CN108390878A - Method, apparatus for verifying network request safety - Google Patents

Method, apparatus for verifying network request safety Download PDF

Info

Publication number
CN108390878A
CN108390878A CN201810159698.XA CN201810159698A CN108390878A CN 108390878 A CN108390878 A CN 108390878A CN 201810159698 A CN201810159698 A CN 201810159698A CN 108390878 A CN108390878 A CN 108390878A
Authority
CN
China
Prior art keywords
token
network request
request
network
safety
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810159698.XA
Other languages
Chinese (zh)
Other versions
CN108390878B (en
Inventor
叶高艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201810159698.XA priority Critical patent/CN108390878B/en
Publication of CN108390878A publication Critical patent/CN108390878A/en
Application granted granted Critical
Publication of CN108390878B publication Critical patent/CN108390878B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/108Network architectures or network communication protocols for network security for controlling access to devices or network resources when the policy decisions are valid for a limited amount of time

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The present invention relates to network technique fields, provide a kind of method, apparatus, computer-readable medium and electronic equipment for verifying network request safety, which includes:Response first network requests to generate the first token, and first token is sent to the transmitting terminal of the first network request;Receive the second network request and the second token;Generate third token;When the third token and second token matched, confirm that second network request is legal.The present invention improves the safety of user's request path, ensure that the validity of request data.

Description

Method, apparatus for verifying network request safety
Technical field
The present invention relates to field of computer technology, in particular to a kind of side for verifying network request safety Method, device, computer-readable medium and electronic equipment.
Background technology
During client and server interacts, client submits network request firstly the need of to server;When After server receives the network request, it is parsed, while generating a token, then returns corresponding data and token Back to client;User end to server submits the corresponding data of network request, while token is returned to server;Server Token is matched to confirm whether client is legal.But malicious user can by crawling token information, using multiple use Family account or multiple agent IP address cause the person, property etc. using the submission of script analog network data to user Loss.
Therefore this field is there is an urgent need for seeking a kind of method and device for verifying network request safety, to protect user to ask It asks the safety in path, ensure the validity of request data, prevent malicious user script from submitting data around browser batch.
It should be noted that information is only used for reinforcing the reason of the background to the present invention disclosed in above-mentioned background technology part Solution, therefore may include the information not constituted to the prior art known to persons of ordinary skill in the art.
Invention content
The purpose of the present invention is to provide a kind of method and devices for verifying network request safety, and then protect and use The safety of family request path, the validity for ensureing request data.
Other characteristics and advantages of the present invention will be apparent from by the following detailed description, or partially by the present invention Practice and acquistion.
According to the first aspect of the invention, a kind of method for verifying network request safety is provided, which is characterized in that Including:Response first network requests to generate the first token, and first token is sent to the hair of the first network request Sending end;Receive the second network request and the second token;Generate third token;When the third token and second token Timing confirms that second network request is legal.
According to the second aspect of the invention, a kind of device for verifying network request safety is provided, which is characterized in that Including:First token generation module requests to generate the first token for responding first network, and first token is sent to The transmitting terminal of the first network request;Information receiving module, for receiving the second network request and the second token;Third enables Board generation module, for generating third token;First matching authentication module, for when the third token and second token When matching, confirm that second network request is legal.
In some embodiments of the invention, aforementioned schemes are based on, the first token generation module of the invention includes:First Judging unit, for judging whether the first network request is legal;Token generation unit, for being asked in the first network When legal, first token is generated.
In some embodiments of the invention, aforementioned schemes are based on, third token generation module of the invention includes:Third Token generation unit, for using second network request at least partly data and/or at least one network parameter and First token generates the third token by Encryption Algorithm.
In some embodiments of the invention, aforementioned schemes are based on, the inventive system comprises:Authentication module is assisted, is used According to the user identifier of the transmitting terminal, the User Status of the transmitting terminal, network request submission time interval, network request Submit one in the IP address of number, network request submission frequency, the HTTP request header of the transmitting terminal, the transmitting terminal It is a or multiple, whether legal verify second network request.
In some embodiments of the invention, aforementioned schemes are based on, the inventive system comprises:4th token receives mould Block, for receiving the 4th token;Authentication module is used in the 4th token and first token matched, described in confirmation Second network request is legal.
In some embodiments of the invention, aforementioned schemes are based on, the inventive system comprises:The first network request It obtains and asks for list, second network request is that list submits request.
In some embodiments of the invention, aforementioned schemes are based on, the first token generation module of the invention includes:Token Generation unit, for according to timestamp, random number, IP address, the sending time of first network request, previous second network request A variety of generations first token in submission time, verify data.
According to the third aspect of the invention we, a kind of method for verifying network request safety is provided, which is characterized in that Including:First network request is sent to server end;Receive the first token that the server end returns;It is given birth to using the first token At the second token;Send the second network request and second token.
According to the fourth aspect of the invention, a kind of device for verifying network request safety is provided, which is characterized in that Including:First sending module, for sending first network request to server end;First token receipt module, for receiving State the first token of server end return;Second token generation module, for generating the second token using first token;The Two sending modules, for sending the second network request and second token.
In some embodiments of the invention, aforementioned schemes are based on, the second token generation module of the invention includes:First Generation unit, for at least partly data and/or at least one network parameter and described using second network request First token generates second token by Encryption Algorithm.
In some embodiments of the invention, aforementioned schemes are based on, the second token generation module of the invention includes:Second Generation unit, for generating second token by application plug-in, webpage control or webpage small routine.
In some embodiments of the invention, aforementioned schemes are based on, the device of the invention further includes:Token submits module, For when sending second network request and second token, submitting first token.
In some embodiments of the invention, aforementioned schemes are based on, the device of the invention further includes:The first network is asked It asks to obtain for list and ask, second network request is that list submits request.
According to the fifth aspect of the invention, a kind of computer-readable medium is provided, computer program is stored thereon with, institute State the method for verifying network request safety realized when program is executed by processor as described in above-described embodiment.
Aspect according to the sixth aspect of the invention, provides a kind of electronic equipment, including:One or more processors;It deposits Storage device, for storing one or more programs, when one or more of programs are executed by one or more of processors When so that one or more of processors realize the side for verifying network request safety as described in above-described embodiment Method.
According to the method for verifying network request safety in this example embodiment, server response first network is asked The second token for seeking survival into the first token, and receiving the second network request of transmitting terminal transmission and being generated according to the first token, leads to The second token of server pair is crossed to be verified to judge whether the second network request is legal;In addition transmitting terminal sends the second network and asks Sum the second token while can also submit the first token, by the first token of server pair and the second token verified with Judge whether the second network request is legal.The present invention protects user to ask by the double-deck verification of the first token and the second token The safety in path;In addition, in the present invention, server end can also be to submitting number, frequency, IP address and HTTP being submitted to ask Ask first-class information to be verified, the validity of request data ensure that by multiple-authentication, it is therefore prevented that malicious user script around It crosses browser batch and submits data.
The present invention is it should be understood that above general description and following detailed description is only exemplary and explanatory , the present invention can not be limited.
Description of the drawings
The drawings herein are incorporated into the specification and forms part of this specification, and shows the implementation for meeting the present invention Example, and be used to explain the principle of the present invention together with specification.It should be evident that the accompanying drawings in the following description is only the present invention Some embodiments for those of ordinary skill in the art without creative efforts, can also basis These attached drawings obtain other attached drawings.
Fig. 1 is shown can be using the embodiment of the present invention for verifying the method for network request safety or for verifying net The schematic diagram of the exemplary system architecture of the device of network request safety;
Fig. 2 shows the structural schematic diagrams of the computer system for the electronic equipment for being suitable for being used for realizing the embodiment of the present invention;
Fig. 3 shows the method flow diagram for verifying network request safety in one embodiment of the invention;
Fig. 4 shows the interaction figure of transmitting terminal and server end in one embodiment of the invention;
Fig. 5 shows that list obtains request validity judgement schematic diagram in one embodiment of the invention;
Fig. 6 shows that list obtains request validity judgement schematic diagram in another embodiment of the present invention;
Fig. 7 shows form validation method schematic diagram in one embodiment of the invention;
Fig. 8 shows that list submits request validity judgement schematic diagram in further embodiment of this invention;
Fig. 9 shows transmitting terminal validity judgement schematic diagram in one embodiment of the invention;
Figure 10 shows form validation method application schematic diagram in one embodiment of the invention;
Figure 11 shows the structural schematic diagram of the device for verifying network request safety in one embodiment of the invention;
Figure 12 shows the structural schematic diagram of the device for verifying network request safety in one embodiment of the invention.
Specific implementation mode
Example embodiment is described more fully with reference to the drawings.However, example embodiment can be with a variety of shapes Formula is implemented, and is not understood as limited to example set forth herein;On the contrary, thesing embodiments are provided so that the present invention will more Fully and completely, and by the design of example embodiment comprehensively it is communicated to those skilled in the art.
In addition, described feature, structure or characteristic can be incorporated in one or more implementations in any suitable manner In example.In the following description, many details are provided to fully understand the embodiment of the present invention to provide.However, It will be appreciated by persons skilled in the art that technical scheme of the present invention can be put into practice without one or more in specific detail, Or other methods, constituent element, device, step may be used etc..In other cases, it is not shown in detail or describes known side Method, device, realization or operation are to avoid fuzzy each aspect of the present invention.
Block diagram shown in attached drawing is only functional entity, not necessarily must be corresponding with physically separate entity. I.e., it is possible to realize these functional entitys using software form, or realized in one or more hardware modules or integrated circuit These functional entitys, or these functional entitys are realized in heterogeneous networks and/or processor device and/or microcontroller device.
Flow chart shown in attached drawing is merely illustrative, it is not necessary to including all content and operation/step, It is not required to execute by described sequence.For example, some operation/steps can also decompose, and some operation/steps can close And or part merge, therefore the sequence actually executed is possible to be changed according to actual conditions.
Fig. 1 is shown can be using the embodiment of the present invention for verifying the method for network request safety or for verifying The schematic diagram of the exemplary system architecture 100 of the device of network request safety, the network request can be form request, barcode scanning Logging request etc..
As shown in Figure 1, system architecture 100 may include terminal device 101, network 102 and server 103.Network 102 is used To provide the medium of communication link between terminal device 101 and server 103.Network 102 may include various connection types, Such as wired, wireless communication link or fiber optic cables etc..
It should be understood that the number of the terminal device, network and server in Fig. 1 is only schematical.According to realization need It wants, can have any number of terminal device, network and server.For example server 103 can be multiple server compositions Server cluster etc..
User can be interacted by network 102 with server 103 with using terminal equipment 101, to receive or send message etc.. Terminal device 101 can be the various electronic equipments for having display screen, including but not limited to smart mobile phone, tablet computer, portable Formula computer and desktop computer etc..
Server 103 can be to provide the server of various services.Such as by taking form request as an example, user is set using terminal Standby 103 send list to server 103 obtains request, and server responds list acquisition and requests to generate one first token and send To terminal device 101, terminal device 101 is completed list according to information input by user and is filled in, while being generated according to the first token Then list is submitted request and the second token or list that request, the first token and the second token is submitted to be sent to by the second token Server 103, server 103 verify the validity of the first token and the second token, to determine that list submission asks to be It is no legal.Further, server 103 also verifies the first-class information of IP address, HTTP request of terminal device 103, sentences Whether disconnected terminal device 103 is legal, and in addition server 103 can also unite to the submission number and/or submission frequency of list Meter analysis, judges whether user is validated user, it is ensured that the safety of user's request path and request data it is effective.
Fig. 2 shows the structural representations of the computer system for the electronic equipment for being suitable for being used for realizing the embodiment in the present invention Figure.
It should be noted that Fig. 2 shows the computer system 200 of electronic equipment be only an example, should not be to this hair The function and use scope of bright embodiment bring any restrictions.
As shown in Fig. 2, computer system 200 includes central processing unit (CPU) 201, it can be read-only according to being stored in Program in memory (ROM) 202 or be loaded into the program in random access storage device (RAM) 203 from storage section 208 and Execute various actions appropriate and processing.In RAM 203, it is also stored with various programs and data needed for system operatio.CPU 201, ROM 202 and RAM 203 are connected with each other by bus 204.Input/output (I/O) interface 205 is also connected to bus 204。
It is connected to I/O interfaces 205 with lower component:Importation 206 including keyboard, mouse etc.;It is penetrated including such as cathode The output par, c 207 of spool (CRT), liquid crystal display (LCD) etc. and loud speaker etc.;Storage section 208 including hard disk etc.; And the communications portion 209 of the network interface card including LAN card, modem etc..Communications portion 209 via such as because The network of spy's net executes communication process.Driver 210 is also according to needing to be connected to I/O interfaces 205.Detachable media 211, such as Disk, CD, magneto-optic disk, semiconductor memory etc. are mounted on driver 210, as needed in order to be read from thereon Computer program be mounted into storage section 208 as needed.
Particularly, according to an embodiment of the invention, it may be implemented as computer below with reference to the process of flow chart description Software program.For example, the embodiment of the present invention includes a kind of computer program product comprising be carried on computer-readable medium On computer program, which includes the program code for method shown in execution flow chart.In such reality It applies in example, which can be downloaded and installed by communications portion 209 from network, and/or from detachable media 211 are mounted.When the computer program is executed by central processing unit (CPU) 201, executes and limited in the system of the application Various functions.
It should be noted that computer-readable medium shown in the present invention can be computer-readable signal media or meter Calculation machine readable storage medium storing program for executing either the two arbitrarily combines.Computer readable storage medium for example can be --- but not Be limited to --- electricity, magnetic, optical, electromagnetic, infrared ray or semiconductor system, device or device, or arbitrary above combination.Meter The more specific example of calculation machine readable storage medium storing program for executing can include but is not limited to:Electrical connection with one or more conducting wires, just It takes formula computer disk, hard disk, random access storage device (RAM), read-only memory (ROM), erasable type and may be programmed read-only storage Device (EPROM or flash memory), optical fiber, portable compact disc read-only memory (CD-ROM), light storage device, magnetic memory device, Or above-mentioned any appropriate combination.In the present invention, can be any include computer readable storage medium or storage journey The tangible medium of sequence, the program can be commanded the either device use or in connection of execution system, device.And at this In invention, computer-readable signal media may include in a base band or as the data-signal that a carrier wave part is propagated, Wherein carry computer-readable program code.Diversified forms may be used in the data-signal of this propagation, including but unlimited In electromagnetic signal, optical signal or above-mentioned any appropriate combination.Computer-readable signal media can also be that computer can Any computer-readable medium other than storage medium is read, which can send, propagates or transmit and be used for By instruction execution system, device either device use or program in connection.Include on computer-readable medium Program code can transmit with any suitable medium, including but not limited to:Wirelessly, electric wire, optical cable, RF etc. or above-mentioned Any appropriate combination.
Flow chart in attached drawing and block diagram, it is illustrated that according to the system of various embodiments of the invention, method and computer journey The architecture, function and operation in the cards of sequence product.In this regard, each box in flowchart or block diagram can generation A part for a part for one module, program segment, or code of table, above-mentioned module, program segment, or code includes one or more Executable instruction for implementing the specified logical function.It should also be noted that in some implementations as replacements, institute in box The function of mark can also occur in a different order than that indicated in the drawings.For example, two boxes succeedingly indicated are practical On can be basically executed in parallel, they can also be executed in the opposite order sometimes, this is depended on the functions involved.Also it wants It is noted that the combination of each box in block diagram or flow chart and the box in block diagram or flow chart, can use and execute rule The dedicated hardware based systems of fixed functions or operations is realized, or can use the group of specialized hardware and computer instruction It closes to realize.
Being described in unit involved in the embodiment of the present invention can be realized by way of software, can also be by hard The mode of part realizes that described unit can also be arranged in the processor.Wherein, the title of these units is in certain situation Under do not constitute restriction to the unit itself.
As on the other hand, present invention also provides a kind of computer-readable medium, which can be Included in electronic equipment described in above-described embodiment;Can also be individualism, and without be incorporated the electronic equipment in. Above computer readable medium carries one or more program, when the electronics is set by one for said one or multiple programs When standby execution so that the electronic equipment realizes the method as described in following embodiments.For example, the electronic equipment can be real Now such as Fig. 3-each steps shown in Fig. 10.
Network request can be form request, barcode scanning logging request etc., and in practical applications, network request was interacting There are the risks of leaking data by Cheng Zhonghui, by taking form request as an example, user can by form request button trigger client to Server sends list and obtains request, and server responds the list and obtains request, generates token and is sent to client;Client is given birth to After list, user can in list input frame fill message;Client is triggered by table by submitting button after the completion of filling in Server is singly submitted to, while the token received is sent to server, the Effective judgement that server passes through verification token Whether list is legal, and handles form data, then destroys token.
But in above process, what server possibly can not judge list according to form data fills out whether writer is conjunction The user of method, therefore have malicious user and step is filled in manually around list, capture table by using Auto-writing program The cookie that token or acquisition user in single-page log in asks to simulate validated user, is submitted using script simulation list, Automatic identification list, batch registration, automated log on etc. are realized, to carry out some malicious operations.Although server can pass through A certain account or the submission number of some IP are limited, but malicious user may apply for multiple accounts or using more agencies The means such as IP carry out script simulation list and submit, this leverages network security.
The problem of for practical application, provides firstly a kind of for verifying net in an embodiment of the present invention The method of network request safety, with to there are the problem of optimize processing, shown in Fig. 3, asked for verifying network The electronic equipment of the method for safety suitable for previous embodiment is sought, and is at least included the following steps, specially:
Step S310:Response first network requests to generate the first token Token1, and the first token Token1 is sent to The transmitting terminal of first network request;
Step S320:Receive the second network request and the second token Token2;
Step S330:Generate third token Token3;
Step S340:When third token Token3 is matched with the second token Token2, confirm that the second network request is legal.
According to the method for verifying network request safety in this example embodiment, server end responds first network The first token Token1 is requested to generate, and is sent to the transmitting terminal of first network request;Then transmitting terminal transmission is received Second network request and the second token Token2, second token Token2 are that the transmitting terminal is generated according to the first token Token1 , finally the second token Token2 is verified to judge whether the second network request is legal.On the one hand, client generates the Two tokens, even if the first token is crawled, but the second token that no client generates cannot ensure net by verification The safety that network data are submitted;On the other hand, even if there is the second token, judge the second network by carrying out verification to the second token Whether request is legal, then confirms that the second network request is legal if the verification passes, therefore protect the safety of user's request path Property and request data validity, it is therefore prevented that malicious user with script around browser submit data.
In the following, will be by taking form request as an example, to the method for verifying network request safety in this example embodiment It is further detailed.Correspondingly, the method for verification network request safety is the verification method of list, first network request It obtains and asks for list, the second network request is that list submits request.
In step S310:Response first network requests to generate the first token Token1, and the first token Token1 is sent The transmitting terminal asked to first network;
In this exemplary embodiment, Fig. 4 shows the interaction diagrams of transmitting terminal (terminal device 101) and server 103, With reference to shown in Fig. 4, before responding a list and obtaining request, the transmitting terminal (terminal device 101) that list obtains request responds user Then one first trigger action sends a list to server 103 and obtains request, last server 103 responds the list and obtains The first token Token1 is requested to generate, and the first token Token1 is sent to the transmitting terminal.It can be wrapped in this example embodiment Containing one kind in multiple terminal devices, such as tablet computer, smart mobile phone, portable computer and desktop computer terminal device Or it is a variety of, for convenience of understanding, the transmitting terminal that request is hereafter obtained using mobile phone terminal 101 as list illustrates.
In this exemplary embodiment, the acquisition of the response of server 103 list can be right before requesting to generate the first token Token1 Whether list acquisition request is legal to be judged, is determined whether to generate the first token Token1 according to judging result, if should List acquisition request is legal, then generates the first token Token1;If it is illegal that the list obtains request, returned to transmitting terminal List obtains request error information.
Further, when mobile phone terminal 101 sends list acquisition request to 103 end of server, server 103 can obtain The user identifier of mobile phone terminal 101, server 103 can according to the user identifier of mobile phone terminal 101 whether with presetting database In user identifier matching, judge list obtain request it is whether legal;Can also according to the User Status of mobile phone terminal 101 whether Meet preset condition, judges whether list obtains request legal.
Since different mobile phone terminals 101 may carry different operating system, then the information that server 103 is obtained Also it correspondingly will be different.By taking the mobile phone terminal 101 for carrying Android operation system as an example, when it sends to server 103 When list obtains request, server 103 can obtain Android operation system version number in mobile phone terminal 101, international mobile The information such as EIC equipment identification code IMEI, mobile device identification code MEID, User ID, server 103 can be according to the information obtained In partial information, such as User ID, in the presetting database in server 103 inquiry whether there is matched ID, if deposited , then the list obtain request it is legal;If it does not exist, then list acquisition request is illegal.In addition, when being based on web browsing When device asks list, server 103 can obtain a session id, whether can meet default item according to the effective time of session id Part judges whether User Status is normal, and then confirms whether list obtains request legal.Such as preset condition is 10min, when meeting When talking about the effective time of ID less than or equal to 10min, the User Status is normal, and it is legal that list obtains request;When having for session id When imitating the time more than 10min, then User Status is abnormal, and it is illegal that list obtains request.
In this exemplary embodiment, user identifier and User Status can also be judged simultaneously, to further ensure that List obtains the legitimacy of request.As shown in figure 5, in step S501, server 103 receives list and obtains request;In step In S502, user identifier of the inquiry with the presence or absence of mobile phone terminal 101 in the presetting database of server 103;In step S503 In, when confirmation is there are after matched user identifier, then judge whether the User Status of mobile phone terminal 101 meets preset condition; In step S504, if User Status meets preset condition, it is legal that list obtains request;If User Status is unsatisfactory for presetting Condition, then list acquisition request is illegal.
In this exemplary embodiment, the first token Token1 can use the encryption that Encryption Algorithm is formed to multiple parameters String, such as Token1=MD5 (timestamp+Key1+IP+ random numbers), wherein Key1 is the authentication secret of server end 103, is added Close algorithm is MD5.Certainly the present invention is not limited thereto, when parameter can also include form request time, the submission of previous list Between, other verify datas etc., including parameter it is The more the better;Encryption Algorithm can also be RSA, DSA, Diffie-Hellman One or more in the equal symmetric encipherment algorithms such as rivest, shamir, adelmans and AES, DES, those skilled in the art can basis Specifically selected.In addition, while the first token Token1 is sent to mobile phone terminal 101 by server 103, by first Token 101 is stored in the memory of server 103, and the relevant information of mobile phone terminal 101 is stored in a buffer storage In, for example one be named as in the buffer storage of memcache, is used for later stage pair the first token Token1 and the second token The verification of Token2.
In step S320:Receive the second network request and the second token Token2;
In this exemplary embodiment, as shown in figure 4, transmitting terminal (terminal device 101), which receives server 103, responds the list The the first token Token1 requested to generate is obtained, and the second token Token2 can be generated according to the first token Token1, then Transmitting terminal (terminal device 101) responds one second trigger action and submits request and the second token Token2 to be sent to service list Device 103.
In this exemplary embodiment, difference lies in the second tokens by the second token Token2 and the first token Token1 It is to be submitted from legal browser, therefore transmitting terminal (terminal device 101) can be right that Token2, which can mark the submission of list, One encryption string conduct of generation is encrypted in first token Token1, the parameter of transmitting terminal (terminal device 101), User Part information Second token Token2, the parameter of wherein transmitting terminal (terminal device 101) can be the domain name of terminal device 101, unit type, The parameters such as device id, User Part information can be user information (user name, password, ID card No., the electricity filled in list Talk about number, mailbox etc.) and/or browser information (browser version, browser certificate etc.) etc., Encryption Algorithm can be symmetrical adds Close algorithm and/or rivest, shamir, adelman, the second token Token2 may be used encryption identical with the first token Token1 and calculate Method can also use different Encryption Algorithm, those skilled in the art that can select according to actual needs, and the present invention is to this It is not specifically limited.
Further, the request source address usually by judging transmitting terminal (terminal device 101) in the related technology Referer, HTTP request head the information such as user agent user-agent to confirm whether transmitting terminal (terminal device 101) closes Method, but these information can be simulated by program, degree of belief is not high, therefore in order to ensure the safety of form request and submission Property, validity, can transmitting terminal (terminal device 101) respond user one access list trigger action after, using HTML's Object controls generate the second token Token2, and the Encryption Algorithm in Object controls is rivest, shamir, adelman or asymmetric The combination of Encryption Algorithm and symmetric encipherment algorithm, such as Token2=MD5 (DES.encrypt (domain name+Token1+ User Parts Information)), by two kinds of Encryption Algorithm of encrypt Encryption Algorithm and md5 encryption in DES, encryption complexity is improved, into one Step improves the validity that list submits the safety and request data of request.Certainly, other than Object controls, other energy Enough controls loaded in webpage can be used for generating the second token, and details are not described herein.
In step S330:Generate third token Token3;
In this exemplary embodiment, server 103 is according to its agreement between transmitting terminal (terminal device 101), can be with By the domain name of the terminal device 101 received, user information and preserve the first token Token1 in memory, using with generation The identical Encryption Algorithm of second token Token2 generates a third token Token3, such as Token3=MD5 (DES.encrypt (domain name received, Token1, the User Part information received)), the present invention is not limited thereto certainly.
In step S340:When third token Token3 is matched with the second token Token2, confirm that the second network request closes Method.
In this exemplary embodiment, it after server 103 receives the second token Token2, needs to verify the second token Whether Token2 is effective, and then judges that list submits request whether legal.It can be by the way that the second token Token2 and third be enabled Board Token3 is matched, if successful match, list submits request legal;If it fails to match, list submits request It is illegal.After verification, server end 103 can be submitted to transmitting terminal (terminal device 101) feedback user as a result, certainly should Step is not essential to the invention.
Further, server 103 can judge that list is submitted according to the request time of list whether within effective time Whether request is legal, as shown in fig. 6, judging that flow at least includes the following steps, specially:
S601:When server 103 receives the list acquisition request, record current time was the first moment.
Server 103 can record while generating the first token Token1 and work as when receiving list acquisition request The preceding moment is the first moment t1.
S602:First token Token1 is sent to transmitting terminal (terminal device 101) by server 103, and in local preservation.
After the response list acquisition of server 103 requests to generate the first token Token1, the first token Token1 is sent to Transmitting terminal (terminal device 101), and be stored in the memory of server 103 and transmitting terminal (terminal device 101).
S603:Transmitting terminal (terminal device 101) generates the second token Token2 according to the first token Token1, and to service Device 103 sends list and submits request and the second token Token2.
S604:Server receives list and submits request and the second token Token2, and records current time as the second moment t2。
S605:According to the first moment t1 and the second time in counting period moment t2 △ t, judge interval time △ t whether In effective time.
S606:By interval time △ t compared with an effective time, judge that list submits whether request closes according to comparison result Method.
If interval time △ t is no more than effective time, list submits request legal;If interval time △ t is more than Effective time, then list, which is submitted, asks illegal (referring to step).For example, effective time is set as 1h, if △ t≤ 1h, then list submission request is legal;If △ t>1h, then list submission request is illegal.
In this exemplary embodiment, the first token Token1 can be back to server by transmitting terminal (terminal device 101) 103, server 103 can not also be back to.The first token Token1 and the second token Token2 is returned simultaneously, can pass through clothes Business device 103 to the verification of the first token Token1 and the second token Token2 further increase the safety in form request path with The validity of data;And it is returned only to the second token Token2, the data volume of transmission can be reduced.If returning to the first token When Token1, server 103 can receive a 4th token Token4 sent by transmitting terminal (terminal device 101), service Device 103 matches the 4th token Token4 with the first token Token1 being stored in memcache, if successful match, Then list submits request legal, is verified, server can delete the first token Token1 to save memory space therewith.
In this exemplary embodiment, in order to further increase the safety of user's request path, the validity of request data, Server 103 can also be to the submission number of list, submission frequency, the IP address of transmitting terminal, HTTP request head, request source place One or more of information such as location referer are counted, are matched, to judge that list submits request whether legal.Such as Fig. 7 institutes Show, in step s 701, transmitting terminal (terminal device 101) sends list and obtains request;In step S702, judge that list obtains Whether request is legal, continues step S703 if legal;If not conforming to rule jumps to step S704:Exception exits;In step In rapid S703, server 103 responds list acquisition and requests to generate the first token Token1 and be sent to transmitting terminal (terminal device 101);In step S705, transmitting terminal (terminal device 101) fills in list, generates the second token Token2, and by list and the Two token Token2 are sent to server 103;In step S706, server 103 receives transmitting terminal (terminal device 101) and sends List submit request and the second token Token2, then verify whether the first token Token1 and the second token Token2 have Effect continues step S707 if effectively;Step S704 is jumped to if invalid;In step S707, server 103 can be with Whether the HTTP request head for obtaining transmitting terminal, effectively judge the HTTP request head, continues step S708 if effectively, Otherwise go to step S709:Exception exits;In step S708, server 103 is to the IP of transmitting terminal (terminal device 101) Location is judged, determines whether transmitting terminal (terminal device 101) is legal, continues step if legal according to judging result S710, otherwise go to step S709;In step S710, server 103 obtains transmitting terminal submission form in a measurement period Submission number, and will submit number with a desired value compared with, if submit number be less than desired value if list submit request conjunction Method continues step S711, and otherwise go to step S709;In step S711, server 103 can obtain in a measurement period The submission frequency of transmitting terminal submission form, and will submit frequency compared with a target frequency, if frequency is submitted to be less than target frequency Then list submits request legal to rate, executes step S712:Feedback user submits result;Otherwise go to step S709.Wherein, it unites Meter period, desired value, target frequency can be set according to actual conditions, for example measurement period can be set as one day, mesh Scale value can be set as 10 times, and target frequency can be set as 0.5 time/hour, and the present invention is not specifically limited this.Above-mentioned In verification process, any one verification does not pass through, and server 103 can send Notice Of Nonavailability to transmitting terminal (terminal device 101), And stop handling form data.
Further, an IP blacklists can be created, if some IP address has submitted many malicious requests, can be incited somebody to action The IP address is included in IP blacklists, when server receives the form request of IP address submission, then refuses the request, this Sample can improve data processing speed, ensure the safety of user's request.
It is worth noting that, the present invention is not specifically limited the sequencing of above-mentioned verification method, people in the art Member can according to actual needs arrange verification flow.Such as shown in figure 8, in step S801, (terminal is set transmitting terminal It is standby 101) to send list submission request;In step S802, after server 103 receives list submission request, statistics list carries Number and compared with desired value is handed over, continues step S803 if list submits number to be no more than desired value, it is no to then follow the steps S804:Confirm that list submits request illegal;In step S803, statistics submits frequency and compared with target frequency, judges to carry It hands over frequency whether too fast, continues step S805 if submitting frequency to be no more than target frequency, it is no to then follow the steps S804;In step In rapid S805, whether verification the first token Token1 and the second token Token2 is effective;If effectively thening follow the steps S806:Really It is legal to recognize list acquisition request, it is no to then follow the steps S804.It can also be verified according to flow shown in Fig. 9, such as Fig. 9 institutes Show, in step S901, transmitting terminal (terminal device 101) sends list and obtains request;In step S902, transmitting terminal (terminal Equipment 101) use the second token Token2 of Object controls generation of HTML, naturally it is also possible to and used application plug-in, webpage are small Program or other webpage controls generate the second token Token2;In step S903, transmitting terminal (terminal device 101) sends list Submit request and the second token Token2;In step S904, server 103 receives list and submits request and the second token Token2;In step S905, judge whether the second token Token2 or the first token Token1 and the second token Token2 have Effect;Continue step S906 if effectively, it is no to then follow the steps S907:Confirm that transmitting terminal is illegal;In step S906, service Device 103 respectively judges request source address referer, HTTP request head, if request source address referer is this Region name, HTTP request head effectively then follow the steps S908:Confirm that transmitting terminal (terminal device 101) is legal, and then confirms list It obtains request and list submits request legal, it is no to then follow the steps S906.
In the method for verifying network request safety of the present invention, transmitting terminal (terminal device 101) can be based on clothes Be engaged in the first token Token1 of 103 generation of device end and parameter the second token Token2 of generation of transmitting terminal (terminal device 101), clothes The the second token Token2 or the first token Token1 and the second token Token2 that receive are verified in business device end 103, sentence Whether circuit network data submission request is legal, and the safety of user's request path is on the one hand ensure that by the verification of double tokens, On the other hand by the multiple-authentication of server end, it ensure that the validity of request data, effectively prevent malicious user foot This submits data around browser batch.
Network request can be form request, barcode scanning logging request etc., through the invention for verifying network request The verification method of safety can improve safety and the validity of request data.
By taking a practical application as an example, wherein network request is form request, and the verification method of list can be widely used To such as banking system, e-Bank payment, transfer accounts online, online registration, the multiple fields such as website log.By taking e-Bank payment as an example, such as Shown in Figure 10, user selects " payment of XX bank nets " in the order payment page, and after clicking " submission " button, and browser is automatic The client Web bank validation of information page of XX banks is jumped to, user fills in corresponding in correspondingly text box or data frame Information confirms after submitting that server end 103 can verify user information, is then generated if the verification passes in browser end One Password Input frame, user insert proper password simultaneously after " confirm payment ", and server 103 carries out bank account and password Match, sends the successful information of payment to browser if successful match, one is sent to browser if it fails to match Pay the information of failure.Form validation method according to the present invention, in above-mentioned flow, click " submission " button is in Figure 10 (a) Terminal device 101 sends a list to server 103 and obtains request;It is both to server 103 that user information is submitted in Figure 10 (b) It sends a list and submits request, and send another list to server 103 and obtain request, in the process, server 103 can With to one first token Token1 of browser, terminal device 101 is given birth to according to the parameter of the first token Token1 and terminal device 101 At the second token Token2, and determine submit when by user information list and the second token Token2 or user information list, First token Token1 and the second token Token2 are sent to server, to judge that the list submits request whether legal;Figure 10 (c) " confirm payment ", which sends a list to server and submit, in asks, and in this process, server 103 is to terminal device 101 The first token Token1 ' is sent, terminal device 101 generates second according to the parameter of the first token Token1 ' and terminal device 101 Token Token2 ', and by payment form and the second token Token2 ' or payment form, the first token Token1 ' and the second token Token2 ' is sent to server 103, to judge that the list submits request whether legal, is returned if legal " paying successfully " Prompting message.In above-mentioned payment flow, there is form validation process twice, form validation method energy using the present invention Enough improve the validity of the safety and request data of user's request path, it is therefore prevented that malicious user crawls page info, passes through Script submission form is asked, and is threatened to the property safety of user.
The device of the invention embodiment introduced below can be used for executing the above-mentioned form validation method of the present invention.For Undisclosed details in apparatus of the present invention embodiment please refers to the embodiment of above-mentioned form validation method of the invention.
Figure 11 shows a kind of structural schematic diagram for verifying the device of network request safety.Referring to Fig.1 shown in 1, Device 1100 for verifying network request safety may include:First token generation module 1101, information receiving module 1102, third token generation module 1103, first matches authentication module 1104.
Specifically, the first token generation module 1101 requests to generate the first token for being used to respond first network Token1, and the first token Token1 is sent to the transmitting terminal that the first network is asked;Information receiving module 1102, For being used to receive the second network request and the second token Token2;Third token generation module 1103, for generating third Token Token3;First matching authentication module 1104, for as the third token Token3 and the second token Token2 When matching, confirm that second network request is legal.
In this exemplary embodiment, the first token generation module 1101 includes that the first judging unit 11011 and token generate Unit 11012.
Specifically, the first judging unit 11011, for judging whether the first network request is legal;Token generates single Member 11012 generates the first token Token1 when legal for first network request.
Token generation unit 11012 can according to timestamp, random number, IP address, first network request sending time, A variety of generations the first token Token1 in previous second network request sending time, verify data.It can certainly wrap Containing other parameters, the present invention is not specifically limited this.
In this exemplary embodiment, the first token generation module 1103 includes:Third token generation unit 11031, is used for Utilize at least partly data of second network request and/or at least one network parameter and the first token Token1 The third token Token3 is generated by Encryption Algorithm
In this exemplary embodiment, the device 1100 for verifying network request safety further includes auxiliary authentication module 1105, auxiliary authentication module 1105 includes user identifier query unit 11051, User Status judging unit 11052, time interval Acquiring unit 11053 submits number acquiring unit 11054, submits frequency acquisition unit 11055, request header information acquiring unit 11056, one or more of IP address acquiring unit 11057.
Specifically, user identifier query unit 11051, for inquiry in the preset database with the presence or absence of the use of transmitting terminal Family identifies, and judges whether network data acquiring request is legal according to query result;User Status judging unit 11052, is used for Judge whether the User Status of transmitting terminal meets preset condition, and judges whether network data acquiring request closes according to judging result Method;Number acquiring unit 11054 is submitted, the submission number of network request is submitted for obtaining transmitting terminal in a measurement period, and It will submit number compared with a desired value, judge whether the second network request is legal according to comparison result;Submit frequency acquisition mould Block 11055 submits the submission frequency of network request for obtaining transmitting terminal in a measurement period, and will submit frequency and a target Frequency compares, and judges whether the submission of the second network request is legal according to comparison result;Request header information acquiring unit 11056, HTTP request header for the transmitting terminal for obtaining network request, and whether the second network request is judged according to request header information It is legal;IP address acquiring unit 11057, the IP address of the transmitting terminal for obtaining network request, and judged according to the IP address Whether the second network request is legal.
In this exemplary embodiment, the device 1100 for verifying network request safety further includes that the 4th token receives mould Block 1106 and second matches authentication module 1107.
Specifically, the 4th token receipt module 1106, for receiving the 4th token Token4;Second matching authentication module 1107, for when the 4th token Token4 is matched with the first token Token1, confirming that the second network request is legal.
In addition, in this exemplary embodiment, time interval acquiring unit 11053 may include the first moment recording unit 110531, the second moment recording unit 110532 and interval time computing unit 110533.
Specifically, the first moment recording unit 110531, for when receiving first network request, recording current time For the first moment t1;Second moment recording unit 110532, for when receiving the second network request, record current time is Second moment t2;Interval time computing unit 110533, for according to the first moment t1 and the second time in counting period moment t2 △ t judge whether the second network request is legal by interval time △ t compared with an effective time according to comparison result.
In this exemplary embodiment, a kind of device for verifying network request safety is additionally provided.As shown in figure 12, Device 1200 for verifying network request safety may include:First sending module 1201, the first token receipt module, the Two token generation modules 1203, the second sending module 1204.
Specifically, the first sending module 1201, for sending first network request to server end;First token receives mould Block 1202, the first token Token1 for receiving server end return;Second token generation module 1203, for utilizing first Token Token1 generates the second token Token2;Second sending module 1204, for sending the second network request and the second token Token2。
In this exemplary embodiment, the second token generation module 1203 includes:First generation unit 12031, for utilizing At least partly data of second network request and/or at least one network parameter and the first token Token1 are logical It crosses Encryption Algorithm and generates the second token Token2.
Further, the second token generation module 1203 further includes:Second generation unit 12032, for being inserted by application Part, webpage control or webpage small routine generate the second token Token2.
In this exemplary embodiment, the device 1200 for verifying network request safety can also include that token submits mould Block 1205, for when sending second network request and the second token Token2, submitting first token Token1。
The each function module of module due to example embodiments of the present invention for verifying network request safety with The step of example embodiment of the above-mentioned method for verifying network request safety, corresponds to, therefore details are not described herein.
It should be noted that although being referred to several modules or unit of form validation device in above-detailed, It is that this division is not enforceable.In fact, according to the embodiment of the present invention, two or more above-described modules or The feature and function of person's unit can embody in a module or unit.Conversely, an above-described module or The feature and function of unit can be further divided into be embodied by multiple modules or unit.
Those skilled in the art after considering the specification and implementing the invention disclosed here, will readily occur to its of the present invention Its embodiment.This application is intended to cover the present invention any variations, uses, or adaptations, these modifications, purposes or Person's adaptive change follows the general principle of the present invention and includes undocumented common knowledge in the art of the invention Or conventional techniques.The description and examples are only to be considered as illustrative, and true scope and spirit of the invention are by appended Claim is pointed out.
It should be understood that the invention is not limited in the precision architectures for being described above and being shown in the accompanying drawings, and And various modifications and changes may be made without departing from the scope thereof.The scope of the present invention is only limited by the attached claims.

Claims (15)

1. a kind of method for verifying network request safety, which is characterized in that including:
Response first network requests to generate the first token, and first token is sent to the transmission of the first network request End;
Receive the second network request and the second token;
Generate third token;
When the third token and second token matched, confirm that second network request is legal.
2. the method according to claim 1 for verifying network request safety, which is characterized in that response first network Requesting to generate the first token includes:
Judge whether the first network request is legal;
When first network request is legal, first token is generated.
3. the method according to claim 1 for verifying network request safety, the generation third token include:
It is logical using at least partly data of second network request and/or at least one network parameter and first token It crosses Encryption Algorithm and generates the third token.
4. the method according to claim 1 for verifying network request safety, which is characterized in that the method is also wrapped It includes:
It is asked according to the user identifier of the transmitting terminal, the User Status of the transmitting terminal, network request submission time interval, network It asks in the IP address for submitting number, network request submission frequency, the HTTP request header of the transmitting terminal, the transmitting terminal Whether legal one or more verifies the network data acquiring request.
5. the method according to claim 1 for verifying network request safety, which is characterized in that the method is also wrapped It includes:
Receive the 4th token;
When the 4th token and first token matched, confirm that second network request is legal.
6. the method for being used to verify network request safety according to claim 1-5 any one of them, which is characterized in that described Network request is form request, and the first network request is that list obtains request, and second network request is submitted for list Request.
7. a kind of device for verifying network request safety, which is characterized in that including:
First token generation module requests to generate the first token for responding first network, and first token is sent to The transmitting terminal of the first network request;
Information receiving module, for receiving the second network request and the second token;
Third token generation module, for generating third token;
First matching authentication module confirms second network request when the third token and second token matched It is legal.
8. a kind of method for verifying network request safety, which is characterized in that including:
First network request is sent to server end;
Receive the first token that the server end returns;
The second token is generated using first token;
Send the second network request and second token.
9. the method according to claim 8 for verifying network request safety, which is characterized in that described in the utilization First token generates the second token:
Utilize at least partly data of second network request and/or at least one network parameter and first token Second token is generated by Encryption Algorithm.
10. the method according to claim 8 for verifying network request safety, which is characterized in that described to utilize institute Stating the first token the second token of generation includes:
Second token is generated by application plug-in, webpage control or webpage small routine.
11. the method according to claim 8 for verifying network request safety, which is characterized in that the method is also Including:
When sending second network request and second token, first token is submitted.
12. the method for verifying network request safety according to any one of claim 8-11, which is characterized in that The network request is form request, and the first network request is that list obtains request, and second network request is list Submit request.
13. a kind of device for verifying network request safety, which is characterized in that including:
First sending module, for sending first network request to server end;
First token receipt module, the first token generated for receiving the server end;
Second token generation module, for generating the second token using first token;
Second sending module, for sending the second network request and second token.
14. a kind of computer-readable medium, is stored thereon with computer program, which is characterized in that described program is held by processor The method for verifying network request safety as described in any one of claim 1-6,8-12 is realized when row.
15. a kind of electronic equipment, which is characterized in that including:
One or more processors;
Storage device, for storing one or more programs, when one or more of programs are by one or more of processing When device executes so that one or more of processors are realized to be used to verify as described in any one of claim 1-6,8-12 The method of network request safety.
CN201810159698.XA 2018-02-26 2018-02-26 Method and device for verifying network request security Active CN108390878B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810159698.XA CN108390878B (en) 2018-02-26 2018-02-26 Method and device for verifying network request security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810159698.XA CN108390878B (en) 2018-02-26 2018-02-26 Method and device for verifying network request security

Publications (2)

Publication Number Publication Date
CN108390878A true CN108390878A (en) 2018-08-10
CN108390878B CN108390878B (en) 2021-11-05

Family

ID=63068513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810159698.XA Active CN108390878B (en) 2018-02-26 2018-02-26 Method and device for verifying network request security

Country Status (1)

Country Link
CN (1) CN108390878B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413053A (en) * 2018-10-09 2019-03-01 四川长虹电器股份有限公司 A kind of method of User Status verifying in service grid environment
CN109698863A (en) * 2018-12-20 2019-04-30 杭州迪普科技股份有限公司 A kind of method, apparatus, equipment and the storage medium of determining HTTP message safety
CN109831456A (en) * 2019-03-14 2019-05-31 腾讯科技(深圳)有限公司 Information push method, device, equipment and storage medium

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8886938B1 (en) * 2012-12-31 2014-11-11 Intuit Inc. System and method for cross-site reference forgery attack prevention using double validated tokens with time sensitivity
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system
CN105743869A (en) * 2014-12-12 2016-07-06 阿里巴巴集团控股有限公司 CSRF (Cross-site Request Forgery) attack prevention method, web server and browser
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment
US20170180347A1 (en) * 2015-12-22 2017-06-22 International Business Machines Corporation Distributed password verification
CN107196892A (en) * 2016-03-15 2017-09-22 阿里巴巴集团控股有限公司 A kind of Website logging method and device
CN107508819A (en) * 2017-09-05 2017-12-22 广东思派康电子科技有限公司 Encryption method and encryption device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8886938B1 (en) * 2012-12-31 2014-11-11 Intuit Inc. System and method for cross-site reference forgery attack prevention using double validated tokens with time sensitivity
CN104519018A (en) * 2013-09-29 2015-04-15 阿里巴巴集团控股有限公司 Method, device and system for preventing malicious requests for server
CN105743869A (en) * 2014-12-12 2016-07-06 阿里巴巴集团控股有限公司 CSRF (Cross-site Request Forgery) attack prevention method, web server and browser
CN104753953A (en) * 2015-04-13 2015-07-01 成都双奥阳科技有限公司 Access control system
US20170180347A1 (en) * 2015-12-22 2017-06-22 International Business Machines Corporation Distributed password verification
CN107196892A (en) * 2016-03-15 2017-09-22 阿里巴巴集团控股有限公司 A kind of Website logging method and device
CN106534176A (en) * 2016-12-08 2017-03-22 西安交大捷普网络科技有限公司 Data safety storage method in cloud environment
CN107508819A (en) * 2017-09-05 2017-12-22 广东思派康电子科技有限公司 Encryption method and encryption device

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109413053A (en) * 2018-10-09 2019-03-01 四川长虹电器股份有限公司 A kind of method of User Status verifying in service grid environment
CN109413053B (en) * 2018-10-09 2021-10-29 四川长虹电器股份有限公司 Method for user state verification in service grid
CN109698863A (en) * 2018-12-20 2019-04-30 杭州迪普科技股份有限公司 A kind of method, apparatus, equipment and the storage medium of determining HTTP message safety
CN109831456A (en) * 2019-03-14 2019-05-31 腾讯科技(深圳)有限公司 Information push method, device, equipment and storage medium
CN109831456B (en) * 2019-03-14 2021-11-23 腾讯科技(深圳)有限公司 Message pushing method, device, equipment and storage medium

Also Published As

Publication number Publication date
CN108390878B (en) 2021-11-05

Similar Documents

Publication Publication Date Title
US20220207519A1 (en) Automated application programming interface (api) system and method
US11222312B2 (en) Method and system for a secure registration
CN104283841B (en) The method, apparatus and system of service access control are carried out to third-party application
CN105556919B (en) Multi-factor authentication using service request ticket
KR20210095122A (en) Secondary fraud detection during transaction verifications
JP6482601B2 (en) Management of secure transactions between electronic devices and service providers
CN110535648A (en) Electronic certificate is generated and verified and key controlling method, device, system and medium
CN107493291A (en) A kind of identity identifying method and device based on safety element SE
CN108390872A (en) Certificate management method, device, medium and electronic equipment
CN109379336A (en) A kind of uniform authentication method, distributed system and computer readable storage medium
KR20180004224A (en) Payment methods, devices and systems
CN110149354A (en) A kind of encryption and authentication method and device based on https agreement
CN110120952A (en) A kind of total management system single-point logging method, device, computer equipment and storage medium
CN109347888A (en) Method for authenticating, gateway and authentication device based on RESTful
CN109327431A (en) Handle the resource request in mobile device
CN108390878A (en) Method, apparatus for verifying network request safety
CN109815659A (en) Safety certifying method, device, electronic equipment and storage medium based on WEB project
CN108923925A (en) Date storage method and device applied to block chain
CN110599140A (en) Digital currency verification method and system
CN108305071A (en) A kind of method and apparatus of enquiring digital currency managing detailed catalogue
CN116975901A (en) Identity verification method, device, equipment, medium and product based on block chain
CN109495468A (en) Authentication method, device, electronic equipment and storage medium
CN108449186A (en) Safe verification method and device
CN108763881A (en) Method and apparatus for controlling user right
JPWO2020145163A1 (en) Service provision system, service provision device, service provision method, and program

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant