Method for improving network application security and the system thereof
First Claim
1. A method for improving network application security, wherein the method comprising:
- a proxy server in a customer terminal host receiving a protocol message generated and sent by customer terminal software according to information input by a user, parsing the protocol message according to a predetermined protocol, and obtaining protocol content, wherein the proxy server is software installed in the customer terminal host; and
the proxy server determining whether critical information, which is predetermined by the proxy server, a smart key device and an application server, is included in the protocol content;
upon determining that the critical information is included in the protocol content, the proxy server sending the protocol content to the smart key device and the smart key device parsing the protocol content to obtain the critical information, and outputting the critical information for user'"'"'s confirmation;
determining whether the critical information is confirmed correct by the user; and
upon determining that the critical information is confirmed correct by the user, the smart key device signing the protocol content and returning a signature result to the proxy server, and then the proxy server generating a new protocol message according to the signature result and the protocol content, and sending it to the application server, wherein the new protocol message is obtained by adding a new requirement head field to a second protocol content, wherein the second protocol content is obtained by inserting the signature result into the protocol content;
orupon determining that the critical information is not confirmed correct by the user within a predetermined time period, the smart key device performing an exception handling;
upon determining that the critical information is not included in the protocol content, the proxy server sending the protocol message to the application server, wherein the step of the proxy server determining whether critical information, which is predetermined by the proxy server, the smart key device and the application server, is included in the protocol content, comprises;
the proxy server finding the field predefined by the proxy server, the smart key device and the application server, in the protocol content, determining whether there is data in the field, upon determining that there is, determining that the critical information is included in the protocol content;
orthe proxy server determining whether a critical information identification, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content, upon determining that it is, the proxy server determining that the critical information is included in the protocol content,wherein both the protocol message and the new protocol message comprise a requirement head field, in which the address of the application server is recorded,wherein the step of the proxy server sending the protocol content to the smart key device further comprises;
the proxy server parsing the requirement head field of the protocol message and determining whether the address of the application server in the requirement head field matches with an address of the application server stored in the proxy server, upon determining that it does, the proxy server sending the protocol content to the smart key device;
upon determining that it does not, the proxy server prompting the user of an error in the application server, and the procedure being completed.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for improving network application security and the system thereof are disclosed in the invention, relating to the field of information security. The method includes: a proxy server in a customer terminal host receives a protocol message, generated and sent by the customer terminal software according to the information input by a user, and obtains the protocol content after parsing the protocol message, and determines whether critical information is included in the protocol content, if it is, the server sends the protocol content to the smart key device; and the smart key device obtains the critical information by parsing it and sends it to the user, and after a confirmation information is gotten from the user, the smart key device signs the protocol content and sends the signature result to the server; and then the server generates a new protocol message to an application server according to the signature result and the protocol content; after an error confirmation or no confirmation is received within a predetermined time period by the user, the smart key device performs the exception handling. The system includes a smart key device and a proxy server in the customer terminal host. The invention improves network application security on the premise of no change to the customer terminal, and it is usable and compatible.
14 Citations
13 Claims
-
1. A method for improving network application security, wherein the method comprising:
-
a proxy server in a customer terminal host receiving a protocol message generated and sent by customer terminal software according to information input by a user, parsing the protocol message according to a predetermined protocol, and obtaining protocol content, wherein the proxy server is software installed in the customer terminal host; and the proxy server determining whether critical information, which is predetermined by the proxy server, a smart key device and an application server, is included in the protocol content; upon determining that the critical information is included in the protocol content, the proxy server sending the protocol content to the smart key device and the smart key device parsing the protocol content to obtain the critical information, and outputting the critical information for user'"'"'s confirmation; determining whether the critical information is confirmed correct by the user; and upon determining that the critical information is confirmed correct by the user, the smart key device signing the protocol content and returning a signature result to the proxy server, and then the proxy server generating a new protocol message according to the signature result and the protocol content, and sending it to the application server, wherein the new protocol message is obtained by adding a new requirement head field to a second protocol content, wherein the second protocol content is obtained by inserting the signature result into the protocol content;
orupon determining that the critical information is not confirmed correct by the user within a predetermined time period, the smart key device performing an exception handling; upon determining that the critical information is not included in the protocol content, the proxy server sending the protocol message to the application server, wherein the step of the proxy server determining whether critical information, which is predetermined by the proxy server, the smart key device and the application server, is included in the protocol content, comprises; the proxy server finding the field predefined by the proxy server, the smart key device and the application server, in the protocol content, determining whether there is data in the field, upon determining that there is, determining that the critical information is included in the protocol content;
orthe proxy server determining whether a critical information identification, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content, upon determining that it is, the proxy server determining that the critical information is included in the protocol content, wherein both the protocol message and the new protocol message comprise a requirement head field, in which the address of the application server is recorded, wherein the step of the proxy server sending the protocol content to the smart key device further comprises; the proxy server parsing the requirement head field of the protocol message and determining whether the address of the application server in the requirement head field matches with an address of the application server stored in the proxy server, upon determining that it does, the proxy server sending the protocol content to the smart key device;
upon determining that it does not, the proxy server prompting the user of an error in the application server, and the procedure being completed.- View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for improving network application security, wherein the system comprising:
-
a smart key device; a customer terminal host, comprising a first processor and first memory; and a proxy server, wherein the proxy server is software installed in the customer terminal host; wherein the proxy server comprises a plurality of first program modules stored on the first memory, wherein the plurality of first program modules are configured to be executed by the first processor, the plurality of first program modules comprising; a first interface module for receiving a protocol message generated and sent by customer terminal software according to information input by a user, for communicating with the smart key device, for sending a protocol content to the smart key device, and for receiving a signature result from the smart key device and sending a new protocol message to the application server, wherein the new protocol message is obtained by adding a new requirement head field to a second protocol content, wherein the second protocol content is obtained by inserting the signature result into the protocol content; a parsing module for parsing the protocol message received by the first interface module and obtaining the protocol content; a determining module for determining whether critical information, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content gotten by the parsing module, upon determining that it is, sending the protocol content to the smart key device with the first interface module;
otherwise sending the protocol to the application server with the first interface module; anda message generating module for generating a new protocol message with the signature result received by the first interface module and the protocol content gotten by the parsing module, and for sending the new protocol message to the application server with the first interface module; wherein the smart key device comprises a second processor, second memory, and a plurality of second program modules stored on the second memory, wherein the plurality of second program modules are configured to be executed by the second processor, the plurality of second program modules comprising; a second interface module for communicating with the proxy server and receiving the protocol content sent by the proxy server, and for sending the signature result to the proxy server; a filtering module for parsing the protocol content received by the second interface module and obtaining the critical information; an outputting module for outputting the critical information gotten by the filtering module for user'"'"'s confirmation; a confirmation module for receiving the confirmation signal, of whether the critical information is correct or not, input by the user; a signature module for signing the protocol content received by the second interface module while the signal received by the confirmation module is confirmed correct by the user, and for returning the signature result to the proxy server with the second interface module of the smart key device; and an exception handling module for making exception handling upon determining that the signal received by the confirmation module is a signal confirmed incorrect by the user, or upon determining that the signal sent by the user is not received by the confirmation module within a predetermined time period, wherein the determining module further comprises; a first determining unit for finding the field predetermined by the proxy server, the smart key device and the application server, in the protocol content received by the parsing module, and for determining whether there is data in the field or not, upon determining that there is, determining the critical information is included in the protocol content and sending the protocol content to the smart key device with the first interface module;
otherwise, determining the critical information is not included in the protocol content and sending the protocol message to the application server with the first interface module;
ora second determining unit for determining whether the critical information identification, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content received by the parsing module, upon determining that it is, determining the critical information is included in the protocol content and sending the protocol content to the smart key device with the first interface module;
otherwise, determining the critical information is not included in the protocol content and sending the protocol message to the application server with the first interface module,wherein both the protocol message and the new protocol message comprise the requirement head field in which an address of the application server is recorded, and the determining module further comprises; a determining unit for determining whether the critical information, predetermined by the proxy server, the smart key device and the application server, is included in the protocol content gotten by the parsing module; a first processing unit for parsing the requirement head field in the protocol message received by the first interface module of the proxy server upon determining that the determining module determines that the critical information is included in the protocol content, and for determining whether the address of the application server recorded in the requirement head field matches with an address of the application server stored in the proxy server, upon determining that it does, sending the protocol content to the smart key device with the first interface module of the proxy server;
otherwise, prompting the user of an error in the application server; anda second processing unit for sending the protocol message to the application server with the first interface module after the determining module determining that the critical information is not included in the protocol content. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification