METHOD AND DEVICE FOR PREVENTING SERVER FROM BEING ATTACKED

US 20200137075A1
Filed: 12/20/2019
Published: 04/30/2020
Est. Priority Date: 05/31/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving a page request from a browser;

allocating a page script corresponding to the page request from a plurality of page scripts corresponding to the page request;

transmitting the page script to the browser for generation of a script execution parameter by execution of the page script by the browser;

receiving a page verification request from the browser, wherein the page verification request includes the script execution parameter; and

determining whether a page verification request is expired, wherein;

if expired, generating error prompt information indicating a page expiration;

orif not expired;

determining whether the script execution parameter is valid, wherein;

if valid, indicating that the script execution parameter is valid;

orif not valid, rejecting the page request.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A page request is received from a browser. A page script corresponding to the page request is allocated from a plurality of page scripts corresponding to the page request. The page script is transmitted to the browser for generation of a script execution parameter by execution of the page script by the browser. A page verification request is received from the browser, where the page verification request includes the script execution parameter. Whether a page verification request is expired is determined, where if the page verification request is expired, generating error prompt information indicating a page expiration. If the page verification request is not expired, whether the script execution parameter is valid, is determined. If the script execution parameter is valid, the validity is indicated, otherwise the page request is rejected.

4 Citations

View as Search Results

20 Claims

1. A computer-implemented method, comprising:
- receiving a page request from a browser;
  
  allocating a page script corresponding to the page request from a plurality of page scripts corresponding to the page request;
  
  transmitting the page script to the browser for generation of a script execution parameter by execution of the page script by the browser;
  
  receiving a page verification request from the browser, wherein the page verification request includes the script execution parameter; and
  
  determining whether a page verification request is expired, wherein;
  
  if expired, generating error prompt information indicating a page expiration;
  
  orif not expired;
  
  determining whether the script execution parameter is valid, wherein;
  
  if valid, indicating that the script execution parameter is valid;
  
  orif not valid, rejecting the page request.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the allocation of the page script is dynamic and random, and wherein the allocation of the page script comprises:
    - obtaining a page URL from the page request; and
      
      extracting a random page script from a plurality of page scripts corresponding to the page URL and from a predetermined script library, wherein different script execution parameter acquisition logic is used in the plurality of page scripts.
  - 3. The computer-implemented method of claim 1, wherein the determination of whether the page verification request is expired comprises:
    - calculating, as a result, whether a request time of the page verification request is later than the sum of a predetermined time period and a time for the browser to execute the page script; and
      
      if the result is yes, determining that the page verification request is expired;
      
      orif the result is no, determining that the page verification request is not expired.
  - 4. The computer-implemented method of claim 2, wherein the page request further comprises identifier information of the page script executed by the browser.
  - 5. The computer-implemented method of claim 4, wherein the verification of whether the script execution parameter is valid comprises:
    - searching the predetermined script library for a page script corresponding to the identifier information, wherein the predetermined script library stores identifier information corresponding to each page script; and
      
      determining, based on the page script corresponding to the identifier information, whether the script execution parameter is valid.
  - 6. The computer-implemented method of claim 5, wherein the determination, based on the page script corresponding to the identifier information, of whether the script execution parameter is valid comprises:
    - obtaining a local script parameter based on the page script corresponding to the identifier information;
      
      calculating, as a result, whether the local script parameter is identical to the script execution parameter included with the page verification request; and
      
      if the result is yes, determining that the script execution parameter is valid;
      
      orif the result is no, determining that the script execution parameter is not valid.
  - 7. The computer-implemented method of claim 2, wherein, before extracting the random page script:
    - configuring page scripts corresponding to each page URL in the predetermined script library; and
      
      configuring identifier information corresponding to the page scripts.

8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving a page request from a browser;
  
  allocating a page script corresponding to the page request from a plurality of page scripts corresponding to the page request;
  
  transmitting the page script to the browser for generation of a script execution parameter by execution of the page script by the browser;
  
  receiving a page verification request from the browser, wherein the page verification request includes the script execution parameter; and
  
  determining whether a page verification request is expired, wherein;
  
  if expired, generating error prompt information indicating a page expiration;
  
  orif not expired;
  
  determining whether the script execution parameter is valid, wherein;
  
  if valid, indicating that the script execution parameter is valid;
  
  orif not valid, rejecting the page request.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable medium of claim 8, wherein the allocation of the page script is dynamic and random, and wherein the allocation of the page script comprises:
    - obtaining a page URL from the page request; and
      
      extracting a random page script from a plurality of page scripts corresponding to the page URL and from a predetermined script library, wherein different script execution parameter acquisition logic is used in the plurality of page scripts.
  - 10. The non-transitory, computer-readable medium of claim 8, wherein the determination of whether the page verification request is expired comprises:
    - calculating, as a result, whether a request time of the page verification request is later than the sum of a predetermined time period and a time for the browser to execute the page script; and
      
      if the result is yes, determining that the page verification request is expired;
      
      orif the result is no, determining that the page verification request is not expired.
  - 11. The non-transitory, computer-readable medium of claim 9, wherein the page request further comprises identifier information of the page script executed by the browser.
  - 12. The non-transitory, computer-readable medium of claim 11, wherein the verification of whether the script execution parameter is valid comprises:
    - searching the predetermined script library for a page script corresponding to the identifier information, wherein the predetermined script library stores identifier information corresponding to each page script; and
      
      determining, based on the page script corresponding to the identifier information, whether the script execution parameter is valid.
  - 13. The non-transitory, computer-readable medium of claim 12, wherein the determination, based on the page script corresponding to the identifier information, of whether the script execution parameter is valid comprises:
    - obtaining a local script parameter based on the page script corresponding to the identifier information;
      
      calculating, as a result, whether the local script parameter is identical to the script execution parameter included with the page verification request; and
      
      if the result is yes, determining that the script execution parameter is valid;
      
      orif the result is no, determining that the script execution parameter is not valid.
  - 14. The non-transitory, computer-readable medium of claim 9, wherein, before extracting the random page script:
    - configuring page scripts corresponding to each page URL in the predetermined script library; and
      
      configuring identifier information corresponding to the page scripts.

15. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  receiving a page request from a browser;
  
  allocating a page script corresponding to the page request from a plurality of page scripts corresponding to the page request;
  
  transmitting the page script to the browser for generation of a script execution parameter by execution of the page script by the browser;
  
  receiving a page verification request from the browser, wherein the page verification request includes the script execution parameter; and
  
  determining whether a page verification request is expired, wherein;
  
  if expired, generating error prompt information indicating a page expiration;
  
  orif not expired;
  
  determining whether the script execution parameter is valid, wherein;
  
  if valid, indicating that the script execution parameter is valid;
  
  or
  
  if not valid, rejecting the page request.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented system of claim 15, wherein the allocation of the page script is dynamic and random, and wherein the allocation of the page script comprises:
    - obtaining a page URL from the page request; and
      
      configuring page scripts corresponding to each page URL in a predetermined script library;
      
      configuring identifier information corresponding to the page scripts; and
      
      extracting a random page script from a plurality of page scripts corresponding to the page URL and from the predetermined script library, wherein different script execution parameter acquisition logic is used in the plurality of page scripts.
  - 17. The computer-implemented system of claim 15, wherein the determination of whether the page verification request is expired comprises:
    - calculating, as a result, whether a request time of the page verification request is later than the sum of a predetermined time period and a time for the browser to execute the page script; and
      
      if the result is yes, determining that the page verification request is expired;
      
      orif the result is no, determining that the page verification request is not expired.
  - 18. The computer-implemented system of claim 16, wherein the page request further comprises identifier information of the page script executed by the browser.
  - 19. The non-transitory, computer-readable medium of claim 18, wherein the verification of whether the script execution parameter is valid comprises:
    - searching the predetermined script library for a page script corresponding to the identifier information, wherein the predetermined script library stores identifier information corresponding to each page script; and
      
      determining, based on the page script corresponding to the identifier information, whether the script execution parameter is valid.
  - 20. The computer-implemented system of claim 19, wherein the determination, based on the page script corresponding to the identifier information, of whether the script execution parameter is valid comprises:
    - obtaining a local script parameter based on the page script corresponding to the identifier information;
      
      calculating, as a result, whether the local script parameter is identical to the script execution parameter included with the page verification request; and
      
      if the result is yes, determining that the script execution parameter is valid;
      
      orif the result is no, determining that the script execution parameter is not valid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Alibaba Group Holding Ltd.
Inventors
LU, Yaran

Granted Patent

US 10,986,101 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/8373   Query execution

G06F 16/838   Presentation of query results

G06F 16/955   using information identifie...

G06F 16/958   Organisation or management ...

H04L 63/123   received data contents, e.g...

H04L 63/1458   Denial of Service

H04L 65/00   Network arrangements, proto...

H04L 67/02   based on web technology, e....

H04L 9/3239   involving non-keyed hash fu...

METHOD AND DEVICE FOR PREVENTING SERVER FROM BEING ATTACKED

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

4 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR PREVENTING SERVER FROM BEING ATTACKED

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

4 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links