CN110247894B - A method and device for identifying counterfeit handle servers - Google Patents
A method and device for identifying counterfeit handle servers Download PDFInfo
- Publication number
- CN110247894B CN110247894B CN201910407635.6A CN201910407635A CN110247894B CN 110247894 B CN110247894 B CN 110247894B CN 201910407635 A CN201910407635 A CN 201910407635A CN 110247894 B CN110247894 B CN 110247894B
- Authority
- CN
- China
- Prior art keywords
- handle
- hash value
- target
- service information
- home service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000004458 analytical method Methods 0.000 claims abstract description 37
- 230000009466 transformation Effects 0.000 claims abstract description 23
- 238000006243 chemical reaction Methods 0.000 claims abstract description 9
- 238000012545 processing Methods 0.000 claims description 24
- 238000004891 communication Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 7
- 230000004083 survival effect Effects 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 9
- 230000000875 corresponding effect Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 238000007726 management method Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 230000003993 interaction Effects 0.000 description 4
- 230000003287 optical effect Effects 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000004044 response Effects 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 230000002596 correlated effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a method and a device for identifying a fake handle server, relates to the technical field of Internet, and can ensure that the handle server is not tampered in the analysis process of a handle system identifier. The method comprises the following steps: acquiring a target handle code analysis request sent by a client; if the target handle code analysis request comprises the security request, acquiring a second hash value corresponding to a first hash value of the target handle code stored on the block chain after hash conversion; matching target home service information according to the target handle code; performing hash transformation on the target home service information to obtain a third hash value; and if the second hash value is determined to be the same as the third hash value, determining that the handle server is not forged. The embodiment of the application is applied to the analysis of the handle system identification.
Description
Technical Field
The embodiment of the invention relates to the technical field of Internet, in particular to a method and a device for identifying a fake handle server.
Background
The Handle system is used as a universal name service system, can provide basic services such as permanent identification, dynamic link, safety management and the like for digital objects in a network, and has a wider application prospect with the development of the internet and the rise of new technologies such as the internet of things and the like in recent years.
The security of the Handle system depends on the security of the client and the Handle server. When doing business, the handle system and the client usually trust each other completely. The integrity of the handle system depends to a large extent on the integrity of the information of the global service, including the local handle service under which the home service is included. Not only can invalid global service information mislead the client to use an inappropriate local handle service, but the invalid global service information also allows an attacker to forge the handle server signature. In addition, for efficiency, the handle server will generate or return a digital signature for the home service response only if specifically required by the client, and the client must explicitly require the handle server to return a digital signature in order to ensure the integrity of the data, in which case the client may require the handle server to encrypt any data using a session key after establishing a communication session with the handle server in order to protect sensitive data from disclosure.
Therefore, the security of the existing handle system depends strongly on the security of the handle server and the security of the client during each interaction between the handle server and the client. For efficiency, if the request of the client to return the digital signature is not received, the handle server does not generate or return the digital signature for each home service response, and the client must explicitly request the handle server to return the digital signature in order to ensure the integrity of the data. When data is sensitive, although the key is used again by the handle server after the client and the handle server establish a session, the client explicitly requires the handle system to return a digital signature, and invalid global service information allows an attacker to forge the server signature, so that the existing handle system has a vulnerability in overall security.
Disclosure of Invention
Embodiments of the present invention provide a method and an apparatus for identifying a fake handle server, which can ensure that the handle server is not tampered during the analysis process of a handle system identifier.
In a first aspect, a method for identifying a fake handle server is provided, which includes the following steps: acquiring a target handle code analysis request sent by a client, wherein the target handle code analysis request comprises a target handle code; if the target handle code analysis request comprises the security request, acquiring a second hash value corresponding to a first hash value of the target handle code stored on the block chain after hash conversion, wherein the second hash value is a hash value of home service information matched with the target handle code and pre-stored on the block chain; matching target home service information according to the target handle code; performing hash transformation on the target home service information to obtain a third hash value; and if the second hash value is the same as the third hash value, determining that the handle server is not forged, wherein the target home service information is used for indicating the client to select the handle server.
In the scheme, a target handle code analysis request sent by a client is obtained, wherein the target handle code analysis request comprises a target handle code; if the target handle code analysis request comprises the security request, acquiring a second hash value corresponding to a first hash value of the target handle code stored on the block chain after hash conversion, wherein the second hash value is a hash value of home service information matched with the target handle code and pre-stored on the block chain; matching target home service information according to the target handle code; performing hash transformation on the target home service information to obtain a third hash value; and if the second hash value is determined to be the same as the third hash value, determining that the handle server is not forged. The method and the device have the advantages that the Hash transformation and the block chain storage are combined to be used for judging whether the handle server is forged or not, when the second Hash value of the home service information which is stored in the block chain and matched with the target handle code is identical to the third Hash value of the target home service information which is matched with the target handle code and needs to be analyzed by the client, the fact that the handle server is not forged is determined, when data are sensitive, whether the handle server is correct or not can be automatically identified, and the fact that the strength of the handle server and the safety of the client depend on the strength of the handle server in the analyzing process of the handle system identification in the prior art is avoided.
In a second aspect, an apparatus for identifying a counterfeit handle server is provided, including: the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a target handle code analysis request sent by a client, and the target handle code analysis request comprises a target handle code; the obtaining module is further configured to obtain a second hash value corresponding to the first hash value after hash conversion is performed on the target handle code stored in the block chain if it is determined that the target handle code analysis request includes the secret request, where the second hash value is a hash value of home service information matched with the target handle code and pre-stored in the block chain; the matching module is used for matching the target home service information according to the target handle code acquired by the acquisition module; the processing module is used for carrying out hash transformation on the target home service information matched by the matching module to obtain a third hash value; and the determining module is used for determining that the handle server is not forged if the second hash value acquired by the acquiring module is the same as the third hash value acquired by the processing module, wherein the target home service information is used for indicating the client to select the handle server.
In a third aspect, an apparatus for identifying a fake handle server is provided, including a communication interface, a processor, a memory, and a bus; the memory is used for storing computer-executable instructions, the processor is connected with the memory through the bus, and when the device for identifying the fake handle server runs, the processor executes the computer-executable instructions stored in the memory so as to enable the device for identifying the fake handle server to execute the method for identifying the fake handle server according to the first aspect.
In a fourth aspect, there is provided a computer storage medium comprising instructions which, when executed on a computer, cause the computer to perform the method of identifying a fake handle server as described above.
In a fifth aspect, a computer program product is provided, the computer program product comprising instruction code for performing the method of identifying a fake handle server as described above.
It can be understood that any one of the above-mentioned apparatuses, computer storage media, or computer program products for identifying a counterfeit handle server is used to execute the method according to the first aspect, and therefore, the beneficial effects that can be achieved by the apparatuses, the computer storage media, or the computer program products refer to the beneficial effects of the method according to the first aspect and the corresponding solutions in the following detailed description, and are not described herein again.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic diagram of a handle system architecture according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a method for identifying a counterfeit handle server according to an embodiment of the present invention;
fig. 3 is a schematic structural diagram of an apparatus for identifying a counterfeit handle server according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of an apparatus for identifying a counterfeit handle server according to another embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The Handle system adopts a distributed management architecture to realize distributed management of each data storage system. Under the distributed management architecture of the Handle system, a service platform can be built at low cost and quickly, and the service platform is simply and quickly butted with different systems, supports various applications and provides services for the applications. Referring to fig. 1, the top layer is composed of a global service, where the global service is called a Global Handle Registry (GHR). The lower layer is composed of all local handle services such as local handle service 1 (LHS) and local handle service 2, where each local handle service has its own sub-name space, for example, local handle service 1 has sub-name space 1, and local handle service 2 has sub-name space 2. A local handle service consists of two parts: naming authority (naming authority), called home service, also called prefix; and the unique handle under the naming authority, called suffix, i.e. handle code in the present application, for example, local handle service 1 owns home service 11 and home service 12 under sub-name space 1, where the unique handle1 under home service 11 and the unique handle2 under home service 12 correspond; the local handle service 2 has a home service 21 and a home service 22 under the sub-name space 2, wherein the home service 21 corresponds to a unique handle3 under the home service 21, and the home service 22 corresponds to a unique handle4 under the home service 22.
Based on the distributed service system architecture of the handle system, the sub-name space of any local handle service can be provided with the service by the corresponding local handle service, the global service or both. The global service may be used to send any handle service request to the responsible local handle service. The distributed service architecture of the Handle system allows any given Handle service to be replicated to service sites under multiple home services, each of which may further distribute it to a single cluster of Handle servers. The local handle service provides the handle with the only service of the parsing and management service under the home service, so before the handle is parsed, the client must determine the home service of the handle. The home service of each handle is registered with the global handle registry. The client can find the home service of each handle by querying the naming authority handle at the global handle registry. The client sends a handle analysis request to the global handle registration center; the method comprises the steps that a global handle registry inquires a home service according to a handle analysis request, and returns service information of the home service, namely home service information, to a client, wherein the home service information lists service sites of the given home service and interfaces of each handle server in each service site; the client selects a service site from the service information, finds a responsible handle server in the site, and sends a handle analysis request to the handle server. For example, the handle code to be resolved is "ncstrl. The client needs to know the home service of "ncstrl. The home service can be obtained by the handle system querying the naming authority handle "0. NA/ncstrl.vatech _ cs" at GHR. The handle system will return the home service information according to the home service. From the home service information, the client can select a service site, find a responsible handle server in the service site, and send the parsing request to the handle server.
Based on the handle system architecture and the method for querying the handle server in the global handle registration center by the client, the application provides a method for identifying a fake handle server, which is shown in fig. 2 and specifically comprises the following steps:
201. and acquiring a target handle code analysis request sent by the client.
Firstly, since the analysis and management of the target handle code is provided by the home service, which is also the only provider, the home service information lists the service sites of the given home service and the interfaces of each handle server in each service site, the client selects one service site from the service information, finds the responsible handle server in the site, and sends a handle analysis request to the handle server, so that the client needs to determine the home service information before analyzing the target handle code.
Therefore, it is preferable that the home service information is matched to the target handle code when the target handle code is used for the first time after the application. That is, when the handle system acquires the target handle code for the first time, the home service is inquired for the target handle code in the global handle registration center, and the home service information is acquired.
Further, hash transformation (hash) is carried out on the target handle code to obtain a first hash value, at the moment, the globally unique target handle code is hashed to generate a string of 256-bit strings which cannot be reversely cracked in the prior art, namely the first hash value.
Further, hash transformation is carried out on the home service information, and a second hash value is obtained. The method comprises the following steps: and if the survival time of the home service information is determined to be overtime, matching new home service information for the target handle code again, and performing hash transformation on the new home service information to obtain a second hash value. For example, if the survival time of the home service information is 24 hours, after the home service information survives for 24 hours, the handle system queries and matches a new home service for the target handle code in the global handle registration center again, and then hashes the service information of the home service to obtain a second hash value.
Further, the first hash value and the second hash value are correlated to generate a correlation result.
Preferably, the first hash value and the second hash value may be associated in a form of a conventional database table to generate an association table. Of course, the association key-value pair may also be generated by associating the first hash value with the second hash value in json's key-value pair format.
Further, the correlation result is stored in the block chain.
Secondly, when the client needs to analyze the target handle code, sending a target handle code analysis request to the handle system, and acquiring the target handle code analysis request sent by the client by the handle system, wherein the target handle code analysis request comprises the target handle code.
202. And if the target handle code analysis request comprises the security request, acquiring a second hash value corresponding to the first hash value after the hash conversion is carried out on the target handle code stored on the block chain.
The second hash value is a hash value of the home service information that is pre-stored on the block chain and matched with the target handle code, that is, the second hash value in step 201.
203. And matching the target home service information according to the target handle code.
Specifically, the handle system queries the target home service in the global handle registration center according to the target handle code, and acquires the target home service information.
204. And carrying out hash transformation on the target home service information to obtain a third hash value.
205. And if the second hash value is determined to be the same as the third hash value, determining that the handle server is not forged.
Specifically, the second hash value is a hash value of home service information which is prestored in the block chain and matched with the target handle code, and the third hash value is a hash value of target home service information which is sent by the client and matched with the target handle code most recently; since the home service information is matched with the same target home code twice, if the second hash value of the home service information is the same as the third hash value of the target home service information, it can be determined that the service site carried in the target home service information and the interface of the server are not modified, that is, the home server is not forged.
And the target home service information is used for indicating the client to select a handle server.
Specifically, the target home service information may list the service sites of a given target home service, as well as the interface of each handle server in each service site. And the handle system feeds the target home service information back to the client, the client selects a service site from the service information, finds a responsible handle server in the site, and sends a handle analysis request to the handle server.
Further, in the application, the information and the service which have the globally unique identifier in the home service may also be associated with the hash value of the target handle code.
In the scheme, a target handle code analysis request sent by a client is obtained, wherein the target handle code analysis request comprises a target handle code; if the target handle code analysis request comprises the security request, acquiring a second hash value corresponding to a first hash value of the target handle code stored on the block chain after hash conversion, wherein the second hash value is a hash value of home service information matched with the target handle code and pre-stored on the block chain; matching target home service information according to the target handle code; performing hash transformation on the target home service information to obtain a third hash value; and if the second hash value is determined to be the same as the third hash value, determining that the handle server is not forged. The method and the device have the advantages that the Hash transformation and the block chain storage are combined to be used for judging whether the handle server is forged or not, when the second Hash value of the home service information which is stored in the block chain and matched with the target handle code is identical to the third Hash value of the target home service information which is matched with the target handle code and needs to be analyzed by the client, the fact that the handle server is not forged is determined, when data are sensitive, whether the handle server is correct or not can be automatically identified, and the fact that the strength of the handle server and the safety of the client depend on the strength of the handle server in the analyzing process of the handle system identification in the prior art is avoided.
In the embodiment of the present invention, the functional modules of the device for identifying a counterfeit handle server may be divided according to the method embodiment, for example, each functional module may be divided corresponding to each function, or two or more functions may be integrated into one processing module. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, the division of the modules in the embodiment of the present invention is schematic, and is only a logic function division, and there may be another division manner in actual implementation.
Fig. 3 shows a schematic diagram of a possible structure of the apparatus for identifying a counterfeit handle server in the above embodiment, in the case of dividing each functional module according to each function. The method for identifying a fake handle server is implemented, wherein the device for identifying the fake handle server is applied to a handle system. Specifically, the method comprises the following steps:
the obtaining module 31 is configured to obtain a target handle code analysis request sent by a client, where the target handle code analysis request includes a target handle code; the obtaining module 31 is further configured to obtain a second hash value corresponding to a first hash value after hash conversion is performed on the target handle code stored in the block chain if it is determined that the target handle code analysis request includes a secret request, where the second hash value is a hash value of home service information matched with the target handle code and pre-stored in the block chain; the matching module 32 is configured to match the target home service information according to the target handle code acquired by the acquisition module 31; the processing module 33 is configured to perform hash transformation on the target home service information matched by the matching module 32 to obtain a third hash value; a determining module 34, configured to determine that the handle server is not forged if it is determined that the second hash value obtained by the obtaining module 31 is the same as the third hash value obtained by the processing module 33, where the target home service information is used to indicate that the client selects the handle server.
Optionally, the obtaining module 31 is further configured to obtain the target handle code; the matching module 32 is further configured to match home service information for the target handle code; the processing module 33 is further configured to perform hash transformation on the target handle code to obtain a first hash value; the processing module 33 is further configured to perform hash transformation on the home service information to obtain a second hash value; an association module 35, configured to associate the first hash value with the second hash value, and generate an association result; the processing module 33 is further configured to store the association result into a block chain.
Optionally, the associating module 35 is specifically configured to associate the first hash value with the second hash value in a form of a conventional database table, so as to generate an association table.
Optionally, the associating module 35 is specifically configured to associate the first hash value with the second hash value in a json key value pair manner, so as to generate an associated key value pair.
Optionally, the matching module 32 is further configured to match new home service information for the target handle code again if it is determined that the life time of the home service information is overtime; the processing module 33 is further configured to perform hash transformation on the new home service information to obtain a second hash value.
In the case of an integrated module, the means for identifying a spoofed handle server comprises: the device comprises a storage unit, a processing unit and an interface unit. The processing unit is used for controlling and managing the action of the device for identifying the fake handle server. And the interface unit is used for identifying the information interaction between the device of the fake handle server and other equipment. And the storage unit is used for storing program codes and data of the device for identifying the fake handle server.
For example, the processing unit is a processor, the storage unit is a memory, and the interface unit is a communication interface. The device for identifying the fake handle server is shown in fig. 4 and comprises a communication interface 401, a processor 402, a memory 403 and a bus 404, wherein the communication interface 401 and the processor 402 are connected with the memory 403 through the bus 404.
The Memory 403 may be a Read-Only Memory (ROM) or other type of static storage device that can store static information and instructions, a Random Access Memory (RAM) or other type of dynamic storage device that can store information and instructions, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), magnetic disk storage media or other magnetic storage devices, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these. The memory may be self-contained and coupled to the processor via a bus. The memory may also be integral to the processor.
The memory 403 is used for storing application program codes for executing the scheme of the application, and the processor 402 controls the execution. The communication interface 401 is used for information interaction with other devices, for example, information interaction between the apparatus supporting the counterfeit handle server and other devices, for example, data acquisition from other devices or data transmission to other devices. The processor 402 is configured to execute application program code stored in the memory 403 to implement the methods described in the embodiments of the present application.
Further, there is provided a computing storage medium (or media) comprising instructions that when executed perform the method operations performed by the apparatus for identifying a fake handle server in the above embodiments. Additionally, a computer program product is also provided, comprising the above-described computing storage medium (or media).
All relevant contents of each step related to the above method embodiment may be referred to the functional description of the corresponding functional module, and the function thereof is not described herein again.
It should be understood that, in various embodiments of the present invention, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation on the implementation process of the embodiments of the present invention.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described device embodiments are merely illustrative, and for example, the division of the units is only one logical functional division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above description is only for the specific embodiments of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of the changes or substitutions within the technical scope of the present invention, and all the changes or substitutions should be covered within the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (13)
1. A method of identifying a fake handle server, characterized in that,
acquiring a target handle code analysis request sent by a client, wherein the target handle code analysis request comprises a target handle code;
if the target handle code analysis request comprises a secret request, acquiring a second hash value corresponding to a first hash value of the target handle code after hash conversion, wherein the second hash value is a hash value of home service information matched with the target handle code and pre-stored in the block chain, and the home service information is acquired when the target handle code is used for the first time after application;
matching target home service information according to the target handle code;
performing hash transformation on the target home service information to obtain a third hash value, wherein the third hash value is the hash value of the target home service information which is newly matched with a target handle code sent by the client;
and if the second hash value is the same as the third hash value, determining that the handle server is not forged, wherein the target home service information is used for indicating a client to select the handle server.
2. A method for identifying a fake handle server as recited in claim 1, wherein before obtaining the target handle code resolution request sent by the client, the method further comprises:
acquiring the target handle code;
matching home service information for the target handle code;
performing hash transformation on the target handle code to obtain a first hash value;
performing hash transformation on the home service information to obtain a second hash value;
associating the first hash value with the second hash value to generate an association result;
and storing the correlation result into a block chain.
3. A method of identifying a spoofed handle server as in claim 2 wherein associating the first hash value with the second hash value generates an association result comprising:
and associating the first hash value with the second hash value in a traditional database table form to generate an association table.
4. A method of identifying a spoofed handle server as in claim 2 wherein associating the first hash value with the second hash value generates an association result comprising:
and associating the first hash value with the second hash value in a json key value pair mode to generate an associated key value pair.
5. A method of identifying a counterfeit handle server according to claim 2,
if the survival time of the home service information is determined to be overtime, matching new home service information for the target handle code again;
and carrying out hash transformation on the new home service information to obtain a second hash value.
6. An apparatus for identifying a counterfeit handle server, characterized in that,
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring a target handle code analysis request sent by a client, and the target handle code analysis request comprises a target handle code;
the obtaining module is further configured to obtain a second hash value corresponding to a first hash value of the target handle code after hash conversion is performed on the target handle code stored in the block chain if it is determined that the target handle code analysis request includes a secret request, where the second hash value is a hash value of home service information matched with the target handle code and pre-stored in the block chain, and the home service information is obtained when the target handle code is used for the first time after application;
the matching module is used for matching target home service information according to the target handle code acquired by the acquisition module;
the processing module is used for carrying out hash transformation on the target home service information matched by the matching module to obtain a third hash value, wherein the third hash value is the hash value of the target home service information which is newly matched with the target handle code and sent by the client;
and the determining module is used for determining that the handle server is not forged if the second hash value acquired by the acquiring module is the same as the third hash value acquired by the processing module, wherein the target home service information is used for indicating a client to select the handle server.
7. An arrangement for identifying a counterfeit handle server according to claim 6,
the obtaining module is further configured to obtain the target handle code;
the matching module is also used for matching home service information for the target handle code;
the processing module is further configured to perform hash transformation on the target handle code to obtain a first hash value;
the processing module is further configured to perform hash transformation on the home service information to obtain a second hash value;
the association module is used for associating the first hash value with the second hash value to generate an association result;
the processing module is further configured to store the association result in a block chain.
8. An arrangement for identifying a counterfeit handle server according to claim 7,
the association module is specifically configured to associate the first hash value with the second hash value in a form of a conventional database table, and generate an association table.
9. An arrangement for identifying a counterfeit handle server according to claim 7,
the association module is specifically configured to associate the first hash value with the second hash value in a json key value pair manner, and generate an associated key value pair.
10. An arrangement for identifying a counterfeit handle server according to claim 7,
the matching module is further used for matching new home service information for the target handle code again if the survival time of the home service information is determined to be overtime;
and the processing module is also used for carrying out hash transformation on the new home service information to obtain a second hash value.
11. The device for identifying the fake handle server is characterized by comprising a communication interface, a processor, a memory and a bus; the memory is used for storing computer-executable instructions, the processor is connected with the memory through the bus, and when the device for identifying a counterfeit handle server runs, the processor executes the computer-executable instructions stored in the memory so as to enable the device for identifying a counterfeit handle server to execute the method for identifying a counterfeit handle server according to any one of claims 1 to 5.
12. A computer storage medium comprising instructions that, when executed on a computer, cause the computer to perform the method of identifying a counterfeit handle server according to any of claims 1-5.
13. A computer program product, characterized in that the computer program product comprises instruction code for performing the method of identifying a counterfeit handle server according to any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910407635.6A CN110247894B (en) | 2019-05-16 | 2019-05-16 | A method and device for identifying counterfeit handle servers |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910407635.6A CN110247894B (en) | 2019-05-16 | 2019-05-16 | A method and device for identifying counterfeit handle servers |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110247894A CN110247894A (en) | 2019-09-17 |
| CN110247894B true CN110247894B (en) | 2021-06-18 |
Family
ID=67884530
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910407635.6A Active CN110247894B (en) | 2019-05-16 | 2019-05-16 | A method and device for identifying counterfeit handle servers |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110247894B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111082941B (en) * | 2019-11-22 | 2022-12-20 | 天翼物联科技有限公司 | Internet of things data sharing method and system based on block chain technology |
| CN111209596A (en) * | 2020-04-21 | 2020-05-29 | 国网电子商务有限公司 | Block chain-based industrial internet identification analysis access control method |
| CN112491855B (en) * | 2020-11-19 | 2023-04-07 | 中国联合网络通信集团有限公司 | Method and device for determining handle identifier analysis state |
| CN112256706B (en) * | 2020-11-19 | 2023-01-24 | 中国联合网络通信集团有限公司 | Method and device for determining handle reference state |
| CN112667929B (en) * | 2020-12-11 | 2023-11-03 | 北京中数创新科技股份有限公司 | Prefix and identification data safe pushing method and system based on Handle system |
| CN112667930B (en) * | 2020-12-18 | 2024-09-06 | 北京中数创新科技股份有限公司 | Prefix aggregation method and system based on Handle system |
| CN112948876A (en) * | 2021-02-26 | 2021-06-11 | 中国联合网络通信集团有限公司 | Tracing method and device |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2104305A1 (en) * | 2008-03-21 | 2009-09-23 | Koninklijke KPN N.V. | Call service handling in an IMS-based system |
| CN103546502A (en) * | 2012-07-11 | 2014-01-29 | 中国电信股份有限公司 | Metadata sharing method and cloud storage server |
| CN104219232A (en) * | 2014-08-26 | 2014-12-17 | 浙江大学 | Method for controlling file security of block distributed file system |
| CN105247529A (en) * | 2013-04-30 | 2016-01-13 | 微软技术许可有限责任公司 | Synchronizing credential hashes between directory services |
| CN107181747A (en) * | 2017-05-19 | 2017-09-19 | 北京中数创新科技股份有限公司 | A kind of Handle resolution systems comprising top mode |
| CN107197001A (en) * | 2017-05-05 | 2017-09-22 | 工业和信息化部电信研究院 | A kind of industry internet module information method |
| WO2018125989A3 (en) * | 2016-12-30 | 2018-08-23 | Intel Corporation | Naming and blockchain recording for the internet of things |
| CN108462692A (en) * | 2018-01-30 | 2018-08-28 | 合肥工业大学 | A kind of data tamper resistant systems and its method based on block chain |
| CN109033405A (en) * | 2018-08-03 | 2018-12-18 | 华为技术有限公司 | Safeguard method and apparatus, server and the computer readable storage medium of block chain |
| CN109714408A (en) * | 2018-12-20 | 2019-05-03 | 中国科学院沈阳自动化研究所 | A kind of semantization industrial network service interface system based on Handle mark |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10355861B2 (en) * | 2017-03-28 | 2019-07-16 | Dell Products, Lp | Chassis-based cryptographic affinities |
-
2019
- 2019-05-16 CN CN201910407635.6A patent/CN110247894B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2104305A1 (en) * | 2008-03-21 | 2009-09-23 | Koninklijke KPN N.V. | Call service handling in an IMS-based system |
| CN103546502A (en) * | 2012-07-11 | 2014-01-29 | 中国电信股份有限公司 | Metadata sharing method and cloud storage server |
| CN105247529A (en) * | 2013-04-30 | 2016-01-13 | 微软技术许可有限责任公司 | Synchronizing credential hashes between directory services |
| CN104219232A (en) * | 2014-08-26 | 2014-12-17 | 浙江大学 | Method for controlling file security of block distributed file system |
| WO2018125989A3 (en) * | 2016-12-30 | 2018-08-23 | Intel Corporation | Naming and blockchain recording for the internet of things |
| CN107197001A (en) * | 2017-05-05 | 2017-09-22 | 工业和信息化部电信研究院 | A kind of industry internet module information method |
| CN107181747A (en) * | 2017-05-19 | 2017-09-19 | 北京中数创新科技股份有限公司 | A kind of Handle resolution systems comprising top mode |
| CN108462692A (en) * | 2018-01-30 | 2018-08-28 | 合肥工业大学 | A kind of data tamper resistant systems and its method based on block chain |
| CN109033405A (en) * | 2018-08-03 | 2018-12-18 | 华为技术有限公司 | Safeguard method and apparatus, server and the computer readable storage medium of block chain |
| CN109714408A (en) * | 2018-12-20 | 2019-05-03 | 中国科学院沈阳自动化研究所 | A kind of semantization industrial network service interface system based on Handle mark |
Non-Patent Citations (2)
| Title |
|---|
| Handle System Namespace and Service Definition;Sun,etl al;《IETF RFC 3651》;20031130;第1-41页 * |
| 区块链中的身份识别和访问控制技术研究;张青禾;《中国优秀硕士学位论文全文数据库信息科技辑》;20190131;第1-72页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110247894A (en) | 2019-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110247894B (en) | A method and device for identifying counterfeit handle servers | |
| US11005779B2 (en) | Method of and server for detecting associated web resources | |
| US9544278B2 (en) | Using domain name system security extensions in a mixed-mode environment | |
| US20170034136A1 (en) | Methods and Systems For Proxying Data | |
| US20060230039A1 (en) | Online identity tracking | |
| US20170026401A1 (en) | System and method for threat visualization and risk correlation of connected software applications | |
| US20180302427A1 (en) | Aggregating asset vulnerabilities | |
| CN103973651A (en) | Account password identification setting and inquiring method and device based on salt password bank | |
| RU2012151502A (en) | CONTENT REPUTATION SERVICE BASED ON DECLARATION | |
| CN111104579A (en) | Identification method and device for public network assets and storage medium | |
| CN111800426A (en) | Method, device, equipment and medium for accessing native code interface in application program | |
| CN110958249A (en) | Information processing method, information processing device, electronic equipment and storage medium | |
| US20150381558A1 (en) | Nsec3 performance in dnssec | |
| US12250230B2 (en) | Lateral movement analysis using certificate private keys | |
| CN110232279A (en) | A kind of leak detection method and device | |
| CN111597537A (en) | Block chain network-based certificate issuing method, related equipment and medium | |
| Jones et al. | Oauth 2.0 authorization server metadata | |
| CN111353136B (en) | Method and device for processing operation request | |
| CN112202805A (en) | Method for trusted network connection, corresponding device, computer equipment and medium | |
| CN108121904A (en) | Unlocking method, device, electronic equipment and server | |
| CN111385293B (en) | Network risk detection method and device | |
| EP3311555A1 (en) | Advanced security for domain names | |
| CN113326506B (en) | Applet monitoring method and device | |
| US11444971B2 (en) | Method for assessing the quality of network-related indicators of compromise | |
| CN115695371A (en) | Domain name registration and domain name resolution method, device, system, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |