Unlock instant, AI-driven research and patent intelligence for your innovation.

A method and system for preventing session replay

A technology of replay and legality verification, applied in the field of communication

Active Publication Date: 2021-03-09
台州市吉吉知识产权运营有限公司
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

It is still unavoidable to use the stolen credential and request at that time and send it to the server again.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and system for preventing session replay

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] Such as figure 1 Shown, a system to prevent session replay.

[0038] The client sends a user request attached with the credit certificate to the server to request the server to provide services; the server provides services to the client that has passed the verification of the credit certificate. The credit credential is a one-time credential with expiration date, including client information, server information and expiration information

[0039] There are many forms of client, such as browser or APP application, the user logs in through the client browser or client APP application, and sends the user name and user password to the server. The server side stores the information of successfully registered users, and the user information includes the corresponding relationship between user names and user passwords. The server verifies the user's login request, and assigns a unique SESSION or TOKEN to the authenticated client, and the client uses the unique SESSION (iden...

Embodiment 2

[0064] Such as figure 1 As shown, a system for preventing session replay includes a client and a server.

[0065] The client sends a user request attached with the credit certificate to the server to request the server to provide services; the server provides services to the client that has passed the verification of the credit certificate.

[0066] There are many forms of client, such as browser or APP application, the user logs in through the client browser or client APP application, and sends the user name and user password to the server. The client also saves the user name and password entered by the user, and the client does not need to request identity authentication from the server. The server side stores the information of the successfully registered users, and the user information includes the corresponding relationship between the user name and the user password.

[0067] Specifically, the client includes a client storage module and a credential generation module. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention belongs to the technical field of communication, and relates to a method and system for preventing replay of a session. If a third-party attack attempts to intercept and reuse a credit voucher, a request is initiated within 30 minutes, and reproducibility verification of a server will find that the credit voucher has been submitted. The user request and the credit voucher, which are intercepted by the third-party attack, definitely belong to an authentic legal user, so that the authentically legal user request continues to be transmitted to the server. The third-party attack requires a certain time to intercept the credit voucher, forge an IP and organize the request content, the first submission is definitely performed by the authentic legal user, and the submission performed later must be an attacker. If the third-party initiates a request after 30 minutes, the credit voucher is restricted by a limitation period of 30 minutes, and the replay attempt of the attacker also cannot be realized.

Description

technical field [0001] The invention belongs to the technical field of communication, and relates to a method and system for preventing session replay. Background technique [0002] Now it seems that most website user authentication mainly includes two ways: [0003] 1. User authentication based on SESSION [0004] After the user is authenticated by the server, the user-related SESSION data will be generated on the server side, and the SESSION_ID will be sent to the client and stored in the COOKIE. When the client needs to request services from the server, the SESSION_ID is included in the user request sent to the server. The server can verify whether there is corresponding SESSION data on the server side according to the SESSION_ID, so as to complete user authentication. [0005] 2. User authentication based on TOKEN [0006] TOKEN-based user authentication is a stateless server-side authentication method, and the server does not need to store TOKEN data. After the use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/321H04L9/3213H04L63/0807H04L63/0815
Inventor 仇亚东
Owner 台州市吉吉知识产权运营有限公司