CN116707926A - Anti-theft method and device for page data, electronic equipment and storage medium - Google Patents
Anti-theft method and device for page data, electronic equipment and storage medium Download PDFInfo
- Publication number
- CN116707926A CN116707926A CN202310716428.5A CN202310716428A CN116707926A CN 116707926 A CN116707926 A CN 116707926A CN 202310716428 A CN202310716428 A CN 202310716428A CN 116707926 A CN116707926 A CN 116707926A
- Authority
- CN
- China
- Prior art keywords
- information
- page
- access request
- data
- authentication string
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 94
- 238000012795 verification Methods 0.000 claims description 233
- 230000000977 initiatory effect Effects 0.000 claims description 80
- 238000004364 calculation method Methods 0.000 claims description 33
- 238000004422 calculation algorithm Methods 0.000 claims description 26
- 238000004590 computer program Methods 0.000 claims description 15
- 230000004044 response Effects 0.000 claims description 15
- 238000012512 characterization method Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 13
- 238000004891 communication Methods 0.000 description 9
- 230000009286 beneficial effect Effects 0.000 description 8
- 238000012545 processing Methods 0.000 description 7
- 230000008901 benefit Effects 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000002265 prevention Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 238000005242 forging Methods 0.000 description 2
- 208000033748 Device issues Diseases 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 230000001953 sensory effect Effects 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The disclosure provides an anti-theft method, an anti-theft device, electronic equipment and a storage medium for page data, relates to the field of computers, and particularly relates to an anti-cheating technology in the field of large search. Applied to a first server, comprising: responding to a page access request of terminal equipment, and determining data address information of data in a page indicated by the page access request; the page access request comprises requester information, wherein the requester information comprises user information and terminal equipment information; generating authentication string information according to the information of the requesting party and the data address information; the authentication string information characterizes data after encrypting the information of the requesting party and the data address information; transmitting the authentication string information to the terminal equipment; the terminal equipment initiates a data access request to a second server to acquire data in a page, wherein the data access request comprises requester information and authentication string information; and after the authentication string information in the data access request is verified by the second server, the requested data is sent to the terminal equipment.
Description
Technical Field
The disclosure relates to the field of large search in the technical field of computers, and is applied to the fields of business search and anti-cheating in large search, in particular to an anti-theft method and device for page data, electronic equipment and a storage medium.
Background
The web pages may contain rich information, for example, one web page may include data such as pictures or videos. However, the amount of traffic consumed to access resources such as pictures in web pages is high.
In order to save flow cost and improve picture access speed, some small websites, crawlers and the like steal links of resources such as pictures and the like, resources such as pictures and the like are stolen into own websites in a mode of directly embedding the links, and high cost and supervision and blocking risks are borne by a stolen party while the access amount of the own websites is increased. Therefore, how to prevent page data from being stolen is a current important task.
Disclosure of Invention
The disclosure provides a method and device for preventing page data from being stolen, electronic equipment and a storage medium.
According to a first aspect of the present disclosure, there is provided an anti-theft method for page data, applied to a first server, including:
responding to a page access request sent by a terminal device, and determining data address information of data in a page indicated by the page access request; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
Generating authentication string information according to the first requester information and the data address information; the authentication string information characterizes data after the first requester information and the data address information are encrypted;
transmitting the authentication string information to the terminal equipment;
the authentication string information is used for initiating a data access request to a second server, the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information for initiating the data access request; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified.
According to a second aspect of the present disclosure, there is provided an anti-theft method for page data, applied to a second server, including:
responding to a data access request sent by a terminal device, and verifying authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request to obtain a verification result;
If the verification result represents that the verification of the authentication string information is passed, sending data requested by the data access request to the terminal equipment;
the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information; and the page access request is sent to the first server for the terminal equipment, and the page access request characterizes the request access page.
According to a third aspect of the present disclosure, there is provided an anti-theft method of page data, applied to a terminal device, including:
responding to an access instruction initiated by a user, and sending a page access request to a first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
Receiving authentication string information sent by the first server; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information;
sending a data access request to a second server; the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified;
and receiving the data returned by the second server.
According to a fourth aspect of the present disclosure, there is provided an anti-theft device for page data, applied to a first server, including:
An information determining unit, configured to determine data address information of data in a page indicated by a page access request in response to the page access request sent by a terminal device; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
an authentication string generation unit, configured to generate authentication string information according to the first requester information and the data address information; the authentication string information characterizes data after the first requester information and the data address information are encrypted;
an authentication string transmitting unit, configured to transmit the authentication string information to the terminal device;
the authentication string information is used for initiating a data access request to a second server, the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information for initiating the data access request; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified.
According to a fifth aspect of the present disclosure, there is provided an anti-theft device for page data, applied to a second server, including:
the authentication string verification unit is used for responding to a data access request sent by the terminal equipment, and verifying the authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request to obtain a verification result;
the data sending unit is used for sending the data requested by the data access request to the terminal equipment if the verification result represents that the verification of the authentication string information is passed;
the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information; and the page access request is sent to the first server for the terminal equipment, and the page access request characterizes the request access page.
According to a sixth aspect of the present disclosure, there is provided an anti-theft device for page data, applied to a terminal device, including:
the instruction response unit is used for responding to an access instruction initiated by a user and sending a page access request to the first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
the information receiving unit is used for receiving the authentication string information sent by the first server; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information;
a request sending unit, configured to send a data access request to a second server; the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified;
And the data receiving unit is used for receiving the data returned by the second server.
According to a seventh aspect of the present disclosure, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the methods of the first, second and third aspects.
According to an eighth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the methods of the first, second and third aspects.
According to a ninth aspect of the present disclosure, there is provided a computer program product comprising a computer program which, when executed by a processor, implements the methods of the first, second and third aspects.
According to the technology disclosed by the invention, the problem that the data in the page is stolen is solved, and the security of the page data is improved.
It should be understood that the description in this section is not intended to identify key or critical features of the embodiments of the disclosure, nor is it intended to be used to limit the scope of the disclosure. Other features of the present disclosure will become apparent from the following specification.
Drawings
The drawings are for a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
FIG. 1 is a schematic flow chart of a method for preventing theft of page data according to an embodiment of the disclosure;
FIG. 2 is a flow chart of a method for preventing theft of page data according to an embodiment of the disclosure;
FIG. 3 is a schematic flow chart of a method for preventing theft of page data according to an embodiment of the disclosure;
FIG. 4 is a flow chart of a method for preventing theft of page data according to an embodiment of the disclosure;
FIG. 5 is a flow chart of a method for preventing theft of page data according to an embodiment of the present disclosure;
FIG. 6 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure;
FIG. 7 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure;
FIG. 8 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure;
FIG. 9 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure;
FIG. 10 is a block diagram of an electronic device for implementing a method of theft protection for page data in accordance with an embodiment of the present disclosure;
fig. 11 is a block diagram of an electronic device for implementing a method of theft protection for page data in accordance with an embodiment of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below in conjunction with the accompanying drawings, which include various details of the embodiments of the present disclosure to facilitate understanding, and should be considered as merely exemplary. Accordingly, one of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
In the webpage, the data such as pictures and videos can display more colorful contents relative to text information, the method is one of the most important communication and expression means of users in the current internet products, the application range is very wide, and the flow cost consumed by picture resource access is high. Some small websites, crawlers, black products and the like are used for various purposes, such as saving flow cost, improving picture access speed, spreading some picture transfer supervision risks and the like, can not steal picture resource links, steal picture resources to own websites in a direct embedded link mode, and can increase the access amount of own websites and simultaneously bear high cost and supervision and blocking risks to the stolen party. The theft has high benefit and low cost, so how to effectively prevent the theft is an urgent and important task.
At present, an IP (Internet Protocol Address ) or a black-and-white list of regions can be preset for anti-theft of data such as pictures in a webpage. When the client initiates a request to the server, the server can definitely acquire the IP address of the client, judge whether the IP address is in a blacklist or a white list, and realize access control. The method has the advantages of simple rule and convenient configuration and use. However, in the request process, the information can be forged, and the forging cost is lower, so that the requirement of tighter guard file security cannot be met.
The disclosure provides an anti-theft method, an anti-theft device, electronic equipment and a storage medium for page data, which are applied to the field of large search in the technical field of computers, in particular to an anti-cheating technology in business search, and realize the anti-theft of the page data.
In this embodiment, the user related information and data such as a list are not specific to a specific user, and cannot reflect personal information of a specific user. It should be noted that, the data in this embodiment comes from the public data set.
In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing and the like of the personal information of the user accord with the regulations of related laws and regulations, and the public order colloquial is not violated.
In order for the reader to more fully understand the principles of the implementations of the present disclosure, further details will now be provided in connection with the embodiments illustrated in fig. 1-11 below.
Fig. 1 is a flowchart of a method for preventing theft of page data, which is applied to a first server and can be executed by a device for preventing theft of page data according to an embodiment of the disclosure. As shown in fig. 1, the method comprises the steps of:
s101, responding to a page access request sent by a terminal device, and determining data address information of data in a page indicated by the page access request; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment.
The terminal device may be provided with a preset client, and the user may open a page of the client through the terminal device to view page data such as picture resources in the page. For example, the client is a piece of searching software, a user can search a scenic spot through the terminal device, and view the picture of the scenic spot, and the data contained in the opened page can include text introduction, picture, video and the like.
When the terminal device opens the page, the terminal device may first send a page access request to the first server. The page access request indicates a request to access a page, and may include a page URL (Uniform Resource Locator ) of the page to be accessed and first requester information. The first requester information may be user-and device-related information, for example, the first requester information may include information of a user who initiates a page access request and information of a terminal device. The information of the user may be a user ID to which the user belongs at the client, and the information of the terminal device may be a device ID.
The first server determines page address information of the indicated page, that is, page URL, from the page access request in response to the page access request transmitted to the terminal device. A page may display various data, for example, may include a plurality of pictures, each of which corresponds to a picture URL, that is, data address information. That is, one page URL may correspond to one or more data address information. After receiving the page access request, data address information of data in the page indicated by the page access request may be determined. For example, the first server may store therein data address information of data in pages corresponding to the respective pages.
S102, generating authentication string information according to first requester information and data address information; the authentication string information characterizes the encrypted data of the first requester information and the data address information.
Illustratively, an encryption algorithm is preset, and the first requester information and the data address information are encrypted according to the preset encryption algorithm. And determining authentication string information according to the encrypted data. The authentication string information may be an authentication string URL, and the authentication string URL may represent data after the first requester information and the data address information are encrypted. That is, in the authentication string URL, data obtained by encrypting the first requester information and the data address information may be included, data address information which is not encrypted may be included, and other data and the like. According to the preset URL format, a complete authentication string URL can be obtained. In this embodiment, the preset encryption algorithm is not specifically limited.
The URL format of the authentication string URL is preset, for example, the unencrypted data address information is https:// abc.com/123456789.Jpg, and the data obtained by encrypting the first requester information and the data address information is 3f88e4f4edf5bb6213d1. And according to a preset URL format, the unencrypted data address information and the encrypted 3f88e4f4edf5bb6213d1 are assembled, so that the authentication string URL is https:// abc.com/3f88e4f4edf5bb6213d1/123456789.Jpg.
S103, the authentication string information is sent to the terminal equipment.
The first server may, for example, return the authentication string information to the terminal device after obtaining the authentication string information. The first server may include a service layer, and in this embodiment, the service layer may return authentication string information to the terminal device.
After receiving the authentication string information sent by the first server, the terminal device automatically sends a data access request to the second server, wherein the data access request can indicate that data in a page is to be acquired. For example, if a request is made to display a picture contained in a page, if the terminal device does not send a data access request, resources such as the picture cannot be displayed on the opened page. The data access request may include second requester information and authentication string information, the second requester information being information of a user who initiated the data access request and information of a terminal device. The first requester information may be the same as or different from the second requester information. If the user and the terminal equipment for initiating the page access request are the same as the user and the terminal equipment for initiating the data access request, the first requester information is the same as the second requester information; if the requestor initiating the data access request is a pirate, the pirate changes the user ID or the device ID, and the first requestor information is different from the second requestor information.
The second server may be a picture source station, i.e. a server storing picture data in pages. The authentication string information may include data address information of data in a page to be accessed. After receiving the data access request, the second server verifies the authentication string information in the data access request according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request, and after verification, the data requested by the data access request is sent to the terminal equipment. For example, the pictures in the page may be sent to the terminal device.
The second server may acquire data address information from the authentication string information when performing authentication. And encrypting the second requester information and the data address information according to a preset encryption algorithm, and determining the encrypted data as information to be verified. The authentication string information comprises data obtained by encrypting the first request party information and the data address information by the first server, and the data obtained by encrypting the first request party information and the data address information by the first server is obtained from the authentication string information. Comparing the encrypted data of the first requester information and the data address information with the information to be verified, if the encrypted data are consistent with the information to be verified, considering that the data are not stolen, and returning the requested page data to the terminal equipment; if the two are inconsistent, the data is considered to be stolen, and the data with preset content can be returned to the terminal equipment, for example, an http 200 status code, a spam default picture and the like are returned.
According to the method and the device for sending the data access request to the second server, the terminal equipment sends the page access request to the first server, the first server determines data address information corresponding to the page, the received user related information and the received data address information are integrated together to obtain the authentication string URL to the terminal equipment, the terminal equipment sends the data access request to the second server conveniently, and therefore the second server determines whether data resources such as pictures can be sent to the terminal equipment or not according to the authentication string URL. The method and the device realize binding of the data address information and the information of the requester to form the exclusive URL link, and can avoid information leakage of the requester and prevent information falsification through encryption. Through the verification of the second server, the pirate can be prevented from acquiring the picture by using the URL link of the embedded data address information of other terminal equipment, the picture resource is effectively prevented from being stolen, and the safety of page data is improved.
Fig. 2 is a flow chart of a method for preventing theft of page data according to an embodiment of the present disclosure, where the embodiment is an alternative embodiment based on the foregoing embodiment.
In this embodiment, in response to a page access request sent by a terminal device, determining data address information of data in a page indicated by the page access request may be thinned to: responding to a page access request sent by a terminal device, and determining page address information of a page indicated by the page access request; the page access request comprises page address information; and determining the data address information of the data in the page indicated by the page access request according to the page address information of the page indicated by the page access request.
As shown in fig. 2, the method comprises the steps of:
s201, responding to a page access request sent by a terminal device, and determining page address information of a page indicated by the page access request; wherein the page access request includes page address information.
For example, when the terminal device requests to open a page, the terminal device cannot know the data address information, and only knows the page address information of the page to be accessed. Thus, page address information may be included in the page access request without data address information.
After receiving the page access request, the first server may obtain the page address information of the page indicated by the page access request from the page access request, so as to obtain the page URL of the page to be opened.
S202, determining data address information of data in the page indicated by the page access request according to the page address information of the page indicated by the page access request.
For example, each page may include one or more data to be presented, and each data may correspond to one data address information. The first server may store data address information of the data. The data address information of the data in the different pages may be the same or different. After determining the page address information of the page indicated by the page access request, the first server may find the data address information corresponding to the page address information. For example, the page address information may include an identifier of the data address information, and the corresponding data address information may be found according to the identifier. The method and the device realize accurate search of page data for different pages, improve the determination accuracy of the page data and avoid data display errors. And the first server is responsible for determining the data address information, the second server returns the data corresponding to the data address information to the terminal equipment, and the two servers are mutually matched, so that the working pressure of the servers is reduced, and the working efficiency of the servers is improved.
In this embodiment, determining, according to page address information of a page indicated by a page access request, data address information of data in the page indicated by the page access request includes: according to the association relation between the preset page address information and the data address information, determining the data address information corresponding to the page address information of the page indicated by the page access request as the data address information of the data in the page indicated by the page access request.
Specifically, the association relationship between the page address information and the data address information is stored in the first server in advance. After the page address information is determined, the data address information corresponding to the page address information is determined according to a preset association relation, and one page address information can correspond to a plurality of data address information. And determining the determined data address information as the data address information of the data in the page indicated by the page access request. For example, a picture URL list corresponding to the page information address may be obtained, and each picture URL in the picture URL list is data address information of data in the page indicated by the page access request.
The method has the advantages that the data address information can be quickly found according to the preset association relation, and the efficiency and the accuracy of page data display are improved.
In this embodiment, the method further includes: according to preset user verification rule information, carrying out authenticity verification on the information of the user initiating the page access request; if the verification result of the authenticity verification of the information of the user is determined to be that the verification is passed, executing the page address information of the page indicated by the page access request, and determining the data address information of the data in the page indicated by the page access request.
Specifically, user verification rule information is preset, and the user verification rule information can be used for carrying out authenticity verification on information of a user initiating a page access request. The user verification rule information can be provided with a verification passing condition, and if the information of the user initiating the page access request meets the verification passing condition, the verification passing condition is determined; if the condition of passing the check is not satisfied, determining that the check is not passed. For example, the user verification rule information comprises a standard format of the user information, whether the information of the user initiating the page access request is in the standard format or not is determined, if yes, a verification result of the authenticity verification is determined to be verification passing; if not, determining that the verification result of the authenticity verification is that the verification is not passed.
If the verification result of the authenticity verification of the information of the user is determined to be that the verification is passed, the data address information of the data in the page indicated by the page access request can be determined according to the page address information of the page indicated by the page access request; if the verification result of the authenticity verification of the information of the user is determined to be that the verification is not passed, prompt information that the verification is not passed can be fed back to the terminal equipment, and the user is reminded to check whether the information of the user has errors. For example, a popup window may be displayed on a client interface of the terminal device, or a short message may be sent to a device to which the user information is bound. In this embodiment, the service layer of the first server may perform verification of the user information.
The first server checks the authenticity of the user information, if the user information is fake, the access is refused, and if the user information is true, the subsequent steps can be carried out. The condition that the page data is acquired by a counterfeiter with forged identity is avoided, and the safety of the page data is improved.
In this embodiment, performing authenticity verification on information of a user initiating a page access request according to preset user verification rule information includes: acquiring a first user list; the first user list comprises at least one account information, and the account information in the first user list is in a login state currently; if the information of the user initiating the page access request exists in the first user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
Specifically, a first user list may be set in the first server, where the first user list may include at least one account information, and the account information may be a user ID. The account information in the first user list is an account currently in a login state, and the first user list can be updated in real time along with the change of the login state of the account. The first server can receive login requests sent by the terminal devices in real time, and determine the login state of the account.
After responding to a page access request sent by a terminal device, acquiring first requester information from the page access request, and acquiring user information, namely account information of a user initiating the page access request, from the first requester information. And acquiring a current first user list, judging whether the information of the user in the first requester information exists in the first user list or not, namely judging whether the information of the user in the first requester information is in a login state or not currently. If yes, determining that the verification result of the authenticity verification of the information of the user is verification passing; if not, determining that the verification result of the authenticity verification of the information of the user is that the verification is not passed.
The beneficial effects of setting up like this are that judge whether the user logs in, avoid under the circumstances that steal other people account and can't log in, the random access to page data improves page data's security.
In this embodiment, performing authenticity verification on information of a user initiating a page access request according to preset user verification rule information includes: acquiring a second user list; the second user list comprises at least one account information, and the account information in the second user list is registered account information; if the information of the user initiating the page access request exists in the second user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
Specifically, a second user list may be set in the first server, where the second user list may include at least one account information, and the account information may be a user ID. The account information in the second user list is an account legally registered at the client, and the second user list can be updated in real time along with the registration and the cancellation of the account. The first server may receive, in real time, a registration request sent by the terminal device, and determine whether the account is registered, so as to update the second user list.
After responding to a page access request sent by a terminal device, acquiring first requester information from the page access request, and acquiring user information, namely account information of a user initiating the page access request, from the first requester information. And acquiring a current second user list, and judging whether the information of the user in the first requester information exists in the second user list, namely judging whether the information of the user in the first requester information is a legal registered account. If yes, determining that the verification result of the authenticity verification of the information of the user is verification passing; if not, determining that the verification result of the authenticity verification of the information of the user is that the verification is not passed.
After determining that the information of the user in the first requester information is the legally registered account, the first user list is acquired, and whether the information of the user in the first requester information is in a login state or not is judged, so that the user information is checked twice. If the verification results of the two verification are verification passing, determining that the verification result of the authenticity verification of the information of the user is verification passing. If the information of the user in the first request party information is not the legal registered account number, the login state is not checked, and the access is directly refused.
The beneficial effect of this setting is that judge whether user's information is legal, avoid the fraudulent use party to forge user account at will, improve the security of page data.
S203, generating authentication string information according to the first requester information and the data address information; the authentication string information characterizes the encrypted data of the first requester information and the data address information.
For example, this step may refer to step S102, and will not be described in detail.
S204, the authentication string information is sent to the terminal equipment.
For example, this step may refer to step S103, and will not be described in detail.
According to the method and the device for sending the data access request to the second server, the terminal equipment sends the page access request to the first server, the first server determines data address information corresponding to the page, the received user related information and the received data address information are integrated together to obtain the authentication string URL to the terminal equipment, the terminal equipment sends the data access request to the second server conveniently, and therefore the second server determines whether data resources such as pictures can be sent to the terminal equipment or not according to the authentication string URL. The method and the device realize binding of the data address information and the information of the requester to form the exclusive URL link, and can avoid information leakage of the requester and prevent information falsification through encryption. Through the verification of the second server, the pirate can be prevented from acquiring the picture by using the URL link of the embedded data address information of other terminal equipment, so that the picture resource is effectively prevented from being stolen, and the safety of the data is improved.
Fig. 3 is a flow chart of a method for preventing theft of page data according to an embodiment of the present disclosure, where the embodiment is an alternative embodiment based on the foregoing embodiment.
In this embodiment, the authentication string information is generated according to the first requester information and the data address information, which may be refined as follows: determining authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a timestamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request.
As shown in fig. 3, the method comprises the steps of:
s301, responding to a page access request sent by a terminal device, and determining data address information of data in a page indicated by the page access request; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment.
For example, this step may refer to step S101, and will not be described in detail.
S302, determining authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a timestamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request.
For example, an authentication string calculation mode is preset, and the authentication string calculation mode can be used for encrypting data such as the first requester information, the data address information and the like. For example, encryption calculation may be performed on information of a user who initiates a page access request and information of a terminal device, and data address information of data in a page indicated by the page access request, and the calculated character string may be a part of authentication string information.
In the authentication string information, other data may be included in addition to the calculation result of the first requester information and the data address information. For a page access request, there may be a corresponding time stamp, indicating the expiration time of the page access request, and the other data in the authentication string information may include the time stamp. For example, the valid time with a timestamp of 1 minute may be preset, the request is invalid after 1 minute, and the time of the request invalidation may be indicated in the authentication string information. By showing the time stamp in the authentication string information, the second server can verify whether the page access request is out of date when the page data is returned, so that the fact that a pirate steals the historical authentication string URL is avoided, and the security of the page data is further improved.
According to the authentication string calculation mode, encryption calculation can be carried out on the first request party information, the time stamp and the data address information together, each data address information is bound with the user ID, the terminal equipment ID and the specific time range to form a dedicated link, the use scene of embedding other resource links by the embezzlement party is avoided, resources such as pictures can be effectively prevented from being embezzled, normal access of legal users is guaranteed, and the embezzlement prevention of page data is realized.
In this embodiment, the method further includes: and determining a timestamp corresponding to the page indicated by the page access request based on the association relationship between the preset page address information and the timestamp according to the page address information of the page indicated by the page access request.
Specifically, the page access request includes page address information of the indicated page, the association relationship between the page address information and the timestamp is stored in the first server in advance, and the timestamp corresponding to the page address information is determined as the timestamp corresponding to the page indicated by the page access request based on the preset association relationship according to the obtained page address information.
That is, different time stamps can be determined for different page address information, and the validity period of the page access request of each page is different. The user can update the association relationship between the page address information and the time stamp in the first server according to the actual service requirement.
The beneficial effects of the arrangement are that different timestamps are corresponding to different page address information, so that the pirate is prevented from forging authentication string information according to the preset fixed timestamps, and the anti-theft of page data is realized.
In this embodiment, determining authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of a terminal device, a timestamp corresponding to a page indicated by the page access request, and data address information of data in the page indicated by the page access request, includes: determining a key corresponding to the page indicated by the page access request based on the association relationship between preset page address information and the key according to the page address information of the page indicated by the page access request; encrypting information of a user initiating a page access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, data address information of data in the page indicated by the page access request and a secret key corresponding to the page indicated by the page access request according to a preset encryption algorithm, and determining the obtained data as a data authentication string; and assembling the timestamp corresponding to the page address information of the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the data authentication string into authentication string information.
Specifically, for different pages, different keys can be corresponding, and the keys can be used for encryption calculation to obtain authentication string information. The first server may store the association relationship between the page address information and the secret key in advance, and after determining the page address information of the page indicated by the page access request, the secret key associated with the page address information may be determined according to the preset association relationship.
An encryption algorithm is preset, and encryption calculation is carried out on the first requester information, the determined time stamp, the data address information of the data in the page indicated by the page access request and the determined secret key according to the preset encryption algorithm. That is, the user ID, the terminal device ID, the time stamp, the database address information, and the key may be calculated by encryption. And determining the character string obtained after encryption as a data authentication string, wherein the data authentication string can be part of authentication string information.
The authentication string information may include a data authentication string, and may further include a time stamp corresponding to page address information of the page indicated by the page access request and data address information of data in the page indicated by the page access request. The preset format of the authentication string information can be preset, and the data authentication string, the timestamp corresponding to the page address information of the page indicated by the page access request and the data address information of the data in the page indicated by the page access request are assembled according to the preset format to obtain complete authentication string information. For example, when the data address information of the data in the page indicated by the page access request is https:// abc.com/123456789.Jpg, the time stamp corresponding to the page address information of the page indicated by the page access request is 2023, 3, 25, and 5 days. After the data authentication string is obtained through encryption, the obtained complete authentication string information can be https:// abc.com/2023-03-25-05_3f88e4f4edf5bb6213d1/123456789.Jpg according to a preset format. Where 2023-03-25-05 represents a time stamp, 3f88e4f4edf5bb6213d1 represents a data authentication string, and 123456789 represents data address information.
The beneficial effect of setting up like this is that bind data address information with user ID, terminal equipment ID, the specific time range who accesses, form exclusive link, avoid the embedded other people's resource link of pirate, improve page data's security. And the time stamp and the data address information can be directly obtained from the authentication string information, so that the subsequent second server can conveniently verify the data authentication string, and the verification efficiency is improved.
After obtaining the authentication string information sent by the terminal device, the second server may first determine whether the authentication string information is in a preset format, for example, may determine whether the preset format of the authentication information is "timestamp_data authentication string/data address information". If the format is not the preset format, access is refused; if the time stamp information is in the preset format, the time stamp information is obtained from the authentication string information, and whether the current time is within the effective time corresponding to the time stamp is judged. If not, refusing access; if yes, verifying the data authentication string.
The second server can also store the association relation between the page address information and the secret key, and after receiving the data access request of the terminal equipment, the second server obtains the page address information and determines the secret key corresponding to the page address information according to the preset association relation. Second requester information is acquired from the data access request, and time stamp and data address information are acquired from the authentication string information. And according to a preset encryption algorithm, carrying out encryption calculation on the second requester information, the time stamp, the data address information and the secret key, and determining an encrypted result as information to be verified. Comparing the information to be verified with the data authentication string, if the information to be verified and the data authentication string are consistent, determining that the authentication string information is verified to pass, and returning data requested by a data access request to the terminal equipment; if the two are inconsistent, access is refused, and page data of preset content is returned to the terminal equipment. In this embodiment, the encryption algorithm in the first server is the same as the encryption algorithm in the second server.
S303, transmitting the authentication string information to the terminal equipment.
For example, this step may refer to step S103, and will not be described in detail.
According to the method and the device for sending the data access request to the second server, the terminal equipment sends the page access request to the first server, the first server determines data address information corresponding to the page, the received user related information and the received data address information are integrated together to obtain the authentication string URL to the terminal equipment, the terminal equipment sends the data access request to the second server conveniently, and therefore the second server determines whether data resources such as pictures can be sent to the terminal equipment or not according to the authentication string URL. The method and the device realize binding of the data address information and the information of the requester to form the exclusive URL link, and can avoid information leakage of the requester and prevent information falsification through encryption. Through the verification of the second server, the pirate can be prevented from acquiring the picture by using the URL link of the embedded data address information of other terminal equipment, so that the picture resource is effectively prevented from being stolen, and the safety of the data is improved.
Fig. 4 is a flowchart of a method for preventing theft of page data, which is applied to a second server and can be executed by a device for preventing theft of page data according to an embodiment of the present disclosure. As shown in fig. 4, the method comprises the steps of:
S401, responding to a data access request sent by the terminal equipment, and verifying the authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request to obtain a verification result.
The terminal device determines that the page to be accessed contains the page data such as the picture after obtaining the authentication string information sent by the first server, and needs to acquire the page data such as the picture from the second server. Therefore, the terminal device sends a data access request to the second server for page data such as pictures in the page. One page data in a page may correspond to one data access request. When generating the authentication string information, a data address information may be correspondingly generated. The data access request is used for indicating that the data in the page is to be acquired, and if the terminal equipment only sends out the page access request and does not send out the data access request, the page data cannot be displayed in the opened page. The data access request may include second requester information for indicating information of a user who initiated the data access request and information of the terminal device and authentication string information. The authentication string information is generated by the first server based on the first requester information in the page access request and the data address information of the data in the page indicated by the page access request, and characterizes the data encrypted by the first requester information and the data address information, for example, the authentication string information may include a data authentication string, which is the data obtained by encrypting the first requester information and the data address information. The page access request is a request sent by the terminal device to the first server, and is used for indicating that a certain page is to be requested to be accessed.
The second server obtains the second requester information and the authentication string information from the data access request after responding to the data access request. And verifying the authentication string information according to the second requester information and the data address information indicated by the authentication string information to obtain a verification result. The verification rule may be preset, for example, the verification rule includes a preset string length, the second requester information and the data address information may be calculated by a preset method, and if the calculated data is the preset string length, the verification of the authentication string is determined to pass.
In this embodiment, the authentication string information includes a timestamp corresponding to the page indicated by the page access request; the method further comprises the steps of: if the format of the authentication string information is determined to be a preset format, acquiring a time stamp corresponding to the page indicated by the page access request from the authentication string information; and acquiring the current time, and if the current time is smaller than the time stamp corresponding to the page indicated by the page access request, executing the verification of the authentication string information in the data access request according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request.
Specifically, the first server may generate authentication string information according to a preset format. After receiving the authentication string information, the second server may first determine whether the received authentication string information is in a preset format. If not, determining that the authentication string information is wrong, refusing the access of the page data, and sending data with preset content to the terminal equipment, for example, sending a default picture; if yes, the authentication string information can be continuously verified.
When the first server generates the authentication string information, a timestamp corresponding to the page indicated by the page access request may be used as a part of the authentication string information, and the timestamp may be an expiration time of the page access request. After determining that the received authentication string information is in the preset format, the second server may obtain a timestamp corresponding to the page indicated by the page access request from the authentication string information. The second server acquires the current time, compares the current time with the time stamp in the authentication string information, and judges whether the current time is smaller than the time stamp. If the current time is smaller than the time stamp corresponding to the page indicated by the page access request, that is, if the current time does not reach the time indicated by the time stamp, the page access request is not expired, and the authentication string information in the data access request can be verified according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request; if the current time and the like are equal to or greater than the time stamp corresponding to the page indicated by the page access request, the page access request is indicated to be expired, the data access is refused, and the page data of the preset content is returned to the terminal equipment.
The method has the advantages that before verification of the authentication string information is carried out, whether the page access request fails or not is judged, the fact that a pirate steals historical authentication string information is avoided, random access is carried out on page data, and the safety of the page data is improved.
In this embodiment, the data access request includes page address information of a page indicated by the data access request; the method further comprises the steps of: and determining a key corresponding to the page indicated by the data access request based on the association relationship between the preset page address information and the key according to the page address information of the page indicated by the data access request.
Specifically, when the first server generates the authentication string information, a key corresponding to the page address information is determined, and encryption calculation is performed according to the key to obtain the authentication string information. The second server also needs the same key to perform encryption calculation when verifying the authentication string information. The data access request sent by the terminal device may include page address information of a page indicated by the data access request, where the page indicated by the data access request is a page indicated by the page access request.
The association relation between the page address information and the secret key is stored in the second server in advance, and the association relation between the page address information stored in the second server and the secret key is consistent with the association relation between the page address information stored in the first server and the secret key. According to the association relationship between the page address information and the secret key, the second server can determine the secret key corresponding to the page address information of the page indicated by the data access request.
The second server can determine the secret key corresponding to the page address information, so that the second server can calculate according to the same encryption algorithm as the first server, the calculated result is verified, and verification accuracy of the authentication string information is improved.
In this embodiment, according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request, the authentication string information in the data access request is verified to obtain a verification result, which includes: encrypting information of a user initiating a data access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request according to a preset encryption algorithm, and determining the obtained data as information to be verified; if the information to be verified meets the preset verification condition, determining that the verification result characterization passes the verification of the authentication string information.
Specifically, an encryption algorithm is preset in the second server, and the encryption algorithm preset in the second server is consistent with the encryption algorithm preset in the first server. The second server obtains second requester information, for example, information of a user who initiated the data access request and information of the terminal device, from the data access request. And acquiring a time stamp corresponding to the page indicated by the page access request and data address information from the authentication string information. And determining a key corresponding to the page indicated by the data access request according to the association relation between the preset page address information and the key.
And according to a preset encryption algorithm, carrying out encryption calculation on information of a user initiating the data access request, information of terminal equipment initiating the data access request, a timestamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request, and determining the data obtained after calculation as information to be verified. In this embodiment, the calculation method of the information to be verified and the calculation method of the data authentication string may be identical.
The verification condition is preset, for example, the verification condition may be that the character string length of the information to be verified is consistent with the character string length of the data authentication string. Judging whether the information to be verified meets a preset verification condition, if so, determining that the authentication string information received by the second server passes verification; if not, determining that the authentication string information is not verified. For example, whether the length of the character string of the information to be verified is a preset length can be judged, if so, the verification condition is determined to be met; if not, determining that the verification condition is not satisfied.
The method has the advantages that the first server and the second server carry out encryption calculation on the same variable by adopting a preset encryption algorithm, so that accurate verification of authentication string information is facilitated, verification errors are avoided, and anti-theft of page data is realized.
In this embodiment, if the information to be verified meets a preset verification condition, determining that verification results characterize verification of the authentication string information is passed includes: if the information to be verified is consistent with the character string at the preset position in the authentication string information, determining that the verification result characterization passes the verification of the authentication string information.
Specifically, the preset verification condition may be comparing the information to be verified with the character string at the preset position in the authentication string information. The preset position in the authentication string information may be a position where the data authentication string is located, that is, the information to be verified is compared with the data authentication string.
The calculation method of the data authentication string is consistent with the calculation method of the information to be verified, and if the authentication string information is not stolen, the calculation variable of the data authentication string is consistent with the calculation variable of the information to be verified, namely, the data authentication string is consistent with the information to be verified. Therefore, comparing the information to be verified with the data authentication string, and if the information to be verified and the data authentication string are consistent, determining that the authentication string information passes the verification; if the authentication string information and the authentication string information are inconsistent, determining that the authentication string information is not verified.
The data authentication string and the information to be verified are determined by the user ID, the terminal equipment, the time stamp, the secret key and the data address information, and if the authentication string information is not stolen, the data authentication string and the information to be verified are consistent, so that whether the authentication string information is stolen or not is determined. And according to the user ID and the terminal equipment ID in the data access information, suspicious users can be tracked reversely to perform operations such as responsibility tracking and the like, so that the safety of page data is further ensured.
S402, if the verification result represents that the verification of the authentication string information is passed, sending data requested by the data access request to the terminal equipment.
Illustratively, the verification result may include authentication string information verification passing and authentication string information verification failing. And the second server stores page data, and if the verification result is that the authentication string information passes the verification, the page data corresponding to the data address information in the authentication string information is determined, for example, the picture resource corresponding to the picture URL can be determined. And sending the determined page data to the terminal equipment, and displaying the page data by the terminal equipment.
In this embodiment, the method further includes: if the verification result indicates that the verification of the authentication string information is not passed, page data of preset content is returned to the client.
Specifically, if the verification result is that the authentication string information is not verified, the second server refuses the access of the terminal equipment to the page data, and the requested page data is not returned to the terminal equipment. The second server is preset with a data return strategy for refusing access, page data of preset content is arranged in the data return strategy, and when the access is refused, the page data of the preset content is returned to the terminal equipment. For example, http 200 status code and a spam default picture may be returned.
The beneficial effect of the arrangement is that if the verification is not passed, the page data is not returned to the terminal equipment in order to avoid the theft of the page data, but the data of the preset content is returned, the user is prompted, and the theft prevention of the page data is realized.
According to the embodiment of the disclosure, the terminal equipment sends the data access request to the second server, and the second server acquires the second requester information and the data address information from the data access request. The authentication string information is verified by the second server to determine whether the page data is to be misappropriated. The verification method may be to calculate a piece of information to be verified again, and compare the newly calculated information to be verified with the data authentication string calculated by the first server. If the two are consistent, the verification is passed. Through verification of the second server, the page data can be effectively prevented from being stolen, the occurrence of the theft situation can be timely found, and the safety of the page data is improved.
Fig. 5 is a flowchart of a method for preventing theft of page data according to an embodiment of the present disclosure, where the method is applied to a terminal device and may be executed by a device for preventing theft of page data. As shown in fig. 5, the method comprises the steps of:
S501, responding to an access instruction initiated by a user, and sending a page access request to a first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment.
For example, a client may be installed in the terminal device, and a user initiates an access instruction to a page on the client, for example, the user may click on a control on the client to open a page. And the terminal equipment responds to the access instruction of the user, determines that the user wants to open a certain page, and sends a page access request to the first server.
The page access request may indicate that the terminal device requests to access a certain page, and the page access request may include first requester information and page address information of the page to be accessed, where the first requester information may include information of a user initiating the page access request and information of the terminal device, that is, may include a user ID and a terminal device ID. A page may include a plurality of page data, and one page data may correspond to one data address information. The terminal device cannot learn the data address information of the page data, and therefore, the page access request does not include the data address information.
The first server receives the page access request and determines data address information of data in a page indicated by the page access request. In this embodiment, the first server may determine, in response to the page access request sent by the terminal device, page address information of a page indicated by the page access request. And determining the data address information of the data in the page indicated by the page access request according to the page address information of the page indicated by the page access request. For example, the first server stores an association relationship between page address information and data address information, and determines data address information corresponding to the page address information of the page indicated by the page access request as the data address information of the data in the page indicated by the page access request according to the preset association relationship between the page address information and the data address information.
After receiving the page access request, the first server can perform authenticity verification on the information of the user initiating the page access request, and after the verification is passed, the authentication string information is calculated. User verification rule information is preset in the first server, and authenticity verification is carried out on information of a user initiating a page access request according to the preset user verification rule information. If the verification result of the authenticity verification of the information of the user is determined to be that the verification is passed, the data address information of the data in the page indicated by the page access request can be determined according to the page address information of the page indicated by the page access request.
The authenticity verification may be to verify a login state of the user information, and the user information may be account information of the user. If the login state is logged in, determining that the verification result of the authenticity verification is verification passing; if the login state is not login, determining that the verification result of the authenticity verification is that the verification is not passed. For example, a first user list is stored in the first server, and the first user list is acquired. The first user list comprises at least one account information, and the account information in the first user list is in a login state currently. If the information of the user initiating the page access request exists in the first user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
The authenticity verification can also be to verify whether the account information of the user is legal registration, and if the account information of the user is legal registration, the verification is passed; if the registration is not legal, the verification is not passed. The first server stores a second user list, and acquires the second user list. The second user list comprises at least one account information, and the account information in the second user list is registered account information. If the information of the user initiating the page access request exists in the second user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
The first server may generate authentication string information according to the first requester information and the data address information. In this embodiment, the first server may further store an association relationship between page address information and a key, where the key may be used to determine authentication string information. The first server may further store an association relationship between page address information and a timestamp, and determine, according to page address information of a page indicated by the page access request, a timestamp corresponding to the page indicated by the page access request based on a preset association relationship between page address information and the timestamp. The timestamp may represent the expiration time of the page access request. When determining the authentication string information, the first server determines a timestamp corresponding to the page indicated by the page access request based on the association relationship between preset page address information and the timestamp according to the page address information of the page indicated by the page access request. Determining authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a timestamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request. For example, the first server may determine, according to page address information of a page indicated by the page access request, a key corresponding to the page indicated by the page access request based on an association relationship between preset page address information and the key. And encrypting the information of the user initiating the page access request, the information of the terminal equipment, the time stamp corresponding to the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the secret key corresponding to the page indicated by the page access request according to a preset encryption algorithm, and determining the obtained data as a data authentication string. And assembling the timestamp corresponding to the page address information of the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the data authentication string into authentication string information. After the authentication string information is obtained, the first server transmits the authentication string information to the terminal device.
In this embodiment, responding to an access instruction initiated by a user, sending a page access request to a first server includes: responding to an access instruction initiated by a user, and determining position information corresponding to the access instruction; if the position information is in the preset area range, sending a page access request to the first server.
Specifically, after responding to the access instruction of the user, the terminal device may determine the location information corresponding to the access instruction. The location information may refer to the geographical location where the terminal device issuing the access instruction is located. The client of the terminal equipment is pre-stored with an area range allowing the access instruction to be processed, and after the position information corresponding to the access instruction is obtained, whether the position information is in the preset area range is judged. If yes, a page access request can be sent to the first server; if not, the page access request is not sent to the first server, and prompt information of the position error is displayed on the page of the client, so that the user is reminded that the access cannot be performed at the current position.
The beneficial effects of setting up like this are that terminal equipment can check up the position that self was located, avoids the pirate to acquire page data at will, confirms the position of pirate, improves page data's security.
In this embodiment, the method further includes: if the position information is located in the preset area range, determining a user login list of the terminal equipment in a preset historical time period; determining information of a user corresponding to the access instruction, and if the information of the user is not in the user login list, verifying the information of the user according to preset verification rule information; and if the information verification of the user is passed, sending a page access request to the first server.
Specifically, after determining that the location information corresponding to the access instruction is located in the preset area range, the terminal device may further perform the second step of verification. The terminal equipment can store a user login list in a historical time period, the user login list comprises at least one account information, and the account information in the user login list is the account information logged in the terminal equipment. That is, account information of a user who logs in to the client on the terminal device in the history period can be acquired.
Information of a user who issues an access instruction is acquired, and it is determined whether the information of the user who issues the access instruction is located in a user login list, that is, it is determined whether the information of the user who issues the access instruction is logged in on the terminal device. If the user login list is located in the user login list, a page access request can be sent to the first server; if not in the user login list, the user information needs to be verified. Authentication rule information for authenticating information of the user may be preset. For example, the verification rule information may be a verification code such as a graphic generated on the terminal device, and if the user draws or selects a correct verification code on the page, it is determined that the verification is passed. If the verification is passed, a page access request can be sent to the first server; if the verification is not passed, a page access request is not sent to the first server, and prompt information of information errors can be sent on the page of the terminal equipment to remind the user of information verification.
The beneficial effect of the arrangement is that the terminal equipment can verify the information of the user before sending the page access request, so that the situation that the embezzlement party steals the account information of the user is avoided, and the anti-theft of the page data is realized.
S502, receiving authentication string information sent by a first server; the authentication string information is generated based on the first requester information in the page access request and the data address information of the data in the page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information.
The terminal device receives authentication string information sent by the first server, and determines that page data of resources such as pictures exist in a page to be accessed, that is, determines that a data access request needs to be sent to the second server. If the terminal device does not receive the authentication string information sent by the first server, it can be considered that no picture is in the page to be accessed, namely the page data needing the data address information, and the data access request does not need to be sent to the second server. For example, only text data is in the page, and the page can be opened directly. The first server may send the authentication string information to the terminal device, and simultaneously send text data in the page to the terminal device for display by the terminal device. That is, the first server may store text data corresponding to each page, and after receiving the page access request, search the corresponding text data, and return the text data to the terminal device.
In this embodiment, the method further includes: if the authentication string information sent by the first server is not received in a preset time period, a prompt instruction of data access failure is sent to the second server; the prompting instruction of the data access failure is used for sending page data of preset content to the terminal equipment.
Specifically, a time period is preset, and if the terminal device receives the authentication string information sent by the first server in the preset time period, a data access request can be sent to the second server. If the terminal equipment does not receive the authentication string information in the time period, the page access is considered to be failed at the time, and a prompt instruction of the data access failure can be sent to the second server. After receiving the prompt instruction of the data access failure, the second server can send page data of preset content to the terminal equipment for the terminal equipment to display.
The beneficial effect of setting up like this is that through setting up time period, can avoid terminal equipment to wait for the feedback of first server always, improves the efficiency of page access.
S503, sending a data access request to a second server; the data access request characterizes and acquires data in a page, wherein the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication of the authentication string information in the data access request is passed.
The terminal device issues a data access request to the second server. The data access request may be used to indicate that page data in a page is to be acquired, and the data access request may include second requester information and authentication string information, where the second requester information includes information of a user who initiates the data access request and information of a terminal device. If the user who sends the page access request is different from the user who sends the data access request, or the terminal device that sends the page access request is different from the terminal device that sends the data access request, the first requester information is different from the second requester information.
The second server determines the second requester information and determines the data address information indicated in the authentication string information after receiving the data access request. And verifying the authentication string information in the data access request according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request to obtain a verification result. And feeding back to the terminal equipment according to the verification result.
The authentication string information may include a time stamp corresponding to the page indicated by the page access request. If the second server determines that the format of the authentication string information is the preset format, the second server may acquire a timestamp corresponding to the page indicated by the page access request from the authentication string information. And acquiring the current time, and if the current time is smaller than the time stamp corresponding to the page indicated by the page access request, verifying the authentication string information in the data access request according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request.
The data access request may further include page address information of a page indicated by the data access request. And determining a key corresponding to the page indicated by the data access request based on the association relationship between the preset page address information and the key according to the page address information of the page indicated by the data access request. According to a preset encryption algorithm, encrypting information of a user initiating a data access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request, and determining the obtained data as information to be verified. If the information to be verified meets the preset verification condition, determining that the verification result characterization passes the verification of the authentication string information. For example, if the information to be verified is consistent with the character string at the preset position in the authentication string information, determining that the verification result represents that the verification of the authentication string information is passed.
S504, receiving the data returned by the second server.
For example, if the second server verifies the authentication string information, page data corresponding to the data address information may be returned to the terminal device. The second server may be a picture source station and the returned page data may be a picture resource. And the terminal equipment receives the page data and displays the page data on the page. If the authentication string information is not verified by the second server, page data of preset content can be returned to the terminal equipment for display. For example, http 200 status code and a spam default picture may be returned.
In the embodiment of the disclosure, a user sends an access instruction through a terminal device, and the terminal device sends a page access instruction to a first server to interact data with the first server. And after receiving the authentication string information sent by the first server, sending a data access instruction to the second server, and performing data interaction with the second server. The terminal equipment is matched with the first server and the second server, the first server generates authentication string information, the second server verifies the authentication string information, whether page data are stolen or not is determined, normal access of legal users is guaranteed, suspicious users are tracked, and safety of the page data is improved.
Fig. 6 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure. For ease of illustration, only portions relevant to embodiments of the present disclosure are shown. The apparatus is applied to a first server, and referring to fig. 6, an anti-theft apparatus 600 for page data includes: an information determination unit 601, an authentication string generation unit 602, and an authentication string transmission unit 603.
An information determining unit 601, configured to determine, in response to a page access request sent by a terminal device, data address information of data in a page indicated by the page access request; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
An authentication string generation unit 602, configured to generate authentication string information according to the first requester information and the data address information; the authentication string information characterizes data after the first requester information and the data address information are encrypted;
an authentication string transmitting unit 603, configured to transmit the authentication string information to the terminal device;
the authentication string information is used for initiating a data access request to a second server, the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information for initiating the data access request; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified.
Fig. 7 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure. As shown in fig. 7, the theft prevention device 700 for page data includes an information determination unit 701, an authentication string generation unit 702, and an authentication string transmission unit 703, wherein the information determination unit 701 includes a first determination module 7011 and a second determination module 7012.
A first determining module 7011, configured to determine, in response to a page access request sent by a terminal device, page address information of a page indicated by the page access request; wherein the page access request comprises the page address information;
a second determining module 7012, configured to determine, according to page address information of a page indicated by the page access request, data address information of data in the page indicated by the page access request.
In one example, the second determining module 7012 is specifically configured to:
according to the association relation between the preset page address information and the data address information, determining the data address information corresponding to the page address information of the page indicated by the page access request as the data address information of the data in the page indicated by the page access request.
In one example, the apparatus 700 further comprises:
the information verification unit is used for verifying the authenticity of the information of the user initiating the page access request according to the preset user verification rule information;
and the verification passing unit is used for executing the page address information of the page indicated by the page access request and determining the data address information of the data in the page indicated by the page access request if the verification result of the authenticity verification of the information of the user is determined to be verification passing.
In one example, an information verification unit includes:
the first acquisition module is used for acquiring a first user list; the first user list comprises at least one piece of account information, and the account information in the first user list is in a login state currently;
and the first verification module is used for determining that the verification result of the authenticity verification of the information of the user is verification passing if the information of the user initiating the page access request exists in the first user list.
In one example, an information verification unit includes:
the second acquisition module is used for acquiring a second user list; the second user list comprises at least one account information, and the account information in the second user list is registered account information;
and the second checking module is used for determining that the checking result of the authenticity check of the information of the user is passing the check if the information of the user initiating the page access request exists in the second user list.
In one example, the apparatus 700 further comprises:
and the time stamp determining unit is used for determining the time stamp corresponding to the page indicated by the page access request based on the association relation between the preset page address information and the time stamp according to the page address information of the page indicated by the page access request.
In one example, the authentication string generation unit 702 includes:
the authentication string calculation module is used for determining the authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request.
In one example, the authentication string calculation module includes:
a key determining submodule, configured to determine, according to page address information of a page indicated by the page access request, a key corresponding to the page indicated by the page access request based on an association relationship between preset page address information and the key;
the encryption sub-module is used for encrypting the information of a user initiating the page access request, the information of the terminal equipment, the time stamp corresponding to the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the secret key corresponding to the page indicated by the page access request according to a preset encryption algorithm, and determining the obtained data as a data authentication string;
And the assembling sub-module is used for assembling the timestamp corresponding to the page address information of the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the data authentication string into the authentication string information.
Fig. 8 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure. For ease of illustration, only portions relevant to embodiments of the present disclosure are shown. The apparatus is applied to a second server, and referring to fig. 8, an anti-theft apparatus 800 for page data includes: an authentication string verification unit 801 and a data transmission unit 802.
An authentication string verification unit 801, configured to respond to a data access request sent by a terminal device, and verify authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request, so as to obtain a verification result;
a data sending unit 802, configured to send, to the terminal device, data requested by the data access request if the verification result indicates that verification of the authentication string information passes;
The data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information; and the page access request is sent to the first server for the terminal equipment, and the page access request characterizes the request access page.
In one example, the authentication string information includes a timestamp corresponding to the page indicated by the page access request;
the apparatus 800 further comprises:
a format determining unit, configured to obtain, if it is determined that the format of the authentication string information is a preset format, a timestamp corresponding to the page indicated by the page access request from the authentication string information;
and the time comparison unit is used for acquiring the current time, and if the current time is smaller than the time stamp corresponding to the page indicated by the page access request, executing the data address information indicated by the second requester information in the data access request and the authentication string information in the data access request, and verifying the authentication string information in the data access request.
In one example, the data access request includes page address information of a page indicated by the data access request;
the apparatus 800 further comprises:
and the key determining unit is used for determining a key corresponding to the page indicated by the data access request based on the association relationship between the preset page address information and the key according to the page address information of the page indicated by the data access request.
In one example, the authentication string verification unit 801 includes:
the encryption module is used for encrypting information of a user initiating a data access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request according to a preset encryption algorithm, and determining the obtained data as information to be verified;
and the result determining module is used for determining that the verification result represents that the verification of the authentication string information is passed if the information to be verified meets the preset verification condition.
In one example, the result determination module includes:
And the character comparison sub-module is used for determining that the verification result represents that the verification of the authentication string information passes if the information to be verified is consistent with the character string at the preset position in the authentication string information.
In one example, the apparatus 800 further comprises:
and the data return unit is used for returning page data of preset content to the client if the verification result indicates that the verification of the authentication string information is not passed.
Fig. 9 is a block diagram of an anti-theft device for page data according to an embodiment of the present disclosure. For ease of illustration, only portions relevant to embodiments of the present disclosure are shown. The apparatus is applied to a terminal device, and referring to fig. 9, an anti-theft apparatus 900 for page data includes: an instruction response unit 901, an information receiving unit 902, a request issuing unit 903, and a data receiving unit 904.
An instruction response unit 901, configured to respond to an access instruction initiated by a user, and send a page access request to a first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
An information receiving unit 902, configured to receive authentication string information sent by the first server; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information;
a request issuing unit 903, configured to issue a data access request to a second server; the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified;
and the data receiving unit 904 is used for receiving the data returned by the second server.
In one example, instruction response unit 901 includes:
the position determining module is used for responding to an access instruction initiated by a user and determining position information corresponding to the access instruction;
and the position judging module is used for sending a page access request to the first server if the position information is in the preset area range.
In one example, the apparatus 900 further comprises:
the list determining module is used for determining a user login list of the terminal equipment in a preset historical time period if the position information is located in a preset area range;
the user verification module is used for determining the information of the user corresponding to the access instruction, and if the information of the user is not in the user login list, the information of the user is verified according to preset verification rule information;
and the access request sending module is used for sending a page access request to the first server if the information verification of the user is passed.
In one example, the apparatus 900 further comprises:
the prompting unit is used for sending a prompting instruction of data access failure to the second server if the authentication string information sent by the first server is not received within a preset time period; the prompting instruction of the data access failure is used for sending page data of preset content to the terminal equipment.
According to an embodiment of the disclosure, the disclosure further provides an electronic device.
Fig. 10 is a block diagram of an electronic device according to an embodiment of the disclosure, and as shown in fig. 10, an electronic device 1000 includes: at least one processor 1002; and a memory 1001 communicatively coupled to the at least one processor 1002; wherein the memory stores instructions executable by the at least one processor 1002 to enable the at least one processor 1002 to perform the anti-theft method of page data of the present disclosure.
The electronic device 1000 further comprises a receiver 1003 and a transmitter 1004. The receiver 1003 is configured to receive instructions and data transmitted from other devices, and the transmitter 1004 is configured to transmit instructions and data to external devices.
According to embodiments of the present disclosure, the present disclosure also provides an electronic device, a readable storage medium and a computer program product.
According to an embodiment of the present disclosure, the present disclosure also provides a computer program product comprising: a computer program stored in a readable storage medium, from which at least one processor of an electronic device can read, the at least one processor executing the computer program causing the electronic device to perform the solution provided by any one of the embodiments described above.
Fig. 11 illustrates a schematic block diagram of an example electronic device 1100 that can be used to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular telephones, smartphones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be exemplary only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 11, the apparatus 1100 includes a computing unit 1101 that can perform various appropriate actions and processes according to a computer program stored in a Read Only Memory (ROM) 1102 or a computer program loaded from a storage unit 1108 into a Random Access Memory (RAM) 1103. In the RAM 1103, various programs and data required for the operation of the device 1100 can also be stored. The computing unit 1101, ROM 1102, and RAM 1103 are connected to each other by a bus 1104. An input/output (I/O) interface 1105 is also connected to bus 1104.
Various components in device 1100 are connected to I/O interface 1105, including: an input unit 1106 such as a keyboard, a mouse, etc.; an output unit 1107 such as various types of displays, speakers, and the like; a storage unit 1108, such as a magnetic disk, optical disk, etc.; and a communication unit 1109 such as a network card, modem, wireless communication transceiver, or the like. The communication unit 1109 allows the device 1100 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 1101 may be a variety of general purpose and/or special purpose processing components having processing and computing capabilities. Some examples of computing unit 1101 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various specialized Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, etc. The calculation unit 1101 performs the respective methods and processes described above, for example, the anti-theft method of page data. For example, in some embodiments, the anti-theft method of page data may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 1108. In some embodiments, some or all of the computer programs may be loaded and/or installed onto device 1100 via ROM 1102 and/or communication unit 1109. When a computer program is loaded into the RAM 1103 and executed by the computing unit 1101, one or more steps of the above-described anti-theft method of page data may be performed. Alternatively, in other embodiments, the computing unit 1101 may be configured to perform the anti-theft method of page data in any other suitable way (e.g., by means of firmware).
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuit systems, field Programmable Gate Arrays (FPGAs), application Specific Integrated Circuits (ASICs), application Specific Standard Products (ASSPs), systems On Chip (SOCs), complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs, the one or more computer programs may be executed and/or interpreted on a programmable system including at least one programmable processor, which may be a special purpose or general-purpose programmable processor, that may receive data and instructions from, and transmit data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for carrying out methods of the present disclosure may be written in any combination of one or more programming languages. These program code may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus such that the program code, when executed by the processor or controller, causes the functions/operations specified in the flowchart and/or block diagram to be implemented. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package, partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. The machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and pointing device (e.g., a mouse or trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user may be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic input, speech input, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a background component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such background, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), wide Area Networks (WANs), and the internet.
The computer system may include a client and a server. The client and server are typically remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The server can be a cloud server, also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system, so that the defects of high management difficulty and weak service expansibility in the traditional physical hosts and VPS service ("Virtual Private Server" or simply "VPS") are overcome. The server may also be a server of a distributed system or a server that incorporates a blockchain.
It should be appreciated that various forms of the flows shown above may be used to reorder, add, or delete steps. For example, the steps recited in the present disclosure may be performed in parallel or sequentially or in a different order, provided that the desired results of the technical solutions of the present disclosure are achieved, and are not limited herein.
The above detailed description should not be taken as limiting the scope of the present disclosure. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives are possible, depending on design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present disclosure are intended to be included within the scope of the present disclosure.
Claims (41)
1. A method of preventing theft of page data, the method being applied to a first server, the method comprising:
responding to a page access request sent by a terminal device, and determining data address information of data in a page indicated by the page access request; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
Generating authentication string information according to the first requester information and the data address information; the authentication string information characterizes data after the first requester information and the data address information are encrypted;
transmitting the authentication string information to the terminal equipment;
the authentication string information is used for initiating a data access request to a second server, the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information for initiating the data access request; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified.
2. The method of claim 1, wherein the determining, in response to a page access request sent by a terminal device, data address information of data in a page indicated by the page access request includes:
responding to a page access request sent by terminal equipment, and determining page address information of a page indicated by the page access request; wherein the page access request comprises the page address information;
And determining the data address information of the data in the page indicated by the page access request according to the page address information of the page indicated by the page access request.
3. The method of claim 2, wherein the determining the data address information of the data in the page indicated by the page access request according to the page address information of the page indicated by the page access request comprises:
according to the association relation between the preset page address information and the data address information, determining the data address information corresponding to the page address information of the page indicated by the page access request as the data address information of the data in the page indicated by the page access request.
4. The method of claim 2, further comprising:
according to preset user verification rule information, carrying out authenticity verification on the information of the user initiating the page access request;
and if the verification result of the authenticity verification of the information of the user is determined to be verification passing, executing the page address information of the page indicated by the page access request, and determining the data address information of the data in the page indicated by the page access request.
5. The method of claim 4, wherein the verifying the authenticity of the information of the user who initiates the page access request according to the preset user verification rule information comprises:
acquiring a first user list; the first user list comprises at least one piece of account information, and the account information in the first user list is in a login state currently;
if the information of the user initiating the page access request exists in the first user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
6. The method of claim 4, wherein the verifying the authenticity of the information of the user who initiates the page access request according to the preset user verification rule information comprises:
acquiring a second user list; the second user list comprises at least one account information, and the account information in the second user list is registered account information;
if the information of the user initiating the page access request exists in the second user list, determining that the verification result of the authenticity verification of the information of the user is verification passing.
7. The method of any of claims 2-6, further comprising:
And determining a time stamp corresponding to the page indicated by the page access request based on the association relation between the preset page address information and the time stamp according to the page address information of the page indicated by the page access request.
8. The method of claim 7, wherein the generating authentication string information from the first requester information and the data address information comprises:
determining the authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a timestamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request.
9. The method of claim 8, wherein the determining the authentication string information based on a preset authentication string calculation manner according to information of a user who initiates a page access request, information of a terminal device, a time stamp corresponding to a page indicated by the page access request, and data address information of data in the page indicated by the page access request, comprises:
determining a key corresponding to the page indicated by the page access request based on the association relationship between preset page address information and the key according to the page address information of the page indicated by the page access request;
Encrypting information of a user initiating a page access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, data address information of data in the page indicated by the page access request and a secret key corresponding to the page indicated by the page access request according to a preset encryption algorithm, and determining the obtained data as a data authentication string;
and assembling a time stamp corresponding to the page address information of the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the data authentication string into the authentication string information.
10. A method for preventing theft of page data, the method being applied to a second server, the method comprising:
responding to a data access request sent by a terminal device, and verifying authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request to obtain a verification result;
if the verification result represents that the verification of the authentication string information is passed, sending data requested by the data access request to the terminal equipment;
The data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information; and the page access request is sent to the first server for the terminal equipment, and the page access request characterizes the request access page.
11. The method of claim 10, wherein the authentication string information includes a timestamp corresponding to a page indicated by the page access request;
the method further comprises the steps of:
if the format of the authentication string information is determined to be a preset format, acquiring a time stamp corresponding to the page indicated by the page access request from the authentication string information;
and acquiring the current time, and if the current time is smaller than the time stamp corresponding to the page indicated by the page access request, executing the data address information indicated by the second requester information in the data access request and the authentication string information in the data access request, and verifying the authentication string information in the data access request.
12. The method of claim 11, wherein the data access request includes page address information of a page indicated by the data access request;
the method further comprises the steps of:
and determining a key corresponding to the page indicated by the data access request based on the association relationship between preset page address information and the key according to the page address information of the page indicated by the data access request.
13. The method of claim 12, wherein verifying the authentication string information in the data access request according to the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request to obtain a verification result, comprises:
encrypting information of a user initiating a data access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request according to a preset encryption algorithm, and determining the obtained data as information to be verified;
If the information to be verified meets the preset verification condition, determining that the verification result characterization passes the verification of the authentication string information.
14. The method of claim 13, wherein the determining that the verification result characterizes verification of the authentication string information as passing if the information to be verified meets a preset verification condition comprises:
and if the information to be verified is consistent with the character string at the preset position in the authentication string information, determining that the verification result characterization passes the verification of the authentication string information.
15. The method of any of claims 10-14, further comprising:
and if the verification result indicates that the verification of the authentication string information is not passed, returning page data of preset content to the client.
16. An anti-theft method for page data, the method being applied to a terminal device and comprising:
responding to an access instruction initiated by a user, and sending a page access request to a first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
Receiving authentication string information sent by the first server; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information;
sending a data access request to a second server; the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified;
and receiving the data returned by the second server.
17. The method of claim 16, wherein the issuing a page access request to the first server in response to the user-initiated access instruction comprises:
Responding to an access instruction initiated by a user, and determining position information corresponding to the access instruction;
and if the position information is in the preset area range, sending a page access request to the first server.
18. The method of claim 17, further comprising:
if the position information is located in a preset area range, determining a user login list of the terminal equipment in a preset historical time period;
determining information of a user corresponding to the access instruction, and if the information of the user is not in the user login list, verifying the information of the user according to preset verification rule information;
and if the information verification of the user is passed, sending a page access request to the first server.
19. The method of any of claims 16-18, further comprising:
if the authentication string information sent by the first server is not received in a preset time period, sending a prompt instruction of data access failure to the second server; the prompting instruction of the data access failure is used for sending page data of preset content to the terminal equipment.
20. An anti-theft device for page data, the device being applied to a first server, the device comprising:
An information determining unit, configured to determine data address information of data in a page indicated by a page access request in response to the page access request sent by a terminal device; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
an authentication string generation unit, configured to generate authentication string information according to the first requester information and the data address information; the authentication string information characterizes data after the first requester information and the data address information are encrypted;
an authentication string transmitting unit, configured to transmit the authentication string information to the terminal device;
the authentication string information is used for initiating a data access request to a second server, the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information for initiating the data access request; and the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified.
21. The apparatus of claim 20, wherein the information determination unit comprises:
the first determining module is used for responding to a page access request sent by the terminal equipment and determining page address information of a page indicated by the page access request; wherein the page access request comprises the page address information;
and the second determining module is used for determining the data address information of the data in the page indicated by the page access request according to the page address information of the page indicated by the page access request.
22. The apparatus of claim 21, wherein the second determining module is specifically configured to:
according to the association relation between the preset page address information and the data address information, determining the data address information corresponding to the page address information of the page indicated by the page access request as the data address information of the data in the page indicated by the page access request.
23. The apparatus of claim 21, further comprising:
the information verification unit is used for verifying the authenticity of the information of the user initiating the page access request according to the preset user verification rule information;
And the verification passing unit is used for executing the page address information of the page indicated by the page access request and determining the data address information of the data in the page indicated by the page access request if the verification result of the authenticity verification of the information of the user is determined to be verification passing.
24. The apparatus of claim 23, wherein the information verification unit comprises:
the first acquisition module is used for acquiring a first user list; the first user list comprises at least one piece of account information, and the account information in the first user list is in a login state currently;
and the first verification module is used for determining that the verification result of the authenticity verification of the information of the user is verification passing if the information of the user initiating the page access request exists in the first user list.
25. The apparatus of claim 23, wherein the information verification unit comprises:
the second acquisition module is used for acquiring a second user list; the second user list comprises at least one account information, and the account information in the second user list is registered account information;
And the second checking module is used for determining that the checking result of the authenticity check of the information of the user is passing the check if the information of the user initiating the page access request exists in the second user list.
26. The apparatus of any of claims 21-25, further comprising:
and the time stamp determining unit is used for determining the time stamp corresponding to the page indicated by the page access request based on the association relation between the preset page address information and the time stamp according to the page address information of the page indicated by the page access request.
27. The apparatus of claim 26, wherein the authentication string generation unit comprises:
the authentication string calculation module is used for determining the authentication string information based on a preset authentication string calculation mode according to information of a user initiating a page access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request and data address information of data in the page indicated by the page access request.
28. The apparatus of claim 27, wherein the authentication string calculation module comprises:
a key determining submodule, configured to determine, according to page address information of a page indicated by the page access request, a key corresponding to the page indicated by the page access request based on an association relationship between preset page address information and the key;
The encryption sub-module is used for encrypting the information of a user initiating the page access request, the information of the terminal equipment, the time stamp corresponding to the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the secret key corresponding to the page indicated by the page access request according to a preset encryption algorithm, and determining the obtained data as a data authentication string;
and the assembling sub-module is used for assembling the timestamp corresponding to the page address information of the page indicated by the page access request, the data address information of the data in the page indicated by the page access request and the data authentication string into the authentication string information.
29. An anti-theft device for page data, the device being applied to a second server, the device comprising:
the authentication string verification unit is used for responding to a data access request sent by the terminal equipment, and verifying the authentication string information in the data access request according to second requester information in the data access request and data address information indicated by the authentication string information in the data access request to obtain a verification result;
The data sending unit is used for sending the data requested by the data access request to the terminal equipment if the verification result represents that the verification of the authentication string information is passed;
the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information; and the page access request is sent to the first server for the terminal equipment, and the page access request characterizes the request access page.
30. The apparatus of claim 29, the authentication string information including a timestamp corresponding to a page indicated by the page access request;
the apparatus further comprises:
a format determining unit, configured to obtain, if it is determined that the format of the authentication string information is a preset format, a timestamp corresponding to the page indicated by the page access request from the authentication string information;
And the time comparison unit is used for acquiring the current time, and if the current time is smaller than the time stamp corresponding to the page indicated by the page access request, executing the data address information indicated by the second requester information in the data access request and the authentication string information in the data access request, and verifying the authentication string information in the data access request.
31. The apparatus of claim 30, the data access request comprising page address information of a page indicated by the data access request;
the apparatus further comprises:
and the key determining unit is used for determining a key corresponding to the page indicated by the data access request based on the association relationship between the preset page address information and the key according to the page address information of the page indicated by the data access request.
32. The apparatus of claim 31, wherein the authentication string verification unit comprises:
the encryption module is used for encrypting information of a user initiating a data access request, information of terminal equipment, a time stamp corresponding to a page indicated by the page access request, a key corresponding to the page indicated by the data access request and data address information indicated by authentication string information in the data access request according to a preset encryption algorithm, and determining the obtained data as information to be verified;
And the result determining module is used for determining that the verification result represents that the verification of the authentication string information is passed if the information to be verified meets the preset verification condition.
33. The apparatus of claim 32, wherein the result determination module comprises:
and the character comparison sub-module is used for determining that the verification result represents that the verification of the authentication string information passes if the information to be verified is consistent with the character string at the preset position in the authentication string information.
34. The apparatus of any of claims 29-33, further comprising:
and the data return unit is used for returning page data of preset content to the client if the verification result indicates that the verification of the authentication string information is not passed.
35. An anti-theft device for page data, the device being applied to a terminal device, the device comprising:
the instruction response unit is used for responding to an access instruction initiated by a user and sending a page access request to the first server; the page access request characterizes a request access page, the page access request comprises first requester information, and the first requester information characterizes information of a user initiating the page access request and information of terminal equipment;
The information receiving unit is used for receiving the authentication string information sent by the first server; the authentication string information is generated based on first requester information in a page access request and data address information of data in a page indicated by the page access request, and characterizes the encrypted data of the first requester information and the data address information;
a request sending unit, configured to send a data access request to a second server; the data access request characterizes and acquires data in a page, and the data access request comprises second requester information and authentication string information; the second requester information characterizes information of a user initiating a data access request and information of terminal equipment; the second requester information in the data access request and the data address information indicated by the authentication string information in the data access request are used for sending the data requested by the data access request to the terminal equipment after the authentication string information in the data access request is verified;
and the data receiving unit is used for receiving the data returned by the second server.
36. The apparatus of claim 35, wherein the instruction response unit comprises:
The position determining module is used for responding to an access instruction initiated by a user and determining position information corresponding to the access instruction;
and the position judging module is used for sending a page access request to the first server if the position information is in the preset area range.
37. The apparatus of claim 36, further comprising:
the list determining module is used for determining a user login list of the terminal equipment in a preset historical time period if the position information is located in a preset area range;
the user verification module is used for determining the information of the user corresponding to the access instruction, and if the information of the user is not in the user login list, the information of the user is verified according to preset verification rule information;
and the access request sending module is used for sending a page access request to the first server if the information verification of the user is passed.
38. The apparatus of any of claims 35-37, further comprising:
the prompting unit is used for sending a prompting instruction of data access failure to the second server if the authentication string information sent by the first server is not received within a preset time period; the prompting instruction of the data access failure is used for sending page data of preset content to the terminal equipment.
39. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1-19.
40. A non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the method of any one of claims 1-19.
41. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of any of claims 1-19.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310716428.5A CN116707926A (en) | 2023-06-15 | 2023-06-15 | Anti-theft method and device for page data, electronic equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310716428.5A CN116707926A (en) | 2023-06-15 | 2023-06-15 | Anti-theft method and device for page data, electronic equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116707926A true CN116707926A (en) | 2023-09-05 |
Family
ID=87840787
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310716428.5A Pending CN116707926A (en) | 2023-06-15 | 2023-06-15 | Anti-theft method and device for page data, electronic equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116707926A (en) |
-
2023
- 2023-06-15 CN CN202310716428.5A patent/CN116707926A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10554655B2 (en) | Method and system for verifying an account operation | |
| US11218460B2 (en) | Secure authentication for accessing remote resources | |
| US7698442B1 (en) | Server-based universal resource locator verification service | |
| US8079087B1 (en) | Universal resource locator verification service with cross-branding detection | |
| US20190190911A1 (en) | Methods, apparatus, and systems for identity authentication | |
| EP3348041B1 (en) | Secured user credential management | |
| CN109995776B (en) | Internet data verification method and system | |
| CN112333198A (en) | Secure cross-domain login method, system and server | |
| US20180130056A1 (en) | Method and system for transaction security | |
| US10887345B1 (en) | Protecting users from phishing attempts | |
| EP4049220B1 (en) | Preventing data manipulation and protecting user privacy in determining accurate location event measurements | |
| CN110955905A (en) | Block chain based asset transfer method, device, equipment and readable storage medium | |
| CN112653695A (en) | Method and system for realizing crawler resistance | |
| US10079856B2 (en) | Rotation of web site content to prevent e-mail spam/phishing attacks | |
| US20160366172A1 (en) | Prevention of cross site request forgery attacks | |
| CN114866247B (en) | Communication method, device, system, terminal and server | |
| US11539711B1 (en) | Content integrity processing on browser applications | |
| US20220353081A1 (en) | User authentication techniques across applications on a user device | |
| CN113225348B (en) | Request anti-replay verification method and device | |
| CN116707926A (en) | Anti-theft method and device for page data, electronic equipment and storage medium | |
| US11275867B1 (en) | Content integrity processing | |
| CN106330818B (en) | Protection method and system for embedded page of client | |
| US12008105B2 (en) | Protected QR code scanner using operational system override | |
| KR102667841B1 (en) | Prevent data manipulation and protect user privacy when measuring accurate location events | |
| US20230394151A1 (en) | Protected qr code scanner using operational system override |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |