WO2016008349A1 - 一种获取本地信息的方法、装置及系统 - Google Patents
一种获取本地信息的方法、装置及系统 Download PDFInfo
- Publication number
- WO2016008349A1 WO2016008349A1 PCT/CN2015/081678 CN2015081678W WO2016008349A1 WO 2016008349 A1 WO2016008349 A1 WO 2016008349A1 CN 2015081678 W CN2015081678 W CN 2015081678W WO 2016008349 A1 WO2016008349 A1 WO 2016008349A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- acquisition request
- information acquisition
- information
- local
- random number
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/34—Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/957—Browsing optimisation, e.g. caching or content distillation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4015—Transaction verification using location information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/0246—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols
- H04L41/0253—Exchanging or transporting network management information using the Internet; Embedding network management web servers in network elements; Web-services-based protocols using browsers or web-pages for accessing management information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
Definitions
- the present application relates to the field of computer technologies, and in particular, to a method, device, and system for acquiring local information.
- a web application is an application in which a user interface resides in a browser, such as an online web application such as online banking or online payment.
- the network device When using certain web applications, the network device needs to obtain local information of the terminal. For example, when a user implements an online banking or online payment related operation through a terminal, in order to ensure information security, the network device needs to obtain local information of the terminal to complete the entire operation process. For example, in the process of logging in to the Alipay page, the terminal can obtain the local information of the terminal itself and submit it to the network device through a script in the browser.
- the local information may be a verification result or the like of a local digital certificate for confirming the reliability of the terminal.
- the browser cannot directly obtain the local information of the terminal it is in. Therefore, in the prior art, local information is generally acquired through a browser plug-in technology.
- the user needs to pre-install a plug-in for verifying the digital certificate locally at the prompt of the browser. Then, the terminal directly calls the plug-in through a script in the browser, and obtains a verification result of the digital certificate through the plug-in, and finally submits the verification result to the network device.
- the embodiment of the present invention provides a method and a device for acquiring local information, which are used to solve the problem that the browser is unstable due to the local information obtained by the browser plug-in technology, and the problem that the website is difficult to maintain.
- the method for obtaining local information includes:
- a first information acquisition request sending module configured to send a first information obtaining request to the network device by using a script in the browser, where the first information obtaining request is used to instruct the local application tool to obtain the local information
- a random number monitoring module configured to monitor, by the local application tool, a random number corresponding to the first information acquisition request returned by the network device;
- a first information acquisition request acquisition module configured to acquire, by using the local application tool, a first information acquisition request corresponding to the random number saved in the network device, where the random number and the first information acquisition request are Corresponding relationship is established and saved by the network device;
- a local information obtaining module configured to acquire local information corresponding to the first information obtaining request by using the local application tool
- a local information sending module configured to send the local information to the network device by using the local application tool.
- the first information acquisition request receiving module is configured to receive a first information acquisition request sent by the terminal by using a script in the browser, where the first information acquisition request is used to instruct the local application tool of the terminal to obtain local information;
- a random number determining module configured to determine a random number corresponding to the first information obtaining request
- a random number sending module configured to return the random number to the terminal
- a storage module configured to save a random number corresponding to the first information obtaining request
- a second information acquisition request receiving module configured to receive a second information acquisition request sent by the terminal by using the local application tool
- a first information acquisition request sending module configured to return, to the terminal, a first information acquisition request corresponding to the random number carried in the second information acquisition request;
- the local information receiving module is configured to receive local information that is obtained by the terminal by using the local application tool and corresponding to the received first information acquiring request.
- a terminal configured to send, by using a script in a browser, a first information acquisition request to the network device, where the first information acquisition request is used to instruct the local application tool to obtain local information, and the local application tool is used to monitor the returned by the network device.
- Acquiring a random number corresponding to the first information acquisition request acquiring, by the local application tool, a first information acquisition request corresponding to the random number saved in the network device; and acquiring, by the local application tool, the first information acquisition request Acquiring local information corresponding to the request, and sending the local information to the network device;
- a network device configured to receive a first information acquisition request sent by the terminal, determine and save a random number corresponding to the first information acquisition request, return the random number to the terminal, and receive the terminal by using the local application tool Sending a second information acquisition request; returning, to the terminal, a first information acquisition request corresponding to the random number carried in the second information acquisition request; and receiving local information sent by the terminal.
- the local application tool of the terminal monitors the random number corresponding to the first information acquisition request received by the network device, and obtains the first information acquisition request corresponding to the random number saved by the network device, and acquires the first The local information corresponding to the information acquisition request, and the local information is submitted to the network device for use by other devices. Since there is no need for any interface for information interaction between the local application and the browser, there is no compatibility issue between the browser and the local application tool, which can effectively avoid compatibility when obtaining local information through the browser plug-in technology. Sexuality causes browser instability, which can also effectively reduce the difficulty of website maintenance.
- FIG. 1 is a schematic flowchart of a method for obtaining local information according to an embodiment of the present application
- FIG. 2 is a second schematic flowchart of a method for obtaining local information according to an embodiment of the present application
- FIG. 3 is a third schematic flowchart of a method for obtaining local information according to an embodiment of the present disclosure
- FIG. 4 is a schematic structural diagram of an apparatus for acquiring local information according to an embodiment of the present application.
- FIG. 5 is a second structural schematic diagram of an apparatus for acquiring local information according to an embodiment of the present application.
- FIG. 6 is a schematic structural diagram of a system for acquiring local information according to an embodiment of the present application.
- the browser of the terminal cannot directly obtain the local information of the terminal where the terminal is located, and if the browser directly calls the plug-in to obtain local information, the browser and the plug-in are required to have high compatibility. Therefore, on the premise that the browser does not directly obtain the local information, the application terminal sends a request for acquiring local information to the network device through a script in the browser, and obtains the acquisition request from the network device through the local application tool. Then, the local information is obtained according to the obtaining request, and finally the local information is provided to the network device.
- the browser does not directly obtain local information, ensures information security, and does not directly interact with the local application tool, and does not need to be compatible with the local application tool, thereby effectively preventing the browser from being incompatible with the plug-in and causing the browser to be unstable.
- the problem can also effectively avoid the difficulty of maintaining the website.
- a method for obtaining local information includes:
- the terminal sends a first information acquisition request to the network device by using a script in the browser, where the first information acquisition request is used to instruct the local application tool to obtain the local information.
- the script described in the embodiment of the present application is a script that the browser can parse and execute.
- the script includes but is not limited to a JavaScript script, which is referred to as a JS script.
- the local information described in this application includes, but is not limited to, the verification result of the digital certificate of the local user, the local device identification information, and the system application interface information (for example, the system application ( Application, App) interface information, local file system information, etc.
- the server ie, the network device
- the terminal ie, the network device
- the result is local information
- the local application tool may be an executable program capable of verifying a local digital certificate and providing a verification result.
- the executable program may be stored in a storage medium of the terminal itself (for example, a hard disk of the terminal) or in an external storage medium (for example, a mobile hard disk connected to the terminal) connected to the terminal.
- the step of the terminal sending the first information acquisition request to the network device by using the script in the browser may be triggered by the step of the terminal sending a service request to the network device.
- it may also be sent simultaneously with the service request (for example, the first information acquisition request and the service request are integrated into one request message and sent to the network device).
- the terminal needs to send a login request to the server of the payment application through a browser (the login request is a service request), so that the browser triggers The step of sending a first information acquisition request to the server through the JS script.
- the first information obtaining request is used to indicate that the local application tool of the terminal acquires the verification result of the local digital certificate of the terminal.
- the JS script may be returned to the browser and installed in the browser when the server receives the login request. Of course, it can also be pre-configured in the browser.
- the terminal monitors, by using the local application tool, a random number corresponding to the first information acquisition request returned by the network device.
- the random number in the embodiment of the present application is a plain number of the plaintext, that is, the random number is a non-encrypted random number, so that the local application tool can directly read the random number after listening to the random number.
- the network device may generate a random number as the random number corresponding to the first information acquisition request, and return it to the terminal.
- the terminal receives the random number
- the local application tool in the terminal can listen to the random number returned by the network device.
- the network device itself also needs to save the generated correspondence between the random number and the first information acquisition request.
- the terminal and the network device exchange information based on Hypertext Transfer Protocol Secure HTTPs (HTTPS), wherein the HTTPS protocol is Hypertext Transfer Protocol (HTTP) and A combination of the Secure Sockets Layer (SSL) protocol, that is, each time the terminal sends a message acquisition request to the network device through the JS script in the browser, the terminal performs a secure connection process with the network device based on the SSL protocol. After the secure connection process is completed, the network device receives the information acquisition request based on the secure channel established by the secure connection process.
- HTTPS Hypertext Transfer Protocol Secure HTTPs
- SSL Secure Sockets Layer
- the terminal and the network device respectively generate a random number and provide it to the other party, and the random number exchanged between the terminal and the network device in the secure connection process is a random number of plaintext. Therefore, in the embodiment of the present application, after receiving the first information acquisition request sent by the terminal through the JS script in the browser, the network device does not need to generate a random number and return it specifically for the first information acquisition request, and can directly use the network device.
- the random number generated by the network device itself during the secure connection process is established, and the corresponding relationship between the random number and the subsequently received first information acquisition request is established and saved.
- the local application tool of the terminal Since the network device has already returned the random number to the terminal during the secure connection process, the local application tool of the terminal has also monitored the random number, and therefore, the network device establishes and stores the random generated during the secure connection process. After the corresponding relationship between the number and the subsequent received first information acquisition request, the random number is not required to be returned to the terminal again, so as to avoid the problem that the network device repeatedly generates and returns a random number and wastes resources. After the local application tool in the terminal monitors the random number in the secure connection process, the second information acquisition request carrying the random number is periodically sent to the network device to obtain the first information corresponding to the random number. request.
- the local application tool in the terminal monitors the secure connection process and the network device When the random number is returned, it can be monitored by means of information filtering and copying to avoid affecting the key negotiation process.
- the local application tool may perform the interaction information between the terminal and the network device at the driver layer by setting the SSL protocol of the driver layer in advance. Filtering, reading the random number returned by the network device during the key negotiation process between the terminal and the network device, thereby quickly and efficiently obtaining the random number returned by the network device.
- the random number monitored by the terminal by the local application tool uniquely corresponds to the first information acquisition request, that is, the random number of the network device returned to the terminal is required to be unique, so as to prevent the terminal from being provided to the network device.
- the local information is not accurate.
- the present application can ensure that the random number generated each time is unique by setting a random number generation algorithm used by the network device for the SSL protocol key negotiation process.
- the SSL session cache instruction and the connection keepalive instruction may be closed after the terminal sends the first information acquisition request to the network device through the script in the browser, to avoid being saved in the session cache.
- the random number is repeatedly used by the network device during the secure connection with the terminal, thereby ensuring that the random number returned by the network device to the terminal is unique.
- the terminal acquires, by using the local application tool, a first information acquiring request corresponding to the random number stored in the network device, where a correspondence between the random number and the first information acquiring request is The network device is created and saved.
- the terminal may actively obtain the first information acquisition request corresponding to the random number stored in the network device, or may passively acquire the first information acquisition request corresponding to the random number sent by the network device.
- the terminal may send a second information acquisition request carrying the monitored random number to the network device by using the local application tool, and the network device returns the random number carried in the second information acquisition request to the terminal and the The first information acquisition request corresponding to the random number.
- the terminal can passively receive the response message carrying the first information acquisition request and the random number provided by the network device by using the local application tool, and after receiving the response message, the local application tool can verify the random number carried in the response message and itself. Whether the monitored random numbers are consistent. If they are consistent, the local information may be obtained through the subsequent step S104. If the information is inconsistent, the response information may be discarded.
- the terminal acquires local information corresponding to the first information acquisition request by using the local application tool, and sends the local information to the network device.
- the first information acquisition request is an acquisition request for obtaining a verification result of the local digital certificate.
- the local application tool may verify the local digital certificate according to the first information acquisition request, and then send the verification result of the local digital certificate to the network device.
- the step of the terminal sending the first information acquisition request is triggered when the terminal sends a login request to the network device to log in to the page of the payment application.
- the login request sent by the terminal may be processed correspondingly, that is, if the verification result is that the verification is successful, the login request of the terminal is allowed, and the terminal is allowed to log in to the interface of the payment application. If the verification result is that the verification fails, the terminal is rejected. Login request.
- the terminal does not directly obtain the local information through the script in the browser, but obtains the local information through the local application tool, thereby ensuring the security of the information interaction under the HTTPS protocol.
- the browser does not directly invoke the local application tool to obtain the local information, but sends a first information acquisition request to the network device through the script, and the local application tool obtains the first information acquisition request from the network device, and according to the The first information acquisition request acquires local information. Therefore, the local application tool does not need to provide any browser-compatible interface, and there is no compatibility problem between the two, so that the browser does not directly call the plug-in process, and the browser and the plug-in do not. Compatible problems that cause browser instability can further avoid the difficulty of maintaining website maintenance in order to ensure compatibility between different types of browsers or different versions of browsers and native application tools.
- the network device provides the first information acquisition request to the local application tool of the terminal.
- the network device provides the first information acquisition request to the terminal.
- the first information acquisition request may be encrypted, and the encrypted first information acquisition request is provided to the local application tool of the terminal.
- the network device receives the second information acquisition request sent by the local application tool of the terminal.
- the first information acquisition request corresponding to the random number carried in the second information acquisition request may be encrypted, and then the encrypted first information acquisition request is returned to the local application tool of the terminal.
- the local application tool of the terminal may perform decryption processing on the first information acquisition request, and then obtain local information according to the decrypted first information acquisition request. Send local information to the network device.
- another method for obtaining local information includes:
- the network device receives a first information acquisition request sent by the terminal by using a script in the browser, where the first information acquisition request is used to instruct the local application tool of the terminal to obtain local information.
- the network device determines and saves a random number corresponding to the first information acquisition request.
- the network device may generate a random number corresponding to the first information acquisition request, and save a correspondence between the first information acquisition request and the random number, or directly use the The random number generated in the process of performing the secure connection with the terminal before the first information acquisition request is received, and the random number is determined as the random number corresponding to the first information acquisition request, and details are not described herein again.
- the local application tool of the terminal can listen to the random number, and send a second information acquisition request for acquiring the first information acquisition request to the network device.
- step 203 may be omitted, that is, the network device has already used the random number in the secure connection process. It is sent to the terminal, so the network device does not need to send the random number again after receiving the first information acquisition request.
- the network device receives a second information acquisition request sent by the terminal by using the local application tool, where the second information acquisition request carries a random number monitored by the local application tool.
- the network device returns, to the terminal, a first information acquisition request corresponding to the random number carried in the second information acquisition request.
- the process is a process in which the terminal actively obtains the first information acquisition request from the network device.
- the terminal may periodically send the second information acquisition request carrying the random number to the network device by using the local application tool, and the network device may find, by each time the second information acquisition request is received, whether the second information is saved by the network device.
- the first information acquisition request corresponding to the random number carried in the request is obtained, and if found, the first information acquisition request is directly returned, and if not found, the second information acquisition request may be directly discarded.
- the network device can directly return the response message carrying the random number and the first information acquisition request to the terminal after performing the step S203, and the terminal passively receives the response message sent by the network device, and details are not described herein again.
- the network device receives local information that is obtained by the terminal by using the local application tool and that is corresponding to the received first information acquisition request.
- the terminal can obtain the local information according to the first information acquisition request by the local application tool, and send the local information to the network device.
- the network device may include a gateway and a server, and the step of generating a random number may be performed by the gateway, and the correspondence between the establishment of the random number and the first information acquisition request may be The gateway is executed by the server, and the correspondence between the random number and the first information acquisition request is saved in the server for the local application tool of the terminal to obtain.
- the server may further include a service server and a secure channel server, and the correspondence between the random number and the first information acquisition request may be saved by the secure channel server to ensure the security of the first information acquisition request.
- the following takes the network device including the gateway, the secure channel server, and the service server as an example to describe in detail the process of logging in the page of the payment application.
- the method for obtaining local information includes the following steps:
- Step a1 The terminal sends a login request to the service server through the browser.
- Step a2 The service server returns a script to the terminal.
- the script may be a JS script.
- step a3 the terminal installs the received script in the browser, and sends a first information acquisition request to the gateway through a script installed in the browser.
- the terminal can generate the first information acquisition request and send it to the gateway by executing a script installed in the browser.
- Step a4 The gateway initiates a secure connection to the terminal, and sends a random number generated during the secure connection process to the terminal.
- Step a5 The gateway establishes a correspondence between the random number and the received first information acquisition request, and transparently transmits the random number, the first information acquisition request, and the corresponding relationship to the secure channel server for storage.
- step a6 the terminal listens to the random number received by the terminal from the gateway through the local application tool.
- step a7 the terminal sends a second information acquisition request carrying the random number it listens to to the secure channel server through the local application tool.
- Step a8 The secure channel server queries the first information acquisition request corresponding to the random number carried in the second information acquisition request, and returns the first information acquisition request that is queried to the terminal.
- Step a9 The terminal verifies the local digital certificate by using a local application tool according to the received first information acquisition request, and returns the verification result to the secure channel server.
- step a10 the secure channel server saves the verification result for the service server to query.
- the login request sent by the terminal may be processed according to the verification result, that is, if the verification result is successful, the terminal is allowed to log in.
- the request allows the terminal to log in to the interface of the payment application, and if the verification result is that the verification fails, the terminal's login request is rejected.
- the embodiment of the present application further provides an apparatus and system for acquiring local information, as shown in FIG. 4, FIG. 5, and FIG.
- an apparatus for obtaining local information includes:
- the first information acquisition request sending module 11 is configured to send a first information acquisition request to the network device by using a script in the browser, where the first information acquisition request is used to instruct the local application tool to obtain the local information;
- the random number monitoring module 12 is configured to monitor, by the local application tool, a random number corresponding to the first information acquisition request returned by the network device;
- the first information acquisition request obtaining module 13 is configured to acquire, by using the local application tool, a first information acquisition request corresponding to the random number stored in the network device, where the random number and the first information are obtained.
- the corresponding relationship of the request is established and saved by the network device;
- the local information obtaining module 14 is configured to acquire local information corresponding to the first information obtaining request by using the local application tool;
- the local information sending module 15 is configured to send the local information to the network device by using the local application tool.
- the random number monitoring module 12, the first information acquisition request obtaining module 13, the local information obtaining module 14, and the local information sending module 15 in the embodiment of the present application may be disposed in the local application tool.
- the apparatus shown in FIG. 4 further includes: a decryption module 16 configured to: before the local information acquisition module acquires local information corresponding to the first information acquisition request by using the local application tool, The first information acquisition request acquired by the information acquisition request acquisition module performs decryption processing.
- the script may be, but not limited to, a JavaScript script.
- another apparatus for obtaining local information includes:
- the first information acquisition request receiving module 21 is configured to receive a first information acquisition request sent by the terminal by using a script in the browser, where the first information acquisition request is used to instruct the local application tool of the terminal to acquire local information;
- the random number determining module 22 is configured to determine a random number corresponding to the first information obtaining request
- a random number sending module 23 configured to return the random number to the terminal
- the storage module 24 is configured to save the random number corresponding to the first information obtaining request determined by the random number determining module 22, that is, the first information obtaining request, the random number, and the correspondence between the first information acquiring request and the random number;
- the second information acquisition request receiving module 25 is configured to receive a second information acquisition request sent by the terminal by using the local application tool;
- the first information acquisition request sending module 26 is configured to return, to the terminal, a first information acquisition request corresponding to the random number carried in the second information acquisition request;
- the local information receiving module 27 is configured to receive local information that is obtained by the terminal by using the local application tool and corresponding to the received first information acquiring request.
- the storage module 24 is further configured to store local information received by the local information receiving module 27.
- the second information acquisition request receiving module 25, the first information acquisition request sending module 26 and the local information receiving module 27 are disposed in the secure channel server.
- the apparatus shown in FIG. 5 further includes: an encryption module 28, configured to return the second information acquisition request to the terminal at the first information acquisition request sending module 26
- the first information acquisition request corresponding to the random number carried in the second information acquisition request is subjected to encryption processing before the first information acquisition request corresponding to the random number carried in the second information acquisition request.
- a system for obtaining local information includes:
- the terminal 100 is configured to send a first information acquisition request to the network device by using a script in the browser 101, where the first information acquisition request is used to instruct the local application tool to acquire local information, and the local application tool 102 listens to the network.
- the first information acquires local information corresponding to the request, and sends the local information to the network device;
- the network device 200 is configured to receive the first information acquisition request, generate a random number, and The random number is sent to the terminal; the process can be performed by the gateway 201 in the network device 200.
- the method further includes: establishing and storing a correspondence between the random number and the first information acquisition request; receiving a second information acquisition request sent by the terminal by using the local application tool; and returning, to the terminal, the second information acquisition request a first information acquisition request corresponding to the random number; and receiving local information returned by the terminal.
- This process can be performed by the secure channel server 202 connected to the gateway 201.
- the browser of the terminal cannot directly obtain the local information of the terminal where the terminal is located, and if the browser directly calls the plug-in to obtain local information, the browser and the plug-in are required to be higher. Compatibility. Therefore, on the premise that the browser does not directly obtain the local information, the application terminal sends a request for acquiring local information to the network device through a script in the browser, and obtains the acquisition request from the network device through the local application tool. Then, the local information is obtained according to the obtaining request, and finally the local information is provided to the network device.
- the browser does not directly obtain local information, ensures information security, and does not directly interact with the local application tool, and does not need to be compatible with the local application tool, thereby effectively preventing the browser from being incompatible with the plug-in and causing the browser to be unstable.
- the problem can also effectively reduce the difficulty of website maintenance.
- embodiments of the present application can be provided as a method, system, or computer program product.
- the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
- the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Computer Security & Cryptography (AREA)
- Accounting & Taxation (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
Claims (11)
- 一种获取本地信息的方法,其特征在于,包括:通过浏览器中的脚本向网络设备发送第一信息获取请求,其中,所述第一信息获取请求用于指示本地应用工具获取本地信息;通过所述本地应用工具监听网络设备返回的所述第一信息获取请求对应的随机数;通过所述本地应用工具获取所述网络设备中保存的所述随机数对应的第一信息获取请求;其中,所述随机数与所述第一信息获取请求的对应关系是由所述网络设备建立并保存的;通过所述本地应用工具获取与所述第一信息获取请求对应的本地信息,并将所述本地信息发送给所述网络设备。
- 如权利要求1所述的方法,其特征在于,通过所述本地应用工具获取的所述第一信息获取请求为加密后的第一信息获取请求;通过所述本地应用工具获取与所述第一信息获取请求对应的本地信息之前,还包括:通过所述本地应用工具对所述第一信息获取请求进行解密处理。
- 如权利要求1所述的方法,其特征在于,所述脚本包括JavaScript脚本。
- 一种获取本地信息的方法,其特征在于,包括:接收终端通过浏览器中的脚本发送的第一信息获取请求,其中,所述第一信息获取请求用于指示终端的本地应用工具获取本地信息;确定并保存所述第一信息获取请求对应的随机数;将所述随机数返回所述终端;接收终端通过所述本地应用工具发送的第二信息获取请求;向终端返回所述第二信息获取请求中携带的随机数对应的第一信息获取请求;接收终端通过所述本地应用工具获取的与接收到的所述第一信息获取请求对应的本地信息。
- 如权利要求4所述的方法,其特征在于,向终端返回所述第二信息获取请求中携带的随机数对应的第一信息获取请求之前,还包括:对所述第二信息获取请求中携带的随机数对应的第一信息获取请求进行加密处理。
- 一种获取本地信息的装置,其特征在于,包括:第一信息获取请求发送模块,用于通过浏览器中的脚本向网络设备发送第一信息获取请求,其中,所述第一信息获取请求用于指示本地应用工具获取本地信息;随机数监听模块,用于通过所述本地应用工具监听网络设备返回的所述第一信息获取请求对应的随机数;第一信息获取请求获取模块,用于通过所述本地应用工具获取所述网络设备中保存的所述随机数对应的第一信息获取请求;其中,所述随机数与所述第一信息获取请求的对应关系是由所述网络设备建立并保存的;本地信息获取模块,用于通过所述本地应用工具获取与所述第一信息获取请求对应的本地信息;本地信息发送模块,用于通过所述本地应用工具将所述本地信息发送给所述网络设备。
- 根据权利要求6所述的装置,其特征在于,所述第一信息获取请求获取模块通过所述本地应用工具获取的所述第一信息获取请求为加密后的第一信息获取请求;所述装置还包括:解密模块,用于在所述本地信息获取模块通过所述本地应用工具获取与所述第一信息获取请求对应的本地信息之前,对所述第一信息获取请求获取模块获取的第一信息获取请求进行解密处理。
- 根据权利要求6所述的装置,其特征在于,所述脚本包括JavaScript 脚本。
- 一种获取本地信息的装置,其特征在于,包括:第一信息获取请求接收模块,用于接收终端通过浏览器中的脚本发送的第一信息获取请求,其中,所述第一信息获取请求用于指示终端的本地应用工具获取本地信息;随机数确定模块,用于确定所述第一信息获取请求对应的随机数;随机数发送模块,用于将所述随机数返回所述终端;存储模块,用于保存所述第一信息获取请求对应的随机数;第二信息获取请求接收模块,用于接收终端通过所述本地应用工具发送的第二信息获取请求;第一信息获取请求发送模块,用于向终端返回所述第二信息获取请求中携带的随机数对应的第一信息获取请求;本地信息接收模块,用于接收终端通过所述本地应用工具获取的与接收到的所述第一信息获取请求对应的本地信息。
- 根据权利要求9所述的装置,其特征在于,所述装置还包括:加密模块,用于在所述第一信息获取请求发送模块向终端返回所述第二信息获取请求中携带的随机数对应的第一信息获取请求之前,对所述第二信息获取请求中携带的随机数对应的第一信息获取请求进行加密处理。
- 一种获取本地信息的系统,其特征在于,包括:终端,用于通过浏览器中的脚本向网络设备发送第一信息获取请求,其中,所述第一信息获取请求用于指示本地应用工具获取本地信息;通过所述本地应用工具监听网络设备返回的所述第一信息获取请求对应的随机数;通过所述本地应用工具获取所述网络设备中保存的所述随机数对应的第一信息获取请求;以及通过所述本地应用工具获取与所述第一信息获取请求对应的本地信息,并将所述本地信息发送给所述网络设备;网络设备,用于接收所述终端发送的第一信息获取请求;确定并保存所述 第一信息获取请求对应的随机数;将所述随机数返回所述终端;接收终端通过所述本地应用工具发送的第二信息获取请求;向终端返回所述第二信息获取请求中携带的随机数对应的第一信息获取请求;以及接收所述终端发送的本地信息。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/325,588 US11240210B2 (en) | 2014-07-17 | 2015-06-17 | Methods, apparatuses, and systems for acquiring local information |
JP2017501640A JP6527576B2 (ja) | 2014-07-17 | 2015-06-17 | ローカル情報を取得するための方法、機器、及びシステム |
EP15822323.0A EP3171543B1 (en) | 2014-07-17 | 2015-06-17 | Local information acquisition method, apparatus and system |
KR1020177004240A KR102121399B1 (ko) | 2014-07-17 | 2015-06-17 | 로컬 정보 취득 방법, 장치 및 시스템 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410342583.6 | 2014-07-17 | ||
CN201410342583.6A CN105262605B (zh) | 2014-07-17 | 2014-07-17 | 一种获取本地信息的方法、装置及系统 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016008349A1 true WO2016008349A1 (zh) | 2016-01-21 |
Family
ID=55077899
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2015/081678 WO2016008349A1 (zh) | 2014-07-17 | 2015-06-17 | 一种获取本地信息的方法、装置及系统 |
Country Status (7)
Country | Link |
---|---|
US (1) | US11240210B2 (zh) |
EP (1) | EP3171543B1 (zh) |
JP (1) | JP6527576B2 (zh) |
KR (1) | KR102121399B1 (zh) |
CN (1) | CN105262605B (zh) |
HK (1) | HK1215828A1 (zh) |
WO (1) | WO2016008349A1 (zh) |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111131358B (zh) * | 2018-10-31 | 2021-10-22 | 比亚迪股份有限公司 | 信息获取方法、装置、系统、可读存储介质及电子设备 |
CN109660331A (zh) * | 2018-12-31 | 2019-04-19 | 北京广成同泰科技有限公司 | 开放式的互联网程序白名单策略服务系统、方法及终端 |
US11539755B1 (en) * | 2021-03-22 | 2022-12-27 | Trend Micro Incorporated | Decryption of encrypted network traffic using an inline network traffic monitor |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US20070300292A1 (en) * | 2006-06-21 | 2007-12-27 | Ebay Inc. | Computer system authentication using security indicator |
CN101541002A (zh) * | 2008-03-21 | 2009-09-23 | 展讯通信(上海)有限公司 | 一种基于Web服务器的移动终端的软件许可证下载方法 |
CN103581145A (zh) * | 2012-08-06 | 2014-02-12 | 联想(北京)有限公司 | 一种电子设备及应用于电子设备的安全防护方法 |
Family Cites Families (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH11184818A (ja) | 1997-12-25 | 1999-07-09 | Ntt Data Corp | 認証システム及び方法、並びに同システムのためのクライアントマシン |
US7487130B2 (en) * | 2000-11-07 | 2009-02-03 | Grdn. Net Solutions, Llc | Consumer-controlled limited and constrained access to a centrally stored information account |
US20080281969A1 (en) | 2000-12-15 | 2008-11-13 | Horton John C | Controlling access to versions of application software by a server, based on site ID |
CN1784673A (zh) * | 2003-03-14 | 2006-06-07 | 汤姆森特许公司 | 用于嵌入平台的、基于安全网络浏览器的系统管理 |
CN1271485C (zh) | 2004-01-08 | 2006-08-23 | 中国工商银行股份有限公司 | 对网上银行数据进行加密、认证方法 |
US7752448B1 (en) | 2004-02-17 | 2010-07-06 | The Weather Channel, Inc. | Domain-based application functionality |
US20060173981A1 (en) * | 2004-03-11 | 2006-08-03 | Junbiao Zhang | Secure web browser based system administration for embedded platforms |
CN1787513A (zh) | 2004-12-07 | 2006-06-14 | 上海鼎安信息技术有限公司 | 安全远程访问系统和方法 |
US8327142B2 (en) * | 2006-09-27 | 2012-12-04 | Secureauth Corporation | System and method for facilitating secure online transactions |
US9055107B2 (en) * | 2006-12-01 | 2015-06-09 | Microsoft Technology Licensing, Llc | Authentication delegation based on re-verification of cryptographic evidence |
WO2008096396A1 (ja) * | 2007-02-02 | 2008-08-14 | Panasonic Corporation | 無線通信装置および暗号鍵更新方法 |
JP5016678B2 (ja) * | 2007-10-19 | 2012-09-05 | 日本電信電話株式会社 | 利用者認証システム及びその方法 |
JP4733167B2 (ja) * | 2008-08-20 | 2011-07-27 | フェリカネットワークス株式会社 | 情報処理装置、情報処理方法、情報処理プログラムおよび情報処理システム |
CN101807998A (zh) * | 2009-02-13 | 2010-08-18 | 英飞凌科技股份有限公司 | 认证 |
CN101610157B (zh) | 2009-07-28 | 2012-09-05 | 江苏先安科技有限公司 | 一种Web表单中使用数字证书自动签名的系统和方法 |
DE102009036179A1 (de) * | 2009-08-05 | 2011-02-10 | Siemens Aktiengesellschaft | Verfahren zur Ausstellung eines digitalen Zertifikats durch eine Zertifizierungsstelle, Anordnung zur Durchführung des Verfahrens und Rechnersystem einer Zertifizierungsstelle |
CN101799821B (zh) | 2010-02-11 | 2013-01-02 | 北京易路联动技术有限公司 | 一种通过微件实现网页应用的方法及系统 |
KR101317342B1 (ko) * | 2010-08-27 | 2013-10-11 | 한국전자통신연구원 | 리소스 연동 모바일 단말, 모바일 단말 내 리소스 연동 방법 및 웹서버와 단말 간의 리소스 연동 방법 |
CN102118504B (zh) | 2011-02-28 | 2014-12-10 | 中兴通讯股份有限公司 | 移动终端浏览器调用本地应用的方法及装置 |
CN102819451B (zh) | 2011-06-09 | 2015-08-19 | 财付通支付科技有限公司 | 一种浏览器插件调用方法及系统 |
CN103179159B (zh) | 2011-12-22 | 2015-11-04 | 腾讯科技(深圳)有限公司 | 一种处理第三方应用的方法和终端浏览器 |
ES2644593T3 (es) * | 2012-06-29 | 2017-11-29 | Huawei Technologies Co., Ltd. | Método y dispositivo de autentificación de identidad |
US9077725B2 (en) * | 2012-08-27 | 2015-07-07 | Vmware, Inc. | Configuration profile validation on iOS based on root certificate validation |
EP3296891A3 (en) * | 2012-12-18 | 2018-07-04 | Huawei Technologies Co., Ltd. | Web application interaction method, apparatus, and system |
CN103067398A (zh) * | 2012-12-31 | 2013-04-24 | 北京百度网讯科技有限公司 | 一种用于实现第三方应用访问用户数据的方法和设备 |
US10404475B2 (en) * | 2015-01-22 | 2019-09-03 | Visa International Service Association | Method and system for establishing a secure communication tunnel |
US9787643B2 (en) * | 2015-01-30 | 2017-10-10 | Facebook, Inc. | Transport layer security latency mitigation |
CN107924437A (zh) * | 2015-06-17 | 2018-04-17 | 瑞典爱立信有限公司 | 用于使得能够实现凭证的安全供应的方法以及相关无线装置和服务器 |
-
2014
- 2014-07-17 CN CN201410342583.6A patent/CN105262605B/zh active Active
-
2015
- 2015-06-17 EP EP15822323.0A patent/EP3171543B1/en active Active
- 2015-06-17 JP JP2017501640A patent/JP6527576B2/ja active Active
- 2015-06-17 WO PCT/CN2015/081678 patent/WO2016008349A1/zh active Application Filing
- 2015-06-17 US US15/325,588 patent/US11240210B2/en active Active
- 2015-06-17 KR KR1020177004240A patent/KR102121399B1/ko active IP Right Grant
-
2016
- 2016-04-01 HK HK16103734.7A patent/HK1215828A1/zh unknown
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010045451A1 (en) * | 2000-02-28 | 2001-11-29 | Tan Warren Yung-Hang | Method and system for token-based authentication |
US20070300292A1 (en) * | 2006-06-21 | 2007-12-27 | Ebay Inc. | Computer system authentication using security indicator |
CN101541002A (zh) * | 2008-03-21 | 2009-09-23 | 展讯通信(上海)有限公司 | 一种基于Web服务器的移动终端的软件许可证下载方法 |
CN103581145A (zh) * | 2012-08-06 | 2014-02-12 | 联想(北京)有限公司 | 一种电子设备及应用于电子设备的安全防护方法 |
Also Published As
Publication number | Publication date |
---|---|
EP3171543A1 (en) | 2017-05-24 |
JP2017523702A (ja) | 2017-08-17 |
EP3171543B1 (en) | 2018-07-18 |
CN105262605B (zh) | 2018-09-25 |
JP6527576B2 (ja) | 2019-06-05 |
CN105262605A (zh) | 2016-01-20 |
US20170163610A1 (en) | 2017-06-08 |
KR20170051415A (ko) | 2017-05-11 |
EP3171543A4 (en) | 2017-06-14 |
US11240210B2 (en) | 2022-02-01 |
HK1215828A1 (zh) | 2016-09-15 |
KR102121399B1 (ko) | 2020-06-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10848310B2 (en) | Method and device for identifying user identity | |
US10721320B2 (en) | Redirection method, apparatus, and system | |
KR102375777B1 (ko) | 온보드 단말기를 위한 지불 인증 방법, 장치 및 시스템 | |
TWI688253B (zh) | 授權方法、請求授權的方法及裝置 | |
US10402797B2 (en) | Secured authentication and transaction authorization for mobile and internet-of-things devices | |
WO2017028804A1 (zh) | 一种Web实时通信平台鉴权接入方法及装置 | |
WO2016107333A1 (zh) | 一种在线激活移动终端令牌的设备和系统的工作方法 | |
WO2016201732A1 (zh) | 一种虚拟sim卡参数管理方法、移动终端及服务器 | |
JP2015526776A (ja) | 機器同士の間の通信セッション転送 | |
WO2019062666A1 (zh) | 一种实现安全访问内部网络的系统、方法和装置 | |
WO2020140407A1 (zh) | 基于云安全的云桌面登陆方法、装置、设备和存储介质 | |
CN103220259A (zh) | Oauth API的使用、调用方法、设备及系统 | |
CN106161475B (zh) | 用户鉴权的实现方法和装置 | |
WO2016045541A1 (zh) | 一种对中间人的存在进行辨识的方法及装置 | |
CN106936759A (zh) | 一种单点登录方法、服务器及客户端 | |
WO2016008349A1 (zh) | 一种获取本地信息的方法、装置及系统 | |
WO2018099407A1 (zh) | 账户认证登录方法及装置 | |
JP6240102B2 (ja) | 認証システム、認証鍵管理装置、認証鍵管理方法および認証鍵管理プログラム | |
JP6307610B2 (ja) | データ改竄検知装置、データ改竄検知方法、及びプログラム | |
WO2019184206A1 (zh) | 身份认证方法及装置 | |
JPWO2019234801A1 (ja) | サービス提供システム及びサービス提供方法 | |
US9826064B2 (en) | Securing sensitive data between a client and server using claim numbers | |
CN111555888B (zh) | 一种基于区块链的数据交互方法及装置 | |
WO2019036967A1 (zh) | 具有数据备份功能的装置和相关产品 | |
KR20100038730A (ko) | 컨텐츠 제공자에 제공되는 회원 정보의 보안을 강화한 인증방법 및 시스템 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15822323 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15325588 Country of ref document: US |
|
ENP | Entry into the national phase |
Ref document number: 2017501640 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20177004240 Country of ref document: KR Kind code of ref document: A |
|
REEP | Request for entry into the european phase |
Ref document number: 2015822323 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015822323 Country of ref document: EP |