技术领域technical field
本发明涉及互联网技术领域,尤其涉及一种游戏数据的安全加密、解密方法和加密、解密装置。The present invention relates to the field of Internet technology, and in particular, to a secure encryption and decryption method and an encryption and decryption device for game data.
背景技术Background technique
随着科学技术的不断发展,计算机已经广泛普及,给人们的工作和生活带来了诸多便利。随着计算机游戏的日益风靡,游戏的种类越来越多,数量越来越大,人们需要统一的提供游戏的平台。现在有一些客户端或者搜索引擎能够充当这样的平台,但是仅限于提供计算机游戏安装包,用户需要下载计算机游戏安装包至计算机并进行安装才能使用。由于网页游戏不需要下载、安装,随时登录网址即可进行,且由于网页游戏的数据都存储在服务器或者云端,利用账号在任何终端设备上都可进行,因而近几年网页游戏日渐盛行。如何安全、高效地向用户提供游戏数据是现在需要解决的一个大问题。网页游戏需要浏览器支持,目前网页游戏的提供商需要自己开发插件,以使得浏览器能够调用到网页游戏并加载。几乎针对每款游戏,都要开发一插件,从而造成极大的人力浪费;而且在终端,插件运行,启动ES,在具有权限限制的系统下当用户主动利用高等权限接入浏览器或者在没有权限限制的系统下接入浏览器时,由于插件被各种开发商提供,插件能够操作终端内硬盘上的所有数据,用户终端的安全性难以得到保证,导致浏览器爆出安全漏洞。在服务器向用户终端提供游戏数据的过程,如果游戏请求数据或者游戏数据被劫持,那么终端可能接收到威胁信息,也可能导致浏览器爆出安全漏洞。With the continuous development of science and technology, computers have been widely popularized, bringing a lot of convenience to people's work and life. With the increasing popularity of computer games, more and more types and numbers of games, people need a unified platform for providing games. Now there are some clients or search engines that can act as such platforms, but they are limited to providing computer game installation packages. Users need to download the computer game installation packages to the computer and install them before using them. Since web games do not need to be downloaded and installed, they can be played at any time by logging in to the website, and because the data of web games are stored on the server or cloud, and can be played on any terminal device using an account, web games have become increasingly popular in recent years. How to provide game data to users safely and efficiently is a big problem that needs to be solved now. Web games need browser support. Currently, providers of web games need to develop their own plug-ins so that browsers can call and load web games. For almost every game, a plug-in must be developed, which results in a huge waste of manpower; and in the terminal, the plug-in runs, starts the ES, and in the system with permission restrictions, when the user actively uses the high authority to access the browser or does not have it. When accessing a browser under a system with limited permissions, since the plug-in is provided by various developers, the plug-in can operate all the data on the hard disk of the terminal, and the security of the user terminal cannot be guaranteed, resulting in security holes in the browser. During the process of the server providing game data to the user terminal, if the game request data or the game data is hijacked, the terminal may receive threat information, which may also lead to a security hole in the browser.
发明内容SUMMARY OF THE INVENTION
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的做一种游戏数据的安全校验方法和装置。In view of the above problems, the present invention is proposed to provide a method and device for security verification of game data that overcomes the above problems or at least partially solves the above problems.
本发明的一个方面,提供了一种游戏数据的安全加密方法,该方法包括:One aspect of the present invention provides a security encryption method for game data, the method comprising:
获取游戏数据;Get game data;
计算所述游戏数据的特征码值;Calculate the feature code value of the game data;
对所获取的特征码值进行非对称运算,生成游戏数据的加密数据;Perform an asymmetric operation on the acquired feature code value to generate encrypted data of the game data;
将所述游戏数据的加密数据发送至浏览器客户端。Send the encrypted data of the game data to the browser client.
可选的,所述特征码为游戏数据的MD5值。Optionally, the feature code is the MD5 value of the game data.
可选的,该方法还包括:Optionally, the method further includes:
预先设置域名列表和白名单;Pre-set domain name list and whitelist;
在接入一款游戏时,赋予其域名和Gkey值,根据所赋予的域名、Gkey值对所述域名列表、白名单进行更新,并根据游戏数据的存储地址配置存储路径信息。When accessing a game, assign its domain name and Gkey value, update the domain name list and whitelist according to the assigned domain name and Gkey value, and configure storage path information according to the storage address of game data.
可选的,根据所请求的进程获取游戏数据。Optionally, obtain game data according to the requested process.
可选的,该方法还包括:Optionally, the method further includes:
接收来自浏览器客户端的游戏请求;Receive game requests from browser clients;
解析所述游戏请求,以确定所请求游戏的唯一标识,并基于所述唯一标识确定其存储路径;Parse the game request to determine the unique identifier of the requested game, and determine its storage path based on the unique identifier;
根据所述存储路径直接获取所述游戏数据的加密数据,或者根据所述存储路径获取所述游戏数据。The encrypted data of the game data is directly obtained according to the storage path, or the game data is obtained according to the storage path.
可选的,所述唯一标识为与游戏对应的域名或者G-key值。Optionally, the unique identifier is a domain name or a G-key value corresponding to the game.
本发明还提供一种游戏数据的安全解密方法,该方法包括:The present invention also provides a security decryption method for game data, the method comprising:
通过浏览器网页发送游戏运行请求;Send the game running request through the browser webpage;
从浏览器服务器接收加密游戏数据;receive encrypted game data from the browser server;
对所述加密游戏数据进行解密,并利用一插件加载所述解密后的游戏数据以在网页运行所述游戏,该插件具有预定接口,与游戏数据的接口相对应。Decrypt the encrypted game data, and use a plug-in to load the decrypted game data to run the game on the web page, the plug-in has a predetermined interface corresponding to the interface of the game data.
可选的,该方法在步骤:通过浏览器网页发送游戏运行请求,之后,还包括:Optionally, the method includes the steps of: sending a game running request through a browser webpage, and after that, it further includes:
接收浏览器服务器返回的响应数据;Receive the response data returned by the browser server;
基于所述响应数据查找并打开该插件。Find and open the plugin based on the response data.
可选的,如果没有查找到该插件,则基于所述响应数据去获取插件安装包,并进行所述插件的安装,所述打开该插件具体包括:利用所述响应数据对该插件进行初始化,并加载该插件。Optionally, if the plug-in is not found, the plug-in installation package is obtained based on the response data, and the plug-in is installed, and the opening of the plug-in specifically includes: initializing the plug-in by using the response data, and load the plugin.
如果不需要,则直接加载所述解密后的游戏数据。If not required, directly load the decrypted game data.
可选的,该插件配置有Gkey参数,所述Gkey参数用于被赋值游戏的唯一标识码。Optionally, the plug-in is configured with a Gkey parameter, and the Gkey parameter is used to assign a unique identification code of the game.
本发明还提供一种游戏数据的安全加密装置,该装置包括:The present invention also provides a security encryption device for game data, the device comprising:
获取模块,用于获取游戏数据;The acquisition module is used to acquire game data;
特征码值计算模块,用于计算所述游戏数据的特征码值;A feature code value calculation module for calculating the feature code value of the game data;
非对称运算模块,用于对所获取的特征码值进行非对称运算,生成游戏数据的加密数据;The asymmetric operation module is used to perform asymmetric operation on the acquired feature code value to generate encrypted data of the game data;
第一发送模块,用于将所述游戏数据的加密数据发送至浏览器客户端。The first sending module is configured to send the encrypted data of the game data to the browser client.
可选的,所述特征码值计算模块为MD5值计算模块。Optionally, the feature code value calculation module is an MD5 value calculation module.
可选的,该装置还包括:Optionally, the device further includes:
预置模块,用于预先设置域名列表和白名单;The preset module is used to preset the domain name list and white list;
更新配置模块,用于在接入一款游戏时,赋予其域名和Gkey值,根据所赋予的域名、Gkey值对所述域名列表、白名单进行更新,并根据游戏数据的存储地址配置存储路径信息。The update configuration module is used to assign a domain name and Gkey value to a game when accessing it, update the domain name list and whitelist according to the assigned domain name and Gkey value, and configure the storage path according to the storage address of the game data information.
可选的,所述获取模块根据所配置的存储路径信息获取游戏数据。Optionally, the acquiring module acquires game data according to the configured storage path information.
可选的,所述获取模块根据所请求的进程获取游戏数据。Optionally, the obtaining module obtains game data according to the requested process.
可选的,该装置还包括:Optionally, the device further includes:
第一接收模块,用于接收来自浏览器客户端的游戏请求;The first receiving module is used to receive the game request from the browser client;
游戏请求解析模块,用于解析所述游戏请求,以确定所请求游戏的唯一标识,并基于所述唯一标识确定其存储路径;a game request parsing module, configured to parse the game request to determine the unique identifier of the requested game, and determine its storage path based on the unique identifier;
所述获取模块根据所述存储路径直接获取所述游戏数据的加密数据,或者根据所述存储路径获取所述游戏数据。The obtaining module directly obtains the encrypted data of the game data according to the storage path, or obtains the game data according to the storage path.
可选的,所述唯一标识为与游戏对应的域名或者G-key值。Optionally, the unique identifier is a domain name or a G-key value corresponding to the game.
本发明还提供一种游戏数据的安全解密装置,该装置包括:The present invention also provides a security decryption device for game data, the device comprising:
第二发送模块,用于通过浏览器网页发送游戏运行请求;The second sending module is used to send the game running request through the browser webpage;
第二接收模块,用于从浏览器服务器接收加密游戏数据;a second receiving module, configured to receive encrypted game data from the browser server;
解密模块,用于利用插件机制对所述加密游戏数据进行解密,该插件具有预定接口,与游戏数据的接口相对应;a decryption module for decrypting the encrypted game data by using a plug-in mechanism, the plug-in having a predetermined interface corresponding to the interface of the game data;
处理模块,用于根据所述解密后的游戏数据生成网页以运行所述游戏。A processing module, configured to generate a web page according to the decrypted game data to run the game.
可选的,所述第二接收模块,还用于接收浏览器服务器返回的响应数据;Optionally, the second receiving module is further configured to receive response data returned by the browser server;
所述处理模块,用于基于所述响应数据初始化插件并加载该插件。The processing module is configured to initialize a plug-in based on the response data and load the plug-in.
该插件设置有Gkey参数,所述处理模块基于所述响应数据将游戏的唯一标识码赋予所述Gkey参数。The plug-in is provided with a Gkey parameter, and the processing module assigns the unique identification code of the game to the Gkey parameter based on the response data.
本申请实施例中提供的技术方案,至少具有如下技术效果或优点:The technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
在本申请实施例中,通过对游戏数据的加密处理,能够保证游戏数据的安全。In the embodiment of the present application, the security of the game data can be ensured by encrypting the game data.
尤其通过浏览器平台推送游戏时,即通过通用浏览器插件加载游戏数据实现网页游戏时,能够对第三方提供的游戏数据进行安全校验,从而避免游戏请求数据被劫持导致的不正当数据的提供,而且在检验游戏数据失败的情况下,能够自动触发重新请求数据的流程,因此能够对游戏数据的异常情况进行自动修复。Especially when the game is pushed through the browser platform, that is, when the game data is loaded through the general browser plug-in to realize the web game, the game data provided by the third party can be safely verified, so as to avoid the provision of improper data caused by the hijacking of the game request data. , and in the case of failure to verify the game data, the process of re-requesting data can be automatically triggered, so the abnormal situation of the game data can be automatically repaired.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.
附图说明Description of drawings
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are for the purpose of illustrating preferred embodiments only and are not to be considered limiting of the invention. Also, the same components are denoted by the same reference numerals throughout the drawings. In the attached image:
图1示出了根据本发明一个实施例的一种对游戏数据进行安全加密的方法的流程图;1 shows a flowchart of a method for securely encrypting game data according to an embodiment of the present invention;
图2示出了根据本发明一个具体实施例的运行网页游戏的流程图;FIG. 2 shows a flow chart of running a web game according to a specific embodiment of the present invention;
图3示出了根据本发明一个实施例的一种对游戏数据进行安全解密的方法的流程图;3 shows a flowchart of a method for securely decrypting game data according to an embodiment of the present invention;
图4示出了根据本发明一个实施例的一种对游戏数据进行安全加密的装置的结构图;FIG. 4 shows a structural diagram of an apparatus for securely encrypting game data according to an embodiment of the present invention;
图5示出了根据本发明一个实施例的一种对游戏数据进行安全解密的装置的结构图。FIG. 5 shows a structural diagram of an apparatus for securely decrypting game data according to an embodiment of the present invention.
具体实施方式Detailed ways
下面详细描述本发明的实施例,所述实施例的示例在附图中示出,其中自始至终相同或类似的标号标识相同或类似的元件或具有相同或类似功能的元件。下面通过参考附图描述的实施例是示例性的,仅用于解释本发明,而不能解释为对本发明的限制。The following describes in detail the embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein the same or similar reference numerals identify the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain the present invention, but not to be construed as a limitation of the present invention.
本技术领域技术人员可以理解,除非特意声明,这里使用的单数形式“一”、“一个”、“所述”和“该”也可包括复数形式。应该进一步理解的是,本发明的说明书中使用的措辞“包括”是指存在所述特征、整数、步骤、操作、元件和/或组件,但是并不排除存在或添加一个或多个其他特征、整数、步骤、操作、元件、组件和/或它们的组。应该理解,当我们称元件被“连接”或“耦接”到另一元件时,它可以直接连接或耦接到其他元件,或者也可以存在中间元件。此外,这里使用的“连接”或“耦接”可以包括无线连接或无线耦接。这里使用的措辞“和/或”包括一个或更多个相关联的列出项的全部或任一单元和全部组合。It will be understood by those skilled in the art that the singular forms "a", "an", "the" and "the" as used herein can include the plural forms as well, unless expressly stated otherwise. It should be further understood that the word "comprising" used in the description of the present invention refers to the presence of stated features, integers, steps, operations, elements and/or components, but does not exclude the presence or addition of one or more other features, Integers, steps, operations, elements, components and/or groups thereof. It will be understood that when we refer to an element as being "connected" or "coupled" to another element, it can be directly connected or coupled to the other element or intervening elements may also be present. Furthermore, "connected" or "coupled" as used herein may include wirelessly connected or wirelessly coupled. As used herein, the term "and/or" includes all or any element and all combination of one or more of the associated listed items.
本技术领域技术人员可以理解,除非另外定义,这里使用的所有术语(包括技术术语和科学术语),具有与本发明所属领域中的普通技术人员的一般理解相同的意义。还应该理解的是,诸如通用字典中定义的那些术语,应该被理解为具有与现有技术的上下文中的意义一致的意义,并且除非像这里一样被特定定义,否则不会用理想化或过于正式的含义来解释。It will be understood by those skilled in the art that, unless otherwise defined, all terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. It should also be understood that terms, such as those defined in a general dictionary, should be understood to have meanings consistent with their meanings in the context of the prior art and, unless specifically defined as herein, should not be interpreted in idealistic or overly formal meaning to explain.
本技术领域技术人员可以理解,这里所使用的“终端”、“终端设备”既包括无线信号接收器的设备,其仅具备无发射能力的无线信号接收器的设备,又包括接收和发射硬件的设备,其具有能够在双向通信链路上,执行双向通信的接收和发射硬件的设备。这种设备可以包括:蜂窝或其他通信设备,其具有单线路显示器或多线路显示器或没有多线路显示器的蜂窝或其他通信设备;PCS(Personal Communications Service,个人通信系统),其可以组合语音、数据处理、传真和/或数据通信能力;PDA(Personal Digital Assistant,个人数字助理),其可以包括射频接收器、寻呼机、互联网/内联网访问、网络浏览器、记事本、日历和/或GPS(Global Positioning System,全球定位系统)接收器;常规膝上型和/或掌上型计算机或其他设备,其具有和/或包括射频接收器的常规膝上型和/或掌上型计算机或其他设备。这里所使用的“终端”、“终端设备”可以是便携式、可运输、安装在交通工具(航空、海运和/或陆地)中的,或者适合于和/或配置为在本地运行,和/或以分布形式,运行在地球和/或空间的任何其他位置运行。这里所使用的“终端”、“终端设备”还可以是通信终端、上网终端、音乐/视频播放终端,例如可以是PDA、MID(Mobile Internet Device,移动互联网设备)和/或具有音乐/视频播放功能的移动电话,也可以是智能电视、机顶盒等设备。Those skilled in the art can understand that the "terminal" and "terminal device" used here include both a wireless signal receiver device that only has a wireless signal receiver without transmission capability, and a device that includes receiving and transmitting hardware. A device having receive and transmit hardware capable of performing two-way communications over a two-way communication link. Such equipment may include: cellular or other communication equipment, which has a single-line display or a multi-line display or a cellular or other communication device without a multi-line display; PCS (Personal Communications Service), which can combine voice, data Processing, fax and/or data communication capabilities; PDA (Personal Digital Assistant), which may include a radio frequency receiver, pager, Internet/Intranet access, web browser, notepad, calendar and/or GPS (Global Positioning System) receiver; conventional laptop and/or palmtop computer or other device having and/or including a conventional laptop and/or palmtop computer or other device with a radio frequency receiver. As used herein, "terminal", "terminal equipment" may be portable, transportable, mounted in a vehicle (air, marine and/or land), or adapted and/or configured to operate locally, and/or In distributed form, run at any other location on Earth and/or in space. The "terminal" and "terminal device" used here can also be a communication terminal, an Internet terminal, and a music/video playing terminal, such as a PDA, a MID (Mobile Internet Device) and/or a music/video playing terminal. It can also be a smart TV, a set-top box and other devices.
本技术领域技术人员可以理解,这里所使用的服务器、云端、远端网络设备等概念,具有等同效果,其包括但不限于计算机、网络主机、单个网络服务器、多个网络服务器集或多个服务器构成的云。在此,云由基于云计算(Cloud Computing)的大量计算机或网络服务器构成,其中,云计算是分布式计算的一种,由一群松散耦合的计算机集组成的一个超级虚拟计算机。本发明的实施例中,远端网络设备、终端设备与WNS服务器之间可通过任何通信方式实现通信,包括但不限于,基于3GPP、LTE、WIMAX的移动通信、基于TCP/IP、UDP协议的计算机网络通信以及基于蓝牙、红外传输标准的近距无线传输方式。Those skilled in the art can understand that concepts such as server, cloud, and remote network devices used herein have equivalent effects, including but not limited to computers, network hosts, a single network server, multiple network server sets, or multiple servers Composition of clouds. Here, the cloud is composed of a large number of computers or network servers based on cloud computing, wherein cloud computing is a kind of distributed computing, a super virtual computer composed of a group of loosely coupled computer sets. In the embodiment of the present invention, the communication between the remote network device, the terminal device and the WNS server can be implemented by any communication method, including but not limited to, mobile communication based on 3GPP, LTE, and WIMAX, and communication based on TCP/IP and UDP protocols. Computer network communication and short-range wireless transmission based on Bluetooth and infrared transmission standards.
本领域技术人员应当理解,本发明所称的“应用”、“应用程序”、“应用软件”以及类似表述的概念,是业内技术人员所公知的相同概念,是指由一系列计算机指令及相关数据资源有机构造的适于电子运行的计算机软件。除非特别指定,这种命名本身不受编程语言种类、级别,也不受其赖以运行的操作系统或平台所限制。理所当然地,此类概念也不受任何形式的终端所限制。Those skilled in the art should understand that the concepts of "application", "application program", "application software" and similar expressions in the present invention are the same concepts known to those skilled in the art, and refer to a series of computer instructions and related concepts. Data resources are organically constructed computer software suitable for electronic execution. Unless otherwise specified, the naming itself is not limited by the type or level of programming language, nor by the operating system or platform on which it runs. Of course, such concepts are also not limited by any form of terminal.
本发明的方法及其装置,可以通过编程实现为软件,安装到计算机、移动终端等设备中进行运行,这些设备,依其所实现的具体方法和装置的不同,而表现为客户端、服务端等形式。具体而言,本发明提出的游戏数据的安全加密方法及相应装置适宜配置在具有服务器能力的计算机设备中,而构造出一个云端控制系统,向客户端提供游戏数据或者指向提供游戏数据的目标。本发明提出的游戏数据的安全解密方法及相应装置适宜配置在个人计算机与手机、平板电脑等移动终端设备中,以此构造客户端。The method and device of the present invention can be implemented as software through programming, installed in computers, mobile terminals and other equipment for operation. These devices, depending on the specific methods and devices implemented by them, appear as client and server. and other forms. Specifically, the game data security encryption method and corresponding device proposed by the present invention are suitably configured in computer equipment with server capabilities, and a cloud control system is constructed to provide game data to clients or point to the goal of providing game data. The security decryption method and the corresponding device for game data proposed by the present invention are suitably configured in personal computers, mobile terminal devices such as mobile phones and tablet computers, so as to construct a client.
本发明的一个方面,提供了一种游戏数据的安全校验方法,如图1所示,该方法包括:One aspect of the present invention provides a method for security verification of game data, as shown in FIG. 1 , the method includes:
S11.获取游戏数据;S11. Obtain game data;
S12.计算所述游戏数据的特征码值;S12. Calculate the feature code value of the game data;
S13.对所获取的特征码值进行非对称运算,生成游戏数据的加密数据;S13. Perform an asymmetric operation on the acquired feature code value to generate encrypted data of the game data;
S14.将所述游戏数据的加密数据发送至浏览器客户端。S14. Send the encrypted data of the game data to the browser client.
该方法通过对游戏数据的加密处理,能够保证游戏数据的安全。The method can ensure the security of the game data by encrypting the game data.
在步骤S1中,获取的游戏数据是有关运行游戏所需的所有文件,包括exe文件,d11文件等各种格式的文件,这些文件被存储在服务器的预定位置。在响应用户对游戏进程的控制请求,提供相应页面的数据时,服务器基于IE内核加载机制,获取相应页面相关数据。为了保证该相关数据能够被安全地提供给客户端,在利用数字签名私人秘钥签署数据之前,对页面相关数据进行加密运算,作为本发明提出的一种创新的加密方式,先对页面相关数据进行特征值计算,再对计算得出的特征值进行非对称加密。作为优选的一种方式,可采用MD5算法,进行特征值的计算,通过利用MD5加密算法,能够产生一个固定的32位字符串。对所产生的32位固定字符串再利用非对称加密算法,生成一对秘钥,将公钥提供给用户端,用于对其要发送给服务器的请求数据进行加密,而利用私钥对接收的用户发送过来的请求数据进行解密。本领域技术人员都知道,非对称算法虽然安全级别较高,但因其秘钥尺寸较大,且用于加密、解密的时间相比较对称算法较长,一般在游戏数据的安全传送和校验上不进行使用,而本申请针对浏览器客户端利用基于IE内核的插件机制调取服务器上存储的游戏数据来构建网页信息的情况,即一方面该插件需要利用服务器发送的游戏相关身份信息进行初始化,一方面游戏数据存在被截获、伪造的危险,特提出的一种安全机制,由于在这种情况下传送的数据量小,采用非对称算法所带来的速度上的影响可以忽略不计。当然,本申请并不局限应用于上面所述的情况,在传送的数据量不大且安全性要求高的情况下,本申请提出的安全加密方法均可适用。In step S1, the acquired game data is related to all files required to run the game, including files in various formats such as exe files and d11 files, and these files are stored in predetermined locations on the server. When providing data of a corresponding page in response to a user's request for control of the game process, the server obtains the relevant data of the corresponding page based on the IE kernel loading mechanism. In order to ensure that the relevant data can be safely provided to the client, before using the digital signature private key to sign the data, the page-related data is encrypted. As an innovative encryption method proposed by the present invention, the page-related data Perform eigenvalue calculation, and then perform asymmetric encryption on the calculated eigenvalues. As a preferred method, the MD5 algorithm can be used to calculate the characteristic value, and a fixed 32-bit character string can be generated by using the MD5 encryption algorithm. The asymmetric encryption algorithm is used for the generated 32-bit fixed string to generate a pair of secret keys, and the public key is provided to the client to encrypt the request data to be sent to the server, and the private key is used to receive the The request data sent by the user is decrypted. Those skilled in the art know that although the asymmetric algorithm has a higher security level, because of its larger key size and longer time for encryption and decryption than the symmetric algorithm, it is generally used in the secure transmission and verification of game data. However, this application is aimed at the situation where the browser client uses the plug-in mechanism based on the IE kernel to call the game data stored on the server to construct web page information, that is, on the one hand, the plug-in needs to use the game-related identity information sent by the server to carry out. Initialization, on the one hand, the game data is at risk of being intercepted and forged. A security mechanism is specially proposed. Due to the small amount of data transmitted in this case, the impact on the speed brought by the asymmetric algorithm can be ignored. Of course, the application is not limited to the above-mentioned situation, and the security encryption method proposed in this application can be applicable in the case where the amount of transmitted data is not large and the security requirements are high.
为了能够实现利用基于IE内核的插件机制调取服务器上存储的游戏数据来构建网页信息,在服务器端,需要预先设置域名列表和白名单,所述域名列表用于存储为接入的游戏赋予的域名,以用于在浏览器客户端接入,所述白名单用于存储所接入的游戏的身份标识,作为一种优选的实施方式,赋予游戏一Gkey值来作为其唯一标识,所述白名单用来存储所接入的游戏的Gkey值。从而基于所述域名列表和白名单能够判断一款游戏是否是通过鉴权的游戏,即判断用户请求的游戏是否为可以通过所述插件推送的游戏。In order to use the plug-in mechanism based on the IE kernel to call the game data stored on the server to construct web page information, on the server side, a domain name list and a white list need to be set in advance, and the domain name list is used to store the game data assigned to the accessed game. The domain name is used to access the browser client, and the whitelist is used to store the identity of the game to be accessed. As a preferred implementation, a Gkey value is given to the game as its unique identifier. The whitelist is used to store the Gkey value of the connected game. Therefore, based on the domain name list and the whitelist, it can be determined whether a game is an authenticated game, that is, it can be determined whether the game requested by the user is a game that can be pushed through the plug-in.
在浏览器接入一游戏前,需要进行后台配置,所述后台配置包括:赋予游戏域名和Gkey值,并对域名列表、白名单进行更新;配置游戏数据的获取路径,游戏数据至少包括应用程序的DLL(Dynamic Link Library)文件或者EXE文件,当然还包括一些实体内容,如图片、文字以及签名文件。在通过域名解析并确定解析出的Gkey值属于白名单后,加载插件,通过对插件的初始化,赋予其Gkey参数Gkey值,并根据游戏的配置信息对其进行配置。初始化后,插件通过接口基于路径信息和进程信息调用游戏数据,比如DLL(Dynamic LinkLibrary)文件或者EXE文件,在服务器端基于调用请求将这些被调用的游戏数据进行加密处理,包括进行特征值计算,并对所述特征值进行非对称加密,然后将加密后的数据发送给插件,所述插件运行安全机制,对接收的所述加密后的数据进行解密,之后利用解密后的游戏数据构建、渲染网页。Before a browser can access a game, it needs to perform background configuration. The background configuration includes: assigning the game domain name and Gkey value, and updating the domain name list and whitelist; configuring the acquisition path of game data, the game data at least includes application programs The DLL (Dynamic Link Library) file or EXE file, of course, also includes some entity content, such as pictures, text and signature files. After the domain name is parsed and it is determined that the parsed Gkey value belongs to the whitelist, the plug-in is loaded, and the plug-in is initialized, given the Gkey parameter Gkey value, and configured according to the game's configuration information. After initialization, the plug-in calls the game data through the interface based on the path information and process information, such as DLL (Dynamic LinkLibrary) files or EXE files, and encrypts the called game data on the server side based on the call request, including eigenvalue calculation, Asymmetric encryption is performed on the feature value, and then the encrypted data is sent to the plug-in, and the plug-in runs the security mechanism, decrypts the received encrypted data, and then uses the decrypted game data to construct and render Web page.
所述插件是一种电脑程序,遵循一定规范的应用程序接口编写出来,通过和网页浏览器的互动来替所述网页浏览器增加特定功能,即网页浏览器能够调用服务器存储的游戏数据而在网页上执行。所述插件是基于微软插件机制编写,以兼容所有的浏览器,在编写所述插件时,为该插件配置Gkey参数,以用于被赋值将来在浏览器上执行的游戏的唯一标识码。安装该插件后,WEB浏览器能够根据注册该插件时生成的唯一标识来直接调用该插件。现有技术中,一般是一个插件对应一个应用程序,或者说一个插件对应一个游戏,浏览器在请求一些应用程序或者说游戏时,服务器会发送给用户需要安装预定插件的指示,并将插件的下载地址发送给用户,用户只有安装该插件才能在浏览器运行所请求的游戏。一旦这些插件安装上,以后每次启动浏览器的时候,自动从本地加载所有已安装的插件,这也就是为什么现在很多浏览器启动较慢的原因之一。本申请所提出的插件独立于浏览器,通过利用对用户输入域名的解析结果,确定是否调用该插件,在确定需要调用该插件的情况下,再利用该插件在IE内核注册时产生的唯一标识进行该插件的查找和加载,因此该插件并不会拖慢浏览器的启动速度,也不会额外消耗处理资源。由于该插件的设计目的是为了在网页浏览器调用并运行所有的游戏,该插件配置有Gkey参数,利用该插件调用不同的应用程序序时,即为该Gkey参数赋予所调用的应用程序的Gkey值以及相应的配置信息,从而只要编程上插件和游戏的接口一致,该插件就可以加载任何的游戏,从而避免了运行一个游戏就安装一个插件的情况,不仅大大减少了游戏配套插件的开发,只需要安装一次插件,即可兼容所有的具有预定接口的游戏,而且为在运行浏览器时,在不需要运行插件的情况下,即可不启动插件,大大节省了处理资源的消耗。The plug-in is a computer program, which is written in accordance with a certain standard application program interface, and adds specific functions to the web browser by interacting with the web browser, that is, the web browser can call the game data stored by the server to store the game data. implemented on the web page. The plug-in is written based on the Microsoft plug-in mechanism to be compatible with all browsers. When the plug-in is written, the Gkey parameter is configured for the plug-in so as to be assigned the unique identification code of the game to be executed on the browser in the future. After the plug-in is installed, the WEB browser can directly call the plug-in according to the unique identifier generated when the plug-in is registered. In the prior art, a plug-in generally corresponds to an application, or a plug-in corresponds to a game. When the browser requests some applications or games, the server will send an instruction to the user that a predetermined plug-in needs to be installed, and the plug-in's The download address is sent to the user, and the user can run the requested game in the browser only after installing the plug-in. Once these plug-ins are installed, every time the browser is started, all installed plug-ins are automatically loaded locally, which is one of the reasons why many browsers are slow to start now. The plug-in proposed in this application is independent of the browser, and determines whether to call the plug-in by using the analysis result of the domain name input by the user, and when it is determined that the plug-in needs to be called, the unique identifier generated by the plug-in when it is registered in the IE kernel is used. Find and load the plug-in, so the plug-in does not slow down the browser's startup speed or consume additional processing resources. Since the design purpose of this plug-in is to call and run all games in the web browser, the plug-in is configured with Gkey parameters. When using this plug-in to call different application programs, the Gkey parameter of the called application is assigned to the Gkey parameter. value and corresponding configuration information, so as long as the interface of the plug-in and the game is consistent in programming, the plug-in can load any game, thus avoiding the situation of installing a plug-in when running a game, not only greatly reducing the development of game supporting plug-ins, It is only necessary to install the plug-in once to be compatible with all games with a predetermined interface, and when running the browser, the plug-in can not be started without the need to run the plug-in, which greatly saves the consumption of processing resources.
浏览器的后台或者云端维护有和浏览器能够运行的游戏的相关的域名列表和白名单,所述域名列表存储为每个应用程序分配的域名;所述白名单存储有为每个应用程序分配的Gkey值。优选的,浏览器的后台或者云端还维护有针对每个游戏的配置文件,该配置文件可以是dll文件,也可以是exe文件,以指示游戏原始数据、签名数据的获取路径以及加解密信息。作为一种具体实施方式,配置文件与域名列表、白名单通过Gkey值关联。通过上述后台或者云端的维护,达成插件与浏览器服务器的互动。The background of the browser or the cloud maintains a domain name list and a whitelist related to games that the browser can run, and the domain name list stores the domain name assigned to each application; the whitelist stores the domain name assigned to each application. The Gkey value of . Preferably, the background of the browser or the cloud also maintains a configuration file for each game, the configuration file may be a dll file or an exe file, to indicate the acquisition path of game original data, signature data, and encryption and decryption information. As a specific implementation manner, the configuration file is associated with the domain name list and the whitelist through the Gkey value. Through the maintenance of the above background or cloud, the interaction between the plug-in and the browser server is achieved.
当用户在终端输入域名时,浏览器接收该域名请求,并解析域名请求,解析域名的过程可以在终端完成,也可以在浏览器的服务器侧完成,如果在终端完成则需要将域名列表和白名单存储在本地,在浏览器进行升级时,自动更新所述域名列表和白名单,这种情况下,客户端浏览器的升级次数可能会多些,如果在浏览器的服务器侧完成,则只需要服务器侧或者云端维护域名列表和白名单,客户端的浏览器不会因为域名列表和白名单的更新需要升级。比如用户输入域名:http:wan.360.sgkey=ly/skey=1000,首先判断所述输入的域名是否属于域名列表,如果属于,则进一步解析域名,确定游戏唯一标识Gkey值ly,Gkey值是应用程序的唯一标识,尤其目前在计算机游戏,包括客户端游戏和网页游戏方面,每个游戏都会被赋予唯一标识Gkey值,一般是游戏名称首字母缩写。根据所述Gkey值查询白名单,确定是否属于白名单,由此确定该应用程序是浏览器可推送的产品。即将该Gkey值发送至所述插件,以赋值所述其Gkey参数,赋值的具体过程为:根据所述插件在IE内核注册时生成的唯一标识在系统中查找所述插件,将所述Gkey值赋予查找到的所述插件中的所述Gkey参数。在将Gkey值赋予查找到的所述插件中的所述Gkey参数后,调用该插件。通过浏览器提供的API应用程序编程接口访问该插件。插件对应有压缩在一起的插件属性文件,包括一个Manifest文件,一个或多个超文本标记语言HTML文件,可选的一个或多个javascript文件,可选的任何需要的其他文件(例如图片)。其中,Manifest文件一般为json格式,其中包含了插件的基本信息,例如最重要的文件列表,应用(扩展)所需要的权限等。在开发插件时,已将这些文件都放到同一个目录下,发布插件时,这个目录下的文件全部打包到一个.crx的压缩文件中,浏览器内核在渲染浏览器主框架时,可以在插件属性文件中提取针对插件设置的加载位置,在该加载位置显示游戏的界面。为了使得游戏能够通过插件加载就能够运行,在技术上,游戏需要利用与所述插件一致的编程接口。通过接口,插件直接调用游戏数据。在插件调用游戏数据时,浏览器服务器端对所调用的游戏数据进行加密处理,具体可先对其进行运算,已生成特征码,现有的生成特征码的成熟算法为MD5算法,本申请优选采用MD5算法。然后对生成的特征码进行非对称运算,生成加密数据,将加密数据发送给浏览器客户端,由所述插件进行解密处理。游戏数据可存储在第三方服务器(游戏开发商处服务器)、浏览器服务器或者游戏专用服务器、云端,在此,对应用程序数据的存储位置不做任何限定。本申请通过利用特征码值加密和非对称加密的双重加密的方式,不仅对用户接入游戏请求的响应数据进行上述加密,还对具体游戏数据进行加密,因此能够保证客户端插件的初始化和游戏数据的加载安全地进行,且能够保存游戏提供商对游戏设置的数字签名。When the user enters a domain name on the terminal, the browser receives the domain name request and parses the domain name request. The process of parsing the domain name can be done on the terminal or on the server side of the browser. If it is done on the terminal, the domain name list and white The list is stored locally. When the browser is upgraded, the domain name list and whitelist are automatically updated. In this case, the number of upgrades of the client browser may be more. The server side or the cloud needs to maintain the domain name list and whitelist, and the client browser will not need to be upgraded due to the update of the domain name list and whitelist. For example, if the user enters a domain name: http:wan.360.sgkey=ly/skey=1000, first determine whether the input domain name belongs to the domain name list, if so, then further analyze the domain name to determine the game unique identifier Gkey value ly, Gkey value is The unique identification of the application, especially in the current computer games, including client games and web games, each game will be given a unique identification Gkey value, usually the acronym of the game name. The whitelist is queried according to the Gkey value to determine whether it belongs to the whitelist, thereby determining that the application is a product that can be pushed by the browser. That is, the Gkey value is sent to the plug-in to assign the Gkey parameter. The specific process of the assignment is: searching for the plug-in in the system according to the unique identifier generated by the plug-in when the IE kernel is registered, and assigning the Gkey value to the plug-in. Assign the Gkey parameter in the found plugin. After assigning the Gkey value to the Gkey parameter in the found plug-in, the plug-in is called. The plug-in is accessed through the API application programming interface provided by the browser. The plug-in corresponds to a plug-in property file compressed together, including a Manifest file, one or more hypertext markup language HTML files, optionally one or more javascript files, and optionally any other required files (such as pictures). Among them, the Manifest file is generally in json format, which contains the basic information of the plug-in, such as the most important file list, the permissions required by the application (extension), etc. When developing a plug-in, these files have been placed in the same directory. When publishing a plug-in, all the files in this directory are packaged into a .crx compressed file. When the browser kernel renders the main frame of the browser, it can be The loading position set for the plug-in is extracted from the plug-in property file, and the interface of the game is displayed at the loading position. In order for a game to be able to run after being loaded by a plug-in, technically, the game needs to utilize a programming interface consistent with the plug-in. Through the interface, the plug-in directly calls the game data. When the plug-in calls game data, the browser server encrypts the called game data. Specifically, it can be calculated first, and the feature code has been generated. The existing mature algorithm for generating the feature code is the MD5 algorithm, which is preferred in this application. MD5 algorithm is used. Then an asymmetric operation is performed on the generated feature code to generate encrypted data, and the encrypted data is sent to the browser client for decryption processing by the plug-in. The game data may be stored on a third-party server (server at the game developer), a browser server or a dedicated game server, or the cloud. Here, there is no limitation on the storage location of the application data. By using the double encryption method of feature code value encryption and asymmetric encryption, the present application not only performs the above-mentioned encryption on the response data of the user's game access request, but also encrypts the specific game data, so that the initialization of the client plug-in and the game can be guaranteed The loading of data is performed securely and the game provider's digital signature of the game settings can be saved.
作为一种具体实施方式,用户需要玩网页游戏,如图2所示,过程如下:As a specific implementation, the user needs to play a web game, as shown in Figure 2, the process is as follows:
S31.首先登录浏览器,浏览器打开后,用户需要运行哪个游戏,即通过点击S31. First log in to the browser, after the browser is opened, which game the user needs to run, that is, by clicking
浏览器上的图标或者域名链接,比如用户输入域名请求http:The icon or domain name link on the browser, for example, the user enters the domain name to request http:
wan.360.sgkey=ly1/skey=1000;wan.360.sgkey=ly1/skey=1000;
S32.浏览器客户端基于用户操作生成域名请求;S32. The browser client generates a domain name request based on the user operation;
S33.将该域名请求发送至服务器;S33. Send the domain name request to the server;
S41.服务器将该域名与预先存储的域名列表进行匹配,确定该域名是否属于域名列表(域名列表中存储有浏览器服务器为所有需要通过网页展示的游戏已经分配的域名);S41. The server matches the domain name with a pre-stored domain name list to determine whether the domain name belongs to the domain name list (the domain name list stores the domain names that have been allocated by the browser server for all games that need to be displayed through web pages);
S42。如果是,则服务器会继续对该域名进行解析,否则服务器不对域名进行任何处理,仅返回终端域名无效的提示信息。根据域名编制规则解析所述域名,确定所请求的游戏为ly1(Gkey值);S42. If yes, the server will continue to resolve the domain name, otherwise the server will not do any processing on the domain name, and only return a prompt message that the terminal domain name is invalid. Parse the domain name according to the domain name compilation rules, and determine that the requested game is ly1 (Gkey value);
S43.根据Gkey值ly1查询与其对应的后台配置信息,并将该配置信息发送至终端浏览器;S43. Query the corresponding background configuration information according to the Gkey value ly1, and send the configuration information to the terminal browser;
S34.终端浏览器查询所述插件;S34. The terminal browser queries the plug-in;
S35.如果没有安装,则向服务器发送获取插件安装包的请求;S35. If it is not installed, send a request to the server to obtain the plug-in installation package;
S36.如果已安装,则基于所述配置信息初始化该插件并加载所述插件;S36. If installed, initialize the plug-in based on the configuration information and load the plug-in;
S37.根据所述配置信息调用服务器上的游戏数据以运行ly1游戏。S37. Invoke game data on the server according to the configuration information to run the ly1 game.
在用户下一次想玩ly2游戏时,用户不需要再下载插件,而是根据用户的输入(比如输入域名http:wan.360.sgkey=ly2/skey=1000),浏览器客户端生成域名请求信息,并将该域名请求发送至服务器,服务器将该域名与预先存储的域名列表进行匹配,确定该域名是否属于预先存储的域名列表(域名列表中存储有浏览器运营商为所有需要通过网页展示的应用程序已经分配的域名),如果是,则服务器会继续对该域名进行解析,否则服务器不对域名进行任何处理,仅返回终端域名无效的提示信息。根据域名编制规则解析所述域名,确定所请求的游戏为ly2(Gkey值,游戏的唯一标识码),根据Gkey值ly2查询与其对应的后台配置信息,并将该配置信息发送至终端浏览器,终端浏览器基于所述配置信息初始化插件,然后加载所述插件,插件即可根据所述配置信息直接调用游戏数据以运行ly2游戏。因此,用户只需要安装一次插件,浏览器所有的网页游戏都可进行。由于该插件基于IE内核,其几乎可兼容国内所有的浏览器,如IE浏览器IE6-IE11以及Webkit浏览器均兼容使用。而且,只要游戏程序的开发与插件开发的编程接口一致,浏览器只需要安装一次插件,即可运行所有的网页游戏。相比较目前,每运行一款网页游戏,几乎都要下载一次插件并安装才能运行网页游戏,本申请在安装一次插件后,只要输入域名即可运行各种不同网页游戏,简化了用户操作以及大大缩短网页游戏启动加载的时间。When the user wants to play the ly2 game next time, the user does not need to download the plug-in, but according to the user's input (such as inputting the domain name http:wan.360.sgkey=ly2/skey=1000), the browser client generates the domain name request information , and send the domain name request to the server, and the server matches the domain name with the pre-stored domain name list to determine whether the domain name belongs to the pre-stored domain name list (the domain name list is stored with the browser operator for all the domain names that need to be displayed through the web page) The domain name that has been assigned by the application), if yes, the server will continue to resolve the domain name, otherwise the server will not do any processing on the domain name, and only return the prompt message that the terminal domain name is invalid. Analyze the domain name according to the domain name compilation rules, determine that the requested game is ly2 (Gkey value, the unique identification code of the game), query the corresponding background configuration information according to the Gkey value ly2, and send the configuration information to the terminal browser, The terminal browser initializes the plug-in based on the configuration information, and then loads the plug-in, and the plug-in can directly call the game data according to the configuration information to run the ly2 game. Therefore, users only need to install the plug-in once, and all browser games can be played. Since the plug-in is based on the IE kernel, it is compatible with almost all domestic browsers, such as IE browsers IE6-IE11 and Webkit browsers. Moreover, as long as the development of the game program is consistent with the programming interface developed by the plug-in, the browser only needs to install the plug-in once to run all web games. Compared with the present, every time you run a web game, you almost have to download and install the plug-in once to run the web game. In this application, after installing the plug-in once, you can run various web games as long as you enter the domain name, which simplifies the user operation and greatly improves the efficiency of the game. Shorten the startup and loading time of web games.
实际上在现有技术中,由于浏览器本身对系统权限的限制,比如在winsa或者97下因为权限的设置,一般基于中等权限接入浏览器,一些需要获取系统高级权限的游戏即使在浏览器安装插件也根本无法运行。而本申请的插件是安全的,通用的,其签名能够得到浏览器的认可,因此一些需要获取系统高级权限的游戏也能够通过该插件在浏览器得以运行。在另一方面,由于本申请中插件只是调用游戏,而不对游戏的签名文件进行修改,在游戏通过插件运行时可以获取其签名,从而区分游戏的签名以及插件的签名,方便于做到网络行为责任的归属者,从而便于明确网络安全责任。In fact, in the prior art, due to the limitations of the browser itself on the system permissions, for example, in winsa or 97, because of the permission settings, the browser is generally accessed based on moderate permissions. Installing plugins also doesn't work at all. The plug-in of the present application is safe and universal, and its signature can be recognized by the browser. Therefore, some games that need to obtain advanced system permissions can also be run in the browser through the plug-in. On the other hand, since the plug-in in this application only calls the game without modifying the game's signature file, the game's signature can be obtained when the game runs through the plug-in, thereby distinguishing the game's signature and the plug-in's signature, which is convenient for network behavior The owner of the responsibility, so as to facilitate the clear network security responsibility.
由于插件并不需要改变游戏的数字签名,本申请通过该插件能够将可靠签名的游戏嵌入在浏览器的预定位置,比如嵌入在标题栏或者浮窗上,而将可靠性不确定或者其他原因需要保留数字签名的游戏仅通过域名请求的方式通过插件加载。从而本发明还提出了以两种不同通过网页提供游戏的方式,而且不管采用哪种提供网页游戏的方式,本申请都能提供使用前所述加密方法加密的游戏数据,所述游戏数据包括游戏配置信息以及游戏开始后的运行数据。Since the plug-in does not need to change the digital signature of the game, the application can embed the game with a reliable signature in a predetermined position of the browser through the plug-in, such as in the title bar or floating window. Games that retain digital signatures are only loaded through plugins by way of domain name requests. Therefore, the present invention also proposes two different ways of providing games through web pages, and no matter which way of providing web games is adopted, the present application can provide game data encrypted by using the aforementioned encryption method, and the game data includes game data. Configuration information and running data after the game starts.
在加载插件后,由于已经与游戏建立对应关系,即可对所述游戏进行升级检测;如果需要升级,则根据后台配置信息调用升级数据,以获取游戏的最新数据,运行最新版本的游戏。本申请不需要用户进行任何有关升级的操作,就可保证用户运行的应用程序是最新版本的。After loading the plug-in, since the corresponding relationship with the game has been established, the game can be upgraded and detected; if an upgrade is required, the upgrade data is called according to the background configuration information to obtain the latest data of the game and run the latest version of the game. This application does not require the user to perform any upgrade operation, so that the application program running by the user can be guaranteed to be the latest version.
本发明还提供一种游戏数据的安全解密方法,如图3所示,该方法包括:The present invention also provides a security decryption method for game data, as shown in Figure 3, the method includes:
S21.通过浏览器网页发送游戏运行请求;S21. Send a game running request through a browser webpage;
S22.从浏览器服务器接收加密游戏数据;S22. Receive encrypted game data from the browser server;
S23.对所述加密游戏数据进行解密,并利用一插件加载所述解密后的游戏数据以在网页运行所述游戏,该插件具有预定接口,与游戏数据的接口相对应。S23. Decrypt the encrypted game data, and use a plug-in to load the decrypted game data to run the game on the web page, the plug-in having a predetermined interface corresponding to the interface of the game data.
本申请通过上述安全解密方法,在游戏数据接收异常的情况下,可对数据做放弃处理,在游戏数据接收失败的情况下,可自动进行重复请求,从而可在请求接入游戏以及游戏交互过程中进行自动修复。In the present application, through the above security decryption method, when the game data is received abnormally, the data can be discarded, and when the game data fails to receive, the repeated request can be automatically performed, so that the request to access the game and the game interaction process can be performed. in automatic repair.
在通过浏览器网页发送游戏运行请求后,基于从浏览器服务器返回的响应数据查找并打开该插件。如果没有查找到该插件,则基于所述响应数据去获取插件安装包,并进行所述插件的安装,所述打开该插件具体包括:利用所述响应数据对该插件进行初始化,并启动配该插件。如果基于从浏览器服务器返回的响应数据并不只是查找并打开插件,则浏览器可直接加载反馈的游戏数据或者加密游戏数据。After the game running request is sent through the browser webpage, the plug-in is searched and opened based on the response data returned from the browser server. If the plug-in is not found, obtain a plug-in installation package based on the response data, and install the plug-in. The opening of the plug-in specifically includes: initializing the plug-in by using the response data, and starting the configuration of the plug-in. plugin. If based on the response data returned from the browser server instead of just finding and opening the plug-in, the browser can directly load the feedback game data or encrypt the game data.
所述插件并不作为浏览器的启动项,因此该插件不会增加浏览器的负担,既不会影响浏览器的反应能力。The plug-in is not used as a startup item of the browser, so the plug-in will not increase the burden of the browser, nor will it affect the responsiveness of the browser.
该插件配置有Gkey参数,所述Gkey参数用于被赋值游戏的唯一标识码,针对加载不同的游戏的情况,对该插件进行不同游戏配置信息的初始化。包括所述赋予所述Gkey参数游戏的Gkey值以及为路径参数配置路径信息等,该插件适于加载所有的游戏,只要游戏与插件具有对应的接口,且游戏属于浏览器服务器上的白名单内的游戏。The plug-in is configured with a Gkey parameter, and the Gkey parameter is used to assign a unique identification code of the game. In the case of loading different games, the plug-in is initialized with different game configuration information. Including the Gkey value given to the Gkey parameter game and configuring path information for the path parameter, etc., this plug-in is suitable for loading all games, as long as the game and the plug-in have corresponding interfaces, and the game belongs to the whitelist on the browser server game.
作为本发明的另一方面,本发明还提供一种游戏数据的安全加密装置,该装置可以为具有服务器功能的主机,如图4所示,该装置包括:As another aspect of the present invention, the present invention also provides a security encryption device for game data. The device can be a host with a server function. As shown in FIG. 4 , the device includes:
获取模块50,用于获取游戏数据;an acquisition module 50 for acquiring game data;
特征码值计算模块51,用于计算所述游戏数据的特征码值;The feature code value calculation module 51 is used to calculate the feature code value of the game data;
非对称运算模块52,用于对所获取的特征码值进行非对称运算,生成游戏数据的加密数据;The asymmetric operation module 52 is used to perform asymmetric operation on the acquired feature code value to generate encrypted data of the game data;
第一发送模块53,用于将所述游戏数据的加密数据发送至浏览器客户端。The first sending module 53 is configured to send the encrypted data of the game data to the browser client.
在服务器或者云端响应用户对游戏进程的控制请求,提供相应页面的数据时,服务器基于IE内核加载机制,获取相应页面相关数据。为了保证该相关数据能够被安全地提供给客户端,在利用数字签名私人秘钥签署数据之前,先对页面相关数据进行特征值计算,再对计算得出的特征值进行非对称加密。本申请针对浏览器客户端利用基于IE内核的插件机制调取服务器上存储的游戏数据来构建网页信息的情况,即一方面客户端基于IE内核的插件需要利用服务器发送的游戏相关身份信息进行初始化,另一方面游戏数据存在被截获、伪造的危险,本申请提出的用于服务器端的安全机制,能够保障服务器即使将第三方开发的游戏提供给客户端,也能保障游戏数据是难以破解和被截获伪造的,能够在极大地保障浏览器的安全。When the server or the cloud responds to the user's control request for the game process and provides the data of the corresponding page, the server obtains the relevant data of the corresponding page based on the IE kernel loading mechanism. In order to ensure that the relevant data can be safely provided to the client, before using the digital signature private key to sign the data, first perform feature value calculation on the page-related data, and then perform asymmetric encryption on the calculated feature value. This application is aimed at the situation where the browser client uses the plug-in mechanism based on the IE kernel to call the game data stored on the server to construct web page information, that is, on the one hand, the plug-in based on the IE kernel needs to be initialized by using the game-related identity information sent by the server. On the other hand, there is a danger of game data being intercepted and forged. The security mechanism proposed in this application for the server side can ensure that even if the server provides the game developed by a third party to the client, the game data can be guaranteed to be difficult to crack and to be hacked. Intercepting forged ones can greatly guarantee the security of the browser.
作为一种优选实施方式,所述特征码值计算模块为MD5值计算模块。因为即使两个数据之间有细小区别,其计算出的32位字符串差距也会很大,因此MD5算法在安全校验上具有绝对优势,且不管原始数据量多大,利用MD5计算后均为一个32位字符串,在此字符串基础上进行非对称运算,能够进一步保证数据的安全性,且由于运算数据量少,能够充分体现非对称运算安全级别高的特点,又能不体现非对称运算需要时间长的劣势。As a preferred embodiment, the feature code value calculation module is an MD5 value calculation module. Because even if there is a small difference between the two data, the calculated 32-bit string will be very different, so the MD5 algorithm has an absolute advantage in security verification. A 32-bit string, asymmetric operation is performed on the basis of this string, which can further ensure the security of data, and due to the small amount of operation data, it can fully reflect the high security level of asymmetric operation, and can not reflect asymmetric operation. The disadvantage is that the computation takes a long time.
该装置还包括:The device also includes:
预置模块,用于预先设置域名列表和白名单;The preset module is used to preset the domain name list and white list;
更新配置模块,用于在接入一款游戏时,赋予其域名和Gkey值,根据所赋予的域名、Gkey值对所述域名列表、白名单进行更新,并根据游戏数据的存储地址配置存储路径信息。The update configuration module is used to assign a domain name and Gkey value to a game when accessing it, update the domain name list and whitelist according to the assigned domain name and Gkey value, and configure the storage path according to the storage address of the game data information.
可选的,所述获取模块根据所配置的存储路径信息获取游戏数据,或者根据所述获取模块根据所请求的进程获取游戏数据。Optionally, the obtaining module obtains game data according to the configured storage path information, or obtains game data according to the requested process according to the obtaining module.
可选的,该装置还包括:Optionally, the device further includes:
第一接收模块,用于接收来自浏览器客户端的游戏请求;The first receiving module is used to receive the game request from the browser client;
游戏请求解析模块,用于解析所述游戏请求,以确定所请求游戏的唯一标识,并基于所述唯一标识确定其存储路径;a game request parsing module, configured to parse the game request to determine the unique identifier of the requested game, and determine its storage path based on the unique identifier;
所述获取模块根据所述存储路径直接获取所述游戏数据的加密数据,或者根据所述存储路径获取所述游戏数据。The obtaining module directly obtains the encrypted data of the game data according to the storage path, or obtains the game data according to the storage path.
可选的,所述唯一标识为与游戏对应的域名或者G-key值。Optionally, the unique identifier is a domain name or a G-key value corresponding to the game.
本发明提出的安全加密装置,尤其在服务器上体现,能够为作为游戏推广平台的浏览器提供安全数据,即使推广的是第三方的游戏数据,甚至是存储在第三方服务器上的游戏数据,通过利用本发明提出的安全加密装置,能够为浏览器终端在实时调取游戏数据以生成网页时提供安全校验,保证数据安全。The security encryption device proposed by the present invention, especially embodied on the server, can provide security data for the browser as a game promotion platform, even if the game data of a third party is promoted, or even the game data stored on the third-party server, through The security encryption device provided by the present invention can provide security verification for the browser terminal when retrieving game data in real time to generate a web page, so as to ensure data security.
本发明还提供一种游戏数据的安全解密装置,该安全解密装置在用户终端上体现,如图5所示,该装置具体包括:The present invention also provides a security decryption device for game data. The security decryption device is embodied on a user terminal. As shown in FIG. 5 , the device specifically includes:
第二发送模块61,用于通过浏览器网页发送游戏运行请求;The second sending module 61 is configured to send the game running request through the browser webpage;
第二接收模块62,用于从浏览器服务器接收加密游戏数据;a second receiving module 62, configured to receive encrypted game data from the browser server;
解密模块63,用于利用插件机制对所述加密游戏数据进行解密,该插件具有预定接口,与游戏数据的接口相对应;The decryption module 63 is used for decrypting the encrypted game data using a plug-in mechanism, and the plug-in has a predetermined interface corresponding to the interface of the game data;
处理模块64,用于根据所述解密后的游戏数据生成网页以运行所述游戏。The processing module 64 is configured to generate a web page according to the decrypted game data to run the game.
所述游戏数据包括游戏后台配置信息以及具体游戏运行数据,利用插件机制对所述加密游戏数据进行解密,浏览器客户端通过解密过程能够对校验出异常数据,通过抛弃异常数据、重新进行游戏数据的请求,能够在终端与服务器的交互过程中进行游戏数据交互过程异常的自动修复,能够避免用户截获游戏数据向用户提供异常数据,The game data includes game background configuration information and specific game running data, and the encrypted game data is decrypted by using a plug-in mechanism. The browser client can verify abnormal data through the decryption process. By discarding the abnormal data and replaying the game The data request can automatically repair the abnormality of the game data interaction process during the interaction between the terminal and the server, and can prevent the user from intercepting the game data and providing the user with abnormal data.
可选的,该装置包括:Optionally, the device includes:
第二接收模块,用于接收浏览器服务器返回的响应数据;The second receiving module is used for receiving the response data returned by the browser server;
处理模块,用于基于所述响应数据判断是否需要运行一插件,a processing module for judging whether a plug-in needs to be run based on the response data,
如果需要,则判断终端是否已经安装该插件,如果没有安装,则基于所述响应数据去获取插件安装包,并进行所述插件的安装,如果已安装该插件,则利用所述响应数据对该插件进行初始化,并加载该插件。If necessary, determine whether the terminal has installed the plug-in. If not, obtain the plug-in installation package based on the response data, and install the plug-in. If the plug-in has been installed, use the response data to install the plug-in. The plugin is initialized and the plugin is loaded.
如果不需要,则直接加载所述解密后的游戏数据。If not required, directly load the decrypted game data.
可选的,该插件配置有Gkey参数,所述Gkey参数用于被赋值游戏的唯一标识码。Optionally, the plug-in is configured with a Gkey parameter, and the Gkey parameter is used to assign a unique identification code of the game.
本申请实施例中提供的技术方案,至少具有如下技术效果或优点:The technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
在本申请实施例中,通过对游戏数据的加密处理,能够保证游戏数据的安全。In the embodiment of the present application, the security of the game data can be ensured by encrypting the game data.
尤其通过浏览器平台推送游戏时,即通过通用浏览器插件加载游戏数据实现网页游戏时,能够对第三方提供的游戏数据进行安全校验,从而避免游戏请求数据被劫持导致的不正当数据的提供,而且在检验游戏数据失败的情况下,能够自动触发重新请求数据的流程,因此能够对游戏数据的异常情况进行自动修复。Especially when the game is pushed through the browser platform, that is, when the game data is loaded through the general browser plug-in to realize the web game, the game data provided by the third party can be safely verified, so as to avoid the provision of improper data caused by the hijacking of the game request data. , and in the case of failure to verify the game data, the process of re-requesting data can be automatically triggered, so the abnormal situation of the game data can be automatically repaired.
本申请所述方法能够兼容几乎所有的浏览器(只要是基于IE内核开发的浏览器,比如IE6-IE11,Webkit等),可以加载以预定接口编写的任何游戏,兼容性很强。The method described in this application is compatible with almost all browsers (as long as the browsers are developed based on the IE kernel, such as IE6-IE11, Webkit, etc.), and can load any game written with a predetermined interface, with strong compatibility.
本申请能够通过区分利用用户输入域名加载应用程序的方式,以及利用内嵌、网页下载应用程序的方式,能够将具有可靠签名的应用程序与其他不好确定安全性的第三方签名的应用程序隔离加载运行,能够一方面保证浏览器的安全,又能够使得浏览器可加载广泛数字签名的应用程序。The present application can isolate the applications with reliable signatures from other third-party signed applications whose security is difficult to be determined by distinguishing between the method of using the user input domain name to load the application program and the method of using the embedded and web page to download the application program. Loading and running can ensure the security of the browser on the one hand, and enable the browser to load applications with a wide range of digital signatures.
实际上本发明还提供了利用多种方式以区分地提供应用程序的方法和浏览器,第一种方式是通过为应用程序分配域名从而以响应用户域名请求的方式加载应用程序,这种方式适用于数字签名不十分可靠的应用程序,比如第三方提供的应用程序,尤其是网页游戏、客户端游戏;第二种方式是以应用程序直接嵌入浏览器的预定位置的方式,通过用户点击浏览器网页预定位置直接加载应用程序,第二种方式适应于具有浏览器信赖的数字签名的应用程序,从而本申请还提出了通过浏览器以不同方式向提供不同安全等级的应用程序。In fact, the present invention also provides a method and a browser for providing application programs in various ways. The first method is to load the application program in response to the user's domain name request by assigning a domain name to the application program. This method is suitable for For applications whose digital signatures are not very reliable, such as applications provided by third parties, especially web games and client-side games; the second method is to directly embed the application in the predetermined position of the browser, through the user clicking the browser. The application program is directly loaded at the predetermined position of the webpage, and the second method is suitable for the application program with the digital signature trusted by the browser, so the present application also proposes to provide the application program with different security levels in different ways through the browser.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general-purpose systems can also be used with teaching based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not directed to any particular programming language. It is to be understood that various programming languages may be used to implement the inventions described herein, and that the descriptions of specific languages above are intended to disclose the best mode for carrying out the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
类似地,应当理解,为了精简本申请并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination, unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
此外,本领域的技术人员能够理解,尽管在此的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, it will be understood by those skilled in the art that although some of the embodiments herein include certain features, but not others, included in other embodiments, that combinations of features of the different embodiments are intended to be within the scope of the present invention And form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的网关、代理服务器、系统中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all of the gateways, proxy servers, and systems according to embodiments of the present invention. The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.
本发明提供了下列技术方案:The present invention provides the following technical solutions:
A1、一种游戏数据的安全加密方法,其特征在于,该方法包括:A1. A security encryption method for game data, characterized in that the method includes:
获取游戏数据;Get game data;
计算所述游戏数据的特征码值;Calculate the feature code value of the game data;
对所获取的特征码值进行非对称运算,生成游戏数据的加密数据;Perform an asymmetric operation on the acquired feature code value to generate encrypted data of the game data;
将所述游戏数据的加密数据发送至浏览器客户端。Send the encrypted data of the game data to the browser client.
A2、根据A1所述的方法,其特征还在于,所述特征码为游戏数据的MD5值。A2. The method according to A1, further characterized in that the feature code is the MD5 value of the game data.
A3、根据A1或A2所述的方法,其特征还在于,该方法还包括:A3. The method according to A1 or A2, further characterized in that the method further comprises:
预先设置域名列表和白名单;Pre-set domain name list and whitelist;
在接入一款游戏时,赋予其域名和Gkey值,根据所赋予的域名、Gkey值对所述域名列表、白名单进行更新,并根据游戏数据的存储地址配置存储路径信息。When accessing a game, assign its domain name and Gkey value, update the domain name list and whitelist according to the assigned domain name and Gkey value, and configure storage path information according to the storage address of game data.
A4、根据A3所述的方法,其特征还在于,根据所配置的存储路径信息获取游戏数据。A4. The method according to A3, further characterized in that the game data is acquired according to the configured storage path information.
A5、根据A1-A4任一项所述的方法,其特征还在于,根据所请求的进程获取游戏数据。A5. The method according to any one of A1-A4, further characterized in that the game data is acquired according to the requested process.
A6、根据A1-A5任一项所述的方法,其特征还在于,该方法还包括:A6. The method according to any one of A1-A5, further characterized in that the method further comprises:
接收来自浏览器客户端的游戏请求;Receive game requests from browser clients;
解析所述游戏请求,以确定所请求游戏的唯一标识,并基于所述唯一标识确定其存储路径;Parse the game request to determine the unique identifier of the requested game, and determine its storage path based on the unique identifier;
根据所述存储路径直接获取所述游戏数据的加密数据,或者根据所述存储路径获取所述游戏数据。The encrypted data of the game data is directly obtained according to the storage path, or the game data is obtained according to the storage path.
A7、根据A6所述的方法,所述唯一标识为与游戏对应的域名或者G-key值。A7. The method according to A6, wherein the unique identifier is a domain name or a G-key value corresponding to the game.
B8、一种游戏数据的安全解密方法,其特征在于,该方法包括:B8. A security decryption method for game data, characterized in that the method includes:
通过浏览器网页发送游戏运行请求;Send the game running request through the browser webpage;
从浏览器服务器接收加密游戏数据;receive encrypted game data from the browser server;
利用插件机制对所述加密游戏数据进行解密,该插件具有预定接口,与游戏数据的接口相对应;Decrypt the encrypted game data by using a plug-in mechanism, and the plug-in has a predetermined interface corresponding to the interface of the game data;
根据所述解密后的游戏数据生成网页以运行所述游戏。A web page is generated according to the decrypted game data to run the game.
B9、根据B8所述的方法,该方法在步骤:通过浏览器网页发送游戏运行请求,之后,还包括:B9. The method according to B8, the method includes the steps of: sending a game running request through a browser webpage, and then further comprising:
接收浏览器服务器返回的响应数据;Receive the response data returned by the browser server;
基于所述响应数据查找并打开该插件。Find and open the plugin based on the response data.
B10、根据B9所述的方法,如果没有查找到该插件,则基于所述响应数据去获取插件安装包,并进行所述插件的安装,所述打开该插件具体包括:利用所述响应数据对该插件进行初始化,并加载该插件。B10. According to the method described in B9, if the plug-in is not found, obtain a plug-in installation package based on the response data, and install the plug-in, and the opening the plug-in specifically includes: using the response data to pair The plugin is initialized and the plugin is loaded.
如果不需要,则直接加载所述解密后的游戏数据。If not required, directly load the decrypted game data.
B10、根据B8或B9所述的方法,其特征还在于,该插件配置有Gkey参数,所述Gkey参数用于被赋值游戏的唯一标识码。B10. The method according to B8 or B9, further characterized in that the plug-in is configured with a Gkey parameter, and the Gkey parameter is used to assign a unique identification code of the game.
C11、一种游戏数据的安全加密装置,其特征在于,该装置包括:C11. A security encryption device for game data, characterized in that the device includes:
获取模块,用于获取游戏数据;The acquisition module is used to acquire game data;
特征码值计算模块,用于计算所述游戏数据的特征码值;A feature code value calculation module for calculating the feature code value of the game data;
非对称运算模块,用于对所获取的特征码值进行非对称运算,生成游戏数据Asymmetric operation module, used to perform asymmetric operation on the acquired feature code value to generate game data
的加密数据;encrypted data;
第一发送模块,用于将所述游戏数据的加密数据发送至浏览器客户端。The first sending module is configured to send the encrypted data of the game data to the browser client.
C12、根据C11所述的装置,其特征还在于,所述特征码值计算模块为MD5值计算模块。C12. The device according to C11, further characterized in that the feature code value calculation module is an MD5 value calculation module.
C13、根据C11或C12所述的装置,其特征还在于,该装置还包括:C13. The device according to C11 or C12, further characterized in that the device further comprises:
预置模块,用于预先设置域名列表和白名单;The preset module is used to preset the domain name list and white list;
更新配置模块,用于在接入一款游戏时,赋予其域名和Gkey值,根据所赋予的域名、Gkey值对所述域名列表、白名单进行更新,并根据游戏数据的存储地址配置存储路径信息。The update configuration module is used to assign a domain name and Gkey value to a game when accessing it, update the domain name list and whitelist according to the assigned domain name and Gkey value, and configure the storage path according to the storage address of the game data information.
C14、根据C13所述的装置,其特征还在于,所述获取模块根据所配置的存储路径信息获取游戏数据。C14. The device according to C13, further characterized in that the acquiring module acquires game data according to the configured storage path information.
C15、根据C11-C14任一项所述的装置,其特征还在于,所述获取模块根据所请求的进程获取游戏数据。C15. The apparatus according to any one of C11 to C14, further characterized in that the acquisition module acquires game data according to the requested process.
C16、根据C11-C15任一项所述的装置,其特征还在于,该装置还包括:C16. The device according to any one of C11-C15, further characterized in that the device further comprises:
第一接收模块,用于接收来自浏览器客户端的游戏请求;The first receiving module is used to receive the game request from the browser client;
游戏请求解析模块,用于解析所述游戏请求,以确定所请求游戏的唯一标识,a game request parsing module for parsing the game request to determine the unique identifier of the requested game,
并基于所述唯一标识确定其存储路径;and determine its storage path based on the unique identifier;
所述获取模块根据所述存储路径直接获取所述游戏数据的加密数据,或者根The obtaining module directly obtains the encrypted data of the game data according to the storage path, or the root
据所述存储路径获取所述游戏数据。The game data is acquired according to the storage path.
C17、根据C16所述的装置,所述唯一标识为与游戏对应的域名或者G-key值。C17. The device according to C16, wherein the unique identifier is a domain name or a G-key value corresponding to the game.
D18、一种游戏数据的安全解密装置,其特征在于,该装置包括:D18. A security decryption device for game data, characterized in that the device includes:
第二发送模块,用于通过浏览器网页发送游戏运行请求;The second sending module is used to send the game running request through the browser webpage;
第二接收模块,用于从浏览器服务器接收加密游戏数据;a second receiving module, configured to receive encrypted game data from the browser server;
解密模块,用于利用插件机制对所述加密游戏数据进行解密,该插件具有预定接口,与游戏数据的接口相对应;a decryption module for decrypting the encrypted game data by using a plug-in mechanism, the plug-in having a predetermined interface corresponding to the interface of the game data;
处理模块,用于根据所述解密后的游戏数据生成网页以运行所述游戏。A processing module, configured to generate a web page according to the decrypted game data to run the game.
D19、根据D18所述的装置,其特征还在于,D19. The device according to D18, further characterized in that:
所述第二接收模块,还用于接收浏览器服务器返回的响应数据;The second receiving module is further configured to receive response data returned by the browser server;
所述处理模块,用于基于所述响应数据初始化插件并加载该插件,the processing module, configured to initialize a plug-in based on the response data and load the plug-in,
D20、根据D18或D19所述的装置,其特征还在于,该插件设置有Gkey参数,所述处理模块基于所述响应数据将游戏的唯一标识码赋予所述Gkey参数。D20. The device according to D18 or D19, further characterized in that the plug-in is provided with a Gkey parameter, and the processing module assigns the unique identification code of the game to the Gkey parameter based on the response data.
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610856558.9ACN106411880B (en) | 2016-09-27 | 2016-09-27 | A security encryption and decryption method and encryption and decryption device for game data |
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610856558.9ACN106411880B (en) | 2016-09-27 | 2016-09-27 | A security encryption and decryption method and encryption and decryption device for game data |
| Publication Number | Publication Date |
|---|---|
| CN106411880A CN106411880A (en) | 2017-02-15 |
| CN106411880Btrue CN106411880B (en) | 2019-11-19 |
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610856558.9AActiveCN106411880B (en) | 2016-09-27 | 2016-09-27 | A security encryption and decryption method and encryption and decryption device for game data |
| Country | Link |
|---|---|
| CN (1) | CN106411880B (en) |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107320959B (en)* | 2017-06-28 | 2020-10-23 | 网易(杭州)网络有限公司 | Game role identification information generation method, device, medium and electronic equipment |
| CN107590397A (en)* | 2017-09-19 | 2018-01-16 | 广州酷狗计算机科技有限公司 | A kind of method and apparatus for showing embedded webpage |
| CN108434727A (en)* | 2018-03-27 | 2018-08-24 | 北京知道创宇信息技术有限公司 | electronic card processing method and system |
| CN109589608A (en)* | 2018-12-19 | 2019-04-09 | 网易(杭州)网络有限公司 | The method and apparatus for protecting game data |
| CN115250194B (en)* | 2022-01-10 | 2023-07-18 | 重庆科创职业学院 | Computer network secure communication method based on big data terminal equipment |
| WO2024224288A1 (en)* | 2023-04-24 | 2024-10-31 | Six Impossible Things Before Breakfast Limited | Systems and methods for protecting game assets for online games |
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7515718B2 (en)* | 2000-12-07 | 2009-04-07 | Igt | Secured virtual network in a gaming environment |
| CN101370013A (en)* | 2008-07-10 | 2009-02-18 | 诸松涛 | Anti-cheater method for network game |
| US8768843B2 (en)* | 2009-01-15 | 2014-07-01 | Igt | EGM authentication mechanism using multiple key pairs at the BIOS with PKI |
| CN102647398B (en)* | 2011-02-16 | 2014-11-26 | 腾讯科技(深圳)有限公司 | Method and device for realizing game on basis of mobile terminal |
| CN102685109A (en)* | 2012-04-11 | 2012-09-19 | 佳都新太科技股份有限公司 | Game CP (content provider) access method under three network integration |
| CN103607402B (en)* | 2013-11-26 | 2016-11-23 | 广州博冠信息科技有限公司 | A kind of online game data encryption and decryption method and equipment |
| CN105450620B (en)* | 2014-09-30 | 2019-07-12 | 阿里巴巴集团控股有限公司 | A kind of information processing method and device |
| Publication number | Publication date |
|---|---|
| CN106411880A (en) | 2017-02-15 |
| Publication | Publication Date | Title |
|---|---|---|
| CN106411880B (en) | A security encryption and decryption method and encryption and decryption device for game data | |
| US10164993B2 (en) | Distributed split browser content inspection and analysis | |
| US10963570B2 (en) | Secure boot of remote servers | |
| US9262624B2 (en) | Device-tailored whitelists | |
| US11899819B2 (en) | Machine-driven crowd-disambiguation of data resources | |
| US8213924B2 (en) | Providing distributed online services for mobile devices | |
| US9294479B1 (en) | Client-side authentication | |
| US8700895B1 (en) | System and method for operating a computing device in a secure mode | |
| US9681304B2 (en) | Network and data security testing with mobile devices | |
| CN111163095B (en) | Network attack analysis method, network attack analysis device, computing device, and medium | |
| CN104580203A (en) | Website malicious program detection method and device | |
| WO2022140716A1 (en) | Authentication using device and user identity | |
| CN105631312A (en) | Method and system for processing rogue programs | |
| JP6914436B2 (en) | Systems and methods for authentication | |
| CN111163094A (en) | Network attack detection method, network attack detection device, electronic device, and medium | |
| CN104539585B (en) | Method, browser client and the device of the anti-injection of browser | |
| KR102032958B1 (en) | Apparatus, method and system for checking vulnerable point | |
| KR102718173B1 (en) | Check content and interactions within the webview | |
| AU2013237707A1 (en) | Prevention of forgery of web requests to a server | |
| Zavou et al. | Exploiting split browsers for efficiently protecting user data | |
| CN118861464A (en) | Method, related device and medium for loading web application content through native application | |
| CN105308623A (en) | Device and method for providing online service |
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right | Effective date of registration:20220715 Address after:Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before:100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before:BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before:Qizhi software (Beijing) Co.,Ltd. |