CN116112240A - Service request response method and device - Google Patents
Service request response method and device Download PDFInfo
- Publication number
- CN116112240A CN116112240A CN202310034527.5A CN202310034527A CN116112240A CN 116112240 A CN116112240 A CN 116112240A CN 202310034527 A CN202310034527 A CN 202310034527A CN 116112240 A CN116112240 A CN 116112240A
- Authority
- CN
- China
- Prior art keywords
- information
- fingerprint
- equipment
- request
- characteristic information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a service request response method and a service request response device, and relates to the fields of information security technology, financial science and technology and information technology industry. One embodiment of the method comprises the following steps: receiving a service processing request from a terminal device; acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment; generating a first device fingerprint of the terminal device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device; determining request information of the service request, and matching second equipment fingerprints corresponding to the request information in a service fingerprint library; and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint. The implementation mode can better ensure the safety of the business processing process.
Description
Technical Field
The present invention relates to the fields of information security technologies, financial technologies, and information technology industries, and in particular, to a service request response method and device.
Background
With the development of computer technology, many services can be handled through a network by a terminal device. The network business handling brings great potential safety hazard while bringing convenience to users. Such as theft of bank accounts, theft of network accounts, etc. In the prior art, the security of service processing is generally improved by performing security discrimination on the identity of a service requester. But the safety of the service processing process cannot be well ensured only by judging the identity of the data requesting party.
Disclosure of Invention
In view of this, the embodiments of the present invention provide a service request response method and apparatus, which determine whether to respond to a service request by generating a device fingerprint of a device terminal that sends the service processing request, so that the security of the service processing process can be better ensured.
In a first aspect, an embodiment of the present invention provides a service request response method, including:
receiving a service processing request from a terminal device;
acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment;
generating a first device fingerprint of the terminal device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device;
determining request information of the service request, and matching second equipment fingerprints corresponding to the request information in a service fingerprint library;
and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
Optionally, the hardware feature information includes: device model and/or resolution;
the system characteristic information includes at least one of: system version, default font size, and user agent information;
the application layer characteristic information includes at least one of: operator information, canvas drawing information, and image rendering information.
Optionally, the generating the first device fingerprint of the terminal device according to the hardware feature information, the system feature information and the application feature information of the terminal device includes:
combining the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string;
encrypting the combined character string to generate a character string ciphertext;
and generating a first device fingerprint of the terminal device according to the character string ciphertext.
Optionally, the generating a first device fingerprint of the terminal device according to the string ciphertext includes:
generating abstract information of the combined character string;
and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device.
Optionally, the responding to the service processing request according to the comparison result of the first device fingerprint and the second device fingerprint includes:
acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint;
decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string;
and responding to the comparison result of the first equipment fingerprint and the second equipment fingerprint and responding to the service processing request, wherein the comparison result is executed according to the fact that the summary information contained in the second equipment fingerprint is matched with the summary information of the combined character string.
Optionally, the responding to the service processing request according to the comparison result of the first device fingerprint and the second device fingerprint includes:
responding to the comparison result to represent that the first equipment fingerprint is matched with the second equipment fingerprint, and executing a processing flow corresponding to the service processing request;
and responding to the comparison result to represent that the first equipment fingerprint is not matched with the second equipment fingerprint, and sending prompt information of equipment fingerprint mismatch.
Optionally, before receiving the service request from the terminal device, the method further includes:
receiving a service registration request;
determining request equipment corresponding to the service registration request, and acquiring hardware feature information, system feature information and application feature information of the request equipment;
generating a device fingerprint of the request device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the request device;
generating a fingerprint record according to the equipment fingerprint of the request equipment and the request information of the service registration request, and inserting the fingerprint record into the service fingerprint library.
In a second aspect, an embodiment of the present invention provides a service request response device, including:
the request receiving module is used for receiving a service processing request from the terminal equipment;
the information acquisition module is used for acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment;
the fingerprint generation module is used for generating a first equipment fingerprint of the terminal equipment according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment;
the fingerprint matching module is used for determining the request information of the service request and matching the second equipment fingerprint corresponding to the request information from a service fingerprint library;
and the request response module is used for responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
Optionally, the hardware feature information includes: device model and/or resolution;
the system characteristic information includes at least one of: system version, default font size, and user agent information;
the application layer characteristic information includes at least one of: operator information, canvas drawing information, and image rendering information.
Optionally, the fingerprint generation module is specifically configured to:
combining the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string;
encrypting the combined character string to generate a character string ciphertext;
and generating a first device fingerprint of the terminal device according to the character string ciphertext.
Optionally, the fingerprint generation module is specifically configured to:
generating abstract information of the combined character string;
and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device.
Optionally, the request response module is specifically configured to:
acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint;
decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string;
and responding to the comparison result of the first equipment fingerprint and the second equipment fingerprint and responding to the service processing request, wherein the comparison result is executed according to the fact that the summary information contained in the second equipment fingerprint is matched with the summary information of the combined character string.
In a third aspect, an embodiment of the present invention provides an electronic device, including:
one or more processors;
storage means for storing one or more programs,
the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the methods of any of the embodiments described above.
In a fourth aspect, embodiments of the present invention provide a computer readable medium having stored thereon a computer program which, when executed by a processor, implements a method as described in any of the above embodiments.
In a fifth aspect, embodiments of the present invention provide a computer program product comprising a computer program which, when executed by a processor, implements a method as described in any of the above embodiments.
One embodiment of the above invention has the following advantages or benefits: the system is provided with a service fingerprint library which can be used for storing device fingerprints in a white list, device fingerprints of terminal devices with access rights and the like. When a service processing request is received, terminal equipment of the service processing request is obtained, equipment fingerprints of the terminal equipment are generated, the generated equipment fingerprints are compared with the equipment fingerprints in a service fingerprint library, whether to respond to the service processing request is determined according to the comparison result, and the safety of the service processing process can be better ensured.
In addition, the device fingerprint of the terminal device is generated according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device. The characteristic information is a hidden identifier and can be obtained without user authorization. The scheme can not be changed due to the changes of the forbidden function and the privacy policy of manufacturers, and has higher stability and wider application range.
Further effects of the above-described non-conventional alternatives are described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a flow chart of a service request response method according to a first embodiment of the present invention;
fig. 2 is a flow chart of a service request response method according to a second embodiment of the present invention;
fig. 3 is a schematic flow chart of a method for constructing a service fingerprint library according to a third embodiment of the present invention;
fig. 4 is a schematic structural diagram of a service request response device according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a computer system suitable for use in implementing an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention will now be described with reference to the accompanying drawings, in which various details of the embodiments of the present invention are included to facilitate understanding, and are to be considered merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the technical scheme of the invention, the aspects of acquisition, analysis, use, transmission, storage and the like of the related user personal information all meet the requirements of related laws and regulations, are used for legal and reasonable purposes, are not shared, leaked or sold outside the aspects of legal use and the like, and are subjected to supervision and management of a supervision department. Necessary measures should be taken for the personal information of the user to prevent illegal access to such personal information data, ensure that personnel having access to the personal information data comply with the regulations of the relevant laws and regulations, and ensure the personal information of the user. Once these user personal information data are no longer needed, the risk should be minimized by limiting or even prohibiting the data collection and/or deletion.
Fig. 1 is a flow chart of a service request response method according to a first embodiment of the present invention, as shown in fig. 1, where the method includes:
step 101: a service processing request from a terminal device is received.
Step 102: and acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment.
The system of terminal devices can be divided into three levels: the scheme of the embodiment of the invention screens out the hardware characteristic information, the system characteristic information and the application characteristic information from the three layers respectively for generating the device fingerprint. The hardware characteristic information, the system characteristic information and the application characteristic information are all invisible identifiers, and can be obtained without user authorization. The feature information is not changed by the change of the manufacturer disabling function and the privacy policy.
The hardware characteristic information is related information of the hardware of the terminal equipment. The hardware characteristic information may include: device model, resolution, etc.
The system characteristic information is system related information of the terminal equipment. The system characteristic information may include at least one of: system version, default font size, and user agent information. UA (User-Agent) information is used by the web server to determine relevant information of the visitor, and the User Agent information may include: device model, system version, app version, channel number, etc.
The application layer characteristic information is information related to the application of the terminal device. The application layer characteristic information may include at least one of: operator information, canvas drawing information, and image rendering information.
The canvas drawing information may be feature information obtained by drawing an image using canvas. Canvas feature information may be determined by: drawing a hidden canvas of a specified size; drawing a plurality of square blocks with different sizes and lines with different thicknesses and lengths to generate a picture; and obtaining a coding string of the picture by using a base64 coding mode, carrying out hash compression on the coding string to obtain a hash value, and taking the hash value as canvas drawing information.
The image rendering information may be feature information obtained by WebGL rendering. The image rendering information may be determined by: drawing a gradient object by using a shader, and generating a picture of the gradient object; obtaining a coding string of the picture by using a base64 coding mode; enumerating the expansion functions related to WebGL3D rendering, and adding the rendered return result to the code string to generate a new code string. And carrying out hash coding on the new coding string, and taking the hash value of the new coding string as image rendering information.
Step 103: and generating a first device fingerprint of the terminal device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device.
A device fingerprint is a device identification that can be used to uniquely identify a device characteristic or uniqueness of a terminal device. The terminal equipment and the equipment fingerprint are in one-to-one correspondence.
Step 104: and determining request information of the service request, and matching second equipment fingerprints corresponding to the request information from the service fingerprint library.
The request information can be set as needed. The request information may include: user information, service type, terminal information, etc.
The system is provided with a service fingerprint library which can be used for storing device fingerprints in a white list, device fingerprints of terminal devices with access rights and the like. And the service fingerprint library stores the corresponding relation between the request information and the device fingerprint.
In the service fingerprint library, the request information is in one-to-one correspondence with the device fingerprint. Through the service fingerprint library, at most one second device fingerprint can be matched. And when the second device fingerprint corresponding to the request information does not exist in the service fingerprint library, the prompting information of the device fingerprint corresponding to the service processing request does not exist is returned to the terminal device.
Step 105: and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
A similarity value between the first device fingerprint and the second device fingerprint may be calculated. If the similarity value is less than the similarity threshold, it is determined that the first device fingerprint matches the second device fingerprint. If the similarity value is not less than the similarity threshold, it is determined that the first device fingerprint does not match the second device fingerprint.
And if the comparison result represents that the first equipment fingerprint is matched with the second equipment fingerprint, executing a processing flow corresponding to the service processing request. And if the comparison result represents that the first equipment fingerprint is not matched with the second equipment fingerprint, sending prompt information of equipment fingerprint mismatch.
In the embodiment of the invention, when the service processing request is received, the terminal equipment of the service processing request is obtained, the equipment fingerprint of the terminal equipment is generated, the generated equipment fingerprint is compared with the equipment fingerprint in the service fingerprint library, and whether to respond to the service processing request is determined according to the comparison result, so that the safety of the service processing process can be better ensured.
In addition, the device fingerprint of the terminal device is generated according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device. The characteristic information is a hidden identifier and can be obtained without user authorization. The scheme can not be changed due to the changes of the forbidden function and the privacy policy of manufacturers, and has higher stability and wider application range.
Fig. 2 is a flow chart of a service request response method according to a second embodiment of the present invention, as shown in fig. 2, where the method includes:
step 201: a service processing request from a terminal device is received.
Step 202: and acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment.
Step 203: and combining the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string.
The preset sequence can be set according to the service requirement. The feature information can be connected through a preset connector, and the preset connector can be composed of characters, numbers, symbols and the like. For example: the preset connector may be @, and the combined string may be in the form of: device model @ resolution @ system version @ default font size @ user agent information @ operator information @ canvas drawing information @ image rendering information.
Step 204: and encrypting the combined character string to generate a character string ciphertext.
The combined string may be encrypted using an encryption algorithm such as a symmetric encryption algorithm, a cryptographic hash algorithm, or the like. The encryption algorithm may include: SM4 algorithm, DES algorithm, SM3 algorithm, MD5 algorithm, etc.
It should be noted that if the password hash algorithm is used to encrypt the combined string, the length of the device fingerprint can be reduced while the unique identification of the terminal device is achieved, so that the storage of the device fingerprint is facilitated.
Step 205: and generating a first device fingerprint of the terminal device according to the character string ciphertext.
Step 206: and determining request information of the service request, and matching second equipment fingerprints corresponding to the request information from the service fingerprint library.
Step 207: and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
In the embodiment of the invention, the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment are combined firstly to generate a combined character string; and encrypting the combined character string to generate the device fingerprint. The device fingerprint is generated by utilizing various invisible identifiers, is not limited by the privacy authority of the user and the like, and can be applied to various business scenes.
In one embodiment of the present invention, generating a first device fingerprint of a terminal device from a string ciphertext includes: generating abstract information of the combined character string; and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device. The combined string may be encrypted using a symmetric encryption algorithm, such as SM4 algorithm, DES algorithm, etc., to generate a string ciphertext. And then adopting a password hash algorithm, such as SM3 algorithm, MD5 algorithm and the like, to generate the abstract information of the combined character string. And combining the character string ciphertext and the abstract information into the device fingerprint.
Responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint, and comprises the following steps: acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint; decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string; and responding to the service processing request by executing the step of responding to the comparison result of the first device fingerprint and the second device fingerprint in response to the fact that the summary information contained in the second device fingerprint is matched with the summary information of the combined character string.
When the device fingerprint contains the character string ciphertext and the abstract information, the device fingerprint is verified according to the abstract information in the device fingerprint after the device fingerprint is acquired from the fingerprint library, so that the device fingerprint is prevented from being tampered after being stored in the fingerprint library.
Fig. 3 is a flow chart of a method for constructing a service fingerprint library according to a third embodiment of the present invention, as shown in fig. 3, the method includes:
step 301: a service registration request is received.
Step 302: and determining the request equipment corresponding to the service registration request, and acquiring hardware characteristic information, system characteristic information and application characteristic information of the request equipment.
The request device corresponding to the service registration request may be a terminal device sending the service registration request, or may be a terminal device selected by the user. Specifically, the system acquires a plurality of terminal devices used by the user, and displays the plurality of terminal devices so that the user can select the request device from the plurality of terminal devices.
The hardware characteristic information, the system characteristic information and the application characteristic information are all invisible identifiers, and can be obtained without user authorization. The feature information is not changed by the change of the manufacturer disabling function and the privacy policy.
The hardware characteristic information is related information of the hardware of the terminal equipment. The hardware characteristic information may include: device model, resolution, etc.
The system characteristic information is system related information of the terminal equipment. The system characteristic information may include at least one of: system version, default font size, and user agent information. UA (User-Agent) information is used by the web server to determine relevant information of the visitor, and the User Agent information may include: device model, system version, app version, channel number, etc.
The application layer characteristic information is information related to the application of the terminal device. The application layer characteristic information may include at least one of: operator information, canvas drawing information, and image rendering information.
The canvas drawing information may be feature information obtained by drawing an image using canvas. Canvas feature information may be determined by: drawing a hidden canvas of a specified size; drawing a plurality of square blocks with different sizes and lines with different thicknesses and lengths to generate a picture; and obtaining a coding string of the picture by using a base64 coding mode, carrying out hash compression on the coding string to obtain a hash value, and taking the hash value as canvas drawing information.
The image rendering information may be feature information obtained by WebGL rendering. The image rendering information may be determined by: drawing a gradient object by using a shader, and generating a picture of the gradient object; obtaining a coding string of the picture by using a base64 coding mode; enumerating the expansion functions related to WebGL3D rendering, and adding the rendered return result to the code string to generate a new code string. And carrying out hash coding on the new coding string, and taking the hash value of the new coding string as image rendering information.
Step 303: and generating the device fingerprint of the requesting device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the requesting device.
Any of the above methods of generating device fingerprints may be employed to generate a device fingerprint of the requesting device to uniquely identify the requesting device via the device fingerprint.
Step 304: generating a fingerprint record according to the device fingerprint of the requesting device and the request information of the service registration request, and inserting the fingerprint record into a service fingerprint library.
The request information can be set as needed. The request information may include: user information, service type, terminal information, etc. The request information is in one-to-one correspondence with the device fingerprint. The service fingerprint library is used for storing the corresponding relation between the request information and the device fingerprint.
In the embodiment of the invention, when a service registration request is received, a corresponding fingerprint record is generated and stored in a service fingerprint library. When a service processing request is received, corresponding equipment fingerprints are matched from a service fingerprint library for comparison, so that a user without authority is prevented from override to perform service processing.
Fig. 4 is a schematic structural diagram of a service request response device according to an embodiment of the present invention, as shown in fig. 4, the device includes:
a request receiving module 401, configured to receive a service processing request from a terminal device;
an information acquisition module 402, configured to acquire hardware feature information, system feature information, and application feature information of a terminal device;
a fingerprint generating module 403, configured to generate a first device fingerprint of the terminal device according to the hardware feature information, the system feature information, and the application feature information of the terminal device;
the fingerprint matching module 404 is configured to determine request information of the service request, and match a second device fingerprint corresponding to the request information from the service fingerprint database;
the request response module 405 is configured to respond to a service processing request according to a comparison result of the first device fingerprint and the second device fingerprint.
Optionally, the hardware feature information includes: device model and/or resolution;
the system characteristic information includes at least one of: system version, default font size, and user agent information;
the application layer characteristic information includes at least one of: operator information, canvas drawing information, and image rendering information.
Optionally, the fingerprint generation module 403 is specifically configured to:
combining hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string;
encrypting the combined character string to generate a character string ciphertext;
and generating a first device fingerprint of the terminal device according to the character string ciphertext.
Optionally, the fingerprint generation module 403 is specifically configured to:
generating abstract information of the combined character string;
and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device.
Optionally, the request response module 405 is specifically configured to:
acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint;
decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string;
and responding to the service processing request by executing the step of responding to the comparison result of the first device fingerprint and the second device fingerprint in response to the fact that the summary information contained in the second device fingerprint is matched with the summary information of the combined character string.
Optionally, the request response module 405 is specifically configured to:
responding to the comparison result to represent that the first equipment fingerprint is matched with the second equipment fingerprint, and executing a processing flow corresponding to the service processing request;
and responding to the comparison result to represent that the first equipment fingerprint is not matched with the second equipment fingerprint, and sending prompt information of equipment fingerprint mismatch.
Optionally, the method further comprises:
a library construction module 406 for receiving a service registration request;
determining request equipment corresponding to a service registration request, and acquiring hardware characteristic information, system characteristic information and application characteristic information of the request equipment;
generating a device fingerprint of the requesting device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the requesting device;
generating a fingerprint record according to the device fingerprint of the requesting device and the request information of the service registration request, and inserting the fingerprint record into a service fingerprint library.
The embodiment of the invention provides electronic equipment, which comprises:
one or more processors;
storage means for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the methods of any of the embodiments described above.
The embodiment of the invention provides a computer program product, which comprises a computer program, wherein the computer program realizes the enterprise risk assessment method in the embodiment of the invention when being executed by a processor.
Referring now to FIG. 5, there is illustrated a schematic diagram of a computer system 500 suitable for use in implementing an embodiment of the present invention. The terminal device shown in fig. 5 is only an example, and should not impose any limitation on the functions and the scope of use of the embodiment of the present invention.
As shown in fig. 5, the computer system 500 includes a Central Processing Unit (CPU) 501, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 502 or a program loaded from a storage section 508 into a Random Access Memory (RAM) 503. In the RAM 503, various programs and data required for the operation of the system 500 are also stored. The CPU 501, ROM 502, and RAM 503 are connected to each other through a bus 504. An input/output (I/O) interface 505 is also connected to bus 504.
The following components are connected to the I/O interface 505: an input section 506 including a keyboard, a mouse, and the like; an output portion 507 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker, and the like; a storage portion 508 including a hard disk and the like; and a communication section 509 including a network interface card such as a LAN card, a modem, or the like. The communication section 509 performs communication processing via a network such as the internet. The drive 510 is also connected to the I/O interface 505 as needed. A removable medium 511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 510 as needed so that a computer program read therefrom is mounted into the storage section 508 as needed.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 509, and/or installed from the removable media 511. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 501.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules involved in the embodiments of the present invention may be implemented in software or in hardware. The described modules may also be provided in a processor, for example, as: the device comprises a request receiving module, an information acquisition module, a fingerprint generation module, a fingerprint matching module and a request response module. The names of these modules do not constitute a limitation on the module itself in some cases, and for example, the request receiving module may also be described as "a module that receives a service processing request from a terminal device".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include:
receiving a service processing request from a terminal device;
acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment;
generating a first device fingerprint of the terminal device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device;
determining request information of the service request, and matching second equipment fingerprints corresponding to the request information in a service fingerprint library;
and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
According to the technical scheme of the embodiment of the invention, the service fingerprint library is arranged in the system and can be used for storing device fingerprints in a white list, device fingerprints of terminal devices with access rights and the like. When a service processing request is received, terminal equipment of the service processing request is obtained, equipment fingerprints of the terminal equipment are generated, the generated equipment fingerprints are compared with the equipment fingerprints in a service fingerprint library, whether to respond to the service processing request is determined according to the comparison result, and the safety of the service processing process can be better ensured.
In addition, the device fingerprint of the terminal device is generated according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device. The characteristic information is a hidden identifier and can be obtained without user authorization. The scheme can not be changed due to the changes of the forbidden function and the privacy policy of manufacturers, and has higher stability and wider application range.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (15)
1. A service request response method, comprising:
receiving a service processing request from a terminal device;
acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment;
generating a first device fingerprint of the terminal device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal device;
determining request information of the service request, and matching second equipment fingerprints corresponding to the request information in a service fingerprint library;
and responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
2. The method of claim 1, wherein the hardware characteristic information comprises: device model and/or resolution;
the system characteristic information includes at least one of: system version, default font size, and user agent information;
the application layer characteristic information includes at least one of: operator information, canvas drawing information, and image rendering information.
3. The method of claim 1, wherein the generating the first device fingerprint of the terminal device according to the hardware feature information, the system feature information, and the application feature information of the terminal device comprises:
combining the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string;
encrypting the combined character string to generate a character string ciphertext;
and generating a first device fingerprint of the terminal device according to the character string ciphertext.
4. A method according to claim 3, wherein said generating a first device fingerprint of said terminal device from said string ciphertext comprises:
generating abstract information of the combined character string;
and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device.
5. The method of claim 1, wherein responding to the service processing request according to the comparison of the first device fingerprint and the second device fingerprint comprises:
acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint;
decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string;
and responding to the comparison result of the first equipment fingerprint and the second equipment fingerprint and responding to the service processing request, wherein the comparison result is executed according to the fact that the summary information contained in the second equipment fingerprint is matched with the summary information of the combined character string.
6. The method of claim 1, wherein responding to the service processing request according to the comparison of the first device fingerprint and the second device fingerprint comprises:
responding to the comparison result to represent that the first equipment fingerprint is matched with the second equipment fingerprint, and executing a processing flow corresponding to the service processing request;
and responding to the comparison result to represent that the first equipment fingerprint is not matched with the second equipment fingerprint, and sending prompt information of equipment fingerprint mismatch.
7. The method of claim 1, wherein prior to receiving the service request from the terminal device, further comprising:
receiving a service registration request;
determining request equipment corresponding to the service registration request, and acquiring hardware feature information, system feature information and application feature information of the request equipment;
generating a device fingerprint of the request device according to the hardware characteristic information, the system characteristic information and the application characteristic information of the request device;
generating a fingerprint record according to the equipment fingerprint of the request equipment and the request information of the service registration request, and inserting the fingerprint record into the service fingerprint library.
8. A service request response device, comprising:
the request receiving module is used for receiving a service processing request from the terminal equipment;
the information acquisition module is used for acquiring hardware characteristic information, system characteristic information and application characteristic information of the terminal equipment;
the fingerprint generation module is used for generating a first equipment fingerprint of the terminal equipment according to the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment;
the fingerprint matching module is used for determining the request information of the service request and matching the second equipment fingerprint corresponding to the request information from a service fingerprint library;
and the request response module is used for responding to the service processing request according to the comparison result of the first equipment fingerprint and the second equipment fingerprint.
9. The apparatus of claim 8, wherein the hardware characteristic information comprises: device model and/or resolution;
the system characteristic information includes at least one of: system version, default font size, and user agent information;
the application layer characteristic information includes at least one of: operator information, canvas drawing information, and image rendering information.
10. The apparatus of claim 8, wherein the fingerprint generation module is specifically configured to:
combining the hardware characteristic information, the system characteristic information and the application characteristic information of the terminal equipment according to a preset sequence to generate a combined character string;
encrypting the combined character string to generate a character string ciphertext;
and generating a first device fingerprint of the terminal device according to the character string ciphertext.
11. The apparatus of claim 10, wherein the fingerprint generation module is specifically configured to:
generating abstract information of the combined character string;
and combining the character string ciphertext and the abstract information to generate a first device fingerprint of the terminal device.
12. The apparatus of claim 10, wherein the request response module is specifically configured to:
acquiring a character string ciphertext and abstract information contained in the second equipment fingerprint;
decrypting the character string ciphertext to generate a combined character string and generating abstract information of the combined character string;
and responding to the comparison result of the first equipment fingerprint and the second equipment fingerprint and responding to the service processing request, wherein the comparison result is executed according to the fact that the summary information contained in the second equipment fingerprint is matched with the summary information of the combined character string.
13. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs,
when executed by the one or more processors, causes the one or more processors to implement the method of any of claims 1-7.
14. A computer readable medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the method according to any of claims 1-7.
15. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310034527.5A CN116112240A (en) | 2023-01-10 | 2023-01-10 | Service request response method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310034527.5A CN116112240A (en) | 2023-01-10 | 2023-01-10 | Service request response method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116112240A true CN116112240A (en) | 2023-05-12 |
Family
ID=86265054
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310034527.5A Pending CN116112240A (en) | 2023-01-10 | 2023-01-10 | Service request response method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116112240A (en) |
-
2023
- 2023-01-10 CN CN202310034527.5A patent/CN116112240A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN114726643B (en) | Data storage and access methods and devices on cloud platform | |
| US20190364038A1 (en) | Digital Identification Document | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| US10692167B2 (en) | System and method for digitally watermarking digital facial portraits | |
| CN110636043A (en) | File authorization access method, device and system based on block chain | |
| US11184174B2 (en) | System and method for decentralized digital structured data storage, management, and authentication using blockchain | |
| WO2023009969A1 (en) | Non-fungible token authentication | |
| CN112801663B (en) | Blockchain certification method, device, system, equipment and medium | |
| CN109743161B (en) | Information encryption method, electronic device and computer readable medium | |
| CN112131316A (en) | Data processing method and device applied to block chain system | |
| CN116881881B (en) | Data export method, device, electronic equipment and computer readable medium | |
| CN109635558B (en) | Access control method, device and system | |
| CN110890979B (en) | Automatic deployment method, device, equipment and medium for fort machine | |
| CN114584324B (en) | Identity authorization method and system based on block chain | |
| CN112100178A (en) | Delegation authorization verification method and system | |
| CN113254986B (en) | Data processing method, device and computer readable storage medium | |
| US10007844B2 (en) | System and method for digitally watermarking digital facial portraits | |
| CN111311179A (en) | Object processing method and device, electronic equipment and computer readable storage medium | |
| CN113505348B (en) | Watermark embedding method, watermark verifying method and watermark embedding device for data | |
| CN116112240A (en) | Service request response method and device | |
| CN113177214A (en) | Image publishing and auditing method, related device and computer program product | |
| CN113111360A (en) | File processing method | |
| CN110619236A (en) | File authorization access method, device and system based on file credential information | |
| CN118034629B (en) | LED display screen splicing optimization method and device, electronic equipment and medium | |
| CN116975829A (en) | Asset confidentiality method, system, terminal and storage medium based on fingerprint authentication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |