CN110061967A - Business datum providing method, device, equipment and computer readable storage medium - Google Patents
Business datum providing method, device, equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN110061967A CN110061967A CN201910198502.2A CN201910198502A CN110061967A CN 110061967 A CN110061967 A CN 110061967A CN 201910198502 A CN201910198502 A CN 201910198502A CN 110061967 A CN110061967 A CN 110061967A
- Authority
- CN
- China
- Prior art keywords
- business datum
- url request
- array
- encryption
- parameter
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to technical field of safety protection, a kind of business datum providing method, device, equipment and computer readable storage medium are provided, this method comprises: judging the URL request whether by certification user's triggering when operation system front end receiver to uniform resource position mark URL is requested;If so, extracting the clear text queries parameter in the URL request, and cryptographic calculation is carried out to the clear text queries parameter, obtains cryptogram search parameter;Clear text queries parameter in the URL request is replaced with into the cryptogram search parameter, obtains encryption URL request, and the encryption URL request is sent to business system server;The corresponding service data that the business system server is returned based on the encryption URL request are received, and export the business datum in the operation system front end.The present invention has ensured the safety of business datum.
Description
Technical field
The present invention relates to technical field of safety protection more particularly to a kind of business datum providing method, device, equipment and meters
Calculation machine readable storage medium storing program for executing.
Background technique
Inline system of the operation system as processing business, wherein circulation has a large amount of sensitive traffic data, operation system
Safety it is most important.However, some illegal users can be by forging URL (Uniform/Universal Resource
Locator, uniform resource locator) mode crawl business datum from operation system, cause business datum to be revealed.
Summary of the invention
The main purpose of the present invention is to provide a kind of business datum providing method, device, equipment and computer-readable deposit
Storage media, it is intended to ensure the safety of business datum.
To achieve the above object, the present invention provides a kind of business datum providing method, and the business datum providing method is answered
For operation system front controller, the business datum providing method the following steps are included:
When operation system front end receiver to uniform resource position mark URL is requested, judge the URL request whether by authenticating
User's triggering;
If so, extracting the clear text queries parameter in the URL request, and encryption fortune is carried out to the clear text queries parameter
It calculates, obtains cryptogram search parameter;
Clear text queries parameter in the URL request is replaced with into the cryptogram search parameter, obtains encryption URL request,
And the encryption URL request is sent to business system server;
The corresponding service data that the business system server is returned based on the encryption URL request are received, and described
Operation system front end exports the business datum.
Optionally, described the step of carrying out cryptographic calculation to the clear text queries parameter, obtaining cryptogram search parameter, includes:
By the clear text queries Parameter Switch at the array of preset length;
Each element in the array is encrypted by default symmetric encipherment algorithm, obtains encryption array;
The encryption array is encoded, coding array is obtained;
Each element in the coding array is traversed, determines the easy mixed element in the coding array, and according to default
Easy mixed element in the coding array is replaced with corresponding preset characters, obtains cryptogram search parameter by mapping relations.
Optionally, described that each element in the array is encrypted by default symmetric encipherment algorithm, added
The step of close array includes:
The source key of the default symmetric encipherment algorithm is pre-processed, key is obtained;
It is encrypted using each element in array described in the key pair, obtains encryption array.
Optionally, it is described judge the URL request whether by certification user triggering the step of after, further includes:
If it is not, then intercepting the URL request.
In addition, to achieve the above object, the present invention also provides a kind of business datum providing method, the business datum is provided
Method be applied to business system server, the business datum providing method the following steps are included:
When receiving the encryption URL request of operation system front controller transmission, the encryption URL request is solved
Close verifying;
When decryption verification passes through, obtains corresponding business datum and be back to the operation system front controller, so that
The operation system front controller exports the business datum in operation system front end.
Optionally, described the step of verifying is decrypted to the encryption URL request, includes:
Cryptogram search parameter is extracted from the encryption URL request;
The inverse operation of the cryptographic calculation is carried out to the cryptogram search parameter;
If the cryptogram search parameter is reduced to clear text queries parameter by the inverse operation, confirm that decryption verification is logical
It crosses.
Optionally, described the step of carrying out the inverse operation of the cryptographic calculation to the cryptogram search parameter, includes:
Each element in the cryptogram search parameter is traversed, finds out preset characters from the cryptogram search parameter,
And according to default mapping relations, the preset characters found out are replaced with into corresponding easy gibberish and are accorded with, array to be decoded is obtained;
The array to be decoded is decoded, decoding array is obtained;
Each element in the decoding array is decrypted by presetting symmetric encipherment algorithm, obtains decryption array;
The decryption array is reduced to clear text queries parameter.
In addition, to achieve the above object, the present invention also provides business datums to provide device, the business datum provides device
Include:
Judgment module, for judging the URL when operation system front end receiver to uniform resource position mark URL is requested
Whether request is by certification user's triggering;
Encrypting module, for if so, extract the clear text queries parameter in the URL request, and to the clear text queries
Parameter carries out cryptographic calculation, obtains cryptogram search parameter;
Replacement module is obtained for the clear text queries parameter in the URL request to be replaced with the cryptogram search parameter
URL request is encrypted, and the encryption URL request is sent to business system server;
Output module, the corresponding service returned for receiving the business system server based on the encryption URL request
Data, and the business datum is exported in the operation system front end.
In addition, to achieve the above object, the present invention also provides a kind of business datums to provide equipment, the business datum is provided
Equipment includes processor, memory and is stored on the memory and can be mentioned by the business datum that the processor executes
For program, wherein realizing such as above-mentioned business datum provider when business datum offer program is executed by the processor
The step of method.
In addition, to achieve the above object, it is described computer-readable the present invention also provides a kind of computer readable storage medium
It is stored with business datum on storage medium, program is provided, wherein being realized when business datum offer program is executed by processor
Such as the step of above-mentioned business datum providing method.
Business datum providing method proposed by the present invention, operation system front controller judge operation system front end first
The URL request received whether by certification user triggering, realize the first security protection again, if it is confirmed that the URL request be by
User's triggering is authenticated, then extracts the clear text queries parameter in the URL request, cryptographic calculation is carried out to the clear text queries parameter, is obtained
To cryptogram search parameter, the clear text queries parameter in the URL request is then replaced with into the cryptogram search parameter, is encrypted
The encryption URL request is sent to business system server later by URL request, so that business system server is based on the encryption
URL request returns to corresponding business datum, realizes the security protection of the second weight, in this way, can be to visit to possess operation system
It asks and provides business datum with the certification user of access right, and prevent the data of malice from crawling, ensured the safety of business datum.
Detailed description of the invention
Fig. 1 provides the hardware structural diagram of equipment for business datum involved in the embodiment of the present invention;
Fig. 2 is the flow diagram of business datum providing method first embodiment of the present invention;
Fig. 3 is the flow diagram of business datum providing method second embodiment of the present invention;
Fig. 4 provides the functional block diagram of device first embodiment for business datum of the present invention.
The embodiments will be further described with reference to the accompanying drawings for the realization, the function and the advantages of the object of the present invention.
Specific embodiment
It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.
The present embodiments relate to business datum providing method be mainly used in business datum provide equipment, the business number
It can be that personal computer (personal computer, PC), server etc. are having data processing function to be set according to equipment is provided
It is standby.
Referring to Fig.1, Fig. 1 provides the hardware configuration signal of equipment for business datum involved in the embodiment of the present invention
Figure.In the embodiment of the present invention, it may include (such as the central processing unit Central of processor 1001 that business datum, which provides equipment,
Processing Unit, CPU), communication bus 1002, user interface 1003, network interface 1004, memory 1005.Wherein,
Communication bus 1002 is for realizing the connection communication between these components;User interface 1003 may include display screen
(Display), input unit such as keyboard (Keyboard);Network interface 1004 optionally may include that the wired of standard connects
Mouth, wireless interface (such as Wireless Fidelity WIreless-FIdelity, WI-FI interface);Memory 1005 can be high speed and deposit at random
Access to memory (random access memory, RAM), is also possible to stable memory (non-volatile memory),
Such as magnetic disk storage, memory 1005 optionally can also be the storage device independently of aforementioned processor 1001.This field
Technical staff is appreciated that hardware configuration shown in Fig. 1 and does not constitute a limitation of the invention, and may include more than illustrating
Or less component, perhaps combine certain components or different component layouts.
With continued reference to Fig. 1, the memory 1005 in Fig. 1 as a kind of computer storage medium may include operating system,
Network communication module and business datum provide program.In Fig. 1, processor 1001, which can call, to be stored in memory 1005
Business datum provides program, and executes the business datum providing method of various embodiments of the present invention offer.
The embodiment of the invention provides a kind of business datum providing methods.
It is the flow diagram of business datum providing method first embodiment of the present invention referring to Fig. 2, Fig. 2.
In the present embodiment, the business datum providing method is applied to operation system front controller, the business datum
Providing method the following steps are included:
Step S10 judges that the URL request is when operation system front end receiver to uniform resource position mark URL is requested
It is no to be triggered by certification user;
Step S20, if so, extract the clear text queries parameter in the URL request, and to the clear text queries parameter into
Row cryptographic calculation obtains cryptogram search parameter;
Clear text queries parameter in the URL request is replaced with the cryptogram search parameter, is encrypted by step S30
URL request, and the encryption URL request is sent to business system server;
Step S40 receives the corresponding service data that the business system server is returned based on the encryption URL request,
And the business datum is exported in the operation system front end.
Inline system of the operation system as processing business, wherein circulation has a large amount of sensitive traffic data, operation system
Safety it is most important.However, some illegal users can crawl business datum from operation system by way of forging URL, lead
Cause business datum leakage.In this regard, the present embodiment provides a kind of business datum providing method, can be possess operation system access and
The user of access right provides business datum, and prevents the data of malice from crawling.
In the present embodiment, operation system specifically can be used for handling housing business, insurance business, financial business and
At least one of investment portfolio etc..Operation system includes front controller and server, and front controller is asked for handling URL
Summation is used for management business data in operation system front end outgoing traffic data, server.
It is each step realizing business datum in the present embodiment and providing below:
Step S10 judges that the URL request is when operation system front end receiver to uniform resource position mark URL is requested
It is no to be sent by certification user;
In the present embodiment, every kind of business datum in operation system has a unique URL (Uniform/
Universal Resource Locator, uniform resource locator), access operation system URL request include transportation protocol,
The component parts such as server (usually domain name is sometimes IP address), port numbers, path and query argument, shaped like " https: //
Www.admin5.com/article/details/56284237 ", wherein the plaintext number after the last one "/" character of end
What " 56284237 " referred to is exactly query argument.When operation system front end receiver is to URL request, front controller carries out first
One security protection again judges whether the URL request is to be triggered by authenticating user, and certification user refers to possessing operation system visit
Ask the user with access right.Specifically, certification user information database is pre-established in front controller, the certification user information
The information such as certification IP address and the User ID of certification user are stored in library.Front controller judges that operation system front end receiver arrives
URL request whether include: that will trigger the IP address and User ID of the URL request by the process of certification user's triggering, with certification
User information database is matched, if being matched to and being consistent with the IP address for triggering the URL request in certification user information database
Certification IP address, or be matched to the User ID that is consistent of User ID that triggers the URL request, then confirm that the URL request is
By certification user's triggering.
Step S20, if so, extract the clear text queries parameter in the URL request, and to the clear text queries parameter into
Row cryptographic calculation obtains cryptogram search parameter;
If front controller confirms that the URL request is triggered by authenticating user, the second security protection again, tool are carried out
Body, the query argument in URL request is extracted, cryptographic calculation then is carried out to the query argument, front controller is to extraction
Query argument carry out cryptographic calculation process it is as follows:
A, the query argument of number in plain text is converted into the byte array of preset length, which is regular length,
Occurrence is 8;
B, each element in byte array is encrypted by default symmetric encipherment algorithm, obtains encryption byte number
Group;
Wherein, which is that front controller is good with server commitment, is specifically as follows
Blowfish Encryption Algorithm, Blowfish Encryption Algorithm are the block encryption algorithms that Bruce Shi Naier was developed in 1993,
The one kind for belonging to symmetric cryptography encrypts each element in byte array using Blowfish Encryption Algorithm, and speed is non-
Often fast, in addition the key of Blowfish Encryption Algorithm encryption and the key of decryption are identical, and the result after encryption every time
It is different, encrypted data are also reversible.Using Blowfish Encryption Algorithm to each array member in query argument
The process that element is encrypted includes that key pretreatment and encryption specifically arbitrarily select a key, to BlowFish algorithm
Fixed source key-pbox and sbox is converted, and the key key_pbox and key_ of next step data encryption are obtained
Sbox later encrypts each element in byte array using key key_pbox and key_sbox, can be obtained and adds
Close byte array.
C, encryption byte array is encoded, obtains coding byte array;
Wherein, coding mode is preset base64 in front controller, and Base64 is to be used for transmission 8Bit byte
One of the coding mode of code, is a kind of method for indicating binary data based on 64 printable characters.
D, each element in traversal coding byte array determines easily mixed element, and according to easy gibberish symbol and preset characters
Between mapping relations, by encode byte array in it is easy mix element replace with preset characters, obtain character string ciphertext, for example,
Easy gibberish symbol "=" is substituted for underscore " _ ", obtained character string ciphertext is defined as cryptogram search parameter.For example, passing through
Above-mentioned processing, digital " 1 ", is encrypted as " jzr13FqdpLk ";Digital " 2 ", are encrypted as " 1QFpcUgueU4 ";Number
" 17 " are encrypted as " z_O0kIFslv0 ", it can be seen that the character obtained after encrypted operation, having no rule can follow, and be difficult
It imitates or forges.
Clear text queries parameter in the URL request is replaced with the cryptogram search parameter, is encrypted by step S30
URL request, and the encryption URL request is sent to business system server;
After obtaining cryptogram search parameter, the query argument in URL request is replaced with the cryptogram search by front controller
Parameter to get to encryption URL request.It is such to add since cryptogram search parameter is obtained by above-mentioned cryptographic calculation
Close URL request is difficult to be imitated or forge.Later, encryption URL request is sent to server.
Step S40 receives the corresponding service data that the business system server is returned based on the encryption URL request,
And the business datum is exported in the operation system front end.
Verifying is decrypted when receiving the encryption URL request, to the encryption URL request in server, that is, operation system
Server extracts the cryptogram search parameter in encryption URL request, then carries out the inverse of cryptographic calculation to the cryptogram search parameter
Operation, if cryptogram search parameter can be restored to the query argument for becoming number in plain text by inverse operation, server then confirms
Decryption verification passes through, and obtains corresponding business datum and is back to front controller, front controller is then defeated in operation system front end
The business datum out.If cryptogram search parameter can not restore by inverse operation, or reduction becomes a pile messy code, server
Then confirm that decryption verification does not pass through, then intercepts the malice URL request.
By the above-mentioned means, if operation system front end receiver is not the URL request for authenticating user, front controller meeting
It is intercepted, the first security protection again is realized;Even if the malicious requests for imitating encryption URL request format can be sent to clothes
Business device, since verifying can be decrypted to the URL request received in server, and malice URL request is not based on the present embodiment
In cryptographic calculation mode obtain, for the decryption verification of malice URL request can not be by the way that server can also intercept this
Malice URL request realizes the second security protection again, and by above-mentioned double security protection, business number has been reduced to a great extent
A possibility that according to being crawled, improves the safety of operation system, has ensured the safety of business datum.
The business datum providing method that the present embodiment proposes, before operation system front controller judges operation system first
The URL request received is terminated whether by certification user's triggering, the first security protection again is realized, if it is confirmed that the URL request is
By certification user's triggering, then the clear text queries parameter in the URL request is extracted, cryptographic calculation is carried out to the clear text queries parameter,
Cryptogram search parameter is obtained, the clear text queries parameter in the URL request is then replaced with into the cryptogram search parameter, is encrypted
The encryption URL request is sent to business system server later by URL request, so that business system server is based on the encryption
URL request returns to corresponding business datum, realizes the security protection of the second weight, in this way, can be to visit to possess operation system
It asks and provides business datum with the certification user of access right, and prevent the data of malice from crawling, ensured the safety of business datum.
Further, the second embodiment of business datum providing method of the present invention is proposed based on first embodiment.Business number
Difference according to the second embodiment and the first embodiment of business datum providing method of providing method is, referring to Fig. 3, this implementation
Example in business datum providing method be applied to business system server, the business datum providing method the following steps are included:
Step S50 asks the encryption URL when receiving the encryption URL request of operation system front controller transmission
It asks and verifying is decrypted;
In the present embodiment, business system server is when receiving the encryption URL request of front controller transmission, to this
Verifying is decrypted in encryption URL request, that is, business system server extracts the cryptogram search parameter in encryption URL request, right
The cryptogram search parameter carries out the inverse operation of cryptographic calculation, if can restore cryptogram search parameter becomes by inverse operation
The query argument of number in plain text, it is determined that decryption verification passes through.Business system server carries out encryption fortune to cryptogram search parameter
The process of the inverse operation of calculation is as follows:
E, each element in the cryptogram search parameter is traversed, finds out predetermined word from the cryptogram search parameter
Symbol, and according to the mapping relations between easy gibberish symbol and preset characters, the preset characters found out are replaced with corresponding easily mixed
Character, obtains byte array to be decoded, that is, determines the character being replaced in cryptogram search parameter, to the character being replaced into
Row reduction;
F, base64 decoding is carried out to byte array to be decoded, obtains decoding byte array;
G, using the blowfish symmetric encipherment algorithm appointed with front controller to each of decoding byte array
Element is decrypted, i.e., each element in decoding byte array is decrypted by key key_pbox and key_sbox,
It can obtain decryption byte array;
H, number in plain text is converted by decryption byte array;
By above-mentioned processing, if cryptogram search parameter can be restored to the query argument for becoming number in plain text, it is determined that
Decryption verification passes through.
Step S60 obtains corresponding business datum and is back to the operation system front-end control when decryption verification passes through
Device, so that the operation system front controller exports the business datum in operation system front end.
Business system server obtains corresponding business datum and is back to the control of operation system front end when decryption verification passes through
Device processed, operation system front controller then export the business datum in operation system front end.If by inverse operation, cryptogram search
Parameter can not restore, or reduction becomes a pile messy code, and server then confirms that decryption verification does not pass through, then intercepts malice URL
Request.
By the above-mentioned means, server can be sent to even if imitating the malicious requests of encryption URL request format, due to service
Verifying can be decrypted to the URL request received in device, and malice URL request is not based on the cryptographic calculation side in the present embodiment
What formula obtained, it can not be by the way that server can also intercept the malice URL request, such as the decryption verification of malice URL request
This, can provide business datum to possess the certification user of operation system access and access right, and can be based on cryptographic calculation
Malice URL request is intercepted with decryption verification, high degree reduces a possibility that business datum is crawled.
In addition, the embodiment of the present invention also provides a kind of business datum offer device.
The functional block diagram of device first embodiment is provided referring to Fig. 4, Fig. 4 for business datum of the present invention.
In the present embodiment, the business datum provides device and includes:
Judgment module 10 is used for when operation system front end receiver to uniform resource position mark URL is requested, described in judgement
Whether URL request is by certification user's triggering;
Encrypting module 20 for if so, extract the clear text queries parameter in the URL request, and is looked into the plaintext
It askes parameter and carries out cryptographic calculation, obtain cryptogram search parameter;
Replacement module 30 is obtained for the clear text queries parameter in the URL request to be replaced with the cryptogram search parameter
To encryption URL request, and the encryption URL request is sent to business system server;
Output module 40, the corresponding industry returned for receiving the business system server based on the encryption URL request
Business data, and the business datum is exported in the operation system front end.
Wherein, each virtual functions module that above-mentioned business datum provides device is stored in the offer of business datum shown in Fig. 1 and sets
In standby memory 1005, the institute for providing program for realizing business datum is functional;When each module is executed by processor 1001,
Multiple safety protection is realized, business datum can be provided to possess the certification user of operation system access and access right, and
It prevents the data of malice from crawling, has ensured the safety of business datum.
Further, the encrypting module 20 includes:
Converting unit, for the array by the clear text queries Parameter Switch at preset length;
Encryption unit is obtained for being encrypted by default symmetric encipherment algorithm to each element in the array
Encrypt array;
Coding unit obtains coding array for encoding to the encryption array;
Replacement unit determines the easy mixed member in the coding array for traversing each element in the coding array
Element, and according to default mapping relations, the easy mixed element in the coding array is replaced with into corresponding preset characters, obtains ciphertext
Query argument.
Further, the encryption unit includes:
Subelement is pre-processed, is pre-processed for the source key to the default symmetric encipherment algorithm, obtains key;
Encryption sub-unit operable obtains encryption number for being encrypted using each element in array described in the key pair
Group.
Further, the business datum provides device further include:
Blocking module, for if it is not, then intercepting the URL request.
Further, the business datum provides device further include:
Deciphering module, for receive operation system front controller transmission encryption URL request when, to the encryption
Verifying is decrypted in URL request;
Return module, for when decryption verification passes through, obtaining before corresponding business datum is back to the operation system
Side controller, so that the operation system front controller exports the business datum in operation system front end.
Further, the deciphering module includes:
Extraction unit, for extracting cryptogram search parameter from the encryption URL request;
Inverse operation unit, for carrying out the inverse operation of the cryptographic calculation to the cryptogram search parameter;
Confirmation unit, if for the cryptogram search parameter to be reduced to clear text queries parameter by the inverse operation,
Confirmation decryption verification passes through.
Further, the inverse operation unit includes:
Subelement is replaced, for traversing each element in the cryptogram search parameter, from the cryptogram search parameter
Preset characters are found out, and according to default mapping relations, the preset characters found out is replaced with into corresponding easy gibberish and are accorded with, are obtained
Array to be decoded;
Decoding subunit obtains decoding array for being decoded to the array to be decoded;
Subelement is decrypted, for solving by presetting symmetric encipherment algorithm to each element in the decoding array
It is close, obtain decryption array;
Also atomic unit, for the decryption array to be reduced to clear text queries parameter.
Wherein, the function that above-mentioned business datum provides modules in device is realized real with above-mentioned business datum providing method
It is corresponding to apply each step in example, function and realization process no longer repeat one by one here.
In addition, the embodiment of the present invention also provides a kind of computer readable storage medium.
It is stored with business datum on computer readable storage medium of the present invention, program is provided, wherein the business datum provides
When program is executed by processor, realize such as the step of above-mentioned business datum providing method.
Wherein, business datum offer program, which is performed realized method, can refer to business datum providing method of the present invention
Each embodiment, details are not described herein again.
It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row
His property includes, so that the process, method, article or the system that include a series of elements not only include those elements, and
And further include other elements that are not explicitly listed, or further include for this process, method, article or system institute it is intrinsic
Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do
There is also other identical elements in the process, method of element, article or system.
The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.
Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side
Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases
The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art
The part contributed out can be embodied in the form of software products, which is stored in one as described above
In storage medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that terminal device (it can be mobile phone,
Computer, server, air conditioner or network equipment etc.) execute method described in each embodiment of the present invention.
The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair
Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills
Art field, is included within the scope of the present invention.
Claims (10)
1. a kind of business datum providing method, which is characterized in that the business datum providing method is applied to operation system front end
Controller, the business datum providing method the following steps are included:
When operation system front end receiver to uniform resource position mark URL is requested, judge the URL request whether by authenticating user
Triggering;
If so, extracting the clear text queries parameter in the URL request, and cryptographic calculation is carried out to the clear text queries parameter,
Obtain cryptogram search parameter;
Clear text queries parameter in the URL request is replaced with into the cryptogram search parameter, obtains encryption URL request, and will
The encryption URL request is sent to business system server;
The corresponding service data that the business system server is returned based on the encryption URL request are received, and in the business
System front end exports the business datum.
2. business datum providing method as described in claim 1, which is characterized in that described to be carried out to the clear text queries parameter
Cryptographic calculation, the step of obtaining cryptogram search parameter include:
By the clear text queries Parameter Switch at the array of preset length;
Each element in the array is encrypted by default symmetric encipherment algorithm, obtains encryption array;
The encryption array is encoded, coding array is obtained;
Each element in the coding array is traversed, determines the easy mixed element in the coding array, and according to default mapping
Easy mixed element in the coding array is replaced with corresponding preset characters, obtains cryptogram search parameter by relationship.
3. business datum providing method as claimed in claim 2, which is characterized in that described by presetting symmetric encipherment algorithm pair
Each element in the array is encrypted, obtain encryption array the step of include:
The source key of the default symmetric encipherment algorithm is pre-processed, key is obtained;
It is encrypted using each element in array described in the key pair, obtains encryption array.
4. business datum providing method as described in claim 1, which is characterized in that it is described judge the URL request whether by
After the step of authenticating user's triggering, further includes:
If it is not, then intercepting the URL request.
5. a kind of business datum providing method, which is characterized in that the business datum providing method is applied to operation system service
Device, the business datum providing method the following steps are included:
When receiving the encryption URL request of operation system front controller transmission, the encryption URL request is decrypted and is tested
Card;
When decryption verification passes through, obtains corresponding business datum and be back to the operation system front controller, so that described
Operation system front controller exports the business datum in operation system front end.
6. business datum providing method as claimed in claim 5, which is characterized in that described to be carried out to the encryption URL request
The step of decryption verification includes:
Cryptogram search parameter is extracted from the encryption URL request;
The inverse operation of the cryptographic calculation is carried out to the cryptogram search parameter;
If the cryptogram search parameter is reduced to clear text queries parameter by the inverse operation, confirm that decryption verification passes through.
7. business datum providing method as claimed in claim 6, which is characterized in that described to be carried out to the cryptogram search parameter
The step of inverse operation of the cryptographic calculation includes:
Each element in the cryptogram search parameter is traversed, finds out preset characters from the cryptogram search parameter, and press
According to default mapping relations, the preset characters found out are replaced with into corresponding easy gibberish and are accorded with, array to be decoded is obtained;
The array to be decoded is decoded, decoding array is obtained;
Each element in the decoding array is decrypted by presetting symmetric encipherment algorithm, obtains decryption array;
The decryption array is reduced to clear text queries parameter.
8. a kind of business datum provides device, which is characterized in that the business datum provides device and includes:
Judgment module, for judging the URL request when operation system front end receiver to uniform resource position mark URL is requested
Whether by certification user's triggering;
Encrypting module, for if so, extract the clear text queries parameter in the URL request, and to the clear text queries parameter
Cryptographic calculation is carried out, cryptogram search parameter is obtained;
Replacement module is encrypted for the clear text queries parameter in the URL request to be replaced with the cryptogram search parameter
URL request, and the encryption URL request is sent to business system server;
Output module, the corresponding service data returned for receiving the business system server based on the encryption URL request,
And the business datum is exported in the operation system front end.
9. a kind of business datum provides equipment, which is characterized in that the business datum provide equipment include processor, memory,
And be stored on the memory and program can be provided by the business datum that the processor executes, wherein the business datum
When offer program is executed by the processor, realizing the business datum providing method as described in any one of claims 1 to 7
Step.
10. a kind of computer readable storage medium, which is characterized in that be stored with business number on the computer readable storage medium
According to program is provided, wherein realizing such as any one of claims 1 to 7 when business datum offer program is executed by processor
The step of described business datum providing method.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198502.2A CN110061967B (en) | 2019-03-15 | 2019-03-15 | Service data providing method, device, equipment and computer readable storage medium |
| PCT/CN2019/116481 WO2020186775A1 (en) | 2019-03-15 | 2019-11-08 | Service data providing method, apparatus and device, and computer-readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910198502.2A CN110061967B (en) | 2019-03-15 | 2019-03-15 | Service data providing method, device, equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110061967A true CN110061967A (en) | 2019-07-26 |
| CN110061967B CN110061967B (en) | 2022-02-22 |
Family
ID=67317124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910198502.2A Active CN110061967B (en) | 2019-03-15 | 2019-03-15 | Service data providing method, device, equipment and computer readable storage medium |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN110061967B (en) |
| WO (1) | WO2020186775A1 (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111131282A (en) * | 2019-12-27 | 2020-05-08 | 武汉极意网络科技有限公司 | Request encryption method and device, electronic equipment and storage medium |
| WO2020186775A1 (en) * | 2019-03-15 | 2020-09-24 | 平安科技(深圳)有限公司 | Service data providing method, apparatus and device, and computer-readable storage medium |
| CN113821258A (en) * | 2021-10-11 | 2021-12-21 | 京东科技控股股份有限公司 | Method and device for realizing localization operation of ground system through cloud system instruction |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114285665A (en) * | 2021-12-30 | 2022-04-05 | 北京天融信网络安全技术有限公司 | Method and device for converting password encryption mode |
| CN116108496B (en) * | 2023-04-13 | 2023-06-23 | 北京百度网讯科技有限公司 | Method, device, equipment and storage medium for inquiring trace |
| CN117579385B (en) * | 2024-01-16 | 2024-03-19 | 山东星维九州安全技术有限公司 | Method, system and equipment for rapidly screening novel WebShell flow |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546293A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system or method |
| CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
| CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
| CN105187397A (en) * | 2015-08-11 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | WEB system page integration anti-hotlinking method and system |
| CN105306473A (en) * | 2015-11-05 | 2016-02-03 | 北京奇虎科技有限公司 | Method, client, server and system for preventing injection attacks |
| CN106470103A (en) * | 2015-08-17 | 2017-03-01 | 苏宁云商集团股份有限公司 | A kind of client sends the method and system of encryption URL request |
| CN106603491A (en) * | 2016-11-10 | 2017-04-26 | 上海斐讯数据通信技术有限公司 | Portal authentication method based on https protocol, and router |
| CN106658093A (en) * | 2016-12-27 | 2017-05-10 | 深圳市九洲电器有限公司 | Set top box and server interaction method and system |
| CN107707532A (en) * | 2017-09-15 | 2018-02-16 | 北京小米移动软件有限公司 | URL generations, query argument verification method, device, equipment and storage medium |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120124372A1 (en) * | 2010-10-13 | 2012-05-17 | Akamai Technologies, Inc. | Protecting Websites and Website Users By Obscuring URLs |
| US8826017B2 (en) * | 2011-10-10 | 2014-09-02 | International Business Machines Corporation | Optimizing web landing page link access times through preliminary functions during page deployment |
| CN104393988B (en) * | 2014-12-03 | 2018-06-22 | 浪潮(北京)电子信息产业有限公司 | A kind of reversible data ciphering method and device |
| CN105808990B (en) * | 2016-02-23 | 2019-01-18 | 平安科技(深圳)有限公司 | Method and apparatus based on the control URL access of IOS system |
| CN110061967B (en) * | 2019-03-15 | 2022-02-22 | 平安科技(深圳)有限公司 | Service data providing method, device, equipment and computer readable storage medium |
-
2019
- 2019-03-15 CN CN201910198502.2A patent/CN110061967B/en active Active
- 2019-11-08 WO PCT/CN2019/116481 patent/WO2020186775A1/en active Application Filing
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103546293A (en) * | 2013-10-08 | 2014-01-29 | 任少华 | Third party certification system or method |
| CN103763308A (en) * | 2013-12-31 | 2014-04-30 | 北京明朝万达科技有限公司 | Method and device for having access to webpage safely and downloading data through intelligent terminal |
| CN103944900A (en) * | 2014-04-18 | 2014-07-23 | 中国科学院计算技术研究所 | Cross-station request attack defense method and device based on encryption |
| CN105187397A (en) * | 2015-08-11 | 2015-12-23 | 北京思特奇信息技术股份有限公司 | WEB system page integration anti-hotlinking method and system |
| CN106470103A (en) * | 2015-08-17 | 2017-03-01 | 苏宁云商集团股份有限公司 | A kind of client sends the method and system of encryption URL request |
| CN105306473A (en) * | 2015-11-05 | 2016-02-03 | 北京奇虎科技有限公司 | Method, client, server and system for preventing injection attacks |
| CN106603491A (en) * | 2016-11-10 | 2017-04-26 | 上海斐讯数据通信技术有限公司 | Portal authentication method based on https protocol, and router |
| CN106658093A (en) * | 2016-12-27 | 2017-05-10 | 深圳市九洲电器有限公司 | Set top box and server interaction method and system |
| CN107707532A (en) * | 2017-09-15 | 2018-02-16 | 北京小米移动软件有限公司 | URL generations, query argument verification method, device, equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2020186775A1 (en) * | 2019-03-15 | 2020-09-24 | 平安科技(深圳)有限公司 | Service data providing method, apparatus and device, and computer-readable storage medium |
| CN111131282A (en) * | 2019-12-27 | 2020-05-08 | 武汉极意网络科技有限公司 | Request encryption method and device, electronic equipment and storage medium |
| CN113821258A (en) * | 2021-10-11 | 2021-12-21 | 京东科技控股股份有限公司 | Method and device for realizing localization operation of ground system through cloud system instruction |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110061967B (en) | 2022-02-22 |
| WO2020186775A1 (en) | 2020-09-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110061967A (en) | Business datum providing method, device, equipment and computer readable storage medium | |
| US6981156B1 (en) | Method, server system and device for making safe a communication network | |
| CN108256340B (en) | Data acquisition method and device, terminal equipment and storage medium | |
| CN104662870A (en) | Data security management system | |
| CN102782694A (en) | Transaction auditing for data security devices | |
| CN108270739B (en) | Method and device for managing encryption information | |
| CN101292496A (en) | Method and devices for carrying out cryptographic operations in a client-server network | |
| CN107370595A (en) | One kind is based on fine-grained ciphertext access control method | |
| CN104322003A (en) | Cryptographic authentication and identification method using real-time encryption | |
| CN112653556B (en) | TOKEN-based micro-service security authentication method, device and storage medium | |
| CN106992851A (en) | TrustZone-based database file password encryption and decryption method and device and terminal equipment | |
| CN112131564A (en) | Encrypted data communication method, apparatus, device, and medium | |
| CN103414727A (en) | Encryption protection system for input password input box and using method thereof | |
| CN101924734A (en) | Identity authentication method and authentication device based on Web form | |
| CN114205084B (en) | Quantum key-based electronic mail multi-operation encryption method and device | |
| CN115883154A (en) | Access certificate issuing method, block chain-based data access method and device | |
| CN115242553A (en) | Data exchange method and system supporting secure multi-party computation | |
| CN115276978A (en) | Data processing method and related device | |
| CN117240625B (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN113722749A (en) | Data processing method and device for block chain BAAS service based on encryption algorithm | |
| CN114866317B (en) | Multi-party data security calculation method and device, electronic equipment and storage medium | |
| CN115941279A (en) | Encryption and decryption method, system and equipment for user identification in data | |
| CN115119200A (en) | Information transfer method for 5G communication environment | |
| CN107612691A (en) | Authentication information transmission method and device and user information authentication system | |
| CN105100030A (en) | Access control method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |