[go: up one dir, main page]

CN104735086A - A method and device for securely downloading files - Google Patents

A method and device for securely downloading files Download PDF

Info

Publication number
CN104735086A
CN104735086A CN201510176604.6A CN201510176604A CN104735086A CN 104735086 A CN104735086 A CN 104735086A CN 201510176604 A CN201510176604 A CN 201510176604A CN 104735086 A CN104735086 A CN 104735086A
Authority
CN
China
Prior art keywords
data
data file
check value
file
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510176604.6A
Other languages
Chinese (zh)
Other versions
CN104735086B (en
Inventor
曾元清
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN201510176604.6A priority Critical patent/CN104735086B/en
Publication of CN104735086A publication Critical patent/CN104735086A/en
Application granted granted Critical
Publication of CN104735086B publication Critical patent/CN104735086B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention provides a method and a device for safely downloading a file, wherein the method comprises the following steps: sending an analysis request to a domain name analysis server, and receiving a data file sent by a data server; carrying out verification calculation on the data file to obtain a verification value of the data file; and comparing the calculated check value with a preset data file check value, and switching to an HTTPS channel to download the data file again if the calculated check value is different from the preset check value. The invention can effectively avoid downloading unsafe files to influence the normal operation of the terminal, and can effectively download correct data files through the HTTPS channel in time when abnormal.

Description

一种文件的安全下载方法和装置A method and device for securely downloading files

技术领域technical field

本发明属于互联网领域,尤其涉及一种文件的安全下载方法和装置。The invention belongs to the field of the Internet, in particular to a method and device for safely downloading files.

背景技术Background technique

随着互联网技术的发展,用户可以使用手机、电脑或者PAD等终端,通过有线网络或者无线网络,获取所需要的数据,比如浏览网页、下载图片或者应用程序等。With the development of Internet technology, users can use terminals such as mobile phones, computers, or PADs to obtain required data, such as browsing web pages, downloading pictures, or applications, through wired or wireless networks.

在终端通过网络浏览网络或者下载应用程序时,一般由终端提交访问请求,域名服务器接收到访问请求后,解析访问请求中的域名地址,根据域名服务器中存储的域名与服务器地址的对应关系,查找到访问的域名地址对应的地址,由域名服务器将该解析结果发回给终端,终端根据接收的地址访问服务器,从而可以得到服务器发送的数据。When a terminal browses the network or downloads an application program through the network, the terminal usually submits an access request. After receiving the access request, the domain name server analyzes the domain name address in the access request, and searches for To the address corresponding to the accessed domain name address, the domain name server sends the analysis result back to the terminal, and the terminal accesses the server according to the received address, so as to obtain the data sent by the server.

当其它非法用户拦截发送给域名解析服务器的域名解析请求时,将用户的请求解析为其它服务器的地址,使得用户访问其它服务器中的数据,并可能使用户下载含有病毒的文件,影响终端的正常运行。When other illegal users intercept the domain name resolution request sent to the domain name resolution server, the user's request is resolved to the address of other servers, allowing the user to access data in other servers, and may cause the user to download files containing viruses, affecting the normal operation of the terminal run.

发明内容Contents of the invention

本发明的目的在于提供一种文件的安全下载方法,以解决现有技术在发生域名劫持时,用户的请求解析为其它服务器的地址,使得用户访问其它服务器中的数据,并可能使用户下载含有病毒的文件,影响终端的正常运行的问题。The purpose of the present invention is to provide a method for securely downloading files to solve the problem that when domain name hijacking occurs in the prior art, the user's request is resolved to the address of other servers, so that the user can access the data in other servers, and may make the user download files containing Virus files affect the normal operation of the terminal.

第一方面,本发明实施例提供了一种文件的安全下载方法,所述方法包括:In a first aspect, an embodiment of the present invention provides a method for securely downloading a file, the method comprising:

向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址;Send a resolution request to the domain name resolution server, and receive the data server address returned by the resolution server;

根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件;According to the address of the data server, send a data download request to the data server, and receive the data file sent by the data server;

对所述数据文件进行校验计算,得到所述数据文件的校验值;Perform verification calculation on the data file to obtain the verification value of the data file;

将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件。Compare the calculated check value with the preset check value of the data file. If the calculated check value is different from the preset check value, switch to the HTTPS channel to re-download the data file.

结合第一方面,在第一方面的第一种可能实现方式中,所述对所述数据文件进行校验计算,得到所述数据文件的校验值步骤具体为:In combination with the first aspect, in the first possible implementation manner of the first aspect, the step of performing verification calculation on the data file to obtain the verification value of the data file is specifically:

对接收的数据文件的预定位置、预定大小的数据进行校验计算,得到所述预定位置、预定大小的数据的较验值。Perform verification calculation on the data at the predetermined position and the predetermined size of the received data file, and obtain the verification value of the data at the predetermined position and the predetermined size.

结合第一方面的第一种可能实现方式,在第一方面的第二种可能实现方式中,所述预定位置为下载的前部分数据文件。With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect, the predetermined location is a downloaded first part of the data file.

结合第一方面,在第一方面的第三种可能实现方式中,在所述将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件步骤之后,所述方法还包括:With reference to the first aspect, in the third possible implementation manner of the first aspect, in the comparison of the calculated check value with the preset check value of the data file, if the calculated check value is compared with the preset check value If the check values are different, after switching to the HTTPS channel to re-download the data file step, the method also includes:

向用户发送域名劫持的提示信息。Send a prompt message of domain name hijacking to the user.

结合第一方面,在第一方面的第二种可能实现方式中,所述对所述数据文件进行校验计算步骤具体为:通过计算数据文件的MD5值作为所述数据文件的较验值。With reference to the first aspect, in a second possible implementation manner of the first aspect, the step of performing verification calculation on the data file specifically includes: calculating the MD5 value of the data file as the verification value of the data file.

第二方面,本发明实施例提供了一种文件的安全下载装置,所述装置包括:In a second aspect, an embodiment of the present invention provides a device for securely downloading files, the device comprising:

解析请求单元,用于向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址;A resolution request unit, configured to send a resolution request to the domain name resolution server, and receive the data server address returned by the resolution server;

数据接收单元,用于根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件;A data receiving unit, configured to send a data download request to the data server according to the address of the data server, and receive a data file sent by the data server;

数据校验单元,用于对所述数据文件进行校验计算,得到所述数据文件的校验值;A data verification unit, configured to perform verification calculation on the data file to obtain a verification value of the data file;

校验值比较单元,用于将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件。Check value comparison unit, used to compare the calculated check value with the preset check value of the data file, if the calculated check value is different from the preset check value, switch to the HTTPS channel to re-download the data document.

结合第二方面,在第二方面的第一种可能实现方式中,所述数据校验单元具体用于:With reference to the second aspect, in the first possible implementation manner of the second aspect, the data verification unit is specifically configured to:

对接收的数据文件的预定位置、预定大小的数据进行校验计算,得到所述预定位置、预定大小的数据的较验值。Perform verification calculation on the data at the predetermined position and the predetermined size of the received data file, and obtain the verification value of the data at the predetermined position and the predetermined size.

结合第二方面的第一种可能实现方式,在第二方面的第二种可能实现方式中,所述预定位置为下载的前部分数据文件。With reference to the first possible implementation manner of the second aspect, in a second possible implementation manner of the second aspect, the predetermined location is a downloaded first part of the data file.

结合第二方面,在第二方面的第一种可能实现方式中,所述装置还包括:With reference to the second aspect, in a first possible implementation manner of the second aspect, the device further includes:

通过切换单元,用于向用户发送域名劫持的提示信息。The switching unit is used to send a prompt message of domain name hijacking to the user.

结合第二方面,在第二方面的第一种可能实现方式中,所述数据校验单元具体用于:通过计算数据文件的MD5值作为所述数据文件的较验值。With reference to the second aspect, in a first possible implementation manner of the second aspect, the data verification unit is specifically configured to: calculate the MD5 value of the data file as a verification value of the data file.

在本发明中,终端发送数据下载请求后,域名解析服务器会对终端的请求进行解析,得到数据文件对应的数据服务器地址,终端根据所述数据服务器地址进行数据文件下载,并对下载的文件进行校验,如果不相同,则切换至HTTPS通道进行数据文件的重新下载,从而可以有效的避免下载不安全的文件,以影响终端的正常运行,并且在异常时能够及时的通过HTTPS通道有效的下载正确的数据文件。In the present invention, after the terminal sends a data download request, the domain name resolution server will analyze the request of the terminal to obtain the address of the data server corresponding to the data file, and the terminal will download the data file according to the address of the data server, and perform Check, if not the same, switch to the HTTPS channel to re-download the data file, so as to effectively avoid downloading unsafe files, which will affect the normal operation of the terminal, and can be downloaded effectively through the HTTPS channel in time when there is an exception correct data file.

附图说明Description of drawings

图1为现有技术的文件下载方法示意图。FIG. 1 is a schematic diagram of a file downloading method in the prior art.

图2是本发明第一实施例提供的文件的安全下载方法的实现流程图;Fig. 2 is the implementation flowchart of the safe download method of the file provided by the first embodiment of the present invention;

图3是本发明第二实施例提供的文件的安全下载方法的实现流程图;Fig. 3 is the implementation flowchart of the safe downloading method of the file provided by the second embodiment of the present invention;

图4是本发明第三实施例提供的文件的安全下载装置的结构示意图。Fig. 4 is a schematic structural diagram of an apparatus for securely downloading files provided by a third embodiment of the present invention.

具体实施方式detailed description

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

本发明实施例的目的在于提供一种安全的文件下载方法,以解决现有技术中因存在域名劫持时,可能会下载到病毒文件,从而导致用户终端,比如电脑或者手机不能正常运行,甚至窃取用户的隐私资料,给用户带来财产的威胁。如图1所示,为现有技术的数据文件下载示意图,用户发送数据文件下载请求后,由DNS(域名解析服务器A)进行解析,并返回所需要下载文件的服务器地址,以到数据服务器A进行数据文件下载;当域名服务器A被劫持后,则由假的域名解析服务器B返回一个错误的地址,用户根据该错误的地址到数据服务器B进行文件下载时,则可能下载到非法用户设定的病毒文件,用户在不知情的情况下运行该文件时,则会使得终端感染病毒,造成终端不能正常运行,或者使得终端的隐私被窃取。The purpose of the embodiments of the present invention is to provide a safe file download method to solve the problem that virus files may be downloaded due to domain name hijacking in the prior art, resulting in user terminals, such as computers or mobile phones, not operating normally, or even stealing The user's private information poses a threat to the user's property. As shown in Figure 1, it is a schematic diagram of data file downloading in the prior art. After the user sends a data file download request, it is resolved by DNS (domain name resolution server A), and returns the server address of the file to be downloaded, so as to go to the data server A Download the data file; when the domain name server A is hijacked, the false domain name resolution server B returns a wrong address, and when the user downloads the file to the data server B according to the wrong address, it may be downloaded to an illegal user setting. If the user runs the file without knowing it, the terminal will be infected with the virus, causing the terminal to malfunction, or the privacy of the terminal to be stolen.

为克服上述问题,本发明提供了一种文件的安全下载方法,所述方法包括:向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址;根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件;对所述数据文件进行校验计算,得到所述数据文件的校验值;将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS(英文全称为Hyper TextTransfer Protocol over Secure Socket Layer,中文全称为安全套接字层超文本传输协议)通道重新下载数据文件。In order to overcome the above problems, the present invention provides a method for safely downloading files, said method comprising: sending a resolution request to a domain name resolution server, and receiving the data server address returned by the resolution server; The data server sends a data download request, receives the data file sent by the data server; performs check calculation on the data file to obtain the check value of the data file; checks the calculated check value with the preset data file If the calculated verification value is different from the preset verification value, switch to the HTTPS (English full name is Hyper Text Transfer Protocol over Secure Socket Layer, Chinese full name is Secure Socket Layer Hypertext Transfer Protocol) channel Download the data file again.

本发明终端发送数据下载请求后,域名解析服务器会对终端的请求进行解析,得到数据文件对应的数据服务器地址,终端根据所述数据服务器地址进行数据文件下载,并对下载的文件进行校验,如果不相同,则切换至HTTPS通道进行数据文件的重新下载,从而可以避免下载不安全的文件,影响终端的正常运行,并且在异常时能够及时的通过HTTPS通道有效的下载正确的数据文件。下面结合附图具体说明。After the terminal of the present invention sends a data download request, the domain name resolution server will analyze the request of the terminal to obtain the address of the data server corresponding to the data file, and the terminal will download the data file according to the address of the data server, and verify the downloaded file. If not, switch to the HTTPS channel to re-download the data file, so as to avoid downloading unsafe files and affect the normal operation of the terminal, and can effectively download the correct data file in time through the HTTPS channel in case of abnormality. It will be described in detail below in conjunction with the accompanying drawings.

实施例一:Embodiment one:

图2示出了本发明第一实施例提供的文件的安全下载方法的实现流程,详述如下:Fig. 2 shows the implementation process of the secure download method for files provided by the first embodiment of the present invention, which is described in detail as follows:

在步骤S201中,向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址。In step S201, send a resolution request to the domain name resolution server, and receive the data server address returned by the resolution server.

具体的,本发明实施例向域名解析服务器发送解析请求,一般是通过HTTP通道发送下载请求。Specifically, the embodiment of the present invention sends a resolution request to the domain name resolution server, generally a download request is sent through an HTTP channel.

所述HTTP(英文全称为Hyper Text Transfer Protocol,中文全称为超文本传输协议)通道,用于从WWW服务器传输超文本到本地浏览器的传输协议。它可以使浏览器更加高效,使网络传输减少。它不仅保证计算机正确快速地传输超文本文档,还确定传输文档中的哪一部分,以及哪部分内容首先显示(如文本先于图形)等。也即,使用HTTP通道进行文件下载时,可以实现文件的高效下载。Described HTTP (English full name is Hyper Text Transfer Protocol, Chinese full name is Hypertext Transfer Protocol) channel, is used for transferring hypertext from WWW server to the transmission protocol of local browser. It can make browsers more efficient and reduce network transfers. It not only ensures that the computer transmits hypertext documents correctly and quickly, but also determines which part of the document to transmit, and which part of the content is displayed first (such as text before graphics), etc. That is, when the HTTP channel is used for file download, efficient file download can be realized.

终端发送解析请求,即对数据服务器地址的解析请求,由现有技术中的域名劫持特点可知,如果域名服务器DNS被劫持,则可能返回一个错误的下载地址。即返回的下载地址对应的下载文件与用户期望的下载地址对应的下载文件不一致。The terminal sends a resolution request, that is, a resolution request for the address of the data server. According to the characteristics of domain name hijacking in the prior art, if the DNS of the domain name server is hijacked, a wrong download address may be returned. That is, the downloaded file corresponding to the returned download address is inconsistent with the downloaded file corresponding to the download address expected by the user.

在步骤S202中,根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件。In step S202, according to the address of the data server, a data download request is sent to the data server, and a data file sent by the data server is received.

在域名解析服务器对下载请求进行解析后,得到数据服务器地址,终端根据接收到的数据服务器地址,进行文件的下载。After the domain name resolution server parses the download request, the address of the data server is obtained, and the terminal downloads the file according to the received address of the data server.

在本步骤中,如果出现DNS劫持,则下载的文件可能是病毒文件或者其它非法文件,如果没有出现DNS劫持,则用户通过HTTP通道,可以快速有效的下载所需要的文件。In this step, if DNS hijacking occurs, the downloaded file may be a virus file or other illegal files; if DNS hijacking does not occur, the user can quickly and effectively download the desired file through the HTTP channel.

在步骤S203中,对所述数据文件进行校验计算,得到所述数据文件的校验值。In step S203, check calculation is performed on the data file to obtain a check value of the data file.

为了检测是否发生域名劫持,本发明通过对下载的数据文件进行校验,并通过对校验计算得到校验值。In order to detect whether domain name hijacking occurs, the present invention verifies downloaded data files, and obtains a verification value through verification calculation.

所述校验计算可以通过计算MD5值的方法进行校验。The verification calculation can be verified by calculating the MD5 value.

其中,所述MD5值,英文全称为Message Digest Algorithm MD5,中文名为消息摘要算法第五版。MD5算法具有以下特点:Among them, the MD5 value, the English full name is Message Digest Algorithm MD5, and the Chinese name is the fifth edition of the message digest algorithm. The MD5 algorithm has the following characteristics:

1、压缩性:任意长度的数据,算出的MD5值长度都是固定的。1. Compressibility: For any length of data, the length of the calculated MD5 value is fixed.

2、容易计算:从原数据计算出MD5值很容易。2. Easy to calculate: It is easy to calculate the MD5 value from the original data.

3、抗修改性:对原数据进行任何改动,哪怕只修改1个字节,所得到的MD5值都有很大区别。3. Anti-modification: Any modification to the original data, even if only one byte is modified, will result in a very different MD5 value.

4、弱抗碰撞:已知原数据和其MD5值,想找到一个具有相同MD5值的数据(即伪造数据)是非常困难的。4. Weak anti-collision: Knowing the original data and its MD5 value, it is very difficult to find a data with the same MD5 value (that is, forged data).

5、强抗碰撞:想找到两个不同的数据,使它们具有相同的MD5值,是非常困难的。5. Strong anti-collision: It is very difficult to find two different data so that they have the same MD5 value.

由于MD5值的以上特点,使得校验的结果的准确率非常高。Due to the above characteristics of the MD5 value, the accuracy of the verification result is very high.

在步骤S204中,将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件。In step S204, the calculated check value is compared with the preset check value of the data file, and if the calculated check value is different from the preset check value, switch to the HTTPS channel to re-download the data file.

所述预设的校验值,可以为服务器提供的MD5值,显示在服务器页面,也可以通过其它方式发送给终端或者发送给用户,使得用户可以将计算得到的校验值与预设的校验值进行比较。The preset check value can be the MD5 value provided by the server, displayed on the server page, or sent to the terminal or the user in other ways, so that the user can compare the calculated check value with the preset check value. value for comparison.

当计算得到的校验值与预设的校验值不同时,则说明当前下载的数据为非正常数据,可能请求被非法解析造成的错误文件下载。When the calculated check value is different from the preset check value, it means that the currently downloaded data is abnormal data, and an error file download caused by illegal analysis may be requested.

当所述文件为错误下载的文件时,通过HTTPS通道对文件进行重新下载。其中,所述HTTPS通道,是在HTTP的基础上加入了SSL(英文全称为SecureSockets Layer,中文全称为安全套接层)协议,SSL依靠证书来验证服务器的身份,并为浏览器和服务器之间的通信加密。When the file is wrongly downloaded, the file is re-downloaded through the HTTPS channel. Wherein, the HTTPS channel is based on the addition of SSL (English full name is SecureSockets Layer, Chinese full name is Secure Sockets Layer) protocol on the basis of HTTP. SSL relies on certificates to verify the identity of the server, and is used for communication between the browser and the server. Communication encryption.

当然,本发明实施例还可以向用户发送报警提示信息,提示当前网络存在异常,比如一些常见的钓鱼热点等,提醒用户注意数据隐私的保密。Of course, the embodiment of the present invention can also send an alarm prompt message to the user, prompting that there is anomaly in the current network, such as some common phishing hotspots, etc., reminding the user to pay attention to the confidentiality of data privacy.

本发明通过HTTPS通道对数据文件进行重新下载,可以使得在特殊情况下能够避免对终端造成的损害,有利于终端的数据安全。The invention re-downloads the data file through the HTTPS channel, which can avoid damage to the terminal under special circumstances, and is beneficial to the data security of the terminal.

实施例二:Embodiment two:

图2示出了本发明第二实施例提供的文件的安全下载方法的实现流程,详述如下:Fig. 2 shows the implementation flow of the secure download method for files provided by the second embodiment of the present invention, which is described in detail as follows:

在步骤S301中,向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址。In step S301, send a resolution request to the domain name resolution server, and receive the data server address returned by the resolution server.

在步骤S302中,根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件。In step S302, according to the address of the data server, a data download request is sent to the data server, and a data file sent by the data server is received.

步骤S301-302与实施例一中的步骤S201-202基本相同,在此不作重复赘述。Steps S301-302 are basically the same as steps S201-202 in Embodiment 1, and will not be repeated here.

在步骤S303中,对接收的数据文件的预定位置、预定大小的数据进行校验计算,得到所述预定位置、预定大小的数据的较验值。In step S303, a verification calculation is performed on the data at the predetermined position and the predetermined size of the received data file, and a verification value of the data at the predetermined position and the predetermined size is obtained.

具体的,本发明实施例中通过设定对下载的数据文件的指定位置的指定大小的数据进行校验,比如对下载的前8K数据进行校验,从而可以避免对整个数据文件进行校验计算,这样可以提高校验的效率。Specifically, in the embodiment of the present invention, by setting the data of the specified size at the specified location of the downloaded data file to be verified, such as verifying the first 8K data downloaded, it is possible to avoid performing verification calculations on the entire data file , which can improve the efficiency of verification.

优选的实施方式中,所述预定位置为下载的前部分数据文件。这样的好处在于,可以通过下载到少量的数据文件即可对文件的有效性进行校验,与下载完整个文件进行校验的方式相比,其可大大提高验证效率,并且大大的节约下载的流量,并且能够更加及时的发现异常下载状况。In a preferred implementation manner, the predetermined location is the downloaded first part of the data file. The advantage of this is that the validity of the file can be verified by downloading a small number of data files. Compared with the method of downloading the entire file for verification, it can greatly improve the verification efficiency and greatly save the download time. traffic, and can detect abnormal download conditions in a more timely manner.

在步骤S304中,将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件。In step S304, the calculated check value is compared with the preset check value of the data file, and if the calculated check value is different from the preset check value, switch to the HTTPS channel to re-download the data file.

本发明实施例与实施例一相比,区别之处在于,本发明实施例具体限定了对下载的指定位置的指定大小的数据进行校验,特别是对于下载的前一部分数据进行校验,可以提高校验效率的同时,也能够大大的节约下载流量,避免流量的浪费,使得能够更加及时的发现异常下载。Compared with Embodiment 1, the embodiment of the present invention differs in that the embodiment of the present invention specifically limits the verification of the downloaded data of a specified size at a specified location, especially the verification of the previous part of the downloaded data, which can While improving the verification efficiency, it can also greatly save the download traffic, avoid the waste of traffic, and make it possible to find abnormal downloads in a more timely manner.

实施例三:Embodiment three:

图4示出了本发明第三实施例提供的文件的安全下载装置的结构示意图,详述如下:FIG. 4 shows a schematic structural diagram of a device for securely downloading files provided by the third embodiment of the present invention, which is described in detail as follows:

本发明实施例中所述文件的安全下载装置,包括:The safe download device of the file described in the embodiment of the present invention comprises:

解析请求单元401,用于向域名解析服务器发送解析请求,并根据接收由解析服务器返回的数据服务器地址;A resolution request unit 401, configured to send a resolution request to the domain name resolution server, and receive the data server address returned by the resolution server;

数据接收单元402,用于根据所述数据服务器地址,向数据服务器发送数据下载请求,接收由数据服务器发送的数据文件;A data receiving unit 402, configured to send a data download request to the data server according to the address of the data server, and receive a data file sent by the data server;

数据校验单元403,用于对所述数据文件进行校验计算,得到所述数据文件的校验值;A data verification unit 403, configured to perform verification calculation on the data file to obtain a verification value of the data file;

校验值比较单元404,用于将计算的校验值与预设的数据文件校验值进行比较,如果计算得到的校验值与预设的校验值不同,则切换至HTTPS通道重新下载数据文件。The verification value comparison unit 404 is used to compare the calculated verification value with the preset data file verification value, and if the calculated verification value is different from the preset verification value, then switch to the HTTPS channel to re-download data file.

优选的,所述数据校验单元具体用于:Preferably, the data verification unit is specifically used for:

对接收的数据文件的预定位置、预定大小的数据进行校验计算,得到所述预定位置、预定大小的数据的较验值。Perform verification calculation on the data at the predetermined position and the predetermined size of the received data file, and obtain the verification value of the data at the predetermined position and the predetermined size.

优选的,所述预定位置为下载的前部分数据文件。Preferably, the predetermined location is the downloaded first part of the data file.

优选的,所述装置还包括:Preferably, the device also includes:

通过切换单元,用于向用户发送域名劫持的提示信息。The switching unit is used to send a prompt message of domain name hijacking to the user.

优选的,所述数据校验单元具体用于:通过计算数据文件的MD5值作为所述数据文件的较验值。Preferably, the data verification unit is specifically configured to: calculate the MD5 value of the data file as the verification value of the data file.

本发明实施例所述文件的安全下载装置与实施例一至二所述的文件的安全下载方法对应,在此不作重复赘述。The device for securely downloading files described in the embodiments of the present invention corresponds to the method for securely downloading files described in Embodiments 1 and 2, and will not be repeated here.

在本发明所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on such an understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the methods described in various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disc, etc., which can store program codes. .

以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. Any modifications, equivalent replacements and improvements made within the spirit and principles of the present invention should be included in the protection of the present invention. within range.

Claims (10)

1. a method for safely downloading for file, is characterized in that, described method comprises:
Analysis request is sent to domain name resolution server, and according to receiving the data server address returned by resolution server;
According to described data server address, send data download request to data server, receive the data file sent by data server;
Verify calculation is carried out to described data file, obtains the check value of described data file;
The check value of calculating and the data file check value preset are compared, if the check value calculated is different from the check value preset, then switches to HTTPS passage download data files again.
2. method according to claim 1, is characterized in that, describedly carries out verify calculation to described data file, and the check value step obtaining described data file is specially:
Carry out verify calculation to the precalculated position of the data file received, the data of pre-sizing, what obtain the data of described precalculated position, in advance sizing comparatively tests value.
3. method according to claim 2, is characterized in that, described precalculated position is the forward part data file downloaded.
4. method according to claim 1, it is characterized in that, described, the check value of calculating and the data file check value preset are compared, if the check value calculated is different from the check value preset, then switch to HTTPS passage again after download data files step, described method also comprises:
The information of Domain Hijacking is sent to user.
5. method according to claim 1, is characterized in that, describedly carries out verify calculation step to described data file and is specially: comparatively test value by the MD5 value of calculated data file as described data file.
6. a secure download device for file, is characterized in that, described device comprises:
Analysis request unit, for sending analysis request to domain name resolution server, and according to receiving the data server address returned by resolution server;
Data receipt unit, for according to described data server address, sends data download request to data server, receives the data file sent by data server;
Data check unit, for carrying out verify calculation to described data file, obtains the check value of described data file;
Check value comparing unit, for the check value of calculating and the data file check value preset being compared, if the check value calculated is different from the check value preset, then switches to HTTPS passage download data files again.
7. device according to claim 6, is characterized in that, described data check unit specifically for:
Carry out verify calculation to the precalculated position of the data file received, the data of pre-sizing, what obtain the data of described precalculated position, in advance sizing comparatively tests value.
8. device according to claim 7, is characterized in that, described precalculated position is the forward part data file downloaded.
9. device according to claim 6, it is characterized in that, described device also comprises:
By switch unit, for sending the information of Domain Hijacking to user.
10. device according to claim 6, is characterized in that, described data check unit specifically for: comparatively test value by the MD5 value of calculated data file as described data file.
CN201510176604.6A 2015-04-14 2015-04-14 Method and device for safely downloading file Expired - Fee Related CN104735086B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510176604.6A CN104735086B (en) 2015-04-14 2015-04-14 Method and device for safely downloading file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510176604.6A CN104735086B (en) 2015-04-14 2015-04-14 Method and device for safely downloading file

Publications (2)

Publication Number Publication Date
CN104735086A true CN104735086A (en) 2015-06-24
CN104735086B CN104735086B (en) 2018-01-16

Family

ID=53458521

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510176604.6A Expired - Fee Related CN104735086B (en) 2015-04-14 2015-04-14 Method and device for safely downloading file

Country Status (1)

Country Link
CN (1) CN104735086B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105245550A (en) * 2015-10-29 2016-01-13 广州酷狗计算机科技有限公司 Domain name hijacking judgment method and device
CN105337975A (en) * 2015-11-02 2016-02-17 汉柏科技有限公司 Virus scanning method and system
CN106020858A (en) * 2016-04-29 2016-10-12 乐视控股(北京)有限公司 Method, terminal and system for downloading and installation of application program
CN106331009A (en) * 2015-06-26 2017-01-11 广州市动景计算机科技有限公司 Application program downloading method, device and system
CN106790083A (en) * 2016-12-22 2017-05-31 掌阅科技股份有限公司 Detection method, device and mobile terminal that DNS is kidnapped
CN107257361A (en) * 2017-05-27 2017-10-17 广东艾檬电子科技有限公司 A kind of method and mobile terminal for downloading application program
CN107332821A (en) * 2017-05-27 2017-11-07 北京奇虎科技有限公司 It is a kind of to realize the method communicated between client and server, device and server
CN107528825A (en) * 2017-07-06 2017-12-29 努比亚技术有限公司 A kind of resource downloading method, terminal and computer-readable recording medium
CN107770213A (en) * 2016-08-18 2018-03-06 中兴通讯股份有限公司 Data processing method, device, server and terminal
CN110889143A (en) * 2018-09-07 2020-03-17 阿里巴巴集团控股有限公司 File verification method and device
CN114270928A (en) * 2019-10-23 2022-04-01 深圳市欢太科技有限公司 Abnormity recovery method, abnormity recovery device and mobile terminal

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020104022A1 (en) * 2001-01-30 2002-08-01 Jorgenson Daniel Scott Secure routable file upload/download across the internet
US20070072648A1 (en) * 2005-09-23 2007-03-29 Stoops Daniel S Method and apparatus for identifying a calling party
CN101610290A (en) * 2009-07-22 2009-12-23 深圳市茁壮网络股份有限公司 The method of download management and download management unit and download system
CN103561040A (en) * 2013-11-15 2014-02-05 中国科学院声学研究所 File downloading method and system
CN103942277A (en) * 2014-03-31 2014-07-23 北京奇虎科技有限公司 Method and device for downloading file in browsers and browsers
CN104079673A (en) * 2014-07-30 2014-10-01 北京奇虎科技有限公司 Method, device and system for preventing DNS hijack during application download

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020104022A1 (en) * 2001-01-30 2002-08-01 Jorgenson Daniel Scott Secure routable file upload/download across the internet
US20070072648A1 (en) * 2005-09-23 2007-03-29 Stoops Daniel S Method and apparatus for identifying a calling party
CN101610290A (en) * 2009-07-22 2009-12-23 深圳市茁壮网络股份有限公司 The method of download management and download management unit and download system
CN103561040A (en) * 2013-11-15 2014-02-05 中国科学院声学研究所 File downloading method and system
CN103942277A (en) * 2014-03-31 2014-07-23 北京奇虎科技有限公司 Method and device for downloading file in browsers and browsers
CN104079673A (en) * 2014-07-30 2014-10-01 北京奇虎科技有限公司 Method, device and system for preventing DNS hijack during application download

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106331009A (en) * 2015-06-26 2017-01-11 广州市动景计算机科技有限公司 Application program downloading method, device and system
CN105245550A (en) * 2015-10-29 2016-01-13 广州酷狗计算机科技有限公司 Domain name hijacking judgment method and device
CN105245550B (en) * 2015-10-29 2019-01-22 广州酷狗计算机科技有限公司 Domain Hijacking determination method and device
CN105337975A (en) * 2015-11-02 2016-02-17 汉柏科技有限公司 Virus scanning method and system
CN106020858A (en) * 2016-04-29 2016-10-12 乐视控股(北京)有限公司 Method, terminal and system for downloading and installation of application program
CN107770213A (en) * 2016-08-18 2018-03-06 中兴通讯股份有限公司 Data processing method, device, server and terminal
CN106790083A (en) * 2016-12-22 2017-05-31 掌阅科技股份有限公司 Detection method, device and mobile terminal that DNS is kidnapped
CN107257361A (en) * 2017-05-27 2017-10-17 广东艾檬电子科技有限公司 A kind of method and mobile terminal for downloading application program
CN107332821A (en) * 2017-05-27 2017-11-07 北京奇虎科技有限公司 It is a kind of to realize the method communicated between client and server, device and server
CN107528825A (en) * 2017-07-06 2017-12-29 努比亚技术有限公司 A kind of resource downloading method, terminal and computer-readable recording medium
CN110889143A (en) * 2018-09-07 2020-03-17 阿里巴巴集团控股有限公司 File verification method and device
CN114270928A (en) * 2019-10-23 2022-04-01 深圳市欢太科技有限公司 Abnormity recovery method, abnormity recovery device and mobile terminal

Also Published As

Publication number Publication date
CN104735086B (en) 2018-01-16

Similar Documents

Publication Publication Date Title
CN104735086B (en) Method and device for safely downloading file
EP2854365B1 (en) Detecting and preventing man-in-the-middle attacks on an encrypted connection
CN111935169B (en) Business data access method, device, equipment and storage medium
US11128621B2 (en) Method and apparatus for accessing website
CN104468531B (en) The authorization method of sensitive data, device and system
CN107046544B (en) Method and device for identifying illegal access request to website
US10607016B2 (en) Decrypting files for data leakage protection in an enterprise network
WO2020233308A1 (en) Self-checking method, apparatus and device based on local certificate, and storage medium
US9843565B2 (en) Web form protection
CN107436873B (en) Web site jumping method, device and relay device
US9935995B2 (en) Embedded script security using script signature validation
CN104239577A (en) Method and device for detecting authenticity of webpage data
CN107016074B (en) Webpage loading method and device
CN104283903A (en) Downloading method for files and device thereof
CN106330817A (en) Webpage access method, device and terminal
CN113225348B (en) Request anti-replay verification method and device
CN104333548A (en) Method and system of accessing local services in https websites
CN106487752B (en) Method and device for verifying access security
CN105337975A (en) Virus scanning method and system
US9544153B1 (en) Compression of cryptographic chaining certificates
CN106470186B (en) A method of accessing third party's resource in a manner of jumping
CN113965366B (en) Method, system and computer equipment for defending reverse proxy phishing attack
CN114398620A (en) Single sign-on method, system, electronic device, and readable medium
CN106130996A (en) A kind of website attack protection checking system and method
KR101378549B1 (en) Security server and method of dynamic web contents

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address
CP03 Change of name, title or address

Address after: Changan town in Guangdong province Dongguan 523860 usha Beach Road No. 18

Patentee after: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

Address before: Changan town in Guangdong province Dongguan 523841 usha Beach Road No. 18

Patentee before: GUANGDONG OPPO MOBILE TELECOMMUNICATIONS Corp.,Ltd.

CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180116