Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method for preventing session hijacking, server and terminal

A server and terminal technology, applied in the field of communication, can solve the problems that affect the security of terminal and server session information, and the security level of session information needs to be improved, so as to prevent malicious acquisition and improve the security level.

Active Publication Date: 2019-01-08
KINGDEE SOFTWARE(CHINA) CO LTD
View PDF10 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] However, in the current technology, the session ID is always used as the identity credential for the session (information interaction) between the terminal and the server, and even if the session ID is stored in the cookie and has been encrypted, the attacker still Some computer security vulnerabilities can be found to maliciously obtain the session ID, masquerade as a legitimate terminal, and attack the session between the terminal and the server, seriously affecting the security of the session information between the terminal and the server, and the security level of the session information between the two needs to be improved

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for preventing session hijacking, server and terminal
  • Method for preventing session hijacking, server and terminal
  • Method for preventing session hijacking, server and terminal

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0118] The embodiment of the present application provides a method for preventing session hijacking, a server and a terminal, which are used to prevent an attacker from maliciously obtaining identity authentication information between the terminal and the server, and improve the security level of session information between the terminal and the server.

[0119] refer to figure 1 , figure 1 It is an embodiment of the method for preventing session hijacking in the embodiment of this application. An embodiment of the method for preventing session hijacking in the embodiment of the present application includes:

[0120] 101. The server receives the login request information sent by the terminal;

[0121] In this embodiment, before requesting service information and heartbeat packets from the server, the terminal may first send login request information to the server to log in to the server, and the login request information carries the user account and password of the terminal. ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the application discloses a method for preventing session hijacking, a server and a terminal, which are used for preventing an attacker from maliciously acquiring identity authentication information between the terminal and the server, and improving the session information security level between the terminal and the server. The method according to one embodiment of the inventionincludes: automatically creating a session identifier by the server, randomly creating value of the token as a unique identifier, and constantly changing the value of the token, then, inputting the dynamic value into the data packets used for information exchange between the server and the terminal, and encrypting the data packets in an encrypted manner, so that the information security of the information exchange between the terminal and the server is doubly protected.

Description

technical field [0001] The present application relates to the technical field of communications, and in particular to a method, server and terminal for preventing session hijacking. Background technique [0002] Session hijacking is an attack in which an attacker, as a third party, obtains the terminal's session ID (Session ID), uses the legal session ID to log in to the user account of the target terminal, pretends to be a legitimate user, and hijacks the session between the terminal and the server. method. The heartbeat mechanism is a mechanism for the terminal to regularly send a custom heartbeat packet to let the server know that the terminal is still active, so as to ensure the validity of the connection between the terminal and the server. Before a session needs to be established between the terminal and the server, the terminal first needs to log in to the server and perform heartbeat packet detection with the server. After the terminal logs in and knows the normal c...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L12/26H04L9/32
CPCH04L9/3213H04L43/10H04L63/0428H04L63/0435H04L63/08H04L63/083H04L63/0846
Inventor 杨坤元洪汉潮
Owner KINGDEE SOFTWARE(CHINA) CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com