WO2020186775A1 - Service data providing method, apparatus and device, and computer-readable storage medium - Google Patents

Service data providing method, apparatus and device, and computer-readable storage medium Download PDF

Info

Publication number
WO2020186775A1
WO2020186775A1 PCT/CN2019/116481 CN2019116481W WO2020186775A1 WO 2020186775 A1 WO2020186775 A1 WO 2020186775A1 CN 2019116481 W CN2019116481 W CN 2019116481W WO 2020186775 A1 WO2020186775 A1 WO 2020186775A1
Authority
WO
WIPO (PCT)
Prior art keywords
array
url request
encrypted
service data
preset
Prior art date
Application number
PCT/CN2019/116481
Other languages
French (fr)
Chinese (zh)
Inventor
花秀明
卢小龙
郑锋
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2020186775A1 publication Critical patent/WO2020186775A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • This application relates to the technical field of security protection, and in particular to a method, device, equipment and computer-readable storage medium for providing business data.
  • the business system is an online system for processing business, in which a large amount of sensitive business data is circulated, and the security of the business system is very important.
  • Some illegal users will fake URLs (Uniform/Universal Resource Locator (Uniform Resource Locator) crawls business data from business systems, which leads to business data leakage.
  • URLs Uniform/Universal Resource Locator (Uniform Resource Locator) crawls business data from business systems, which leads to business data leakage.
  • the main purpose of this application is to provide a method, device, device, and computer-readable storage medium for providing business data, aiming to ensure the security of business data.
  • this application provides a method for providing service data.
  • the method for providing service data is applied to a front-end controller of a service system.
  • the method for providing service data includes the following steps:
  • the step of performing an encryption operation on the plaintext query parameter to obtain the ciphertext query parameter includes:
  • this application also provides a method for providing service data, which is applied to a service system server, and the method for providing service data includes the following steps:
  • the step of decrypting and verifying the encrypted URL request includes:
  • this application also provides a service data providing device, and the service data providing device includes:
  • the judgment module is used for judging whether the URL request is triggered by an authenticated user when the uniform resource locator URL request is received at the front end of the business system;
  • the encryption module is used to extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
  • the replacement module is configured to replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
  • An output module configured to receive the corresponding business data returned by the business system server based on the encrypted URL request, and output the business data at the front end of the business system;
  • the encryption module includes:
  • An encryption unit configured to encrypt each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array
  • the replacement unit is used to traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with the corresponding preset according to a preset mapping relationship Character to get ciphertext query parameters.
  • this application also provides a service data providing device, and the service data providing device includes:
  • the decryption module is used to decrypt and verify the encrypted URL request when the encrypted URL request sent by the front-end controller of the business system is received;
  • the return module is used to obtain corresponding business data and return it to the front-end controller of the business system when the decryption verification is passed, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
  • the decryption module includes:
  • An extraction unit for extracting ciphertext query parameters from the encrypted URL request An extraction unit for extracting ciphertext query parameters from the encrypted URL request
  • An inverse operation unit configured to perform the inverse operation of the encryption operation on the ciphertext query parameter
  • the confirming unit is configured to confirm that the decryption verification is passed if the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation.
  • the present application also provides a service data providing device, the service data providing device including a processor, a memory, and computer-readable instructions stored on the memory and executable by the processor , When the computer-readable instructions are executed by the processor, the following steps are implemented:
  • the present application also provides a service data providing device, the service data providing device including a processor, a memory, and computer-readable instructions stored on the memory and executable by the processor , When the computer-readable instructions are executed by the processor, the following steps are implemented:
  • the corresponding service data is obtained and returned to the front-end controller of the service system, so that the front-end controller of the service system outputs the service data at the front-end of the service system.
  • the present application also provides a computer-readable storage medium having computer-readable instructions stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented :
  • the present application also provides a computer-readable storage medium having computer-readable instructions stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented :
  • the corresponding service data is obtained and returned to the front-end controller of the service system, so that the front-end controller of the service system outputs the service data at the front-end of the service system.
  • the front-end controller of the business system will first determine whether the URL request received by the front-end of the business system is triggered by an authenticated user, thus achieving the first level of security protection. If it is confirmed that the URL request is triggered by an authenticated user, Then extract the plain text query parameters in the URL request, perform an encryption operation on the plain text query parameters to obtain the cipher text query parameters, and then replace the plain text query parameters in the URL request with the cipher text query parameters to obtain the encrypted URL request.
  • the encrypted URL request is sent to the business system server, so that the business system server returns the corresponding business data based on the encrypted URL request, realizing the second level of security protection, so that it can be the authentication of the business system access and use rights Users provide business data, and malicious data crawling is prevented, ensuring the security of business data.
  • FIG. 1 is a schematic diagram of the hardware structure of the service data providing device involved in the solution of the embodiment of the application;
  • FIG. 2 is a schematic flowchart of a first embodiment of a method for providing service data of an application
  • FIG. 3 is a schematic flowchart of a second embodiment of a method for providing service data of an application
  • Fig. 4 is a schematic diagram of functional modules of the first embodiment of the service data providing apparatus of this application.
  • the service data providing method involved in the embodiments of this application is mainly applied to a service data providing device, and the service data providing device may be a personal computer (personal computer). computer, PC), server and other equipment with data processing functions.
  • FIG. 1 is a schematic diagram of the hardware structure of the service data providing device involved in the solution of the embodiment of the application.
  • the service data providing device may include a processor 1001 (for example, the central processing unit Central Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory 1005.
  • processor 1001 for example, the central processing unit Central Processing Unit, CPU
  • communication bus 1002 for example, the central processing unit Central Processing Unit, CPU
  • user interface 1003 for example, the central processing unit Central Processing Unit, CPU
  • network interface 1004 for example, the network interface 1005
  • the communication bus 1002 is used to realize the connection and communication between these components;
  • the user interface 1003 may include a display (Display), an input unit such as a keyboard (Keyboard);
  • the network interface 1004 may optionally include a standard wired interface, a wireless interface (Such as wireless fidelity WIreless-FIdelity, WI-FI interface);
  • the memory 1005 can be a high-speed random access memory (random access memory, RAM), or stable memory (non-volatile memory), such as a disk memory.
  • the memory 1005 may optionally be a storage device independent of the aforementioned processor 1001.
  • FIG. 1 does not constitute a limitation to the present application, and may include more or less components than those shown in the figure, or combine certain components, or different component arrangements.
  • the memory 1005 as a computer storage medium in FIG. 1 may include an operating system, a network communication module, and computer-readable instructions.
  • a processor 1001 can call computer-readable instructions stored in a memory 1005, and execute the service data providing method provided by each embodiment of the present application.
  • the embodiment of the application provides a method for providing service data.
  • Fig. 2 is a schematic flowchart of a first embodiment of a method for providing service data according to this application.
  • the service data providing method is applied to a front-end controller of a service system, and the service data providing method includes the following steps:
  • Step S10 When a uniform resource locator URL request is received at the front end of the business system, it is determined whether the URL request is triggered by an authenticated user;
  • Step S20 if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
  • Step S30 replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
  • Step S40 Receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
  • the business system is an online system for processing business, in which a large amount of sensitive business data is circulated, and the security of the business system is very important.
  • some illegal users will crawl business data from business systems by forging URLs, leading to business data leakage.
  • this embodiment provides a business data providing method, which can provide business data to users who have access and use rights to the business system, and prevent malicious data crawling.
  • the business system may be specifically used to process at least one of house rental and sale business, insurance business, financial business, investment business, and the like.
  • the business system includes a front-end controller and a server.
  • the front-end controller is used to process URL requests and output business data at the front end of the business system, and the server is used to manage business data.
  • Step S10 when the front end of the business system receives a uniform resource locator URL request, it is judged whether the URL request is sent by an authenticated user;
  • each business data in the business system has a unique URL (Uniform/Universal Resource Locator, uniform resource locator),
  • the URL request to access the business system includes the transmission protocol, server (usually domain name, sometimes IP address), port number, path and query parameters and other components, such as "https://www. admin5.com/article/details/56284237", where the plaintext number "56284237" after the last "/" character at the end refers to the query parameter.
  • the front-end of the business system receives a URL request, the front-end controller first performs the first level of security protection and determines whether the URL request is triggered by an authenticated user.
  • the authenticated user refers to a user who has the right to access and use the business system.
  • an authenticated user information database is pre-established in the front-end controller, and the authenticated user information database stores information such as an authenticated IP address and user ID of the authenticated user.
  • the process of the front-end controller judging whether the URL request received by the front end of the business system is triggered by an authenticated user includes: matching the IP address and user ID that triggered the URL request with the authenticated user information database, if in the authenticated user information database, match If the authentication IP address that matches the IP address that triggered the URL request is matched, or the user ID that matches the user ID that triggered the URL request is matched, it is confirmed that the URL request is triggered by the authenticated user.
  • Step S20 if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
  • the front controller confirms that the URL request is triggered by an authenticated user
  • the second level of security protection is performed. Specifically, the query parameters in the URL request are extracted, and then the query parameters are encrypted.
  • the process of encrypting query parameters is as follows:
  • the preset symmetric encryption algorithm is agreed upon between the front-end controller and the server, which can be specifically Blowfish encryption algorithm.
  • the Blowfish encryption algorithm is a block encryption algorithm developed by Bruce Schneier in 1993. It belongs to a type of symmetric encryption.
  • the Blowfish encryption algorithm is used to encrypt each element in the byte array. The speed is very fast.
  • the encryption key and decryption key of the Blowfish encryption algorithm are the same, and the result after each encryption is different, and the encrypted data is also reversible.
  • the process of using the Blowfish encryption algorithm to encrypt each array element in the query parameters includes key preprocessing and encryption.
  • a key is selected arbitrarily, and the fixed source keys of the BlowFish algorithm—pbox and sbox are transformed to obtain the following
  • the encoding method is the base64 preset in the front-end controller.
  • Base64 is one of the encoding methods used to transmit 8Bit byte codes, and is a method of representing binary data based on 64 printable characters.
  • the number “1” is encrypted as “jzr13FqdpLk”; the number “2” is encrypted as “1QFpcUgueU4"; the number “17” is encrypted as “z_O0kIFslv0", it can be seen that after the encryption operation The characters obtained have no rules to follow and are difficult to imitate or forge.
  • Step S30 replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
  • the front-end controller After obtaining the ciphertext query parameter, the front-end controller replaces the query parameter in the URL request with the ciphertext query parameter to obtain the encrypted URL request. Since the ciphertext query parameters are obtained through the above encryption operation, this type of encrypted URL request is difficult to imitate or forge. After that, the encrypted URL request is sent to the server.
  • Step S40 Receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
  • the server When the server receives the encrypted URL request, it decrypts and verifies the encrypted URL request, that is, the business system server extracts the ciphertext query parameter in the encrypted URL request, and then performs the inverse operation of the encryption operation on the ciphertext query parameter. If the inverse calculation is performed, the ciphertext query parameters can be restored to plaintext query parameters, the server confirms that the decryption verification is passed, obtains the corresponding business data and returns it to the front-end controller, and the front-end controller outputs the business data at the front end of the business system. If the ciphertext query parameters cannot be restored after the inverse operation, or the restoration becomes a pile of garbled codes, the server confirms that the decryption verification fails, and intercepts the malicious URL request.
  • the front-end controller will intercept it to achieve the first level of security protection; even if a malicious request that imitates the encrypted URL request format can be delivered to the server, because the server The received URL request will be decrypted and verified, and the malicious URL request is not obtained based on the encryption operation method in this embodiment.
  • the decryption verification of the malicious URL request cannot be passed, and the server will also intercept the malicious URL request to achieve
  • the second level of security protection through the above two levels of security protection, the possibility of business data being crawled is greatly reduced, the security of the business system is improved, and the security of business data is guaranteed.
  • the front-end controller of the service system will first determine whether the URL request received by the front-end of the service system is triggered by an authenticated user, which realizes the first level of security protection. If it is confirmed that the URL request is triggered by an authenticated user , Extract the plaintext query parameters in the URL request, perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters, and then replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain the encrypted URL request, After that, the encrypted URL request is sent to the business system server, so that the business system server returns the corresponding business data based on the encrypted URL request, realizing the second level of security protection. In this way, it can be used by those who have the right to access and use the business system. Authenticated users provide business data, and malicious data crawling is prevented, ensuring the security of business data.
  • a second embodiment of the method for providing service data of this application is proposed based on the first embodiment.
  • the difference between the second embodiment of the service data providing method and the first embodiment of the service data providing method is that, referring to FIG. 3, the service data providing method in this embodiment is applied to a service system server, and the service data providing method includes the following step:
  • Step S50 when receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
  • the business system server when the business system server receives the encrypted URL request sent by the front-end controller, it decrypts and verifies the encrypted URL request, that is, the business system server extracts the ciphertext query parameters in the encrypted URL request, and The ciphertext query parameter performs the inverse operation of the encryption operation. After the inverse operation, the ciphertext query parameter can be restored to the query parameter of the plaintext number, and the decryption verification is determined to pass.
  • the process of the inverse operation of the encryption operation performed by the business system server on the ciphertext query parameters is as follows:
  • blowfish symmetric encryption algorithm agreed with the front controller to decrypt each element in the decoded byte array, that is, decrypt each element in the decoded byte array with the keys key_pbox and key_sbox to obtain the decrypted byte array ;
  • Step S60 When the decryption verification is passed, the corresponding business data is obtained and returned to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system.
  • the business system server passes the decryption verification, it obtains the corresponding business data and returns it to the business system front-end controller, and the business system front-end controller outputs the business data at the front-end of the business system. If the ciphertext query parameters cannot be restored after the inverse operation, or the restoration becomes a pile of garbled codes, the server confirms that the decryption verification fails, and intercepts the malicious URL request.
  • the server will decrypt and verify the received URL request, and the malicious URL request is not obtained based on the encryption operation method in this embodiment, which is aimed at malicious
  • the decryption verification of the URL request cannot be passed, and the server will also intercept the malicious URL request.
  • it can provide business data for authenticated users who have access and use rights to the business system, and can intercept malicious URL requests based on encryption operations and decryption verification. It greatly reduces the possibility of business data being crawled.
  • the embodiment of the present application also provides a service data providing device.
  • Fig. 4 is a schematic diagram of the functional modules of the first embodiment of the service data providing apparatus of this application.
  • the service data providing device includes:
  • the judging module 10 is used for judging whether the URL request is triggered by an authenticated user when a uniform resource locator URL request is received at the front end of the business system;
  • the encryption module 20 is configured to, if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
  • the replacement module 30 is configured to replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
  • the output module 40 is configured to receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
  • each virtual function module of the above-mentioned service data providing apparatus is stored in the memory 1005 of the service data providing device shown in FIG. 1, and is used to realize all the functions of computer-readable instructions; when each module is executed by the processor 1001, multiple functions are realized.
  • Security protection can provide business data to authenticated users with business system access and use rights, and prevent malicious data crawling, ensuring the security of business data.
  • the encryption module 20 includes:
  • An encryption unit configured to encrypt each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array
  • the replacement unit is used to traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding presets according to a preset mapping relationship Character to get the ciphertext query parameter.
  • the encryption unit includes:
  • the preprocessing subunit is used to preprocess the source key of the preset symmetric encryption algorithm to obtain the key;
  • the encryption subunit is used to encrypt each element in the array using the key to obtain an encrypted array.
  • the service data providing device further includes:
  • the interception module is used to intercept the URL request if not.
  • the service data providing device further includes:
  • the decryption module is used to decrypt and verify the encrypted URL request when the encrypted URL request sent by the front-end controller of the business system is received;
  • the return module is used to obtain corresponding business data and return it to the front-end controller of the business system when the decryption verification is passed, so that the front-end controller of the business system outputs the business data at the front-end of the business system.
  • the decryption module includes:
  • An extraction unit for extracting ciphertext query parameters from the encrypted URL request An extraction unit for extracting ciphertext query parameters from the encrypted URL request
  • An inverse operation unit configured to perform the inverse operation of the encryption operation on the ciphertext query parameter
  • the confirming unit is configured to confirm that the decryption verification is passed if the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation.
  • the inverse operation unit includes:
  • the replacement subunit is used to traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding one according to the preset mapping relationship
  • the decryption subunit is used to decrypt each element in the decoded array by using a preset symmetric encryption algorithm to obtain a decrypted array;
  • the atomic reduction unit is used to restore the decrypted array to plaintext query parameters.
  • each module in the above-mentioned service data providing apparatus corresponds to each step in the above-mentioned embodiment of the service data providing method, and the function and realization process thereof will not be repeated here.
  • the embodiments of the present application also provide a computer-readable storage medium, and the computer-readable storage medium may be a non-volatile readable storage medium.
  • the computer-readable storage medium of the present application stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the steps of the above-mentioned service data providing method are realized.
  • the method of the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is better. ⁇
  • the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , Magnetic disk, optical disk), including several instructions to make a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present application.
  • a terminal device which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The present application falls within the technical field of security protection, and provides a service data providing method, apparatus and device, and a computer-readable storage medium. The method comprises: when a front end of a service system receives a uniform resource locator (URL) request, determining whether the URL request is triggered by an authenticated user; if so, extracting a plaintext query parameter from the URL request, and carrying out an encryption operation on the plaintext query parameter to obtain a ciphertext query parameter; replacing the plaintext query parameter in the URL request with the ciphertext query parameter to obtain an encrypted URL request, and sending the encrypted URL request to a service system server; and receiving corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system. The present application guarantees the security of service data.

Description

业务数据提供方法、装置、设备及计算机可读存储介质 Business data providing method, device, equipment and computer readable storage medium To
本申请要求于2019年3月15日提交中国专利局、申请号为201910198502.2、发明名称为“业务数据提供方法、装置、设备及计算机可读存储介质”的中国专利申请的优先权,其全部内容通过引用结合在申请中。This application claims the priority of a Chinese patent application filed with the Chinese Patent Office, the application number is 201910198502.2, and the invention title is "business data providing methods, devices, equipment and computer-readable storage media" on March 15, 2019, and its entire contents Incorporated in the application by reference.
技术领域Technical field
本申请涉及安全防护技术领域,尤其涉及一种业务数据提供方法、装置、设备及计算机可读存储介质。This application relates to the technical field of security protection, and in particular to a method, device, equipment and computer-readable storage medium for providing business data.
背景技术Background technique
业务系统作为处理业务的线上系统,其中流转有大量的敏感业务数据,业务系统的安全至关重要。然而,一些非法用户会通过伪造URL(Uniform/Universal Resource Locator,统一资源定位符)的方式从业务系统爬取业务数据,导致业务数据泄露。The business system is an online system for processing business, in which a large amount of sensitive business data is circulated, and the security of the business system is very important. However, some illegal users will fake URLs (Uniform/Universal Resource Locator (Uniform Resource Locator) crawls business data from business systems, which leads to business data leakage.
发明内容Summary of the invention
本申请的主要目的在于提供一种业务数据提供方法、装置、设备及计算机可读存储介质,旨在保障业务数据的安全。The main purpose of this application is to provide a method, device, device, and computer-readable storage medium for providing business data, aiming to ensure the security of business data.
为实现上述目的,本申请提供一种业务数据提供方法,所述业务数据提供方法应用于业务系统前端控制器,所述业务数据提供方法包括以下步骤:In order to achieve the above objective, this application provides a method for providing service data. The method for providing service data is applied to a front-end controller of a service system. The method for providing service data includes the following steps:
在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system;
其中,所述对所述明文查询参数进行加密运算,得到密文查询参数的步骤包括:Wherein, the step of performing an encryption operation on the plaintext query parameter to obtain the ciphertext query parameter includes:
将所述明文查询参数转换成预设长度的数组;Converting the plaintext query parameter into an array of preset length;
通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;Encrypt each element in the array by a preset symmetric encryption algorithm to obtain an encrypted array;
对所述加密数组进行编码,得到编码数组;Encode the encrypted array to obtain an encoded array;
遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。Traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding preset characters according to the preset mapping relationship to obtain the ciphertext Query parameters.
此外,为实现上述目的,本申请还提供一种业务数据提供方法,所述业务数据提供方法应用于业务系统服务器,所述业务数据提供方法包括以下步骤:In addition, in order to achieve the above objective, this application also provides a method for providing service data, which is applied to a service system server, and the method for providing service data includes the following steps:
在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;When the decryption verification is passed, obtain the corresponding business data and return it to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
其中,所述对所述加密URL请求进行解密验证的步骤包括:Wherein, the step of decrypting and verifying the encrypted URL request includes:
从所述加密URL请求中提取出密文查询参数;Extracting ciphertext query parameters from the encrypted URL request;
对所述密文查询参数进行所述加密运算的逆运算;Performing the inverse operation of the encryption operation on the ciphertext query parameter;
若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。If the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation, it is confirmed that the decryption verification is passed.
此外,为实现上述目的,本申请还提供业务数据提供装置,所述业务数据提供装置包括:In addition, in order to achieve the above-mentioned purpose, this application also provides a service data providing device, and the service data providing device includes:
判断模块,用于在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;The judgment module is used for judging whether the URL request is triggered by an authenticated user when the uniform resource locator URL request is received at the front end of the business system;
加密模块,用于若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;The encryption module is used to extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
替换模块,用于将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;The replacement module is configured to replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
输出模块,用于接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;An output module, configured to receive the corresponding business data returned by the business system server based on the encrypted URL request, and output the business data at the front end of the business system;
其中,所述加密模块包括:Wherein, the encryption module includes:
转换单元,用于将所述明文查询参数转换成预设长度的数组;A conversion unit for converting the plaintext query parameter into an array of preset length;
加密单元,用于通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;An encryption unit, configured to encrypt each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array;
编码单元,用于对所述加密数组进行编码,得到编码数组;An encoding unit for encoding the encrypted array to obtain an encoding array;
替换单元,用于遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。The replacement unit is used to traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with the corresponding preset according to a preset mapping relationship Character to get ciphertext query parameters.
此外,为实现上述目的,本申请还提供业务数据提供装置,所述业务数据提供装置包括:In addition, in order to achieve the above-mentioned purpose, this application also provides a service data providing device, and the service data providing device includes:
解密模块,用于在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;The decryption module is used to decrypt and verify the encrypted URL request when the encrypted URL request sent by the front-end controller of the business system is received;
返回模块,用于在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;The return module is used to obtain corresponding business data and return it to the front-end controller of the business system when the decryption verification is passed, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
其中,所述解密模块包括:Wherein, the decryption module includes:
提取单元,用于从所述加密URL请求中提取出密文查询参数;An extraction unit for extracting ciphertext query parameters from the encrypted URL request;
逆运算单元,用于对所述密文查询参数进行所述加密运算的逆运算;An inverse operation unit, configured to perform the inverse operation of the encryption operation on the ciphertext query parameter;
确认单元,用于若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。The confirming unit is configured to confirm that the decryption verification is passed if the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation.
此外,为实现上述目的,本申请还提供一种业务数据提供设备,所述业务数据提供设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机可读指令,其中所述计算机可读指令被所述处理器执行时,实现如下步骤:In addition, in order to achieve the above objective, the present application also provides a service data providing device, the service data providing device including a processor, a memory, and computer-readable instructions stored on the memory and executable by the processor , When the computer-readable instructions are executed by the processor, the following steps are implemented:
在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据。Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system.
此外,为实现上述目的,本申请还提供一种业务数据提供设备,所述业务数据提供设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机可读指令,其中所述计算机可读指令被所述处理器执行时,实现如下步骤:In addition, in order to achieve the above objective, the present application also provides a service data providing device, the service data providing device including a processor, a memory, and computer-readable instructions stored on the memory and executable by the processor , When the computer-readable instructions are executed by the processor, the following steps are implemented:
在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据。When the decryption verification is passed, the corresponding service data is obtained and returned to the front-end controller of the service system, so that the front-end controller of the service system outputs the service data at the front-end of the service system.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机可读指令,其中所述计算机可读指令被处理器执行时,实现如下步骤:In addition, in order to achieve the above object, the present application also provides a computer-readable storage medium having computer-readable instructions stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented :
在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据。Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system.
此外,为实现上述目的,本申请还提供一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机可读指令,其中所述计算机可读指令被处理器执行时,实现如下步骤:In addition, in order to achieve the above object, the present application also provides a computer-readable storage medium having computer-readable instructions stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented :
在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据。When the decryption verification is passed, the corresponding service data is obtained and returned to the front-end controller of the service system, so that the front-end controller of the service system outputs the service data at the front-end of the service system.
本申请提出的业务数据提供方法,业务系统前端控制器首先会判断业务系统前端接收到的URL请求是否由认证用户触发,实现了第一重安全防护,如果确认该URL请求是由认证用户触发,则提取该URL请求中的明文查询参数,对该明文查询参数进行加密运算,得到密文查询参数,然后将该URL请求中的明文查询参数替换为该密文查询参数,得到加密URL请求,之后,将该加密URL请求发送至业务系统服务器,使得业务系统服务器基于该加密URL请求返回相应的业务数据,实现了第二重的安全防护,如此,便可以为拥有业务系统访问和使用权限的认证用户提供业务数据,而防止恶意的数据爬取,保障了业务数据的安全。In the business data provision method proposed in this application, the front-end controller of the business system will first determine whether the URL request received by the front-end of the business system is triggered by an authenticated user, thus achieving the first level of security protection. If it is confirmed that the URL request is triggered by an authenticated user, Then extract the plain text query parameters in the URL request, perform an encryption operation on the plain text query parameters to obtain the cipher text query parameters, and then replace the plain text query parameters in the URL request with the cipher text query parameters to obtain the encrypted URL request. , The encrypted URL request is sent to the business system server, so that the business system server returns the corresponding business data based on the encrypted URL request, realizing the second level of security protection, so that it can be the authentication of the business system access and use rights Users provide business data, and malicious data crawling is prevented, ensuring the security of business data.
附图说明Description of the drawings
图1为本申请实施例方案中涉及的业务数据提供设备的硬件结构示意图;FIG. 1 is a schematic diagram of the hardware structure of the service data providing device involved in the solution of the embodiment of the application;
图2为本申请业务数据提供方法第一实施例的流程示意图;FIG. 2 is a schematic flowchart of a first embodiment of a method for providing service data of an application;
图3为本申请业务数据提供方法第二实施例的流程示意图;FIG. 3 is a schematic flowchart of a second embodiment of a method for providing service data of an application;
图4为本申请业务数据提供装置第一实施例的功能模块示意图。Fig. 4 is a schematic diagram of functional modules of the first embodiment of the service data providing apparatus of this application.
本申请目的的实现、功能特点及优点将结合实施例,参照附图做进一步说明。The realization, functional characteristics, and advantages of the purpose of this application will be further described in conjunction with the embodiments and with reference to the accompanying drawings.
具体实施方式detailed description
应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。It should be understood that the specific embodiments described here are only used to explain the application, and are not used to limit the application.
本申请实施例涉及的业务数据提供方法主要应用于业务数据提供设备,该业务数据提供设备可以是个人计算机(personal computer,PC)、服务器等具有数据处理功能的设备。The service data providing method involved in the embodiments of this application is mainly applied to a service data providing device, and the service data providing device may be a personal computer (personal computer). computer, PC), server and other equipment with data processing functions.
参照图1,图1为本申请实施例方案中涉及的业务数据提供设备的硬件结构示意图。本申请实施例中,业务数据提供设备可以包括处理器1001(例如中央处理器Central Processing Unit,CPU),通信总线1002,用户接口1003,网络接口1004,存储器1005。其中,通信总线1002用于实现这些组件之间的连接通信;用户接口1003可以包括显示屏(Display)、输入单元比如键盘(Keyboard);网络接口1004可选的可以包括标准的有线接口、无线接口(如无线保真WIreless-FIdelity,WI-FI接口);存储器1005可以是高速随机存取存储器(random access memory,RAM),也可以是稳定的存储器(non-volatile memory),例如磁盘存储器,存储器1005可选的还可以是独立于前述处理器1001的存储装置。本领域技术人员可以理解,图1中示出的硬件结构并不构成对本申请的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。Referring to FIG. 1, FIG. 1 is a schematic diagram of the hardware structure of the service data providing device involved in the solution of the embodiment of the application. In the embodiment of the present application, the service data providing device may include a processor 1001 (for example, the central processing unit Central Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory 1005. Among them, the communication bus 1002 is used to realize the connection and communication between these components; the user interface 1003 may include a display (Display), an input unit such as a keyboard (Keyboard); the network interface 1004 may optionally include a standard wired interface, a wireless interface (Such as wireless fidelity WIreless-FIdelity, WI-FI interface); the memory 1005 can be a high-speed random access memory (random access memory, RAM), or stable memory (non-volatile memory), such as a disk memory. The memory 1005 may optionally be a storage device independent of the aforementioned processor 1001. Those skilled in the art can understand that the hardware structure shown in FIG. 1 does not constitute a limitation to the present application, and may include more or less components than those shown in the figure, or combine certain components, or different component arrangements.
继续参照图1,图1中作为一种计算机存储介质的存储器1005可以包括操作系统、网络通信模块以及计算机可读指令。在图1中,处理器1001可以调用存储器1005中存储的计算机可读指令,并执行本申请各实施例提供的业务数据提供方法。Continuing to refer to FIG. 1, the memory 1005 as a computer storage medium in FIG. 1 may include an operating system, a network communication module, and computer-readable instructions. In FIG. 1, a processor 1001 can call computer-readable instructions stored in a memory 1005, and execute the service data providing method provided by each embodiment of the present application.
本申请实施例提供了一种业务数据提供方法。The embodiment of the application provides a method for providing service data.
参照图2,图2为本申请业务数据提供方法第一实施例的流程示意图。Referring to Fig. 2, Fig. 2 is a schematic flowchart of a first embodiment of a method for providing service data according to this application.
本实施例中,所述业务数据提供方法应用于业务系统前端控制器,所述业务数据提供方法包括以下步骤:In this embodiment, the service data providing method is applied to a front-end controller of a service system, and the service data providing method includes the following steps:
步骤S10,在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;Step S10: When a uniform resource locator URL request is received at the front end of the business system, it is determined whether the URL request is triggered by an authenticated user;
步骤S20,若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;Step S20, if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
步骤S30,将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Step S30, replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
步骤S40,接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据。Step S40: Receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
业务系统作为处理业务的线上系统,其中流转有大量的敏感业务数据,业务系统的安全至关重要。然而,一些非法用户会通过伪造URL的方式从业务系统爬取业务数据,导致业务数据泄露。对此,本实施例提供一种业务数据提供方法,可以为拥有业务系统访问和使用权限的用户提供业务数据,而防止恶意的数据爬取。The business system is an online system for processing business, in which a large amount of sensitive business data is circulated, and the security of the business system is very important. However, some illegal users will crawl business data from business systems by forging URLs, leading to business data leakage. In this regard, this embodiment provides a business data providing method, which can provide business data to users who have access and use rights to the business system, and prevent malicious data crawling.
在本实施例中,业务系统具体可以用于处理房屋租售业务、保险业务、金融业务和投资业务等中的至少一种。业务系统包括前端控制器和服务器,前端控制器用于处理URL请求和在业务系统前端输出业务数据,服务器用于管理业务数据。In this embodiment, the business system may be specifically used to process at least one of house rental and sale business, insurance business, financial business, investment business, and the like. The business system includes a front-end controller and a server. The front-end controller is used to process URL requests and output business data at the front end of the business system, and the server is used to manage business data.
以下是本实施例中实现业务数据提供的各个步骤:The following are the steps for implementing business data provision in this embodiment:
步骤S10,在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户发送;Step S10, when the front end of the business system receives a uniform resource locator URL request, it is judged whether the URL request is sent by an authenticated user;
在本实施例中,业务系统中的每种业务数据都有一个唯一的URL(Uniform/Universal Resource Locator,统一资源定位符),访问业务系统的URL请求包括传送协议、服务器(通常为域名,有时为IP地址)、端口号、路径和查询参数等组成部分,形如“https://www.admin5.com/article/details/56284237”,其中,末尾最后一个“/”字符后的明文数字“56284237”指的就是查询参数。当业务系统前端接收到URL请求时,前端控制器首先进行第一重安全防护,判断该URL请求是否是由认证用户触发的,认证用户指的是拥有业务系统访问和使用权限的用户。具体地,前端控制器中预先建立有认证用户信息库,该认证用户信息库中存储有认证用户的认证IP地址和用户ID等信息。前端控制器判断业务系统前端接收到的URL请求是否由认证用户触发的过程包括:将触发该URL请求的IP地址和用户ID,与认证用户信息库进行匹配,如果在认证用户信息库中,匹配到与触发该URL请求的IP地址相符合的认证IP地址,或匹配到与触发该URL请求的用户ID相符合的用户ID,则确认该URL请求是由认证用户触发的。In this embodiment, each business data in the business system has a unique URL (Uniform/Universal Resource Locator, uniform resource locator), the URL request to access the business system includes the transmission protocol, server (usually domain name, sometimes IP address), port number, path and query parameters and other components, such as "https://www. admin5.com/article/details/56284237", where the plaintext number "56284237" after the last "/" character at the end refers to the query parameter. When the front-end of the business system receives a URL request, the front-end controller first performs the first level of security protection and determines whether the URL request is triggered by an authenticated user. The authenticated user refers to a user who has the right to access and use the business system. Specifically, an authenticated user information database is pre-established in the front-end controller, and the authenticated user information database stores information such as an authenticated IP address and user ID of the authenticated user. The process of the front-end controller judging whether the URL request received by the front end of the business system is triggered by an authenticated user includes: matching the IP address and user ID that triggered the URL request with the authenticated user information database, if in the authenticated user information database, match If the authentication IP address that matches the IP address that triggered the URL request is matched, or the user ID that matches the user ID that triggered the URL request is matched, it is confirmed that the URL request is triggered by the authenticated user.
步骤S20,若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;Step S20, if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
如果前端控制器确认该URL请求是由认证用户触发的,则进行第二重安全防护,具体地,提取出URL请求中的查询参数,然后对该查询参数进行加密运算,前端控制器对提取的查询参数进行加密运算的过程如下:If the front controller confirms that the URL request is triggered by an authenticated user, the second level of security protection is performed. Specifically, the query parameters in the URL request are extracted, and then the query parameters are encrypted. The process of encrypting query parameters is as follows:
a、将明文数字的查询参数转换成预设长度的byte数组,该预设长度为固定长度,具体值为8位;a. Convert the query parameter of the plaintext number into a byte array of preset length, the preset length is a fixed length, and the specific value is 8 bits;
b、通过预设对称加密算法对byte数组中的每个元素进行加密,得到加密byte数组;b. Encrypt each element in the byte array through a preset symmetric encryption algorithm to obtain an encrypted byte array;
其中,该预设对称加密算法是前端控制器与服务器约定好的,具体可以为 Blowfish加密算法,Blowfish加密算法是布鲁斯·施奈尔于1993年开发的区块加密算法,属于对称加密的一种,使用Blowfish加密算法对byte数组中的每个元素进行加密,速度非常快,另外Blowfish加密算法加密的密钥和解密的密钥是相同的,且每次加密之后的结果是不同的,加密后的数据也是可逆的。利用Blowfish加密算法对查询参数中的每个数组元素进行加密的过程包括密钥预处理和加密,具体地,任意选择一个key,对BlowFish算法的固定源密钥—pbox和sbox进行变换,得到下一步数据加密所要用的密钥key_pbox和key_sbox,之后,使用密钥key_pbox和key_sbox对byte数组中的每个元素进行加密,即可得到加密byte数组。Among them, the preset symmetric encryption algorithm is agreed upon between the front-end controller and the server, which can be specifically Blowfish encryption algorithm. The Blowfish encryption algorithm is a block encryption algorithm developed by Bruce Schneier in 1993. It belongs to a type of symmetric encryption. The Blowfish encryption algorithm is used to encrypt each element in the byte array. The speed is very fast. The encryption key and decryption key of the Blowfish encryption algorithm are the same, and the result after each encryption is different, and the encrypted data is also reversible. The process of using the Blowfish encryption algorithm to encrypt each array element in the query parameters includes key preprocessing and encryption. Specifically, a key is selected arbitrarily, and the fixed source keys of the BlowFish algorithm—pbox and sbox are transformed to obtain the following The keys key_pbox and key_sbox used for one-step data encryption, and then use the keys key_pbox and key_sbox to encrypt each element in the byte array to obtain the encrypted byte array.
c、对加密byte数组进行编码,得到编码byte数组;c. Encode the encrypted byte array to obtain the encoded byte array;
其中,编码方式是前端控制器中预先设定的base64,Base64是用于传输8Bit字节码的编码方式之一,是一种基于64个可打印字符来表示二进制数据的方法。Among them, the encoding method is the base64 preset in the front-end controller. Base64 is one of the encoding methods used to transmit 8Bit byte codes, and is a method of representing binary data based on 64 printable characters.
d、遍历编码byte数组中的每个元素,确定易混元素,并按照易混字符与预设字符之间的映射关系,将编码byte数组中的易混元素替换为预设字符,得到字符串密文,例如,将易混字符“=”替换成下划线“_”,将得到的字符串密文定义为密文查询参数。例如,通过上述处理,数字“1”,被加密为“jzr13FqdpLk”;数字“2”,被加密为“1QFpcUgueU4”;数字“17”,被加密为“z_O0kIFslv0”,可以看出,经加密运算后得到的字符,毫无规律可循,很难模仿或伪造。d. Traverse each element in the coded byte array to determine the easily mixed elements, and according to the mapping relationship between the easily mixed characters and the preset characters, replace the easily mixed elements in the coded byte array with the preset characters to obtain the string For ciphertext, for example, replace the mixed character "=" with an underscore "_", and define the obtained string ciphertext as a ciphertext query parameter. For example, through the above processing, the number "1" is encrypted as "jzr13FqdpLk"; the number "2" is encrypted as "1QFpcUgueU4"; the number "17" is encrypted as "z_O0kIFslv0", it can be seen that after the encryption operation The characters obtained have no rules to follow and are difficult to imitate or forge.
步骤S30,将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Step S30, replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
在得到密文查询参数后,前端控制器将URL请求中的查询参数替换为该密文查询参数,即得到加密URL请求。由于密文查询参数是经过上述加密运算得到的,这种类型的加密URL请求难以被模仿或伪造。之后,将加密URL请求发送至服务器。After obtaining the ciphertext query parameter, the front-end controller replaces the query parameter in the URL request with the ciphertext query parameter to obtain the encrypted URL request. Since the ciphertext query parameters are obtained through the above encryption operation, this type of encrypted URL request is difficult to imitate or forge. After that, the encrypted URL request is sent to the server.
步骤S40,接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据。Step S40: Receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
服务器在接收到该加密URL请求时,对该加密URL请求进行解密验证,即,业务系统服务器提取出加密URL请求中的密文查询参数,然后对该密文查询参数进行加密运算的逆运算,如果经过逆运算,可以将密文查询参数还原成为明文数字的查询参数,服务器则确认解密验证通过,获取相应的业务数据返回至前端控制器,前端控制器则在业务系统前端输出该业务数据。如果经过逆运算,密文查询参数无法还原,或者还原成为一堆乱码,服务器则确认解密验证不通过,则拦截该恶意URL请求。When the server receives the encrypted URL request, it decrypts and verifies the encrypted URL request, that is, the business system server extracts the ciphertext query parameter in the encrypted URL request, and then performs the inverse operation of the encryption operation on the ciphertext query parameter. If the inverse calculation is performed, the ciphertext query parameters can be restored to plaintext query parameters, the server confirms that the decryption verification is passed, obtains the corresponding business data and returns it to the front-end controller, and the front-end controller outputs the business data at the front end of the business system. If the ciphertext query parameters cannot be restored after the inverse operation, or the restoration becomes a pile of garbled codes, the server confirms that the decryption verification fails, and intercepts the malicious URL request.
通过上述方式,如果业务系统前端接收的不是认证用户的URL请求,前端控制器会对其进行拦截,实现了第一重安全防护;即使模仿加密URL请求格式的恶意请求能够送达服务器,由于服务器会对接收到的URL请求进行解密验证,而恶意URL请求不是基于本实施例中的加密运算方式得到的,针对恶意URL请求的解密验证是无法通过的,服务器也会拦截该恶意URL请求,实现了第二重安全防护,通过上述两重安全防护,极大程度地减少了业务数据被爬取的可能性,提升了业务系统的安全性,保障了业务数据的安全。Through the above method, if the front-end of the business system receives a URL request that is not an authenticated user, the front-end controller will intercept it to achieve the first level of security protection; even if a malicious request that imitates the encrypted URL request format can be delivered to the server, because the server The received URL request will be decrypted and verified, and the malicious URL request is not obtained based on the encryption operation method in this embodiment. The decryption verification of the malicious URL request cannot be passed, and the server will also intercept the malicious URL request to achieve With the second level of security protection, through the above two levels of security protection, the possibility of business data being crawled is greatly reduced, the security of the business system is improved, and the security of business data is guaranteed.
本实施例提出的业务数据提供方法,业务系统前端控制器首先会判断业务系统前端接收到的URL请求是否由认证用户触发,实现了第一重安全防护,如果确认该URL请求是由认证用户触发,则提取该URL请求中的明文查询参数,对该明文查询参数进行加密运算,得到密文查询参数,然后将该URL请求中的明文查询参数替换为该密文查询参数,得到加密URL请求,之后,将该加密URL请求发送至业务系统服务器,使得业务系统服务器基于该加密URL请求返回相应的业务数据,实现了第二重的安全防护,如此,便可以为拥有业务系统访问和使用权限的认证用户提供业务数据,而防止恶意的数据爬取,保障了业务数据的安全。In the service data providing method proposed in this embodiment, the front-end controller of the service system will first determine whether the URL request received by the front-end of the service system is triggered by an authenticated user, which realizes the first level of security protection. If it is confirmed that the URL request is triggered by an authenticated user , Extract the plaintext query parameters in the URL request, perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters, and then replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain the encrypted URL request, After that, the encrypted URL request is sent to the business system server, so that the business system server returns the corresponding business data based on the encrypted URL request, realizing the second level of security protection. In this way, it can be used by those who have the right to access and use the business system. Authenticated users provide business data, and malicious data crawling is prevented, ensuring the security of business data.
进一步地,基于第一实施例提出本申请业务数据提供方法的第二实施例。业务数据提供方法的第二实施例与业务数据提供方法的第一实施例的区别在于,参照图3,本实施例中的业务数据提供方法应用于业务系统服务器,所述业务数据提供方法包括以下步骤:Further, a second embodiment of the method for providing service data of this application is proposed based on the first embodiment. The difference between the second embodiment of the service data providing method and the first embodiment of the service data providing method is that, referring to FIG. 3, the service data providing method in this embodiment is applied to a service system server, and the service data providing method includes the following step:
步骤S50,在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;Step S50, when receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
在本实施例中,业务系统服务器在接收到前端控制器发送的加密URL请求时,对该加密URL请求进行解密验证,即,业务系统服务器提取出加密URL请求中的密文查询参数,对该密文查询参数进行加密运算的逆运算,如果经过逆运算,可以将密文查询参数还原成为明文数字的查询参数,则确定解密验证通过。业务系统服务器对密文查询参数进行加密运算的逆运算的过程如下:In this embodiment, when the business system server receives the encrypted URL request sent by the front-end controller, it decrypts and verifies the encrypted URL request, that is, the business system server extracts the ciphertext query parameters in the encrypted URL request, and The ciphertext query parameter performs the inverse operation of the encryption operation. After the inverse operation, the ciphertext query parameter can be restored to the query parameter of the plaintext number, and the decryption verification is determined to pass. The process of the inverse operation of the encryption operation performed by the business system server on the ciphertext query parameters is as follows:
e、遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照易混字符与预设字符之间的映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码byte数组,即确定密文查询参数中被替换过的字符,对被替换过的字符进行还原;e. Traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and according to the mapping relationship between the mixed character and the preset character, the found preset Replace the characters with the corresponding ambiguity characters to obtain the byte array to be decoded, that is, determine the characters that have been replaced in the ciphertext query parameters, and restore the characters that have been replaced;
f、对待解码byte数组进行base64解码,得到解码byte数组;f. Perform base64 decoding on the byte array to be decoded to obtain the decoded byte array;
g、利用与前端控制器约定好的blowfish对称加密算法对解码byte数组中的每个元素进行解密,即通过密钥key_pbox和key_sbox对解码byte数组中的每个元素进行解密,可得到解密byte数组;g. Use the blowfish symmetric encryption algorithm agreed with the front controller to decrypt each element in the decoded byte array, that is, decrypt each element in the decoded byte array with the keys key_pbox and key_sbox to obtain the decrypted byte array ;
h、将解密byte数组转化为明文数字;h. Convert the decrypted byte array into plaintext numbers;
经过上述处理,如果可以将密文查询参数还原成为明文数字的查询参数,则确定解密验证通过。After the above processing, if the ciphertext query parameter can be restored to the query parameter of the plaintext number, it is determined that the decryption verification is passed.
步骤S60,在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据。Step S60: When the decryption verification is passed, the corresponding business data is obtained and returned to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system.
业务系统服务器在解密验证通过时,获取相应的业务数据返回至业务系统前端控制器,业务系统前端控制器则在业务系统前端输出该业务数据。如果经过逆运算,密文查询参数无法还原,或者还原成为一堆乱码,服务器则确认解密验证不通过,则拦截该恶意URL请求。When the business system server passes the decryption verification, it obtains the corresponding business data and returns it to the business system front-end controller, and the business system front-end controller outputs the business data at the front-end of the business system. If the ciphertext query parameters cannot be restored after the inverse operation, or the restoration becomes a pile of garbled codes, the server confirms that the decryption verification fails, and intercepts the malicious URL request.
通过上述方式,即使模仿加密URL请求格式的恶意请求能够送达服务器,由于服务器会对接收到的URL请求进行解密验证,而恶意URL请求不是基于本实施例中的加密运算方式得到的,针对恶意URL请求的解密验证是无法通过的,服务器也会拦截该恶意URL请求,如此,可以为拥有业务系统访问和使用权限的认证用户提供业务数据,而可以基于加密运算和解密验证拦截恶意URL请求,极大程度的减少了业务数据被爬取的可能性。Through the above method, even if a malicious request imitating the encrypted URL request format can be delivered to the server, the server will decrypt and verify the received URL request, and the malicious URL request is not obtained based on the encryption operation method in this embodiment, which is aimed at malicious The decryption verification of the URL request cannot be passed, and the server will also intercept the malicious URL request. In this way, it can provide business data for authenticated users who have access and use rights to the business system, and can intercept malicious URL requests based on encryption operations and decryption verification. It greatly reduces the possibility of business data being crawled.
此外,本申请实施例还提供一种业务数据提供装置。In addition, the embodiment of the present application also provides a service data providing device.
参照图4,图4为本申请业务数据提供装置第一实施例的功能模块示意图。Referring to Fig. 4, Fig. 4 is a schematic diagram of the functional modules of the first embodiment of the service data providing apparatus of this application.
本实施例中,所述业务数据提供装置包括: In this embodiment, the service data providing device includes:
判断模块10,用于在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;The judging module 10 is used for judging whether the URL request is triggered by an authenticated user when a uniform resource locator URL request is received at the front end of the business system;
加密模块20,用于若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;The encryption module 20 is configured to, if yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
替换模块30,用于将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;The replacement module 30 is configured to replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
输出模块40,用于接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据。The output module 40 is configured to receive the corresponding service data returned by the service system server based on the encrypted URL request, and output the service data at the front end of the service system.
其中,上述业务数据提供装置的各虚拟功能模块存储于图1所示业务数据提供设备的存储器1005中,用于实现计算机可读指令的所有功能;各模块被处理器1001执行时,实现了多重安全防护,可以为拥有业务系统访问和使用权限的认证用户提供业务数据,而防止恶意的数据爬取,保障了业务数据的安全。Among them, each virtual function module of the above-mentioned service data providing apparatus is stored in the memory 1005 of the service data providing device shown in FIG. 1, and is used to realize all the functions of computer-readable instructions; when each module is executed by the processor 1001, multiple functions are realized. Security protection can provide business data to authenticated users with business system access and use rights, and prevent malicious data crawling, ensuring the security of business data.
进一步的,所述加密模块20包括: Further, the encryption module 20 includes:
转换单元,用于将所述明文查询参数转换成预设长度的数组;A conversion unit for converting the plaintext query parameter into an array of preset length;
加密单元,用于通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;An encryption unit, configured to encrypt each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array;
编码单元,用于对所述加密数组进行编码,得到编码数组;An encoding unit for encoding the encrypted array to obtain an encoding array;
替换单元,用于遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。The replacement unit is used to traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding presets according to a preset mapping relationship Character to get the ciphertext query parameter.
进一步的,所述加密单元包括: Further, the encryption unit includes:
预处理子单元,用于对所述预设对称加密算法的源密钥进行预处理,得到密钥;The preprocessing subunit is used to preprocess the source key of the preset symmetric encryption algorithm to obtain the key;
加密子单元,用于使用所述密钥对所述数组中的每个元素进行加密,得到加密数组。The encryption subunit is used to encrypt each element in the array using the key to obtain an encrypted array.
进一步的,所述业务数据提供装置还包括:Further, the service data providing device further includes:
拦截模块,用于若否,则拦截所述URL请求。The interception module is used to intercept the URL request if not.
进一步的,所述业务数据提供装置还包括:Further, the service data providing device further includes:
解密模块,用于在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;The decryption module is used to decrypt and verify the encrypted URL request when the encrypted URL request sent by the front-end controller of the business system is received;
返回模块,用于在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据。The return module is used to obtain corresponding business data and return it to the front-end controller of the business system when the decryption verification is passed, so that the front-end controller of the business system outputs the business data at the front-end of the business system.
进一步的,所述解密模块包括:Further, the decryption module includes:
提取单元,用于从所述加密URL请求中提取出密文查询参数;An extraction unit for extracting ciphertext query parameters from the encrypted URL request;
逆运算单元,用于对所述密文查询参数进行所述加密运算的逆运算;An inverse operation unit, configured to perform the inverse operation of the encryption operation on the ciphertext query parameter;
确认单元,用于若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。The confirming unit is configured to confirm that the decryption verification is passed if the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation.
进一步的,所述逆运算单元包括:Further, the inverse operation unit includes:
替换子单元,用于遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照预设映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码数组;The replacement subunit is used to traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding one according to the preset mapping relationship The mixed characters of, get the array to be decoded;
解码子单元,用于对所述待解码数组进行解码,得到解码数组;A decoding subunit for decoding the array to be decoded to obtain a decoding array;
解密子单元,用于通过预设对称加密算法对所述解码数组中的每个元素进行解密,得到解密数组;The decryption subunit is used to decrypt each element in the decoded array by using a preset symmetric encryption algorithm to obtain a decrypted array;
还原子单元,用于将所述解密数组还原为明文查询参数。The atomic reduction unit is used to restore the decrypted array to plaintext query parameters.
其中,上述业务数据提供装置中各个模块的功能实现与上述业务数据提供方法实施例中各步骤相对应,其功能和实现过程在此处不再一一赘述。Among them, the function realization of each module in the above-mentioned service data providing apparatus corresponds to each step in the above-mentioned embodiment of the service data providing method, and the function and realization process thereof will not be repeated here.
此外,本申请实施例还提供一种计算机可读存储介质,所述计算机可读存储介质可以为非易失性可读存储介质。In addition, the embodiments of the present application also provide a computer-readable storage medium, and the computer-readable storage medium may be a non-volatile readable storage medium.
本申请计算机可读存储介质上存储有计算机可读指令,其中所述计算机可读指令被处理器执行时,实现如上述的业务数据提供方法的步骤。The computer-readable storage medium of the present application stores computer-readable instructions, and when the computer-readable instructions are executed by a processor, the steps of the above-mentioned service data providing method are realized.
其中,计算机可读指令被执行时所实现的方法可参照本申请业务数据提供方法的各个实施例,此处不再赘述。For the method implemented when the computer-readable instruction is executed, refer to the various embodiments of the service data providing method of the present application, which will not be repeated here.
需要说明的是,在本文中,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者系统不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者系统所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括该要素的过程、方法、物品或者系统中还存在另外的相同要素。It should be noted that in this article, the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, article or system including a series of elements not only includes those elements, It also includes other elements that are not explicitly listed, or elements inherent to the process, method, article, or system. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, article or system that includes the element.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the foregoing embodiments of the present application are only for description, and do not represent the advantages and disadvantages of the embodiments.
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到上述实施例方法可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。基于这样的理解,本申请的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在如上所述的一个存储介质(如ROM/RAM、磁碟、光盘)中,包括若干指令用以使得一台终端设备(可以是手机,计算机,服务器,空调器,或者网络设备等)执行本申请各个实施例所述的方法。Through the description of the above embodiments, those skilled in the art can clearly understand that the method of the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is better.的实施方式。 Based on this understanding, the technical solution of this application essentially or the part that contributes to the existing technology can be embodied in the form of a software product, and the computer software product is stored in a storage medium (such as ROM/RAM) as described above. , Magnetic disk, optical disk), including several instructions to make a terminal device (which can be a mobile phone, a computer, a server, an air conditioner, or a network device, etc.) execute the method described in each embodiment of the present application.
以上仅为本申请的优选实施例,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。The above are only preferred embodiments of this application, and do not limit the scope of this application. Any equivalent structure or equivalent process transformation made using the content of the description and drawings of this application, or directly or indirectly used in other related technical fields , The same reason is included in the scope of patent protection of this application.

Claims (20)

  1. 一种业务数据提供方法,其特征在于,所述业务数据提供方法应用于业务系统前端控制器,所述业务数据提供方法包括以下步骤: A method for providing service data is characterized in that the method for providing service data is applied to a front-end controller of a service system, and the method for providing service data includes the following steps:
    在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
    若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
    将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
    接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system;
    其中,所述对所述明文查询参数进行加密运算,得到密文查询参数的步骤包括:Wherein, the step of performing an encryption operation on the plaintext query parameter to obtain the ciphertext query parameter includes:
    将所述明文查询参数转换成预设长度的数组;Converting the plaintext query parameter into an array of preset length;
    通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;Encrypt each element in the array by a preset symmetric encryption algorithm to obtain an encrypted array;
    对所述加密数组进行编码,得到编码数组;Encode the encrypted array to obtain an encoded array;
    遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。Traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding preset characters according to the preset mapping relationship to obtain the ciphertext Query parameters.
  2. 如权利要求1所述的业务数据提供方法,其特征在于,所述通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组的步骤包括:The method for providing service data according to claim 1, wherein the step of encrypting each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array comprises:
    对所述预设对称加密算法的源密钥进行预处理,得到密钥;Preprocessing the source key of the preset symmetric encryption algorithm to obtain the key;
    使用所述密钥对所述数组中的每个元素进行加密,得到加密数组。Encrypt each element in the array using the key to obtain an encrypted array.
  3. 如权利要求1所述的业务数据提供方法,其特征在于,所述判断所述URL请求是否由认证用户触发的步骤之后,还包括:The service data providing method according to claim 1, wherein after the step of determining whether the URL request is triggered by an authenticated user, the method further comprises:
    若否,则拦截所述URL请求。If not, intercept the URL request.
  4. 一种业务数据提供方法,其特征在于,所述业务数据提供方法应用于业务系统服务器,所述业务数据提供方法包括以下步骤:A method for providing service data is characterized in that the method for providing service data is applied to a service system server, and the method for providing service data includes the following steps:
    在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
    在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;When the decryption verification is passed, obtain the corresponding business data and return it to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
    其中,所述对所述加密URL请求进行解密验证的步骤包括:Wherein, the step of decrypting and verifying the encrypted URL request includes:
    从所述加密URL请求中提取出密文查询参数;Extracting ciphertext query parameters from the encrypted URL request;
    对所述密文查询参数进行所述加密运算的逆运算;Performing the inverse operation of the encryption operation on the ciphertext query parameter;
    若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。If the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation, it is confirmed that the decryption verification is passed.
  5. 如权利要求4所述的业务数据提供方法,其特征在于,所述对所述密文查询参数进行所述加密运算的逆运算的步骤包括:The service data providing method according to claim 4, wherein the step of performing the inverse operation of the encryption operation on the ciphertext query parameter comprises:
    遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照预设映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码数组;Traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding miscible character according to the preset mapping relationship, to obtain Array to be decoded;
    对所述待解码数组进行解码,得到解码数组;Decode the array to be decoded to obtain a decoded array;
    通过预设对称加密算法对所述解码数组中的每个元素进行解密,得到解密数组;Decrypt each element in the decoded array by using a preset symmetric encryption algorithm to obtain a decrypted array;
    将所述解密数组还原为明文查询参数。Restore the decrypted array to plaintext query parameters.
  6. 一种业务数据提供装置,其特征在于,所述业务数据提供装置包括:A service data providing device, characterized in that, the service data providing device includes:
    判断模块,用于在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;The judgment module is used for judging whether the URL request is triggered by an authenticated user when the uniform resource locator URL request is received at the front end of the business system;
    加密模块,用于若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;The encryption module is used to extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
    替换模块,用于将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;The replacement module is configured to replace the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
    输出模块,用于接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;An output module, configured to receive the corresponding business data returned by the business system server based on the encrypted URL request, and output the business data at the front end of the business system;
    其中,所述加密模块包括:Wherein, the encryption module includes:
    转换单元,用于将所述明文查询参数转换成预设长度的数组;A conversion unit for converting the plaintext query parameter into an array of preset length;
    加密单元,用于通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;An encryption unit, configured to encrypt each element in the array by using a preset symmetric encryption algorithm to obtain an encrypted array;
    编码单元,用于对所述加密数组进行编码,得到编码数组;An encoding unit for encoding the encrypted array to obtain an encoding array;
    替换单元,用于遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。The replacement unit is used to traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding presets according to a preset mapping relationship Character to get the ciphertext query parameter.
  7. 如权利要求6所述的业务数据提供装置,其特征在于,所述加密单元包括:7. The service data providing device according to claim 6, wherein the encryption unit comprises:
    预处理子单元,用于对所述预设对称加密算法的源密钥进行预处理,得到密钥;The preprocessing subunit is used to preprocess the source key of the preset symmetric encryption algorithm to obtain the key;
    加密子单元,用于使用所述密钥对所述数组中的每个元素进行加密,得到加密数组。The encryption subunit is used to encrypt each element in the array using the key to obtain an encrypted array.
  8. 如权利要求6所述的业务数据提供装置,其特征在于,所述业务数据提供装置还包括:7. The service data providing device according to claim 6, wherein the service data providing device further comprises:
    拦截模块,用于若否,则拦截所述URL请求。The interception module is used to intercept the URL request if not.
  9. 一种业务数据提供装置,其特征在于,所述业务数据提供装置包括:A service data providing device, characterized in that, the service data providing device includes:
    解密模块,用于在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;The decryption module is used to decrypt and verify the encrypted URL request when the encrypted URL request sent by the front-end controller of the business system is received;
    返回模块,用于在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;The return module is used to obtain corresponding business data and return it to the front-end controller of the business system when the decryption verification is passed, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
    其中,所述解密模块包括:Wherein, the decryption module includes:
    提取单元,用于从所述加密URL请求中提取出密文查询参数;An extraction unit for extracting ciphertext query parameters from the encrypted URL request;
    逆运算单元,用于对所述密文查询参数进行所述加密运算的逆运算;An inverse operation unit, configured to perform the inverse operation of the encryption operation on the ciphertext query parameter;
    确认单元,用于若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。The confirming unit is configured to confirm that the decryption verification is passed if the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation.
  10. 如权利要求9所述的业务数据提供装置,其特征在于,所述逆运算单元包括:9. The service data providing device according to claim 9, wherein the inverse operation unit comprises:
    替换子单元,用于遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照预设映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码数组;The replacement subunit is used to traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding one according to the preset mapping relationship The mixed characters of, get the array to be decoded;
    解码子单元,用于对所述待解码数组进行解码,得到解码数组;A decoding subunit for decoding the array to be decoded to obtain a decoding array;
    解密子单元,用于通过预设对称加密算法对所述解码数组中的每个元素进行解密,得到解密数组;The decryption subunit is used to decrypt each element in the decoded array by using a preset symmetric encryption algorithm to obtain a decrypted array;
    还原子单元,用于将所述解密数组还原为明文查询参数。The atomic reduction unit is used to restore the decrypted array to plaintext query parameters.
  11. 一种业务数据提供设备,其特征在于,所述业务数据提供设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机可读指令,其中所述计算机可读指令被所述处理器执行时,实现如下步骤:A service data providing device, wherein the service data providing device includes a processor, a memory, and computer readable instructions stored on the memory and executable by the processor, wherein the computer readable When the instruction is executed by the processor, the following steps are implemented:
    在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
    若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
    将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
    接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system;
    所述计算机可读指令被所述处理器执行时,还实现如下步骤:When the computer-readable instructions are executed by the processor, the following steps are further implemented:
    将所述明文查询参数转换成预设长度的数组;Converting the plaintext query parameter into an array of preset length;
    通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;Encrypt each element in the array by a preset symmetric encryption algorithm to obtain an encrypted array;
    对所述加密数组进行编码,得到编码数组;Encode the encrypted array to obtain an encoded array;
    遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。Traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding preset characters according to the preset mapping relationship to obtain the ciphertext Query parameters.
  12. 如权利要求11所述的业务数据提供设备,其特征在于,所述计算机可读指令被所述处理器执行时,还实现如下步骤:The service data providing device according to claim 11, wherein when the computer-readable instruction is executed by the processor, the following steps are further implemented:
    对所述预设对称加密算法的源密钥进行预处理,得到密钥;Preprocessing the source key of the preset symmetric encryption algorithm to obtain the key;
    使用所述密钥对所述数组中的每个元素进行加密,得到加密数组。Encrypt each element in the array using the key to obtain an encrypted array.
  13. 如权利要求11所述的业务数据提供设备,其特征在于,所述计算机可读指令被所述处理器执行时,还实现如下步骤:The service data providing device according to claim 11, wherein when the computer-readable instruction is executed by the processor, the following steps are further implemented:
    若否,则拦截所述URL请求。If not, intercept the URL request.
  14. 一种业务数据提供设备,其特征在于,所述业务数据提供设备包括处理器、存储器、以及存储在所述存储器上并可被所述处理器执行的计算机可读指令,其中所述计算机可读指令被所述处理器执行时,实现如下步骤:A service data providing device, wherein the service data providing device includes a processor, a memory, and computer readable instructions stored on the memory and executable by the processor, wherein the computer readable When the instruction is executed by the processor, the following steps are implemented:
    在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
    在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;When the decryption verification is passed, obtain the corresponding business data and return it to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
    所述计算机可读指令被所述处理器执行时,还实现如下步骤:When the computer-readable instructions are executed by the processor, the following steps are further implemented:
    从所述加密URL请求中提取出密文查询参数;Extracting ciphertext query parameters from the encrypted URL request;
    对所述密文查询参数进行所述加密运算的逆运算;Performing the inverse operation of the encryption operation on the ciphertext query parameter;
    若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。If the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation, it is confirmed that the decryption verification is passed.
  15. 如权利要求14所述的业务数据提供设备,其特征在于,所述计算机可读指令被所述处理器执行时,还实现如下步骤:The service data providing device according to claim 14, wherein when the computer-readable instructions are executed by the processor, the following steps are further implemented:
    遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照预设映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码数组;Traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding miscellaneous character according to the preset mapping relationship to obtain Array to be decoded;
    对所述待解码数组进行解码,得到解码数组;Decode the array to be decoded to obtain a decoded array;
    通过预设对称加密算法对所述解码数组中的每个元素进行解密,得到解密数组;Decrypt each element in the decoded array by a preset symmetric encryption algorithm to obtain a decrypted array;
    将所述解密数组还原为明文查询参数。Restore the decrypted array to plaintext query parameters.
  16. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机可读指令,其中所述计算机可读指令被处理器执行时,实现如下步骤:A computer-readable storage medium, characterized in that computer-readable instructions are stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented:
    在业务系统前端接收到统一资源定位符URL请求时,判断所述URL请求是否由认证用户触发;When receiving a uniform resource locator URL request at the front end of the business system, determine whether the URL request is triggered by an authenticated user;
    若是,则提取所述URL请求中的明文查询参数,并对所述明文查询参数进行加密运算,得到密文查询参数;If yes, extract the plaintext query parameters in the URL request, and perform an encryption operation on the plaintext query parameters to obtain the ciphertext query parameters;
    将所述URL请求中的明文查询参数替换为所述密文查询参数,得到加密URL请求,并将所述加密URL请求发送至业务系统服务器;Replacing the plaintext query parameters in the URL request with the ciphertext query parameters to obtain an encrypted URL request, and send the encrypted URL request to the business system server;
    接收所述业务系统服务器基于所述加密URL请求返回的相应业务数据,并在所述业务系统前端输出所述业务数据;Receiving the corresponding service data returned by the service system server based on the encrypted URL request, and outputting the service data at the front end of the service system;
    所述计算机可读指令被处理器执行时,还实现如下步骤:When the computer-readable instructions are executed by the processor, the following steps are further implemented:
    将所述明文查询参数转换成预设长度的数组;Converting the plaintext query parameter into an array of preset length;
    通过预设对称加密算法对所述数组中的每个元素进行加密,得到加密数组;Encrypt each element in the array by a preset symmetric encryption algorithm to obtain an encrypted array;
    对所述加密数组进行编码,得到编码数组;Encode the encrypted array to obtain an encoded array;
    遍历所述编码数组中的每个元素,确定所述编码数组中的易混元素,并按照预设映射关系,将所述编码数组中的易混元素替换为对应的预设字符,得到密文查询参数。Traverse each element in the coded array, determine the easily mixed elements in the coded array, and replace the easily mixed elements in the coded array with corresponding preset characters according to the preset mapping relationship to obtain the ciphertext Query parameters.
  17. 如权利要求16所述的计算机可读存储介质,其特征在于,所述计算机可读指令被处理器执行时,还实现如下步骤:The computer-readable storage medium of claim 16, wherein when the computer-readable instructions are executed by the processor, the following steps are further implemented:
    对所述预设对称加密算法的源密钥进行预处理,得到密钥;Preprocessing the source key of the preset symmetric encryption algorithm to obtain the key;
    使用所述密钥对所述数组中的每个元素进行加密,得到加密数组。Encrypt each element in the array using the key to obtain an encrypted array.
  18. 如权利要求16所述的计算机可读存储介质,其特征在于,所述计算机可读指令被处理器执行时,还实现如下步骤:The computer-readable storage medium of claim 16, wherein when the computer-readable instructions are executed by the processor, the following steps are further implemented:
    若否,则拦截所述URL请求。If not, intercept the URL request.
  19. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质上存储有计算机可读指令,其中所述计算机可读指令被处理器执行时,实现如下步骤:A computer-readable storage medium, characterized in that computer-readable instructions are stored on the computer-readable storage medium, and when the computer-readable instructions are executed by a processor, the following steps are implemented:
    在接收到业务系统前端控制器发送的加密URL请求时,对所述加密URL请求进行解密验证;When receiving the encrypted URL request sent by the front-end controller of the business system, decrypt and verify the encrypted URL request;
    在解密验证通过时,获取相应的业务数据返回至所述业务系统前端控制器,以使所述业务系统前端控制器在业务系统前端输出所述业务数据;When the decryption verification is passed, obtain the corresponding business data and return it to the front-end controller of the business system, so that the front-end controller of the business system outputs the business data at the front-end of the business system;
    所述计算机可读指令被处理器执行时,实现如下步骤:When the computer-readable instructions are executed by the processor, the following steps are implemented:
    所述对所述加密URL请求进行解密验证的步骤包括:The step of decrypting and verifying the encrypted URL request includes:
    从所述加密URL请求中提取出密文查询参数;Extracting ciphertext query parameters from the encrypted URL request;
    对所述密文查询参数进行所述加密运算的逆运算;Performing the inverse operation of the encryption operation on the ciphertext query parameter;
    若通过所述逆运算将所述密文查询参数还原为明文查询参数,则确认解密验证通过。If the ciphertext query parameter is restored to the plaintext query parameter through the inverse operation, it is confirmed that the decryption verification is passed.
  20. 如权利要求19所述的计算机可读存储介质,其特征在于,所述计算机可读指令被处理器执行时,还实现如下步骤:The computer-readable storage medium of claim 19, wherein when the computer-readable instructions are executed by the processor, the following steps are further implemented:
    遍历所述密文查询参数中的每个元素,从所述密文查询参数中查找出预设字符,并按照预设映射关系,将查找出的预设字符替换为对应的易混字符,得到待解码数组;Traverse each element in the ciphertext query parameter, find a preset character from the ciphertext query parameter, and replace the found preset character with the corresponding miscellaneous character according to the preset mapping relationship to obtain Array to be decoded;
    对所述待解码数组进行解码,得到解码数组;Decode the array to be decoded to obtain a decoded array;
    通过预设对称加密算法对所述解码数组中的每个元素进行解密,得到解密数组;Decrypt each element in the decoded array by a preset symmetric encryption algorithm to obtain a decrypted array;
    将所述解密数组还原为明文查询参数。 Restore the decrypted array to plaintext query parameters.
PCT/CN2019/116481 2019-03-15 2019-11-08 Service data providing method, apparatus and device, and computer-readable storage medium WO2020186775A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201910198502.2A CN110061967B (en) 2019-03-15 2019-03-15 Service data providing method, device, equipment and computer readable storage medium
CN201910198502.2 2019-03-15

Publications (1)

Publication Number Publication Date
WO2020186775A1 true WO2020186775A1 (en) 2020-09-24

Family

ID=67317124

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/116481 WO2020186775A1 (en) 2019-03-15 2019-11-08 Service data providing method, apparatus and device, and computer-readable storage medium

Country Status (2)

Country Link
CN (1) CN110061967B (en)
WO (1) WO2020186775A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285665A (en) * 2021-12-30 2022-04-05 北京天融信网络安全技术有限公司 Method and device for converting password encryption mode
CN114785860A (en) * 2022-06-02 2022-07-22 深圳云创数安科技有限公司 Data response method, device, equipment and medium based on encryption and decryption
CN116108496A (en) * 2023-04-13 2023-05-12 北京百度网讯科技有限公司 Method, device, equipment and storage medium for inquiring trace
CN117579385A (en) * 2024-01-16 2024-02-20 山东星维九州安全技术有限公司 Method, system and equipment for rapidly screening novel WebShell flow
CN114785860B (en) * 2022-06-02 2024-06-04 深圳云创数安科技有限公司 Encryption and decryption-based data response method, device, equipment and medium

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110061967B (en) * 2019-03-15 2022-02-22 平安科技(深圳)有限公司 Service data providing method, device, equipment and computer readable storage medium
CN111131282B (en) * 2019-12-27 2022-06-17 武汉极意网络科技有限公司 Request encryption method and device, electronic equipment and storage medium
CN113821258A (en) * 2021-10-11 2021-12-21 京东科技控股股份有限公司 Method and device for realizing localization operation of ground system through cloud system instruction

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130091356A1 (en) * 2011-10-10 2013-04-11 International Business Machines Corporation Optimizing web landing page link access times through preliminary functions during page deployment
CN103229181A (en) * 2010-10-13 2013-07-31 阿卡麦科技公司 Protecting websites and website users by obscuring URLs
CN104393988A (en) * 2014-12-03 2015-03-04 浪潮(北京)电子信息产业有限公司 Reversible data encryption method and device
CN105808990A (en) * 2016-02-23 2016-07-27 平安科技(深圳)有限公司 Method and device for controlling URL access on basis of IOS system
CN110061967A (en) * 2019-03-15 2019-07-26 平安科技(深圳)有限公司 Business datum providing method, device, equipment and computer readable storage medium

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103546293A (en) * 2013-10-08 2014-01-29 任少华 Third party certification system or method
CN103763308A (en) * 2013-12-31 2014-04-30 北京明朝万达科技有限公司 Method and device for having access to webpage safely and downloading data through intelligent terminal
CN103944900B (en) * 2014-04-18 2017-11-24 中国科学院计算技术研究所 It is a kind of that attack prevention method and its device are asked across station based on encryption
CN105187397A (en) * 2015-08-11 2015-12-23 北京思特奇信息技术股份有限公司 WEB system page integration anti-hotlinking method and system
CN106470103B (en) * 2015-08-17 2020-01-17 苏宁云计算有限公司 Method and system for sending encrypted URL request by client
CN105306473B (en) * 2015-11-05 2018-06-22 北京奇虎科技有限公司 A kind of method for preventing injection attacks, client, server and system
CN106603491B (en) * 2016-11-10 2020-09-25 深圳维盟科技股份有限公司 Portal authentication method based on https protocol and router
CN106658093B (en) * 2016-12-27 2019-07-09 深圳市九洲电器有限公司 The exchange method and system of set-top box and server
CN107707532B (en) * 2017-09-15 2022-05-13 北京小米移动软件有限公司 URL (Uniform resource locator) generation and query parameter verification method, device, equipment and storage medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103229181A (en) * 2010-10-13 2013-07-31 阿卡麦科技公司 Protecting websites and website users by obscuring URLs
US20130091356A1 (en) * 2011-10-10 2013-04-11 International Business Machines Corporation Optimizing web landing page link access times through preliminary functions during page deployment
CN104393988A (en) * 2014-12-03 2015-03-04 浪潮(北京)电子信息产业有限公司 Reversible data encryption method and device
CN105808990A (en) * 2016-02-23 2016-07-27 平安科技(深圳)有限公司 Method and device for controlling URL access on basis of IOS system
CN110061967A (en) * 2019-03-15 2019-07-26 平安科技(深圳)有限公司 Business datum providing method, device, equipment and computer readable storage medium

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114285665A (en) * 2021-12-30 2022-04-05 北京天融信网络安全技术有限公司 Method and device for converting password encryption mode
CN114785860A (en) * 2022-06-02 2022-07-22 深圳云创数安科技有限公司 Data response method, device, equipment and medium based on encryption and decryption
CN114785860B (en) * 2022-06-02 2024-06-04 深圳云创数安科技有限公司 Encryption and decryption-based data response method, device, equipment and medium
CN116108496A (en) * 2023-04-13 2023-05-12 北京百度网讯科技有限公司 Method, device, equipment and storage medium for inquiring trace
CN116108496B (en) * 2023-04-13 2023-06-23 北京百度网讯科技有限公司 Method, device, equipment and storage medium for inquiring trace
CN117579385A (en) * 2024-01-16 2024-02-20 山东星维九州安全技术有限公司 Method, system and equipment for rapidly screening novel WebShell flow
CN117579385B (en) * 2024-01-16 2024-03-19 山东星维九州安全技术有限公司 Method, system and equipment for rapidly screening novel WebShell flow

Also Published As

Publication number Publication date
CN110061967A (en) 2019-07-26
CN110061967B (en) 2022-02-22

Similar Documents

Publication Publication Date Title
WO2020186775A1 (en) Service data providing method, apparatus and device, and computer-readable storage medium
WO2020147383A1 (en) Process examination and approval method, device and system employing blockchain system, and non-volatile storage medium
WO2014069783A1 (en) Password-based authentication method, and apparatus for performing same
WO2020029585A1 (en) Neural network federation modeling method and device employing transfer learning, and storage medium
WO2020062642A1 (en) Blockchain-based method, device, and equipment for electronic contract signing, and storage medium
WO2017135670A1 (en) Method and server for providing notary service for file and verifying file recorded by notary service
WO2021056760A1 (en) Federated learning data encryption method, apparatus and device, and readable storage medium
WO2015093734A1 (en) System and method for authentication using quick response code
WO2017135669A1 (en) Method and server for providing notary service for file and verifying file recorded by notary service
WO2019132272A1 (en) Id as blockchain based service
WO2014063455A1 (en) Instant messaging method and system
WO2016169410A1 (en) Login method and device, server and login system
WO2013162296A1 (en) Passcode operating system, passcode apparatus, and super-passcode generating method
WO2019088689A1 (en) Puf-qrng quantum cryptographic security terminal system and cryptographic key generation method
WO2016101745A1 (en) Activating mobile terminal token method
WO2020220413A1 (en) Zero knowledge proving method and system for personal information, and storage medium
WO2019024126A1 (en) Blockchain-based knowledge management method, and terminal and server
WO2010087567A1 (en) Method for installing rights object for content in memory card
WO2016206530A1 (en) Highly secure mobile payment method, apparatus, and system
WO2018072261A1 (en) Information encryption method and device, information decryption method and device, and terminal
WO2020253120A1 (en) Webpage registration method, system and device, and computer storage medium
WO2021072881A1 (en) Object storage-based request processing method, apparatus and device, and storage medium
WO2016095339A1 (en) Method for updating seed data in dynamic token
WO2017016272A1 (en) Method, apparatus and system for processing virtual resource data
WO2012149717A1 (en) License dynamic management method, device and system based on tcm or tpm

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19919878

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19919878

Country of ref document: EP

Kind code of ref document: A1