Method, server and computer equipment for detecting user identity information
Technical Field
The invention belongs to the technical field of live broadcast, and particularly relates to a method, a server and computer equipment for detecting user identity information.
Background
At present, with the increasing maturity of the development of a live broadcast platform, a plurality of users select to become a main broadcast and increase the popularity by abnormal means.
For example, a hacker steals a cookie for authentication by monitoring a request initiated by a normal user to a server, and then masquerades the cookie as a user to send other requests to the server, so that a certain anchor is added to a collection list of the user, the collection index of the anchor is improved, the popularity of the anchor is improved, and the order of a live broadcast platform is influenced.
Disclosure of Invention
Aiming at the problems in the prior art, the embodiment of the invention provides a method, a server and computer equipment for detecting user information, which are used for solving the technical problem that in the prior art, a hacker steals an identity information cookie of a normal user, so that the hacker pretends to be that the normal user sends some abnormal requests to the server, and the server cannot detect the identity information of the user, so that the order of a live broadcast platform is influenced.
The invention provides a method for detecting user identity information, which is applied to a live broadcast platform and comprises the following steps:
receiving request information sent by a client, wherein the request information contains current identity information of the client;
acquiring a feature code in the current identity information;
decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client; the target timestamp is determined according to a current timestamp corresponding to the time when the client generates the feature code and a first time difference value, wherein the first time difference value is a time difference value between a server-side timestamp and a client-side timestamp;
acquiring a first time stamp corresponding to a server side at a decryption time, and determining a second time difference value according to the first time stamp and a target time stamp of the client side;
and detecting the user identity information based on the second time difference and a preset detection condition, and determining that the user is a normal user when the second time difference meets the preset detection condition.
In the foregoing solution, the decrypting the feature code according to the reversible decryption algorithm to obtain the target timestamp of the client includes:
acquiring an identity authentication identifier in the current identity information;
searching key information key distributed for the user based on the identity authentication identifier;
decrypting the feature code by using a formula t ═ F' (key, s), and acquiring the target timestamp t; wherein, F' is a reversible decryption algorithm, and s is the feature code.
In the foregoing solution, detecting the user identity information based on the second time difference and a preset detection condition includes:
when the second time difference value meets the detection condition | P | ≦ d, determining that the user is a normal user;
when the second time difference value meets the detection condition | P | > d, determining that the user is an abnormal user; d is a preset time threshold value, and p is the second time difference value.
In the foregoing solution, the determining, by the target timestamp according to the current timestamp and the first time difference value corresponding to the time when the client generates the feature code, includes:
when the server-side timestamp is greater than the client-side timestamp, determining the sum of the current timestamp and the first time difference value as the target timestamp;
and when the server-side timestamp is smaller than the client-side timestamp, determining the absolute value of the difference between the current timestamp and the first time difference value of the time as the target timestamp.
The present invention also provides a server, comprising:
the system comprises a receiving unit, a sending unit and a receiving unit, wherein the receiving unit is used for receiving request information sent by a client, and the request information contains current identity information of the client;
the acquiring unit is used for acquiring the feature code in the current identity information;
the decryption unit is used for decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client; the target timestamp is determined according to a current timestamp corresponding to the time when the client generates the feature code and a first time difference value, wherein the first time difference value is determined according to the time difference value between the server-side timestamp and the client-side timestamp;
the determining unit is used for acquiring a first time stamp corresponding to a server side at a decryption time, and determining a second time difference value according to the first time stamp and a target time stamp of the client side;
and the detection unit is used for detecting the user identity information based on the second time difference value and a preset detection condition, and when the second time difference value meets the preset detection condition, determining that the user is a normal user.
In the foregoing solution, the decryption unit is specifically configured to:
acquiring an identity authentication identifier in the current identity information;
searching key information key distributed for the user based on the identity authentication identifier;
decrypting the feature code by using a formula t ═ F' (key, s), and acquiring the target timestamp t; wherein, F' is a reversible decryption algorithm, and s is the feature code.
