CN106412024B - A kind of page acquisition methods and device - Google Patents

A kind of page acquisition methods and device Download PDF

Info

Publication number
CN106412024B
CN106412024B CN201610808523.8A CN201610808523A CN106412024B CN 106412024 B CN106412024 B CN 106412024B CN 201610808523 A CN201610808523 A CN 201610808523A CN 106412024 B CN106412024 B CN 106412024B
Authority
CN
China
Prior art keywords
data
specified
page
encrypted
cipher mode
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610808523.8A
Other languages
Chinese (zh)
Other versions
CN106412024A (en
Inventor
周明明
黄晓军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba China Co Ltd
Original Assignee
Netease Kaola Hangzhou Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Netease Kaola Hangzhou Technology Co Ltd filed Critical Netease Kaola Hangzhou Technology Co Ltd
Priority to CN201610808523.8A priority Critical patent/CN106412024B/en
Publication of CN106412024A publication Critical patent/CN106412024A/en
Application granted granted Critical
Publication of CN106412024B publication Critical patent/CN106412024B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

Embodiments of the present invention provide a kind of page acquisition methods.Wherein, the page acquisition methods based on user equipment side include: the HTTP request intercepted for obtaining specified page;Specified encryption identification is added in HTTP request;The HTTP request for adding specified encryption identification is sent to network side.Page acquisition methods based on network side include: the HTTP request for receiving the acquisition specified page that user equipment is sent;When determining in HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;The corresponding page data of specified page is encrypted according to the specified cipher mode of acquisition;Encrypted page data is returned into user equipment.The page that method of the invention can either prevent user equipment requests from obtaining is tampered, and being capable of save the cost.In addition, embodiment of the present invention provides a kind of page acquisition device.

Description

A kind of page acquisition methods and device
Technical field
Embodiments of the present invention are related to technical field of network security, more specifically, embodiments of the present invention are related to one Kind page acquisition methods and device.
Background technique
Background that this section is intended to provide an explanation of the embodiments of the present invention set forth in the claims or context.Herein Description recognizes it is the prior art not because not being included in this section.
Currently, the mode that the common page obtains are as follows:
The page address that the browser component of browser or APP are submitted according to user in user equipment, it is (super by HTTP Text transfer protocol) agreement is to the transmission HTPP request of the server end of network side, and the request is for obtaining the corresponding page;Network The server end of side extracts corresponding page data according to the HTTP request, and passes through http protocol for the page data of extraction Respond to the browser or browser component in user equipment;The page that browser or browser component respond server end Face data is spliced into the corresponding page and shows.
The data transmitted under http protocol are clear data, i.e., server end using http protocol to browser or The page data of browser component response is clear data, and some network attack equipment or software may intercept server response Page data, and the page data is distorted, the page data after distorting is sent to user equipment, this will result in User equipment can not normally show the page, alternatively, the problem of including various junk information in the page of display.
Currently, http protocol is replaced with HTTPS agreement in order to avoid the above problem, in response to HTTPS request, service Device end encrypts corresponding page data, and encrypted page data is responded to browser or browser component, After page data is decrypted in browser or browser component, carries out the page and show.
But http protocol is replaced with into HTTPS agreement and is related to O&M configuration modification, code revision and the network equipment The operations such as energy optimization, the change for needing to carry out in network side is more, higher cost.
Summary of the invention
In the prior art, due to by http protocol replace with HTTPS agreement be related to O&M configuration modification, code revision and The operations such as performance of network equipments optimization, the change for needing to carry out in network side is more, higher cost.Thus, it is also very desirable to a kind of It can either the save the cost page acquisition methods that the page can be prevented to be tampered again.
In the present context, embodiments of the present invention are intended to provide a kind of page acquisition methods and device.
In the first aspect of embodiment of the present invention, a kind of page acquisition methods are provided, comprising:
It intercepts the hypertext for obtaining specified page and passes protocol HTTP request;
Specified encryption identification is added in the HTTP request;
The HTTP request for adding specified encryption identification is sent to network side.
In the second aspect of embodiment of the present invention, a kind of page acquisition device is provided, comprising:
Interception module, for intercepting the hypertext biography protocol HTTP request for obtaining specified page;
Adding module, for specified encryption identification to be added in the HTTP request;
Sending module, for the HTTP request for adding specified encryption identification to be sent to network side.
In the third aspect of embodiment of the present invention, another page acquisition methods are provided, comprising:
Receive the HTTP request for the acquisition specified page that user equipment is sent;
When determining in the HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;
The corresponding page data of the specified page is encrypted according to the specified cipher mode of the acquisition;
The encrypted page data is returned into the user equipment.
In the fourth aspect of embodiment of the present invention, another page acquisition device is provided, comprising:
Receiving module, the HTTP request of the acquisition specified page for receiving user equipment transmission;
Module being obtained, when for determining in the HTTP request comprising specified encryption identification, obtaining corresponding specified encryption Mode;
Encrypting module, for the specified cipher mode according to the acquisition by the corresponding page data of the specified page into Row encryption;
Sending module, for the encrypted page data to be returned to the user equipment.
In the 5th aspect of embodiment of the present invention, a kind of page acquisition equipment is provided, for example, may include storage Device and processor, wherein processor can be used for reading the program in memory, execute following process:
It intercepts the hypertext for obtaining specified page and passes protocol HTTP request;
Specified encryption identification is added in the HTTP request;
The HTTP request for adding specified encryption identification is sent to network side.
In the 6th aspect of embodiment of the present invention, provides another page and obtain equipment, for example, may include depositing Reservoir and processor, wherein processor can be used for reading the program in memory, execute following process:
Receive the HTTP request for the acquisition specified page that user equipment is sent;
When determining in the HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;
The corresponding page data of the specified page is encrypted according to the specified cipher mode of the acquisition;
The encrypted page data is returned into the user equipment.
In the 7th aspect of embodiment of the present invention, a kind of program product is provided comprising program code, when described When program product is run, said program code is for executing following procedure:
It intercepts the hypertext for obtaining specified page and passes protocol HTTP request;
Specified encryption identification is added in the HTTP request;
The HTTP request for adding specified encryption identification is sent to network side.
In the eighth aspect of embodiment of the present invention, another program product is provided comprising program code works as institute When stating program product operation, said program code is for executing following procedure:
Receive the HTTP request for the acquisition specified page that user equipment is sent;
When determining in the HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;
The corresponding page data of the specified page is encrypted according to the specified cipher mode of the acquisition;
The encrypted page data is returned into the user equipment.
The page acquisition methods and device of embodiment, user equipment add in the HTTP request of interception according to the present invention Encryption identification, and the HTTP request for adding encryption identification is sent to network side, network side will be according to the encryption in HTTP request It identifies the corresponding encrypted page data of cipher mode and returns to user equipment, that is, on the basis of http protocol, pass through HTTP request obtains encrypted page data from network side, thus the page quilt that can either prevent user equipment requests from obtaining It distorts, and being capable of save the cost.
Detailed description of the invention
The following detailed description is read with reference to the accompanying drawings, above-mentioned and other mesh of exemplary embodiment of the invention , feature and advantage will become prone to understand.In the accompanying drawings, if showing by way of example rather than limitation of the invention Dry embodiment, in which:
Fig. 1 schematically shows the application scenarios schematic diagram of embodiment according to the present invention;
Fig. 2 schematically shows the one embodiment flow diagrams of page acquisition methods of embodiment according to the present invention;
Fig. 3 schematically shows the stream for the method that encrypted page data is decrypted in mode of the present invention Journey schematic diagram;
Fig. 4 schematically shows another embodiment flow diagram of page acquisition methods of embodiment according to the present invention;
Fig. 5 schematically shows the process determined in embodiment of the present invention comprising specified encryption identification in HTTP request Schematic diagram;
Fig. 6, which is schematically shown in embodiment of the present invention, shows the process that load resource white list returns to user equipment It is intended to;
Fig. 7 schematically shows the process that encrypted page data is returned to user equipment in embodiment of the present invention Schematic diagram;
Fig. 8 schematically shows the page acquisition methods that the user equipment of embodiment of the present invention offer is interacted with network side An embodiment process schematic diagram;
Fig. 9 schematically shows the page that the user equipment that embodiment provides according to the present invention is interacted with network side and obtains Take the flow diagram of another embodiment of method.
Figure 10 schematically shows the structural schematic diagram of page acquisition device according to an embodiment of the invention;
Figure 11 schematically shows the structural schematic diagram of page acquisition device according to another embodiment of the present invention;
Figure 12 schematically shows the structural schematic diagram of the page acquisition device of another embodiment according to the present invention;
Figure 13 schematically shows the structural schematic diagram of page acquisition device according to yet another embodiment of the invention;
Figure 14 schematically shows the program product according to an embodiment of the invention for User Page acquisition methods Schematic diagram;
The program product for page acquisition methods that Figure 15 schematically shows another embodiment according to the present invention shows It is intended to.
In the accompanying drawings, identical or corresponding label indicates identical or corresponding part.
Specific embodiment
The principle and spirit of the invention are described below with reference to several illustrative embodiments.It should be appreciated that providing this A little embodiments are used for the purpose of making those skilled in the art can better understand that realizing the present invention in turn, and be not with any Mode limits the scope of the invention.On the contrary, these embodiments are provided so that this disclosure will be more thorough and complete, and energy It is enough that the scope of the present disclosure is completely communicated to those skilled in the art.
One skilled in the art will appreciate that embodiments of the present invention can be implemented as a kind of system, device, equipment, method Or computer program product.Therefore, the present disclosure may be embodied in the following forms, it may be assumed that complete hardware, complete software The form that (including firmware, resident software, microcode etc.) or hardware and software combine.
Embodiment according to the present invention proposes a kind of page acquisition methods and device.
Herein, it is to be understood that any number of elements in attached drawing be used to example rather than limit and it is any Name is only used for distinguishing, without any restrictions meaning.
Below with reference to several representative embodiments of the invention, the principle and spirit of the present invention are explained in detail.
Summary of the invention
The inventors discovered that in the prior art, in order to avoid page caused by the page acquisition modes based on http protocol Http protocol is replaced with HTTPS agreement by the problem of face is tampered.But http protocol is replaced with into HTTPS agreement and is related to transporting The operations such as configuration modification, code revision and performance of network equipments optimization are tieed up, the change for needing to carry out in network side is more, cost It is higher.Therefore, lack a kind of improved page acquisition methods in the prior art, can either save the cost can prevent page quilt again It distorts.
For this purpose, the present invention provides a kind of page acquisition methods and devices, wherein the page based on user equipment side obtains Method may include: interception for obtaining the hypertext biography protocol HTTP request of specified page;Specified encryption identification is added to In the HTTP request;The HTTP request for adding specified encryption identification is sent to network side;The page based on network side obtains Method may include: to receive the HTTP request for the acquisition specified page that user equipment is sent;Described in determination When in HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;According to the specified encryption side of the acquisition Formula encrypts the corresponding page data of the specified page;The encrypted page data is returned to the user to set It is standby.
After introduced the basic principles of the present invention, lower mask body introduces various non-limiting embodiment party of the invention Formula.
Application scenarios overview
Referring initially to Fig. 1, as shown in Figure 1, the application scenarios for page acquisition methods provided in an embodiment of the present invention are illustrated Figure, including user equipment 101 and server 102, wherein server 102 is located at network side, includes browsing in user equipment 101 Device (or browser component in APP) and network middle layer.More specifically, when the operating system of user equipment 101 is Android It, can be using customized component as network middle layer, when the operating system of user equipment 101 is IOS operation system when operating system When system, the NSPprotocol that can carry IOS system is as network middle layer.
What network middle layer interception browser or browser component in user equipment were sent is used to obtain specified page Hypertext pass protocol HTTP request;Specified encryption identification is added in the HTTP request;Specified encryption identification will be added HTTP request be sent to the server 102 of network side.Server 102 receives the super of the acquisition specified page that user equipment is sent Text transfer protocol HTTP request;When determining in the HTTP request comprising specified encryption identification, corresponding specified encryption is obtained Mode;The corresponding page data of the specified page is encrypted according to the specified cipher mode of the acquisition;Described it will add Page data after close returns to the user equipment.It is also mountable in user equipment 101 to have answering with browsing pages function With program, here without limitation.
Illustrative methods
Below with reference to the application scenarios of Fig. 1, the page of illustrative embodiments according to the present invention is described with reference to Fig. 2~Fig. 9 Face acquisition methods.It should be noted which is shown only for the purpose of facilitating an understanding of the spirit and principles of the present invention for above-mentioned application scenarios, Embodiments of the present invention are not limited in this respect.On the contrary, embodiments of the present invention can be applied to applicable appoint What scene.
Fig. 2 is a kind of flow diagram of one embodiment of page acquisition methods provided by the invention, is mainly set including user The standby process that the page is obtained from network side, executing subject can be the user equipment 101 in application scenarios overview, as shown in Fig. 2, A kind of page acquisition methods provided in an embodiment of the present invention, include the following steps:
Step 201, it intercepts the hypertext for obtaining specified page and passes protocol HTTP request.
When it is implemented, after monitoring that browser or browser component are based on http protocol sending HTTP request, interception The HTTP request, to handle the HTTP request.
Step 202, specified encryption identification is added in the HTTP request.
In this step, encryption identification is added in the HTTP request of interception, preferably specified encryption identification can be added to institute State the head of HTTP request.Wherein, user equipment and network side are made an appointment the corresponding cipher mode of different encryption identifications, user Encryption identification is added in HTTP request by equipment, when network side receives the HTTP request of addition encryption identification, according to preservation Encryption identification and cipher mode corresponding relationship and the encryption identification in HTTP request, determine the corresponding encryption of encryption identification Mode.Wherein, specific cipher mode can refer to existing Encryption Algorithm, and similarly, corresponding manner of decryption is see also existing Decipherment algorithm, be not detailed here.Encryption identification in the embodiment of the present invention is preferred for indicating to obtain according to the encryption mark Know corresponding cipher mode and carry out encrypted page data, i.e., if carrying the mark in HTTP request, then it represents that acquisition Page data is to use the encrypted page data of cipher mode corresponding to the encryption identification.This is only to for encryption identification A kind of preferred limited way, in addition to this, the encryption identification in the embodiment of the present invention can be also used for indicate obtain unencryption Page data, alternatively, carrying out encrypted page number using a kind of preset default encryption mode for indicating to obtain According to, that is, the encryption identification in the present invention can be used for indicating whether the page data of request needs to encrypt, using preset one The encryption of kind default behavior is encrypted using a certain mode in preset a variety of cipher modes.
Step 203, the HTTP request for adding specified encryption identification is sent to network side.
In this step, the HTTP request for adding specified encryption identification is sent to network based on http protocol by user equipment Side.
The HTTP request for adding encryption identification is sent to network on the basis of http protocol by the embodiment that Fig. 2 is provided Side, to obtain the corresponding encrypted page data of the requested page from network side, so as to prevent user equipment requests The page be tampered, also, still communicated using http protocol, do not need to replace with http protocol into HTTPS agreement, saved About cost.
After executing step 203, the HTTP request that network side is sent for user equipment can return to user equipment requests The corresponding page data of the page, at this point, page acquisition methods provided in an embodiment of the present invention further include the following contents:
Step 204, intercept that the network side sends to specify the encrypted page data of cipher mode, the page number According to for the corresponding page data of the specified page.
Wherein, the specified cipher mode is the corresponding cipher mode of the specified encryption identification.
Step 205, according to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is carried out Decryption processing.
Step 206, the specified page is generated according to the page data after decryption processing and shown.
When it is implemented, network side returns after user equipment sends the HTTP request for adding specified encryption identification to network side It returns according to respective encrypted mode (specified cipher mode corresponding with specified encryption identification) encrypted page data.User Equipment obtains page data after the encryption that network side returns, and according to specified cipher mode pair corresponding with specified encryption identification The manner of decryption answered, the encrypted page data returned to network side are decrypted, and generate according to the page data after decryption Specified page is simultaneously shown.Specifically, can refer to the prior art in such a way that page data generates the page, it is not detailed here.
The embodiment of the present invention, the page data transmitted between user equipment and network side are encrypted page data, The page of user equipment requests can be prevented to be maliciously tampered, communicated, kept away based on http protocol between user equipment and network side Exempt to have saved cost using HTTPS agreement.
Specifically, network side returns to the html data that the corresponding page data of specified page includes the specified page, institute Stating html data includes text data, the chained address JS and resource data chained address.Wherein, the Chinese name of HTML is super literary This markup language, full name in English are HyperText Markup Language, and JS is JavaScript (a kind of scripting language) It abridges, the text data in the embodiment of the present invention in html data is the corresponding data of text in the page, resource data link Address is the corresponding chained addresses of resources such as picture, video, audio in the page, and the chained address JS is in the page by JS script control The chained address of the corresponding JS perform script in the part of system, such as the link of the corresponding JS perform script of submitting button in the page Address.Preferably, the content provided using Fig. 3, according to the corresponding manner of decryption of the specified cipher mode, to the encryption Page data afterwards is decrypted:
Step 301, according to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is carried out Decryption, the html data after obtaining the decryption of the specified page.
In this step, page data after encryption is decrypted, the html data after obtaining the corresponding decryption of specified page.
Step 302, according to the chained address JS in the html data, the chained address JS is obtained from the network side It is corresponding according to the specified encrypted JS data of cipher mode.
When it is implemented, network side, which pre-saves JS, links corresponding JS data, and the JS number that network side pre-saves According to the JS data to carry out encrypted JS data and unencryption according to each cipher mode.User equipment is according to html data In the chained address JS, from network side obtain the chained address JS it is corresponding according to the encrypted JS data of specified cipher mode. Wherein, different according to the chained address JS of the encrypted JS data of different cipher modes for same JS data, unencryption The chained address JS of the JS data and the chained address JS of the encrypted JS data are also different, such as: the JS data of unencryption Chained address be a, the chained addresses of the encrypted JS data is Xa, wherein X is for indicating that different cipher modes, X are When 1, cipher mode is the first cipher mode, and X indicates second of cipher mode when being 2, and so on, it is certainly, encrypted The form of the chained address of JS data may be other forms, here without limitation.
In the embodiment of the present invention, the chained address JS that network side returns to user equipment is that specified cipher mode is corresponding The chained address JS, user equipment can be obtained directly according to the chained address JS according to the encrypted JS number of specified cipher mode According to.
Step 303, according to the corresponding manner of decryption of the specified cipher mode, to described according to the specified encryption side The encrypted JS data of formula are decrypted, and obtain the JS data of the specified page.
Step 304, according to the resource data chained address in the html data, the resource is obtained from the network side The corresponding resource data in data link address.
Specifically, obtaining the corresponding number of resources in resource data chained address from network side according to resource data chained address According to.Wherein, the sequencing of step 302 and step 304 can also can first carry out step 304, then execute step 302 without limitation, Or step 302 and step 304 are performed simultaneously.
It is preferably carried out mode as one kind, page acquisition methods provided in an embodiment of the present invention also intercept the network side Send with specify the encrypted load resource white list of cipher mode;According to the corresponding decryption side of the specified cipher mode Formula is decrypted the encrypted load resource white list, the load resource white list after being decrypted, described to add Carrying includes trusted chained address in the specified page in resource white list.Wherein, it loads in resource white list CSP and includes Trusted chained address in specified page, i.e. chained address in CSP are the higher chained address of security level, in CSP Chained address includes resource data link address.It, can basis in the following way after load resource white list after being decrypted Resource data chained address in the html data obtains the corresponding money in the resource data chained address from the network side Source data:
When determining that the resource data chained address is the resource data chained address in the load resource white list, from The server obtains the corresponding resource data in the resource data chained address.
This mode for obtaining the corresponding resource data of resource data link address, it is ensured that resource data chained address Reliability further increases the safety of the resource data of acquisition.
Fig. 4 is a kind of flow diagram of one embodiment of page acquisition methods provided by the invention, mainly includes network side To the process of user equipment back page data, executing subject can be the server 102 in application scenarios overview, such as Fig. 4 institute Show, a kind of page acquisition methods provided in an embodiment of the present invention include the following steps:
Step 401, the HTTP request for the acquisition specified page that user equipment is sent is received.
Step 402, judge whether comprising specified encryption identification in the HTTP request, if so, step 403 is executed, it is no Then, step 406 is executed.
When it is implemented, whether the head that can determine whether HTTP request includes specified encryption identification.
Step 403, specified cipher mode accordingly is obtained.
In this step, when in HTTP request comprising specified encryption identification, determine corresponding with the specified encryption identification Specified cipher mode, wherein the corresponding relationship of encryption identification and cipher mode is stored in advance in network side, if specified cipher mode Current meaning is the page data for obtaining unencryption, then given step 406.
Step 404, the corresponding page data of the specified page is added according to the specified cipher mode of the acquisition It is close.
In this step, according to specified cipher mode, the corresponding page data of specified page is encrypted, wherein to page The explanation of face data can refer to the explanation in the page acquisition methods of user equipment side to page data, be not described herein.
Step 405, the encrypted page data is returned into the user equipment.
It, can be by the http response of the HTTP request sent for user equipment side, by the encrypted page in this step Data return to user equipment.Encrypted page data can be specifically edited into behind the head of http response.
Step 406, the page data of the corresponding unencryption of the specified page is returned into the user equipment.
In this step, encryption identification is not carried in HTTP request, it may be determined that user terminal is obtained by HTTP request not to be added Close page data, at this time can be by the http response of the HTTP request sent for user equipment side, by the page of unencryption Data return to user equipment.
When it is implemented, the content of Fig. 5 offer can be used, determine in the HTTP request comprising specified encryption identification:
Step 501, whether the specific field for judging the head of the HTTP request is preset value, if so, executing step 502, otherwise, execute step 503.
Step 502, it determines in the HTTP request comprising specified encryption identification.
Step 503, it determines in the HTTP request not comprising specified encryption identification.
Be preferably carried out mode as one kind, can also by for specified page load resource white list with it is encrypted Page data returns to user equipment together, the content that can specifically provide according to Fig. 6, and load resource white list is returned to user Equipment:
Step 601, load resource white list is obtained from the head of the http response message for the HTTP request.
Wherein, illustrating for load resource white list can refer to user equipment for load resource white list Illustrate, is not described herein.
Step 602, load resource white list is encrypted according to the specified cipher mode of the acquisition.
Wherein, corresponding specified cipher mode acquired in specified cipher mode, that is, step 403 of acquisition
Step 603, the encrypted load resource white list is returned into the user equipment.
In the prior art, load resource white list can be carried and return to use on the head of the http response message by network side Family equipment, but the load resource white list can't be encrypted.This preferred embodiment loads the white name of resource by interception Singly, after and encrypting to load resource white list according to specified cipher mode and page data returns to user equipment together, thus Guarantee load resource white list not by malicious attack.When it is implemented, can be by encrypted load resource white list and page number According to being added to behind the head of http response side by side, user equipment is returned to.
The content that can be provided according to Fig. 7, returns to the user equipment for the encrypted page data:
Step 701, the corresponding chained address JS of the specified cipher mode of the acquisition is determined, wherein the JS chain ground connection The corresponding JS data in location are the corresponding JS data of the specified page, and the JS data add according to the specified of the acquisition in advance Close mode is encrypted.
When it is implemented, network side is directed to same JS data, the JS data are saved after the encryption of different cipher modes, The corresponding chained address JS, that is, the form of the corresponding chained address JS of the encrypted JS data of different cipher modes is different. It is specific to explain the detailed description that can refer to for step 302, it is not described herein.Network side has pre-saved each JS number It, can be according to the specified page and user that user equipment requests obtain according to, cipher mode and the corresponding relationship of the chained address JS The specified cipher mode of equipment side instruction obtains the corresponding JS chain of JS data of the specified corresponding specified page of cipher mode It is grounded location.
Step 702, the corresponding chained address JS of the specified cipher mode that will acquire is placed on the HTLM of the specified page In data.
In this step, page data includes html data, and html data includes the chained address JS.
Step 703, it is returned after the HTLM data of the specified page being encrypted according to the specified cipher mode of the acquisition To the user equipment.
Wherein, for any JS data, the corresponding JS of the encrypted any JS data of different cipher modes is used Chained address is different, any JS data of unencryption and carries out encrypted described appoint according to each cipher mode in advance One JS data are stored in advance in backup server CND.Network side includes former server and multiple backup servers, and each standby The page data in former server is backed up in part server in advance, when it is implemented, user equipment is preferably and away from nearest A server (former server or backup server) communicated, with from the server obtain user equipment requests the page Corresponding page data.
Fig. 8 is the process of page acquisition methods one embodiment provided by the invention interacted based on user equipment with network side Schematic diagram, main includes the process interacted between network side and user equipment, is included the following steps:
Step 801, user equipment interception passes protocol HTTP request for obtaining the hypertext of specified page.
Step 802, specified encryption identification is added in the HTTP request by user equipment.
In this step, specified encryption identification is added to the head of the HTTP request.
Step 803, the HTTP request for adding specified encryption identification is sent to network side by user equipment.
Step 804, network side receives the HTTP request for the acquisition specified page that user equipment is sent.
Step 805, when network side is determined in the HTTP request comprising specified encryption identification, corresponding specified encryption is obtained Mode.
In this step, determined in the HTTP request in the following way comprising specified encryption identification:
Whether the specific field for judging the head of the HTTP request is preset value;If so, determining the HTTP request In include specified encryption identification.
Step 806, network side is according to the specified cipher mode of the acquisition by the corresponding page data of the specified page It is encrypted.
Step 807, the encrypted page data is returned to the user equipment by network side.
When it is implemented, the user equipment can be returned to the encrypted page data in the following way: really The corresponding chained address JS of specified cipher mode of the fixed acquisition, wherein the corresponding JS data in the chained address JS are institute The corresponding JS data of specified page are stated, and the JS data are encrypted according to the specified cipher mode of the acquisition in advance;It will The corresponding chained address JS of specified cipher mode obtained is placed in the HTLM data of the specified page;By the specific page The HTLM data in face return to the user equipment after encrypting according to the specified cipher mode of the acquisition;Wherein, for any JS data, it is different using the corresponding chained address JS of the encrypted any JS data of different cipher modes, unencryption Any JS data and in advance according to each cipher mode carry out encrypted any JS data be stored in advance in it is standby In part server.
Step 808, user equipment intercept that the network side sends to specify the encrypted page data of cipher mode, institute Stating page data is the corresponding page data of the specified page.
Step 809, user equipment is according to the corresponding manner of decryption of the specified cipher mode, to the encrypted page Data are decrypted.
Preferably, implementation steps 809 in the following way:
According to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is decrypted, is obtained Html data to after the decryption of the specified page;According to the chained address JS in the html data, from the network side It is corresponding according to the specified encrypted JS data of cipher mode to obtain the chained address JS;According to the specified encryption The corresponding manner of decryption of mode has been decrypted according to the specified encrypted JS data of cipher mode to described, has obtained institute State the JS data of specified page;And according to the resource data chained address in the html data, institute is obtained from the network side State the corresponding resource data in resource data chained address.
Step 810, user equipment generates the specified page according to the page data after decryption processing and shows.
The page data in embodiment that Fig. 8 is provided includes the hypertext markup language html data of the specified page, The html data includes text data, the chained address JS and resource data chained address.
Fig. 9 is that the process for another embodiment of page acquisition methods that user equipment provided by the invention is interacted with network side is shown It is intended to, main includes the process interacted between network side and user equipment, is included the following steps:
Step 901, user equipment interception passes protocol HTTP request for obtaining the hypertext of specified page.
Step 902, specified encryption identification is added to the head of the HTTP request by user equipment.
Step 903, the HTTP request for adding specified encryption identification is sent to network side by user equipment.
Step 904, network side receives the HTTP request for the acquisition specified page that user equipment is sent.
Step 905, it when network side determines that the head of the HTTP request includes specified encryption identification, obtains corresponding specified Cipher mode.
Step 906, network side is according to the specified cipher mode of the acquisition by the corresponding page data of the specified page It is encrypted.
Step 907, network side obtains the load white name of resource from the head of the http response message for the HTTP request It is single.
It wherein, include trusted chained address in the specified page in the load resource white list.
Step 908, load resource white list is encrypted according to the specified cipher mode of the acquisition.
Step 909, network side compiles the encrypted page data and the encrypted load resource white list It collects to behind the head for the http response message of the HTTP request, and edited http response message is returned to The user equipment.
Step 910, user equipment intercept http response message, and from the head of the http response message behind acquisition with The specified encrypted page data of cipher mode and encrypted load resource white list.
Step 911, user equipment is according to the corresponding manner of decryption of the specified cipher mode, to the encrypted page Data and encrypted load resource white list are decrypted.
Preferably, implementation steps 911 in the following way:
According to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is decrypted, is obtained Html data to after the decryption of the specified page;According to the chained address JS in the html data, from the network side It is corresponding according to the specified encrypted JS data of cipher mode to obtain the chained address JS;According to the specified encryption The corresponding manner of decryption of mode has been decrypted according to the specified encrypted JS data of cipher mode to described, has obtained institute State the JS data of specified page;And determine that the resource data chained address is the number of resources in the load resource white list When according to chained address, the corresponding resource data in the resource data chained address is obtained from the server.
Step 912, user equipment generates the finger according to page data and load resource white list after decryption processing Determine the page and shows.
Example devices
After describing the page acquisition methods of exemplary embodiment of the invention, next, with reference to Figure 10~Figure 11 The page acquisition device of exemplary embodiment of the invention is described.
Figure 10 is the structural representation provided in an embodiment of the present invention for being set to one of user equipment page acquisition device Figure, may include following module as shown in Figure 10:
First interception module 1001, for intercepting the hypertext biography protocol HTTP request for obtaining specified page;
Adding module 1002, for specified encryption identification to be added in the HTTP request;
Sending module 1003, for the HTTP request for adding specified encryption identification to be sent to network side.
Preferably, page acquisition device provided in an embodiment of the present invention further include:
Second interception module 1004, for intercepting that the network side sends to specify the encrypted page number of cipher mode According to the page data is the corresponding page data of the specified page;
Deciphering module 1005, for according to the corresponding manner of decryption of the specified cipher mode, to the encrypted page Face data is decrypted;
Display module 1006, for generating the specified page according to the page data after decryption processing and showing, wherein The specified cipher mode is the corresponding cipher mode of the specified encryption identification.
Preferably, in page acquisition device provided in an embodiment of the present invention, the page data includes the specified page Hypertext markup language html data, the html data include text data, the chained address JS and resource data chain ground connection Location.
Preferably, the deciphering module 1005 includes:
First decryption unit 10051, for according to the corresponding manner of decryption of the specified cipher mode, after the encryption Page data be decrypted, the html data after obtaining the decryption of the specified page;
First acquisition unit 10052, for being obtained from the network side according to the chained address JS in the html data The chained address JS is corresponding according to the specified encrypted JS data of cipher mode;
Second decryption unit 10053, for according to the corresponding manner of decryption of the specified cipher mode, to it is described according to The encrypted JS data of specified cipher mode are decrypted, and obtain the JS data of the specified page;
Second acquisition unit 10054, for according to the resource data chained address in the html data, from the network Side obtains the corresponding resource data in the resource data chained address.
Preferably, second interception module 1004 is also used to, intercept that the network side sends to specify cipher mode Encrypted load resource white list;
The deciphering module 1005 is also used to, according to the corresponding manner of decryption of the specified cipher mode, to the encryption Load resource white list afterwards is decrypted, and includes trusted in the specified page in the load resource white list Chained address.
Preferably, second acquisition unit 10054 is specifically used for, and determines the resource data chained address for load money When resource data chained address in the white list of source, the corresponding resource in the resource data chained address is obtained from the server Data.
Preferably, the adding module 1002 is specifically used for, and specified encryption identification is added to the head of the HTTP request Portion.
Figure 11 is a kind of structural schematic diagram of the page acquisition device provided in an embodiment of the present invention for being set to network side, such as May include following module shown in Figure 11:
Receiving module 1101 is asked for receiving the hypertext transfer protocol HTTP of acquisition specified page of user equipment transmission It asks;
Module 1102 being obtained, when for determining in the HTTP request comprising specified encryption identification, being obtained corresponding specified Cipher mode;
Encrypting module 1103, for the specified cipher mode according to the acquisition by the corresponding page number of the specified page According to being encrypted;
Sending module 1104, for the encrypted page data to be returned to the user equipment.
Preferably, the acquisition module 1102 includes:
Judging unit 11021, for judging whether the specific field on head of the HTTP request is preset value;
Determination unit 11022, for determining in the HTTP request and including when the judgement of judging unit 11021 is Specified encryption identification.
Preferably, the acquisition module 1102 is also used to, from the head of the http response message for the HTTP request Obtain load resource white list;
The encrypting module 1103 is also used to, and is carried out according to the specified cipher mode of the acquisition to load resource white list Encryption;
The sending module 1104 is also used to, and the encrypted load resource white list is returned to the user and is set It is standby.
Preferably, the sending module 1104 includes:
Determination unit 11041, the corresponding chained address JS of specified cipher mode for determining the acquisition, wherein institute Stating the corresponding JS data in the chained address JS is the corresponding JS data of the specified page, and the JS data are obtained according to described in advance The specified cipher mode taken is encrypted;
Placement unit 11042, the corresponding chained address JS of specified cipher mode for will acquire are placed on described specified In the HTLM data of the page;
Return unit 11043, for the specified cipher mode by the HTLM data of the specified page according to the acquisition The user equipment is returned to after encryption;Wherein, for any JS data, described appoint using different cipher modes are encrypted The corresponding chained address JS of one JS data is different, any JS data of unencryption and in advance according to each cipher mode into The encrypted any JS data of row are stored in advance in backup server.
Example devices
After the page acquisition methods and device for describing exemplary embodiment of the invention, next, introducing basis The page acquisition device of another exemplary embodiment of the invention, the page acquisition device are located at user equipment side.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as circuit, " module " or " system ".
In some possible embodiments, page acquisition device according to the present invention can include at least at least one Manage unit and at least one storage unit.Wherein, the storage unit is stored with program code, when said program code quilt When the processing unit executes, so that the processing unit executes root described in above-mentioned " illustrative methods " part of this specification According to the present invention is based on the steps in the page acquisition methods of the various illustrative embodiments of subscriber terminal side.For example, the place Reason unit can execute step 201 as shown in Figure 2, intercept the hypertext biography agreement HTTP for obtaining specified page and ask It asks, step 202, specified encryption identification is added in the HTTP request, step 203, specified encryption identification will be added HTTP request is sent to network side.
The page acquisition device 120 of this embodiment according to the present invention is described referring to Figure 12.Figure 12 is shown Page acquisition device 120 be only an example, should not function to the embodiment of the present invention and use scope bring any limit System.
As shown in figure 12, page acquisition device 120 is showed in the form of universal computing device.Page acquisition device 120 Component can include but is not limited to: at least one above-mentioned processing unit 1201, at least one above-mentioned storage unit 1202, connection are not The bus 1203 of homologous ray component (including processing unit 1201 and storage unit 1202).
Bus 1203 indicates one of a few class bus structures or a variety of, including memory bus or memory control Device, peripheral bus, processor or the local bus using any bus structures in a variety of bus structures.
Storage unit 1202 may include the readable medium of form of volatile memory, such as random access memory (RAM) 12021 and/or cache memory 12022, it can further include read-only memory (ROM) 12023.
Storage unit 1202 can also include program/utility with one group of (at least one) program module 12024 12025, such program module 12024 includes but is not limited to: operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.
Page acquisition device 120 can also be logical with one or more external equipments 1204 (such as keyboard, sensing equipment etc.) Letter, can also be enabled a user to one or more equipment interact with page acquisition device 120 communicate, and/or with make this Any equipment (such as the router, modulatedemodulate that page acquisition device 120 can be communicated with one or more of the other calculating equipment Adjust device etc.) communication.This communication can be carried out by input/output (I/O) interface 1205.Also, page acquisition device 120 Network adapter 1206 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public affairs can also be passed through Common network network, such as internet) communication.As shown in figure 12, network adapter 1206 obtains dress with for the page by bus 1203 Set 120 other modules communication.It will be appreciated that though being not shown in the figure, can be used in conjunction with page acquisition device 120 other hard Part and/or software module, including but not limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and data backup storage system etc..
Next, introducing the page acquisition device of another exemplary embodiment according to the present invention, which obtains dress Setting in network side.
Person of ordinary skill in the field it is understood that various aspects of the invention can be implemented as system, method or Program product.Therefore, various aspects of the invention can be embodied in the following forms, it may be assumed that complete hardware embodiment, complete The embodiment combined in terms of full Software Implementation (including firmware, microcode etc.) or hardware and software, can unite here Referred to as circuit, " module " or " system ".
In some possible embodiments, page acquisition device according to the present invention can include at least at least one Manage unit and at least one storage unit.Wherein, the storage unit is stored with program code, when said program code quilt When the processing unit executes, so that the processing unit executes root described in above-mentioned " illustrative methods " part of this specification According to the step in the page acquisition methods of the various illustrative embodiments of inventive network side.For example, the processing unit can To execute step 401 as shown in Figure 4, the hypertext transfer protocol HTTP for the acquisition specified page that user equipment is sent is received Step 402 whether request judges comprising specified encryption identification in the HTTP request, if so, step 403 is executed, otherwise, Step 406 is executed, step 403, specified cipher mode accordingly is obtained, step 404, according to the specified cipher mode of the acquisition The corresponding page data of the specified page is encrypted, step 405, the encrypted page data is returned to described Step 406 the page data of the corresponding unencryption of the specified page is returned to the user equipment by user equipment.
The page acquisition device 130 of this embodiment according to the present invention is described referring to Figure 13.Figure 13 is shown Page acquisition device 130 be only an example, should not function to the embodiment of the present invention and use scope bring any limit System.
As shown in figure 13, page acquisition device 130 is showed in the form of universal computing device.Page acquisition device 130 Component can include but is not limited to: at least one above-mentioned processing unit 1301, at least one above-mentioned storage unit 1302, connection are not The bus 1303 of homologous ray component (including processing unit 1301 and storage unit 1302).
Bus 1303 indicates one of a few class bus structures or a variety of, including memory bus or memory control Device, peripheral bus, processor or the local bus using any bus structures in a variety of bus structures.
Storage unit 1302 may include the readable medium of form of volatile memory, such as random access memory (RAM) 13021 and/or cache memory 13022, it can further include read-only memory (ROM) 13023.
Storage unit 1302 can also include program/utility with one group of (at least one) program module 13024 13025, such program module 13024 includes but is not limited to: operating system, one or more application program, other programs It may include the realization of network environment in module and program data, each of these examples or certain combination.
Page acquisition device 130 can also be logical with one or more external equipments 1304 (such as keyboard, sensing equipment etc.) Letter, can also be enabled a user to one or more equipment interact with page acquisition device 130 communicate, and/or with make this Any equipment (such as the router, modulatedemodulate that page acquisition device 130 can be communicated with one or more of the other calculating equipment Adjust device etc.) communication.This communication can be carried out by input/output (I/O) interface 1305.Also, page acquisition device 130 Network adapter 1306 and one or more network (such as local area network (LAN), wide area network (WAN) and/or public affairs can also be passed through Common network network, such as internet) communication.As shown in figure 13, network adapter 1306 obtains dress with for the page by bus 1303 Set 130 other modules communication.It will be appreciated that though being not shown in the figure, can be used in conjunction with page acquisition device 130 other hard Part and/or software module, including but not limited to: microcode, device driver, redundant processing unit, external disk drive array, RAID system, tape drive and data backup storage system etc..
Exemplary process product
In some possible embodiments, the various aspects of page acquisition methods provided by the invention are also implemented as A kind of form of program product comprising program code, when described program product is run on a computing device, described program Code is for making the computer equipment execute described in above-mentioned " illustrative methods " part of this specification base according to the present invention Step in the page acquisition methods of the various illustrative embodiments of user equipment side, for example, the computer equipment can To execute step 201 as shown in Figure 2, intercepts the hypertext for obtaining specified page and pass protocol HTTP request, step 202, specified encryption identification is added in the HTTP request, step 203, the HTTP request for adding specified encryption identification is sent out Give network side.
Above procedure product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, red The system of outside line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing (non exhaustive list) includes: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc Read memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
As shown in figure 14, the program product 140 of embodiment according to the present invention obtained for the page is described, it can To use portable compact disc read only memory (CD-ROM) and including program code, and can run on the terminal device.So And program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing can be it is any include or storage program Tangible medium, the program can be commanded execution system, device or device use or in connection.
Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Program in connection.
The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to --- Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind --- including local area network (LAN) or extensively Domain net (WAN)-be connected to user calculating equipment, or, it may be connected to external computing device (such as utilize Internet service Provider is connected by internet).
In other possible embodiments, the various aspects of page acquisition methods provided by the invention can also be realized For a kind of form of program product comprising program code, when described program product is run on a computing device, the journey Sequence code is for executing the computer equipment described in above-mentioned " illustrative methods " part of this specification according to the present invention Step in the page acquisition methods of the various illustrative embodiments of network side, for example, the computer equipment can execute Step 401 as shown in Figure 4 receives the HTTP request for the acquisition specified page that user equipment is sent, Step 402, judge whether comprising specified encryption identification in the HTTP request, if so, otherwise executing step 403 executes step Rapid 406, step 403, specified cipher mode accordingly is obtained, it step 404, will be described according to the specified cipher mode of the acquisition The corresponding page data of specified page is encrypted, and step 405, the encrypted page data is returned to the user and is set It is standby, step 406, the page data of the corresponding unencryption of the specified page is returned into the user equipment.
Above procedure product can be using any combination of one or more readable mediums.Readable medium can be readable letter Number medium or readable storage medium storing program for executing.Readable storage medium storing program for executing for example may be-but not limited to-electricity, magnetic, optical, electromagnetic, red The system of outside line or semiconductor, device or device, or any above combination.The more specific example of readable storage medium storing program for executing (non exhaustive list) includes: the electrical connection with one or more conducting wires, portable disc, hard disk, random access memory (RAM), read-only memory (ROM), erasable programmable read only memory (EPROM or flash memory), optical fiber, portable compact disc Read memory (CD-ROM), light storage device, magnetic memory device or above-mentioned any appropriate combination.
As shown in figure 15, the program product 150 of embodiment according to the present invention obtained for the page is described, it can To use portable compact disc read only memory (CD-ROM) and including program code, and can run on the terminal device.So And program product of the invention is without being limited thereto, in this document, readable storage medium storing program for executing can be it is any include or storage program Tangible medium, the program can be commanded execution system, device or device use or in connection.
Readable signal medium may include in a base band or as the data-signal that carrier wave a part is propagated, wherein carrying Readable program code.The data-signal of this propagation can take various forms, including --- but being not limited to --- electromagnetism letter Number, optical signal or above-mentioned any appropriate combination.Readable signal medium can also be other than readable storage medium storing program for executing it is any can Read medium, the readable medium can send, propagate or transmit for by instruction execution system, device or device use or Program in connection.
The program code for including on readable medium can transmit with any suitable medium, including --- but being not limited to --- Wirelessly, wired, optical cable, RF etc. or above-mentioned any appropriate combination.
The program for executing operation of the present invention can be write with any combination of one or more programming languages Code, described program design language include object oriented program language-Java, C++ etc., further include conventional Procedural programming language-such as " C " language or similar programming language.Program code can be fully in user It calculates and executes in equipment, partly executes on a user device, being executed as an independent software package, partially in user's calculating Upper side point is executed on a remote computing or is executed in remote computing device or server completely.It is being related to far Journey calculates in the situation of equipment, and remote computing device can pass through the network of any kind --- including local area network (LAN) or extensively Domain net (WAN)-be connected to user calculating equipment, or, it may be connected to external computing device (such as utilize Internet service Provider is connected by internet).
It should be noted that although being referred to several modules of device in the above detailed description, this division is only It is illustratively not enforceable.In fact, embodiment according to the present invention, the spy of two or more above-described modules Function of seeking peace can embody in a module.Conversely, the feature and function of an above-described module can be further It is divided by multiple modules and embodies.
In addition, although describing the operation of the method for the present invention in the accompanying drawings with particular order, this do not require that or Hint must execute these operations in this particular order, or have to carry out shown in whole operation be just able to achieve it is desired As a result.Additionally or alternatively, it is convenient to omit multiple steps are merged into a step and executed by certain steps, and/or by one Step is decomposed into execution of multiple steps.
Although detailed description of the preferred embodimentsthe spirit and principles of the present invention are described by reference to several, it should be appreciated that, this It is not limited to the specific embodiments disclosed for invention, does not also mean that the feature in these aspects cannot to the division of various aspects Combination is benefited to carry out, this to divide the convenience merely to statement.The present invention is directed to cover appended claims spirit and Included various modifications and equivalent arrangements in range.

Claims (14)

1. a kind of page acquisition methods, comprising:
It intercepts the hypertext for obtaining specified page and passes protocol HTTP request;
Specified encryption identification is added in the HTTP request;
The HTTP request for adding specified encryption identification is sent to network side;
Intercept that the network side sends to specify the encrypted page data of cipher mode, the page data is described specified The corresponding page data of the page;
According to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is decrypted;
The specified page is generated according to the page data after decryption processing and is shown, wherein the specified cipher mode is described The specified corresponding cipher mode of encryption identification;
Wherein, the page data includes the hypertext markup language html data of the specified page, the html data packet Include text data, the chained address JS and resource data chained address;It is described according to the corresponding decryption side of the specified cipher mode The encrypted page data is decrypted in formula, comprising:
According to the corresponding manner of decryption of the specified cipher mode, the encrypted page data is decrypted, institute is obtained Html data after stating the decryption of specified page;According to the chained address JS in the html data, obtained from the network side The chained address JS is corresponding according to the specified encrypted JS data of cipher mode;According to the specified cipher mode Corresponding manner of decryption has been decrypted according to the specified encrypted JS data of cipher mode to described, has obtained the finger Determine the JS data of the page;And according to the resource data chained address in the html data, the money is obtained from the network side The corresponding resource data in source data chained address;Wherein, for same JS data, according to the encrypted JS of different cipher modes The chained address JS of data is different, and the JS chain of the chained address JS of the JS data of unencryption and the encrypted JS data is grounded Location is also different.
2. according to the method described in claim 1, further include:
Intercept that the network side sends to specify the encrypted load resource white list of cipher mode;
According to the corresponding manner of decryption of the specified cipher mode, place is decrypted to the encrypted load resource white list It manages, includes trusted chained address in the specified page in the load resource white list.
3. according to the method described in claim 2, wherein, according to the resource data chained address in the html data, from institute It states network side and obtains the corresponding resource data in the resource data chained address, comprising:
When determining that the resource data chained address is the resource data chained address in the load resource white list, from service Device obtains the corresponding resource data in the resource data chained address.
4. method according to claim 1 to 3, wherein specified encryption identification is added in the HTTP request, Include:
Specified encryption identification is added to the head of the HTTP request.
5. a kind of page acquisition methods, comprising:
Receive the HTTP request for the acquisition specified page that user equipment is sent;
When determining in the HTTP request comprising specified encryption identification, specified cipher mode accordingly is obtained;
The corresponding page data of the specified page is encrypted according to the specified cipher mode of the acquisition;
The encrypted page data is returned into the user equipment;
Wherein, the encrypted page data is returned into the user equipment, comprising:
Determine the corresponding chained address JS of the specified cipher mode of the acquisition, wherein the corresponding JS number in the chained address JS According to for the corresponding JS data of the specified page, and the JS data are added according to the specified cipher mode of the acquisition in advance It is close;
The corresponding chained address JS of the specified cipher mode that will acquire is placed in the HTLM data of the specified page;
The user is returned to after the HTLM data of the specified page are encrypted according to the specified cipher mode of the acquisition to set It is standby;Wherein, it for any JS data, is grounded using the corresponding JS chain of the encrypted any JS data of different cipher modes Location is different, any JS data of unencryption and carries out encrypted any JS number according to each cipher mode in advance According to being stored in advance in backup server.
6. according to the method described in claim 5, wherein, being determined in the HTTP request in the following way comprising specified encryption Mark:
Whether the specific field for judging the head of the HTTP request is preset value;
If so, determining in the HTTP request comprising specified encryption identification.
7. according to the method described in claim 5, further include:
Load resource white list is obtained from the head of the http response message for the HTTP request;
Load resource white list is encrypted according to the specified cipher mode of the acquisition;
The encrypted load resource white list is returned into the user equipment.
8. a kind of page acquisition device, comprising:
First interception module, for intercepting the hypertext biography protocol HTTP request for obtaining specified page;
Adding module, for specified encryption identification to be added in the HTTP request;
Sending module, for the HTTP request for adding specified encryption identification to be sent to network side;
Second interception module, it is described for intercepting that the network side sends to specify the encrypted page data of cipher mode Page data is the corresponding page data of the specified page;
Deciphering module, for according to the corresponding manner of decryption of the specified cipher mode, to the encrypted page data into Row decryption processing;
Display module, for generating the specified page according to the page data after decryption processing and showing, wherein described specified Cipher mode is the corresponding cipher mode of the specified encryption identification;
Wherein, the page data includes the hypertext markup language html data of the specified page, the html data packet Include text data, the chained address JS and resource data chained address;
The deciphering module, comprising: the first decryption unit is right for according to the corresponding manner of decryption of the specified cipher mode The encrypted page data is decrypted, the html data after obtaining the decryption of the specified page;First acquisition unit, For according to the chained address JS in the html data, from the network side obtain the chained address JS it is corresponding according to The encrypted JS data of specified cipher mode;Second decryption unit, for according to the corresponding solution of the specified cipher mode Close mode has been decrypted according to the specified encrypted JS data of cipher mode to described, has obtained the specified page JS data;Second acquisition unit, for being obtained from the network side according to the resource data chained address in the html data The corresponding resource data in the resource data chained address.
9. device according to claim 8, wherein
Second interception module is also used to, intercept that the network side sends to specify the encrypted load resource of cipher mode White list;
The deciphering module is also used to, according to the corresponding manner of decryption of the specified cipher mode, to the encrypted load Resource white list is decrypted, and includes trusted chain ground connection in the specified page in the load resource white list Location.
10. device according to claim 9, wherein the second acquisition unit is specifically used for:
When determining that the resource data chained address is the resource data chained address in the load resource white list, from service Device obtains the corresponding resource data in the resource data chained address.
11. according to any device of claim 8-10, wherein the adding module is specifically used for:
Specified encryption identification is added to the head of the HTTP request.
12. a kind of page acquisition device, comprising:
Receiving module, the HTTP request of the acquisition specified page for receiving user equipment transmission;
Module being obtained, when for determining in the HTTP request comprising specified encryption identification, obtaining specified cipher mode accordingly;
Encrypting module is added the corresponding page data of the specified page for the specified cipher mode according to the acquisition It is close;
Sending module, for the encrypted page data to be returned to the user equipment;
The sending module, comprising:
Determination unit, the corresponding chained address JS of specified cipher mode for determining the acquisition, wherein the JS chain ground connection The corresponding JS data in location are the corresponding JS data of the specified page, and the JS data add according to the specified of the acquisition in advance Close mode is encrypted;Placement unit, the corresponding chained address JS of specified cipher mode for will acquire are placed on the finger Determine in the HTLM data of the page;Return unit, for adding the HTLM data of the specified page according to the specified of the acquisition Close mode returns to the user equipment after encrypting;Wherein, encrypted using different cipher modes for any JS data The corresponding chained address JS of any JS data is different, any JS data of unencryption and in advance according to each encryption Mode carries out encrypted any JS data and is stored in advance in backup server.
13. device according to claim 12, wherein the acquisition module includes:
Judging unit, for judging whether the specific field on head of the HTTP request is preset value;
Determination unit, for determining in the HTTP request comprising specified encryption in the case where judging unit judgement is Mark.
14. device according to claim 12, wherein
The acquisition module is also used to, and obtains the load white name of resource from the head of the http response message for the HTTP request It is single;
The encrypting module is also used to, and is encrypted according to the specified cipher mode of the acquisition to load resource white list;
The sending module is also used to, and the encrypted load resource white list is returned to the user equipment.
CN201610808523.8A 2016-09-07 2016-09-07 A kind of page acquisition methods and device Active CN106412024B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610808523.8A CN106412024B (en) 2016-09-07 2016-09-07 A kind of page acquisition methods and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610808523.8A CN106412024B (en) 2016-09-07 2016-09-07 A kind of page acquisition methods and device

Publications (2)

Publication Number Publication Date
CN106412024A CN106412024A (en) 2017-02-15
CN106412024B true CN106412024B (en) 2019-10-15

Family

ID=57998920

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610808523.8A Active CN106412024B (en) 2016-09-07 2016-09-07 A kind of page acquisition methods and device

Country Status (1)

Country Link
CN (1) CN106412024B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108038233B (en) * 2017-12-26 2021-07-23 福建中金在线信息科技有限公司 Method and device for collecting articles, electronic equipment and storage medium
CN112887336B (en) * 2018-05-04 2023-05-05 广东电网有限责任公司 Communication safety protection method and device
CN108683665A (en) * 2018-05-15 2018-10-19 国家电网公司 Data ciphering method, system in fiber optic communication and data transmitting equipment
CN108737196B (en) * 2018-06-15 2021-04-06 无锡雷华网络技术有限公司 Method for managing PON equipment
CN109067739B (en) * 2018-07-27 2021-10-08 平安科技(深圳)有限公司 Communication data encryption method and device
CN108965311A (en) * 2018-07-27 2018-12-07 平安科技(深圳)有限公司 Encryption of communicated data method and apparatus
CN111222130B (en) * 2018-11-27 2023-10-03 钉钉控股(开曼)有限公司 Page response method, page request method and page request device
CN109711187B (en) * 2018-11-29 2020-01-24 北京字节跳动网络技术有限公司 Page processing method and device, computer readable storage medium and electronic equipment
CN111639275B (en) * 2019-03-01 2023-04-25 阿里巴巴集团控股有限公司 Routing information processing method, device, electronic equipment and computer storage medium
CN110351262B (en) * 2019-06-28 2021-12-14 北京你财富计算机科技有限公司 Data interaction method and device and electronic equipment
CN110516467B (en) * 2019-07-16 2021-09-24 上海数据交易中心有限公司 Data distribution method and device, storage medium and terminal
CN113922980A (en) * 2021-08-23 2022-01-11 北京天融信网络安全技术有限公司 DNS monitoring method, equipment and storage medium based on HTTP detection information
CN114928466B (en) * 2022-03-31 2023-11-07 成都鲁易科技有限公司 Automatic identification method and device for encrypted data, storage medium and computer equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102355657A (en) * 2011-06-28 2012-02-15 成都市华为赛门铁克科技有限公司 Service access control method, device and system
CN102591877A (en) * 2011-01-14 2012-07-18 深圳市同洲电子股份有限公司 Webpage resource request method for embedded browser and browsing device
CN102955847A (en) * 2012-10-25 2013-03-06 北京奇虎科技有限公司 System for loading website data on browser format page
CN102984275A (en) * 2012-12-14 2013-03-20 北京奇虎科技有限公司 Method and browser for web downloading
CN104243522A (en) * 2013-06-19 2014-12-24 华为技术有限公司 Method for hypertext transfer protocol (HTTP) network and broadband network gateway (BNG)

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101222322B (en) * 2008-01-24 2010-06-16 中兴通讯股份有限公司 Safety ability negotiation method in super mobile broadband system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102591877A (en) * 2011-01-14 2012-07-18 深圳市同洲电子股份有限公司 Webpage resource request method for embedded browser and browsing device
CN102355657A (en) * 2011-06-28 2012-02-15 成都市华为赛门铁克科技有限公司 Service access control method, device and system
CN102955847A (en) * 2012-10-25 2013-03-06 北京奇虎科技有限公司 System for loading website data on browser format page
CN102984275A (en) * 2012-12-14 2013-03-20 北京奇虎科技有限公司 Method and browser for web downloading
CN104243522A (en) * 2013-06-19 2014-12-24 华为技术有限公司 Method for hypertext transfer protocol (HTTP) network and broadband network gateway (BNG)

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"HTTP使用RSA公钥加密算法加密明文;月光博客;《HTTP使用RSA公钥加密算法加密明文,www.williamlong.info/srchives/4346.html》;20150903;实现思路 *
HTTP使用RSA公钥加密算法加密明文;月光博客;《HTTP使用RSA公钥加密算法加密明文,www.williamlong.info/srchives/4346.html》;20150903;实现思路 *

Also Published As

Publication number Publication date
CN106412024A (en) 2017-02-15

Similar Documents

Publication Publication Date Title
CN106412024B (en) A kind of page acquisition methods and device
CN106713320B (en) Terminal data transmission method and device
US10574686B2 (en) Security verification by message interception and modification
US7788495B2 (en) Systems and methods for automated configuration of secure web site publishing
JP6545136B2 (en) System and method for encrypted transmission of web pages
Lee et al. Pride and prejudice in progressive web apps: Abusing native app-like features in web applications
US9015845B2 (en) Transit control for data
US9397981B2 (en) Method and system for secure document exchange
US8291227B2 (en) Method and apparatus for secure communication
CN113141365B (en) Distributed micro-service data transmission method, device, system and electronic equipment
CN109861973A (en) Information transferring method, device, electronic equipment and computer-readable medium
EP4409447A1 (en) Systems and methods for malicious code neutralization in execution environments
US20220027456A1 (en) Rasp-based implementation using a security manager
CN114500054A (en) Service access method, service access device, electronic device, and storage medium
CN112308236B (en) Method, device, electronic equipment and storage medium for processing user request
CN115580413B (en) Zero-trust multi-party data fusion calculation method and device
US10897458B1 (en) Enhancing secure client experience through selective encryption of cookies
CN111246407B (en) Data encryption and decryption method and device for short message transmission
CN111181831B (en) Communication data processing method and device, storage medium and electronic device
CN105577657B (en) A kind of extended method of SSL/TLS algorithms external member
CN116112172B (en) Android client gRPC interface security verification method and device
CN113992734A (en) Session connection method, device and equipment
Liu et al. Monitoring user-intent of cloud-based networked applications in cognitive networks
CN112685293A (en) Testing method of encryption interface and related equipment
CN118540169B (en) API safety realizing method, system, medium and API framework realizing method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20191105

Address after: 310012 G building, 10 floor, A building, Paradise Software Park, 3 West Road, Hangzhou, Xihu District, Zhejiang

Patentee after: Alibaba (China) Co., Ltd.

Address before: Hangzhou City, Zhejiang province 310051 Binjiang District River Street No. 1786 Jianghan Road Longsheng Building Room 803

Patentee before: Netease Koala (Hangzhou) Technology Co., Ltd.