WO2017066995A1 - Method and device for preventing unauthorized access to server - Google Patents

Method and device for preventing unauthorized access to server Download PDF

Info

Publication number
WO2017066995A1
WO2017066995A1 PCT/CN2015/092693 CN2015092693W WO2017066995A1 WO 2017066995 A1 WO2017066995 A1 WO 2017066995A1 CN 2015092693 W CN2015092693 W CN 2015092693W WO 2017066995 A1 WO2017066995 A1 WO 2017066995A1
Authority
WO
WIPO (PCT)
Prior art keywords
request
server
parameters
parameter
digital signature
Prior art date
Application number
PCT/CN2015/092693
Other languages
French (fr)
Chinese (zh)
Inventor
刘均
杨唐鹤
陈明
Original Assignee
深圳还是威健康科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳还是威健康科技有限公司 filed Critical 深圳还是威健康科技有限公司
Priority to CN201580002054.4A priority Critical patent/CN105765941A/en
Priority to PCT/CN2015/092693 priority patent/WO2017066995A1/en
Publication of WO2017066995A1 publication Critical patent/WO2017066995A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the present invention relates to the field of communications, and in particular, to a method and apparatus for preventing unauthorized access to a server.
  • the APP software is synthesized by a combination of a client and a server.
  • the client mainly refers to the smart terminal APP software
  • the server is mainly used to access the data of the APP interaction.
  • Now most of the interaction between the client and the server is implemented by means of http.
  • capture tools which can capture the request connection sent by the APP client and tamper with the parameter information in the request connection.
  • the server cannot identify whether the connection request is legal after tampering, and thus responds to the falsified request, causing others to obtain the information stored by the user in the server, causing leakage of personal information.
  • the technical problem to be solved by the embodiments of the present invention is to provide an illegal access server prevention method and device, which can identify whether a request is legal or not, and avoid leakage of user information.
  • the present invention provides a method for preventing unauthorized access to a server, including:
  • the smart terminal acquires the request parameter, where the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server, and the request parameter includes an interface that the smart terminal communicates with the server.
  • the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server, and the request parameter includes an interface that the smart terminal communicates with the server.
  • the intelligent terminal encrypts the request parameter to generate a first digital signature by using an MD5 algorithm.
  • a string is encapsulated into the first access request to send the first access request to the server;
  • the server receives a second access request with the first digital signature string, and decapsulates the request parameter from the second access request;
  • the server encrypts the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string
  • the server determines the first digital signature string and the Whether the second digital signature string is consistent. If yes, determining that the second access request is the first access request, the server allows the smart terminal to perform access.
  • the request parameter includes a plurality of parameters including parameters of an interface that the smart terminal communicates with the server, and the smart terminal encrypts the request parameter to generate a first number by using an MD5 algorithm.
  • the signature string includes:
  • a plurality of parameters of the request parameters are connected by a preset symbol.
  • the request parameter includes an application software identifier, a software version number, an international language code, and an interface parameter.
  • the plurality of parameters of the request parameter are further included
  • the multiple parameters of the request parameters are arranged in a preset order, including:
  • a plurality of parameters of the request parameters are arranged in alphabetical order.
  • An illegal access server preventing device comprising:
  • an obtaining unit configured to acquire a request parameter, where the request parameter is a parameter carried in a first access request that the smart terminal prepares to send to the server, where the request parameter includes the smart terminal and the server The parameters of the interface of the communication;
  • generating a packaging unit configured to encrypt the request parameter by using an MD5 algorithm to generate a first digital signature string, and the first digital signature
  • a sending unit configured to send the first access request to the server
  • a receiving unit configured to receive the first digital signature
  • a decapsulation generating unit configured to encrypt, by using the MD5 algorithm, a request parameter obtained by decapsulating the second access request to generate a second digital signature string
  • a determining unit configured to determine the first digital signature string and Whether the second digital signature string is consistent, and if yes, determining that the second access request is the first access request, and the server allows the smart terminal to perform access.
  • the request parameter includes a plurality of parameters including parameters of an interface that the smart terminal communicates with the server, and the generating and packaging unit is further configured to:
  • a plurality of parameters of the request parameters are connected by a preset symbol.
  • the request parameter includes an application software identifier, a software version number, an international language code, and an interface parameter.
  • the generating and packaging unit is further configured to:
  • the multiple parameters of the request parameters are arranged in a preset order, including:
  • a plurality of parameters of the request parameters are arranged in alphabetical order.
  • the intelligent terminal acquires the request parameter, and encrypts the request parameter by the MD5 algorithm to generate a first digital signature string, and the first digital signature is
  • the string is encapsulated into the first access request, and the first access request is sent to the server; the server receives the first digital signature
  • the server allows the smart terminal to access. Through the above method, it can be identified whether the request is legal or not, and the user information is prevented from being leaked.
  • FIG. 2 is a schematic structural diagram of an embodiment of an illegal access server preventing apparatus according to the present invention.
  • FIG. 1 is a flowchart of an embodiment of an illegal access server prevention method according to the present invention. The method includes:
  • Step S101 The smart terminal acquires the request parameter.
  • the interactive interface between the smart terminal and the server is mostly implemented in the http mode. There are two ways to request http.
  • the request parameter will follow the request resource with "?" as the delimiter; the other is the POST method, and the request parameter is placed at the last position.
  • the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server.
  • the request parameter includes parameters of an interface that the smart terminal communicates with the server, including an application software identifier, a software version number, an international language code, an interface parameter, and the like.
  • the application software identifier is a symbol used to represent the application software, and each application is used.
  • the software corresponds to a unique identification number; the software version number is some English and number after the software name, which is the mark of the software version; the international language code is used to indicate the language code of the document; the interface is the channel for communication between the intelligent terminal and the server, the interface
  • the parameter contains the user information that made the request.
  • the smart terminal can obtain the request parameter by calling the relevant method through the request object.
  • Step S102 The intelligent terminal encrypts the request parameter to generate the first digital signature by using the MD5 algorithm.
  • the string is encapsulated into the first access request.
  • a digital signature (also known as a public key digital signature, an electronic signature) is some data attached to a data unit, or a cryptographic transformation of a data unit. Such data or transformation allows the recipient of the data unit to confirm the integrity of the source and data unit of the data unit and to protect the data from being forged by others, and is also a valid proof of the authenticity of the information sent by the sender of the information. . It is a method of signing messages in electronic form, a signed message can be transmitted in a communication network. (Message Digest Algorithm 5) (Chinese name is the message digest algorithm fifth edition) is a hash function widely used in the field of computer security to provide message integrity protection.
  • MD5 can generate an equally unique MD5 value for any file (regardless of its size, format, quantity), or it can be called "digital fingerprint”. If any one can make any change to the file, MD5 The value, that is, the corresponding "digital fingerprint" will change.
  • the request parameter may include multiple parameters
  • the smart terminal may select some or all of the parameters, and encrypt some or all of the parameters of the request parameter to generate a first digital signature string, the first digital signature, by using the MD5 algorithm.
  • the string is the "digital fingerprint" of the request parameter, used to protect the integrity of the request parameters, and then, the first digital signature
  • the string is encapsulated into the first access request.
  • multiple parameters encrypted by the MD5 algorithm may be arranged in a preset order before encryption, for example, multiple parameters are arranged in alphabetical order of the first letter, and multiple parameters may be connected by using multiple symbols.
  • the parameters are connected, and the connection symbol can be a specific letter, number or symbol, and the like.
  • Step S103 The smart terminal sends a first access request to the server.
  • the smart terminal may send the first access request to the server through a wired network, a wireless network, or a mobile network or the like.
  • Step S104 The server receives the first digital signature string.
  • the second access request and decapsulation from the second access request to obtain the request parameter.
  • the server cannot determine that the received first digital signature is received
  • the server receives the second access request with the first digital signature string, and decapsulates from the second access request to obtain the request parameters included in the second access request.
  • Step S105 The server encrypts the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string.
  • the request parameter obtained by decapsulating the second access request may include multiple parameters, and the server may select some or all of the parameters, and it is necessary to explain that some or all parameters selected by the server are in step S102.
  • Some or all of the parameter types selected by the intelligent terminal are consistent, and some or all of the parameters in the request parameter are encrypted by the MD5 algorithm to generate a second digital signature.
  • step S105 is identical to the MD5 algorithm in step S102.
  • step S102 if multiple parameters encrypted by the MD5 algorithm are arranged in a preset order before encryption, in step S105, the server needs to follow the multiple parameters encrypted by the MD5 algorithm.
  • the same preset order is arranged in step S102.
  • Step S106 The server determines whether the first digital signature string and the second digital signature string are consistent.
  • the server determines whether the first digital signature string and the second digital signature string are consistent. If yes, the second access request is the first access request, and the first access request is not falsified, and is a legal request.
  • the smart terminal is allowed to access; otherwise, the second access request is not the first access request, and the first access request has been tampered with, and is an illegal request, and the smart terminal is not allowed to access.
  • the first digital signature string obtained by the smart terminal according to the request parameter in the first access request by the MD5 algorithm is unique, and the process of MD5 encryption is irreversible.
  • the request parameter in the second access request is inconsistent with the request parameter in the first access request, and the parameters of the interface are different.
  • the MD5 algorithm is a digital signature generated by encrypting the content of the request parameter.
  • the digital signature string generated by the MD5 algorithm will also change.
  • Server connection After receiving the second access request, if the request parameter in the second access request is inconsistent with the request parameter in the first access request, the second digital signature string and the first digital signature obtained according to the request parameter in the second access request The strings are inconsistent. As you can see, there are hackers who attempt to capture the request connection sent by the APP client through the packet capture tool to obtain the information stored by the user on the server.
  • Step S107 Allow the smart terminal to perform access.
  • the second access request is the first access request, and the first access request is not tampered with, and is a legal request, allowing the smart terminal to access. .
  • the intelligent terminal acquires the request parameter, and encrypts the request parameter by the MD5 algorithm to generate a first digital signature string, and the first digital signature is generated.
  • the string is encapsulated into the first access request, and the first access request is sent to the server; the server receives the first digital signature
  • the server allows the smart terminal to access. Through the above method, it can be identified whether the request is legal or not, and the user information is prevented from being leaked.
  • FIG. 2 is a schematic structural diagram of an embodiment of an illegal access server preventing apparatus according to the present invention.
  • the apparatus 200 includes: an obtaining unit 201, a generating and packaging unit 202, a transmitting unit 203, a receiving unit 242, a decapsulation generating unit 205, and a determining unit 206.
  • the obtaining unit 201 is configured to obtain a request parameter, where the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server, and the request parameter includes a parameter of the interface that the smart terminal communicates with the server.
  • the generating and packaging unit 202 is configured to encrypt the request parameter by using an MD5 algorithm to generate a first digital signature.
  • the sending unit 203 is configured to send the first access request to the server.
  • the receiving unit 204 is configured to receive the first digital signature
  • a second access request of the string and decapsulating the request parameter from the second access request.
  • the decapsulation generating unit 205 is configured to encrypt the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string.
  • the determining unit 206 is configured to determine whether the first digital signature string and the second digital signature string are consistent. If yes, determine that the second access request is the first access request, and the server allows the smart terminal to access.
  • the request parameter includes a plurality of parameters including parameters of an interface of the smart terminal and the server, and the generating and packaging unit 202 is further configured to:
  • a plurality of parameters in the request parameter are connected by a preset symbol.
  • the request parameters include an application software identifier, a software version number, an international language code, and an interface parameter.
  • the generating package unit 202 is further configured to:
  • a plurality of parameters in the request parameters are arranged in a preset order.
  • the plurality of parameters in the request parameter are arranged in a preset order, including:
  • a plurality of parameters in the request parameters are arranged in alphabetical order.
  • the obtaining unit 201, the generating and packaging unit 202, and the sending unit 203 are located at the smart terminal; the receiving unit 204, the decapsulation generating unit 205, and the determining unit 206 are located at the server.
  • Computer readable media includes both computer storage media and communication media, including communication media including any medium that facilitates transfer of a computer program from one location to another.
  • the storage medium can be any of the available media that the computer can access.
  • the computer readable medium may include a random access memory (RAM). Read-Only Memory (ROM).
  • EEPROM Electrically Erasable Programmable (Electrically Erasable Programmable) Read-Only Memory
  • CD-ROM Compact Disc Read-Only Memory
  • Any one connectable may suitably become a computer readable medium. For example, if the software is using coaxial cable, fiber optic cable, twisted pair, digital subscriber line
  • a disk and a disc include a compact disc (CD), a laser disc, a disc, a digital versatile disc (DVD), a floppy disc, and a Blu-ray disc, wherein the disc is usually magnetically copied, and the disc is The laser is used to optically replicate the data. Combinations of the above should also be included within the scope of the computer readable medium.

Abstract

A method and device for preventing unauthorized access to a server. The method comprises: an intelligent terminal obtains request parameters in a first access request to be sent to a server, generates a first digital signature string by encrypting the request parameters using a MD5 algorithm, and encapsulates the first digital signature string in the first access request, so as to send the first access request to the server; the server receives and decapsulates a second access request having the first digital signature string to obtain the request parameters, generates a second digital signature string by encrypting, using the MD5 algorithm, the request parameters in the second access request obtained by means of decapsulation, determines whether the first digital signature string is consistent with the second digital signature string, determines that the second access request is the first access request if the first digital signature string is consistent with the second digital signature string, and allows the intelligent terminal to perform access. By means of the method, whether a request is legal can be identified, thereby avoiding leakage of user information.

Description

说明书 发明名称:一种非法访问服务器防止方法以及装置  Description: An illegal access server prevention method and device
[0001] 技术领域  [0001] Technical Field
[0002] 本发明涉及通讯领域, 特别涉及一种非法访问服务器防止方法以及装置。  [0002] The present invention relates to the field of communications, and in particular, to a method and apparatus for preventing unauthorized access to a server.
[0003] 背景技术 BACKGROUND
[0004] 目前, 大部分 APP软件都是以客户端和服务器相结合的结构来幵发。 客户端主 要指智能终端 APP软件, 而服务器主要用来存取 APP交互的数据。 现在客户端 与服务器的交互接口大部分都是通过 http的方式实现, 然而, 现在有很多抓包工 具, 它能抓取到 APP客户端发出的请求连接, 篡改请求连接中的参数信息, 伹 是服务器不能识别篡改后请求连接是否合法, 从而响应篡改后的请求, 而导致 他人获取用户在服务器中储存的信息, 造成个人信息的外泄。  [0004] At present, most of the APP software is synthesized by a combination of a client and a server. The client mainly refers to the smart terminal APP software, and the server is mainly used to access the data of the APP interaction. Now most of the interaction between the client and the server is implemented by means of http. However, there are many capture tools, which can capture the request connection sent by the APP client and tamper with the parameter information in the request connection. The server cannot identify whether the connection request is legal after tampering, and thus responds to the falsified request, causing others to obtain the information stored by the user in the server, causing leakage of personal information.
[0005] 发明内容  SUMMARY OF THE INVENTION
[0006] 本发明实施例所要解决的技术问题在于, 提供一种非法访问服务器防止方法以 及装置, 能够识别请求是否合法, 避免用户信息外泄。  The technical problem to be solved by the embodiments of the present invention is to provide an illegal access server prevention method and device, which can identify whether a request is legal or not, and avoid leakage of user information.
[0007] 本发明提供了一种非法访问服务器防止方法, 包括: [0007] The present invention provides a method for preventing unauthorized access to a server, including:
[0008] 智能终端获取请求参数, 其中, 所述请求参数为所述智能终端准备向服务器发 出的第一访问请求中携带的参数, 所述请求参数包含所述智能终端与所述服务 器通信的接口的参数;  [0008] The smart terminal acquires the request parameter, where the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server, and the request parameter includes an interface that the smart terminal communicates with the server. Parameter
[0009] 所述智能终端通过 MD5算法将所述请求参数加密生成第一数字签名  [0009] the intelligent terminal encrypts the request parameter to generate a first digital signature by using an MD5 algorithm.
串 , 并将所述第一数字签名  String and signing the first digital signature
串 封装到所述第一访问请求中, 以将所述第 一访问请求向所述服务器发送;  a string is encapsulated into the first access request to send the first access request to the server;
[0010] 所述服务器接收具有所述第一数字签名串 的 第二访问请求, 并从所述第二访问请求中解封装得到请求参数;  [0010] the server receives a second access request with the first digital signature string, and decapsulates the request parameter from the second access request;
[0011] 所述服务器通过所述 MD5算法将从所述第二访问请求中解封装得到的请求参数 加密生成第二数字签名串 ;  [0011] the server encrypts the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string;
[0012] 所述服务器判断所述第一数字签名串 和所述 第二数字签名串 是否一致, 如果是, 则判断 根据所述第二访问请求即为所述第一访问请求, 所述服务器允许所述智能终端 进行访问。 [0012] the server determines the first digital signature string and the Whether the second digital signature string is consistent. If yes, determining that the second access request is the first access request, the server allows the smart terminal to perform access.
[0013] 可选地, 所述请求参数包括包含所述智能终端与所述服务器通信的接口的参数 在内的多个参数, 所述智能终端通过 MD5算法将所述请求参数加密生成第一数 字签名串 包括:  [0013] Optionally, the request parameter includes a plurality of parameters including parameters of an interface that the smart terminal communicates with the server, and the smart terminal encrypts the request parameter to generate a first number by using an MD5 algorithm. The signature string includes:
[0014] 将所述请求参数中的多个参数通过预设符号连接起来。  [0014] A plurality of parameters of the request parameters are connected by a preset symbol.
[0015] 可选地, 所述请求参数包括应用软件标识、 软件版本号、 国际语言编码、 接口 的参数。  [0015] Optionally, the request parameter includes an application software identifier, a software version number, an international language code, and an interface parameter.
[0016] 可选地, 所述将所述请求参数中的多个参数通过预设符号连接起来之前还包括  [0016] Optionally, before the connecting, by the preset symbol, the plurality of parameters of the request parameter are further included
[0017] 将所述请求参数中的多个参数按照预设顺序排列。 [0017] arranging a plurality of parameters of the request parameters in a preset order.
[0018] 可选地, 所述请求参数中的多个参数按照预设顺序排列包括:  [0018] Optionally, the multiple parameters of the request parameters are arranged in a preset order, including:
[0019] 将所述请求参数中的多个参数按照字母顺序排列。  [0019] A plurality of parameters of the request parameters are arranged in alphabetical order.
[0020] 一种非法访问服务器防止装置, 包括:  [0020] An illegal access server preventing device, comprising:
[0021] 获取单元, 用于获取请求参数, 其中, 所述请求参数为所述智能终端准备向服 务器发出的第一访问请求中携带的参数, 所述请求参数包含所述智能终端与所 述服务器通信的接口的参数;  [0021] an obtaining unit, configured to acquire a request parameter, where the request parameter is a parameter carried in a first access request that the smart terminal prepares to send to the server, where the request parameter includes the smart terminal and the server The parameters of the interface of the communication;
[0022] 生成封装单元, 用于通过 MD5算法将所述请求参数加密生成第一数字签名 串 , 并将所述第一数字签名 [0022] generating a packaging unit, configured to encrypt the request parameter by using an MD5 algorithm to generate a first digital signature string, and the first digital signature
串 封装到所述第一访问请求中;  a string is encapsulated into the first access request;
[0023] 发送单元, 用于将所述第一访问请求向所述服务器发送;  [0023] a sending unit, configured to send the first access request to the server;
[0024] 接收单元, 用于接收具有所述第一数字签名 [0024] a receiving unit, configured to receive the first digital signature
串 的第二访问请求, 并从所述第二访问请求 中解封装得到请求参数;  a second access request of the string, and decapsulating the request parameter from the second access request;
[0025] 解封生成单元, 用于通过所述 MD5算法将从所述第二访问请求中解封装得到的 请求参数加密生成第二数字签名串 ; [0025] a decapsulation generating unit, configured to encrypt, by using the MD5 algorithm, a request parameter obtained by decapsulating the second access request to generate a second digital signature string;
[0026] 判断单元, 用于判断所述第一数字签名串 和 所述第二数字签名串 是否一致, 如果是, 则 判断根据所述第二访问请求即为所述第一访问请求, 所述服务器允许所述智能 终端进行访问。 a determining unit, configured to determine the first digital signature string and Whether the second digital signature string is consistent, and if yes, determining that the second access request is the first access request, and the server allows the smart terminal to perform access.
[0027] 可选地, 所述请求参数包括包含所述智能终端与所述服务器通信的接口的参数 在内的多个参数, 所述生成封装单元还用于,  [0027] Optionally, the request parameter includes a plurality of parameters including parameters of an interface that the smart terminal communicates with the server, and the generating and packaging unit is further configured to:
[0028] 将所述请求参数中的多个参数通过预设符号连接起来。 [0028] A plurality of parameters of the request parameters are connected by a preset symbol.
[0029] 可选地, 所述请求参数包括应用软件标识、 软件版本号、 国际语言编码、 接口 的参数。  [0029] Optionally, the request parameter includes an application software identifier, a software version number, an international language code, and an interface parameter.
[0030] 可选地, 所述生成封装单元还用于,  [0030] Optionally, the generating and packaging unit is further configured to:
[0031] 将所述请求参数中的多个参数按照预设顺序排列。  [0031] arranging a plurality of parameters of the request parameters in a preset order.
[0032] 可选地, 所述请求参数中的多个参数按照预设顺序排列包括:  [0032] Optionally, the multiple parameters of the request parameters are arranged in a preset order, including:
[0033] 将所述请求参数中的多个参数按照字母顺序排列。  [0033] A plurality of parameters of the request parameters are arranged in alphabetical order.
[0034] 上述发明, 智能终端获取请求参数, 并通过 MD5算法将请求参数加密生成第一 数字签名串 , 并将第一数字签名  [0034] In the above invention, the intelligent terminal acquires the request parameter, and encrypts the request parameter by the MD5 algorithm to generate a first digital signature string, and the first digital signature is
串 封装到第一访问请求中, 将第一访问请求 向服务器发送; 服务器接收具有第一数字签名  The string is encapsulated into the first access request, and the first access request is sent to the server; the server receives the first digital signature
串 的第二访问请求, 并从第二访问请求中解 封装得到请求参数, 并通过 MD5算法将从第二访问请求中解封装得到的请求参 数加密生成第二数字签名串 , 判断第一数字 签名串 和第二数字签名  a second access request of the string, and decapsulating the request parameter from the second access request, and encrypting the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string, and determining the first digital signature String and second digital signature
串 是否一致, 如果是, 则判断根据第二访问 请求即为第一访问请求, 服务器允许智能终端进行访问。 通过上述方法能够识 别请求是否合法, 避免用户信息外泄。  Whether the string is consistent, if yes, determining that the second access request is the first access request, and the server allows the smart terminal to access. Through the above method, it can be identified whether the request is legal or not, and the user information is prevented from being leaked.
[0035] 附图说明 BRIEF DESCRIPTION OF THE DRAWINGS
[0036] 为了更清楚地说明本发明实施例或现有技术中的技术方案, 下面将对实施例中 所需要使用的附图作简单地介绍, 显而易见地, 下面描述中的附图仅仅是本发 明的一些实施例, 对于本领域普通技术人员来讲, 在不付出创造性劳动的前提 下, 还可以根据这些附图获得其他的附图。 [0037] 图 1是本发明一种非法访问服务器防止方法实施方式的流程图; [0036] In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings to be used in the embodiments will be briefly described below. Obviously, the drawings in the following description are only the present drawings. Some embodiments of the invention may be obtained by those of ordinary skill in the art from the drawings without departing from the scope of the invention. 1 is a flow chart of an embodiment of an illegal access server prevention method according to the present invention;
[0038] 图 2是本发明一种非法访问服务器防止装置实施方式的结构示意图。 2 is a schematic structural diagram of an embodiment of an illegal access server preventing apparatus according to the present invention.
[0039] 具体实施方式 DETAILED DESCRIPTION
[0040] 下面将结合本发明实施例中的附图, 对本发明实施例中的技术方案进行清楚、 完整地描述, 显然, 所描述的实施例仅仅是本发明一部分实施例, 而不是全部 的实施例。 基于本发明中的实施例, 本领域普通技术人员在没有做出创造性劳 动前提下所获得的所有其他实施例, 都属于本发明保护的范围。  [0040] The technical solutions in the embodiments of the present invention will be clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. example. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
[0041] 请参阅图 1 , 图 1是本发明一种非法访问服务器防止方法实施方式的流程图。 该 方法包括:  Please refer to FIG. 1. FIG. 1 is a flowchart of an embodiment of an illegal access server prevention method according to the present invention. The method includes:
[0042] 步骤 S101: 智能终端获取请求参数。  [0042] Step S101: The smart terminal acquires the request parameter.
[0043] 智能终端与服务器的交互接口大部分是以 http方式实现。 http请求方式有两种  [0043] The interactive interface between the smart terminal and the server is mostly implemented in the http mode. There are two ways to request http.
, 一种是 GET方式, 请求参数会用"? "作为分隔符跟在请求资源后面; 另一种 是 POST方式, 请求参数放在了最后面的位置。  One is the GET method, the request parameter will follow the request resource with "?" as the delimiter; the other is the POST method, and the request parameter is placed at the last position.
[0044] 具体地, 请求参数为智能终端准备向服务器发出的第一访问请求中携带的参数  [0044] Specifically, the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server.
, 该请求参数包含智能终端与服务器通信的接口的参数, 包括应用软件标识、 软件版本号、 国际语言编码、 接口的参数等等, 应用软件标识是用来表示应用 软件的一个符号, 每个应用软件对应唯一的标识号; 软件版本号是软件名称后 面的一些英文和数字, 为软件版本的标志; 国际语言编码用于表示文档的语言 编码; 接口是智能终端与服务器间通信的通道, 接口的参数包含了发出请求的 用户信息。 智能终端可以通过 request对象调用相关方法来获取请求参数。  The request parameter includes parameters of an interface that the smart terminal communicates with the server, including an application software identifier, a software version number, an international language code, an interface parameter, and the like. The application software identifier is a symbol used to represent the application software, and each application is used. The software corresponds to a unique identification number; the software version number is some English and number after the software name, which is the mark of the software version; the international language code is used to indicate the language code of the document; the interface is the channel for communication between the intelligent terminal and the server, the interface The parameter contains the user information that made the request. The smart terminal can obtain the request parameter by calling the relevant method through the request object.
[0045] 步骤 S102: 智能终端通过 MD5算法将请求参数加密生成第一数字签名  [0045] Step S102: The intelligent terminal encrypts the request parameter to generate the first digital signature by using the MD5 algorithm.
串 , 并将该第一数字签名  String and will sign the first number
串 封装到第一访问请求中。  The string is encapsulated into the first access request.
[0046] 数字签名 (又称公钥数字签名、 电子签章) 是附加在数据单元上的一些数据, 或是对数据单元所作的密码变换。 这种数据或变换允许数据单元的接收者用以 确认数据单元的来源和数据单元的完整性并保护数据, 防止被他人进行伪造, 同吋也是对信息的发送者发送信息真实性的一个有效证明。 它是对电子形式的 消息进行签名的一种方法, 一个签名消息能在一个通信网络中传输。 [0047] (Message Digest Algorithm 5) (中文名为消息摘要算法第五版) 为计算机安 全领域广泛使用的一种散列函数, 用以提供消息的完整性保护。 MD5就可以为 任 1可文件 (不管其大小、 格式、 数量) 产生一个同样独一无二的 MD5值, 也可 以称为"数字指纹", 如果任 1可人对文件做了任 1可改动, 其 MD5值也就是对应的 "数字指纹"都会发生变化。 [0046] A digital signature (also known as a public key digital signature, an electronic signature) is some data attached to a data unit, or a cryptographic transformation of a data unit. Such data or transformation allows the recipient of the data unit to confirm the integrity of the source and data unit of the data unit and to protect the data from being forged by others, and is also a valid proof of the authenticity of the information sent by the sender of the information. . It is a method of signing messages in electronic form, a signed message can be transmitted in a communication network. (Message Digest Algorithm 5) (Chinese name is the message digest algorithm fifth edition) is a hash function widely used in the field of computer security to provide message integrity protection. MD5 can generate an equally unique MD5 value for any file (regardless of its size, format, quantity), or it can be called "digital fingerprint". If any one can make any change to the file, MD5 The value, that is, the corresponding "digital fingerprint" will change.
[0048] 具体地, 请求参数可以包含多个参数, 智能终端可以选取其中的部分或全部参 数, 通过 MD5算法将请求参数中的部分或全部参数加密生成第一数字签名 串 , 第一数字签名 [0048] Specifically, the request parameter may include multiple parameters, and the smart terminal may select some or all of the parameters, and encrypt some or all of the parameters of the request parameter to generate a first digital signature string, the first digital signature, by using the MD5 algorithm.
串 即为该请求参数的"数字指纹", 用于保护 请求参数的完整, 然后, 将该第一数字签名  The string is the "digital fingerprint" of the request parameter, used to protect the integrity of the request parameters, and then, the first digital signature
串 封装到第一访问请求中。  The string is encapsulated into the first access request.
[0049] 需要说明的是, 通过 MD5算法加密的多个参数在加密之前可以按照预设顺序 排列, 例如将多个参数按照首字母的字母顺序排列, 也可以将多个参数用连接 符号将多个参数连接起来, 该连接符号可以是特定的字母、 数字或符号等等。 例如, 假设请求参数中 appID=ebcad75de0d42a844d98a755644e30 (应用唯一标 识号) 、 softwareVersion=1.0.1 (软件版本号) 、 lanCode= zh-cn (国际语言编 码) 、 restKey= user.login (接口的参数) , 在进行 MD5加密之前, 根据等号前 的参数按字母顺序排序, 并用&符号连接得到排序连接后的请求参数 appID= ebcad75de0d42a844d98a755644e30&lanCode=zh-cn&restKey=user.login&softwa reVersion=1.0.1 , 然后对排序连接后的请求参数进行 MD5加密, 得到第一数字 签名串 。  [0049] It should be noted that multiple parameters encrypted by the MD5 algorithm may be arranged in a preset order before encryption, for example, multiple parameters are arranged in alphabetical order of the first letter, and multiple parameters may be connected by using multiple symbols. The parameters are connected, and the connection symbol can be a specific letter, number or symbol, and the like. For example, suppose the request parameter is appID=ebcad75de0d42a844d98a755644e30 (apply unique identification number), softwareVersion=1.0.1 (software version number), lanCode= zh-cn (international language code), restKey= user.login (interface parameter), Before performing MD5 encryption, sort the parameters according to the parameters before the equal sign, and use the & symbol to get the request parameter appID= ebcad75de0d42a844d98a755644e30&lanCode=zh-cn&restKey=user.login&softwa reVersion=1.0.1, and then sort the connected The request parameter is MD5 encrypted to obtain a first digital signature string.
[0050] 步骤 S103: 智能终端向服务器发送第一访问请求。  [0050] Step S103: The smart terminal sends a first access request to the server.
[0051] 具体地, 智能终端可以通过有线网、 无线网或移动网等等向服务器发送第一访 问请求。  [0051] Specifically, the smart terminal may send the first access request to the server through a wired network, a wireless network, or a mobile network or the like.
[0052] 步骤 S104: 服务器接收具有第一数字签名串  [0052] Step S104: The server receives the first digital signature string.
的第二访问请求, 并从第二访问请求中解封装得到请求参数。  The second access request, and decapsulation from the second access request to obtain the request parameter.
[0053] 具体地, 服务器不能判定所接收的具有第一数字签名 [0053] Specifically, the server cannot determine that the received first digital signature is received
串 的第二访问请求是否为第一访问请求, 第 一访问请求中的请求参数也可能已经被修改, 服务器接收具有第一数字签名 串 的第二访问请求, 并从第二访问请求中解 封装得到该第二访问请求所包含的请求参数。 Whether the second access request of the string is the first access request, The request parameter in an access request may also have been modified, the server receives the second access request with the first digital signature string, and decapsulates from the second access request to obtain the request parameters included in the second access request.
[0054] 步骤 S105: 服务器通过 MD5算法将从第二访问请求中解封装得到的请求参数 加密生成第二数字签名串 。 [0054] Step S105: The server encrypts the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string.
[0055] 具体地, 第二访问请求中解封装得到的请求参数可以包含多个参数, 服务器可 以选取其中的部分或全部参数, 需要说明的是, 服务器所选取的部分或全部参 数与步骤 S102中智能终端选取的部分或全部参数类型一致, 通过 MD5算法将请 求参数中的部分或全部参数加密生成第二数字签名 [0055] Specifically, the request parameter obtained by decapsulating the second access request may include multiple parameters, and the server may select some or all of the parameters, and it is necessary to explain that some or all parameters selected by the server are in step S102. Some or all of the parameter types selected by the intelligent terminal are consistent, and some or all of the parameters in the request parameter are encrypted by the MD5 algorithm to generate a second digital signature.
串 , 还需要说明的是, 步骤 S105中的 MD5算 法和步骤 S102中的 MD5算法一致。  It should be noted that the MD5 algorithm in step S105 is identical to the MD5 algorithm in step S102.
[0056] 还需要说明的是, 步骤 S102中, 如果通过 MD5算法加密的多个参数在加密之 前按照预设顺序排列, 那么步骤 S105中, 服务器通过 MD5算法加密的多个参数 之前也需要按照与步骤 S102中相同的预设顺序排列。  [0056] It should be noted that, in step S102, if multiple parameters encrypted by the MD5 algorithm are arranged in a preset order before encryption, in step S105, the server needs to follow the multiple parameters encrypted by the MD5 algorithm. The same preset order is arranged in step S102.
[0057] 步骤 S106: 服务器判断第一数字签名串 和第 二数字签名串 是否一致。  [0057] Step S106: The server determines whether the first digital signature string and the second digital signature string are consistent.
[0058] 具体地, 服务器判断第一数字签名串 和第二 数字签名串 是否一致, 如果是, 则第二访问 请求即为第一访问请求, 该第一访问请求未被篡改, 为合法请求, 允许智能终 端进行访问; 否则, 第二访问请求不是第一访问请求, 该第一访问请求已被篡 改, 为非法请求, 不允许该智能终端进行访问。  [0058] Specifically, the server determines whether the first digital signature string and the second digital signature string are consistent. If yes, the second access request is the first access request, and the first access request is not falsified, and is a legal request. The smart terminal is allowed to access; otherwise, the second access request is not the first access request, and the first access request has been tampered with, and is an illegal request, and the smart terminal is not allowed to access.
[0059] 具体地, 智能终端根据第一访问请求中的请求参数通过 MD5算法得出的第一数 字签名串 是唯一的, 并且 MD5加密的过程是 不可逆的。 当第一访问请求被他人获取并修改为第二访问请求后, 其中, 第二 访问请求中的请求参数与第一访问请求中的请求参数不一致, 它们接口的参数 不同。 MD5算法是根据请求参数的内容加密生成的数字签名  [0059] Specifically, the first digital signature string obtained by the smart terminal according to the request parameter in the first access request by the MD5 algorithm is unique, and the process of MD5 encryption is irreversible. After the first access request is obtained by another person and modified into a second access request, the request parameter in the second access request is inconsistent with the request parameter in the first access request, and the parameters of the interface are different. The MD5 algorithm is a digital signature generated by encrypting the content of the request parameter.
串 , 当请求参数发生变化后, 通过 MD5算法 生成的数字签名串 也将发生变化。 服务器接 收第二访问请求后, 如果第二访问请求中的请求参数与第一访问请求中的请求 参数不一致, 那么根据第二访问请求中的请求参数所得到的第二数字签名 串 与第一数字签名 串 不一致。 就可以知道, 有黑客意图通过抓 包工具抓取到 APP客户端发出的请求连接以获取用户在服务器中储存的信息。 String, when the request parameters change, the digital signature string generated by the MD5 algorithm will also change. Server connection After receiving the second access request, if the request parameter in the second access request is inconsistent with the request parameter in the first access request, the second digital signature string and the first digital signature obtained according to the request parameter in the second access request The strings are inconsistent. As you can see, there are hackers who attempt to capture the request connection sent by the APP client through the packet capture tool to obtain the information stored by the user on the server.
[0060] 步骤 S107: 允许智能终端进行访问。 [0060] Step S107: Allow the smart terminal to perform access.
[0061] 具体地, 如果第一数字签名串 和第二数字签 名串 一致, 则第二访问请求即为第一访问请 求, 该第一访问请求未被篡改, 为合法请求, 允许智能终端进行访问。  [0061] Specifically, if the first digital signature string and the second digital signature string are consistent, the second access request is the first access request, and the first access request is not tampered with, and is a legal request, allowing the smart terminal to access. .
[0062] 上述发明, 智能终端获取请求参数, 并通过 MD5算法将请求参数加密生成第一 数字签名串 , 并将第一数字签名  [0062] In the above invention, the intelligent terminal acquires the request parameter, and encrypts the request parameter by the MD5 algorithm to generate a first digital signature string, and the first digital signature is generated.
串 封装到第一访问请求中, 将第一访问请求 向服务器发送; 服务器接收具有第一数字签名  The string is encapsulated into the first access request, and the first access request is sent to the server; the server receives the first digital signature
串 的第二访问请求, 并从第二访问请求中解 封装得到请求参数, 并通过 MD5算法将从第二访问请求中解封装得到的请求参 数加密生成第二数字签名串 , 判断第一数字 签名串 和第二数字签名  a second access request of the string, and decapsulating the request parameter from the second access request, and encrypting the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string, and determining the first digital signature String and second digital signature
串 是否一致, 如果是, 则判断根据第二访问 请求即为第一访问请求, 服务器允许智能终端进行访问。 通过上述方法能够识 别请求是否合法, 避免用户信息外泄。  Whether the string is consistent, if yes, determining that the second access request is the first access request, and the server allows the smart terminal to access. Through the above method, it can be identified whether the request is legal or not, and the user information is prevented from being leaked.
[0063] 请参见图 2, 图 2是本发明一种非法访问服务器防止装置实施方式的结构示意图  Referring to FIG. 2, FIG. 2 is a schematic structural diagram of an embodiment of an illegal access server preventing apparatus according to the present invention.
, 该装置 200包括: 获取单元 201、 生成封装单元 202、 发送单元 203、 接收单元 2 04、 解封生成单元 205以及判断单元 206。  The apparatus 200 includes: an obtaining unit 201, a generating and packaging unit 202, a transmitting unit 203, a receiving unit 242, a decapsulation generating unit 205, and a determining unit 206.
[0064] 获取单元 201 , 用于获取请求参数, 其中, 请求参数为智能终端准备向服务器 发出的第一访问请求中携带的参数, 请求参数包含智能终端与服务器通信的接 口的参数。  The obtaining unit 201 is configured to obtain a request parameter, where the request parameter is a parameter carried in the first access request that the smart terminal prepares to send to the server, and the request parameter includes a parameter of the interface that the smart terminal communicates with the server.
[0065] 生成封装单元 202, 用于通过 MD5算法将请求参数加密生成第一数字签名  [0065] The generating and packaging unit 202 is configured to encrypt the request parameter by using an MD5 algorithm to generate a first digital signature.
串 , 并将第一数字签名 串 封装到第一访问请求中。 String, and the first digital signature The string is encapsulated into the first access request.
[0066] 发送单元 203, 用于将第一访问请求向服务器发送。  [0066] The sending unit 203 is configured to send the first access request to the server.
[0067] 接收单元 204, 用于接收具有第一数字签名 [0067] The receiving unit 204 is configured to receive the first digital signature
串 的第二访问请求, 并从第二访问请求中解 封装得到请求参数。  A second access request of the string, and decapsulating the request parameter from the second access request.
[0068] 解封生成单元 205, 用于通过 MD5算法将从第二访问请求中解封装得到的请求 参数加密生成第二数字签名串 。  The decapsulation generating unit 205 is configured to encrypt the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string.
[0069] 判断单元 206, 用于判断第一数字签名串 和 第二数字签名串 是否一致, 如果是, 则判断 根据第二访问请求即为第一访问请求, 服务器允许智能终端进行访问。 The determining unit 206 is configured to determine whether the first digital signature string and the second digital signature string are consistent. If yes, determine that the second access request is the first access request, and the server allows the smart terminal to access.
[0070] 可选地, 请求参数包括包含智能终端与服务器通信的接口的参数在内的多个参 数, 生成封装单元 202还用于, [0070] Optionally, the request parameter includes a plurality of parameters including parameters of an interface of the smart terminal and the server, and the generating and packaging unit 202 is further configured to:
[0071] 将请求参数中的多个参数通过预设符号连接起来。 [0071] A plurality of parameters in the request parameter are connected by a preset symbol.
[0072] 可选地, 请求参数包括应用软件标识、 软件版本号、 国际语言编码、 接口的参 数。  [0072] Optionally, the request parameters include an application software identifier, a software version number, an international language code, and an interface parameter.
[0073] 可选地, 生成封装单元 202还用于,  [0073] Optionally, the generating package unit 202 is further configured to:
[0074] 将请求参数中的多个参数按照预设顺序排列。  [0074] A plurality of parameters in the request parameters are arranged in a preset order.
[0075] 可选地, 请求参数中的多个参数按照预设顺序排列包括:  [0075] Optionally, the plurality of parameters in the request parameter are arranged in a preset order, including:
[0076] 将请求参数中的多个参数按照字母顺序排列。  [0076] A plurality of parameters in the request parameters are arranged in alphabetical order.
[0077] 需要说明的是, 获取单元 201、 生成封装单元 202以及发送单元 203位于智能终 端; 接收单元 204、 解封生成单元 205以及判断单元 206位于服务器。  [0077] It should be noted that the obtaining unit 201, the generating and packaging unit 202, and the sending unit 203 are located at the smart terminal; the receiving unit 204, the decapsulation generating unit 205, and the determining unit 206 are located at the server.
[0078] 需要说明的是, 对于前述的各方法实施例, 为了简单描述, 故将其都表述为一 系列的动作组合, 伹是本领域技术人员应该知悉, 本发明并不受所描述的动作 顺序的限制, 因为根据本发明, 某些步骤可以采用其他顺序或者同吋进行。 其 次, 本领域技术人员也应该知悉, 说明书中所描述的实施例均属于优选实施例 , 所涉及的动作和模块并不一定是本发明所必须的。  [0078] It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, and those skilled in the art should know that the present invention is not subject to the described actions. The order is limited because certain steps may be performed in other orders or in the same manner in accordance with the present invention. In the following, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
[0079] 在上述实施例中, 对各个实施例的描述都各有侧重, 某个实施例中没有详述 的部分, 可以参见其他实施例的相关描述。 [0080] 本发明实施例方法中的步骤可以根据实际需要进行顺序调整、 合并和刪减。 [0079] In the foregoing embodiments, the descriptions of the various embodiments are different, and the parts that are not detailed in an embodiment may refer to related descriptions of other embodiments. [0080] The steps in the method of the embodiment of the present invention may be sequentially adjusted, merged, and deleted according to actual needs.
[0081] 本发明实施例装置中的单元可以根据实际需要进行合并、 划分和刪减。 本领域 的技术人员可以将本说明书中描述的不同实施例以及不同实施例的特征进行结 合或组合。 [0081] The units in the apparatus of the embodiment of the present invention may be combined, divided, and deleted according to actual needs. Those skilled in the art can combine or combine the different embodiments described in the specification and the features of the different embodiments.
[0082] 通过以上的实施方式的描述, 所属领域的技术人员可以清楚地了解到本发明可 以用硬件实现, 或固件实现, 或它们的组合方式来实现。 当使用软件实现吋, 可以将上述功能存储在计算机可读介质中或作为计算机可读介质上的一个或多 个指令或代码进行传输。 计算机可读介质包括计算机存储介质和通信介质, 其 中通信介质包括便于从一个地方向另一个地方传送计算机程序的任 1可介质。 存 储介质可以是计算机能够存取的任 1可可用介质。 以此为例伹不限于: 计算机可 读介质可以包括随机存取存储器 (Random Access Memory, RAM). 只读存储器 (Read-Only Memory, ROM). 电可擦可编程只读存储器 (Electrically Erasable Programmable Read-Only Memory, EEPROM)、 只读光盘 (Compact Disc Read-Only Memory, CD-ROM)或其他光盘存储、 磁盘存储介质或者其他磁存 储设备、 或者能够用于携带或存储具有指令或数据结构形式的期望的程序代码 并能够由计算机存取的任 1可其他介质。 此外。 任 1可连接可以适当的成为计算机 可读介质。 例如, 如果软件是使用同轴电缆、 光纤光缆、 双绞线、 数字用户线 [0082] Through the description of the above embodiments, those skilled in the art can clearly understand that the present invention can be implemented in hardware, firmware implementation, or a combination thereof. When implemented in software, the functions described above may be stored in or transmitted as one or more instructions or code on a computer readable medium. Computer readable media includes both computer storage media and communication media, including communication media including any medium that facilitates transfer of a computer program from one location to another. The storage medium can be any of the available media that the computer can access. For example, the computer readable medium may include a random access memory (RAM). Read-Only Memory (ROM). Electrically Erasable Programmable (Electrically Erasable Programmable) Read-Only Memory, EEPROM), Compact Disc Read-Only Memory (CD-ROM) or other optical disc storage, disk storage media or other magnetic storage devices, or capable of carrying or storing instructions or data structures The desired program code and any other medium that can be accessed by the computer. Also. Any one connectable may suitably become a computer readable medium. For example, if the software is using coaxial cable, fiber optic cable, twisted pair, digital subscriber line
(Digital Subscriber Line, DSL) 或者诸如红外线、 无线电和微波之类的无线技 术从网站、 服务器或者其他远程源传输的, 那么同轴电缆、 光纤光缆、 双绞线 、 DSL或者诸如红外线、 无线和微波之类的无线技术包括在所属介质的定影中 。 如本发明所使用的, 盘 (Disk) 和碟 (disc) 包括压缩光碟 (CD) 、 激光碟 、 光碟、 数字通用光碟 (DVD) 、 软盘和蓝光光碟, 其中盘通常磁性的复制数 据, 而碟则用激光来光学的复制数据。 上面的组合也应当包括在计算机可读介 质的保护范围之内。 (Digital Subscriber Line, DSL) or wireless technology such as infrared, radio and microwave transmission from a website, server or other remote source, then coaxial cable, fiber optic cable, twisted pair, DSL or such as infrared, wireless and microwave Wireless technologies such as those included in the fixing of the associated medium. As used in the present invention, a disk and a disc include a compact disc (CD), a laser disc, a disc, a digital versatile disc (DVD), a floppy disc, and a Blu-ray disc, wherein the disc is usually magnetically copied, and the disc is The laser is used to optically replicate the data. Combinations of the above should also be included within the scope of the computer readable medium.
[0083] 总之, 以上所述仅为本发明技术方案的较佳实施例而已, 并非用于限定本发 明的保护范围。 凡在本发明的精神和原则之内, 所作的任何修改、 等同替换、 改进等, 均应包含在本发明的保护范围之内。  In summary, the above description is only a preferred embodiment of the technical solution of the present invention, and is not intended to limit the scope of the present invention. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and scope of the present invention are intended to be included within the scope of the present invention.
技术问题 问题的解决方案 发明的有益效果 technical problem The solution to the problem is the beneficial effect of the invention

Claims

权利要求书 Claim
[权利要求 1] 一种非法访问服务器防止方法, 其特征在于, 包括:  [Claim 1] A method for preventing an illegal access server, comprising:
智能终端获取请求参数, 其中, 所述请求参数为所述智能终端准备向 服务器发出的第一访问请求中携带的参数, 所述请求参数包含所述智 能终端与所述服务器通信的接口的参数;  The smart terminal acquires a request parameter, where the request parameter is a parameter carried in a first access request that the smart terminal prepares to send to the server, and the request parameter includes a parameter of an interface that the smart terminal communicates with the server;
所述智能终端通过 MD5算法将所述请求参数加密生成第一数字签名 串, 并将所述第一数字签名串封装到所述第一访问请求中, 以将所述 第一访问请求向所述服务器发送;  The smart terminal encrypts the request parameter to generate a first digital signature string by using an MD5 algorithm, and encapsulates the first digital signature string into the first access request, to send the first access request to the Server sends
所述服务器接收具有所述第一数字签名串的第二访问请求, 并从所述 第二访问请求中解封装得到请求参数;  Receiving, by the server, a second access request having the first digital signature string, and decapsulating the request parameter from the second access request;
所述服务器通过所述 MD5算法将从所述第二访问请求中解封装得到 的请求参数加密生成第二数字签名串;  The server encrypts the request parameter obtained by decapsulating the second access request by the MD5 algorithm to generate a second digital signature string;
所述服务器判断所述第一数字签名串和所述第二数字签名串是否一致 , 如果是, 则判断根据所述第二访问请求即为所述第一访问请求, 所 述服务器允许所述智能终端进行访问。  Determining, by the server, whether the first digital signature string and the second digital signature string are consistent, and if yes, determining that the second access request is the first access request, the server allowing the smart The terminal makes an access.
[权利要求 2] 根据权利要求 1所述的方法, 其特征在于, 所述请求参数包括包含所 述智能终端与所述服务器通信的接口的参数在内的多个参数, 所述智 能终端通过 MD5算法将所述请求参数加密生成第一数字签名串包括 [Claim 2] The method according to claim 1, wherein the request parameter includes a plurality of parameters including parameters of an interface of the smart terminal and the server, and the smart terminal passes the MD5. The algorithm encrypts the request parameter to generate a first digital signature string including
将所述请求参数中的多个参数通过预设符号连接起来。 A plurality of parameters of the request parameters are connected by a preset symbol.
[权利要求 3] 根据权利要求 2所述的方法, 其特征在于, 所述请求参数包括应用软 件标识、 软件版本号、 国际语言编码、 接口的参数。 [Claim 3] The method according to claim 2, wherein the request parameter includes an application software identifier, a software version number, an international language code, and an interface parameter.
[权利要求 4] 根据权利要求 3所述的方法, 其特征在于, 所述将所述请求参数中的 多个参数通过预设符号连接起来之前还包括: [Claim 4] The method according to claim 3, wherein before the connecting the plurality of parameters of the request parameter by using a preset symbol, the method further includes:
将所述请求参数中的多个参数按照预设顺序排列。  A plurality of parameters of the request parameters are arranged in a preset order.
[权利要求 5] 根据权利要求 4所述的方法, 其特征在于, 所述请求参数中的多个参 数按照预设顺序排列包括: [Claim 5] The method according to claim 4, wherein the plurality of parameters in the request parameter are arranged in a preset order, including:
将所述请求参数中的多个参数按照字母顺序排列。 一种非法访问服务器防止装置, 其特征在于, 包括: A plurality of parameters of the request parameters are arranged in alphabetical order. An illegal access server preventing device, comprising:
获取单元, 用于获取请求参数, 其中, 所述请求参数为所述智能终端 准备向服务器发出的第一访问请求中携带的参数, 所述请求参数包含 所述智能终端与所述服务器通信的接口的参数; An obtaining unit, configured to acquire a request parameter, where the request parameter is a parameter carried in a first access request that the smart terminal prepares to send to the server, where the request parameter includes an interface that the smart terminal communicates with the server Parameter
生成封装单元, 用于通过 MD5算法将所述请求参数加密生成第一数 字签名串, 并将所述第一数字签名串封装到所述第一访问请求中; 发送单元, 用于将所述第一访问请求向所述服务器发送; Generating an encapsulation unit, configured to encrypt the request parameter by using an MD5 algorithm to generate a first digital signature string, and encapsulate the first digital signature string into the first access request; and send, by the sending unit, An access request is sent to the server;
接收单元, 用于接收具有所述第一数字签名串的第二访问请求, 并从 所述第二访问请求中解封装得到请求参数; a receiving unit, configured to receive a second access request with the first digital signature string, and decapsulate the request parameter from the second access request;
解封生成单元, 用于通过所述 MD5算法将从所述第二访问请求中解 封装得到的请求参数加密生成第二数字签名串; a decapsulation generating unit, configured to encrypt, by using the MD5 algorithm, a request parameter obtained by decapsulating the second access request to generate a second digital signature string;
判断单元, 用于判断所述第一数字签名串和所述第二数字签名串是否 一致, 如果是, 则判断根据所述第二访问请求即为所述第一访问请求 , 所述服务器允许所述智能终端进行访问。 a determining unit, configured to determine whether the first digital signature string and the second digital signature string are consistent, and if yes, determining that the second access request is the first access request, the server allows the The intelligent terminal performs access.
根据权利要求 6所述的装置, 其特征在于, 所述请求参数包括包含所 述智能终端与所述服务器通信的接口的参数在内的多个参数, 所述生 成封装单元还用于, The device according to claim 6, wherein the request parameter comprises a plurality of parameters including parameters of an interface of the smart terminal and the server, and the generating and packaging unit is further configured to:
将所述请求参数中的多个参数通过预设符号连接起来。 A plurality of parameters of the request parameters are connected by a preset symbol.
根据权利要求 7所述的装置, 其特征在于, 所述请求参数包括应用软 件标识、 软件版本号、 国际语言编码、 接口的参数。 The apparatus according to claim 7, wherein the request parameter comprises an application software identifier, a software version number, an international language code, and an interface parameter.
根据权利要求 8所述的装置, 其特征在于, 所述生成封装单元还用于 The device according to claim 8, wherein the generating package unit is further used for
将所述请求参数中的多个参数按照预设顺序排列。 A plurality of parameters of the request parameters are arranged in a preset order.
根据权利要求 9所述的装置, 其特征在于, 所述请求参数中的多个参 数按照预设顺序排列包括: The apparatus according to claim 9, wherein the plurality of parameters in the request parameter are arranged in a preset order, including:
PCT/CN2015/092693 2015-10-23 2015-10-23 Method and device for preventing unauthorized access to server WO2017066995A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201580002054.4A CN105765941A (en) 2015-10-23 2015-10-23 Illegal access server prevention method and device
PCT/CN2015/092693 WO2017066995A1 (en) 2015-10-23 2015-10-23 Method and device for preventing unauthorized access to server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/092693 WO2017066995A1 (en) 2015-10-23 2015-10-23 Method and device for preventing unauthorized access to server

Publications (1)

Publication Number Publication Date
WO2017066995A1 true WO2017066995A1 (en) 2017-04-27

Family

ID=56343050

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/092693 WO2017066995A1 (en) 2015-10-23 2015-10-23 Method and device for preventing unauthorized access to server

Country Status (2)

Country Link
CN (1) CN105765941A (en)
WO (1) WO2017066995A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108322418A (en) * 2017-01-16 2018-07-24 深圳兆日科技股份有限公司 The detection method and device of unauthorized access
CN108322302A (en) * 2017-01-17 2018-07-24 北京京东尚科信息技术有限公司 A kind of anti-brush method, apparatus of the page, electronic equipment and storage medium
CN108055230A (en) * 2017-10-19 2018-05-18 福建中金在线信息科技有限公司 The method and apparatus of data request processing
CN107896145A (en) * 2017-11-10 2018-04-10 郑州云海信息技术有限公司 A kind of anti-method for implanting of interface interchange and system
CN108400979B (en) * 2018-02-06 2021-07-30 武汉斗鱼网络科技有限公司 Communication method applied to client and server and electronic equipment
CN108494759B (en) * 2018-03-14 2021-06-01 北京思特奇信息技术股份有限公司 Access request processing method, system, device and storage medium
CN111291393A (en) * 2020-01-21 2020-06-16 上海悦易网络信息技术有限公司 Request checking method and device
CN112383548A (en) * 2020-11-13 2021-02-19 杭州弗兰科信息安全科技有限公司 Database access method, transmitting device, receiving device and terminal host

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
CN102946392A (en) * 2012-11-15 2013-02-27 亚信联创科技(中国)有限公司 URL (Uniform Resource Locator) data encrypted transmission method and system
US20130290708A1 (en) * 2012-04-26 2013-10-31 Sap Ag Configuration protection for providing security to configuration files
CN104104650A (en) * 2013-04-02 2014-10-15 联想(北京)有限公司 Data file visit method and terminal equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222509B (en) * 2008-01-22 2011-10-26 中兴通讯股份有限公司 Data protection transmission method of P2P network
KR101541911B1 (en) * 2008-07-16 2015-08-06 삼성전자주식회사 Apparatus and method for providing security service of User Interface
CN102647461B (en) * 2012-03-29 2016-05-04 北京奇虎科技有限公司 Communication means based on HTTP, server, terminal
CN103973695A (en) * 2014-05-16 2014-08-06 浪潮电子信息产业股份有限公司 Signature algorithm for server validation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102065573A (en) * 2010-12-28 2011-05-18 北京高信达通信技术有限公司福州分公司 WAP gateway agent service data processing method and server
US20130290708A1 (en) * 2012-04-26 2013-10-31 Sap Ag Configuration protection for providing security to configuration files
CN102946392A (en) * 2012-11-15 2013-02-27 亚信联创科技(中国)有限公司 URL (Uniform Resource Locator) data encrypted transmission method and system
CN104104650A (en) * 2013-04-02 2014-10-15 联想(北京)有限公司 Data file visit method and terminal equipment

Also Published As

Publication number Publication date
CN105765941A (en) 2016-07-13

Similar Documents

Publication Publication Date Title
WO2017066995A1 (en) Method and device for preventing unauthorized access to server
CN110351239B (en) Block chain-based electronic contract storage method and device and electronic equipment
WO2015180691A1 (en) Key agreement method and device for verification information
EP2095288B1 (en) Method for the secure storing of program state data in an electronic device
WO2021114891A1 (en) Key encryption method and decryption method, and, data encryption method and decryption method
WO2016019790A1 (en) Verification method, client, server and system for installation package
CN103856485A (en) System and method for initializing safety indicator of credible user interface
WO2021051941A1 (en) Information processing method and apparatus
CN107864129B (en) Method and device for ensuring network data security
WO2015180689A1 (en) Method and apparatus for acquiring verification information
CN112511514A (en) HTTP encrypted transmission method and device, computer equipment and storage medium
CN111131278A (en) Data processing method and device, computer storage medium and electronic equipment
CN110912877B (en) Data transmitting and receiving method and device based on IEC61850 model in transformer substation
WO2020102974A1 (en) Data access method, data access apparatus, and mobile terminal
WO2018166163A1 (en) Pos terminal control method, pos terminal, server and storage medium
CN111339201A (en) Evaluation method and system based on block chain
CN111181944B (en) Communication system, information distribution method, device, medium, and apparatus
CN110505049A (en) A kind of text information transmission method, apparatus and system
CN107968764B (en) Authentication method and device
CN111081338A (en) Safe human health parameter acquisition method
KR102053993B1 (en) Method for Authenticating by using Certificate
CN116633582A (en) Secure communication method, apparatus, electronic device and storage medium
CN107395350B (en) Method and system for generating key and key handle and intelligent key safety equipment
WO2012065422A1 (en) Method for updating key of mobile terminal, and mobile terminal
CN108235807B (en) Software encryption terminal, payment terminal, software package encryption and decryption method and system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15906512

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15906512

Country of ref document: EP

Kind code of ref document: A1