Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
In order to solve the problem of fingerprint characteristic information leakage in the page verification process, the embodiment of the invention provides a page verification method, which relates to a terminal and a site server. The terminal needs to have at least a fingerprint acquisition function and a network communication function, where the network communication function includes but is not limited to a communication function implemented based on GSM, 3G, 4G, LTE, etc. networks, or a broadband communication function based on wired or wireless forms; the site server is a deployed website server on the website side, is at least integrated with or independently connected with a website database, and is in a form including but not limited to a physical machine or a virtual machine. In practical applications, the terminal and the site server may communicate directly, or communicate with each other via a relay server.
Embodiments of the present invention will be described below with reference to the accompanying drawings. As shown in fig. 1, the method for page verification provided by the present invention includes:
101. and after the page returned by the site server is obtained, the terminal searches the verification tag in the source code of the page.
When a user logs in an account, downloads resources or carries out online payment, the site server returns a verification page to the terminal, and the page is used for prompting the user to scan fingerprints to carry out identity verification. When the terminal receives the page returned by the site server, a preset verification tag can be searched in the source code of the terminal, and the verification tag is used for identifying the current page as a verification page. When the verification tag is found in the source code, the terminal determines that the current page is a verification page and continues to execute the subsequent steps; otherwise, the terminal determines that the current page is a common webpage, renders and displays the current page according to the prior implementation, and finishes executing the subsequent steps in the figure 1.
102. And if the verification label is found, calling a fingerprint verification interface to perform fingerprint verification to obtain a fingerprint verification result.
The terminal calls a pre-configured fingerprint verification interface to inform a fingerprint acquisition module in the terminal to perform fingerprint verification. After the fingerprint characteristic information pressed by the user is collected by the fingerprint collecting module, the fingerprint characteristic information is compared with standard fingerprint characteristic information (namely authorized fingerprint characteristic information set in the user initialization stage) prestored in the terminal, if the fingerprint characteristic information and the authorized fingerprint characteristic information are consistent or the error does not exceed a preset range, the fingerprint verification is successful, otherwise the fingerprint verification fails. And after finishing the fingerprint verification, the terminal acquires a fingerprint verification result returned by the fingerprint acquisition module.
In this embodiment, the fingerprint verification result is flag information for marking whether the fingerprint verification is successful, for example, the fingerprint verification result may be a flag bit, where the flag bit indicates that the verification is successful when the flag bit is 1, and indicates that the verification is failed when the flag bit is 0; or the flag bit indicates that the verification is successful when the flag bit is True and indicates that the verification fails when the flag bit is False. Of course, in practical applications, other information in the form of two classifications may also be used as the flag bit, and the present embodiment does not specifically limit the content, data type, data length, and the like of the fingerprint verification result.
103. And sending the fingerprint verification result to the site server.
After obtaining the fingerprint verification result, the terminal transmits the result to the site server. Different from the prior art, the terminal sends a result with the mark information to the site server, and does not contain specific fingerprint characteristic information, so that the leakage of the fingerprint characteristic information in the data transmission process can be effectively prevented. Meanwhile, the website server side cannot acquire or store the fingerprint characteristic information, so that a hacker cannot acquire the fingerprint characteristic information of the user even if the hacker attacks or hangs a horse on the website.
104. And the site server returns page information of successful verification or failed verification according to the fingerprint verification result.
When the fingerprint verification result shows that the fingerprint verification is successful, the site server can return the account page after the login is successful, or a download page of the downloaded resource, or a transaction page to the terminal. When the fingerprint verification result shows that the fingerprint verification fails, the site server can return a page prompting that the verification fails or requiring re-verification to the terminal, or cancel any response to the terminal.
Generally, a browser is used to request, load, render, and display a web page, and the present embodiment mainly relates to a fingerprint verification process based on a web page, so that in the present embodiment, a terminal may implement the flow shown in fig. 1 through a browser. It should be clear that this implementation does not exclude other feasible solutions, and in practical applications, for a non-native application, when it can load a WEB page and has a page verification function, the terminal may also implement the flow shown in fig. 1 through the application.
The page verification method provided by the embodiment of the invention can be used for completing the fingerprint acquisition and matching verification process based on the local fingerprint verification interface by the terminal and sending the fingerprint verification result of whether the fingerprint is successfully matched to the site server. In the embodiment of the invention, the fingerprint verification result is only one flag bit information used for marking whether the fingerprint verification is successful, and no fingerprint characteristic information is involved, so that compared with the prior art, the problem of data leakage in the transmission and storage processes can be effectively solved, and the safety of personal information of a user is ensured.
Further, as a supplement to the flow shown in fig. 1, an embodiment of the present invention further provides a method for page verification, where as shown in fig. 2, the method includes:
201. the terminal initiates a page access request to the site server.
For example, when a user needs to log in an account, the terminal requests an account login page from the site server, or when the user clicks to download a certain resource, the terminal requests a download page of the resource from the site server.
202. And the site server returns a verification page to the terminal.
And the site server judges whether page authentication is needed according to the page type requested by the terminal, and returns a verification page to the terminal if the page authentication is needed. Illustratively, the page may contain teletext information prompting the user for fingerprint verification.
Furthermore, considering that the relationship between the site server and the terminal is often "one-to-many", in order to facilitate the site server to distinguish the authentication processes of different terminals, the site server may also allocate a session identifier to the terminal when returning the authentication page to the terminal. Each session identifier is unique and is used to identify a session procedure (e.g., an authentication procedure) of a terminal. In particular, for the case that the terminal has already obtained the session identifier during the history access, the terminal may also send the stored identifier to the site server in step 201. For such a case, the site server may no longer separately allocate the session identifier to the terminal in this step.
In practical applications, the session identifier may be, but is not limited to, a Cookie, a session number, or a Token.
203. And the terminal scans the source code of the received page and searches for the verification tag.
As described above, when receiving a page returned by a site server, a terminal does not know whether the page is a verification page, and needs to scan a source code of the page to search for a preset verification tag.
In one implementation manner of this embodiment, the verification tag is "< fp > </p >", and when the tag is found in the source code, the terminal determines that the page is a verification page. For example, in the following section of source code:
<body>
< p > Web Page content >
<fp>fingerprint</fp>
</body>
"< fp > </p >" is a verification tag, wherein "finger print" is a tag name, and in practical application, the tag name can be replaced by any other characters.
204. And if the verification tag is found, calling a fingerprint verification interface to perform fingerprint verification.
In practical applications, fingerprint verification interfaces called by different operating systems are different. For example, for the IOS system, fingerprint verification may be performed by calling the [ context. evaluateLipacy (LAPolicy. device Owner authentication Withbiometrics, localizedReason: reassoString, reply { (success: Bool, evapolicyeerror: NSError; for the Android system, FingerprintManager class and authentication () methods can be called for fingerprint verification. The embodiment does not limit the name, number, sequence and kind of the calling interface.
205. And the terminal sends the obtained fingerprint verification result and the session identification to the site server.
In this step, the fingerprint verification result is the flag bits of True and False, True indicating that verification is successful, and False indicating that verification is failed. When the fingerprint verification result is sent, the terminal at least needs to send the session identifier allocated before to the site server, so that the site server can conveniently identify which session the fingerprint verification result corresponds to.
In addition, the terminal can further carry a device identifier of the terminal, so that the site server can identify the terminal. In practical applications, the device identifier may be, but is not limited to: the Mobile device includes a Mobile Equipment International Identity (IMEI), a MAC address, and a SIM card number.
206. And the site server returns page information of successful verification or failed verification according to the fingerprint verification result.
Further, as an addition to the method shown in fig. 1 or fig. 2, an embodiment of the present invention further provides a method for page verification. The method is characterized in that a first-level transfer server cluster is additionally arranged between a terminal and a site server and is used for forwarding information generated in the verification process. And moreover, the verification and cheating of an illegal device simulating a user terminal are effectively avoided through an IP address credible mechanism. Specifically, as shown in fig. 3, the method includes:
301. the terminal requests domain name resolution from the DNS server to obtain the IP address of the site server.
When a user needs to log in a certain website, the terminal acquires a domain name selected or input by the user, and sends the domain name to the DNS server for resolution to acquire the IP address of the site server.
302. And the terminal sends a page access request to the site server according to the obtained IP address.
303. And the site server returns the page content and the session identifier to the terminal.
The page is a verification page, and a verification tag is recorded in the source code of the page.
304. And the terminal analyzes the page source code, searches for the verification tag and calls a fingerprint verification interface to perform fingerprint verification.
305. And the terminal encrypts and sends the obtained fingerprint verification result, the session identifier and the uniform resource locator of the site to the transit server cluster.
In this step, the purpose of sending a Uniform Resource Locator (URL) of the site is to enable the transit server cluster to know the site corresponding to the verification process, so as to send the fingerprint verification result to the corresponding site server.
In this embodiment, to ensure the security of communication between the terminal and the transit server, the terminal may encrypt and send the fingerprint verification result, the session identifier, and the uniform resource locator of the site to the transit server. In practical application, the terminal may encrypt the information by using a combination of a symmetric key and an asymmetric key, that is, on the basis of encrypting by using the symmetric key, the terminal further encrypts by using the asymmetric key.
306. And the transfer server cluster sends the fingerprint verification result and the session identifier to the site server according to the uniform resource locator.
307. And the site server judges whether the source IP address sending the fingerprint verification result is recorded in a preset credible IP address list.
In this embodiment, what the terminal uploads to the site server is not fingerprint feature information of the user any longer, but is a binary flag bit, and a hacker can easily forge a flag bit (e.g., True) that is successfully verified and send the flag bit to the site server on the basis of obtaining the user account and the session identifier, thereby cheating in logging in the user account.
In order to prevent this, an IP address trusted mechanism may be further designed in this embodiment, and the site server side may maintain a trusted IP address list, where the list is stored in a database of the site server side and is used to record IP addresses of all relay servers in the relay server cluster. After receiving the fingerprint verification result and the session identifier, the site server queries whether the source IP address sending the information is in the trusted IP address list, and if the query result is yes, the information is sent by an authorized transfer server, and the site server performs step 308; if the query result is no, it indicates that the information is sent by an unknown device, and the information may be suspected of being forged, and the site server performs step 309 to discard the information.
308. And the site server returns page information of successful verification or failed verification according to the fingerprint verification result.
309. And the site server discards the fingerprint verification result and ends the verification process.
Further, considering that a hacker may obtain an IP address of the transit server through a ping packet test or the like, and simulate the transit server to send a fake fingerprint verification result to the site server based on the IP address, two solutions are provided in a modification of the embodiment:
mode one, multi-level transit server forwarding
In this mode, a network architecture of a relay server cluster is adopted, the relay server cluster is composed of a plurality of relay servers, and the IP addresses of the relay servers are different from each other. The terminal sends the fingerprint verification result to a first transit server in the transit server cluster, the first transit server forwards the fingerprint verification result to a second transit server based on a load balancing strategy, and the second transit server sends the fingerprint verification result to the site server.
In this manner, the IP address of the first relay server is not recorded in the trusted IP list on the site server side. Although the hacker can simulate the IP address of the terminal Ping to the first transit server, because the first transit server and the second transit server use different IP addresses and the hacker cannot break through the gateway of the transit server cluster to obtain the IP address of the second transit server, the method can effectively prevent the hacker from simulating a trusted IP address to send a forged fingerprint verification result to the site server.
For the load balancing strategy, the method provides two load balancing implementation modes:
1. allocation based on real-time terminal load number
When a terminal sends a fingerprint verification result to the first transit server, the first transit server inquires the current terminal load quantity of all the second transit servers, and distributes the fingerprint verification result of the terminal to the second transit server with the minimum current terminal load quantity for forwarding.
2. Allocation based on session identification
And when receiving the fingerprint verification result, the first transit server performs Hash (Hush) calculation on the corresponding session identifier, and distributes the fingerprint verification result to the corresponding second transit server through a Hash load balancing algorithm.
Second, the transfer server encrypts the fingerprint verification result
In this way, the terminal sends the fingerprint verification result to a third transit server in the transit server cluster, and the third transit server encrypts the fingerprint verification result and then sends the fingerprint verification result to the site server. And the site server decrypts the received information to obtain a fingerprint verification result.
In practical application, the third transit server may encrypt the fingerprint verification result by using a combination of a symmetric key and an asymmetric key, that is, on the basis of encrypting by using the symmetric key, further encrypt by using the asymmetric key. Since a hacker cannot obtain a private key agreed by the transit server and the site server in advance, the site server cannot successfully decrypt a forged fingerprint authentication result when the forged fingerprint authentication result is encrypted using another key, thereby preventing the hacker from spoofing the site server using the forged fingerprint authentication result.
Through the scheme, the hacker can be prevented from simulating the transit server to send the fake fingerprint verification result to the site server, and the security of fingerprint verification is effectively guaranteed.
Further, considering that although a hacker cannot obtain the IP address of the relay server, the hacker may attempt the IP address by means of brute force cracking, and the like, in another implementation manner of this embodiment, on the basis of combining the above scheme, the site server may further limit the number of times of discarding the result of the same session identifier, and if none of the IP addresses used by the same session identifier within the preset number of times is recorded in the trusted IP address, the site server terminates the authentication procedure of the session identifier, thereby preventing the hacker from attempting an unlimited IP address. Specifically, the method comprises the following steps:
the site server receives the fingerprint verification result and the corresponding session identifier, and when it is determined that the source IP address sending the information is not in the trusted IP address list, the site server performs step 309 to discard the fingerprint verification result, and then records the number of times of result discard corresponding to the session identifier, for example, increments a counter set corresponding to the session identifier by 1. And if the discarding times of the result corresponding to the session identifier exceeds a preset threshold, the site server terminates the fingerprint verification process and subsequently refuses to receive a new fingerprint verification result corresponding to the session identifier.
In practical applications, the preset threshold may be set according to a certain ratio according to the address segment range of the IP address, for example, for the address segments of 192.168.1.0 to 192.168.1.255, which relate to 256 IP addresses, the preset threshold may be set 64 times according to a ratio of 4 to 1. In addition, the preset threshold may also be manually set by the operation and maintenance personnel of the station according to experience, for example, 3 times, 10 times, and the like. In a scenario where the requirement for the security level standard is high, the preset threshold may be set to 1 time.
In an implementation manner of this embodiment, the transit server cluster may update the IP address of the transit server periodically or aperiodically through a Dynamic Host Configuration Protocol (DHCP), and synchronize the new IP address to the site server to update the trusted IP address list. Even if a hacker tries an IP address using different session identifiers, the time cost of the IP address try can be greatly increased and the possibility that the hacker cracks the IP address of the relay server is further reduced because the IP address of the relay server changes at intervals.
Further, as an implementation of the method shown in the above figures, an embodiment of the present invention further provides a device for page verification, where the device is mainly located at one side of the terminal, and may be located inside the terminal, or may be independent of the terminal but establish a data interaction relationship with the terminal. As shown in fig. 4, the apparatus includes: a lookup unit 41, an interface call unit 42, and a sending unit 43. Wherein the content of the first and second substances,
the searching unit 41 is configured to search the verification tag in the source code of the page after obtaining the page returned by the site server;
the interface calling unit 42 is configured to call the fingerprint verification interface to perform fingerprint verification when the verification tag is found, and obtain a fingerprint verification result, where the fingerprint verification result is flag information that indicates whether fingerprint verification is successful;
and a sending unit 43, configured to send the fingerprint verification result to the site server, so that the site server returns page information of successful verification or failed verification according to the fingerprint verification result.
Further, as shown in fig. 5, the transmitting unit 43 includes:
the first sending module 431 is configured to send the fingerprint verification result to a first transit server in a transit server cluster, so that the first transit server forwards the fingerprint verification result to a second transit server based on a load balancing policy, and the second transit server sends the fingerprint verification result to a site server, where the first transit server and the second transit server use different IP addresses.
Further, as shown in fig. 5, the transmitting unit 43 includes:
the second sending module 432 is configured to send the fingerprint verification result to a third transit server in the transit server cluster, so that the third transit server encrypts the fingerprint verification result, and sends the encrypted fingerprint verification result to the site server.
Further, as an implementation of the method shown in each of the above figures, an embodiment of the present invention further provides a page verification apparatus, where the apparatus is mainly located at one side of the site server, and may be located inside the site server, or may be independent of the site server but establish a data interaction relationship with the site server. As shown in fig. 6, the apparatus includes: a receiving unit 61 and an executing unit 62. Wherein the content of the first and second substances,
the receiving unit 61 is configured to receive a fingerprint verification result sent by the terminal after the terminal invokes the fingerprint verification interface to perform fingerprint verification, where the fingerprint verification result is flag information for marking whether fingerprint verification is successful;
and the execution unit 62 is configured to return page information of successful authentication or failed authentication to the terminal according to the fingerprint authentication result.
Further, as shown in fig. 7, the receiving unit 61 includes:
the first receiving module 611 is configured to receive a fingerprint verification result sent by a second transit server in the transit server cluster, where the fingerprint verification result is sent to the second transit server by a first transit server in the transit server cluster based on a load balancing policy, and the first transit server and the second transit server use different IP addresses.
Further, as shown in fig. 7, the receiving unit 61 includes:
the second receiving module 612 is configured to receive an encrypted fingerprint verification result sent by a third transit server in the transit server cluster.
Further, as shown in fig. 7, the apparatus further includes:
a determining unit 63, configured to determine, after receiving the fingerprint verification result, whether a source IP address that sends the fingerprint verification result is recorded in a preset trusted IP address list;
and the execution unit 62 is used for discarding the fingerprint verification result when the judgment result is negative.
Further, as shown in fig. 7, the apparatus further includes a recording unit 64;
the receiving unit 61 is further configured to receive a session identifier of the session;
a recording unit 64, configured to record a result discarding number corresponding to the session identifier after discarding the fingerprint verification result;
and the execution unit 62 is configured to terminate the fingerprint verification process when the result discarding number exceeds a preset threshold.
Further, as an implementation of the method shown in the above figures, an embodiment of the present invention further provides a device for page verification, where the device is mainly located at one side of the terminal, and may be located inside the terminal, or may be independent of the terminal but establish a data interaction relationship with the terminal. As shown in fig. 8, the apparatus includes: a transceiver 81, a processor 82, a memory 83, and a bus 84. Wherein the content of the first and second substances,
a transceiver 81 configured to obtain a page returned by the site server;
a processor 82 configured to:
searching a verification tag in a source code of a page;
when the verification tag is found, calling a fingerprint verification interface to perform fingerprint verification to obtain a fingerprint verification result, wherein the fingerprint verification result is mark information for marking whether the fingerprint verification is successful or not;
a transceiver 81 configured to transmit a fingerprint verification result to the site server, so that the site server returns page information of verification success or verification failure according to the fingerprint verification result;
a memory 83 configured to store executable instructions of the processor 82;
a bus 84 configured to couple the transceiver 81, the processor 82, and the memory 83.
Further, the transceiver 81 is configured to send the fingerprint verification result to a first transit server in the transit server cluster, so that the first transit server forwards the fingerprint verification result to a second transit server based on the load balancing policy, and sends the fingerprint verification result to the site server by the second transit server, where the first transit server and the second transit server use different IP addresses.
Further, the transceiver 81 is configured to send the fingerprint verification result to a third transit server in the transit server cluster, so that the third transit server encrypts the fingerprint verification result, and sends the encrypted fingerprint verification result to the site server.
Further, as an implementation of the method shown in each of the above figures, an embodiment of the present invention further provides a page verification apparatus, where the apparatus is mainly located at one side of the site server, and may be located inside the site server, or may be independent of the site server but establish a data interaction relationship with the site server. As shown in fig. 9, the apparatus includes: a transceiver 91, a processor 92, a memory 93, and a bus 94. Wherein the content of the first and second substances,
the transceiver 91 is configured to receive a fingerprint verification result sent by the terminal after the terminal calls the fingerprint verification interface to perform fingerprint verification, wherein the fingerprint verification result is flag information for marking whether fingerprint verification is successful;
the processor 92 is configured to return page information of successful verification or failed verification to the terminal according to the fingerprint verification result;
a memory 93 configured to store executable instructions of the processor 92;
a bus 94 configured to couple the transceiver 91, the processor 92, and the memory 93.
Further, the transceiver 91 is configured to receive a fingerprint verification result sent by a second transit server in the transit server cluster, where the fingerprint verification result is sent by a first transit server in the transit server cluster to the second transit server based on a load balancing policy, and the first transit server and the second transit server use different IP addresses.
Further, the transceiver 91 is configured to:
and receiving an encrypted fingerprint verification result sent by a third transit server in the transit server cluster.
Further, the processor 92 is configured to:
after receiving the fingerprint verification result, judging whether a source IP address sending the fingerprint verification result is recorded in a preset credible IP address list or not;
and when the judgment result is negative, discarding the fingerprint verification result.
Further, the transceiver 91 is configured to receive a session identifier of the current session;
the processor 92 is configured to:
after discarding the fingerprint verification result, recording the result discarding times corresponding to the session identifier;
and when the discarding times of the result exceeds a preset threshold, terminating the fingerprint verification process.
Further, an embodiment of the present invention further provides a system for page verification, where the system includes: a terminal and a site server; wherein the content of the first and second substances,
the terminal comprises the apparatus shown in fig. 4 or fig. 5;
the site server includes the apparatus shown in fig. 6 or fig. 7.
Further, an embodiment of the present invention further provides a system for page verification, where the system includes: a terminal and a site server; wherein the content of the first and second substances,
the terminal comprises the apparatus shown in fig. 8;
the site server includes the apparatus shown in fig. 9.
The device and the system for verifying the page provided by the embodiment of the invention can complete fingerprint acquisition and matching verification processes based on a local fingerprint verification interface by the terminal, and send a fingerprint verification result of whether the fingerprint is successfully matched to the site server. In the embodiment of the invention, the fingerprint verification result is only one flag bit information used for marking whether the fingerprint verification is successful, and no fingerprint characteristic information is involved, so that compared with the prior art, the problem of data leakage in the transmission and storage processes can be effectively solved, and the safety of personal information of a user is ensured.
In the foregoing embodiments, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
It will be appreciated that the relevant features of the method and apparatus described above are referred to one another. In addition, "first", "second", and the like in the above embodiments are for distinguishing the embodiments, and do not represent merits of the embodiments.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components in the title of the invention (e.g., means for determining the level of links within a web site) in accordance with embodiments of the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.