In the above scheme, the detection unit is specifically configured to:
when the second time difference value meets the detection condition | P | ≦ d, determining that the user is a normal user;
when the second time difference value meets the detection condition | P | > d, determining that the user is an abnormal user; d is a preset time threshold value, and p is the second time difference value.
In the foregoing solution, the determining, by the target timestamp according to the current timestamp and the first time difference value corresponding to the time when the client generates the feature code, includes:
when the server-side timestamp is greater than the client-side timestamp, determining the sum of the current timestamp and the first time difference value as the target timestamp;
and when the server-side timestamp is smaller than the client-side timestamp, determining the absolute value of the difference between the current timestamp and the first difference value of the time as the target timestamp.
The invention also provides a computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, enables carrying out the method according to any one of claims 1 to 4.
The present invention also provides a computer device for detecting user identity information, comprising:
at least one processor; and
at least one memory communicatively coupled to the processor, wherein,
the memory stores program instructions executable by the processor, the processor being capable of performing the method as described in any one of the above.
The invention provides a method, a server and computer equipment for detecting user identity information, wherein the method is applied to a live broadcast platform and comprises the following steps: receiving request information sent by a client, wherein the request information contains current identity information of the client; acquiring a feature code in the current identity information; decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client; the target timestamp is determined according to a current timestamp corresponding to the time when the client generates the feature code and a first time difference value, wherein the first time difference value is a time difference value between a server-side timestamp and a client-side timestamp; acquiring a first time stamp corresponding to a server side at a decryption time, and determining a second time difference value according to the first time stamp and a target time stamp of the client side; detecting user identity information based on the second time difference and a preset detection condition, and determining that the user is a normal user when the second time difference meets the preset detection condition; therefore, after the server receives the request information sent by the client, the server decrypts the feature codes in the user identity information to obtain a target timestamp of the client, then determines a second time difference value between the target timestamp and a first timestamp corresponding to the server at the decryption time, and determines that the user is a normal user when the second time difference value meets a preset detection condition; when the second time difference does not meet the preset detection condition, determining that the user is an abnormal user; therefore, abnormal users can be accurately identified, so that the requests of the abnormal users are rejected, and the live broadcast order of the live broadcast platform is ensured.
Drawings
Fig. 1 is a schematic flowchart of a method for detecting user identity information according to an embodiment of the present invention;
fig. 2 is a schematic overall structure diagram of a server according to a second embodiment of the present invention;
fig. 3 is a schematic view of an overall structure of a computer device for detecting user identity information according to a third embodiment of the present invention.
Detailed Description
In order to solve the technical problem that in the prior art, a hacker pretends to be a normal user and sends some abnormal requests to a server by stealing an identity information cookie of the normal user, and the server cannot detect the identity information of the user, so that the order of a live platform is affected, the invention provides a method, a server and computer equipment for detecting the identity information of the user, wherein the method is applied to the live platform and comprises the following steps: receiving request information sent by a client, wherein the request information contains current identity information of the client; acquiring a feature code in the current identity information; decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client; the target timestamp is determined according to a current timestamp corresponding to the time when the client generates the feature code and a first time difference value, wherein the first time difference value is a time difference value between a server-side timestamp and a client-side timestamp; acquiring a first time stamp corresponding to a server side at a decryption time, and determining a first time difference value according to the first time stamp and a target time stamp of the client side; and detecting the user identity information based on the first time difference value and a preset detection condition, and determining that the user is a normal user when the second time difference value meets the preset detection condition.
The technical solution of the present invention is further described in detail by the accompanying drawings and the specific embodiments.
Example one
The embodiment provides a method for detecting user identity information, which is applied to a live broadcast platform, and as shown in fig. 1, the method includes:
s110, receiving request information sent by a client, wherein the request information contains current identity information of the client;
in this step, when the client needs to request the server to execute a corresponding trigger action, request information is sent to the server, where the request information carries current identity information of the client, and the current identity information includes: and after the client logs in successfully, the server issues a first identity information cookie and a feature code generated by the client to the client. The server receives the request information sent by the client accordingly.
Here, the specific implementation of the client generating the feature code is as follows:
and after the user successfully logs in the live broadcast platform, the server sends the key information to the client, and sends a server-side timestamp corresponding to the sending time and the first identity information cookie of the user to the client. Here, each user has a unique key information and a unique cookie.
After receiving the server-side timestamp corresponding to the sending time, if the server-side timestamp is inconsistent with the client-side timestamp at a certain time, a difference between the server-side timestamp and the client-side timestamp needs to be considered in order to avoid intercepting a normal request of a user.
After the client receives the server-side timestamp corresponding to the sending time, the client-side timestamp corresponding to the sending time needs to be acquired, and a first time difference value between the client-side timestamp and the server-side timestamp is determined.
For example, at the sending time (which may be any time), the server-side timestamp is 12:38:12, the client-side timestamp is 12:38:09, and the time of the client is 3s slower than that of the server-side timestamp, so that the first time difference between the client-side timestamp and the server-side timestamp is 3 s.
Here, when new user identity information needs to be generated, the client needs to obtain a current timestamp corresponding to a generation time, for example, when the user identity information needs to be generated at the time of 15:01:23, the current timestamp is 15:01: 23.
And after the current timestamp corresponding to the moment of generating the user identity information is obtained, generating a feature code according to the key information, the current timestamp corresponding to the moment of generating the user identity information and the first time difference value based on a preset time interval.
Specifically, firstly, a target timestamp t is determined according to the current timestamp and the first time difference value; when the server-side timestamp is greater than the client-side timestamp, determining the sum of the current timestamp and the first time difference value as the target timestamp; and when the server-side timestamp is smaller than the client-side timestamp, determining the absolute value of the difference between the current timestamp and the first time difference value as the target timestamp t.
For example, the current timestamp is 15:01:23, the first time difference value is 3s, and when the server-side timestamp is greater than the client-side timestamp, the target timestamp t is 15:01: 26; and when the server-side timestamp is less than the client-side timestamp, then the target timestamp t is 15:01: 20.
Then, according to a preset time interval, the feature code s is determined according to the formula (1), where the preset time interval may be determined according to the requirement of an actual scene, such as 2 s:
s=F(key,t) (1)
in formula (1), t is a target timestamp; the key is key information which is sent to the client by the server after the user successfully logs in, and each user has unique key information; f is a reversible hash algorithm or a one-way hash algorithm; the one-way hash algorithm may include: md5, sha-256, crc32 algorithm, etc.; the reversible encryption algorithm comprises: symmetric encryption algorithms and asymmetric encryption algorithms, such as encryption algorithms like RSA, DSA, etc.
Specifically, for example, the target timestamp is 1516070451, the key information is aiugpiagguiauhsdphausdasfhf, and when the signature code is determined by using the md5 algorithm, the following is implemented:
the feature code 5223e9b30065d3346de87 daeeeeaea 5f was obtained using S ═ md5(1516070451 aiugpiagwiwiuahssdpfuhasdfasdhf).
Similarly, if the target timestamp is 1516070451, for example, when the signature s is obtained by using the asymmetric encryption algorithm RSA, the following is implemented:
after the client successfully logs in, the server generates a pair of public key and private key for the user by using RSA encryption algorithm, the public key is issued to the client, and the private key is stored by the server. After the client receives the public key, the target timestamp 1516070451 is encrypted by using the RSA encryption algorithm, and the final encryption result is the feature code s.
For example, the target timestamp is 1516070451, and when the signature s is obtained by using a symmetric encryption algorithm DSA, the following is implemented:
after the client successfully logs in, the server generates a key message for the user by using a symmetric encryption algorithm (DSA), and sends the key message to the client. After receiving the key information, the client encrypts the target timestamp 1516070451 using a DSA encryption algorithm, and the final encryption result is the signature s.
After the feature code is generated, when the client sends a request to the server, the js page of the client writes the feature code into the first identity information cookie of the user, generates the current identity information of the user, and sends the current identity information to the server, so that the server can detect whether the user is a normal user or not based on the current identity information.
Here, since the client calculates the first feature code based on the preset time interval, the first feature code S1 read by the server is the first feature code calculated last time before the client sends the first feature code to the server.
S111, acquiring a feature code in the current identity information; decrypting the characteristic code by using a reversible decryption algorithm to obtain a target timestamp of the client;
and when the server receives the current identity information of the client, extracting the feature codes from the current identity information according to the feature code extraction identification.
After the feature code is extracted, decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client, which specifically comprises the following steps:
when the encryption algorithm used by the client is an RSA encryption algorithm, the server acquires an identity authentication identifier in the current identity information; searching key information key distributed for the user based on the identity authentication identifier in the cookie; here, since the RSA encryption algorithm is an asymmetric encryption algorithm, the server allocates public key information to the user, and then finds out private key information corresponding to the public key information, where the key information key is the private key information.
And (3) decrypting the feature code by using a corresponding decryption algorithm formula (2) to obtain a target timestamp t of the client:
t=F'(key,s) (2)
in formula (2), s is the signature, and F' is a reversible decryption algorithm corresponding to the RSA encryption algorithm.
S112, acquiring a first time stamp corresponding to the server side at the decryption time, and determining a second time difference value according to the first time stamp and a target time stamp of the client side;
after the target timestamp is obtained, obtaining a first timestamp t' corresponding to the server side at the decryption time, and determining a second time difference value P according to the first timestamp and the target timestamp of the client side by using a formula (3):
P=t'–t (3)
similarly, if the client is a signature calculated by using the reversible encryption algorithm DSA, the server decrypts the signature in the same manner as described above. Different from the decryption algorithm corresponding to the RSA encryption algorithm, the server searches the key information key allocated to the user based on the identity authentication identifier in the current identity information cookie by using the decryption algorithm corresponding to the DSA encryption algorithm, and the key information is shared by the server and the client.
Further, if the client is the feature code calculated by using the one-way hash algorithm, the client sends the target timestamp t to the server together when sending the request to the server. The server may determine the second time difference value P directly according to equation (3).
And S113, detecting the user identity information based on the second time difference and a preset detection condition, and determining that the user is a normal user when the second time difference meets the preset detection condition.
After the second time difference P is determined, the user identity information may be detected based on the second time difference and a preset detection condition.
Specifically, when the second time difference value meets the detection condition | P | ≦ d, determining that the user is a normal user; when the second time difference value meets the detection condition | P | > d, determining that the user is an abnormal user; d is a preset time threshold value, is generally different from 5 s to 30s, and can be set according to an actual application scene.
Or, if the client is the feature code calculated by using the one-way hash algorithm, the server detects whether the user is a normal user by using the following method:
similarly, a second time difference value P is calculated by using formula (3) to obtain the target timestamp t and the first timestamp t' corresponding to the server decryption time:
when | P | > d, directly rejecting the request of the user; if | P | is less than or equal to d, searching key information key distributed to the user according to the identity authentication information identifier in the current identity information cookie, then calculating a feature code according to the key information and a target timestamp t by using a corresponding one-way hash algorithm according to the same calculation method as the client, and if the feature code calculated by the server is consistent with the feature code calculated by the client, indicating that the user is a normal user; and if the feature code calculated by the server is not consistent with the feature code calculated by the client, the user is an abnormal user.
Therefore, the identity information of the user can be detected, and if the user is determined to be an abnormal user, the request sent by the user is directly rejected, so that the order of the live broadcast platform is ensured.
Further, the validity period T of the feature code in this embodiment is determined by the time density k of the target timestamp T and the time threshold d, and may be specifically determined according to formula (4):
T=2*d/k (4)
for example, the preset time interval is 2s, that is, the client calculates the feature code every 2s, the time density k of T is 0.5, and if the time threshold d is set to 3s, the valid period T of the feature code is 2 × 5/0.5 at maximum, which is 12 seconds. That is, the signature is valid for 12s, i.e. after a hacker has stolen the signature, it may be accepted that the request was sent within 12s, but the request sent after 12s must be rejected.
If the signature is calculated at 1 st s and the request is sent at 3 rd s, then the signature on the request has actually passed 2 seconds. The server determines that the second difference is 2 seconds, less than 3, after checking, so the request is accepted. But a hacker can only use the signature in the 1 st second after stealing it.
If a request is sent with the signature code immediately after the signature code is calculated in the 1 st s, the hacker can use the signature code in the next 3 seconds after stealing the request.
In general, the client timestamp and the server timestamp are almost different, so that the value of P is always around 0. After the hacker steals the cookie, the validity period of the signature code will be only half of the above-mentioned case, i.e., T ═ d/k.
Example two
Corresponding to the first embodiment, this embodiment provides a server, as shown in fig. 2, where the server includes: a receiving unit 21, an obtaining unit 22, a decrypting unit 23, a determining unit 24 and a detecting unit 25; wherein,
the receiving unit 12 is configured to receive request information sent by a client, where the request information includes current identity information of the client.
Specifically, when a client needs to request a server to execute a corresponding trigger action, request information is sent to the server, where the request information carries current identity information of the client, and the current identity information includes: and after the client logs in successfully, the server issues a first identity information cookie and a feature code generated by the client to the client. The receiving unit 12 is accordingly used to receive the request information sent by the client.
Here, the specific implementation of the client generating the feature code is as follows:
and after the user successfully logs in the live broadcast platform, the server sends the key information to the client, and sends a server-side timestamp corresponding to the sending time and the first identity information cookie of the user to the client. Here, each user has a unique key information and a unique cookie.
After receiving the server-side timestamp corresponding to the sending time, if the server-side timestamp is inconsistent with the client-side timestamp at a certain time, a difference between the server-side timestamp and the client-side timestamp needs to be considered in order to avoid intercepting a normal request of a user.
After the client receives the server-side timestamp corresponding to the sending time, the client-side timestamp corresponding to the sending time needs to be acquired, and a first time difference value between the client-side timestamp and the server-side timestamp is determined.
For example, at the sending time (which may be any time), the server-side timestamp is 12:38:12, the client-side timestamp is 12:38:09, the time of the client is 3s slower than that of the server side, and the first time difference between the client-side timestamp and the server-side timestamp is 3 s.
Here, when new user identity information needs to be generated, the client needs to obtain a current timestamp corresponding to a generation time, for example, when the user identity information needs to be generated at the time of 15:01:23, the current timestamp is 15:01: 23.
And after the current timestamp corresponding to the moment of generating the user identity information is obtained, generating a feature code according to the key information, the current timestamp corresponding to the moment of generating the user identity information and the first time difference value based on a preset time interval.
Specifically, firstly, a target timestamp t is determined according to the current timestamp and the first time difference value; when the server-side timestamp is greater than the client-side timestamp, determining the sum of the current timestamp and the first time difference value as the target timestamp; and when the server-side timestamp is smaller than the client-side timestamp, determining the absolute value of the difference between the current timestamp and the first time difference value as the target timestamp t.
For example, the current timestamp is 15:01:23, the first time difference value is 3s, and when the server-side timestamp is greater than the client-side timestamp, the target timestamp t is 15:01: 26; and when the server-side timestamp is less than the client-side timestamp, then the target timestamp t is 15:01: 20.
Then, according to a preset time interval, the feature code s is determined according to the formula (1), where the preset time interval may be determined according to the requirement of an actual scene, such as 2 s:
s=F(key,t) (1)
in formula (1), t is a target timestamp; the key is key information which is sent to the client by the server after the user successfully logs in, and each user has unique key information; f is a reversible hash algorithm or a one-way hash algorithm; the one-way hash algorithm may include: md5, sha-256, crc32 algorithm, etc.; the reversible encryption algorithm comprises: symmetric encryption algorithms and asymmetric encryption algorithms, such as encryption algorithms like RSA, DSA, etc.
Specifically, for example, the target timestamp is 1516070451, the key information is aiugpiagguiauhsdphausdasfhf, and when the signature code is determined by using the md5 algorithm, the following is implemented:
the feature code 5223e9b30065d3346de87 daeeeeaea 5f was obtained using S ═ md5(1516070451 aiugpiagwiwiuahssdpfuhasdfasdhf).
Similarly, if the target timestamp is 1516070451, for example, when the signature s is obtained by using the asymmetric encryption algorithm RSA, the following is implemented:
after the client successfully logs in, the server generates a pair of public key and private key for the user by using RSA encryption algorithm, the public key is issued to the client, and the private key is stored by the server. After the client receives the public key, the target timestamp 1516070451 is encrypted by using the RSA encryption algorithm, and the final encryption result is the feature code s.
For example, the target timestamp is 1516070451, and when the signature s is obtained by using a symmetric encryption algorithm DSA, the following is implemented:
after the client successfully logs in, the server generates a key message for the user by using a symmetric encryption algorithm (DSA), and sends the key message to the client. After receiving the key information, the client encrypts the target timestamp 1516070451 using a DSA encryption algorithm, and the final encryption result is the signature s.
After the feature code is generated, when the client sends a request to the server, the js page of the client writes the feature code into the first identity information cookie of the user, generates the current identity information of the user, and sends the current identity information to the server, so that the server can detect whether the user is a normal user or not based on the current identity information.
When the receiving unit 21 receives the current identity information, the obtaining unit 22 is configured to extract and identify a feature code in the current identity information according to the feature code.
After the feature code is extracted, the decryption unit 22 is configured to decrypt, by using a reversible decryption algorithm, the feature code to obtain the target timestamp of the client, specifically as follows:
when the encryption algorithm used by the client is the RSA encryption algorithm, the decryption unit 23 obtains the identity authentication identifier in the current identity information; searching key information key distributed for the user based on the identity authentication identifier in the cookie; here, since the RSA encryption algorithm is an asymmetric encryption algorithm, the server allocates public key information to the user, and then finds out private key information corresponding to the public key information, where the key information key is the private key information.
Then, the feature code is decrypted by using a corresponding decryption algorithm formula (2), and a target timestamp t of the client is obtained:
t=F'(key,s) (2)
in formula (2), s is the signature, and F' is a reversible decryption algorithm corresponding to the RSA encryption algorithm.
Similarly, if the client is the feature code calculated by using the reversible encryption algorithm DSA, the decryption unit 23 decrypts the feature code in the same manner as described above. Different from the decryption algorithm corresponding to the RSA encryption algorithm, the decryption unit 23 searches the key information key allocated to the user based on the identity authentication identifier in the current identity information cookie by using the decryption algorithm corresponding to the DSA encryption algorithm, and the key information is shared by the server and the client.
Further, if the client is the feature code calculated by using the one-way hash algorithm, the client sends the target timestamp t to the server together when sending the request to the server.
After the target timestamp is obtained, the determining unit 24 is configured to obtain a first timestamp corresponding to the server at the decryption time, and determine a second time difference according to the first timestamp and the target timestamp of the client; specifically, a formula (3) may be used to determine a second time difference value P according to the first time stamp and the target time stamp of the client:
P=t'–t (3)
in equation (3), t' is the first timestamp.
When the second time difference P is determined, the detecting unit 25 is configured to detect the user identity information based on the second time difference and a preset detection condition.
Specifically, when the detecting unit 25 detects that the second time difference satisfies the detecting condition | P | ≦ d, it is determined that the user is a normal user; when the detecting unit 25 detects that the second time difference satisfies the detection condition | P | > d, it is determined that the user is an abnormal user; d is a preset time threshold value, is generally different from 5 s to 30s, and can be set according to an actual application scene.
Alternatively, if the client is a feature code calculated by using the one-way hash algorithm, the detecting unit 25 may further detect whether the user is a normal user by using the following method:
similarly, a second time difference value P is calculated by using formula (3) to obtain the target timestamp t and the first timestamp t' corresponding to the server decryption time:
when | P | > d, directly rejecting the request of the user; if | P | is less than or equal to d, searching key information key distributed to the user according to the identity authentication information identifier in the current identity information cookie, then calculating a feature code according to the key information and a target timestamp t by using a corresponding one-way hash algorithm according to the same calculation method as the client, and if the feature code calculated by the server is consistent with the feature code calculated by the client, indicating that the user is a normal user; and if the feature code calculated by the server is not consistent with the feature code calculated by the client, the user is an abnormal user.
Therefore, the identity information of the user can be detected, and if the user is determined to be an abnormal user, the request sent by the user is directly rejected, so that the order of the live broadcast platform is ensured.
Further, the validity period T of the feature code in this embodiment is determined by the time density k of the target timestamp T and the time threshold d, and may be specifically determined according to formula (4):
T=2*d/k (4)
for example, the preset time interval is 2s, that is, the client calculates the feature code every 2s, the time density k of T is 0.5, and if the time threshold d is set to 3s, the valid period T of the feature code is 2 × 5/0.5 at maximum, which is 12 seconds. That is, the signature is valid for 12s, i.e. after a hacker has stolen the signature, it may be accepted that the request was sent within 12s, but the request sent after 12s must be rejected.
If the signature is calculated at 1 st s and the request is sent at 3 rd s, then the signature on the request has actually passed 2 seconds. The server determines that the second difference is 2 seconds, less than 3, after checking, so the request is accepted. But a hacker can only use the signature in the 1 st second after stealing it.
If a request is sent with the signature code immediately after the signature code is calculated in the 1 st s, the hacker can use the signature code in the next 3 seconds after stealing the request.
In general, the client timestamp and the server timestamp are almost different, so that the value of P is always around 0. After the hacker steals the cookie, the validity period of the signature code will be only half of the above-mentioned case, i.e., T ═ d/k.
EXAMPLE III
The present embodiment further provides a computer device for detecting user identity information, as shown in fig. 3, the computer device includes: radio Frequency (RF) circuitry 310, memory 320, input unit 330, display unit 340, audio circuitry 350, WiFi module 360, processor 370, and power supply 380. Those skilled in the art will appreciate that the computer device configuration illustrated in FIG. 3 does not constitute a limitation of computer devices, and may include more or fewer components than those illustrated, or some components may be combined, or a different arrangement of components.
The following describes the components of the computer device in detail with reference to fig. 3:
RF circuitry 310 may be used for receiving and transmitting signals, and in particular, for receiving downlink information from base stations and processing the received downlink information to processor 370. In general, the RF circuit 310 includes, but is not limited to, at least one Amplifier, transceiver, coupler, Low Noise Amplifier (LNA), duplexer, and the like.
The memory 320 may be used to store software programs and modules, and the processor 370 may execute various functional applications of the computer device and data processing by operating the software programs and modules stored in the memory 320. The memory 320 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to use of the computer device, and the like. Further, the memory 320 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
The input unit 330 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the computer apparatus. Specifically, the input unit 330 may include a keyboard 331 and other input devices 332. The keyboard 331 can collect the input operation of the user thereon and drive the corresponding connection device according to a preset program. The keyboard 331 collects the output information and sends it to the processor 370. The input unit 330 may include other input devices 332 in addition to the keyboard 331. In particular, other input devices 332 may include, but are not limited to, one or more of a touch panel, function keys (such as volume control keys, switch keys, etc.), a trackball, a mouse, a joystick, and the like.
The display unit 340 may be used to display information input by a user or information provided to the user and various menus of the computer device. The Display unit 340 may include a Display panel 341, and optionally, the Display panel 341 may be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like. Further, the keyboard 331 may cover the display panel 341, and when the keyboard 331 detects a touch operation on or near the keyboard 331, the keyboard 331 transmits the touch event to the processor 370 to determine the type of the touch event, and then the processor 370 provides a corresponding visual output on the display panel 341 according to the type of the input event. Although the keyboard 331 and the display panel 341 are shown in fig. 3 as two separate components to implement input and output functions of the computer device, in some embodiments, the keyboard 331 and the display panel 341 may be integrated to implement input and output functions of the computer device.
Audio circuitry 350, speaker 351, microphone 352 may provide an audio interface between a user and a computer device. The audio circuit 350 may transmit the electrical signal converted from the received audio data to the speaker 351, and the electrical signal is converted into a sound signal by the speaker 351 and output;
WiFi belongs to short-distance wireless transmission technology, and computer equipment can help a user to receive and send e-mails, browse webpages, access streaming media and the like through the WiFi module 360, and provides wireless broadband internet access for the user. Although fig. 3 shows the WiFi module 360, it is understood that it does not belong to the essential constitution of the computer device, and may be omitted entirely as needed within the scope not changing the essence of the invention.
The processor 370 is a control center of the computer device, connects various parts of the entire computer device using various interfaces and lines, performs various functions of the computer device and processes data by operating or executing software programs and/or modules stored in the memory 320 and calling data stored in the memory 320, thereby monitoring the computer device as a whole. Alternatively, processor 370 may include one or more processing units; preferably, the processor 370 may be integrated with an application processor, wherein the application processor primarily handles operating systems, user interfaces, application programs, and the like.
The computer device also includes a power supply 380 (such as a power adapter) for powering the various components, which may preferably be logically connected to the processor 370 through a power management system.
The method, the server and the computer equipment for detecting the user identity information provided by the embodiment of the invention have the following beneficial effects that:
the invention provides a method, a server and computer equipment for detecting user identity information, wherein the method is applied to a live broadcast platform and comprises the following steps: receiving request information sent by a client, wherein the request information contains current identity information of the client; acquiring a feature code in the current identity information; decrypting the feature code by using a reversible decryption algorithm to obtain a target timestamp of the client; the target timestamp is determined according to a current timestamp corresponding to the time when the client generates the feature code and a first time difference value, wherein the first time difference value is a time difference value between a server-side timestamp and a client-side timestamp; acquiring a first time stamp corresponding to a server side at a decryption time, and determining a second time difference value according to the first time stamp and a target time stamp of the client side; detecting user identity information based on the second time difference and a preset detection condition, and determining that the user is a normal user when the second time difference meets the preset detection condition; therefore, after the server receives the request information sent by the client, the server decrypts the feature codes in the user identity information to obtain a target timestamp of the client, then determines a second time difference value between the target timestamp and a first timestamp corresponding to the server at the decryption time, and determines that the user is a normal user when the second time difference value meets a preset detection condition; when the second time difference does not meet the preset detection condition, determining that the user is an abnormal user; therefore, the abnormal user can be accurately identified, so that the request of the abnormal user is rejected, the client generates the feature code according to the timestamp and the key information, the feature code is written into the first identity information of the user, the current identity information cookie of the user is generated, the cracking difficulty is improved, and even if a hacker steals the cookie of the normal user, the hacker cannot forge a new cookie without acquiring the key information; even if the key information is cracked, the cookie is quickly invalidated due to the time relationship, so that the cookie cannot be disguised as a normal user to send some abnormal requests to the server, and the live broadcast order of the live broadcast platform is further ensured.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functionality of some or all of the components of a gateway, proxy server, system according to embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on a computer-readable storage medium or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
The above description is only exemplary of the present invention and should not be taken as limiting the scope of the present invention, and any modifications, equivalents, improvements, etc. that are within the spirit and principle of the present invention should be included in the present invention.