section, let sequence Q be 0100100001010, sequence Q consisting of "0" and "10". Based on Markov chain or conditional probability analysis, there are two probability mass functions for symbol 0, p (0|0), p (0| 1). The symbol 1 presents a probability mass function p (1| 0). When coding, because the sequence Q is known, the probability quality function used by each symbol can be accurately selected. However, the receiving end cannot accurately select the probability mass function when decoding unknown password information. If "0" is decoded, since there are two probability mass functions for symbol 0, it is not possible to correctly select which probability mass function to decode the next symbol. When a "1" has been decoded, there is a unique choice of p (1|0) since a "1" is necessarily followed by a symbol 0. Since the probability mass function is not unique, it is not feasible to construct a cryptographic encoding method using a markov chain or a conditional probability.
Let sequence Q be 010100101010100010010. The conventional encoding method is: from left to right, replacing "10" with "1" in sequence Q gives a sequence X: 0110111100101, the sequence X is then encoded to approximate H (X), which is the entropy of the information. However, the traditional encoding method cannot encrypt during decoding, only has the function of data compression, and cannot realize password self-verification. If the sequence Q is coded, because redundant information is added, H (Q) > H (X), the traditional coding method cannot approach H (X). Because H (X) cannot be approached, redundant information in the sequence Q is not completely removed, and cracking possibility exists.
Setting presence function
p (x) is the probability of the symbol x. r characterize the morphological features of sequence Q, called weight coefficients.
Called a weighted probability mass function, based on
The structure encoding/decoding method includes:
(1) r may adopt the value given by the independent cipher when each bit is encoded; (2) r may take the value given by different parts of the same cipher when each bit is encoded.
2.1, coding a weighted probability model;
definition 2.1: let X be a discrete random variable X, X ∈ {0, 1}, P { X ═ a } ═ P (a) (a ∈ {0, 1}), and the weighted probability mass function be
p (a) is a probability mass function of the symbol a, 0 ≦ p (a ≦ 1), r is a weight coefficient, and
F(a)=∑i≤ap(i) (5)
if F (a, r) satisfies F (a, r) ═ rf (a), F (a, r) is referred to as a weighted cumulative distribution function, and is simply referred to as a weighted distribution function. It is apparent that the weighted probability sum of all symbols is
According to formula (5), F (X)i-1)=F(Xi)-p(Xi),XiWhen F (X) is 0i-1)=0,XiWhen equal to 1
Let the weighted distribution function of sequence Q be F (Q, r):
when l is 1, F (Q, r) is rF (X)1-1)+rp(X1). When l is 2, F (Q, r) ═ rF (X)1-1)+r2F(X2-1)p(X1)+r2p(X1)p(X2). When l is 3, F (Q, r) ═ rF (X)1-1)+r2F(X2-1)p(X1)+r3F(X3-1)p(X1)p(X2)+r3p(X1)p(X2)p(X3)。
Order to
When l is more than or equal to 1:
a binary weighting model, abbreviated as weighting model, is defined by the set of weighting distribution functions satisfying equation (6), and is denoted as { F (Q, r) }. Order to
Hl=F(Q,r) (7)
Wherein XiE {0, 1}, l 1, 2. When r is 1:
Hl=F(Q,1),
Ll=Hl-Rlthe available arithmetic coding (also called interval coding) is a lossless coding method based on a weighted distribution function when r is 1. The weighting model is extensible to XiE {0, 1, 2. } which is not discussed here.
Due to XiMust take the value in A, so p (X)i) Is more than or equal to 0. It is obvious that the expressions (7), (8) and (9) are interval rows. L isi,HiIs the variable X of the source sequence X at time i (i ═ 0,1, 2.. times, n)iSubscript, R, on corresponding intervali=Hi-LiIs the length of the interval. The iterative formula of the weighted probability model linear coding is as follows according to the formulas (7), (8) and (9):
let r > 1 and the 3 symbols of sequence Q starting from the i +1 position be 0,1, 0. The encoding operation procedure according to the binary weighting model of equation (11) is shown in fig. 1.
According to FIG. 1, if Hi+3>Hi+1Reason interval [ H ]i+1,Hi+3)∈[Hi+1,Hi+1+Ri+1) And [ H ]i+1,Hi+Ri) Corresponds to the symbol 1, so the i +1 th symbol 0 may beThe error is decoded to symbol 1. If H isi+3≤Hi+1Then [ L ]i+3,Hi+3)∈[Li+1,Hi+1). As in FIG. 1 [ L ]i+1,Hi+1) Uniquely corresponds to the symbol 0, so that the symbol 0 at the i +1 position is L-numberedi+3Correctly decoded, and the symbol 1 and symbol 0 at the i +2 and i +3 positions can also be correctly decoded. When r is more than 0 and less than or equal to 1, L is present at any timei+1,Hi+1)∈[Li,Hi) Lossless coding is possible. Since F (0-1) ═ 0 and F (0) ═ p (0), it can be obtained from formula (11):
because of Hi+3≤Hi+1Therefore:
let equation ar2+ br + c ═ 0, where a ═ p (1) p (0), b ═ p (0), c ═ 1, and r > 0. The positive real number satisfying the equation is
Since r is 1 when p (1) is 1-p (0) and p (1) is 0, then:
order to
rmaxIs the maximum value of r, apparently rmaxL can only be passed if the sequence Q satisfies "the number of consecutive symbols 1 is at most 1iAnd (6) complete decoding.
Let j +2( j 1,2, 3..) symbols from the i +1 th position in the sequence Q be 0,1,. and 1, 0, where j is the number of consecutive symbols 1, and j is equal to or less than 1, according to "the number of consecutive symbols 1 is at most 1". Due to Hi+j+2≤Hi+1According to formula (11) there are:
thus:
equation (16) is subtracted from equation (15) to simplify:
r-rj+2p(1)j+1+rj+2p(1)j+2≥1 (17)
p (1) is known, and r can be obtained by taking the equal sign of formula (17)max. When p (1) ═ 1 or p (0) ═ 0, r max1 is ═ 1; when 0 < p (0) < 1, j → ∞ rmax j+2p(1)j+1→0,rmax j+2p(1)j+2→ 0, then rmax→ 1. When j < 1 or r < rmaxRp (0) + r2p(0)p(1)+r3p(0)p(1)2+…+rj+1p(0)p(1)j<1。
2.2, proving the feasibility of lossless decoding;
theorem 2.2: the weighting model satisfies:
(1)Ll<Hl∧Ll<Hl-1∧...∧Ll<H1through LlThe sequence Q can be completely reduced; (2) lim (small)l→∞(Hl-Ll) 0, i.e. convergence; (3) lim (small)l→∞Hl=LlI.e. uniqueness.
Proof (1): according to formula (15), j > t or r > rmaxHas Hi+j+2>Hi+1Due to [ H ]i+j+2,Hi+1) Corresponding to symbol 1, then the (i + 1) th symbol cannot be decoded exactly as symbol 0, and does not correspond to noneThe decoding requirements are lost, so j is more than or equal to 0 and less than or equal to t, and r is more than 0 and less than or equal to rmaxMust be satisfied simultaneously. Since F (0-1, r) is 0, LI-1≥0,Ri-1Not less than 0, so LlIs a monotonous non-decreasing function. If and only if Ll∈[Ll,Hl)∧Ll∈[Ll-1,Hl-1)∧...∧Ll∈[L1,H1) When, due to [ L ]i,Hi) (i ═ 1, 2.. times, l) and variable XiIs a unique mapping relationship, so when L isl∈[Li,Hi) (i ═ 1, 2.. times, l) yields a unique symbol XiTo obtain the source sequence X, then L completelyl<Hl∧Ll<Hl-1∧...∧Ll<H1。
Proof (2): because j is less than or equal to t and r is less than or equal to rmaxIs provided with
So Hi+j+2≤Hi+1. If and only if j and r are t and rmaxWhen Hi+j+2=Hi+1. Order to
Thus Rl=∏Rj+1∏Rj...∏R2∏R1. When j is less than t and r is less than rmaxWhen this is the case, it is obtained from the formula (15)
So l → ∞ time Rl→ 0, then liml→∞(Hl-Ll)=liml→∞RlThe weighted probability model is convergent, 0.
Proof (3): { LlIs a strictly monotonic non-decreasing but bounded series of numbers, defined by a monotonic bounded theorem, given liml→∞LlIs equal to xi, and xi is more than or equal to Ll. Because liml→∞(Hl-Ll) Not greater than 0, so liml→∞Ll=liml→∞HlXi, so xi is Ll,liml→∞Hl=ξ=LlAnd L islIs unique.
Inference 2.3: is provided with
When in use
The weighted model is passed through LlThe sequence Q can be completely reduced.
And (3) proving that: according to formula (15), when
Time of flight
Then
According to the inference 2.3, because
Then
But cannot derive
Taking t as an example to be 1,
solving by substituting formula (13) when
The time equation (13) holds, and the weighting model satisfies theorem 2.2 (1). When t is 1, in sequence Q
Therefore, it is not only easy to use
So rmax-rmax j+2p(1)j+1+rmax j+2p(1)j+21(j ≦ t) is a sufficient condition for weighted model lossless coding.
2.3, weighting model information entropy;
when r is equal to 1, the compound is,
the information entropy of Q is:
H(Q)=-p(0)log2 p(0)-p(1)log2 p(1) (18)
when r ≠ 1, the definition has a weighted probability
Random variable X ofiThe self information quantity is as follows:
set of { XiIn a (i ═ 1, 2., l, a ∈ {0, 1}) there is caA. When the value of r is determined, the total information amount of the sequence Q is:
the average amount of information per symbol is then:
wherein
And
is a probability mass function of symbol 0 and symbol 1 in sequence Q. Based on the introduction of the '2.1 weighted probability model coding' and '2.2 lossless decoding feasibility test', r is less than or equal to rmaxDue to rmaxSo-log r + H (Q) < 1. Because r is greater than rmaxThe time-weighted model cannot restore the sequence Q, so r ═ rmaxWhen I (X)iAnd r) minimum. The information entropy of the weighting model is then:
2.4, coding rate of a weighting model;
according to the introduction of the weighted model information entropy of 2.3, the weighted model coding and decoding satisfy the following conditions:
(1) when encoding and decoding, the symbol 0 and the symbol 1 have unique probability quality functions p (0) and p (1); (2) r ismax1 hour-log rmax< 0, so that H (Q, r)max) < H (Q). The weighted model code is closer to h (x). (3) And V is decoded without errors, and Y belongs to B. (4) n → ∞ time l → ∞ when
V errors or password errors; when Y belongs to B and V is correct, Y is Q. (5) r ismaxAs a real number, independent password information may be implanted, or partial information of a password may be implanted.
Therefore, at the transmitting end, the sequence Q is encoded into a sequence V (ciphertext) through the weighting model, the sequence V (ciphertext) is transmitted to the receiving end through the channel, and the receiving end decodes the binary sequence Y through the weighting model through the V (ciphertext). When Y is Q, the password is correct, and the plaintext is decrypted; when Y is not equal to Q, the password is wrong, and the decryption fails.
According to equation (22), the amount of information carried by each bit in sequence Q is on average H (Q, r)max) (bit/bit), the total information amount is lH (Q, r)max) (bit). The total information content of the information source sequence X is nH (X) to (bit), and can be obtainedThe coding rate of the weighting model is as follows:
when R is 1, the result of the weighted model coding reaches the information entropy of the sequence X. Let the probability of symbol 0 in the binary bernoulli source sequence X with length n be p (p is more than or equal to 0 and less than or equal to 1). Then nH (X) ═ pn log2 p-(1-p)n log2(1-p). Obtaining a sequence Q after the treatment of the formula (2), wherein the length of the sequence Q is l ═ 2-p) n, and then
Theorem 2.4: (s → ∞, t ═ 1), when n → ∞ and
when R is equal to 1, namely, the weighted model coding reaches the information entropy. Wherein s, t respectively represent: the number of consecutive symbols 0 in sequence Q is at most s, and the number of consecutive symbols 1 in sequence Q is at most t.
And (3) proving that:
when nh (x) is n. According to the above reasoning 2.3 have
Then
From formula (23):
probability mass function of symbol 0 and symbol 1 in sequence Q
And is
When p (0) is 1 according to formula (14), r max1, p is 1; when the temperature is higher than the set temperature
When the utility model is used, the water is discharged,
theorem 2.5(s → ∞, t ═ 1), when n → ∞, R ≦ 1, i.e., the weighted model coding may reach the entropy of information.
And (3) proving that: according to formula (25)
Since p is 0. ltoreq. p.ltoreq.1, 4(1-p)2Not less than 0, 4-8p +4p2Is more than or equal to 0. Since 4-8p +4p2=(3-2p)2- (5-4p) is not less than 0, so
Due to the fact that
Can obtain the product
Then
Because of the fact that
And 2-2p is more than or equal to 0,
therefore, it is not only easy to use
I.e., lH (Q, r)max) -nH (X) is not less than 0
And thirdly, encrypting, coding and decoding.
Let the probability of a symbol 0 in a binary bernoulli source sequence X (as plaintext) of length n be p (0 ≦ p ≦ 1). The binary Bernoulli information source sequence X is processed by the information source to obtain a sequence Q, and the sequence Q is obtained according to the theorems 2.4 and 2.5
And carrying out weighted model coding on the sequence Q. Then the basic operational variables:
p (0) represents the probability of symbol 0 in sequence Q; p (1) represents the probability of symbol 1 in sequence Q;
represents the weighted probability of symbol 0 in sequence Q;
representing the weighted probability of symbol 1 in sequence Q.
3.1, the transmitting end implants the password in the weighting model weight coefficient (namely the secret key).
For example, assuming the bit length of the cipher is k, the cipher is divided into h segments, each segment containing
A bit, and an s (i-1, 2. -, h) th binary symbol is implanted into rmaxThere are many ways of doing this, a simple example is given below:
TABLE 1
Table 1 shows the implantation of a password into rmaxThe pseudo code in Algorithm (1), v needs to be initialized to 0. Where v is compared to 100 (which may be any integer customized to be greater than 100, etc.) for the purpose of bringing r closer to rmaxSo as to ensure lossless compression and encryption. When v is too large, then
Approaches to 0, r ═ rmaxSo that the weight coefficient has no any password information and no encryption effect. Therefore, it is necessary to control the magnitude of v, for example, to control 100 ≦ v ≦ 216And the like. R is obtained by Algorithm (1)maxThe relation between the encryption coding rate of the weighting model and p is shown in fig. 2 and fig. 3; FIG. 2 shows that
Then, symbols in the sequence X are interchanged; as can be taken from the figure 3, it is,
the code rate of the time-weighted model coding is minimum, and min R is 0.85108.
3.2, the transmitting end carries out an encoding process based on a weighted probability model of the implanted password;
the applicant found in the course of research that: on the premise of knowing the plaintext, the plaintext and the decrypted data are compared one by one, so that the weighting coefficient and the password used in the weighting coefficient are deduced. The main point is that the weighted probability model is the flow of linear coding and decoding in bit unit, and the cipher is implanted into the weighting coefficient, so that each bit must be the correct coefficient when encrypting and decrypting. The known plaintext can calculate a weighting coefficient through a weighting probability model theory, and the open-source encryption and decryption algorithm can know how to implant the weighting coefficient into the password, so that whether the decrypted file is the same as the plaintext or not is continuously tried and compared, and the actual password is obtained. Then the vulnerability is mainly reflected in breaking other files with known plaintext. For example, a user may encrypt more than two files using the same password, which is a subjective cause of the user, and the user may not want to remember different passwords, and one of the files is a plaintext known to the cracker. The logic loophole can be used by a cracker to deduce the encrypted coefficient and the actually used password through known plaintext, ciphertext and encryption algorithm source programs. Although the time required for this guess is long and complicated.
In order to solve the problem, the applicant researches and discovers that: during encryption and decryption, a random number with the length of t (t can be defined) bits is coded before a certain plaintext is coded. Because the random number is unknown and the random number in front of the linear coding feature of the weighted probability model cannot be decrypted correctly, the subsequent plaintext cannot be decrypted correctly. Therefore, t bits of random number play the role of a secret key, and the greater t is, the greater the difficulty of cracking is, namely 2tOnly one of these possibilities is correctly decryptable.
According to the idea of encoding random numbers with the length of t (t can be defined) bits before encoding a certain plaintext, the random numbers with t bits are encoded firstly when the weighted probability model is encoded, and then the plaintext is encoded. It is noted that the random number of t bits is different from the cipher described in Algorithm (1). The Algorithm Algorithm (2) is shown in the following table:
TABLE 2
Obtain OutBitArray through algorithmm (2), and then perform an encoding step on OutBitArray (note that OutBitArray is sequence X after integration). Coding is divided into two cases:
the weighted probability model is based on a bit-based linear encoding according to the iterative equation of the weighted probability model, i.e., equation (11) above. It should be noted that the ciphertext is obtained by the transmitting end encoding the sequence Q obtained after source processing, where the source processing procedure of the sequence X is incorporated in the encoding step (the process of "source processing" to be performed is shown in table 3 below). According to fig. 3, two cases are coded in time division:
(1) when in use
When the symbol 0 in the code sequence X is zero
Li=Li-1(ii) a The symbol 1 in the code sequence X, the actual code is "10" since the source processing of the sequence X is incorporated in the encoding step.
(2) When the temperature is higher than the set temperature
When the symbol 0 in the code sequence X is coded, the actual code "10",
when the symbol 1 in the coding sequence X
Li=Li-1。
The encryption coding logic is as follows:
TABLE 3
Table 3 shows the pseudo code for encoding the source processed sequence X based on the weighted probability model of the implant cipher. The pseudo-code is for the purpose of implementing logic, of which V, RiAnd LiEtc. are defined as real numbers of infinite precision; VBitArray output by the pseudo code of Table 3 is the ciphertext. In practical application, only the following steps are needed
And
substituting arithmetic coding (interval coding) to realize weighted model encryption coding and decoding.
3.3, the receiving end decodes the ciphertext sent by the sending end;
the decryption decoding process for the cryptographic error check is given below. Because the number of "consecutive symbols 1 in sequence X after source processing is at most 1", i.e. the number of "consecutive symbols 1 in sequence Q is at most 1". Therefore, when a ciphertext is decoded, it can be determined that a cipher error or V has been tampered when 2 or more than 2 symbols 1 are decoded consecutively. When the receiving end decrypts, the binary sequences V and c, n + t are known.
The decoding check logic is as follows:
TABLE 4
Table 4 shows the pseudo code for the receiving end to decode the ciphertext and cryptographically self-check. When Algorithm (4) returns null, the password is wrong or V is tampered with. When the Algorithm (4) does not return null, the decrypted plaintext is returned, and it should be noted that since a random number is added during encoding, the plaintext can be obtained only by discarding t bits of data during decoding. According to the theorem 2.5, the method can reach the information entropy, so the method has lossless compression and encryption functions, and the probability of each symbol of the coded ciphertext is equal. Wherein, the cipher array SecretkeyBitAlrray with the length of k is generated by the system or given by the user.
VBITARray, c and n are known to the attacker and the password is protected or private. Since c and n are known, an attacker can formulate r bymaxHowever, since the password and the length of the password are unknown, the correct r cannot be obtained by Algorithm (1). Since the weighting model is a linear coding and decoding process, the next symbol must be correctly decrypted when decoding the next symbol, as shown in equation (11), so that the wrong r causes
And
and an error, thereby decrypting the erroneous symbol. The method is also safe because each symbol or each part of symbols uses different r, and thus r cannot be approximated or guessed.
And when encrypting and decrypting, a random number with the length of t bits is coded before a certain plaintext is coded. Because the random number is unknown and the random number in front of the linear coding feature of the weighted probability model cannot be decrypted correctly, the subsequent plaintext cannot be decrypted correctly. Therefore, the random number with t bits plays the role of a secret key, and the greater t is, the greater the difficulty of cracking is. This further proves that the present method is sufficiently safe.
The examples section;
referring to fig. 4 and 5, a first embodiment of the present invention provides a method for encrypting web page resources, including the following steps:
s101, the server receives a webpage resource request instruction sent by the browser.
The browser and the server can be transmitted through an http protocol or an https protocol.
S102, the server converts the webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adds a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted which is used as a binary system.
In this step, the web page resource can be represented in bytes (i.e., in plaintext). The purpose of adding a random number here before the first sequence to be encrypted is: the random number with the length of t bits is coded before a certain plaintext is coded, because the random number is unknown, and the random number in front of the linear coding and decoding characteristic of the weighted probability model cannot be correctly decrypted, the subsequent plaintext cannot be correctly decrypted, so that the random numbers with t bits play a role of a secret key, the safety can be greatly improved, and the guarantee is improved.
S103, the server performs information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted.
The information source processing enables the browser to detect whether the decoded sequence has the situation that the password information is wrong or the ciphertext data is tampered. As an optional implementation manner, after performing source processing on the second sequence to be encrypted, the present embodiment makes the number of consecutive symbols 1 in the third sequence to be encrypted be at most 1.
S104, the server encodes the third sequence to be encrypted based on the weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits.
The encoding process in step S104 is as follows:
when in use
By passing
And Li=Li-1Coding a symbol 0 in the third sequence to be encrypted; by passing
And
the symbols 10 in the third sequence to be encrypted are encoded.
When in use
By passing
And
encoding the symbols 10 in the third sequence to be encrypted; by passing
And Li=Li-1The symbol 1 in the third sequence to be encrypted is encoded.
Wherein p represents the probability of the symbol 0 in the second sequence to be encrypted; rI,Li,Ri-1,Li-1Encoding parameters respectively representing corresponding bit positions; r0=1,L0=0,i∈(0,1,2,...,n);
p (1) represents the probability of symbol 1 in the third sequence to be encrypted; p (0) represents the probability of symbol 0 in the third sequence to be encrypted;
rmaxis the maximum value of the weight coefficient, rmaxIn which a binary cipher is implanted. Specific encoding procedures can be found in Algorithm (3) above. Wherein the binary cipher is greater than or equal to 512 bits to satisfy the encryption process for random encryption and lossless compression. It should be noted that, compared with encryption using symmetric encryption such as AES, SM4, DES3, etc., the advantage of the method is that lossless compression capability is provided while encryption is performed, and when a web resource repeat request is made, the load capacity of the server can be increased by more than 10%.
S105, the server sends the ciphertext to the browser.
The cipher text is transmitted in a recessive mode, and parameters required by decoding the cipher text are transmitted to the browser in a recessive mode.
S106, the browser decodes the ciphertext according to the weighted probability model, and detects a decoding result based on a result of information source processing.
The specific decoding and detecting process can be referred to the above Algorithm (4), which will not be described in detail here. The detection process is for example: in step S103, source processing is performed, so that the number of consecutive symbols 1 in the third sequence to be encrypted is at most 1, and if the decoded result does not meet the constraint condition that the number of consecutive symbols 1 is at most 1, an error inevitably occurs in decoding. The browser can package the weighted probability model into a program and can directly call the program when in use.
And S107, if the correct decoding result is obtained, the browser displays the decoding result.
It should be noted that after the decoding result is detected in step S106, if the decoding result is correct, the decoding result also needs to be processed by an anti-random number and an anti-source, that is, the random number added in the encoding process and the source processing data added in the encoding process are removed at the corresponding position, so as to obtain a plaintext converted from the web resource, and finally, the web resource is displayed on the browser.
The above steps S101 to S107 have the following advantageous effects:
for an attacker, even if the information such as the ciphertext, the ciphertext length, the number of the symbols 0 in the first sequence to be encrypted and the like is known, but the password is protected or private, the length of the password and the password are given by a system or a user, which cannot be accurately known by the attacker, and the attacker can obtain r through a formulamaxHowever, since the password and the length of the password are unknown, the correct r cannot be obtained by Algorithm (1). Since the weighting model is a linear encoding/decoding process, the following symbol must be correctly decrypted when decoding the preceding symbol, as shown in the above equation (11), so that the wrong r causes
And
and an error, thereby decrypting the erroneous symbol. Moreover, the method is safe because each symbol or each part of symbols can use different r when encoding, and thus r cannot be approximated or guessed. That is, the attacker cannot decrypt the ciphertext to obtain correct plaintext without knowing the password and the length of the password.
(1) The traditional method only can perform confusion processing on a JavaScript program, so that the program is lack of readability and large in reading difficulty, but the decryption only needs to be performed by anti-confusion, and creative programs, such as games, need to be protected, not only the JavaScript program but also game resources are included, so that the traditional method cannot realize encryption and decryption of webpage resources. The method can realize stream encryption and data encryption, can encrypt and decrypt the webpage resources, cannot decrypt a ciphertext to obtain a correct plaintext under the condition of unknown password and password length for any attacker, can effectively protect the safety of the ciphertext, and ensures that the webpage resources are safely applied. The method has the double effects of symmetric encryption and lossless compression, and can improve the load capacity of the server by more than 10% when the webpage resources are repeatedly requested.
(2) The random number is added before the first sequence to be encrypted, so that the random number with the length of t bits is coded before a certain plaintext is coded, because the random number is unknown, and the random number in front of the linear coding and decoding characteristic of the weighted probability model cannot be correctly decrypted, the subsequent plaintext cannot be correctly decrypted, and therefore, the random number with t bits plays a role of a secret key, the safety can be greatly improved, and the guarantee is promoted.
Referring to fig. 6 and 7, a second embodiment of the present invention provides a method for encrypting web page resources, including the following steps:
s201, the server receives a webpage resource request instruction sent by the browser.
S202, the server converts the webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adds a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted which is used as a binary system.
S203, the server performs information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted.
S204, the server encodes the third sequence to be encrypted based on the weighted probability model to obtain a ciphertext, wherein a binary cipher is implanted into the weight coefficient of the weighted probability model, and the binary cipher is more than or equal to 512 bits.
S205, the server sets the unique identification of the signature, and encrypts the unique identification through the Jielin code to obtain a hash value.
Referring to fig. 8, as an alternative embodiment, the encryption of the unique identifier by the jalin code includes the following steps (the symbolic representation used in the step is different from the symbolic representation used in the above steps S201 to S205):
s2051, converting the unique identifier into a binary sequence;
s2052, setting positive real number r to 2H(x)-LenH (X) is the normalized information entropy of the binary sequence,len is the digital fingerprint length of a preset binary sequence;
s2053, for the ith bit symbol x in the binary sequence, according to the coding formula Ri=Ri-1rp(x),Li=Li-1+Ri-1F (x-1, r) is encoded, and L after encoding is outputiAs a hash value; coding variable RiIs 1, encodes a variable LiIs 0; p (x) is the normalized probability of the symbol x, and F (x-1, r) is the non-normalized distribution function of the symbol x-1.
The process from step S2051 to step S2053 is a jilin code hash algorithm, which is well known in the art and will not be described in detail herein. It should be noted that the symbolic representation used in the jalin code hash encryption/decryption process described herein is different from the symbolic representation used in the weighted probability model encryption/decryption, and the symbolic representation in fig. 8 is the same, please note the distinction. It should be noted that hash algorithms such as SM3, MD5, MAC, SHA, and the like may also be used instead of the jilin code hash algorithm, but these hash algorithms have fixed hash value lengths, and the hash value lengths cannot be automatically adjusted according to the load capacity of the actual system.
S206, the server sends the ciphertext and the hash value to the browser.
And S207, the browser sends an authentication request instruction of the hash value to the server.
And S208, the server authenticates the hash value based on the authentication request instruction, and if the authentication is successful, the server sends an authentication success instruction to the browser.
S209, the browser decodes the ciphertext according to the weighted probability model based on the authentication success command, and detects a decoding result based on the result of the information source processing.
And S210, if a correct decoding result is obtained, the browser displays the decoding result.
Compared with the first embodiment, the first embodiment is to complete communication directly by means of encryption and decryption of the password, and the embodiment adds a step of signature unique identification and authentication of the server on the basis of the first embodiment. In this embodiment, the ciphertext completed by the server may be stolen by another website and installed in the website after the ciphertext is received by the browser in the channel, and in such a case, because the program developer and the operating platform (and the server system of the operating platform) are authenticated and unique by real name, when the unique identifier is used to perform hash check with the server, decryption and operation are performed, so that security is ensured, and tampering is prevented. But also ensures that the current connection and the visitor are authenticated by the correct and unique server, and that the encrypted file of the server is not infected by virus (because the ciphertext is wrong or the hash value is different after the virus infection). It should be noted that the advantageous effects of the present embodiment and the first embodiment are not repeated herein.
Based on the first embodiment and the second embodiment, the server and the browser are transmitted through https protocol. Unlike the https protocol, the methods of the first and second embodiments protect the resources that the page needs to display. While traditional https only protects the security of page resources at the time of transmission. The method of the first embodiment or the method of the second embodiment in combination with the http protocol transmission can make up for the security of the whole page resource, and the security is higher than that using the http protocol.
To facilitate a full understanding of the contents of the first and second embodiments by those skilled in the art, one embodiment is provided below. In a third embodiment of the present invention, a Web resource encryption system includes two parts, which are an encryption program at a server side and a JavaScript decryption program at a Web side (i.e., a browser side). Considering the WebAssembly technology as a browser technology "execute JavaScript correctly" start, it provides a platform-independent runtime whose binaries can be compiled from many different languages and can run on any platform supported by the runtime (without any further modification or recompilation). Obviously, as a compiling technology, the WebAssembly aims at not the inherent security property of the JavaScript source code, but a supporting technology to extend the support of the browser for other languages. The method comprises the following specific steps:
firstly, a server side;
encrypting webpage resources (such as javascript, html, css, byte data of images, audios and videos, characters required to be displayed by webpages and the like) into a ciphertext, and writing the ciphertext into a xxx.
function test(){
alert ("jerlin code web resource encryption"); }
1) Setting the unique identifier of the signature: com (which may be a telephone number, a user name, a domain name, or a certificate number, etc.), the unique identifier may be hashed by jielin code hash encryption (see fig. 8).
2) Setting a password: 123456. the password can be any digital information, if the password is a symbol, the symbol can be converted into a number through binary system, and then the number is added into r of the weighted probability modelmaxPerforming the following steps; and then taking the javascript program in the example as a plaintext in a byte form, adding a random number with a set length in front of the plaintext, carrying out information source processing, and finally carrying out weighted probability model symmetric encryption to obtain a ciphertext. The specific process can be seen in Algorithm (1) to Algorithm (3) of the above principle section. The exemplary source code can be encrypted into a ciphertext through the two steps, and the ciphertext is in the following form:
var Datas=[34,124,6,241,17,181,15,178,156,15,177,15,183,23,23,88,223,174,45,107,45,232,141,105,185,194,189,31,113,2,32,207,237,213,217,118,7,100,139,34,107,187,250,5,188,173,12,5,22,56,219,243,3,145,19,132,238,151,27,1,237,182,145,192,253,143,215,220,163,100,161,213,161,139,157,228,145,53,30,171,80,80,100,243,151,207,6,97,55,64,40,31,42,130,202,233,231,115,59,65,239,230,228,217,200,138,27,69,59,196,54,147,228,65,78,44,35,1,208,0,98,70,58,66,171,88,211,166,112,20,121,171,209,12,8,225,140,42,247,244,35,169,206,66,232,60,41,187,246,198,218,110,103,147,36,239,70,70,131,244,166,105,117,175,135,28,216,244,65,197,6,197,48,221,246,153,197,168,161,210,78,74,139,41,24,207,229,137,184,238,200,192,50,141,35,20,133,235,83,16,255,123,53,197,148,107,202,57,25,39,34,106,234,146,176,172,129,153,13,253,204,15,255,164,76,192,92,219,93,37,117,109,165,213,50,65,67,189,231,97,139,152,122,0];
3) the ciphertext is stored in xxx.
V/encrypted data, the encrypted data has at least 64 bytes of extra key, and the length of the key is random
var Datas=[34,124,6,241,17,181,15,178,156,15,177,15,183,23,23,88,223,174,45,107,45,232,141,105,185,194,189,31,113,2,32,207,237,213,217,118,7,100,139,34,107,187,250,5,188,173,12,5,22,56,219,243,3,145,19,132,238,151,27,1,237,182,145,192,253,143,215,220,163,100,161,213,161,139,157,228,145,53,30,171,80,80,100,243,151,207,6,97,55,64,40,31,42,130,202,233,231,115,59,65,239,230,228,217,200,138,27,69,59,196,54,147,228,65,78,44,35,1,208,0,98,70,58,66,171,88,211,166,112,20,121,171,209,12,8,225,140,42,247,244,35,169,206,66,232,60,41,187,246,198,218,110,103,147,36,239,70,70,131,244,166,105,117,175,135,28,216,244,65,197,6,197,48,221,246,153,197,168,161,210,78,74,139,41,24,207,229,137,184,238,200,192,50,141,35,20,133,235,83,16,255,123,53,197,148,107,202,57,25,39,34,106,234,146,176,172,129,153,13,253,204,15,255,164,76,192,92,219,93,37,117,109,165,213,50,65,67,189,231,97,139,152,122,0];
var Decryptionbytes=JielinCodeDecryption(Datas);
The above is the information in xxx. The following codes can also be added into the html page of the web system:
<script language="javascript">
var unique_sign="jielincode.com";
var Datas=[34,124,6,241,17,181,15,178,156,15,177,15,183,23,23,88,223,174,45,107,45,232,141,105,185,194,189,31,113,2,32,207,237,213,217,118,7,100,139,34,107,187,250,5,188,173,12,5,22,56,219,243,3,145,19,132,238,151,27,1,237,182,145,192,253,143,215,220,163,100,161,213,161,139,157,228,145,53,30,171,80,80,100,243,151,207,6,97,55,64,40,31,42,130,202,233,231,115,59,65,239,230,228,217,200,138,27,69,59,196,54,147,228,65,78,44,35,1,208,0,98,70,58,66,171,88,211,166,112,20,121,171,209,12,8,225,140,42,247,244,35,169,206,66,232,60,41,187,246,198,218,110,103,147,36,239,70,70,131,244,166,105,117,175,135,28,216,244,65,197,6,197,48,221,246,153,197,168,161,210,78,74,139,41,24,207,229,137,184,238,200,192,50,141,35,20,133,235,83,16,255,123,53,197,148,107,202,57,25,39,34,106,234,146,176,172,129,153,13,253,204,15,255,164,76,192,92,219,93,37,117,109,165,213,50,65,67,189,231,97,139,152,122,0];
var Decryptionbytes=JielinCodeDecryption(Datas);
</script>
the unique _ sign is a unique identifier, the browser pushes the unique identifier to the server for uniqueness check (namely signature check) through a Get or post method after obtaining the unique identifier, it is ensured that the current connection and the visitor pass through correct and unique server authentication, it is ensured that the encrypted file of the server is not infected with viruses (because the ciphertext is wrong or the hash value of the file is different after the virus infection), and the specific method will be described in detail in the browser part. The data is a cipher text which contains signature data and encrypted and encoded bytes, and because the embodiment adopts the password of 512 bits to 768 bits and the signature of 64 bytes, the small file is larger after encrypted and encoded, and the large file can realize lossless compression. Jielinncodedecryption is a decryption function that can be run in the browser.
4) Xxx.js files are contained between < head > </head > of a certain webpage (such as test. html) in a browser, the method is as follows:
< script src >
The relative path of the server refers to (same below): http:// domain name/Web server current js file located folder-
5) Html < head > </head > contains jielin codedecryption min. js files, and the program has an open source program for weighted probability model symmetric decryption (see Algorithm (4) above) and jilin code hash check.
< script src ═ relative Path of Server/JeilinCodeDecryption _ min. js "> < script >
Html is a Web page on a Web server.
Secondly, a Web end;
html page is analyzed by browser to obtain jielin codedecryption _ min.js and xxx.js, wherein jielin codedecryption _ min.js is a source program for symmetric decryption and hash check, and js is encrypted by yunoncompressor and close-component, so that the browser can correctly identify and run a decryption program. Js is decrypted by calling a jielincocoddedecryption (datas) function. Expressed in a step-wise manner as:
1) html webpage is obtained by the browser through the domain name;
2) html is obtained by the browser through kernel analysis test.html to obtain jielin codedecryption _ min.js and xxx.js;
3) js, data is decrypted by the jielincocordedecryption function, where unique _ sign must be correct.
Obviously, the above 3 steps complete the direct decryption flow of fig. 5.
The security protection of the web page resource is encryption on one hand and authentication on the other hand, namely that the current access is performed based on the correct domain name or not.
For example, the encrypted files jielinncodedecryption _ min.js and xxx.js can be stolen by other websites and installed in the websites. When the situation occurs, because the program developer and the operating platform (and the server system of the operating platform) are authenticated by real names and are unique, the security can be guaranteed by performing decryption and operation after the hash check of the unique identifier and the server is completed. Because the browser cannot know whether the current program is a stolen source program, the method for signature authentication between the browser and the server is as follows:
1) the browser gets jielin codedecryption min. js and xxx. js, since the unique identifier exists in xxx. js, the jielin codedecryption function can be decrypted correctly. At this time, a callback verification function needs to be provided in the encrypted javascript program, and the callback verification function is provided for programmers to develop. Such as the following function:
and then, the whole source program is encoded into a ciphertext by using symmetric encryption, and because the source program adopts javascript' eval (decryption bytes) functions (wherein decryption bytes are decrypted source codes), the functions have the maximum characteristic that the functions can be called after decryption, and the decrypted source program cannot be viewed.
2) The unique identifier and the corresponding hash algorithm need to be pushed to the server in the callback function, and the server side verifies the unique identifier and the corresponding hash value pushed back by the browser. By taking unique _ sign as an example of a domain name and java as an example of a server side, a unique and correct identifier is stored by the server side through the following steps:
String url=request.getRequestURL();
and acquiring whether the current access is carried out through the correct domain name, if the url is the same as the unique _ sign, returning to pass the check, and otherwise, returning to fail. The uniqueness of callback verification can be ensured by adopting a hash algorithm, and repeated submission is avoided.
3) Executing eval (decryption bytes) function, if the return check is not passed, not decrypting the core source code, otherwise, decrypting the application.
The javascript source program is a core code with webpage effect and interaction, so the javascript is taken as an example of a webpage resource encryption system, and the server side is also a callback explanation which is only java as an example, but does not represent that only javascript and java application can be performed.
According to a fourth embodiment of the present invention, a web resource encryption device is provided, which may be any type of intelligent terminal, such as a mobile phone, a tablet computer, a personal computer, and so on. Specifically, the apparatus includes: one or more control processors and memory, here exemplified by a control processor. The control processor and the memory may be connected by a bus or other means, here exemplified by a connection via a bus.
The memory, which is a non-transitory computer readable storage medium, may be used to store non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the web resource encryption device in the embodiments of the present invention. The control processor implements the web page resource encryption method of the above method embodiments by running non-transitory software programs, instructions, and modules stored in the memory.
The memory may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the memory may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory located remotely from the control processor, and the remote memory may be connected to the web resource encryption device via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory and, when executed by the one or more control processors, perform the web page resource encryption method of the above embodiments.
The embodiment of the invention also provides a computer-readable storage medium, wherein the computer-readable storage medium stores computer-executable instructions, and the computer-executable instructions are used for one or more control processors to execute the webpage resource encryption method in the embodiment.
Through the above description of the embodiments, those skilled in the art can clearly understand that the embodiments can be implemented by software plus a general hardware platform. Those skilled in the art will appreciate that all or part of the processes in the methods of the above embodiments may be implemented by hardware that is related to instructions of a computer program, and the computer program may be stored in a computer-readable storage medium, and when executed, the computer program may include the processes of the embodiments of the methods. The storage medium may be a magnetic disk, an optical disk, a Read Only Memory (ROM), a Random Access Memory (RAM), or the like.
While embodiments of the present invention have been shown and described, it will be understood by those of ordinary skill in the art that: various changes, modifications, substitutions and alterations can be made to the embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the claims and their equivalents.
Claims (8)
1. A webpage resource encryption method is applied to a server and comprises the following steps:
receiving a webpage resource request instruction sent by a browser;
converting the webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adding a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted as a binary system;
performing information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted, wherein the information source processing means that the symbols 1 in the second sequence to be encrypted are replaced by the symbols 10, so that the number of the continuous symbols 1 in the third sequence to be encrypted is at most 1;
coding the third sequence to be encrypted based on a weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits; wherein encoding the third sequence to be encrypted based on a weighted probability model comprises:
when in use
By passing
And Li=Li-1Encoding a symbol 0 in the third sequence to be encrypted; by passing
And
encoding the symbols 10 in the third sequence to be encrypted; and when
By passing
And
encoding the symbols 10 in the third sequence to be encrypted; by passing
And Li=Li-1Encoding a symbol 1 in the third sequence to be encrypted; wherein p represents the probability of the symbol 0 in the second sequence to be encrypted; the R isi,Li,Ri-1,Li-1Encoding parameters respectively representing corresponding bit positions; the R is0=1,L00, i ∈ (0,1,2, …, n); the above-mentioned
The described
P (1) represents the probability of symbol 1 in the third sequence to be encrypted; p (0) represents the probability of the symbol 0 in the third sequence to be encrypted; the above-mentioned
Said rmaxIs the maximum value of the weight coefficient, rmaxIn which the binary password is implanted;
and sending the ciphertext to the browser, so that the browser decodes the ciphertext according to the weighted probability model, and detects a decoding result based on a result of the information source processing, wherein the detection of the decoding result means that whether the decoding result satisfies the number of the continuous symbols 1 which is at most 1 is judged.
2. The web page resource encryption method according to claim 1, further comprising the steps of:
setting a unique identifier of a signature, and encrypting the unique identifier through a Jielin code to obtain a hash value; encrypting the unique identifier through the jielin code to obtain a hash value, wherein the step of encrypting the unique identifier through the jielin code comprises the following steps:
converting the unique identifier into a binary sequence; setting a positive real number r to 2H(X)-LenH (x) is the normalized information entropy of the binary sequence, and Len is the preset digital fingerprint length of the binary sequence; for the ith bit symbol x in the binary sequence, according to a coding formula Ri=Ri-1rp(x),Li=Li-1+Ri-1F (x-1, r) is encoded, and l after encoding is outputiAs the hash value; coding variable RiIs 1, encodes a variable LiIs 0; said p (x) is the normalized probability of the symbol x, said F (x-1, r) is the non-normalized distribution function of the symbol x-1;
sending the hash value to the browser, so that the browser sends an authentication request instruction of the hash value to the server before decoding the ciphertext;
and authenticating the hash value according to the authentication request instruction, and if the authentication is successful, sending an authentication success instruction to the browser so that the browser decodes the ciphertext according to the weighted probability model.
3. A method for encrypting web page resources according to claim 1, wherein the web page resources include web page programs and web page contents.
4. A method for encrypting web page resources according to claim 1, wherein the server and the browser are transmitted by https protocol.
5. A webpage resource encryption method is characterized by being applied to a browser and comprising the following steps:
sending a webpage resource request instruction to a server so that the server converts webpage resources corresponding to the webpage resource request instruction into a first sequence to be encrypted according to the webpage resource request instruction, and adding a random number before the first sequence to be encrypted to obtain a second sequence to be encrypted as a binary system; performing, by the server, information source processing on the second sequence to be encrypted to obtain a third sequence to be encrypted, where the information source processing is to replace a symbol 1 in the second sequence to be encrypted with a symbol 10, so that the number of consecutive symbols 1 in the third sequence to be encrypted is at most 1; enabling the server to encode the third sequence to be encrypted based on a weighted probability model to obtain a ciphertext, wherein binary ciphers are implanted into weight coefficients of the weighted probability model and are more than or equal to 512 bits; wherein encoding the third sequence to be encrypted based on a weighted probability model comprises:
when in use
By passing
And Li=Li-1Encoding a symbol 0 in the third sequence to be encrypted; by passing
And
encoding the symbols 10 in the third sequence to be encrypted; and when
By passing
And
encoding the symbol 10 in the third sequence to be encrypted; by passing
And Li=Li-1Encoding a symbol 1 in the third sequence to be encrypted; wherein p represents the probability of the symbol 0 in the second sequence to be encrypted; the R isi,Li,Ri-1,Li-1Encoding parameters respectively representing corresponding bit positions; the R is0=1,L00, i ∈ (0,1,2, …, n); the above-mentioned
The above-mentioned
The p (1) represents the probability of the symbol 1 in the third sequence to be encrypted; p (0) represents the probability of the symbol 0 in the third sequence to be encrypted; the above-mentioned
R ismaxIs the maximum value of the weight coefficient, rmaxIn which the binary password is implanted;
and receiving the ciphertext sent by the server, decoding the ciphertext according to the weighted probability model, and detecting a decoding result based on a result processed by the information source, wherein the detection of the decoding result means that whether the decoding result meets the number of the continuous symbols 1 which is at most 1 is judged.
6. The web page resource encryption method according to claim 5, further comprising the steps of:
receiving a hash value sent by the server, wherein the hash value is obtained by setting a unique signature of a signature by the server and encrypting the unique signature by a Jielin code; wherein encrypting the unique identifier by jilin code comprises:
converting the unique identifier into a binary sequence; setting a positive real number r to 2H(X)-LenH (x) is the normalized information entropy of the binary sequence, and Len is the preset digital fingerprint length of the binary sequence; for the ith bit symbol x in the binary sequence, according to a coding formula Ri=Ri-1rp(x),Li=Li-1+Ri-1F (x-1, r) is encoded, and l after encoding is outputiAs the hash value; coding variable RiIs 1, encodes a variable LiIs 0; said p (x) is the normalized probability of the symbol x, said F (x-1, r) is the non-normalized distribution function of the symbol x-1;
sending an authentication request instruction of the hash value to the server, wherein the authentication request instruction is used for enabling the server to authenticate the hash value;
and receiving an authentication success instruction sent by the server, and decoding the ciphertext according to the weighted probability model.
7. A web resource encryption device, comprising: at least one control processor and a memory for communicative connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform a web resource encryption method of any one of claims 1 to 4 and/or a web resource encryption method of any one of claims 5 to 6.
8. A computer-readable storage medium having stored thereon computer-executable instructions for causing a computer to perform a method for encrypting a web resource according to any one of claims 1 to 4 and/or a method for encrypting a web resource according to any one of claims 5 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110495532.7A CN113297591B (en) | 2021-05-07 | 2021-05-07 | Webpage resource encryption method, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110495532.7A CN113297591B (en) | 2021-05-07 | 2021-05-07 | Webpage resource encryption method, equipment and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113297591A CN113297591A (en) | 2021-08-24 |
| CN113297591B true CN113297591B (en) | 2022-05-31 |
Family
ID=77320984
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110495532.7A Active CN113297591B (en) | 2021-05-07 | 2021-05-07 | Webpage resource encryption method, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113297591B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113922946B (en) * | 2021-09-06 | 2024-02-13 | 湖南遥昇通信技术有限公司 | SM 3-based data encryption method, system, equipment and medium |
| CN113922947B (en) * | 2021-09-18 | 2023-11-21 | 湖南遥昇通信技术有限公司 | Self-adaptive symmetrical coding method and system based on weighted probability model |
| CN113938273B (en) * | 2021-09-30 | 2024-02-13 | 湖南遥昇通信技术有限公司 | Symmetric encryption method and system capable of resisting quantitative parallel computing attack |
| CN114039718B (en) * | 2021-10-18 | 2023-12-19 | 湖南遥昇通信技术有限公司 | Hash coding method and system of self-adaptive weighted probability model |
| CN114189324B (en) * | 2021-11-12 | 2024-03-22 | 湖南遥昇通信技术有限公司 | Message security signature method, system, equipment and storage medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111222177A (en) * | 2020-01-13 | 2020-06-02 | 湖南遥昇通信技术有限公司 | Digital fingerprint processing and signature processing method |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10289819B2 (en) * | 2015-08-12 | 2019-05-14 | Kryptowire LLC | Active authentication of users |
| CN109495211B (en) * | 2018-09-30 | 2020-12-29 | 湖南瑞利德信息科技有限公司 | Channel coding and decoding method |
| CN109711173B (en) * | 2019-02-03 | 2020-10-09 | 北京大学 | Password file leakage detection method |
| CN110717151B (en) * | 2019-09-04 | 2021-05-04 | 湖南遥昇通信技术有限公司 | Digital fingerprint processing and signature processing method |
| CN110688092B (en) * | 2019-09-04 | 2021-08-17 | 湖南遥昇通信技术有限公司 | Random number generation method, device, equipment and storage medium |
| CN112039531A (en) * | 2020-08-26 | 2020-12-04 | 湖南遥昇通信技术有限公司 | Jielin code error correction optimization method and device |
-
2021
- 2021-05-07 CN CN202110495532.7A patent/CN113297591B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111222177A (en) * | 2020-01-13 | 2020-06-02 | 湖南遥昇通信技术有限公司 | Digital fingerprint processing and signature processing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113297591A (en) | 2021-08-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113297591B (en) | Webpage resource encryption method, equipment and storage medium | |
| JP6810348B2 (en) | Cryptographic data processing method, cryptographic data processing device and cryptographic data processing program | |
| CN110868287B (en) | Authentication encryption ciphertext coding method, system, device and storage medium | |
| CN112865961B (en) | Symmetric encryption method, system and equipment based on weighted probability model | |
| CN112202754B (en) | Data encryption method and device, electronic equipment and storage medium | |
| JP2016521875A (en) | Data protection | |
| JP2017076839A (en) | Encryption processing method, encryption processing apparatus, and encryption processing program | |
| JP2004534333A (en) | Integrated protection method and system for distributed data processing in computer networks | |
| WO2022193620A1 (en) | Encoding method and apparatus for network file protection, and decoding method and apparatus for network file protection | |
| Pavithran et al. | A novel cryptosystem based on DNA cryptography, hyperchaotic systems and a randomly generated Moore machine for cyber physical systems | |
| JP2011135464A (en) | Authentication system, authentication apparatus, terminal device, authentication method and program | |
| WO2018038444A1 (en) | Method and device for registering and authenticating biometric code | |
| Nguyen et al. | Privacy preserving biometric‐based remote authentication with secure processing unit on untrusted server | |
| Mihaljević et al. | Security evaluation and design elements for a class of randomised encryptions | |
| CN113556381B (en) | Optimization method of HTTP request, terminal and storage medium | |
| CN114584291B (en) | Key protection method, device, equipment and storage medium based on HMAC algorithm | |
| Babamir et al. | Dynamic digest based authentication for client–server systems using biometric verification | |
| CN114329415A (en) | Mobile Web login password encryption method based on random image scheme | |
| Banga et al. | Protecting User Credentials against SQL Injection through Cryptography and Image Steganography | |
| CN115103357B (en) | 5G communication encryption system based on FPGA | |
| Arjona López et al. | Post-quantum biometric authentication based on homomorphic encryption and classic McEliece | |
| JP2015154291A (en) | Eigen-device information generation apparatus, eigen-device information generation system and eigen-device information generation method | |
| CN115460020B (en) | Data sharing method, device, equipment and storage medium | |
| CN116866029B (en) | Random number encryption data transmission method, device, computer equipment and storage medium | |
| CN116170131B (en) | Ciphertext processing method, ciphertext processing device, storage medium and trusted execution device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |