CN106412024A - Page acquisition method and device - Google Patents
Page acquisition method and device Download PDFInfo
- Publication number
- CN106412024A CN106412024A CN201610808523.8A CN201610808523A CN106412024A CN 106412024 A CN106412024 A CN 106412024A CN 201610808523 A CN201610808523 A CN 201610808523A CN 106412024 A CN106412024 A CN 106412024A
- Authority
- CN
- China
- Prior art keywords
- page
- data
- specified
- encryption
- cipher mode
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The embodiment of the invention provides a page acquisition method. The page acquisition method based on a user equipment side comprises the steps of intercepting an HTTP request used for acquiring a specified page; adding a specified encryption identifier into the HTTP request; and sending the HTTP request added with the specified encryption identifier to a network side. The page acquisition method based on the network side comprises the steps of receiving an HTTP request used for acquiring the specified page sent by the user equipment; acquiring a corresponding specified encryption manner when the HTTP request comprises the specified encryption identifier is determined; encrypting page data corresponding the to specified page according to the acquired specified encryption manner; and returning the encrypted page data to the user equipment. The method provided by the invention can prevent the page requested to be acquired by the user equipment from being tampered, and can also save cost. In addition, the embodiment of the invention provides a page acquisition device.
Description
Technical field
Embodiments of the present invention are related to technical field of network security, more specifically, embodiments of the present invention are related to one
Plant page acquisition methods and device.
Background technology
This part is it is intended that the embodiments of the present invention stated in claims provide background or context.Herein
Description is not because include just recognizing to be prior art in this part.
At present, the mode that the conventional page obtains is:
The page address that in user equipment, the browser component of browser or APP is submitted to according to user, (super by HTTP
Text transfer protocol) agreement sends HTPP request to the server end of network side, and this request is used for obtaining the corresponding page;Network
The server end of side, according to this HTTP request, extracts corresponding page data, and the page data that will extract by http protocol
Respond to the browser in user equipment or browser component;The page that server end is responded by browser or browser component
Face data is spliced into the corresponding page and shows.
Under http protocol, the data of transmission is clear data, that is, server end utilize http protocol to browser or
The page data of browser component response is clear data, and some network attack equipment or software may intercept server response
Page data, and this page data is distorted, the page data after distorting is sent to user equipment, this will result in
User equipment normally cannot show the page, or, comprise the problem of various junk information in the page of display.
At present, in order to avoid the problems referred to above, http protocol is replaced with HTTPS agreement, in response to HTTPS request, service
Corresponding page data is encrypted by device end, and the page data after encryption is responded to browser or browser component,
After browser or browser component are decrypted to page data, carry out the page and show.
But, http protocol is replaced with HTTPS agreement and is related to O&M configuration modification, code revision and the network equipment
The operations such as energy optimization, the change that needs are carried out in network side is more, relatively costly.
Content of the invention
In prior art, due to by http protocol replace with HTTPS agreement be related to O&M configuration modification, code revision and
The operations such as performance of network equipments optimization, the change that needs are carried out in network side is more, relatively costly.For this reason, being highly desirable to one kind
Can either be cost-effective and be prevented from the page acquisition methods that the page is tampered.
In the present context, embodiments of the present invention expectation provides a kind of page acquisition methods and device.
In the first aspect of embodiment of the present invention, there is provided a kind of page acquisition methods, including:
Intercept and pass protocol HTTP request for the hypertext obtaining specified page;
Specified encryption identification is added in described HTTP request;
It is sent to network side by adding the HTTP request specifying encryption identification.
In the second aspect of embodiment of the present invention, there is provided a kind of page acquisition device, including:
Interception module, passes protocol HTTP request for intercepting for the hypertext obtaining specified page;
Add module, for being added to specified encryption identification in described HTTP request;
Sending module, for being sent to network side by adding the HTTP request specifying encryption identification.
In the third aspect of embodiment of the present invention, there is provided another kind of page acquisition methods, including:
The HTTP request of the acquisition specified page that receive user equipment sends;
Determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify cipher mode;
Corresponding for described specified page page data is encrypted by the specified cipher mode according to described acquisition;
Page data after described encryption is returned to described user equipment.
In the fourth aspect of embodiment of the present invention, there is provided another kind of page acquisition device, including:
Receiver module, the HTTP request of the acquisition specified page sending for receive user equipment;
Acquisition module, when comprising to specify encryption identification in described HTTP request for determining, obtains and specifies encryption accordingly
Mode;
Corresponding for described specified page page data is entered by encrypting module for the specified cipher mode according to described acquisition
Row encryption;
Sending module, for returning to described user equipment by the page data after described encryption.
In the 5th aspect of embodiment of the present invention, there is provided a kind of page obtains equipment, for example, it is possible to include storage
Device and processor, wherein, processor can be used for reading the program in memorizer, executes following process:
Intercept and pass protocol HTTP request for the hypertext obtaining specified page;
Specified encryption identification is added in described HTTP request;
It is sent to network side by adding the HTTP request specifying encryption identification.
In the 6th aspect of embodiment of the present invention, there is provided another kind of page obtains equipment, for example, it is possible to include depositing
Reservoir and processor, wherein, processor can be used for reading the program in memorizer, executes following process:
The HTTP request of the acquisition specified page that receive user equipment sends;
Determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify cipher mode;
Corresponding for described specified page page data is encrypted by the specified cipher mode according to described acquisition;
Page data after described encryption is returned to described user equipment.
In the 7th aspect of embodiment of the present invention, there is provided a kind of program product, it includes program code, when described
When program product runs, described program code is used for executing procedure below:
Intercept and pass protocol HTTP request for the hypertext obtaining specified page;
Specified encryption identification is added in described HTTP request;
It is sent to network side by adding the HTTP request specifying encryption identification.
In the eighth aspect of embodiment of the present invention, there is provided another kind of program product, it includes program code, works as institute
When stating program product operation, described program code is used for executing procedure below:
The HTTP request of the acquisition specified page that receive user equipment sends;
Determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify cipher mode;
Corresponding for described specified page page data is encrypted by the specified cipher mode according to described acquisition;
Page data after described encryption is returned to described user equipment.
Page acquisition methods according to embodiment of the present invention and device, user equipment adds in the HTTP request intercepting
Encryption identification, and the HTTP request adding encryption identification is sent to network side, network side is by according to the encryption in HTTP request
Identify the page data after corresponding cipher mode encryption and return to user equipment, i.e. on the basis of http protocol, pass through
HTTP request, the page data after network side obtains encryption, thus the page quilt that user equipment requests obtain can either be prevented
Distort, again can be cost-effective.
Brief description
Detailed description below, above-mentioned and other mesh of exemplary embodiment of the invention are read by reference to accompanying drawing
, feature and advantage will become prone to understand.In the accompanying drawings, if showing the present invention's by way of example, and not by way of limitation
Dry embodiment, wherein:
Fig. 1 schematically shows the application scenarios schematic diagram according to embodiment of the present invention;
Fig. 2 schematically shows the page acquisition methods one embodiment schematic flow sheet according to embodiment of the present invention;
Fig. 3 schematically shows the stream of the method that in mode of the present invention, page data after encryption is decrypted with process
Journey schematic diagram;
Fig. 4 schematically shows the page acquisition methods another embodiment schematic flow sheet according to embodiment of the present invention;
Fig. 5 schematically shows and determines the flow process comprising specified encryption identification in HTTP request in embodiment of the present invention
Schematic diagram;
Fig. 6 schematically shows the flow process in embodiment of the present invention, loading resource white list being returned to user equipment and shows
It is intended to;
Fig. 7 schematically shows the flow process that the page data after encryption returns in embodiment of the present invention user equipment
Schematic diagram;
Fig. 8 schematically shows the page acquisition methods that the user equipment of embodiment of the present invention offer is interacted with network side
An embodiment process schematic diagram;
The page that Fig. 9 schematically shows according to the user equipment that embodiment of the present invention provides is interacted with network side obtains
Take the schematic flow sheet of another embodiment of method.
Figure 10 schematically shows the structural representation of page acquisition device according to an embodiment of the invention;
Figure 11 schematically shows the structural representation of page acquisition device according to another embodiment of the present invention;
Figure 12 schematically shows the structural representation of the page acquisition device according to further embodiment of this invention;
Figure 13 schematically shows the structural representation of page acquisition device according to yet another embodiment of the invention;
Figure 14 schematically shows the program product for User Page acquisition methods according to an embodiment of the invention
Schematic diagram;
Figure 15 schematically shows and is shown for the program product of page acquisition methods according to further embodiment of this invention
It is intended to.
In the accompanying drawings, identical or corresponding label represents identical or corresponding part.
Specific embodiment
Principle and the spirit of the present invention to be described below with reference to some illustrative embodiments.It should be appreciated that providing this
A little embodiments are used for the purpose of making those skilled in the art better understood when and then realizing the present invention, and not with any
Mode limits the scope of the present invention.On the contrary, these embodiments are provided so that the disclosure is more thorough and complete, and energy
Enough the scope of the present disclosure is intactly conveyed to those skilled in the art.
One skilled in the art will appreciate that embodiments of the present invention can be implemented as a kind of system, device, equipment, method
Or computer program.Therefore, the disclosure can be implemented as following form, that is,:Completely hardware, completely software
(including firmware, resident software, microcode etc.), or the form that hardware and software combines.
According to the embodiment of the present invention it is proposed that a kind of page acquisition methods and device.
Herein it is to be understood that any number of elements in accompanying drawing is used to example and unrestricted and any
Name is only used for distinguishing, and does not have any limitation.
Below with reference to some representative embodiments of the present invention, the in detail principle of the explaination present invention and spirit.
Summary of the invention
The inventors discovered that, in prior art, in order to avoid the page caused by the page acquisition modes based on http protocol
The problem that face is tampered, http protocol is replaced with HTTPS agreement.But, http protocol is replaced with HTTPS agreement and is related to transport
The operations such as dimension configuration modification, code revision and performance of network equipments optimization, the change that needs are carried out in network side is more, cost
Higher.Therefore, a kind of improved page acquisition methods are lacked in prior art, can either be cost-effective and be prevented from page quilt
Distort.
For this reason, the invention provides a kind of page acquisition methods and device, wherein, the page based on user equipment side obtains
Method can include:Intercept and pass protocol HTTP request for the hypertext obtaining specified page;Specified encryption identification is added to
In described HTTP request;It is sent to network side by adding the HTTP request specifying encryption identification;The page based on network side obtains
Method can include:The HTTP request of the acquisition specified page that receive user equipment sends;Determine described
When comprising to specify encryption identification in HTTP request, obtain and specify cipher mode accordingly;Specified encryption side according to described acquisition
Corresponding for described specified page page data is encrypted by formula;Page data after described encryption is returned to described user set
Standby.
After the ultimate principle describing the present invention, lower mask body introduces the various non-limiting embodiment party of the present invention
Formula.
Application scenarios overview
With reference first to Fig. 1, as shown in figure 1, illustrating for the application scenarios of page acquisition methods provided in an embodiment of the present invention
Figure, including user equipment 101 server 102, wherein, server 102 is located at network side, and user equipment 101 includes browsing
Device (or the browser component in APP) and network intermediate layer.More specifically, when the operating system of user equipment 101 is ARIXTRA
During operating system, can be using self-defining assembly as network intermediate layer, when the operating system of user equipment 101 operates system for IOS
During system, the NSPprotocol that can carry IOS system is as network intermediate layer.
Network intermediate layer in user equipment intercepts browser or browser component sends for obtaining specified page
Hypertext pass protocol HTTP request;Specified encryption identification is added in described HTTP request;Specify encryption identification by adding
HTTP request be sent to the server 102 of network side.Server 102 receive user equipment send acquisitions specified page surpass
Text transfer protocol HTTP request;Determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify encryption
Mode;Corresponding for described specified page page data is encrypted by the specified cipher mode according to described acquisition;Add described
Page data after close returns to described user equipment.Also can be provided with user equipment 101 and there is answering of browsing pages function
With program, do not limit here.
Illustrative methods
With reference to the application scenarios of Fig. 1, with reference to Fig. 2~Fig. 9, the page according to exemplary embodiment of the invention to be described
Face acquisition methods.It should be noted that above-mentioned application scenarios are for only for ease of and understand spirit and principles of the present invention and illustrate,
Embodiments of the present invention are unrestricted in this regard.On the contrary, embodiments of the present invention can apply to applicable appointing
What scene.
A kind of schematic flow sheet of page acquisition methods one embodiment that Fig. 2 provides for the present invention, main inclusion user sets
The standby flow process obtaining the page from network side, executive agent can be the user equipment 101 in application scenarios overview, as shown in Fig. 2
A kind of page acquisition methods provided in an embodiment of the present invention, comprise the steps:
Step 201, intercepts and passes protocol HTTP request for the hypertext obtaining specified page.
When being embodied as, monitor browser or after browser component sends HTTP request based on http protocol, intercept
This HTTP request, to process to this HTTP request.
Step 202, specified encryption identification is added in described HTTP request.
In this step, add encryption identification in the HTTP request intercepting, preferably specified encryption identification can be added to institute
State the head of HTTP request.Wherein, user equipment and network side are made an appointment the corresponding cipher mode of different encryption identifications, user
Encryption identification is added in HTTP request equipment, when network side receives the HTTP request adding encryption identification, according to preservation
The corresponding relation of encryption identification and cipher mode and HTTP request in encryption identification, determine the corresponding encryption of encryption identification
Mode.Wherein, specific cipher mode refers to existing AES, and in the same manner, corresponding manner of decryption also refers to existing
Decipherment algorithm, be not detailed here.Encryption identification in the embodiment of the present invention is preferred for representing acquisition according to this encryption mark
Know the page data after corresponding cipher mode is encrypted, if carrying this mark in HTTP request then it represents that obtaining
Page data is the page data after being encrypted using the cipher mode corresponding to this encryption identification.This is to for encryption identification
A kind of preferred limiting mode, in addition, the encryption identification in the embodiment of the present invention can be also used for represent obtain unencryption
Page data, or, for represent obtain be encrypted using a kind of default encryption mode set in advance after page number
Can be used for according to, i.e. the encryption identification in the present invention representing the page data of acquisition request the need of encryption, use default one
Plant default behavior encryption or be encrypted using a certain mode in default multiple cipher modes.
Step 203, is sent to network side by adding the HTTP request specifying encryption identification.
In this step, user equipment is sent to network based on http protocol by adding the HTTP request specifying encryption identification
Side.
The embodiment that Fig. 2 provides, on the basis of http protocol, the HTTP request adding encryption identification is sent to network
Side, to obtain the page data after the corresponding encryption of the asked page such that it is able to prevent user equipment requests from network side
The page be tampered, and, still communicated using http protocol it is not necessary to http protocol is replaced with HTTPS agreement, section
About cost.
After execution step 203, the HTTP request that network side is directed to user equipment transmission can return user equipment requests
The corresponding page data of the page, now, page acquisition methods provided in an embodiment of the present invention also include herein below:
Step 204, intercept that described network side sends to specify the page data after cipher mode encryption, described page number
According to for the corresponding page data of described specified page.
Wherein, described specified cipher mode is the corresponding cipher mode of described specified encryption identification.
Step 205, according to the corresponding manner of decryption of described specified cipher mode, is carried out to the page data after described encryption
Decryption processing.
Step 206, generates described specified page according to the page data after decryption processing and shows.
When being embodied as, user equipment sends to network side after adding the HTTP request specifying encryption identification, and network side returns
Return according to the page data after respective encrypted mode (specified cipher mode corresponding with specified encryption identification) encryption.User
Equipment obtains page data after the encryption that network side returns, and according to the specified cipher mode pair corresponding with specified encryption identification
The manner of decryption answered, the page data after the encryption that network side is returned is decrypted, and generates according to the page data after deciphering
Specified page simultaneously shows.Specifically, refer to prior art according to the mode that page data generates the page, be not detailed here.
The embodiment of the present invention, between user equipment and network side, the page data of transmission is the page data after encryption,
The page being prevented from user equipment requests is maliciously tampered, and is based on http protocol and communicates, keep away between user equipment and network side
Exempt to use HTTPS agreement, saved cost.
Specifically, network side returns the html data that the corresponding page data of specified page includes described specified page, institute
State html data and include text data, JS chained address and resource data chained address.Wherein, the Chinese full name of HTML is super civilian
This markup language, English full name is HyperText Markup Language, and JS is JavaScript's (a kind of script)
Abbreviation, the text data in html data in the embodiment of the present invention is the corresponding data of text in the page, and resource data links
Address is the corresponding chained addresses of resource such as the picture in the page, video, audio frequency, and JS chained address is by JS script control in the page
The chained address of the partly corresponding JS perform script of system, the link of the corresponding JS perform script of the submitting button in the such as page
Address.Preferably, the content that available Fig. 3 provides, according to the corresponding manner of decryption of described specified cipher mode, to described encryption
Page data afterwards is decrypted process:
Step 301, according to the corresponding manner of decryption of described specified cipher mode, is carried out to the page data after described encryption
Deciphering, obtains the html data after the deciphering of described specified page.
In this step, page data after encryption is decrypted, obtains the html data after the corresponding deciphering of specified page.
Step 302, according to the JS chained address in described html data, obtains described JS chained address from described network side
Corresponding encrypt according to described specified cipher mode after JS data.
When being embodied as, network side pre-saves JS and links corresponding JS data, and the JS number that network side pre-saves
According to for the JS data after being encrypted according to each cipher mode and unencrypted JS data.User equipment is according to html data
In JS chained address, from network side obtain JS chained address corresponding according to specified cipher mode encryption after JS data.
Wherein, for same JS data, the JS chained address according to this JS data after the encryption of different cipher modes is different, unencrypted
The JS chained address of this JS data is also different from the JS chained address of this JS data after encryption, such as:Unencrypted JS data
Chained address be a, the chained address of this JS data after encryption is Xa, and wherein, X is used for representing different cipher modes, X is
When 1, cipher mode is the first cipher mode, and X is to represent second cipher mode, by that analogy, certainly, after encryption when 2
The form of the chained address of JS data can also be other forms, does not limit here.
In the embodiment of the present invention, the JS chained address that network side returns to user equipment as specifies cipher mode corresponding
JS chained address, user equipment can directly obtain according to the JS number after the encryption of specified cipher mode according to this JS chained address
According to.
Step 303, according to the corresponding manner of decryption of described specified cipher mode, to described according to described specified encryption side
JS data after formula encryption is decrypted, and obtains the JS data of described specified page.
Step 304, according to the resource data chained address in described html data, obtains described resource from described network side
The corresponding resource data in data link address.
Specifically, according to resource data chained address, obtain the corresponding number of resources in resource data chained address from network side
According to.Wherein, the sequencing of step 302 and step 304 can not limit, and also can first carry out step 304, then execution step 302,
Or step 302 and step 304 execute simultaneously.
It is preferably carried out mode as one kind, page acquisition methods provided in an embodiment of the present invention also intercept described network side
Send with specify cipher mode encryption after loading resource white list;According to the corresponding decryption side of described specified cipher mode
Formula, to described encryption after loading resource white list be decrypted process, the loading resource white list after decipher, described add
Carry the chained address that resource white list includes trust in described specified page.Wherein, load in resource white list CSP and comprise
The chained address of trust in specified page, that is, the chained address in CSP is the higher chained address of level of security, in CSP
Chained address includes resource data link address.After loading resource white list after being deciphered, can basis in such a way
Resource data chained address in described html data, obtains the corresponding money in described resource data chained address from described network side
Source data:
Determine described resource data chained address be described load resource white list in resource data chained address when, from
Described server obtains the corresponding resource data in described resource data chained address.
This mode obtaining resource data link address corresponding resource data is it is ensured that resource data chained address
Reliability, improves the safety of the resource data of acquisition further.
A kind of schematic flow sheet of page acquisition methods one embodiment that Fig. 4 provides for the present invention, mainly includes network side
To the flow process of user equipment back page data, executive agent can be the server 102 in application scenarios overview, as Fig. 4 institute
Show that a kind of page acquisition methods provided in an embodiment of the present invention comprise the steps:
Step 401, the HTTP request of the acquisition specified page that receive user equipment sends.
Step 402, judges whether comprise to specify encryption identification in described HTTP request, if it is, execution step 403, no
Then, execution step 406.
When being embodied as, can determine whether whether the head of HTTP request comprises to specify encryption identification.
Step 403, obtains and specifies cipher mode accordingly.
In this step, when comprising to specify encryption identification in HTTP request, determine corresponding with this specified encryption identification
Specified cipher mode, wherein, network side prestores the corresponding relation of encryption identification and cipher mode, if specifying cipher mode
Current implication is to obtain unencrypted page data, then given step 406.
Step 404, corresponding for described specified page page data is carried out adding by the specified cipher mode according to described acquisition
Close.
In this step, according to specified cipher mode, to specified page, corresponding page data is encrypted, wherein, to page
The explanation of face data refers to the explanation in the page acquisition methods of user equipment side to page data, does not repeat here.
Step 405, the page data after described encryption is returned to described user equipment.
In this step, can HTTP request by sending for user equipment side http response, by the page after encryption
Data returns to user equipment.Specifically the page data after encryption can be edited into after the head of http response.
Step 406, corresponding for described specified page unencrypted page data is returned to described user equipment.
In this step, do not carry encryption identification in HTTP request it may be determined that user terminal by HTTP request obtain plus
Close page data, now can HTTP request by sending for user equipment side http response, by the unencrypted page
Data returns to user equipment.
When being embodied as, can determine and comprise in described HTTP request to specify encryption identification using the content of Fig. 5 offer:
Step 501, judges whether the specific field of the head of described HTTP request is preset value, if it is, execution step
502, otherwise, execution step 503.
Step 502, determines and comprises in described HTTP request to specify encryption identification.
Step 503, determines and does not comprise in described HTTP request to specify encryption identification.
Be preferably carried out mode as one kind, can also by for specified page loading resource white list with encryption after
Page data returns to user equipment together, the content that specifically can provide according to Fig. 6, returns to user by loading resource white list
Equipment:
Step 601, obtains from the head of the http response message for described HTTP request and loads resource white list.
Wherein, for loading illustrating of resource white list, refer to user equipment and be directed to loading resource white list
Illustrate, do not repeat here.
Step 602, the specified cipher mode according to described acquisition is encrypted to loading resource white list.
Wherein, the specified cipher mode of acquisition is acquired specified accordingly cipher mode in step 403
Step 603, the loading resource white list after described encryption is returned to described user equipment.
In prior art, the head that loading resource white list carries in this http response message can be returned to use by network side
Family equipment, but this loading resource white list can't be encrypted.This preferred implementation, loads the white name of resource by intercepting
Singly, after and loading resource white list being encrypted according to specified cipher mode, return to user equipment together with page data, thus
Ensure to load resource white list not by malicious attack.When being embodied as, can be by the loading resource white list after encryption and page number
According to being added to side by side after the head of http response, return to user equipment.
The content that can provide according to Fig. 7, the page data after described encryption is returned to described user equipment:
Step 701, determines the specified cipher mode corresponding JS chained address of described acquisition, wherein, described JS chain ground connection
Location corresponding JS data is described specified page corresponding JS data, and this JS data adds according to specifying of described acquisition in advance
Close mode is encrypted.
When being embodied as, network side is directed to same JS data, saves this JS data after different cipher modes are encrypted,
Corresponding JS chained address, i.e. the form of this JS data corresponding JS chained address after different cipher mode encryptions is different.
Specific explanation refers to the detailed description for step 302, does not repeat here.Network side has pre-saved each JS number
According to the corresponding relation of, cipher mode and JS chained address, the specified page that can be obtained according to user equipment requests and user
The specified cipher mode of equipment side instruction, obtains the JS data corresponding JS chain of this specified cipher mode this specified page corresponding
Ground connection location.
Step 702, the specified cipher mode corresponding JS chained address obtaining is placed on the HTLM of described specified page
In data.
In this step, page data includes html data, and html data includes JS chained address.
Step 703, the HTLM data of described specified page is returned according to after the specified cipher mode encryption of described acquisition
To described user equipment.
Wherein, for arbitrary JS data, using the corresponding JS of described arbitrary JS data after different cipher mode encryptions
Chained address is different, arbitrary JS data described in unencrypted and appointing described in after being encrypted according to each cipher mode in advance
One JS data is stored in advance in backup server CND.Network side includes former server and multiple backup server, and each is standby
Backed up the page data in former server in part server in advance, when being embodied as, user equipment preferably with away from its nearest neighbours
A server (former server or backup server) communicated, with from this server obtain user equipment requests the page
Corresponding page data.
The flow process of page acquisition methods one embodiment being interacted with network side based on user equipment that Fig. 8 provides for the present invention
Schematic diagram, the main flow process including interacting between network side and user equipment, comprise the steps:
Step 801, user equipment intercepts and passes protocol HTTP request for the hypertext obtaining specified page.
Step 802, specified encryption identification is added in described HTTP request user equipment.
In this step, specified encryption identification is added to the head of described HTTP request.
Step 803, user equipment is sent to network side by adding the HTTP request specifying encryption identification.
Step 804, the HTTP request of the acquisition specified page that network side receive user equipment sends.
Step 805, network side determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify encryption
Mode.
In this step, determine in the following way and comprise in described HTTP request to specify encryption identification:
Whether the specific field judging the head of described HTTP request is preset value;If it is, determining described HTTP request
In comprise specify encryption identification.
Step 806, network side according to described acquisition specified cipher mode by corresponding for described specified page page data
It is encrypted.
Step 807, the page data after described encryption is returned to described user equipment by network side.
When being embodied as, in such a way the page data after described encryption can be returned to described user equipment:Really
The specified cipher mode corresponding JS chained address of fixed described acquisition, wherein, the corresponding JS data in described JS chained address is institute
State specified page corresponding JS data, and this JS data is encrypted according to the specified cipher mode of described acquisition in advance;Will
The specified cipher mode corresponding JS chained address obtaining is placed in the HTLM data of described specified page;By described specific page
The HTLM data in face returns to described user equipment according to after the specified cipher mode encryption of described acquisition;Wherein, for arbitrary
JS data, unencrypted different using the corresponding JS chained address of described arbitrary JS data after different cipher mode encryptions
Described arbitrary JS data and the described arbitrary JS data after being encrypted according to each cipher mode in advance are stored in advance in standby
In part server.
Step 808, user equipment intercept that described network side sends to specify the page data after cipher mode encryption, institute
Stating page data is the corresponding page data of described specified page.
Step 809, user equipment according to the corresponding manner of decryption of described specified cipher mode, to the page after described encryption
Data is decrypted process.
Preferably, implementation steps 809 in such a way:
According to the corresponding manner of decryption of described specified cipher mode, the page data after described encryption is decrypted, obtains
Html data to after the deciphering of described specified page;According to the JS chained address in described html data, from described network side
JS data after obtaining that described JS chained address is corresponding and encrypting according to described specified cipher mode;According to described specified encryption
The corresponding manner of decryption of mode, is decrypted according to the JS data after described specified cipher mode encryption to described, obtains institute
State the JS data of specified page;And, according to the resource data chained address in described html data, obtain institute from described network side
State the corresponding resource data in resource data chained address.
Step 810, user equipment generates described specified page according to the page data after decryption processing and shows.
Page data in the embodiment that Fig. 8 provides includes the HTML html data of described specified page,
Described html data includes text data, JS chained address and resource data chained address.
The flow process of another embodiment of page acquisition methods that Fig. 9 is interacted with network side for the user equipment that the present invention provides is shown
It is intended to, the main flow process including interacting between network side and user equipment, comprise the steps:
Step 901, user equipment intercepts and passes protocol HTTP request for the hypertext obtaining specified page.
Step 902, specified encryption identification is added to the head of described HTTP request by user equipment.
Step 903, user equipment is sent to network side by adding the HTTP request specifying encryption identification.
Step 904, the HTTP request of the acquisition specified page that network side receive user equipment sends.
Step 905, when network side determines that the head of described HTTP request comprises to specify encryption identification, obtains and specifies accordingly
Cipher mode.
Step 906, network side according to described acquisition specified cipher mode by corresponding for described specified page page data
It is encrypted.
Step 907, network side obtains from the head of the http response message for described HTTP request and loads the white name of resource
Single.
Wherein, described loading resource white list includes the chained address of trust in described specified page.
Step 908, the specified cipher mode according to described acquisition is encrypted to loading resource white list.
Step 909, the page data after described encryption and the loading resource white list after described encryption are compiled by network side
Collect after the head for the http response message of described HTTP request, and the http response message after editor is returned to
Described user equipment.
Step 910, user equipment intercept http response message, and from the head of this http response message after acquisition with
Page data after specified cipher mode encryption and the loading resource white list after encryption.
Step 911, user equipment according to the corresponding manner of decryption of described specified cipher mode, to the page after described encryption
Loading resource white list after data and encryption is decrypted process.
Preferably, implementation steps 911 in such a way:
According to the corresponding manner of decryption of described specified cipher mode, the page data after described encryption is decrypted, obtains
Html data to after the deciphering of described specified page;According to the JS chained address in described html data, from described network side
JS data after obtaining that described JS chained address is corresponding and encrypting according to described specified cipher mode;According to described specified encryption
The corresponding manner of decryption of mode, is decrypted according to the JS data after described specified cipher mode encryption to described, obtains institute
State the JS data of specified page;And, determine that described resource data chained address is the described number of resources loading in resource white list
During according to chained address, obtain the corresponding resource data in described resource data chained address from described server.
Step 912, user equipment according to the page data after decryption processing and loads resource white list, generates described finger
Determine the page and show.
Example devices
After the page acquisition methods describing exemplary embodiment of the invention, next, with reference to Figure 10~Figure 11
The page acquisition device of description exemplary embodiment of the invention.
Figure 10 is the structural representation being arranged at one of user equipment page acquisition device provided in an embodiment of the present invention
Figure, as shown in Figure 10, can include as lower module:
First interception module 1001, passes protocol HTTP request for intercepting for the hypertext obtaining specified page;
Add module 1002, for being added to specified encryption identification in described HTTP request;
Sending module 1003, for being sent to network side by adding the HTTP request specifying encryption identification.
Preferably, page acquisition device provided in an embodiment of the present invention also includes:
Second interception module 1004, for intercepting that described network side sends to specify the page number after cipher mode encryption
According to described page data is the corresponding page data of described specified page;
Deciphering module 1005, for according to the corresponding manner of decryption of described specified cipher mode, to the page after described encryption
Face data is decrypted process;
Display module 1006, for described specified page being generated according to the page data after decryption processing and showing, wherein
Described specified cipher mode is the corresponding cipher mode of described specified encryption identification.
Preferably, in page acquisition device provided in an embodiment of the present invention, described page data includes described specified page
HTML html data, described html data include text data, JS chained address and resource data chain ground connection
Location.
Preferably, described deciphering module 1005 includes:
First decryption unit 10051, for according to the corresponding manner of decryption of described specified cipher mode, after described encryption
Page data be decrypted, obtain the html data after the deciphering of described specified page;
First acquisition unit 10052, for according to the JS chained address in described html data, obtaining from described network side
Described JS chained address is corresponding encrypt according to described specified cipher mode after JS data;
Second decryption unit 10053, for according to the corresponding manner of decryption of described specified cipher mode, to described according to
JS data after described specified cipher mode encryption is decrypted, and obtains the JS data of described specified page;
Second acquisition unit 10054, for according to the resource data chained address in described html data, from described network
Side obtains the corresponding resource data in described resource data chained address.
Preferably, described second interception module 1004 is additionally operable to, intercept that described network side sends to specify cipher mode
Loading resource white list after encryption;
Described deciphering module 1005 is additionally operable to, according to the corresponding manner of decryption of described specified cipher mode, to described encryption
Loading resource white list afterwards is decrypted process, and described loading resource white list includes trust in described specified page
Chained address.
Preferably, second acquisition unit 10054 is specifically for determining that described resource data chained address is that described loading provides
During resource data chained address in the white list of source, obtain the corresponding resource in described resource data chained address from described server
Data.
Preferably, described add module 1002 specifically for being added to the head of described HTTP request by specified encryption identification
Portion.
Figure 11 is a kind of structural representation of the page acquisition device being arranged at network side provided in an embodiment of the present invention, such as
Shown in Figure 11, can include as lower module:
Receiver module 1101, HTML (Hypertext Markup Language) HTTP of the acquisition specified page sending for receive user equipment please
Ask;
Acquisition module 1102, when comprising to specify encryption identification in described HTTP request for determining, obtains and specifies accordingly
Cipher mode;
Encrypting module 1103, for the specified cipher mode according to described acquisition by corresponding for described specified page page number
According to being encrypted;
Sending module 1104, for returning to described user equipment by the page data after described encryption.
Preferably, described acquisition module 1102 includes:
Judging unit 11021, whether the specific field for judging the head of described HTTP request is preset value;
Determining unit 11022, in the case of judging to be in judging unit 11021, determines in described HTTP request and comprises
Specified encryption identification.
Preferably, described acquisition module 1102 is additionally operable to, from the head of the http response message for described HTTP request
Obtain and load resource white list;
Described encrypting module 1103 is additionally operable to, and the specified cipher mode according to described acquisition is carried out to loading resource white list
Encryption;
Described sending module 1104 is additionally operable to, and the loading resource white list after described encryption is returned to described user and sets
Standby.
Preferably, described sending module 1104 includes:
Determining unit 11041, for determining the specified cipher mode corresponding JS chained address of described acquisition, wherein, institute
Stating JS chained address corresponding JS data is described specified page corresponding JS data, and this JS data obtains according to described in advance
The specified cipher mode taking is encrypted;
Placement unit 11042, for being placed on described specifying by the specified cipher mode corresponding JS chained address obtaining
In the HTLM data of the page;
Returning unit 11043, for by the HTLM data of described specified page according to described acquisition specified cipher mode
Described user equipment is returned to after encryption;Wherein, for arbitrary JS data, appoint described in after being encrypted using different cipher modes
The corresponding JS chained address of one JS data is different, arbitrary JS data described in unencrypted and entering according to each cipher mode in advance
Described arbitrary JS data after row encryption is stored in advance in backup server.
Example devices
After the page acquisition methods describing exemplary embodiment of the invention and device, next, introducing basis
The page acquisition device of the another exemplary embodiment of the present invention, this page acquisition device is located at user equipment side.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be implemented as following form, that is,:Completely hardware embodiment, complete
Full Software Implementation (including firmware, microcode etc.), or the embodiment that hardware and software aspect combines, can unite here
Referred to as " circuit ", " module " or " system ".
In some possible embodiments, the page acquisition device according to the present invention can at least include at least one
Reason unit and at least one memory element.Wherein, described memory element has program stored therein code, when described program code quilt
So that described processing unit executes the root described in this specification above-mentioned " illustrative methods " part during described processing unit execution
According to the step in the page acquisition methods based on the various illustrative embodiments of subscriber terminal side for the present invention.For example, described place
Reason unit can execute step 201 as shown in Figure 2, and hypertext biography agreement HTTP intercepting for obtaining specified page please
Ask, step 202, specified encryption identification is added in described HTTP request, step 203, specify encryption identification by adding
HTTP request is sent to network side.
Page acquisition device 120 according to the embodiment of the invention to be described referring to Figure 12.Figure 12 shows
Page acquisition device 120 be only an example, should not bring any limit to the function of the embodiment of the present invention and range
System.
As shown in figure 12, page acquisition device 120 is showed in the form of universal computing device.Page acquisition device 120
Assembly can include but is not limited to:At least one processing unit 1201 above-mentioned, at least one memory element 1202 above-mentioned, connection are not
The bus 1203 of homologous ray assembly (including processing unit 1201 and memory element 1202).
Bus 1203 represents one or more of a few class bus structures, controls including memory bus or memorizer
Device, peripheral bus, processor or using the arbitrarily bus-structured local bus in multiple bus structures.
Memory element 1202 can include the computer-readable recording medium of form of volatile memory, such as random access memory
(RAM) 12021 and/or cache memory 12022, can further include read only memory (ROM) 12023.
Memory element 1202 can also include the program/utility with one group of (at least one) program module 12024
12025, such program module 12024 includes but is not limited to:Operating system, one or more application program, other program
The realization of network environment is potentially included in module and routine data, each of these examples or certain combination.
Page acquisition device 120 can also be led to one or more external equipments 1204 (such as keyboard, sensing equipment etc.)
Letter, also can enable a user to, with one or more, the equipment communication that interact with page acquisition device 120, and/or with make this
Any equipment (such as router, modulatedemodulate that page acquisition device 120 can be communicated with one or more of the other computing device
Adjust device etc.) communication.This communication can be carried out by input/output (I/O) interface 1205.And, page acquisition device 120
Can also be by network adapter 1206 and one or more network (such as LAN (LAN), wide area network (WAN) and/or public affairs
Common network network, such as the Internet) communication.As shown in figure 12, network adapter 1206 is passed through bus 1203 and is obtained dress for the page
Put 120 other module communications.It will be appreciated that though in figure is not shown, can be in conjunction with page acquisition device 120 using other hard
Part and/or software module, including but not limited to:Microcode, device driver, redundant processing unit, external disk drive array,
RAID system, tape drive and data backup storage system etc..
Next, introducing the page acquisition device of the another exemplary embodiment according to the present invention, this page obtains dress
Setting in network side.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or
Program product.Therefore, various aspects of the invention can be implemented as following form, that is,:Completely hardware embodiment, complete
Full Software Implementation (including firmware, microcode etc.), or the embodiment that hardware and software aspect combines, can unite here
Referred to as " circuit ", " module " or " system ".
In some possible embodiments, the page acquisition device according to the present invention can at least include at least one
Reason unit and at least one memory element.Wherein, described memory element has program stored therein code, when described program code quilt
So that described processing unit executes the root described in this specification above-mentioned " illustrative methods " part during described processing unit execution
According to the step in the page acquisition methods of the various illustrative embodiments of inventive network side.For example, described processing unit can
To execute step 401 as shown in Figure 4, HTML (Hypertext Markup Language) HTTP of the acquisition specified page that receive user equipment sends
Request, step 402, judge whether comprise in described HTTP request to specify encryption identification, if it is, execution step 403, otherwise,
Execution step 406, step 403, obtain and specify cipher mode accordingly, step 404, according to the specified cipher mode of described acquisition
Corresponding for described specified page page data is encrypted, step 405, the page data after described encryption is returned to described
User equipment, step 406, corresponding for described specified page unencrypted page data is returned to described user equipment.
Page acquisition device 130 according to the embodiment of the invention to be described referring to Figure 13.Figure 13 shows
Page acquisition device 130 be only an example, should not bring any limit to the function of the embodiment of the present invention and range
System.
As shown in figure 13, page acquisition device 130 is showed in the form of universal computing device.Page acquisition device 130
Assembly can include but is not limited to:At least one processing unit 1301 above-mentioned, at least one memory element 1302 above-mentioned, connection are not
The bus 1303 of homologous ray assembly (including processing unit 1301 and memory element 1302).
Bus 1303 represents one or more of a few class bus structures, controls including memory bus or memorizer
Device, peripheral bus, processor or using the arbitrarily bus-structured local bus in multiple bus structures.
Memory element 1302 can include the computer-readable recording medium of form of volatile memory, such as random access memory
(RAM) 13021 and/or cache memory 13022, can further include read only memory (ROM) 13023.
Memory element 1302 can also include the program/utility with one group of (at least one) program module 13024
13025, such program module 13024 includes but is not limited to:Operating system, one or more application program, other program
The realization of network environment is potentially included in module and routine data, each of these examples or certain combination.
Page acquisition device 130 can also be led to one or more external equipments 1304 (such as keyboard, sensing equipment etc.)
Letter, also can enable a user to, with one or more, the equipment communication that interact with page acquisition device 130, and/or with make this
Any equipment (such as router, modulatedemodulate that page acquisition device 130 can be communicated with one or more of the other computing device
Adjust device etc.) communication.This communication can be carried out by input/output (I/O) interface 1305.And, page acquisition device 130
Can also be by network adapter 1306 and one or more network (such as LAN (LAN), wide area network (WAN) and/or public affairs
Common network network, such as the Internet) communication.As shown in figure 13, network adapter 1306 is passed through bus 1303 and is obtained dress for the page
Put 130 other module communications.It will be appreciated that though in figure is not shown, can be in conjunction with page acquisition device 130 using other hard
Part and/or software module, including but not limited to:Microcode, device driver, redundant processing unit, external disk drive array,
RAID system, tape drive and data backup storage system etc..
Exemplary process product
In some possible embodiments, the various aspects of the page acquisition methods that the present invention provides are also implemented as
A kind of form of program product, it includes program code, when described program product runs on a computing device, described program
Code be used for making described computer equipment execute described in this specification above-mentioned " illustrative methods " part according to base of the present invention
Step in the page acquisition methods of the various illustrative embodiments of user equipment side, for example, described computer equipment can
To execute step 201 as shown in Figure 2, intercept and pass protocol HTTP request, step for the hypertext obtaining specified page
202, specified encryption identification is added in described HTTP request, step 203, sends out adding the HTTP request specifying encryption identification
Give network side.
Said procedure product can adopt the combination in any of one or more computer-readable recording mediums.Computer-readable recording medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but not limited to electricity, magnetic, optical, electromagnetic, red
The system of outside line or quasiconductor, device or device, or arbitrarily above combination.The more specifically example of readable storage medium storing program for executing
(non exhaustive list) includes:There is the electrical connection of one or more wires, portable disc, hard disk, random access memory
(RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc
Read memorizer (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
As shown in figure 14, describe the program product 140 obtaining for the page according to the embodiment of the present invention, it can
With using portable compact disc read only memory (CD-ROM) and include program code it is possible to run on the terminal device.So
And, the program product not limited to this of the present invention, in this document, readable storage medium storing program for executing can be any comprising or storage program
Tangible medium, this program can be commanded execution system, device or device and use or in connection.
Readable signal medium can include the data signal in a base band or as carrier wave part propagation, wherein carries
Readable program code.The data signal of this propagation can take various forms, including but not limited to electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be beyond readable storage medium storing program for executing any can
Read medium, this computer-readable recording medium can send, propagate or transmit for by instruction execution system, device or device using or
Program in connection.
The program code comprising on computer-readable recording medium can be with any suitable medium transmission, including but not limited to
Wirelessly, wired, optical cable, RF etc., or above-mentioned any appropriate combination.
The program for executing present invention operation can be write with the combination in any of one or more programming language
Code, described program design language includes object oriented program language Java, C++ etc., also includes routine
Procedural programming language such as " C " language or similar programming language.Program code can be fully in user
Execute in computing device, partly execute on a user device, execute as an independent software kit, partly calculating in user
Its upper side is divided execution on a remote computing or is executed in remote computing device or server completely.It is being related to far
In the situation of journey computing device, remote computing device can include LAN (LAN) or wide by the network of any kind
Domain net (WAN) is connected to user's computing device, or it may be connected to external computing device (for example utilizes Internet service
Provider comes by Internet connection).
In other possible embodiments, the various aspects of the page acquisition methods that the present invention provides can also be realized
For a kind of form of program product, it includes program code, when described program product runs on a computing device, described journey
Sequence code be used for making described computer equipment execute described in this specification above-mentioned " illustrative methods " part according to the present invention
Step in the page acquisition methods of the various illustrative embodiments of network side, for example, described computer equipment can execute
Step 401 as shown in Figure 4, the HTTP request of the acquisition specified page that receive user equipment sends,
Step 402, judges whether comprise in described HTTP request to specify encryption identification, if it is, execution step 403, otherwise, executes step
Rapid 406, step 403, obtain and specify cipher mode, step 404 accordingly, the specified cipher mode according to described acquisition will be described
The corresponding page data of specified page is encrypted, step 405, the page data after described encryption is returned to described user and sets
Standby, step 406, corresponding for described specified page unencrypted page data is returned to described user equipment.
Said procedure product can adopt the combination in any of one or more computer-readable recording mediums.Computer-readable recording medium can be readable letter
Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example can be but not limited to electricity, magnetic, optical, electromagnetic, red
The system of outside line or quasiconductor, device or device, or arbitrarily above combination.The more specifically example of readable storage medium storing program for executing
(non exhaustive list) includes:There is the electrical connection of one or more wires, portable disc, hard disk, random access memory
(RAM), read only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc
Read memorizer (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
As shown in figure 15, describe the program product 150 obtaining for the page according to the embodiment of the present invention, it can
With using portable compact disc read only memory (CD-ROM) and include program code it is possible to run on the terminal device.So
And, the program product not limited to this of the present invention, in this document, readable storage medium storing program for executing can be any comprising or storage program
Tangible medium, this program can be commanded execution system, device or device and use or in connection.
Readable signal medium can include the data signal in a base band or as carrier wave part propagation, wherein carries
Readable program code.The data signal of this propagation can take various forms, including but not limited to electromagnetism letter
Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be beyond readable storage medium storing program for executing any can
Read medium, this computer-readable recording medium can send, propagate or transmit for by instruction execution system, device or device using or
Program in connection.
The program code comprising on computer-readable recording medium can be with any suitable medium transmission, including but not limited to
Wirelessly, wired, optical cable, RF etc., or above-mentioned any appropriate combination.
The program for executing present invention operation can be write with the combination in any of one or more programming language
Code, described program design language includes object oriented program language Java, C++ etc., also includes routine
Procedural programming language such as " C " language or similar programming language.Program code can be fully in user
Execute in computing device, partly execute on a user device, execute as an independent software kit, partly calculating in user
Its upper side is divided execution on a remote computing or is executed in remote computing device or server completely.It is being related to far
In the situation of journey computing device, remote computing device can include LAN (LAN) or wide by the network of any kind
Domain net (WAN) is connected to user's computing device, or it may be connected to external computing device (for example utilizes Internet service
Provider comes by Internet connection).
Although it should be noted that being referred to some modules of device in above-detailed, this division is only
Exemplary is not enforceable.In fact, according to the embodiment of the present invention, the spy of two or more modules above-described
Function of seeking peace can embody in a module.Conversely, the feature of an above-described module and function can be further
It is divided into be embodied by multiple modules.
Although additionally, describe the operation of the inventive method in the accompanying drawings with particular order, this do not require that or
Hint must according to this particular order execute these operation, or have to carry out all shown operation just enable desired
Result.Additionally or alternatively, it is convenient to omit some steps, multiple steps are merged into a step execution, and/or by one
Step is decomposed into execution of multiple steps.
Although describe spirit and principles of the present invention by reference to some specific embodiments it should be appreciated that, this
Invention is not limited to disclosed specific embodiment, and the division to each side does not mean that the feature in these aspects can not yet
Combination to be benefited, this divide merely to statement convenience.It is contemplated that cover claims spirit and
In the range of included various modifications and equivalent arrangements.
Claims (13)
1. a kind of page acquisition methods, including:
Intercept and pass protocol HTTP request for the hypertext obtaining specified page;
Specified encryption identification is added in described HTTP request;
It is sent to network side by adding the HTTP request specifying encryption identification.
2. method according to claim 1, also includes:
Intercept that described network side sends to specify the page data after cipher mode encryption, described page data is described specifying
The corresponding page data of the page;
According to the corresponding manner of decryption of described specified cipher mode, process is decrypted to the page data after described encryption;
Described specified page is generated according to the page data after decryption processing and shows, wherein said specified cipher mode is described
The corresponding cipher mode of specified encryption identification.
3. method according to claim 2, wherein, described page data includes the hypertext markup language of described specified page
Speech html data, described html data includes text data, JS chained address and resource data chained address.
4. method according to claim 3, wherein, according to the corresponding manner of decryption of described specified cipher mode, to described
Page data after encryption is decrypted process, including:
According to the corresponding manner of decryption of described specified cipher mode, the page data after described encryption is decrypted, obtains institute
State the html data after the deciphering of specified page;
According to the JS chained address in described html data, from described network side obtain described JS chained address corresponding according to
JS data after described specified cipher mode encryption;
According to the corresponding manner of decryption of described specified cipher mode, to described encrypt according to described specified cipher mode after JS
Data is decrypted, and obtains the JS data of described specified page;And,
According to the resource data chained address in described html data, obtain described resource data chained address from described network side
Corresponding resource data.
5. method according to claim 4, also includes:
Intercept that described network side sends to specify the loading resource white list after cipher mode encryption;
According to the corresponding manner of decryption of described specified cipher mode, place is decrypted to the loading resource white list after described encryption
Reason, described loading resource white list includes the chained address of trust in described specified page.
6. method according to claim 5, wherein, according to the resource data chained address in described html data, from institute
State network side and obtain the corresponding resource data in described resource data chained address, including:
Determine described resource data chained address be described load resource white list in resource data chained address when, from described
Server obtains the corresponding resource data in described resource data chained address.
7., according to the arbitrary described method of claim 1-6, wherein, specified encryption identification is added in described HTTP request,
Including:
Specified encryption identification is added to the head of described HTTP request.
8. a kind of page acquisition methods, including:
The HTTP request of the acquisition specified page that receive user equipment sends;
Determine comprise in described HTTP request specify encryption identification when, obtain accordingly specify cipher mode;
Corresponding for described specified page page data is encrypted by the specified cipher mode according to described acquisition;
Page data after described encryption is returned to described user equipment.
9. method according to claim 8, wherein, determines in the following way and comprises in described HTTP request to specify encryption
Mark:
Whether the specific field judging the head of described HTTP request is preset value;
Comprise in described HTTP request to specify encryption identification if it is, determining.
10. method according to claim 8, also includes:
Obtain from the head of the http response message for described HTTP request and load resource white list;
Specified cipher mode according to described acquisition is encrypted to loading resource white list;
Loading resource white list after described encryption is returned to described user equipment.
11. methods according to claim 8, wherein, the page data after described encryption are returned to described user equipment,
Including:
Determine the specified cipher mode corresponding JS chained address of described acquisition, wherein, the corresponding JS number in described JS chained address
According to for described specified page corresponding JS data, and this JS data carry out according to the specified cipher mode of described acquisition in advance plus
Close;
The specified cipher mode corresponding JS chained address obtaining is placed in the HTLM data of described specified page;
Return to described user after the HTLM data of described specified page is encrypted according to the specified cipher mode of described acquisition to set
Standby;Wherein, for arbitrary JS data, using the described arbitrary JS data corresponding JS chain ground connection after different cipher mode encryptions
Location is different, arbitrary JS data described in unencrypted and the described arbitrary JS number after being encrypted according to each cipher mode in advance
According to being stored in advance in backup server.
A kind of 12. page acquisition device, including:
Interception module, passes protocol HTTP request for intercepting for the hypertext obtaining specified page;
Add module, for being added to specified encryption identification in described HTTP request;
Sending module, for being sent to network side by adding the HTTP request specifying encryption identification.
A kind of 13. page acquisition device, including:
Receiver module, the HTTP request of the acquisition specified page sending for receive user equipment;
Acquisition module, when comprising to specify encryption identification in described HTTP request for determining, obtains and specifies cipher mode accordingly;
Corresponding for described specified page page data is carried out adding by encrypting module for the specified cipher mode according to described acquisition
Close;
Sending module, for returning to described user equipment by the page data after described encryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610808523.8A CN106412024B (en) | 2016-09-07 | 2016-09-07 | A kind of page acquisition methods and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610808523.8A CN106412024B (en) | 2016-09-07 | 2016-09-07 | A kind of page acquisition methods and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106412024A true CN106412024A (en) | 2017-02-15 |
| CN106412024B CN106412024B (en) | 2019-10-15 |
Family
ID=57998920
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610808523.8A Active CN106412024B (en) | 2016-09-07 | 2016-09-07 | A kind of page acquisition methods and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106412024B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108038233A (en) * | 2017-12-26 | 2018-05-15 | 福建中金在线信息科技有限公司 | A kind of method, apparatus, electronic equipment and storage medium for gathering article |
| CN108683665A (en) * | 2018-05-15 | 2018-10-19 | 国家电网公司 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
| CN108737196A (en) * | 2018-06-15 | 2018-11-02 | 深圳市西迪特科技有限公司 | The method for managing PON equipment |
| CN109067739A (en) * | 2018-07-27 | 2018-12-21 | 平安科技(深圳)有限公司 | Encryption of communicated data method and apparatus |
| CN109711187A (en) * | 2018-11-29 | 2019-05-03 | 北京字节跳动网络技术有限公司 | Page processing method, device, computer readable storage medium and electronic equipment |
| CN110351262A (en) * | 2019-06-28 | 2019-10-18 | 北京你财富计算机科技有限公司 | A kind of data interactive method, device, electronic equipment |
| CN110516467A (en) * | 2019-07-16 | 2019-11-29 | 上海数据交易中心有限公司 | Data circulation method and device, storage medium, terminal |
| WO2020019477A1 (en) * | 2018-07-27 | 2020-01-30 | 平安科技(深圳)有限公司 | Communication data encryption method and apparatus |
| CN111222130A (en) * | 2018-11-27 | 2020-06-02 | 钉钉控股(开曼)有限公司 | Page response method, page request method and device |
| CN111639275A (en) * | 2019-03-01 | 2020-09-08 | 阿里巴巴集团控股有限公司 | Routing information processing method and device, electronic equipment and computer storage medium |
| CN112887336A (en) * | 2018-05-04 | 2021-06-01 | 广东电网有限责任公司 | Communication safety protection method and device |
| CN113922980A (en) * | 2021-08-23 | 2022-01-11 | 北京天融信网络安全技术有限公司 | DNS monitoring method, equipment and storage medium based on HTTP detection information |
| CN114928466A (en) * | 2022-03-31 | 2022-08-19 | 成都鲁易科技有限公司 | Method and device for automatically identifying encrypted data, storage medium and computer equipment |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222322A (en) * | 2008-01-24 | 2008-07-16 | 中兴通讯股份有限公司 | Safety ability negotiation method in super mobile broadband system |
| CN102355657A (en) * | 2011-06-28 | 2012-02-15 | 成都市华为赛门铁克科技有限公司 | Service access control method, device and system |
| CN102591877A (en) * | 2011-01-14 | 2012-07-18 | 深圳市同洲电子股份有限公司 | Webpage resource request method for embedded browser and browsing device |
| CN102955847A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | System for loading website data on browser format page |
| CN102984275A (en) * | 2012-12-14 | 2013-03-20 | 北京奇虎科技有限公司 | Method and browser for web downloading |
| CN104243522A (en) * | 2013-06-19 | 2014-12-24 | 华为技术有限公司 | Method for hypertext transfer protocol (HTTP) network and broadband network gateway (BNG) |
-
2016
- 2016-09-07 CN CN201610808523.8A patent/CN106412024B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101222322A (en) * | 2008-01-24 | 2008-07-16 | 中兴通讯股份有限公司 | Safety ability negotiation method in super mobile broadband system |
| CN102591877A (en) * | 2011-01-14 | 2012-07-18 | 深圳市同洲电子股份有限公司 | Webpage resource request method for embedded browser and browsing device |
| CN102355657A (en) * | 2011-06-28 | 2012-02-15 | 成都市华为赛门铁克科技有限公司 | Service access control method, device and system |
| CN102955847A (en) * | 2012-10-25 | 2013-03-06 | 北京奇虎科技有限公司 | System for loading website data on browser format page |
| CN102984275A (en) * | 2012-12-14 | 2013-03-20 | 北京奇虎科技有限公司 | Method and browser for web downloading |
| CN104243522A (en) * | 2013-06-19 | 2014-12-24 | 华为技术有限公司 | Method for hypertext transfer protocol (HTTP) network and broadband network gateway (BNG) |
Non-Patent Citations (2)
| Title |
|---|
| 月光博客: ""HTTP使用RSA公钥加密算法加密明文", 《HTTP使用RSA公钥加密算法加密明文,WWW.WILLIAMLONG.INFO/SRCHIVES/4346.HTML》 * |
| 月光博客: "HTTP使用RSA公钥加密算法加密明文", 《HTTP使用RSA公钥加密算法加密明文,WWW.WILLIAMLONG.INFO/SRCHIVES/4346.HTML》 * |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108038233A (en) * | 2017-12-26 | 2018-05-15 | 福建中金在线信息科技有限公司 | A kind of method, apparatus, electronic equipment and storage medium for gathering article |
| CN112887336B (en) * | 2018-05-04 | 2023-05-05 | 广东电网有限责任公司 | Communication safety protection method and device |
| CN112887336A (en) * | 2018-05-04 | 2021-06-01 | 广东电网有限责任公司 | Communication safety protection method and device |
| CN108683665A (en) * | 2018-05-15 | 2018-10-19 | 国家电网公司 | Data ciphering method, system in fiber optic communication and data transmitting equipment |
| CN108737196B (en) * | 2018-06-15 | 2021-04-06 | 无锡雷华网络技术有限公司 | Method for managing PON equipment |
| CN108737196A (en) * | 2018-06-15 | 2018-11-02 | 深圳市西迪特科技有限公司 | The method for managing PON equipment |
| CN109067739A (en) * | 2018-07-27 | 2018-12-21 | 平安科技(深圳)有限公司 | Encryption of communicated data method and apparatus |
| CN109067739B (en) * | 2018-07-27 | 2021-10-08 | 平安科技(深圳)有限公司 | Communication data encryption method and device |
| WO2020019477A1 (en) * | 2018-07-27 | 2020-01-30 | 平安科技(深圳)有限公司 | Communication data encryption method and apparatus |
| CN111222130B (en) * | 2018-11-27 | 2023-10-03 | 钉钉控股(开曼)有限公司 | Page response method, page request method and page request device |
| CN111222130A (en) * | 2018-11-27 | 2020-06-02 | 钉钉控股(开曼)有限公司 | Page response method, page request method and device |
| CN109711187B (en) * | 2018-11-29 | 2020-01-24 | 北京字节跳动网络技术有限公司 | Page processing method and device, computer readable storage medium and electronic equipment |
| CN109711187A (en) * | 2018-11-29 | 2019-05-03 | 北京字节跳动网络技术有限公司 | Page processing method, device, computer readable storage medium and electronic equipment |
| CN111639275A (en) * | 2019-03-01 | 2020-09-08 | 阿里巴巴集团控股有限公司 | Routing information processing method and device, electronic equipment and computer storage medium |
| CN111639275B (en) * | 2019-03-01 | 2023-04-25 | 阿里巴巴集团控股有限公司 | Routing information processing method, device, electronic equipment and computer storage medium |
| CN110351262A (en) * | 2019-06-28 | 2019-10-18 | 北京你财富计算机科技有限公司 | A kind of data interactive method, device, electronic equipment |
| CN110351262B (en) * | 2019-06-28 | 2021-12-14 | 北京你财富计算机科技有限公司 | Data interaction method and device and electronic equipment |
| CN110516467B (en) * | 2019-07-16 | 2021-09-24 | 上海数据交易中心有限公司 | Data distribution method and device, storage medium and terminal |
| CN110516467A (en) * | 2019-07-16 | 2019-11-29 | 上海数据交易中心有限公司 | Data circulation method and device, storage medium, terminal |
| CN113922980A (en) * | 2021-08-23 | 2022-01-11 | 北京天融信网络安全技术有限公司 | DNS monitoring method, equipment and storage medium based on HTTP detection information |
| CN114928466A (en) * | 2022-03-31 | 2022-08-19 | 成都鲁易科技有限公司 | Method and device for automatically identifying encrypted data, storage medium and computer equipment |
| CN114928466B (en) * | 2022-03-31 | 2023-11-07 | 成都鲁易科技有限公司 | Automatic identification method and device for encrypted data, storage medium and computer equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106412024B (en) | 2019-10-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106412024A (en) | Page acquisition method and device | |
| CN106713320B (en) | Terminal data transmission method and device | |
| US10069809B2 (en) | System and method for secure transmission of web pages using encryption of their content | |
| CN102291387B (en) | The network traffic interception of encryption and inspection | |
| CN108600251B (en) | Mobile device management and security | |
| US9197420B2 (en) | Using information in a digital certificate to authenticate a network of a wireless access point | |
| US9246947B2 (en) | Method and apparatus for protecting access to corporate applications from a mobile device | |
| US20130263233A1 (en) | Data access and control | |
| CN109672523A (en) | Information ciphering method, device, equipment and readable storage medium storing program for executing based on filter | |
| CN114500054B (en) | Service access method, service access device, electronic device, and storage medium | |
| CN109861973A (en) | Information transferring method, device, electronic equipment and computer-readable medium | |
| CN109818910A (en) | A kind of data transmission method, device and medium | |
| JP4979210B2 (en) | Login information management apparatus and method | |
| JP2010072916A (en) | Data protection system and data protection method | |
| WO2021088659A1 (en) | Electronic signature loading method and device | |
| CN113141365A (en) | Distributed micro-service data transmission method, device, system and electronic equipment | |
| CN104579657A (en) | Method and device for identity authentication | |
| CN111246407B (en) | Data encryption and decryption method and device for short message transmission | |
| CN112308236A (en) | Method, device, electronic equipment and storage medium for processing user request | |
| US11886602B2 (en) | Secure link sharing | |
| CN113422768A (en) | Application access method and device in zero trust and computing equipment | |
| Huang et al. | Private editing using untrusted cloud services | |
| US8640189B1 (en) | Communicating results of validation services | |
| CN112511565B (en) | Request response method and device, computer readable storage medium and electronic equipment | |
| CN111181831B (en) | Communication data processing method and device, storage medium and electronic device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20191105 Address after: 310012 G building, 10 floor, A building, Paradise Software Park, 3 West Road, Hangzhou, Xihu District, Zhejiang Patentee after: Alibaba (China) Co., Ltd. Address before: Hangzhou City, Zhejiang province 310051 Binjiang District River Street No. 1786 Jianghan Road Longsheng Building Room 803 Patentee before: Netease Koala (Hangzhou) Technology Co., Ltd. |
|
| TR01 | Transfer of patent right |