Unlock instant, AI-driven research and patent intelligence for your innovation.

HTTP hidden button protection method based on preposed gateway

A button and gateway technology, applied in the field of web security, can solve problems such as interference and lack of scalability, leakage and tampering, and achieve good scalability

Active Publication Date: 2012-05-23
ZHONGKE INFORMATION SECURITY COMMON TECH NAT ENG RES CENT CO LTD
View PDF5 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] Aiming at the interference to the application and the lack of scalability faced by the security reinforcement of the hidden button of the Form in the existing web application code, the present invention provides a security reinforcement device for the HTTP Form hidden button based on the front proxy gateway, based on The front-end HTTP proxy gateway transparently intervenes in the session process between the client and the Web server, and realizes the encryption and integrity protection of the hidden button in the Form form sent by the Web server to the client, ensuring that the sensitive data carried by the hidden button cannot be transmitted between the client and the client. leaked and tampered with

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • HTTP hidden button protection method based on preposed gateway
  • HTTP hidden button protection method based on preposed gateway

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0010] The front-end proxy gateway is located in front of the protected web server, receives the HTTP response from the server before the client, searches for the forms and hidden buttons in it, and uses the cryptographic facilities (encryption function library, encryption card, etc.) in the gateway for security reinforcement , and forwarded to the client. The gateway receives the HTTP request from the client before the server, searches for the form and hidden button, decrypts and verifies the value of the hidden button, restores the form, and forwards it to the Web server.

[0011] The front proxy gateway can provide security reinforcement for one or more web servers in two modes of bridge or reverse proxy. In bridge mode, the destination address in the request packet sent by the client to the server is the real server. At this time, in order for the gateway to receive and process the data, the destination address of the data packet and The port translates the address and se...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A HTTP form hidden button safety protection method based on a preposed gateway is disclosed. The method is characterized by: receiving an HTTP response before a client based on the preposed gateway; using an encryption facility to encrypt values of hidden buttons in the form one by one, carrying out connection in series to all the values of the hidden buttons in the form, calculating an HMAC code so as to add in the form and forwarding to the client; carrying out decryption and integrity verification to a value pair of a hidden field in the HTTP request form come from the server and forwarding the HTTP request which is safely lifted to the server. By using the method, confidentiality and integrity of the HTTP hidden button on the client and during a transmission process can be protected.

Description

Technical field [0001] The present invention relates generally to the field of web security. More specifically, the present invention relates to a method and device for protecting hidden button values ​​in HTTP Form based on a front-end proxy gateway, so as to protect Web applications from threats of key data tampering and leakage. Background technique [0002] Due to the stateless nature of the HTTP protocol, Web servers often use hidden buttons in HTTP forms (Form) to implement data transfer across HTTP sessions. The values ​​for the hidden buttons are all generated by the server and sent to the client so that they are submitted back by the client for use by the server in the next session. In this way, the web server can obtain important data generated in previous HTTP interactions (for example, the total value of commodities that the current user has purchased so far), so as to serve as the basis for further interaction and calculation with the user. In most cases, the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L29/08
Inventor 翟征德李佳玥史保华
Owner ZHONGKE INFORMATION SECURITY COMMON TECH NAT ENG RES CENT CO LTD