Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method, device and system for preventing replay attack

A technology for replaying attacks and character strings, applied in the field of devices for preventing replaying attacks and systems for preventing replaying attacks, can solve problems such as loss and confusion of business relationships, and achieve improved security performance, small calculation results, and fast calculation speed. Effect

Active Publication Date: 2022-05-13
CHINA TELECOM CORP LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Replay attack is one of the most concealed network attack methods. Attackers use network monitoring or other methods to steal API requests, perform certain processing, and then resend them to the authentication server. This attack will continue to be malicious or fraudulent. Indiscriminately repeating a valid API request, causing confusion and significant damage to business relationships
The defense method against the replay attack includes two ways of verifying the identity of the sender and identifying the additional information of the message, and the processing method of the additional information of the message includes adding random numbers, adding time stamps, adding serial numbers, etc., the prior art Generally, it is a comprehensive application of the above methods, but there are still contradictions between safety performance, maintenance cost and operating efficiency

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method, device and system for preventing replay attack
  • Method, device and system for preventing replay attack
  • Method, device and system for preventing replay attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0069] In order to make the above objects, features and advantages of the present invention more comprehensible, the present invention will be further described in detail below in conjunction with the accompanying drawings and specific embodiments.

[0070] The existing methods to deal with replay attacks usually include adding additional information to the request information, adding additional information to the request information includes adding random numbers, adding time stamps, adding serial numbers, and comprehensive applications of the above methods, but Even if it is a comprehensive application, it cannot avoid the possibility that the random numbers contained in the new message will be repeated in the same time window, and there is a possibility of misjudgment.

[0071] One of the core ideas of the embodiment of the present invention is that under the ajax framework developed by the Web, an encrypted character string is added to the request sent by the server through...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a method, device and system for preventing a replay attack, and the method comprises the steps: intercepting a request when the request sent by a browser to an application server is monitored; obtaining a timestamp matched with the request and determining to-be-encrypted data; determining an encrypted character string according to the to-be-encrypted data; and sending the request containing the encrypted character string to the gateway, so that the gateway decrypts the request containing the encrypted character string, and judging whether the request is a replay attack or not according to a decryption result. According to the method, the encryption character string is added in the request, so that the encryption calculation result is random enough, brute force cracking can be resisted, and the safety performance is effectively improved; the reversible encryption algorithm is small in calculation result, high in calculation speed, small in system resource occupation, easy to implement and wide in application scene.

Description

technical field [0001] The invention relates to the technical field of network security, in particular to a method for preventing replay attacks, a device for preventing replay attacks and a system for preventing replay attacks. Background technique [0002] With the enhancement of Internet active protection technology, traditional attack methods such as the use of security holes, violent databases, and DDOS (Distributed Denial of Service: Distributed Denial of Service Attacks) have gradually decreased. harder to identify. Replay attack is one of the most concealed network attack methods. Attackers use network monitoring or other methods to steal API requests, perform certain processing, and then resend them to the authentication server. This attack will continue to be malicious or fraudulent. Indiscriminately repeating a valid API request, causing confusion and costly damage to business relationships. The defense method against the replay attack includes two ways of verif...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L9/40H04L67/60
CPCH04L63/1441
Inventor 徐冬冬刘营付迎鑫闫永德高乐刘桥王健徐锐槐正
Owner CHINA TELECOM CORP LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com