Embedded web server anti-replay attack method

A WEB server, embedded technology, applied in the field of information, can solve the problems of users' personal privacy, property security threats, security risks, etc.

Active Publication Date: 2020-10-23
SHENZHEN YOUHUA COMM TECH
View PDF9 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] However, it also brings many security risks. The super management user authority of the home gateway is obtained by means of replay attacks such as changing the URL and intercepting messages, thereby obtaining the highest control authority over the home gateway.
Through further means to monitor the entire home network data information, intercept the key important private information of the user, and pose a serious threat to the user's personal privacy and property security

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Embedded web server anti-replay attack method
  • Embedded web server anti-replay attack method
  • Embedded web server anti-replay attack method

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The present invention will be further described below in conjunction with the accompanying drawings and specific embodiments.

[0025] refer to Figure 1 to Figure 3 As shown, the present invention provides a kind of embedded WEB server anti-replay attack method, comprises the following steps:

[0026] S1. The terminal sends a Get request to the embedded Web server; the Get request is verified for identity validity, and after the verification is successful, the next step is entered.

[0027] Wherein, the Get request to perform identity verification includes the following steps:

[0028] S11. Detect whether the Get request contains Cookie information, if yes, enter the next step; if no, generate a session ID with a random value, generate a session file with the session ID as the name locally, and return it to the user's browser 401 error, and include the cookie information of the session ID in the 401 error response, requiring the terminal to carry the cookie informati...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses an embedded WEB server replay attack prevention method. The method includes the steps of S1, transmitting a Get request to an embedded Web server through a terminal and performing identity legitimacy verification on the Get request; S2, performing integral digital signature verification, and judging whether the current request is the Get request or a Post request or not; ifthe current request is the Get request, issuing a first digital signature in Get response through the embedded Web server; if the current request is the Post request, verifying whether the first digital signature carrying the Post request is legal or not, if illegal, denying access, or otherwise, issuing a second digital signature updated relative to the first digital signature in Post response through the embedded Web server, wherein the second digital signature is used for subsequent information modification on the page.

Description

technical field [0001] The invention relates to the field of information technology, in particular to a method for preventing replay attacks of an embedded WEB server. Background technique [0002] With the rapid development of the Internet and the rapid popularization of home informatization, home gateways have become the core equipment in home informatization. In order to meet the ease of use, the current home gateway generally provides a WEB management interface to meet the user's quick and convenient device management. [0003] However, it also brings many security risks. The super management user authority of the home gateway is obtained by means of malicious means such as rewriting the URL and intercepting the message, thereby obtaining the highest control authority over the home gateway. Through further means to monitor the data information of the entire home network and intercept the key important private information of the user, it poses a serious threat to the use...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L9/32
CPCH04L9/3247H04L63/08H04L63/1441
Inventor 刘建峰王通源肖青平沈时雨李德海
Owner SHENZHEN YOUHUA COMM TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products