CN115102712B - Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium - Google Patents

Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115102712B
CN115102712B CN202210534628.4A CN202210534628A CN115102712B CN 115102712 B CN115102712 B CN 115102712B CN 202210534628 A CN202210534628 A CN 202210534628A CN 115102712 B CN115102712 B CN 115102712B
Authority
CN
China
Prior art keywords
terminal
access request
request
identification mark
identification
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210534628.4A
Other languages
Chinese (zh)
Other versions
CN115102712A (en
Inventor
刘勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210534628.4A priority Critical patent/CN115102712B/en
Publication of CN115102712A publication Critical patent/CN115102712A/en
Application granted granted Critical
Publication of CN115102712B publication Critical patent/CN115102712B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1458Denial of Service

Abstract

A method, a device, an electronic device and a storage medium for enhanced terminal identification, wherein the method comprises the following steps: s1, confirming whether an access request is an initial request or a subsequent request; s2, if the access request is an initial request, a processing module and an identification mark are issued to a terminal sending the access request, and the processing module is used for realizing the following steps when the terminal runs: s21, acquiring and storing terminal attributes and identification marks of the terminal; s22, attaching the terminal attribute and the identification mark to an access request sent by the terminal; s3, if the request is a subsequent request, acquiring terminal attributes and identification marks on the access request, and judging whether the subsequent request is received for the first time; s4, if yes, correspondingly storing the access request, the terminal attribute and the identification mark on a request list; s5, if not, confirming whether the access request and the access request in the request list are sent by the same terminal. The method and the device can improve the marking capability of the terminal and prevent various malicious access behaviors initiated by tampering with the terminal attribute.

Description

Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium
Technical Field
The invention belongs to the technical field of network security, and particularly relates to a method and device for enhancing terminal identification, electronic equipment and a storage medium.
Background
Many services are required to be accessed through a mobile terminal in digital economy, and many security technologies identify the mobile terminal to record and analyze access requests from the terminal. The existing terminal identification technology is based on the attribute (hardware information or system information) of the equipment, so that the possibility of being deceived and bypassed exists, and an attacker and a malicious visitor can tamper the corresponding terminal attribute through a machine changing tool or a similar tool to bypass the traditional terminal identification method, thereby generating a large number of imitated terminals to access an application system on the Internet, initiating various malicious access behaviors, and implementing attack behaviors including library collision attack, DDOS attack, web crawlers, sheep wool and the like to cause service damage to the application system.
Disclosure of Invention
The invention aims to provide an enhanced terminal identification method, an enhanced terminal identification device, electronic equipment and a storage medium, which can improve the marking capability of a terminal and prevent various malicious access behaviors initiated by tampering with terminal attributes.
The invention is realized by the following technical scheme:
A method of enhanced terminal identification, comprising the steps of:
s1, when an access request sent to a server is received, confirming whether the access request is an initial request or a subsequent request;
S2, if the access request is an initial request, a pre-stored processing module is obtained, an identification mark is generated, the processing module and the identification mark are issued to a terminal sending the access request, and the processing module is used for realizing the following steps when the terminal runs:
S21, acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately;
s22, when the terminal is detected to send out an access request, reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent out by the terminal;
S3, if the access request is a subsequent request, acquiring a terminal attribute and an identification mark attached to the access request, and judging whether the subsequent request is received for the first time;
S4, if so, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list;
s5, if not, comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirming whether the access request and the access request in the request list are sent by the same terminal.
Further, step S5 includes:
Sequentially selecting a target access request from the access requests in the request list;
Judging whether the acquired terminal attribute is the same as the terminal attribute of the target access request or not, and judging whether the acquired identification mark is the same as the identification mark of the target access request or not;
if the access request and the target access request are different, the received access request and the target access request are sent by different terminals, otherwise, the received access request and the target access request are sent by the same terminal.
Further, step S21 includes:
Acquiring terminal attributes of a terminal, encrypting the terminal attributes and the identification marks through a first encryption algorithm, and storing the encrypted terminal attributes and the encrypted identification marks on the terminal separately;
step S22 includes:
when detecting that the terminal sends an access request, reading the encrypted terminal attribute and the identification mark;
And carrying out secondary encryption on the encrypted terminal attribute and the identification mark by a second encryption algorithm, and attaching the terminal attribute and the identification mark after secondary encryption to an access request sent by the terminal.
Further, in step S3, the step of acquiring the terminal attribute and the identification flag attached to the access request includes:
acquiring terminal attributes and identification marks which are attached to the access request and subjected to secondary encryption;
decrypting the terminal attribute and the identification mark after the secondary encryption according to a second decryption algorithm corresponding to the second encryption algorithm and a first decryption algorithm corresponding to the first encryption algorithm;
if the decryption is successful, acquiring the decrypted terminal attribute and the identification mark;
If the decryption fails, the access request is discarded.
Further, the step of confirming whether the access request is an initial request or a subsequent request includes:
Judging whether the access request contains the terminal attribute and the identification mark after the secondary encryption;
if yes, judging that the access request is a subsequent request;
if not, judging the access request as an initial request.
Further, after step S5, the method further comprises:
And correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list.
Further, in step S3, the step of determining whether the subsequent request is received for the first time includes:
Judging whether the request list is empty or not;
if yes, judging that a subsequent request is received for the first time;
if not, judging that the subsequent request is not received for the first time.
The invention also provides a device for enhancing the terminal identification, which comprises:
the receiving module is used for confirming whether the access request is an initial request or a subsequent request when the access request sent to the server is received;
The issuing module is used for acquiring a pre-stored processing module and generating an identification mark if the access request received by the receiving module is an initial request, and issuing the processing module and the identification mark to a terminal for sending the access request if the access request is the initial request;
the processing module is used for running at the terminal and comprises:
A first acquiring unit configured to acquire a terminal attribute of a terminal and store the terminal attribute separately from an identification mark on the terminal;
The detection unit is used for reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent by the terminal when the terminal sends the access request;
the first judging module is used for acquiring the terminal attribute and the identification mark attached to the access request and judging whether the subsequent request is received for the first time or not if the access request received by the receiving module is the subsequent request;
the first storage module is used for correspondingly storing the access request, the acquired terminal attribute and the identification mark on the request list if the first judgment module judges that the access request is yes;
And the comparison module is used for comparing the acquired terminal attribute and the identification mark with the terminal attribute and the identification mark of the access request in the request list if the first judgment module judges that the access request is not transmitted by the same terminal.
The invention also discloses an electronic device comprising a memory and a processor, wherein the memory stores a computer program, and the processor realizes the steps of any one of the methods when executing the computer program.
The invention also discloses a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any of the above.
Compared with the prior art, the invention has the beneficial effects that: when the terminal sends an access request to the server, two dimension terminal identifications are attached, one dimension terminal identification is an identification mark, the other dimension terminal identification is a terminal attribute of the terminal, namely, the terminal identification of the terminal is enhanced through the identification mark and the terminal attribute mark and identification, and whether the received access request and the access request in the request list are sent by the same terminal or not is judged according to the identification mark and the terminal attribute, so that various malicious access behaviors such as library collision attacks, DDOS attacks, web crawlers, wool and the like are protected from being initiated through software malicious brushing and tampering with the terminal attribute.
Drawings
FIG. 1 is a flow chart of the steps of a method of enhanced terminal identification of the present invention;
FIG. 2 is a schematic block diagram of an apparatus for enhanced terminal identification in accordance with the present invention;
FIG. 3 is a block diagram illustrating a schematic structure of an embodiment of an electronic device according to the present invention;
FIG. 4 is a schematic diagram of a computer readable storage medium according to an embodiment of the invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures. Meanwhile, in the description of the present invention, the terms "first", "second", and the like are used only to distinguish the description, and are not to be construed as indicating or implying relative importance.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the description of the present invention, it should be noted that, directions or positional relationships indicated by terms such as "upper", "lower", "inner", "outer", etc., are directions or positional relationships based on those shown in the drawings, or those that are conventionally put in use, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the apparatus or elements to be referred to must have a specific direction, be constructed and operated in a specific direction, and thus should not be construed as limiting the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating steps of a method for enhanced terminal identification according to the present invention. A method of enhanced terminal identification, comprising the steps of:
s1, when an access request sent to a server is received, confirming whether the access request is an initial request or a subsequent request;
S2, if the access request is an initial request, a pre-stored processing module is obtained, an identification mark is generated, the processing module and the identification mark are issued to a terminal sending the access request, and the processing module is used for realizing the following steps when the terminal runs:
S21, acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately;
s22, when the terminal is detected to send out an access request, reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent out by the terminal;
S3, if the access request is a subsequent request, acquiring a terminal attribute and an identification mark attached to the access request, and judging whether the subsequent request is received for the first time;
S4, if so, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list;
s5, if not, comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirming whether the access request and the access request in the request list are sent by the same terminal.
In step S1, when an access request is received and transmitted to the server, it is necessary to determine whether the received access request is an initial request transmitted to the server for the first time or a subsequent request transmitted to the server for the non-first time.
In the step S2, if the received access request is an initial request, it is indicated that the terminal that sent the access request has not accessed the server before, that is, the terminal tag of the terminal is not enhanced, so that the pre-stored processing module is obtained, the identification tag is generated, the received access request is sent to the server, and after receiving the request response returned by the server according to the access request, the processing module and the identification tag are sent to the terminal. Preferably, the processing module and the identification mark are issued to the terminal sending the access request by a data packet.
In the above steps S21 and S22, after the terminal receives the identification tag and the processing module, the processing module is loaded to enable the processing module to run on the terminal, the processing module obtains the identification tag issued to the terminal, the identification tag issued to the terminal is used as the terminal tag of the front end, and the processing module reads the terminal attribute of the terminal, and uses the obtained terminal attribute as the terminal tag of the rear end, further, the terminal attribute includes hardware information of the terminal and/or system information of the terminal, the hardware information may be an ID of hardware such as CPU, bluetooth, etc., the system information may be a version number of an operating system of the terminal, etc., and the identification tag may be a unique code. After the terminal attribute and the identification mark are acquired, the two terminal marks, namely the identification mark and the terminal attribute, are stored on the terminal separately, and can be stored in a hidden position of the terminal, such as on a certain unusual file of the terminal, or a file storage related content is generated. When it is detected that the terminal issues an access request to the server, the identification tag and the terminal attribute are attached to the access request issued by the terminal. When the terminal sends an access request to the server, the terminal is attached with two terminal marks, namely the identification mark and the terminal attribute, so that the terminal mark of the terminal is enhanced through the terminal marks of the two dimensions, namely the identification mark and the terminal attribute, and the terminal for sending the access request is identified through the terminal marks of the two dimensions, namely the identification mark and the terminal attribute, so that the terminal identification and the terminal identification are realized, and various malicious access behaviors such as library collision attacks, DDOS attacks, web crawlers, and wool-out and the like, which are initiated through malicious software refreshing and tampering of the terminal attribute, are protected. Further, the processing module may write a processing program by a corresponding code according to the type of the terminal. Or the processing program written by the corresponding code is placed in the cloud, the processing module can be a link for loading the processing program, and the terminal accesses the processing program in the cloud according to the link so that the processing program runs on the terminal.
In the step S3, if the received access request is a subsequent request, it is indicated that the terminal sending the access request is a non-first access server, that is, the access request sent to the server by the terminal is accompanied by two terminal tags, namely, an identification tag and a terminal attribute, so that the terminal tag of two dimensions, namely, the terminal attribute and the identification tag, can be obtained on the received access request. However, only when the subsequent request is received for the second time and later, the subsequent request can be compared with the previous received subsequent request, for example, the subsequent request received for the second time is compared with the subsequent request received for the first time, and whether the subsequent request received for the second time and the subsequent request received for the first time are sent by the same terminal is judged, so when the received access request is the subsequent request, whether the subsequent request is received for the first time is also needed to be judged.
In the step S4, if the received access request is a subsequent request received for the first time, the access request, and the terminal attribute and the identification tag acquired from the access request are correspondingly stored in the request list, so as to be compared with the subsequent request received for the second time and later.
Further, in step S3, the step of determining whether the subsequent request is received for the first time includes:
s35, judging whether the request list is empty;
S36, if yes, judging that a subsequent request is received for the first time;
and S37, if not, judging that the subsequent request is not received for the first time.
In the above steps S35 to S37, if the request list is empty, it is indicated that the request list does not store the access request, and it is indicated that the currently received access request is a subsequent request received for the first time; if the request list is not empty, the request list is stored with the access request, and the current received access request is not the subsequent request received for the first time.
In the step S5, the obtained terminal attribute and identification mark are compared with the terminal attribute and identification mark of the access request in the request list, and whether the access request and the access request in the request list are sent by the same terminal is confirmed, thereby realizing terminal identification and terminal identification. And then, after deleting the terminal attribute and the identification mark attached to the current access request, forwarding the access request to the server.
Further, step S5 includes:
s51, sequentially selecting a target access request from access requests in a request list;
s52, judging whether the acquired terminal attribute is the same as the terminal attribute of the target access request, and judging whether the acquired identification mark is the same as the identification mark of the target access request;
and S53, if the access request and the target access request are different, the received access request and the target access request are sent by different terminals, otherwise, the received access request and the target access request are sent by the same terminal.
In the steps S51 to S53, a target access request is sequentially selected from the access requests in the request list, and the target access request is compared with the currently received access request, specifically, whether the acquired terminal attribute is the same as the terminal attribute of the target access request is judged, whether the acquired identification mark is the same as the identification mark of the target access request is judged, if the acquired terminal attribute is different from the terminal attribute of the target access request, and the acquired identification mark is different from the identification mark of the target access request, the received access request and the target access request are sent by different terminals; if the acquired terminal attribute is the same as the terminal attribute of the target access request or the acquired identification mark is the same as the identification mark of the target access request, the received access request and the target access request are sent by the same terminal.
Further, after step S5, the method further comprises:
S6, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list.
In the above step S6, the received access request, the acquired terminal attribute and the identification flag are correspondingly stored on the request list, so as to increase the number of access requests on the request list. Of course, the general attack is to send a large number of access requests in a short time, so when the access requests, the acquired terminal attributes and the identification marks are correspondingly stored in the request list, the access time of the access requests can be acquired, the access time of the access requests is correspondingly stored in the request list, and when the difference between the access time of the access requests and the current time is greater than a preset time threshold, the corresponding access requests are deleted from the request list.
To avoid that the data of the identification mark and the terminal attribute are found and tampered by the middle person, the identification of the terminal is influenced.
Further, step S21 includes:
s211, acquiring terminal attributes of a terminal, encrypting the terminal attributes and the identification marks through a first encryption algorithm, and storing the encrypted terminal attributes and the encrypted identification marks on the terminal separately;
step S22 includes:
S221, when the terminal is detected to send out an access request, reading the encrypted terminal attribute and the identification mark;
S222, performing secondary encryption on the encrypted terminal attribute and the identification mark through a second encryption algorithm, and attaching the terminal attribute and the identification mark after secondary encryption to an access request sent by the terminal.
In the step S211, when the terminal stores the terminal attribute and the identification tag, the terminal attribute and the identification tag are encrypted by the first encryption algorithm, so that the terminal attribute and the identification tag become a code section unreadable, so as to avoid the intermediate reading the terminal attribute and the identification tag stored on the terminal, and avoid the terminal attribute and the identification tag stored on the terminal from being tampered by the intermediate.
In step S221 and step S222, in order to prevent tampering during transmission, the encrypted terminal attribute and identification tag are secondarily encrypted according to the second encryption algorithm before being attached to the access request issued by the terminal, and the secondarily encrypted terminal attribute and identification tag are attached to the access request issued by the terminal. Preferably, the first encryption algorithm and the second encryption algorithm employ asymmetric encryption algorithms.
In step S211 and step S222, the identification tag and the terminal attribute are secondarily encrypted according to the first encryption algorithm and the second encryption algorithm in sequence, so further, in step S3, the step of acquiring the terminal attribute and the identification tag attached to the access request includes:
S31, acquiring terminal attributes and identification marks attached to the access request after secondary encryption;
S32, decrypting the terminal attribute and the identification mark after secondary encryption according to a second decryption algorithm corresponding to the second encryption algorithm and a first decryption algorithm corresponding to the first encryption algorithm;
S33, if the decryption is successful, acquiring the decrypted terminal attribute and the identification mark;
S34, if decryption fails, discarding the access request.
In the above steps S31 to S34, the first decryption algorithm corresponds to the first encryption algorithm, and the second decryption algorithm corresponds to the second encryption algorithm, that is, the second encryption algorithm is capable of decrypting the terminal attribute and the identification tag secondarily encrypted by the second encryption algorithm to obtain the terminal attribute and the identification tag encrypted by the first encryption algorithm, and the first decryption algorithm is capable of decrypting the terminal attribute and the identification tag encrypted by the first encryption algorithm. Therefore, after the terminal attribute and the identification mark which are attached to the access request and are secondarily encrypted are obtained, the terminal attribute and the identification mark which are secondarily encrypted are decrypted through a second decryption algorithm and a first decryption algorithm, if the decryption is successful, the data which indicate the identification mark and the terminal attribute are not modified, the decrypted terminal attribute and the identification mark are obtained, if the decryption is failed, the data which indicate the identification mark and the terminal attribute are modified, and the received access request is discarded.
After the terminal receives the processing module, the terminal attribute and the identification mark after secondary encryption are attached to the access request sent each time. Further, in step S1, the step of confirming whether the access request is an initial request or a subsequent request includes:
s11, judging whether the access request contains the terminal attribute and the identification mark after the secondary encryption;
s12, if yes, judging that the access request is a subsequent request;
s13, if not, judging that the access request is an initial request.
In the steps S11 to S13, when the terminal first sends the access request to the server, the generated identification tag and the processing module are inserted into the request response returned by the server, so that the terminal subsequently sends the access request with the terminal attribute and the identification tag after the secondary encryption, and therefore, whether the access request sent by the terminal contains the terminal attribute and the identification tag after the secondary encryption is judged, if the access request contains the terminal attribute and the identification tag after the secondary encryption, the processing module is indicated to exist in the terminal, the access request sent by the terminal to the server is not the first time, and therefore, the access request is judged to be the subsequent request, if the access request does not contain the terminal attribute and the identification tag after the secondary encryption, the terminal does not exist in the terminal, and the terminal first sends the access request sent to the server, and therefore, the access request is judged to be the initial request.
The invention also provides a device for enhancing the terminal identification, which comprises:
a receiving module 1, configured to, when receiving an access request sent to a server, confirm whether the access request is an initial request or a subsequent request;
The issuing module 2 is configured to acquire the pre-stored processing module 3 and generate an identification tag if the access request received by the receiving module 1 is an initial request, and issue the processing module 3 and the identification tag to a terminal that sends the access request if the access request is the initial request;
a processing module 3, configured to operate at a terminal, and including a first acquisition unit and a detection unit;
the first acquisition unit is used for acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately;
The detection unit is used for reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent by the terminal when the terminal sends the access request;
the first judging module 4 is configured to obtain the terminal attribute and the identification tag attached to the access request if the access request received by the receiving module 1 is a subsequent request, and judge whether the subsequent request is received for the first time;
The first storage module 5 is configured to store the access request, the acquired terminal attribute and the identification tag in a request list correspondingly if the first judgment module 4 judges that the access request is yes;
And the comparison module 6 is configured to compare the obtained terminal attribute and identification tag with the terminal attribute and identification tag of the access request in the request list, and confirm whether the access request and the access request in the request list are sent by the same terminal if the first determination module 4 determines that the access request is not sent.
The enhanced terminal identification device is deployed at the front end of the server and is used for proxy of the access request of the terminal, and forwarding and processing the access request sent by the terminal and the request response of the server.
Specifically, when receiving an access request sent to a server, the receiving module 1 needs to determine the received access request, and confirm whether the received access request is an initial request sent to the server for the first time or a subsequent request not sent to the server for the first time.
If the receiving module 1 judges that the received access request is an initial request, it indicates that the terminal that sent the access request has not accessed the server before, that is, the terminal mark of the terminal is not enhanced, so that the issuing module 2 obtains the pre-stored processing module 3, generates the identification mark, then sends the received access request to the server, and after receiving a request response returned by the server according to the access request, the issuing module 2 issues the processing module 3 and the identification mark to the terminal. Preferably, the processing module 3 and the identification tag are issued to the terminal sending the access request by means of a data packet
After the terminal receives the identification mark and the processing module 3, the processing module 3 is loaded, so that the processing module 3 operates on the terminal, the identification mark issued to the terminal is acquired through the first acquisition unit, the identification mark issued to the terminal is taken as a terminal mark at the front end, the terminal attribute of the terminal is read through the processing module 3, the acquired terminal attribute is taken as a terminal mark at the rear end, further, the terminal attribute comprises hardware information of the terminal and/or system information of the terminal, the hardware information can be an ID (identity) of hardware such as CPU (central processing unit), bluetooth (bluetooth) and the like, the system information can be a version number and the like of an operating system of the terminal, and the identification mark can be a unique code. After the terminal attribute and the identification mark are acquired, the two terminal marks, namely the identification mark and the terminal attribute, are stored on the terminal separately, and can be stored in a hidden position of the terminal, such as on a certain unusual file of the terminal, or a file storage related content is generated. When the detection unit detects that the terminal sends an access request to the server, the identification mark and the terminal attribute are attached to the access request sent by the terminal. When the terminal sends an access request to the server, the terminal is attached with two terminal marks, namely the identification mark and the terminal attribute, so that the terminal mark of the terminal is enhanced through the terminal marks of the two dimensions, namely the identification mark and the terminal attribute, and the terminal for sending the access request is identified through the terminal marks of the two dimensions, namely the identification mark and the terminal attribute, so that the terminal identification and the terminal identification are realized, and various malicious access behaviors such as library collision attacks, DDOS attacks, web crawlers, and wool-out and the like, which are initiated through malicious software refreshing and tampering of the terminal attribute, are protected. Further, the processing module 3 may write a processing program by a corresponding code according to the type of the terminal. Or the processing program written by the corresponding code is placed in the cloud, the processing module 3 can be a link for loading the processing program, and the terminal accesses the processing program in the cloud according to the link, so that the processing program runs on the terminal.
If the receiving module 1 determines that the received access request is a subsequent request, it indicates that the terminal sending the access request is a non-first access server, that is, the access request sent by the terminal to the server is attached with two terminal marks, namely, an identification mark and a terminal attribute, so that the first determining module 4 can obtain the terminal marks with two dimensions, namely, the terminal attribute and the identification mark, on the received access request. However, only when the subsequent request is received for the second time and later, the subsequent request can be compared with the previous received subsequent request, for example, the subsequent request received for the second time is compared with the subsequent request received for the first time, and whether the subsequent request received for the second time and the subsequent request received for the first time are sent by the same terminal is judged, so when the received access request is the subsequent request, the first judgment module 4 is also required to judge whether the subsequent request is received for the first time.
If the access request received by the first judging module 4 is a subsequent request received for the first time, the first storing module 5 correspondingly stores the access request, the terminal attribute and the identification mark acquired on the access request on the request list for comparing with the subsequent request received for the second time and later.
Further, the first judging module 4 includes:
a first judging unit for judging whether the request list is empty;
the second judging unit judges that the subsequent request is received for the first time if the judgment of the first judging unit is yes;
And the second judging unit judges that the subsequent request is not received for the first time if the judgment of the first judging unit is negative.
If the first judging unit judges that the request list is empty, the request list is indicated that no access request is stored, and the second judging unit judges that the current received access request is a subsequent request received for the first time; if the first judging unit judges that the request list is not empty, the request list is stored with the access request, and the second judging unit judges that the current received access request is not the subsequent request received for the first time.
The comparison module 6 compares the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirms whether the access request and the access request in the request list are sent by the same terminal, thereby realizing terminal identification and terminal identification. And then, after deleting the terminal attribute and the identification mark attached to the current access request, forwarding the access request to the server.
Further, the comparison module 6 includes:
A selecting unit for sequentially selecting a target access request from the access requests in the request list;
a fourth judging unit for judging whether the acquired terminal attribute is the same as the terminal attribute of the target access request, and judging whether the acquired identification mark is the same as the identification mark of the target access request;
And the confirmation unit is used for sending the received access request and the target access request to different terminals if the judgment of the fourth judgment unit is different, otherwise, sending the received access request and the target access request to the same terminal.
The selecting unit sequentially selects one target access request from the access requests in the request list, compares the target access request with the currently received access request, specifically, the fourth judging unit judges whether the acquired terminal attribute is the same as the terminal attribute of the target access request, judges whether the acquired identification mark is the same as the identification mark of the target access request, and confirms that the received access request and the target access request are sent by different terminals if the acquired terminal attribute is different from the terminal attribute of the target access request and the acquired identification mark is different from the identification mark of the target access request; if the acquired terminal attribute is the same as the terminal attribute of the target access request, or if the acquired identification mark is the same as the identification mark of the target access request, the confirmation unit confirms that the received access request and the target access request are sent by the same terminal.
Further, the device for enhancing the terminal identification of the invention further comprises:
And the second storage module is used for correspondingly storing the access request, the acquired terminal attribute and the identification mark on the request list.
The second storage module correspondingly stores the received access requests, the acquired terminal attributes and the identification marks on the request list, so that the number of the access requests on the request list is increased. Of course, the general attack is to send a large number of access requests in a short time, so when the access requests, the acquired terminal attributes and the identification marks are correspondingly stored in the request list, the access time of the access requests can be acquired, the access time of the access requests is correspondingly stored in the request list, and when the difference between the access time of the access requests and the current time is greater than a preset time threshold, the corresponding access requests are deleted from the request list.
To avoid that the data of the identification mark and the terminal attribute are found and tampered by the middle person, the identification of the terminal is influenced.
Further, the first acquisition unit includes:
The first encryption subunit is used for acquiring the terminal attribute of the terminal, encrypting the terminal attribute and the identification mark through a first encryption algorithm, and storing the encrypted terminal attribute and the encrypted identification mark on the terminal separately;
The detection unit includes:
The reading subunit is used for reading the encrypted terminal attribute and the identification mark when the terminal is detected to send an access request;
And the second encryption subunit is used for carrying out secondary encryption on the encrypted terminal attribute and the identification mark through a second encryption algorithm, and attaching the terminal attribute and the identification mark after secondary encryption to an access request sent by the terminal.
When the terminal stores the terminal attribute and the identification mark, the first encryption subunit encrypts the terminal attribute and the identification mark through a first encryption algorithm, so that the terminal attribute and the identification mark become an unreadable code, and an intermediate is prevented from reading the terminal attribute and the identification mark stored on the terminal, and the terminal attribute and the identification mark stored on the terminal are prevented from being tampered by the intermediate.
In addition, in order to prevent tampering in the process of sending, before attaching the encrypted terminal attribute and the identification mark to the access request sent by the terminal, the reading subunit reads the encrypted terminal attribute and the identification mark, the second encryption subunit performs secondary encryption on the encrypted terminal attribute and the identification mark according to a second encryption algorithm, and attaches the secondary encrypted terminal attribute and the identification mark to the access request sent by the terminal. Preferably, the first encryption algorithm and the second encryption algorithm employ asymmetric encryption algorithms.
The first encryption subunit and the second encryption subunit sequentially perform secondary encryption on the identification mark and the terminal attribute according to the first encryption algorithm and the second encryption algorithm, so further, the first judging module 4 includes:
a second obtaining unit, configured to obtain the terminal attribute and the identification mark attached to the access request after the secondary encryption;
The decryption unit is used for decrypting the terminal attribute and the identification mark after the secondary encryption according to a second decryption algorithm corresponding to the second encryption algorithm and a first decryption algorithm corresponding to the first encryption algorithm;
The third acquisition unit acquires the decrypted terminal attribute and the identification mark if the decryption unit is successful in decryption;
and the discarding unit is used for discarding the access request if the decryption unit fails to decrypt.
The first decryption algorithm corresponds to the first encryption algorithm, and the second decryption algorithm corresponds to the second encryption algorithm, i.e. the second encryption algorithm is capable of decrypting the terminal attribute and the identification tag secondarily encrypted by the second encryption algorithm to obtain the terminal attribute and the identification tag encrypted by the first encryption algorithm, and the first decryption algorithm is capable of decrypting the terminal attribute and the identification tag encrypted by the first encryption algorithm. Therefore, after the second obtaining unit obtains the terminal attribute and the identification tag after the secondary encryption attached to the access request, the decrypting unit decrypts the terminal attribute and the identification tag after the secondary encryption through the second decrypting algorithm and the first decrypting algorithm, if the decryption is successful, the data indicating the identification tag and the terminal attribute is not modified, the third obtaining unit obtains the terminal attribute and the identification tag after the decryption, if the decryption is failed, the data indicating the identification tag and the terminal attribute is modified, and the discarding unit discards the received access request.
Since the terminal receives the processing module 3, the terminal attribute and the identification mark after the secondary encryption are attached to the access request sent each time. Further, the receiving module 1 includes:
a fifth judging unit for judging whether the access request contains the terminal attribute and the identification mark after the secondary encryption;
a sixth judging unit that judges the access request as a subsequent request if the fifth judging unit judges yes;
and a seventh judging unit for judging that the access request is an initial request if the fifth judging unit judges that the access request is not the initial request.
When the terminal sends the access request to the server for the first time, the device inserts the generated identification mark and the processing module 3 into the request response returned by the server, so that the access request sent by the terminal subsequently is attached with the terminal attribute and the identification mark after the secondary encryption, the fifth judging unit judges whether the access request sent by the terminal contains the terminal attribute and the identification mark after the secondary encryption, if the access request contains the terminal attribute and the identification mark after the secondary encryption, the processing module 3 is indicated to exist in the terminal, the access request sent by the terminal to the server is not the first time, the sixth judging unit judges that the access request is the subsequent request, if the access request does not contain the terminal attribute and the identification mark after the secondary encryption, the processing module 3 is indicated to not exist in the terminal, and the terminal sends the access request sent to the server for the first time, so that the seventh judging unit judges that the access request is the initial request.
Referring to fig. 3 in combination, fig. 3 is a schematic block diagram illustrating an embodiment of an electronic device according to the present invention. An embodiment of the present invention further proposes an electronic device 1001, including a memory 1003 and a processor 1002, where the memory 1003 stores a computer program 1004, and the processor 1002 executes the computer program 1004 to implement the steps of the method for enhancing terminal identification according to any one of the above steps, including: s1, when an access request sent to a server is received, confirming whether the access request is an initial request or a subsequent request; s2, if the access request is an initial request, acquiring a pre-stored processing module 3, generating an identification mark, and transmitting the processing module 3 and the identification mark to a terminal sending the access request, wherein the processing module 3 is used for realizing the following steps when the terminal runs: s21, acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately; s22, when the terminal is detected to send out an access request, reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent out by the terminal; s3, if the access request is a subsequent request, acquiring a terminal attribute and an identification mark attached to the access request, and judging whether the subsequent request is received for the first time; s4, if so, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list; s5, if not, comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirming whether the access request and the access request in the request list are sent by the same terminal.
Referring to fig. 4 in combination, fig. 4 is a schematic block diagram illustrating the structure of an embodiment of a computer readable storage medium according to the present invention. An embodiment of the present invention further provides a computer readable storage medium 2001 having stored thereon a computer program 1004, the computer program 1004, when executed by the processor 1002, implementing the steps of the method for any of the enhanced terminal identifications described above, comprising: s1, when an access request sent to a server is received, confirming whether the access request is an initial request or a subsequent request; s2, if the access request is an initial request, a pre-stored processing module is obtained, an identification mark is generated, the processing module and the identification mark are issued to a terminal sending the access request, and the processing module is used for realizing the following steps when the terminal runs: s21, acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately; s22, when the terminal is detected to send out an access request, reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent out by the terminal; s3, if the access request is a subsequent request, acquiring a terminal attribute and an identification mark attached to the access request, and judging whether the subsequent request is received for the first time; s4, if so, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list; s5, if not, comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirming whether the access request and the access request in the request list are sent by the same terminal.
Compared with the prior art, the invention has the beneficial effects that: when the terminal sends an access request to the server, two dimension terminal identifications are attached, one dimension terminal identification is an identification mark, the other dimension terminal identification is a terminal attribute of the terminal, namely, the terminal identification of the terminal is enhanced through the identification mark and the terminal attribute mark and identification, and whether the received access request and the access request in the request list are sent by the same terminal or not is judged according to the identification mark and the terminal attribute, so that various malicious access behaviors such as library collision attacks, DDOS attacks, web crawlers, wool and the like are protected from being initiated through software malicious brushing and tampering with the terminal attribute.
Those skilled in the art will appreciate that implementing all or part of the above described methods may be accomplished by way of a computer program stored on a non-transitory computer readable storage medium, which when executed may comprise the steps of the embodiments of the methods described above. Any reference to storage, database, or other medium provided by the present application and used in the embodiments herein may include non-volatile and/or volatile storage. The non-volatile memory may include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile storage can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual speed data rate SDRAM (SSRSDRAM), enhanced SDRAM (ESDRAM), synchronous link (SYNCHLINK) DRAM (SLDRAM), memory bus (rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), among others.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, apparatus, article, or method that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, apparatus, article, or method. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, apparatus, article, or method that comprises the element.
The present invention is not limited to the above-described embodiments, but, if various modifications or variations of the present invention are not departing from the spirit and scope of the present invention, the present invention is intended to include such modifications and variations as fall within the scope of the claims and the equivalents thereof.

Claims (10)

1.A method of enhanced terminal identification, comprising the steps of:
s1, when an access request sent to a server is received, confirming whether the access request is an initial request or a subsequent request;
S2, if the access request is an initial request, a pre-stored processing module is obtained, an identification mark is generated, the processing module and the identification mark are issued to a terminal sending the access request, and the processing module is used for realizing the following steps when the terminal runs:
s21, acquiring terminal attributes of the terminal and storing the terminal attributes and the identification marks on the terminal separately;
s22, when the terminal is detected to send out an access request, reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent by the terminal;
S3, if the access request is a subsequent request, acquiring a terminal attribute and an identification mark attached to the access request, and judging whether the subsequent request is received for the first time;
s4, if so, correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list;
S5, if not, comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list, and confirming whether the access request and the access request in the request list are sent by the same terminal.
2. The method of enhanced terminal identification according to claim 1, wherein said step S5 comprises:
Sequentially selecting a target access request from the access requests in the request list;
Judging whether the acquired terminal attribute is the same as the terminal attribute of the target access request or not, and judging whether the acquired identification mark is the same as the identification mark of the target access request or not;
if the access request and the target access request are different, the received access request and the target access request are sent by different terminals, otherwise, the received access request and the target access request are sent by the same terminal.
3. The method of enhanced terminal identification according to claim 1, wherein said step S21 comprises:
Acquiring terminal attributes of the terminal, encrypting the terminal attributes and the identification marks through a first encryption algorithm, and storing the encrypted terminal attributes and the encrypted identification marks on the terminal separately;
The step S22 includes:
When the terminal is detected to send an access request, reading the encrypted terminal attribute and the encrypted identification mark;
And carrying out secondary encryption on the encrypted terminal attribute and the encrypted identification mark through a second encryption algorithm, and attaching the terminal attribute and the encrypted identification mark to an access request sent by the terminal.
4. A method of enhanced terminal identification according to claim 3, characterized in that in step S3 the step of obtaining terminal attributes and identification tags attached to the access request comprises:
Acquiring the terminal attribute and the identification mark which are attached to the access request after the secondary encryption;
decrypting the terminal attribute and the identification mark after secondary encryption according to a second decryption algorithm corresponding to the second encryption algorithm and a first decryption algorithm corresponding to the first encryption algorithm;
If the decryption is successful, acquiring the decrypted terminal attribute and the decrypted identification mark;
and if the decryption fails, discarding the access request.
5. A method of enhanced terminal identification according to claim 3, wherein said step of confirming whether said access request is an initial request or a subsequent request comprises:
Judging whether the access request contains terminal attributes and identification marks after secondary encryption;
If yes, judging the access request as a subsequent request;
if not, judging the access request as an initial request.
6. The method of enhanced terminal identification according to claim 1, characterized in that after step S5, the method further comprises:
and correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list.
7. The method of enhanced terminal identification according to claim 1, wherein in step S3, the step of determining whether a subsequent request is received for the first time comprises:
Judging whether the request list is empty or not;
if yes, judging that a subsequent request is received for the first time;
if not, judging that the subsequent request is not received for the first time.
8. An apparatus for enhanced terminal identification, comprising:
The receiving module is used for confirming whether the access request is an initial request or a subsequent request when the access request sent to the server is received;
the issuing module is used for acquiring a pre-stored processing module and generating an identification mark if the access request received by the receiving module is an initial request, and issuing the processing module and the identification mark to a terminal for sending the access request if the access request is the initial request;
the processing module is used for running at the terminal and comprises:
A first obtaining unit, configured to obtain a terminal attribute of the terminal and store the terminal attribute and the identification mark separately on the terminal;
The detection unit is used for reading the terminal attribute and the identification mark and attaching the read terminal attribute and identification mark to the access request sent by the terminal when the terminal sends the access request;
The first judging module is used for acquiring the terminal attribute and the identification mark attached to the access request and judging whether the subsequent request is received for the first time or not if the access request received by the receiving module is the subsequent request;
The first storage module is used for correspondingly storing the access request, the acquired terminal attribute and the identification mark on a request list if the first judgment module judges that the access request is yes;
and the comparison module is used for comparing the acquired terminal attribute and identification mark with the terminal attribute and identification mark of the access request in the request list if the first judgment module judges that the access request is not transmitted by the same terminal.
9. An electronic device comprising a memory and a processor, the memory storing a computer program, characterized in that the processor implements the steps of the method of any of claims 1-7 when executing the computer program.
10. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the steps of the method according to any of claims 1-7.
CN202210534628.4A 2022-05-17 2022-05-17 Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium Active CN115102712B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210534628.4A CN115102712B (en) 2022-05-17 2022-05-17 Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210534628.4A CN115102712B (en) 2022-05-17 2022-05-17 Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115102712A CN115102712A (en) 2022-09-23
CN115102712B true CN115102712B (en) 2024-04-16

Family

ID=83289017

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210534628.4A Active CN115102712B (en) 2022-05-17 2022-05-17 Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115102712B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002300655A (en) * 2001-03-30 2002-10-11 Sumitomo Heavy Ind Ltd System and method for authentication, network system, recording medium, computer program
WO2014000574A1 (en) * 2012-06-29 2014-01-03 北京奇虎科技有限公司 Network access method and server based on cache
KR101531662B1 (en) * 2013-12-31 2015-06-25 고려대학교 산학협력단 Method and system for mutual authentication between client and server
WO2016045359A1 (en) * 2014-09-26 2016-03-31 中兴通讯股份有限公司 Authentication method, wireless router and computer storage medium
CN107277025A (en) * 2017-06-28 2017-10-20 维沃移动通信有限公司 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium
CN107592288A (en) * 2016-07-08 2018-01-16 中国电信股份有限公司 For the method for multiple terminals quick registration website, intelligent gateway and system
CN108259619A (en) * 2018-01-30 2018-07-06 成都东软学院 Network request means of defence and network communicating system
CN108429785A (en) * 2018-01-17 2018-08-21 广东智媒云图科技股份有限公司 A kind of generation method, reptile recognition methods and the device of reptile identification encryption string
CN108521408A (en) * 2018-03-22 2018-09-11 平安科技(深圳)有限公司 Resist method of network attack, device, computer equipment and storage medium
CN110324416A (en) * 2019-06-28 2019-10-11 百度在线网络技术(北京)有限公司 Download path tracking, device, server, terminal and medium
CN110650142A (en) * 2019-09-25 2020-01-03 腾讯科技(深圳)有限公司 Access request processing method, device, system, storage medium and computer equipment
CN111026950A (en) * 2019-11-19 2020-04-17 微民保险代理有限公司 Page access method and device, server and page access system
KR102346761B1 (en) * 2021-06-07 2022-01-03 주식회사 씨엘클라우드 Method, device and system for authenticating of user in a cloud environment
CN114285893A (en) * 2021-12-22 2022-04-05 中国工商银行股份有限公司 Access request processing method, system, device, storage medium and electronic equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10785213B2 (en) * 2018-03-27 2020-09-22 Ca Technologies, Inc. Continuous authentication
CN111885047A (en) * 2020-07-21 2020-11-03 黑芝麻智能科技(重庆)有限公司 Method for terminal to acquire data, method for terminal to access data and terminal

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002300655A (en) * 2001-03-30 2002-10-11 Sumitomo Heavy Ind Ltd System and method for authentication, network system, recording medium, computer program
WO2014000574A1 (en) * 2012-06-29 2014-01-03 北京奇虎科技有限公司 Network access method and server based on cache
KR101531662B1 (en) * 2013-12-31 2015-06-25 고려대학교 산학협력단 Method and system for mutual authentication between client and server
WO2016045359A1 (en) * 2014-09-26 2016-03-31 中兴通讯股份有限公司 Authentication method, wireless router and computer storage medium
CN107592288A (en) * 2016-07-08 2018-01-16 中国电信股份有限公司 For the method for multiple terminals quick registration website, intelligent gateway and system
CN107277025A (en) * 2017-06-28 2017-10-20 维沃移动通信有限公司 A kind of Secure Network Assecc method, mobile terminal and computer-readable recording medium
CN108429785A (en) * 2018-01-17 2018-08-21 广东智媒云图科技股份有限公司 A kind of generation method, reptile recognition methods and the device of reptile identification encryption string
CN108259619A (en) * 2018-01-30 2018-07-06 成都东软学院 Network request means of defence and network communicating system
CN108521408A (en) * 2018-03-22 2018-09-11 平安科技(深圳)有限公司 Resist method of network attack, device, computer equipment and storage medium
CN110324416A (en) * 2019-06-28 2019-10-11 百度在线网络技术(北京)有限公司 Download path tracking, device, server, terminal and medium
CN110650142A (en) * 2019-09-25 2020-01-03 腾讯科技(深圳)有限公司 Access request processing method, device, system, storage medium and computer equipment
CN111026950A (en) * 2019-11-19 2020-04-17 微民保险代理有限公司 Page access method and device, server and page access system
KR102346761B1 (en) * 2021-06-07 2022-01-03 주식회사 씨엘클라우드 Method, device and system for authenticating of user in a cloud environment
CN114285893A (en) * 2021-12-22 2022-04-05 中国工商银行股份有限公司 Access request processing method, system, device, storage medium and electronic equipment

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
Bo Li ; Ruifeng Zhao ; Shiming Li ; Wenjie Zheng ; Haobin Li.Identification of Key Communication Nodes of Low-Voltage Platform Topology for Terminal Service Fusion.2021 6th Asia Conference on Power and Electrical Engineering (ACPEE).2021,1684-1688. *
Jian Xiao ; Zhi Yang ; Xiaochuan Hu ; Yunhao Liu ; Dong Li.TrustZone-based Mobile Terminal Security System.2018 Chinese Automation Congress (CAC).2019,3981-3985. *
基于多属性的移动终端安全接入网络认证协议;滕震方;;计算机应用与软件(08);44-46 *
实时数据库安全访问的研究;李良才;硕士电子期刊(第07期);第二-三章 *
强制访问控制技术在数据库安全访问中的应用;戚建淮;宋晶;郑伟范;;通信技术(03);188-191 *
物联网终端可信认证与自动接入技术研究与实现;鲁阳;硕士电子期刊;20200215;第三-五章 *

Also Published As

Publication number Publication date
CN115102712A (en) 2022-09-23

Similar Documents

Publication Publication Date Title
CN107749848B (en) Internet of things data processing method and device and Internet of things system
CN102831529B (en) A kind of commodity information identification method based on radio frequency and system
US9686344B2 (en) Method for implementing cross-domain jump, browser, and domain name server
CN106790156B (en) Intelligent device binding method and device
CN103279693B (en) A kind of file encrypting method
CN109509108B (en) Insurance policy processing method and device based on block chain technology and computer equipment
US20070194879A1 (en) Method and device for detecting an invalid RFID tag and method for manufacturing an RFID tag
CN110717698B (en) Goods position tracking method, goods position tracking device, logistics management system and storage medium
US20110099607A1 (en) Method of authenticating and branding emails and other messages using information available in a message list
CN107733853B (en) Page access method, device, computer and medium
CN113472716B (en) System access method, gateway device, server, electronic device and storage medium
JP2019510314A (en) Message counterfeit prevention implementation method and device
US7234060B1 (en) Generation and use of digital signatures
CN110008719B (en) File processing method and device, and file detection method and device
EP2913973A1 (en) Trusted NFC smart poster tag
CN110826091B (en) File signature method and device, electronic equipment and readable storage medium
CN111598681A (en) Credit evaluation method, credit evaluation system and readable storage medium
US20180205714A1 (en) System and Method for Authenticating Electronic Tags
CN110597820B (en) Information processing method, device, storage medium and equipment based on block chain
US20060200667A1 (en) Method and system for consistent recognition of ongoing digital relationships
CN115102712B (en) Enhanced terminal identification method, enhanced terminal identification device, electronic equipment and storage medium
CN110533128B (en) Encryption-based anti-counterfeiting traceability data processing method, device, system and medium
CN109547463B (en) Method and device for obtaining secret key, computer equipment and storage medium
CN115643017B (en) Software identification validity checking method based on hybrid coding model
EP2345975A1 (en) Content delivery verification system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant