Portal Web server and method for preventing off-line request forgery

A server and request message technology, applied in the direction of electrical components, user identity/authority verification, transmission system, etc., can solve the problems of insufficient memory space and performance of the PortalWeb server, release and refresh of memory space, etc., to avoid insufficient memory, Improve performance and efficiency, avoid the effect of release refresh

Active Publication Date: 2012-09-19
NEW H3C TECH CO LTD
View PDF5 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In practical applications, the Portal Web server often has insufficient memory space and performance. Especially in an environment with a large number of user authentications, the Portal Web server needs enough memory space to store the correspondence between a large number of user IP addresses and encrypted strings. relationship, and users go online and offline, which also makes the memory space of the Portal Web server face the test of memory release and refresh.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Portal Web server and method for preventing off-line request forgery
  • Portal Web server and method for preventing off-line request forgery
  • Portal Web server and method for preventing off-line request forgery

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] In one embodiment of the present application, a Portal Web server is provided, such as figure 1 As shown, the Portal Web server includes an authentication module, an encryption module, and a comparison module, wherein the authentication module is used to receive the user's authentication login request, and after the user passes the authentication, the encryption module is notified to calculate the encryption according to the user's source IP address. string; the encryption module is used to store a fixed key, and generate a random key for each authenticated user, generate the original encrypted string according to the source IP address of the authenticated user in combination with the random key, and synthesize a character string according to the preset encryption rules , and then encrypt the synthetic character string according to the fixed key to generate the final encrypted string, and send the encrypted string to the authenticated user in the cookie of the response m...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

A method for preventing off-line request forgery includes: enabling a Portal Web server to store a fixed secret key, generate a random secret key for each user passing through authentication, generate a final encrypted string by means of two-time encryption according to the random secret key and the fixed secret key, and transmit the encrypted string to the user by carrying the encrypted string in a response message; and performing back-stepping decryption for the encrypted string to analyze a source IP (internet protocol) address corresponding to the encrypted string if an off-line request of the user carries encrypted string information, comparing the analyzed source IP address with a source IP address of the user in the message, allowing the user to be off-line if the comparison is consistent, and if the comparison is inconsistent, the request message is considered to be forged, and making no response. By the aid of the technical scheme, internal memory of the Portal Web server is released, and performance and operating efficiency of the Portal Web server are improved.

Description

technical field [0001] The invention relates to portal authentication, in particular to Portal authentication and a technique for preventing fake offline requests. Background technique [0002] Portal authentication is usually also called web authentication, and the portal authentication website is generally called a portal website. When an unauthenticated user surfs the Internet, the device forces the user to log in to a specific site, where the user can access services for free. When users need to access other information on the Internet, they must be authenticated on the portal website, and only after passing the authentication can they access Internet resources. [0003] A user can actively visit a known Portal authentication website and enter a user name and password for authentication. This method of starting Portal authentication is called active authentication. Conversely, if the user tries to access other external networks through HTTP, he will be forced to visit ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/32H04L29/06
Inventor 王佳良
Owner NEW H3C TECH CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap