CN115473683A - Interactive web verification optimization method and system - Google Patents
Interactive web verification optimization method and system Download PDFInfo
- Publication number
- CN115473683A CN115473683A CN202210958885.0A CN202210958885A CN115473683A CN 115473683 A CN115473683 A CN 115473683A CN 202210958885 A CN202210958885 A CN 202210958885A CN 115473683 A CN115473683 A CN 115473683A
- Authority
- CN
- China
- Prior art keywords
- optimization
- client
- verification
- token
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000005457 optimization Methods 0.000 title claims abstract description 122
- 238000012795 verification Methods 0.000 title claims abstract description 62
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000002452 interceptive effect Effects 0.000 title claims abstract description 21
- 235000014510 cooky Nutrition 0.000 claims description 22
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000007547 defect Effects 0.000 abstract description 3
- 238000012790 confirmation Methods 0.000 abstract description 2
- 239000000243 solution Substances 0.000 description 6
- 238000012360 testing method Methods 0.000 description 6
- 238000001914 filtration Methods 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 230000007812 deficiency Effects 0.000 description 3
- 238000010200 validation analysis Methods 0.000 description 3
- 238000013475 authorization Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000002347 injection Methods 0.000 description 2
- 239000007924 injection Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention belongs to the technical field of networks, and particularly relates to an interactive web authentication optimization method and system. The method comprises the following steps: establishing a link between the two verification parties to acquire verification optimization permission; and establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission. The link between the two verification parties is established to obtain verification optimization permission, so that the confirmation requirements of the two verification parties can be met, and the privacy protection degree and the security are improved; and establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a safety optimization mechanism according to the verification optimization permission, so that the optimization requirements of different defects can be met.
Description
Technical Field
The invention belongs to the technical field of networks, and particularly relates to an interactive web authentication optimization method and system.
Background
With the continuous development of internet technology, the WEB services of enterprises are more and more, and meanwhile, the security problems are more and more. In order to ensure the security of the WEB service and prevent malicious attacks of hackers, most WEB services adopt a security verification technology.
Currently, the WEB mainly has the following verification modes: the HTTP Basic Auth is a user name password authentication mode, is the simplest and lowest-security mode, and is most easy to expose a user name password to a third-party client; OAuth (open authorization), i.e. open authorization mode; the Cookie Auth mode, namely authentication is carried out through session and Cookie; token Auth means, i.e. authentication by Token. In the above verification methods, the Token authentication method can solve most network security problems, but has some defects such as theft prevention, verification and efficiency.
Disclosure of Invention
In order to solve or improve the above problems, the present invention provides an interactive web authentication optimization method and system, and the specific technical solution is as follows:
the invention provides an interactive web authentication optimization method, which comprises the following steps: establishing a link between the two verification parties to acquire verification optimization permission; and establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission.
Preferably, the token theft optimization mechanism includes: adding a client ID and an IP address in the token; adding the encrypted client ID and the encrypted IP address in a form submitted by a client; after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent, the request is intercepted.
Preferably, the verification efficiency optimization mechanism includes: authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ criteria method.
Preferably, the security optimization mechanism includes: HTTPS is adopted, and SSL encryption transmission is carried out to ensure the security of the channel; based on a preset code base, removing code causing the browser to execute unexpectedly; HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
Preferably, the preset code base comprises js-XSS, XSS HTMLFilter and TWIG.
The invention provides an interactive web verification optimization system, which comprises: the first unit is used for establishing a link between two verification parties to acquire verification optimization permission; and the second unit is used for establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission.
Preferably, the token theft optimization mechanism includes: adding a client ID and an IP address in the token; adding the encrypted client ID and the encrypted IP address in a form submitted by a client; after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
Preferably, the verification efficiency optimization mechanism includes: authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ creatives method.
Preferably, the security optimization mechanism includes: HTTPS is adopted, and SSL encryption transmission is adopted to ensure the safety of the channel; based on a preset code base, removing code causing the browser to execute unexpectedly; HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
Preferably, the preset code base comprises js-XSS, XSS HTMLFilter and TWIG.
The beneficial effects of the invention are as follows: the link between the two verification parties is established to obtain verification optimization permission, so that the confirmation requirements of the two verification parties can be met, and the privacy protection degree and the security are improved; and establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a safety optimization mechanism according to the verification optimization permission, so that the optimization requirements of different defects can be met.
Drawings
FIG. 1 is a schematic diagram of an interactive web authentication optimization method according to the present invention;
FIG. 2 is a schematic diagram of an interactive web authentication optimization system according to the present invention.
The reference numerals include:
1-first unit, 2-second unit.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be further understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.
In order to solve or improve the problems mentioned in the background, an interactive web authentication optimization method is proposed as shown in fig. 1, including: s1, establishing a link between two verification parties to obtain verification optimization permission; s2, according to the verification optimization permission, establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism.
The two verification parties comprise a client and a server, and because the verification process is replaced or optimized, the approval of the two verification parties needs to be obtained, so that the verification optimization permission needs to be obtained by establishing a link between the two verification parties. The content of the verification optimization permission comprises establishment of a token stealing optimization mechanism, establishment of a verification efficiency optimization mechanism and establishment of a security optimization mechanism, and aims to realize optimization of token stealing flow, optimization of verification efficiency and optimization of security measures.
Under normal conditions, the token verification process:
the method includes the steps that when a client requests for the first time, user information is sent to a server (a user name and a password), the server signs the user information through an HS256 algorithm and a key, and then the signature and data are used as Token to be returned to the client together;
secondly, the server does not store the Token, and the client stores the Token (such as in a Cookie or a Local Storage);
thirdly, when the client sends the request again, the Token is sent to the server together in the request information;
and the fourth server signs the data again by using the same HS256 algorithm and the same key, compares the signed data with the signature of the Token returned by the client, and returns the requested data to the client if the verification is successful.
Deficiencies of token validation include:
1) Failure to revoke issued tokens
All authentication information is in the token, and since there is no state in the server, there is no way to invalidate a token even if it is known that it was stolen. There is no way to invalidate a token before it expires.
2) Performance problems
To ensure security of the WEB, the token uses an encrypted signature, and due to this feature, the recipient can verify whether the token is valid and trusted. However, in most Web authentication applications, the token is stored in the Cookie, which means that there are two levels of signatures. For this reason, it takes twice as much CPU overhead to verify the signature. This is not ideal for Web applications with stringent performance requirements, especially for single threaded environments.
3) CSRF and XSS attacks cannot be completely avoided.
In order to solve the above-mentioned token verification deficiency, a token theft optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism are provided.
And the token stealing optimization mechanism is used for solving the problem that the token is stolen.
Since the token cannot be revoked before it expires, there is a risk of theft. The solution can be achieved in the following way:
step 1: adding a client ID and an IP address in the token;
step 2: adding the encrypted client ID and the encrypted IP address in a form submitted by a client;
and step 3: after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
And verifying an efficiency optimization mechanism for solving the performance problem.
Python language based optimization. In order to verify the real performance, all intermediate processing links are removed firstly, and all requests are returned directly after coming, so that the pressure test can obtain the ultimate Web performance under the framework, which is tentatively the performance A. And adding all intermediate processing logic codes, and performing a pressure test, so that the Web performance under the real condition can be obtained and is temporarily set as the performance B. Through testing, the performance A and the performance B are not greatly different.
For the performance A, after the Django REST frame authentication is added, the speed of the performance A is obviously reduced by a lot compared with the performance B, and the bottleneck of the performance can be found in the Django REST frame authentication. An optimization operation for this authentication method is required.
And (3) code optimization:
authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ criteria method. When WEB requests authentication, the rewritten authentication class is appointed, and the effect of performance optimization can be achieved.
And the safety optimization mechanism is used for solving the safety problem.
Ensuring the security of the authentication process:
how to guarantee the security of the user name/password authentication process; because the user is required to input the user name and password in the authentication process, sensitive information such as the user name and password needs to be transmitted in the network in the authentication process. Therefore, HTTPS is proposed in this process, and transmission is encrypted by SSL to ensure security of the channel.
How to protect against XSS anchors:
XSS attack code filtering is carried out, any code which can cause the browser to carry out unexpected execution is removed, and the XSS attack code filtering can be realized by adopting some libraries (such as js-XSS under js, XSS HTMLFilter under JAVA, TWIG under PHP); if the character strings submitted by the user are stored in the database (aiming at SQL injection attack), the filtering needs to be respectively carried out at the front end and the server end.
HTTP-Only Cookies are used:
by setting the parameters of the Cookie: httpOnly; secure prevents access to cookies through JavaScript.
The token theft optimization mechanism comprises: adding a client ID and an IP address in the token; adding the encrypted client ID and the encrypted IP address in a form submitted by a client; after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
The verification efficiency optimization mechanism comprises: authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ creatives method.
The security optimization mechanism comprises: HTTPS is adopted, and SSL encryption transmission is adopted to ensure the safety of the channel; based on a preset code library, removing codes causing the browser to execute unexpectedly; HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
The preset code base comprises js-XSS, XSS HTMLFilter and TWIG.
The invention provides an interactive web verification optimization system, which comprises: a first unit 1, configured to establish a link between two verification parties to obtain a verification optimization permission; and the second unit 2 is used for establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission.
To address the above-described token validation deficiencies, the system is configured to implement a token theft optimization mechanism, a validation efficiency optimization mechanism, and a security optimization mechanism.
the token stealing optimization mechanism is used for solving the problem that the token is stolen.
Since the token cannot be revoked before it expires, there is a risk of theft. The solution can be made in the following way:
step 1: adding a client ID and an IP address in the token;
and 2, step: adding the encrypted client ID and the encrypted IP address in a form submitted by a client;
and step 3: after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent, the request is intercepted.
And verifying an efficiency optimization mechanism for solving the performance problem.
Python language based optimization. In order to verify the real performance, all intermediate processing links are removed firstly, and all requests are returned directly after coming, so that the pressure test can obtain the limit Web performance under the framework, and the limit Web performance is tentatively set as the performance A. And adding all intermediate processing logic codes, and performing a pressure test, so that the Web performance under the real condition can be obtained and is temporarily set as the performance B. Through testing, the performance A and the performance B are not greatly different.
For the performance A, after the Django REST frame authentication is added, the speed of the performance A is obviously reduced by a lot compared with the performance B, and the bottleneck of the performance can be found in the Django REST frame authentication. An optimization operation for this authentication method is required.
And (3) code optimization:
authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ criteria method. When WEB requests authentication, the rewritten authentication class is appointed, and the effect of performance optimization can be achieved.
And the safety optimization mechanism is used for solving the safety problem.
Ensuring the security of the authentication process:
how to guarantee the security of the user name/password authentication process; because the user is required to input the user name and password in the authentication process, sensitive information such as the user name and password needs to be transmitted in the network in the authentication process. Therefore, HTTPS is proposed in this process, and transmission is encrypted by SSL to ensure security of the channel.
How to protect XSS anchors:
XSS attack code filtering, which removes any code causing the browser to execute unexpectedly, can be realized by adopting some libraries (such as js-XSS under js, XSS HTMLFilter under JAVA, TWIG under PHP); if the character strings submitted by the user are stored in the database (aiming at SQL injection attack), the filtering needs to be respectively carried out at the front end and the server end.
HTTP-Only Cookies are used:
by setting the parameters of the Cookie: httpOnly; secure prevents access to cookies through JavaScript.
The token theft optimization mechanism comprises: adding a client ID and an IP address in the token; adding the encrypted client ID and the encrypted IP address in a form submitted by a client; after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
The verification efficiency optimization mechanism comprises: authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ criteria method.
The security optimization mechanism comprises: HTTPS is adopted, and SSL encryption transmission is carried out to ensure the security of the channel; based on a preset code base, removing code causing the browser to execute unexpectedly; HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
The preset code base comprises js-XSS, XSS HTMLFilter and TWIG.
In the embodiments provided in the present application, it should be understood that the division of a unit is only one logical function division, and in actual implementation, there may be another division manner, for example, multiple units may be combined into one unit, one unit may be split into multiple units, or some features may be omitted.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being covered by the appended claims and their equivalents.
Claims (10)
1. An interactive web authentication optimization method, comprising:
establishing a link between the two verification parties to acquire verification optimization permission;
and establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission.
2. The interactive web authentication optimization method of claim 1, wherein the token theft optimization mechanism comprises:
adding a client ID and an IP address in the token;
adding the encrypted client ID and the encrypted IP address in a form submitted by a client;
after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
3. The interactive web authentication optimization method of claim 1, wherein the authentication efficiency optimization mechanism comprises:
authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ criteria method.
4. The interactive web authentication optimization method of claim 1, wherein the security optimization mechanism comprises:
HTTPS is adopted, and SSL encryption transmission is adopted to ensure the safety of the channel;
based on a preset code library, removing codes causing the browser to execute unexpectedly;
HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
5. The interactive web authentication optimization method of claim 4, wherein the predetermined code library comprises js-XSS, XSS HTMLFilter and TWIG.
6. An interactive web authentication optimization system, comprising:
the first unit is used for establishing a link between two verification parties to acquire verification optimization permission;
and the second unit is used for establishing a token stealing optimization mechanism, a verification efficiency optimization mechanism and a security optimization mechanism according to the verification optimization permission.
7. The interactive web authentication optimization system of claim 6, wherein the token theft optimization mechanism comprises:
adding a client ID and an IP address in the token;
adding the encrypted client ID and the encrypted IP address in a form submitted by a client;
after the server receives the request, the IP address is compared by comparing the client ID with the client ID in the token, and if the client ID is inconsistent with the client ID in the token, the request is intercepted.
8. The interactive web authentication optimization system of claim 6, wherein the authentication efficiency optimization mechanism comprises:
authentication optimization is performed by inheriting the TokenAuthentication class and reloading the authentication _ creatives method.
9. The interactive web authentication optimization system of claim 6, wherein the security optimization mechanism comprises:
HTTPS is adopted, and SSL encryption transmission is adopted to ensure the safety of the channel;
based on a preset code base, removing code causing the browser to execute unexpectedly;
HTTP-Only Cookies are set to prevent access to Cookies by JavaScript.
10. The interactive web authentication optimization system of claim 9, wherein the predefined code library comprises js-XSS, XSS html filter, and TWIG.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210958885.0A CN115473683A (en) | 2022-08-10 | 2022-08-10 | Interactive web verification optimization method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210958885.0A CN115473683A (en) | 2022-08-10 | 2022-08-10 | Interactive web verification optimization method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115473683A true CN115473683A (en) | 2022-12-13 |
Family
ID=84366660
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210958885.0A Pending CN115473683A (en) | 2022-08-10 | 2022-08-10 | Interactive web verification optimization method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115473683A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004355130A (en) * | 2003-05-27 | 2004-12-16 | Matsushita Electric Ind Co Ltd | Design method and apparatus of integrated circuit device |
CN1855870A (en) * | 2005-04-18 | 2006-11-01 | 阿尔卡特公司 | Digital rights management for media streaming systems |
US20110239288A1 (en) * | 2010-03-24 | 2011-09-29 | Microsoft Corporation | Executable code validation in a web browser |
CN108664795A (en) * | 2017-03-27 | 2018-10-16 | 曲立东 | Data safety optimization application system based on OTO platforms and method |
CN110087239A (en) * | 2019-05-20 | 2019-08-02 | 北京航空航天大学 | Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network |
-
2022
- 2022-08-10 CN CN202210958885.0A patent/CN115473683A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2004355130A (en) * | 2003-05-27 | 2004-12-16 | Matsushita Electric Ind Co Ltd | Design method and apparatus of integrated circuit device |
CN1855870A (en) * | 2005-04-18 | 2006-11-01 | 阿尔卡特公司 | Digital rights management for media streaming systems |
US20110239288A1 (en) * | 2010-03-24 | 2011-09-29 | Microsoft Corporation | Executable code validation in a web browser |
CN108664795A (en) * | 2017-03-27 | 2018-10-16 | 曲立东 | Data safety optimization application system based on OTO platforms and method |
CN110087239A (en) * | 2019-05-20 | 2019-08-02 | 北京航空航天大学 | Based on the anonymous access authentication and cryptographic key negotiation method and device in 5G network |
Non-Patent Citations (4)
Title |
---|
ANDA0109: "EAP协议", 1.HTTPS://BLOG.CSDN. NET/ANDA0109/ARTICLE/DETAILS/41597387, 29 November 2014 (2014-11-29) * |
CNCCL-WEB-JS: "如何实现token加密", HTTPS://BLOG.CSDN.NET/WEIXIN_37722222/ARTICLE/ DETAIL/99473408, 13 August 2019 (2019-08-13) * |
前端一点红: "基于JWT的token认证机制实现及安全问题", HTTPS://WWW.CNBLOGS.COM/YPPPT/P/13332007.HTML, 17 July 2020 (2020-07-17) * |
陈以太: "解决不继承django自带的user导致rest_framework认证失败401", HTTPS://ZHUANLAN.ZHIHU.COM/P/415245725, 29 September 2021 (2021-09-29) * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9807092B1 (en) | Systems and methods for classification of internet devices as hostile or benign | |
US7478434B1 (en) | Authentication and authorization protocol for secure web-based access to a protected resource | |
US8910241B2 (en) | Computer security system | |
US8386784B2 (en) | Apparatus and method for securely submitting and processing a request | |
CN112422532B (en) | Service communication method, system and device and electronic equipment | |
US8850219B2 (en) | Secure communications | |
CN107579991B (en) | Method for performing cloud protection authentication on client, server and client | |
US8356335B2 (en) | Techniques for authentication via network connections | |
US20050198501A1 (en) | System and method of providing credentials in a network | |
CN110198297B (en) | Flow data monitoring method and device, electronic equipment and computer readable medium | |
US20170149803A1 (en) | Guarding against cross-site request forgery (CSRF) attacks | |
US8099602B2 (en) | Methods for integrating security in network communications and systems thereof | |
CN111770090A (en) | Single package authorization method and system | |
CN112968910B (en) | Replay attack prevention method and device | |
Hossain et al. | OAuth-SSO: A framework to secure the OAuth-based SSO service for packaged web applications | |
US20230274033A1 (en) | Blockchain auditing system and method | |
CN112699374A (en) | Integrity checking vulnerability security protection method and system | |
CN114553480B (en) | Cross-domain single sign-on method and device, electronic equipment and readable storage medium | |
CN113904826B (en) | Data transmission method, device, equipment and storage medium | |
CN114745202A (en) | Method for actively defending web attack and web security gateway based on active defense | |
US11784993B2 (en) | Cross site request forgery (CSRF) protection for web browsers | |
CN110572392A (en) | Identity authentication method based on HyperLegger network | |
US20030046532A1 (en) | System and method for accelerating cryptographically secured transactions | |
CN113992328A (en) | Zero trust transport layer flow authentication method, device and storage medium | |
CN115473683A (en) | Interactive web verification optimization method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |