CN116055180B - Internet resource record information inquiry verification method and device based on gateway - Google Patents

Internet resource record information inquiry verification method and device based on gateway Download PDF

Info

Publication number
CN116055180B
CN116055180B CN202310042272.7A CN202310042272A CN116055180B CN 116055180 B CN116055180 B CN 116055180B CN 202310042272 A CN202310042272 A CN 202310042272A CN 116055180 B CN116055180 B CN 116055180B
Authority
CN
China
Prior art keywords
authorization
record
url
information
response data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310042272.7A
Other languages
Chinese (zh)
Other versions
CN116055180A (en
Inventor
宋春岭
杨有翼
崔培升
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Original Assignee
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD filed Critical BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202310042272.7A priority Critical patent/CN116055180B/en
Publication of CN116055180A publication Critical patent/CN116055180A/en
Application granted granted Critical
Publication of CN116055180B publication Critical patent/CN116055180B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention discloses a gateway-based internet resource record information inquiry and verification method and device, which relate to the technical field of computer network security and comprise the following steps: acquiring URL response data sent by an Internet resource release server; analyzing the URL response data, extracting corresponding authorization numbers from each recorded authorization mark, and calculating hash values of each authorization number; inquiring record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in the gateway; verifying the digital signature result of the URL response data according to the authorized public key and the verification algorithm, and if verification fails, sending the URL response data and corresponding record authorization information to a record information management platform; wherein the result of the digital signature of the URL response data is a digital signature of the splice string of the non-domain name portion of the URL address and the authorization number. The invention can carry out comprehensive and real-time inspection and verification on a large amount of internet resources completely without relying on manual operation.

Description

Internet resource record information inquiry verification method and device based on gateway
Technical Field
The invention relates to a computer network security technology, in particular to a gateway-based internet resource record information inquiry and verification method and device.
Background
For all websites and other internet resources which issue information on the internet, the national requirements are to register the record in the related departments, and at present, various record registration types exist, and if the websites and other internet resources are not registered for record, a management institution usually does not have a particularly complete technical scheme to solve the problem that the unreported websites or the internet resources cannot be found.
Generally, when the related departments make a record, a record number is provided, and the format is similar to that of the related departments: the Beijing public network device 1101080202XXXX, the Beijing ICP device 14007 XXX-1 and the like, then the website displays the information on the homepage, and a user or a manager can know whether the website has been filed or not by checking the hyperlink of the homepage. In some prior art, by establishing a record information inquiry platform, a user or a manager can obtain information about whether the website has been recorded or not by inputting key data of the website on the record information inquiry platform.
However, in either of the above ways, a user or a manager is required to be used as a query initiator of the record information, or to actively click on a record information hyperlink on a web page, or to actively input relevant request data of a website on a record information query platform, the prior art cannot completely and completely check and verify a large amount of internet resources in real time without relying on manual operation, so as to find the unauthorized internet resources as comprehensively as possible.
Disclosure of Invention
In view of the above-mentioned drawbacks or shortcomings in the prior art, the present invention provides a gateway-based method and apparatus for query and verification of internet resource record information, which can solve all or part of the above-mentioned technical problems.
The invention provides a gateway-based internet resource record information inquiry and verification method, which comprises the following steps:
acquiring URL response data sent by an Internet resource release server;
analyzing the URL response data, acquiring all record authorization marks, extracting corresponding authorization numbers from each record authorization mark, and calculating the hash value of each authorization number;
inquiring record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in a gateway, wherein the record authorization information comprises the hash value of the authorization number, an authorized public key and a signature verification algorithm;
verifying the digital signature result of the URL response data according to the authorized public key and a verification algorithm, and if verification fails, sending the URL response data and corresponding recording authorization information to a recording information management platform;
wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
Further, the method further comprises the following steps:
if the URL response data does not have the record authorization mark, marking the URL address corresponding to the URL response data as an unauthorized URL, and sending the unauthorized URL to a record information management platform.
Further, the method further comprises the following steps:
if the hash value of the authorization number is not queried in the authorization information list stored in the gateway, a request for querying record authorization information corresponding to the authorization number is sent to a record authorization server, and if the record authorization information corresponding to the authorization number is queried, the record authorization information is added into the authorization information list.
Further, the method further comprises the following steps:
and responding to the feedback information which is sent by the record authorization server and is not queried for the record authorization information corresponding to the authorization number, marking the URL address corresponding to the URL response data as the URL of the fake authorization number, and sending the URL address to a record information management platform.
Further, the method further comprises the following steps:
and periodically acquiring updated data of the recording authorization information in the authorization information list from the recording authorization server.
The second aspect of the present invention also provides a gateway-based internet resource record information query and verification device, which comprises:
the first module is configured to acquire URL response data sent by the Internet resource issuing server;
the second module is configured to analyze the URL response data, acquire all record authorization marks, extract corresponding authorization numbers from each record authorization mark and calculate the hash value of each authorization number;
the third module is configured to query record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in the gateway, wherein the record authorization information comprises the hash value of the authorization number, an authorized public key and a signature verification algorithm;
a fourth module configured to perform signature verification on the digital signature result of the URL response data according to the authorized public key and signature verification algorithm, and if the signature verification fails, send the URL response data and corresponding record authorization information to a record information management platform; wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
Further, the system further comprises a fifth module configured to mark the URL address corresponding to the URL response data as an unauthorized URL if the URL response data has no record authorization mark, and send the unauthorized URL to the record information management platform.
Further, the system further comprises a sixth module configured to send a request for inquiring the record authorization information corresponding to the authorization number to the record authorization server if the hash value of the authorization number is not inquired in the authorization information list stored in the gateway, and add the record authorization information corresponding to the authorization number to the authorization information list if the record authorization information corresponding to the authorization number is inquired.
Further, the sixth module is further configured to respond to the feedback information of the record authorization information corresponding to the authorization number, which is sent by the record authorization server, and mark the URL address corresponding to the URL response data as the URL of the counterfeit authorization number, and send the URL to the record information management platform.
Further, the system also comprises a seventh module configured to periodically acquire the update data of the record authorization information in the authorization information list from the record authorization server.
The method and the device for inquiring and verifying the Internet resource record information based on the gateway provided by the invention can know whether the websites corresponding to the URLs are recorded or not by installing the authorized check gateway on the key node route and checking all browsed URLs (uniform resource locators) under the key node route, and can timely know which websites have record defects in the whole network through a summarizing platform by summarizing the checked URLs without record, the falsely recorded URLs and the falsely recorded URLs. The invention can carry out comprehensive and real-time inspection and verification on a large amount of internet resources completely without relying on manual operation.
Drawings
Other features, objects and advantages of the present application will become more apparent upon reading of the detailed description of non-limiting embodiments, made with reference to the following drawings, in which:
FIG. 1 is a system architecture diagram of an Internet resource docket information query and verification system according to one embodiment of the present application;
fig. 2 is a program flow diagram of a gateway-based internet resource record information query and verification method according to an embodiment of the present application;
FIG. 3 is a logic structure diagram of a gateway-based Internet resource record information query and verification device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in this application and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used in embodiments of the present invention to describe the acquisition modules, these acquisition modules should not be limited to these terms. These terms are only used to distinguish the acquisition modules from each other.
Depending on the context, the word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" or "in response to detection". Similarly, the phrase "if determined" or "if detected (stated condition or event)" may be interpreted as "when determined" or "in response to determination" or "when detected (stated condition or event)" or "in response to detection (stated condition or event), depending on the context.
It should be noted that, the terms "upper", "lower", "left", "right", and the like in the embodiments of the present invention are described in terms of the angles shown in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in the context, it will also be understood that when an element is referred to as being formed "on" or "under" another element, it can be directly formed "on" or "under" the other element or be indirectly formed "on" or "under" the other element through intervening elements.
The country specifies that all the various resources released on the internet are required to be recorded in relevant departments of the country, and various types of records are required to be orderly managed and legally managed so as to avoid network fraud. The management department provides a set of record information, asymmetric key pairs and signature verification algorithm for internet resource publishers such as each website. The record information comprises: ICP docket number (e.g., beijing public network device 1100000200 XXXX), domain name, company name, docket date, docket type, user name, etc. The record type is used for distinguishing the record website and can develop business types, such as simple information display, sales, electronic information interaction and the like. The signature algorithm is usually an asymmetric algorithm, the digital signature of the recorded website is realized by matching the provided asymmetric key pair with the signature algorithm, the common signature algorithms in the prior art include RSA, national standard signature, SM2, SM9 and other algorithms, and the signature verification algorithm corresponds to the signature algorithm.
In the technical scheme of the invention, the record information is written into URL response data of the netpage. It should be noted that URL response data in the present invention refers to response data fed back by an internet resource provider server, such as a web server, in response to a URL address connection request sent by a client, and generally URL response data is data information of a web page corresponding to a URL address. Within each URL response data in an authorized internet site is a set of authorization tags, which may or may not be displayed, in the format of:
A. < public security network equipment > Beijing public network equipment 1100000200XXXX: network equipment digital signature result;
B. < ICP > Beijing ICP preparation 1104XXXX ICP digital signature result: ICP > < Internet pharmaceutical information service qualification number > (Beijing) -business-2014-0008: internet pharmaceutical digital signature result: internet pharmaceutical information service qualification number >.
The brackets in the authorization token format are standard keywords. In the front and rear pairs of brackets are the authorization number and the digital signature result, which are separated by an English colon. Wherein the authorization number is from the corresponding authority.
Further, the URL address (i.e. the uniform resource locator) contains a domain name part and a non-domain name part, and the digital signature of the present invention is a result of specifically digitally signing the character string spliced by the non-domain name part and the authorization number of the URL address. This is because if only the authorization number is digitally signed, an illegitimate actor can migrate the integrity of the encrypted data obtained by signing the authorization number to other URL response data, i.e., migrate the integrity of the encrypted data obtained by signing the authorization number to other web page data. The invention signs the authorization number and the non-domain name part of the URL address together, and the result of the digital signature is relatively unique due to the relative uniqueness of the non-domain name part of the URL address, thereby avoiding the counterfeiting of the recorded authorization information.
In order to realize comprehensive and real-time checking and verification of a large amount of internet resources without relying on manual operation, the invention gives up the technical conception of the traditional webpage linking method and platform query method, and realizes the record query of the internet resources by utilizing the gateway in the key node router or the router with the gateway function. The specific principle is as follows: network communication is realized through a route in the Internet, network traffic flows through the router, if an authorization check gateway is installed on a key node route, all browsed URLs can be checked, whether websites corresponding to the URLs are registered or not can be known, and the checked URLs which are not registered are summarized to a database or a third party platform, so that whether websites are registered or not can be known at any time.
Referring to fig. 1, one embodiment of the present invention provides an internet resource docket information query verification system 100, the system 100 including a router 101, a web server 102, a client 103, and a docket authorization server 104. The router 101 is provided with a gateway 105 therein, or the router 101 has a gateway function. The client 103 may be a smart phone, tablet, PC, notebook, PDA, etc. with client software installed. During network communication, the client 103 sends a network connection request, i.e., a URL request, to the web server 102 over the network, which is intercepted by the gateway 105 in the router 101 and forwarded to the web server 102 via the gateway 105. The web server 102 returns response information including URL response data of the web page to the client 103 in response to the network connection request, and the response information is also intercepted by the gateway 105 of the router 101. The gateway 105 identifies the authorization tag in the URL response data, queries the record authorization information corresponding to the authorization tag information in the authorization information list stored in the gateway 105 according to the identified authorization tag information, performs signature verification on the digital signature result in the URL response data according to the record authorization information, and if the signature verification fails, can acquire that the URL is a counterfeit authorization URL. Similarly, if the authorization mark information is not queried in the authorization information list, the authorization mark in the URL is forged; if the URL response data does not analyze the authorization mark, the website corresponding to the URL is not recorded.
Further, the record authorization server 104 stores the latest website record authorization information, and is configured to provide update data of the record authorization information for the authorization information list in the gateway 105 periodically. When the authorization information list in the gateway 105 is not updated timely, so that the related record authorization information cannot be queried, the gateway 105 can directly send a query request of the record authorization information to the record authorization server 104.
Referring to fig. 2, another embodiment of the present invention further provides a gateway-based internet resource record information query and verification method, including the following steps:
step S101, URL response data sent by an Internet resource release server is obtained;
specifically, in the internet resource publishing server of this embodiment, for example, a web server responds to a URL network connection request sent by a client, and feeds back response data containing URL response data to the client, where the URL response data is generally web page data information corresponding to a URL address.
Step S102, analyzing the URL response data, obtaining all record authorization marks, extracting corresponding authorization numbers from each record authorization mark, and calculating hash values of each authorization number;
specifically, the gateway intercepts and analyzes the URL response data to obtain data information in the URL response data, and if the website is a recorded website, the data information should contain an authorization tag of the website, and the content and format of the authorization tag are specifically referred to above. The record authorization types of websites are usually various, the URL response data usually comprise record authorization marks of various types, and the marks of the URL response data can be defined for different authorities according to requirements. The step obtains the authorization number from each authorization mark, calculates the hash value of the authorization number, and finally obtains the hash values of the authorization numbers of the authorization marks of various types.
Step S103, inquiring record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in a gateway, wherein the record authorization information comprises the hash value of the authorization number, an authorized public key and a signature verification algorithm;
specifically, an authorization information list of a known website URL is prestored in the gateway, the authorization information list comprises recording authorization information, and the recording authorization information comprises a hash value of an authorization number, the authorization number, an authorized public key and a signature verification algorithm. Further, in order to ensure the completeness of the recording authorization information in the authorization information list, the gateway periodically acquires the update data of the recording authorization information in the authorization information list from the recording authorization server. Further, according to the hash value of the authorization number calculated in step S102, record authorization information corresponding to the hash value of the authorization number is queried in the authorization information list stored in the gateway, so as to obtain the authorization number, the public key and the signature verification algorithm corresponding to the hash value of the authorization number.
Step S104, signing verification is carried out on the digital signature result of the URL response data according to the authorized public key and signing verification algorithm, and if signing verification fails, the URL response data and corresponding recording authorization information are sent to a recording information management platform; wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
Specifically, if the authorization tag can be parsed from the URL response data and the authorization number is obtained from the authorization tag, whether the website corresponding to the URL is actually recorded still cannot be proved, and further verification of the authorization number is required because the authenticity of the authorization number cannot be determined. In the step, the public key and signature verification algorithm obtained in the step S103 are used for verifying the digital signature result in the URL response data, if the signature verification fails, the authorization number is verified to be counterfeit, the website is suspected of counterfeit the recording authorization website, and the URL and recording authorization information are sent to a database of a third party or a recording information management platform for storage.
It should be noted that the result of the digital signature of the present invention is a result of digital signature of a string spliced by the non-domain name part of the URL address and the authorization number. This is because if only the authorization number is digitally signed, an illegitimate actor can migrate the integrity of the encrypted data obtained by signing the authorization number to other URL response data, i.e., migrate the integrity of the encrypted data obtained by signing the authorization number to other web page data. The invention signs the authorization number and the non-domain name part of the URL address together, and the result of the digital signature is relatively unique due to the relative uniqueness of the non-domain name part of the URL address, thereby avoiding the counterfeiting of the recorded authorization information as much as possible.
Further, step S105 is further included, if the record authorization flag is not included in the URL response data, the URL address corresponding to the URL response data is marked as an unauthorized URL, and the unauthorized URL is sent to the record information management platform.
Specifically, the URL response data of the website without record authorization is without record authorization mark, so when the URL response data cannot resolve the authorization mark, the URL address is described as an unauthorized URL, that is, the website is not recorded, and the URL address is sent to the record information management platform or database of the third party for storage.
Further, the method further comprises S106, if the hash value of the authorization number is not queried in the authorization information list stored in the gateway, a request for querying the record authorization information corresponding to the authorization number is sent to the record authorization server, and if the record authorization information corresponding to the authorization number is queried, the record authorization information is added into the authorization information list.
In particular, some URL response data of websites have authorization tags, and the authorization numbers can be resolved from the authorization tags, but the authorization numbers may be forged. If the hash value of the authorization number corresponding to the URL response data is not queried in the authorization information list stored by the gateway, the record authorization information of the URL obtained by the gateway is indicated to have no record of the authorization number, and the authorization number can be forged or can be caused by that the record authorization information of the website is not updated. In step S106, the gateway directly sends a request for inquiring the authorization information of the authorization number corresponding to the URL response data to the record authorization server, and as the record information stored in the record authorization server is the most comprehensive and accurate, the record authorization information can be inquired through the authorization number as long as the website records the record authorization information, and then the record authorization information is added into the authorization information list in the gateway, so that the update of the authorization information list is realized.
Further, step S107 is further included, in response to the feedback information of the record authorization information corresponding to the authorization number not being queried, sent by the record authorization server, marking the URL address corresponding to the URL response data as the URL of the counterfeit authorization number, and sending the URL address to the record information management platform.
Specifically, after the gateway sends a request for inquiring the record authorization information of the authorization number corresponding to the URL response data to the record authorization server, the record authorization server inquires the authorization number according to the request, if the authorization number still cannot be inquired, feedback information is sent to the gateway, and at this time, it can be ensured that the authorization number in the URL response data is forged, and then the URL address corresponding to the URL response data is sent to a third party record information management platform for storage.
According to the gateway-based internet resource record information query and verification method provided by the embodiment, by installing the authorized check gateway on the key node route, all browsed URLs under the key node route are checked, whether the websites corresponding to the URLs are recorded or not can be known, and the checked URLs without record, the falsely recorded URLs and the falsely recorded URLs are subjected to platform summarization, so that the fact that the network with record defects exists in the whole network can be timely known through a summarization platform. The embodiment can carry out comprehensive and real-time inspection and verification on a large amount of internet resources completely without relying on manual operation.
Referring to fig. 3, another embodiment of the present invention further provides a gateway-based internet resource docket information query and verification device 200, which includes a first module 201, a second module 202, a third module 203, and a fourth module 204. The apparatus 200 is used to perform the steps of the method embodiments described above.
Specifically, the apparatus 200 includes:
a first module 201 configured to acquire URL response data transmitted from the internet resource publication server;
a second module 202 configured to parse the URL response data, obtain all record authorization tags, extract a corresponding authorization number from each record authorization tag, and calculate a hash value of each authorization number;
a third module 203, configured to query, in an authorization information list stored in the gateway, record authorization information corresponding to a hash value of each authorization number, where the record authorization information includes the hash value of the authorization number, the authorized public key and the signature verification algorithm;
a fourth module 204, configured to check the digital signature result of the URL response data according to the authorized public key and the signature checking algorithm, and if the check fails, send the URL response data and the corresponding record authorization information to the record information management platform; wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
Further, the fifth module 205 is configured to mark the URL address corresponding to the URL response data as an unauthorized URL if the record authorization mark is not included in the URL response data, and send the URL address to the record information management platform.
Further, the method further includes a sixth module 206 configured to send a request for querying record authorization information corresponding to the authorization number to the record authorization server if the hash value of the authorization number is not queried in the authorization information list stored in the gateway, and add the record authorization information corresponding to the authorization number to the authorization information list if the record authorization information corresponding to the authorization number is queried.
Further, the sixth module 206 is further configured to, in response to the feedback information sent by the record authorization server, which is not queried for the record authorization information corresponding to the authorization number, mark the URL address corresponding to the URL response data as the URL of the counterfeit authorization number, and send the URL to the record information management platform.
Further, a seventh module 207 is further included and configured to periodically obtain update data of the record authorization information in the authorization information list from the record authorization server.
It should be noted that, the technical solutions corresponding to the apparatus 200 provided in this embodiment that may be used to execute the embodiments of the methods are similar to those of the methods in terms of implementation principle and technical effects, and are not repeated herein.
Referring to fig. 4, another embodiment of the present invention provides a schematic structural diagram of an electronic device. The electronic device includes:
one or more processors;
a storage means for storing one or more programs;
the one or more programs, when executed by the one or more processors, enable the one or more processors to implement the various steps of the method embodiments described above.
Referring now in particular to fig. 4, a schematic diagram of an electronic device 300 suitable for use in implementing embodiments of the present invention is shown, the electronic device 300 may be a gateway or a router having gateway functionality. The electronic device 300 shown in fig. 4 is only an example and should not be construed as limiting the functionality and scope of use of embodiments of the invention.
As shown in fig. 4, the electronic device 300 may include a processing means (e.g., a central processing unit, a graphics processor, etc.) 301 that may perform various suitable actions and processes to implement the methods of embodiments of the present invention according to programs stored in a Read Only Memory (ROM) 302 or loaded from a storage 308 into a Random Access Memory (RAM) 303. In the RAM303, various programs and data required for the operation of the electronic apparatus 300 are also stored. The processing device 301, the ROM 302, and the RAM303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
In general, the following devices may be connected to the I/O interface 305: input devices 306 including, for example, a touch screen, touchpad, keyboard, mouse, camera, microphone, accelerometer, gyroscope, etc.; an output device 307 including, for example, a Liquid Crystal Display (LCD), a speaker, a vibrator, and the like; storage 308 including, for example, magnetic tape, hard disk, etc.; and communication means 309. The communication means 309 may allow the electronic device 300 to communicate with other devices wirelessly or by wire to exchange data. While fig. 4 shows an electronic device 300 having various means, it is to be understood that not all of the illustrated means are required to be implemented or provided. More or fewer devices may be implemented or provided instead.
The foregoing description is only of the preferred embodiments of the invention. It will be appreciated by persons skilled in the art that the scope of the disclosure referred to in the present invention is not limited to the specific combinations of technical features described above, but also covers other technical features formed by any combination of the technical features described above or their equivalents without departing from the spirit of the disclosure. Such as the above-mentioned features and the technical features disclosed in the present invention (but not limited to) having similar functions are replaced with each other.

Claims (10)

1. The internet resource record information inquiry and verification method based on the gateway is characterized by comprising the following steps of:
acquiring URL response data sent by an Internet resource release server;
analyzing the URL response data, acquiring all record authorization marks, extracting corresponding authorization numbers from each record authorization mark, and calculating the hash value of each authorization number;
inquiring record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in a gateway, wherein the record authorization information comprises the hash value of the authorization number, an authorized public key and a signature verification algorithm;
verifying the digital signature result of the URL response data according to the authorized public key and a verification algorithm, and if verification fails, sending the URL response data and corresponding recording authorization information to a recording information management platform;
wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
2. The gateway-based internet resource record information query and verification method as claimed in claim 1, further comprising:
if the URL response data does not have the record authorization mark, marking the URL address corresponding to the URL response data as an unauthorized URL, and sending the unauthorized URL to a record information management platform.
3. The gateway-based internet resource record information query and verification method as claimed in claim 1, further comprising:
if the hash value of the authorization number is not queried in the authorization information list stored in the gateway, a request for querying record authorization information corresponding to the authorization number is sent to a record authorization server, and if the record authorization information corresponding to the authorization number is queried, the record authorization information is added into the authorization information list.
4. The gateway-based internet resource record information query and verification method as claimed in claim 3, further comprising:
and responding to the feedback information which is sent by the record authorization server and is not queried for the record authorization information corresponding to the authorization number, marking the URL address corresponding to the URL response data as the URL of the fake authorization number, and sending the URL address to a record information management platform.
5. The gateway-based internet resource record information query and verification method according to claim 3 or 4, further comprising:
and periodically acquiring updated data of the recording authorization information in the authorization information list from the recording authorization server.
6. The utility model provides an internet resource record information inquiry verification device based on gateway which characterized in that includes:
the first module is configured to acquire URL response data sent by the Internet resource issuing server;
the second module is configured to analyze the URL response data, acquire all record authorization marks, extract corresponding authorization numbers from each record authorization mark and calculate the hash value of each authorization number;
the third module is configured to query record authorization information corresponding to the hash value of each authorization number in an authorization information list stored in the gateway, wherein the record authorization information comprises the hash value of the authorization number, an authorized public key and a signature verification algorithm;
a fourth module configured to perform signature verification on the digital signature result of the URL response data according to the authorized public key and signature verification algorithm, and if the signature verification fails, send the URL response data and corresponding record authorization information to a record information management platform; wherein the result of the digital signature of the URL response data is a digital signature of a concatenation string of the non-domain name portion of the URL address and the authorization number.
7. The gateway-based internet resource docket information query and verification device according to claim 6, further comprising a fifth module configured to mark a URL address corresponding to the URL response data as an unauthorized URL if there is no docket authorization mark in the URL response data, and send the URL address to a docket information management platform.
8. The gateway-based internet resource docket information query and verification device according to claim 6, further comprising a sixth module configured to send a request for querying docket authorization information corresponding to the authorization number to a docket authorization server if the hash value of the authorization number is not queried in the authorization information list stored in the gateway, and to add the docket authorization information corresponding to the authorization number to the authorization information list if the docket authorization information corresponding to the authorization number is queried.
9. The gateway-based internet resource docket information query and verification device according to claim 8, wherein the sixth module is further configured to, in response to feedback information sent by the docket authorization server and not querying docket authorization information corresponding to the authorization number, mark a URL address corresponding to the URL response data as a URL of a counterfeit authorization number, and send the URL address to the docket information management platform.
10. A gateway-based internet resource docket information query and verification device as claimed in claim 8 or 9, further comprising a seventh module configured to periodically obtain update data of docket authorization information in the authorization information list from the docket authorization server.
CN202310042272.7A 2023-01-28 2023-01-28 Internet resource record information inquiry verification method and device based on gateway Active CN116055180B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310042272.7A CN116055180B (en) 2023-01-28 2023-01-28 Internet resource record information inquiry verification method and device based on gateway

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310042272.7A CN116055180B (en) 2023-01-28 2023-01-28 Internet resource record information inquiry verification method and device based on gateway

Publications (2)

Publication Number Publication Date
CN116055180A CN116055180A (en) 2023-05-02
CN116055180B true CN116055180B (en) 2023-06-16

Family

ID=86112914

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310042272.7A Active CN116055180B (en) 2023-01-28 2023-01-28 Internet resource record information inquiry verification method and device based on gateway

Country Status (1)

Country Link
CN (1) CN116055180B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065532A (en) * 2014-06-26 2014-09-24 国家计算机网络与信息安全管理中心 Unrecorded website search method and system based on multi-channel data access method
CN105763664A (en) * 2015-07-30 2016-07-13 佛山市诚科网络科技有限公司 Search method and system of unrecorded websites
CN108259630A (en) * 2016-12-29 2018-07-06 中国电信股份有限公司 Non- recorded website detection method, platform and system
CN110971571A (en) * 2018-09-29 2020-04-07 北京国双科技有限公司 Website domain name verification method and related device
CN111786960A (en) * 2020-06-10 2020-10-16 中国移动通信集团黑龙江有限公司 Method, device, equipment and storage medium for checking website record condition
CN113779478A (en) * 2021-09-15 2021-12-10 哈尔滨工业大学(威海) Abnormal ICP filing website detection method based on multivariate features

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9467456B2 (en) * 2014-08-29 2016-10-11 Dell Software Inc. Single login authentication for users with multiple IPv4/IPv6 addresses

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104065532A (en) * 2014-06-26 2014-09-24 国家计算机网络与信息安全管理中心 Unrecorded website search method and system based on multi-channel data access method
CN105763664A (en) * 2015-07-30 2016-07-13 佛山市诚科网络科技有限公司 Search method and system of unrecorded websites
CN108259630A (en) * 2016-12-29 2018-07-06 中国电信股份有限公司 Non- recorded website detection method, platform and system
CN110971571A (en) * 2018-09-29 2020-04-07 北京国双科技有限公司 Website domain name verification method and related device
CN111786960A (en) * 2020-06-10 2020-10-16 中国移动通信集团黑龙江有限公司 Method, device, equipment and storage medium for checking website record condition
CN113779478A (en) * 2021-09-15 2021-12-10 哈尔滨工业大学(威海) Abnormal ICP filing website detection method based on multivariate features

Also Published As

Publication number Publication date
CN116055180A (en) 2023-05-02

Similar Documents

Publication Publication Date Title
CN110457957B (en) Information processing method and device of electronic bill, electronic equipment and medium
US8880435B1 (en) Detection and tracking of unauthorized computer access attempts
JP2020511059A (en) Information authentication method and system
CN102375952B (en) Method for displaying whether website is credibly checked in search engine result
US20070174762A1 (en) Personal web page annotation system
CN102355469A (en) Method for displaying credibility certification for website in address bar of browser
CN101459672B (en) Webpage content authentication system and method
US20140058875A1 (en) Methods for facilitating an electronic signature and devices thereof
JP2008243209A (en) Server system and method for authenticating document image
JP2001282619A (en) Method and device for detecting content alteration and recording medium with recorded processing program thereon
CN102594934A (en) Method and device for identifying hijacked website
CN109948343A (en) Leak detection method, Hole Detection device and computer readable storage medium
CN104753730A (en) Vulnerability detection method and device
US11799873B2 (en) System and method for verification of reliability and validity of crowd sourcing users
CN1645821A (en) Web site identify identifying and realizing method for binding domain name and domain certificater identification
EP1160644B1 (en) Data terminal equipment
WO2022179120A1 (en) Gateway interception method and apparatus, electronic device and storage medium
US9846782B2 (en) Validating user control over contact information in a domain name registration database
JP2018513446A (en) Apparatus, method and system for validating human metadata
CN116055180B (en) Internet resource record information inquiry verification method and device based on gateway
CN112434506A (en) Electronic protocol signing processing method, device, computer equipment and medium
JP2003016216A (en) System for detecting fraudulent diversion of contents, and computer program
JP3573718B2 (en) Homepage server device and program with unauthorized use prevention function
CN113111283B (en) Forensic server, forensic server method, storage medium, and program product
KR20140059975A (en) Internet certificates issuing system and method thereof

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant