CN106204003B

CN106204003B - Method, device and system for safely transferring virtual resources

Info

Publication number: CN106204003B
Application number: CN201510213922.5A
Authority: CN
Inventors: 叶达
Original assignee: Advanced New Technologies Co Ltd
Current assignee: Advanced Nova Technology Singapore Holdings Ltd
Priority date: 2015-04-29
Filing date: 2015-04-29
Publication date: 2021-02-23
Anticipated expiration: 2035-04-29
Also published as: CN106204003A

Abstract

The invention discloses a method, a device and a system for safely transferring virtual resources. Wherein, the method comprises the following steps: after an account logs in a first terminal, initiating a request for transferring virtual resources; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account. The invention solves the technical problem of low security of the existing mobile payment mode.

Description

Method, device and system for safely transferring virtual resources

Technical Field

The invention relates to the field of electronic payment, in particular to a method, a device and a system for safely transferring virtual resources.

Background

At present, various mobile payment application software is available everywhere in life of people, for example, various payment software running on a mobile terminal, a user sets a payment password for a payment account of the user in the process of using the mobile terminal for payment, and when mobile payment is carried out, the user logs in the account and inputs the payment password to carry out payment.

It should be noted here that, in order to avoid the payment password being stolen by a lawbreaker, the user often sets the payment password very complicated, for example, sets some special characters difficult to input on the mobile device, such as @, $, _ and &, etc., to improve the security level of the payment password, but when the user inputs the payment password by himself, the number of bits set by the user is large, and the complicated password composed of the characters difficult to input also causes inconvenience to the input, on the other hand, if the mobile terminal device is lost or stolen, the gesture in the mobile terminal intrinsic payment software, such as the gesture password in the mobile wallet, is easy to be cracked, on the other hand, some sensitive information and password-free payment modes are retained in the mobile terminal device, such as the current situation that the fund is safe and controllable (less than the designated payment amount) allows the password-free payment, but, the password-free payment scheme has small potential safety hazards, for example, after a mobile phone is lost or stolen, a gesture password on mobile equipment is easy to crack, lawless persons can use the password-free payment to initiate short-frequency and fast-speed payment, and the potential safety hazards of user funds can be caused.

Aiming at the problem that the security of the existing mobile payment mode is low, an effective solution is not provided at present.

Disclosure of Invention

The embodiment of the invention provides a method, a device and a system for safely transferring virtual resources, which at least solve the technical problem of low safety of the conventional mobile payment mode.

According to an aspect of an embodiment of the present invention, a method for securely transferring a virtual resource is provided, including: after an account logs in a first terminal, initiating a request for transferring virtual resources; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account.

According to another aspect of the embodiments of the present invention, there is provided an apparatus for secure transfer of a virtual resource, the apparatus including: the first request unit is used for initiating a request for transferring the virtual resources after the account logs in the first terminal; a first obtaining unit, configured to obtain, according to a request, network environment information currently corresponding to an account, where the network environment information currently corresponding to the account includes: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; the first determining unit is used for determining whether the function of transferring the virtual resource is allowed to be executed or not by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account.

According to another aspect of the embodiments of the present invention, there is also provided a system for securely transferring a virtual resource, the system including: at least one network device; the system comprises a first terminal, a second terminal and a third terminal, wherein the first terminal selects any one network device to access the Internet, and is used for acquiring the current corresponding network environment information of an account after the account logs in the first terminal, and determining whether to allow execution of a function of transferring virtual resources by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account; the current network environment information corresponding to the account comprises: the device information of the terminal and/or the device information of the network device accessed by the terminal.

According to another aspect of the embodiments of the present invention, there is also provided a storage medium, where the storage medium includes a stored program, and when the program runs, a device in which the storage medium is located is controlled to execute one of the above-mentioned methods for securely transferring virtual resources.

According to another aspect of the embodiment of the present invention, there is further provided a processor, where the processor is configured to execute a program, where the program executes the secure transfer method for virtual resources in the foregoing.

In the embodiment of the invention, after logging in a first terminal through an account, a request for transferring virtual resources is initiated; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account, so that the technical effect of improving the safety of mobile payment is realized, and the technical problem that the safety of the existing mobile payment mode is low is solved.

Drawings

The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:

fig. 1 is a block diagram of a hardware structure of a mobile terminal according to a first embodiment of the present invention;

FIG. 2 is a flowchart of a method for secure transfer of virtual resources according to a first embodiment of the invention;

FIG. 3 is a flowchart of an alternative method for secure transfer of virtual resources, according to an embodiment of the invention;

FIG. 4 is a flowchart of an alternative method for secure transfer of virtual resources, according to an embodiment of the invention;

FIG. 5 is a schematic structural diagram of a secure virtual resource transfer apparatus according to a second embodiment of the present invention;

fig. 6 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 7 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 8 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 9 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 10 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 11 is a schematic structural diagram of an alternative apparatus for securely transferring virtual resources according to a second embodiment of the present invention;

fig. 12 is a schematic structural diagram of a system for securely transferring virtual resources according to a third embodiment of the present invention; and

fig. 13 is a block diagram of a mobile terminal according to an embodiment of the present invention.

Detailed Description

In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.

It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

The terms in this application are explained as follows:

MAC address: media Access Control Address, i.e., MAC Address, also referred to as adapter Address or adapter identifier. An identifier for indicating each site on the internet; has global uniqueness.

WiFi: the technology is a technology capable of connecting terminals such as personal computers and handheld devices with each other in a wireless manner, and is a high-frequency radio signal.

Example 1

There is also provided, in accordance with an embodiment of the present invention, an embodiment of a method for secure transfer of virtual resources, including the steps illustrated in the flowchart of the figure, which may be implemented in a computer system such as a set of computer-executable instructions, and although a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that presented herein.

The method provided by the first embodiment of the present application may be executed in a mobile terminal, or a similar computing device. Taking an example of the method running on a mobile terminal, fig. 1 is a block diagram of a hardware structure of the mobile terminal of the method for secure transfer of virtual resources according to the embodiment of the present invention. As shown in fig. 1, the mobile terminal 10 may include one or more (only one shown) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 104 for storing data, and a transmission module 106 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the electronic device. For example, the mobile terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.

The memory 104 may be configured to store software programs and modules of application software, such as program instructions/modules corresponding to the secure transfer method of virtual resources in the embodiment of the present invention, and the processor 102 executes various functional applications and data processing by running the software programs and modules stored in the memory 104, that is, implementing the above-mentioned vulnerability detection method of the application program. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some instances, the memory 104 may further include memory located remotely from the processor 102, which may be connected to the mobile terminal 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission module 106 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of the mobile terminal 10. In one example, the transmission device 106 includes a Network adapter (NIC) that can be connected to other Network devices through a base station to communicate with the internet. In one example, the transmission device 106 can be a Radio Frequency (RF) module, which is used to communicate with the internet in a wireless manner.

It should be noted here that the mobile terminal 10 described above in the present application may be the first terminal or the second terminal in the embodiment of the present application.

Under the above operating environment, the present application provides a secure transfer method of virtual resources as shown in fig. 2. Fig. 2 is a flowchart of a secure transfer method of a virtual resource according to a first embodiment of the present invention.

As shown in fig. 2, an alternative scheme includes the following implementation steps:

step S21, after the account logs in the first terminal, initiates a request for transferring the virtual resource.

In step S21, the first terminal may be installed with application software for requesting to transfer virtual resources, the account may log in the application software for transferring virtual resources in the first terminal, and initiate a request for transferring virtual resources through the application software, where the application software may be payment software running on the mobile terminal, such as software running on a mobile phone or a tablet computer, for example, software for paying treasures, WeChat payments, mobile phone internet banking, and the like, and the application software may be used to implement a transfer function of virtual resources, for example, when the virtual resources are virtual money, the application software completes functions of payment of virtual money, transfer of virtual money, and the like. The account can be a user pre-registered for a certain type of application software with a payment function, and the first terminal can be a mobile phone, a tablet computer, an intelligent wearable device and other terminal devices.

Here, the function of the application software is to transfer virtual resources, and the virtual resources may be virtual items that can be exchanged in the internet, such as game points.

For example, the user opens application software for transferring money, the application software runs on a mobile phone, namely the first terminal, and the user can input an account name and a password of the user on an interface of the application software to log in the account of the user. After the user successfully logs in the account successfully registered in advance in the login function provided by the application software, a request for transferring the virtual resource can be initiated through the application software, for example, the user transfers the virtual money in the current account to other accounts.

It should be noted here that the transferring in the above steps of the present application may include performing the following functions on the virtual resource: transferring accounts and paying.

Step S23, acquiring the current network environment information corresponding to the account according to the request, where the current network environment information corresponding to the account includes: the device information of the first terminal and/or the device information of the first network device accessed by the first terminal, wherein the first network device is any one of the network device group.

In step S23, the network environment information corresponding to the account currently logged in by the user may be obtained according to the transfer requirement of the user. In an optional embodiment, the network environment information corresponding to the account currently logged in by the user may be device information of a first terminal used by the current account, where the first terminal may be a terminal device operated by the application software; in another optional embodiment, the network environment information may also be information of a network device to which the first terminal used by the current account is connected, such as information of a wifi device; in a preferred embodiment, the network environment information may be a combination of device information of the first terminal and device information of a network device to which the first terminal is connected.

For example, taking a user to open application software by using a mobile phone terminal and connect to the internet through wifi equipment as an example, the foregoing steps of the present application may be implemented, after the user logs in a pre-registered account through the application software, network environment information corresponding to the account may be obtained, where the network environment information may include device information of the mobile phone terminal or information of the wifi equipment connected to the mobile phone terminal, and may also be a combination of the device information of the mobile phone terminal and information of the wifi equipment.

It should be noted here that, a user may log in any terminal using the above account, the terminal may access any network device, and information of the terminal operated by the application software currently logged in by the user using the account and the network device accessed by the terminal is the network environment information in the present scheme.

Step S24, determining whether to allow the function of transferring virtual resources to be executed by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account. Preferably, the function of transferring the virtual resource may be performed by application software.

In the above step S24, after the network environment information corresponding to the account is obtained, the network environment information may be matched with the network environment information that is pre-bound before the account, and whether the application software is allowed to execute the function of transferring the virtual resource may be determined according to the matching result.

Still take the example that the user opens the application software by using the mobile phone terminal and connects to the internet through the wifi device, the example provided by the above scheme of the application can be realized, after the device information of the mobile terminal used by the current account and/or the information of the wifi device accessed by the mobile terminal is obtained, the network environment information can be matched with the network environment information pre-bound to the account, and whether to transfer the account is determined according to the matching result. Here, it is possible to realize: when a user logs in application software in different terminal equipment for multiple times through the same account, the method can acquire the equipment information of the terminal equipment currently used by the user to be matched with the equipment information of the terminal equipment pre-bound with the account in advance, and determine whether to transfer the account according to the matching result, or when the user logs in through the same account through the same terminal but the same terminal is connected with different network equipment for multiple times, the method can acquire the equipment information of the network equipment currently used by the user to be matched with the equipment information of the network equipment pre-bound with the account in advance, and determine whether to transfer the account according to the matching result.

For another example, the account of the user is admin, the user starts application software running on a mobile phone A at the moment, the mobile phone A is connected with the internet by accessing wifi equipment B, the user successfully logs in the account admin through a main interface of the application software, and then when the user initiates a payment request through the application software, namely the account admin transfers money to the outside from the account admin, the scheme provided by the application can match the current corresponding equipment information of the mobile phone A and/or the wifi equipment B of the user account admin with information pre-bound with the account admin in advance by acquiring the current corresponding equipment information of the mobile phone A and/or the wifi equipment B of the user account admin, and determine whether to allow the transfer money according to a. If the user starts the application software running on the C mobile phone next time, the C mobile phone is connected with the Internet through accessing the wifi device D, the user successfully logs in the account admin through the main interface of the application software, when the user initiates a payment request through the application software, namely the account admin transfers outwards, the scheme can match the device information of the C mobile phone and/or the wifi device D currently corresponding to the user account admin with the information pre-bound with the account admin in advance, and whether the transfer is allowed or not is determined according to the matching result.

As can be seen from the above, in the solution provided in the first embodiment of the present application, no matter where a user connects to the internet and uses any terminal to log in the account in the application software, each time the user initiates a transfer request through the application software, the solution always obtains the device information of the terminal currently used by the user and/or the information of the network device connected to the terminal, matches the information with the network environment information pre-bound to the user account, and determines whether to allow transfer of virtual resources according to the matching result, and when a terminal device such as a mobile phone is lost, the transfer cannot be performed if the scene of logging in the account does not match the pre-bound environment information. Through the scheme, the safety of mobile payment is improved, and the technical problem that the safety of the existing mobile payment mode is low is solved.

In an optional embodiment provided by the present application, before the account logs in the first terminal in step S21 in the foregoing embodiment, the method may further include:

and step S17, the second terminal accesses the Internet through the second network equipment.

In an optional embodiment, in step S17, the second terminal may also install application software for requesting to transfer the virtual resource, and after the application software for transferring the virtual resource on the second terminal is started, the second terminal may access the internet through a second network device, where the second network device is any network device in the network device group.

In step S17, the second terminal may be the first terminal, or may be any terminal device other than the first terminal, and the network device may be the first network device or any network device other than the first network device.

Step S18, after the account logs in the second terminal, pre-binding the account with the device information of the second terminal and/or the second network device accessed by the second terminal, and acquiring the pre-bound network environment information of the account, where the first terminal and the second terminal are the same or different terminal devices, and the first network device and the second network device are the same or different network devices.

In the above step S18, the account may log in application software installed in the second terminal, the application software being used for transferring the virtual resource, wherein the account is bound to obtain the network environment information of the account by using the logged-in application software.

In an optional scheme, after the user account uses the second terminal to log in the application software for the first time, the scheme may pre-bind the user account with the second terminal and/or the second network device.

It should be noted here that after using the account login application software, whether to pre-bind the account with the second terminal and/or the second network device may be selected. For example, in the process of using the second terminal, after the application software for transferring the virtual resource is installed and started at the second terminal and the application software is logged in by using the account, the network environment pre-binding function may be started, for example, the current second terminal and/or the second network device accessed by the second terminal are selected in the device information interface for pre-binding, and after the pre-binding is successful, the second terminal records the association relationship between the account and the pre-bound network environment information.

In an optional embodiment provided by the present application, after acquiring the network environment information pre-bound to the account in step S18 in the foregoing embodiment, the present solution may further implement the following steps:

and step S19, the second terminal sets a plurality of transfer modes corresponding to the account.

In step S19, the user may set a plurality of transfer manners of the transfer through the second terminal, for example, after the pre-binding is successful, the system may provide a selection function of the plurality of transfer manners through a transfer manner setting interface, the plurality of transfer manners may be displayed on the setting interface in a form of a list, and after the user selects and stores any one transfer manner in the list, the transfer manner corresponding to the account is successfully set. The selection mode and the display mode of the multiple transfer modes can be replaced according to requirements.

And step S20, the second terminal stores the account, the multiple transfer modes corresponding to the account and the network environment information pre-bound with the account to the second terminal local and sends the information to the server for storage.

In step S20, after the user sets multiple transfer modes, the present solution may store the account, the transfer mode corresponding to the account, and the network environment information to the second terminal and send the account, the transfer mode corresponding to the account, and the network environment information to the cloud server.

In an optional embodiment provided by the present application, in the case that it is determined in step S24 that the application software is allowed to execute the function of transferring the virtual resource, before the application software executes the function of transferring the virtual resource, the present solution may further execute the following implementation steps:

and step S25, reading the transfer quantity of the virtual resources and acquiring a plurality of transfer modes corresponding to the account.

In step S25, the transfer amount of the virtual resource input by the user through the application software interface may be read, and the plurality of transfer manners corresponding to the account may be obtained from the server.

In an optional embodiment, if the first terminal and the second terminal are the same terminal, the multiple transfer modes corresponding to the account are directly obtained locally.

In another optional embodiment, if the first terminal and the second terminal are not the same terminal, at this time, when the first terminal is used to log in the application software in the account, the transfer mode corresponding to the account cannot be queried locally, and therefore, the server needs to be accessed to obtain the corresponding transfer mode.

It should be noted here that in the implementation process of the foregoing steps in the present application, after the account logs in the application software, the transfer mode may also be directly obtained by accessing the server, and the terminal does not perform local query any more.

Step S26, determining one transfer mode from a plurality of preset transfer modes according to the transfer quantity of the virtual resources, and transferring the virtual resources.

In step S26 of the present application, the transition method corresponding to the transition number may be obtained according to the transition number, that is, the transition method corresponding to the transition number may be obtained according to the transition number input by the user, and the transition method may be: the transfer amount in the first numerical range requires the user to input a complete password, the transfer amount in the second numerical range requires the user to input a partial password, and the transfer amount in the third numerical range can be transferred without requiring the user to input a password.

It should be noted here that, the user may set the account payment mode in advance, and in this scheme, the payment mode corresponding to the account may be uploaded to the server in advance, and when the user actually performs payment, the corresponding multiple transfer modes are obtained from the server according to the account, and the specific transfer mode is determined according to the specific amount actually input by the user.

In an optional embodiment provided by the present application, in the step S26, determining one transfer manner from a plurality of preset transfer manners according to the transfer number of the virtual resource, where the step of transferring the virtual resource may include the following steps:

step S261, in a case that the transfer amount of the virtual resource is less than or equal to the first threshold, transferring the virtual resource in a password-free transfer manner.

Step S262, when the transfer number of the virtual resources is greater than the first threshold and less than or equal to the second threshold, the virtual resources are transferred by using the short password.

Step S263, in the case that the transfer amount of the virtual resource is greater than the second threshold, the virtual resource is transferred by using the complete password.

In the above steps S261 to S263, the present solution may determine the transfer mode according to the transfer amount input by the user, for example, when the payment amount is less than 200, the payment can be completed without inputting a password; or when the payment amount is 200,500, setting a simplified password, such as 1234, abcd and the like; or when the payment amount is more than 500, a complete payment password, such as a complex password, needs to be input: YouAreRich! @ 123.

It should be noted that, the manner rule for transferring the resource in step S261 to step S263 can be set by the user in advance and stored in the server and the local mobile terminal.

In an optional embodiment provided by the present application, the step of executing, by the application software in step S24, the function of transferring the virtual resource may include the following scheme:

step S241, receiving the transfer password of the account.

Step S242, sending the network environment information corresponding to the account, the transfer amount of the virtual resource, a transfer mode determined by the transfer amount, and the transfer password to the server.

Step S243, receiving a verification result of the server, where the verification result includes: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to a determined transfer mode; otherwise, the transfer of the virtual resources fails.

In the above steps S241 to S243, the server may match the network environment information currently corresponding to the user with the network environment information pre-bound to the account, and verify the transfer password input by the user, that is, determine whether the transfer password input by the user is the same as the preset password in the server, and when the network environment information currently corresponding to the user is matched with the pre-bound information and the password input by the user is the same as the preset password, transfer the virtual resource according to the transfer mode determined in step S26.

In an optional embodiment, the server may verify the payment request parameter, if the verification is passed, execute a normal payment processing flow, and return a payment result to the client, i.e., the first terminal; if the verification fails, the quick payment password is input again to the return client, if the 3 times of retry are all failures, the quick payment scene is frozen, payment can be carried out only by using the complete password, and the quick payment password is reset.

Preferably, in the steps implemented in the foregoing embodiments of the present application, the device information includes any one or more of the following information: MAC address, unique identification of the device and random code.

For example, in the present solution, the second mobile terminal device may be connected to a secure and trusted WiFi network (a WiFi password is required to be input in a general situation, so as to improve security), and the user may start a payment APP on the mobile device, such as a mobile wallet of a mobile payment device, a wallet of a WeChat, and then enter a main interface of the APP, so as to implement common software in Android and iOS in the technology (but not limited to the two types). When a user selects to pre-bind a certain trusted WiFi network, the APP automatically acquires the mac address of the mobile equipment and simultaneously acquires the mac address of a second network equipment, namely a WiFi router.

1. The method for acquiring the MAC address of the WiFi equipment of the mobile equipment comprises the following steps (Android version):

String wserviceName＝Context.WIFI_SERVICE

WifiManager wm＝(WifiManager)getSystemService(wserviceName)

WifiInfo info＝wm.getConnect ionInfo()

String selfMac＝info.getMacAddress

2. the method for acquiring the MAC address of the WiFi wireless router equipment comprises the following steps (Android version):

List<ScanResult>wifiList＝wifiManager.getScanResults()

ScanResult result＝wifiList.get(0)

String bss id＝result.BSSID

in an optional embodiment provided by the present application, in a case that the network environment information currently corresponding to the account is device information of the first terminal, and the network environment information pre-bound to the account is device information of the second terminal, the step S24 may include the following steps of determining whether to allow execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account:

in step S244, it is determined whether the device information of the first terminal is the same as the device information of the second terminal.

In step S245, if the device information of the first terminal is the same as the device information of the second terminal, the application software is allowed to execute the function of transferring the virtual resource.

In step S246, if the device information of the first terminal is different from the device information of the second terminal, the application software is stopped from executing the function of transferring the virtual resource.

In the above steps S244 to S246, if the network environment information currently corresponding to the account is only the device information of the first terminal, and the network environment information pre-bound to the account is only the device information of the second terminal, the present solution determines whether to execute the payment function by determining whether only the device information of the first terminal is the same as the device information of the second terminal, and if the device information of the first terminal is the same as the device information of the second terminal, the payment is allowed, and if the device information of the first terminal is not the same as the device information of the second terminal, the payment is suspended.

For example, the account of the user is admin, the user starts the application software running on the mobile phone a for the first time, and the user successfully logs in the account admin through the main interface of the application software, so that the mac address of the mobile phone a and the account admin are bound in advance by the scheme. Here, the a handset is the second terminal.

The user starts the application software running on the C mobile phone for the second time, the user successfully logs in the account admin through the main interface of the application software, then the mac address of the C mobile phone is matched with the mac address of the A mobile phone, payment is allowed under the condition that the mac addresses of the A mobile phone and the C mobile phone are the same, and payment is stopped under different conditions. Here, the C handset is the first terminal.

In an optional embodiment provided by the present application, in a case that the network environment information currently corresponding to the account is device information of the first network device, and the network environment information pre-bound to the account is device information of the second network device, the step S24 determines whether to allow execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account, where the step may include the following steps:

step S247, determine whether the device information of the first network device is the same as the device information of the second network device.

In step S248, if the device information of the first network device is the same as the device information of the second network device, the application software is allowed to execute the function of transferring the virtual resource.

Step S249, in a case that the device information of the first network device is different from the device information of the second network device, the application software is suspended from executing the function of transferring the virtual resource.

In the above steps S247 to S249, if the network environment information currently corresponding to the account is only the device information of the first network device, and the network environment information pre-bound to the account is only the device information of the second network device, the present solution determines whether to execute the payment function by determining whether only the device information of the first network device is the same as the device information of the second network device, and allows the payment if the device information of the first network device is the same as the device information of the second network device, and suspends the payment if the device information of the first network device is not the same as the device information of the second network device.

For example, the account of the user is admin, the user starts application software running on the mobile phone for the first time, the user successfully logs in the account admin through a main interface of the application software, and the mobile phone is used for being connected with the internet through the wifi device B, so that the mac address of the wifi device B and the account admin are bound in advance. Here, it should be noted that the wifi device B is the second network device.

The user has started the application software of operation at the cell-phone for the second time, and the user has successfully logged in account admin through this application software's main interface to use the cell-phone to pass through wifi device D and connect the internet, then this scheme will match, under the condition that wifi device D's mac address is the same with wifi device B's mac address, allow payment, under different circumstances, suspend payment. It should be noted here that the wifi device D is a first network device.

In an optional embodiment provided by the present application, in a case that the network environment information currently corresponding to the account is device information of the first terminal and the first network device, and the network environment information pre-bound to the account is device information of the second terminal and the second network device, the step S24 determines whether to allow execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account includes:

step S2400, determines whether the device information of the first terminal is the same as the device information of the second terminal, and the device information of the first network device is the same as the device information of the second network device.

Step S2410, if the device information of the first terminal is the same as the device information of the second terminal and the device information of the first network device and the second network device are also the same, allowing the application software to execute the function of transferring the virtual resource.

Step S2420, if the device information of the first terminal is different from the device information of the second terminal, and/or the device information of the first network device is different from the device information of the second network device, the application software is suspended from executing the function of transferring the virtual resource.

In the above steps S2400 to S2420, if the network environment information currently corresponding to the account is the device information of the first terminal and the first network device, and the network environment information pre-bound to the user account is the device information of the second terminal and the second network device, in this scheme, the transfer is allowed only when the conditions that the device information of the first terminal is the same as that of the second terminal and the device information of the first network device is the same as that of the second network device are simultaneously met.

For example, the account of the user is admin, the user starts application software running on the mobile phone A for the first time, the user successfully logs in the account admin through a main interface of the application software, and the mobile phone is connected with the internet through the wifi device B, so that the mac address of the wifi device B and the mac address of the mobile phone A are pre-bound with the account admin. It should be noted that the wifi device B is the second network device, and the handset a is the second terminal.

The user starts the application software running on the mobile phone C for the second time, the user successfully logs in the account admin through the main interface of the application software, and the mobile phone C is connected with the Internet through the wifi device D, so that the scheme is matched, payment is allowed under the condition that the mac address of the wifi device D is the same as that of the wifi device B and the mac address of the mobile phone A is the same as that of the mobile phone C, and payment is stopped under different conditions. It should be noted that the wifi device D is a first network device, and the mobile phone C is a first terminal.

In summary, the terminal in the first embodiment provided by the application may be a mobile terminal, the application software for transferring the virtual resource may be a pay bank client, and the virtual resource may be virtual currency. The following describes in detail the functions implemented by the application scenario of the solution of the present application applied to the aforementioned paypal client, with reference to fig. 3 and 4.

As shown in fig. 3, after the mobile terminal accesses the internet through a network device (e.g., wifi device), the user starts a payroll client with the mobile terminal and logs in the payroll account using the registered account. At this time, the function of pre-binding between the current account and the network environment in the pre-bound wifi environment can be selected to be completed, the payment scene of the account is set, and the function of pre-binding the account and the corresponding network environment is described in detail below:

step S3010, the mobile device connects to a secure and trusted WiFi network (WiFi passwords need to be input to improve security in general), starts a payment APP on the mobile device, such as a mobile wallet of a mobile payment device, a wechat wallet, and the like, and enters a main interface with Android and iOS (but not limited to the two) common technologies.

Step S3020, selecting to bind the trusted WiFi network in advance, and enabling the APP to automatically acquire the MAC address of the WiFi device of the mobile device and simultaneously acquire the MAC address of the WiFi router, and then entering a setting interface of a fast payment custom scene.

Step S3030, a plurality of fast payment scenarios may be set in a loop according to the preference of the user for each trusted WiFi network (the unique identifier is formed by MAC address pairs of the mobile device and the WiFi router), for example: when the payment amount is less than 200, the payment can be finished without inputting a password; or when the payment amount is 200,500, setting a simplified password, such as 1234, abcd and the like; or when the payment amount is more than 500, a complete payment password, such as a complex password, needs to be input: YouAreRich! @ 123.

Step S3040, it is determined whether to continue setting the quick payment scenario, and if yes, step S3030 is executed, and if no, step S3050 is executed.

Step S3050, after the quick payment setting is completed, the mobile payment APP encrypts the configuration information, stores the encrypted configuration information in the client, and sends the encrypted configuration information to the server to store the encrypted configuration information in a database (but not limited to the database). And finishing the pre-binding of the trusted network environment and the payment account and the configuration of the quick payment scene. (configuration information format is in the form of K-V, where K is the MAC pair of the trusted network and V is the configuration list of the quick payment scenario, but not limited to this way)

As shown in fig. 4, after the mobile terminal accesses the internet through a network device (e.g., wifi device), the user starts a payroll client with the mobile terminal and logs in the payroll account using the registered account. At this moment, the function of pre-binding between the current account and the network environment can be completed in the pre-bound wifi environment, the payment scene of the account is set, after the payment scene is set, quick payment can be performed, and the following detailed description is performed on the function of the quick payment:

the user's payment process may be as follows:

and step S4010, opening WiFi connection of the mobile equipment, connecting to a credible WiFi network after a WiFi password is input, and starting the mobile payment APP.

Step S4020, initiating a payment request by using the mobile payment APP, where it should be noted that when initiating the payment request, the program verifies whether the current network environment is trusted, and determines whether the current network environment is pre-bound to the current payment account by using the pre-binding information stored locally.

Step S4030, matching the most rapid payment scene bound in advance according to the amount information of the current payment, if the matching is successful, jumping to a corresponding request input interface, namely entering steps S4040, S4050 and S4060 in FIG. 4, and when the password-free payment scene is distinguished, directly initiating a payment request; when the simplified password payment scene is carried out, skipping a simplified password input interface; and when the complete password payment scene is matched, skipping to the complete password input interface. And according to the matched quick payment scene, after a corresponding quick payment password is input in a corresponding interface, sending the trusted network environment parameter (the MAC address pair of the WiFi), the matched quick payment scene and the corresponding password to the server.

Step S4070, the server side verifies the payment request parameters, if the verification is passed, the normal payment processing flow is executed, and the payment result is returned to the client side; if the verification fails, the quick payment password is input again to the return client, if the 3 times of retry are all failures, the quick payment scene is frozen, payment can be carried out only by using the complete password, and the quick payment password is reset.

It should be noted here that the server application may provide management of the pre-bound trusted network environment at the same time, and may open, close, unfreeze, and delete the pre-bound trusted WiFi network environment configuration information; the client can only bind and close the credible WiFi network and the corresponding quick payment scene in advance.

In an optional embodiment, in the scheme of the application, after the MAC address of each device (mainly, a mobile terminal device and a WiFi router) in a WiFi network is pre-bound with a payment account, a security check rule of mobile payment in each scene is set according to self needs. For example: after the mobile phone is networked through a WiFi network in a home, MAC address pairs of the mobile phone and a family WiFi router are pre-bound with a current mobile payment account through an MAC address pair pre-binding function provided by a mobile payment APP (such as a Payment mobile phone wallet, a WeChat wallet, a mobile phone internet bank and the like), and a simplified payment password is set, such as the last four digits of a real password or self-set four digits; and setting a payment rule without a password, wherein when the payment rule is less than 200 yuan, the payment password does not need to be input. After the operation is completed, the mobile payment APP sends the relevant information to the server side for encrypted storage. When the user carries out mobile payment in the home network environment (mobile phone + WiFi router), the real payment can be finished by using the simplified password or no password, and the user does not need to input a long and complex password any more, so that the safety, convenience and user operation experience of the mobile payment are improved.

In summary, the present application achieves the following effects:

after the mobile equipment is connected to a network through WiFi, the globally unique MAC addresses of the mobile equipment (a smart phone, a mobile Pad and the like) and a wireless router are obtained through the APP, and pre-binding with payment account numbers is completed (one payment account number can pre-bind a plurality of MAC address pairs, namely a plurality of trusted network environments, so that the applicability of the scheme is improved), so that the safety under various mobile payment scenes is improved; meanwhile, the convenience of mobile payment under a safe and controllable scene can be improved (no password or simplified password is required to be input); the user experience under the mobile payment scene is improved, and simultaneously, the processing of the user-defined quick payment scene is added under the dual authorization of the WiFi password and the APP login password, so that the safety of mobile payment is greatly improved and the fund safety is ensured when the processing is quick and convenient. The method and the device provide the user with safe and quick mobile payment under a relatively safe and trusted network environment based on the MAC address pair. The user can bind the relatively safe and credible network environment information with the payment account, and can provide the maximum safe and quick mobile payment experience under the network environment after customizing the password-free and password payment scene according to the actual requirements of the user. One payment account can be bound with a plurality of safe and credible wireless network environments, and meanwhile, various quick payment scenes can be defined by self aiming at each safe network environment; the quick payment can be closed in both directions at the server side and the client side, and the fund safety in an emergency period is ensured.

It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are preferred embodiments and that the acts and modules referred to are not necessarily required by the invention.

Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.

Example 2

In another optional embodiment provided by the present invention, a method for securely transferring a virtual resource is further provided, and this embodiment of the method may also be executed in the mobile terminal, or a similar computing device shown in fig. 1. Taking an example of the method running on a mobile terminal, fig. 1 is a block diagram of a hardware structure of the mobile terminal of the method for secure transfer of virtual resources according to the embodiment of the present invention. As shown in fig. 1, the mobile terminal 10 may include one or more (only one shown) processors 102 (the processor 102 may include, but is not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), a memory 104 for storing data, and a transmission module 106 for communication functions. It will be understood by those skilled in the art that the structure shown in fig. 1 is only an illustration and is not intended to limit the structure of the electronic device. For example, the mobile terminal 10 may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1. The method may comprise the steps of:

step S100, a first terminal accesses the internet through a first network device, where the first network device is any one of network devices in a network device group.

Step S200, after the first terminal starts the application software for transferring the virtual resource, the account of the current login application software is pre-bound with the network environment information, and the network environment information comprises: device information of the first network device and/or the first terminal.

It should be noted here that the above steps S100 and S200 may implement a scheme for binding the account with the network environment information on the first terminal, which is the same as the implementation scheme of the steps S17 and S18 in the first embodiment.

Step S300, after the account logs in the application software again, whether the function of transferring the virtual resources is allowed to be executed is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account.

In an optional embodiment, in step S300 of the present application, after the account logs in application software installed on any one of the mobile terminals, it may be determined whether the current account performs the function of transferring the virtual resource by verifying that the network environment information of the current mobile terminal matches the network environment information to which the account has been bound (the network environment information bound by step S100 and step S200).

In an optional embodiment provided by the present application, before performing step S300, and determining whether to allow the function of transferring the virtual resource to be executed, the present solution may further include:

in step S240, the account logs in the application software for transferring the virtual resource again, wherein the application software is installed on the second terminal.

Step S260, a request for transferring the virtual resource is initiated by the application software.

Step S280, acquiring the current network environment information corresponding to the account according to the request, wherein the current network environment information corresponding to the account includes: and the device information of the second terminal and/or the device information of a second network device accessed by the second terminal, wherein the second network device is any one network device in the network device group.

As can be seen from the above, in the solution provided in the second embodiment of the present application, no matter where the user connects to the internet and uses any terminal to log in the account in the application software, each time the user initiates a transfer request through the application software, the solution always obtains the device information of the terminal currently used by the user and/or the information of the network device connected to the terminal, matches the information with the network environment information pre-bound to the user account, and determines whether to allow transfer of virtual resources according to the matching result, and when the terminal device such as a mobile phone is lost, the transfer cannot be performed if the scene of logging in the account does not match the pre-bound environment information. Through the scheme, the safety of mobile payment is improved, and the technical problem that the safety of the existing mobile payment mode is low is solved.

It should be noted here that the preferred or alternative embodiment in the second embodiment described above in the present application may be the same as the preferred or alternative embodiment provided in the first embodiment, but is not limited to the solution provided in the first embodiment.

Example 3

According to an embodiment of the present invention, an embodiment of an apparatus for implementing the method of the first embodiment is also provided, and the apparatus provided in the above embodiment of the present application may be run on a computer terminal.

Fig. 5 is a schematic structural diagram of a virtual resource secure transfer apparatus according to a third embodiment of the present method. As shown in fig. 5, the apparatus includes: a first requesting unit 52, a first obtaining unit 54, and a first determining unit 56.

The first requesting unit 52 is configured to initiate a request for transferring virtual resources after an account logs in a first terminal; a first obtaining unit 54, configured to obtain, according to the request, network environment information currently corresponding to the account, where the network environment information currently corresponding to the account includes: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; a first determining unit 56, configured to determine whether to allow execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account.

It should be noted here that the first requesting unit 52, the first obtaining unit 54, and the first determining unit 56 correspond to steps S21 to S24 in the first embodiment, and the three units are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in the first embodiment. It should be noted that the above modules may be implemented in the mobile terminal 10 provided in the first embodiment as a part of the apparatus.

As can be seen from the above, in the scheme provided in the third embodiment of the present application, no matter where a user connects to the internet and uses any terminal to log in the account in the application software, each time the user initiates a transfer request through the application software, the scheme always obtains the device information of the terminal currently used by the user and/or the information of the network device connected to the terminal, matches the information with the network environment information pre-bound to the user account, and determines whether to allow transfer of virtual resources according to the matching result, and if the terminal device such as a mobile phone is lost, the transfer cannot be performed if the scene of logging in the account does not match the pre-bound environment information. Through the scheme, the safety of mobile payment is improved, and the technical problem that the safety of the existing mobile payment mode is low is solved.

Preferably, as shown in fig. 6, in the above embodiment of the present application, before executing the first requesting unit 52, the apparatus may further include: a first access unit 60, a first binding unit 62.

A first access unit 60, configured to enable a second terminal to access the internet through a second network device; the first binding unit 62 is configured to bind the account with the device information of the second terminal and/or a second network device accessed by the second terminal after the account logs in the second terminal, and acquire network environment information pre-bound to the account; the first terminal and the second terminal are the same or different terminal devices, and the first network device and the second network device are the same or different network devices.

It should be noted that, the first access unit 60 and the first binding unit 62 correspond to steps S17 to S18 in the first embodiment, and the two units are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, as shown in fig. 7, in the above embodiment of the present application, after executing the first binding unit 62, the apparatus may further include: setting unit 70, and storage unit 72.

The setting unit 70 is configured to set a plurality of transfer modes corresponding to the account; the saving unit 72 is configured to save the account, the multiple transfer modes corresponding to the account, and the network environment information pre-bound to the account to the second terminal, and send the information to the server for saving.

It should be noted here that the setting unit 70 and the saving unit 72 correspond to steps S19 to S20 in the first embodiment, and the two units are the same as the example and the application scenarios realized by the corresponding steps, but are not limited to the disclosure of the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, as shown in fig. 8, in the above embodiment of the present application, before executing the first determining unit 56, the apparatus may further include: a reading unit 80, a second determining unit 82.

The reading unit 80 is configured to read the transfer quantity of the virtual resource, and obtain multiple transfer modes corresponding to the account; a second determining unit 82, configured to determine one transfer manner from multiple preset transfer manners according to the transfer number of the virtual resources, so as to transfer the virtual resources.

It should be noted here that the reading unit 80 and the second determining unit 82 correspond to steps S25 to S26 in the first embodiment, and the two units are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, as shown in fig. 9, in the above-described embodiment of the present application, the second determining unit 82 includes: a first transfer module 90, a second transfer module 92, and a third transfer module 94.

The first transfer module 90 is configured to transfer the virtual resource in a password-free transfer manner when the transfer number of the virtual resource is less than or equal to a first threshold; a second transfer module 92, configured to transfer the virtual resource in a short password transfer manner when the transfer number of the virtual resource is greater than the first threshold and is less than or equal to a second threshold; and a third transferring module 94, configured to transfer the virtual resource in a complete password transfer manner when the transfer number of the virtual resource is greater than the second threshold.

It should be noted that the first transfer module 90, the second transfer module 92, and the third transfer module 94 correspond to steps S261 to S263 in the first embodiment, and the three modules are the same as the corresponding steps in the implementation example and application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, in the above-described embodiment of the present application, the first determining unit 56 includes: a receiving module 1010, a sending module 1012, and a second receiving module 1014.

The receiving module 1010 is configured to receive a transfer password of an account; a sending module 1012, configured to send the network environment information corresponding to the account currently, the transfer amount of the virtual resource, and a transfer manner and a transfer password determined by the transfer amount to the server; a second receiving module 1014, configured to receive a verification result of the server, where the verification result includes: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to a determined transfer mode; otherwise, the transfer of the virtual resources fails.

It should be noted here that the receiving module 1010, the sending module 1012, and the second receiving module 1014 correspond to steps S241 to S243 in the first embodiment, and the three modules are the same as the corresponding steps in the implementation example and application scenarios, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, the device information may include any one or more of the following information: MAC address, unique identification of the device and random code.

Preferably, in the case that the network environment information currently corresponding to the account is device information of the first terminal, and the network environment information pre-bound to the account is device information of the second terminal, the first determining unit 56 may further include: a first determining module 1100, a first processing module 1120, and a second processing module 1130.

The first determining module 1100 is configured to determine whether the device information of the first terminal is the same as the device information of the second terminal; a first processing module 1120, configured to allow the application software to execute a function of transferring the virtual resource if the device information of the first terminal is the same as the device information of the second terminal; the second processing module 1130 is configured to suspend the application software from executing the function of transferring the virtual resource if the device information of the first terminal is different from the device information of the second terminal.

It should be noted that the first determining module 1100, the first processing module 1120 and the second processing module 1130 described above correspond to steps S244 to S246 in the first embodiment, and the three modules are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, in the case that the network environment information currently corresponding to the account is device information of the first network device, and the network environment information pre-bound to the account is device information of the second network device, the first determining unit 56 may further include: a second determining module 1200, a third processing module 1220 and a fourth processing module 1230.

The second determining module 1200 is configured to determine whether the device information of the first network device is the same as the device information of the second network device; a third processing module 1220, configured to allow the application software to execute the function of transferring the virtual resource if the device information of the first network device is the same as the device information of the second network device; the fourth processing module 1230 is configured to suspend the application software from executing the function of transferring the virtual resource if the device information of the first network device is different from the device information of the second network device.

It should be noted that the second determining module 1200, the third processing module 1220 and the fourth processing module 1230 described above correspond to steps S247 to S249 in the first embodiment, and the implementation and application scenarios of the three modules and the corresponding steps are the same, but are not limited to the disclosure of the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, in the case that the network environment information currently corresponding to the account is device information of the first terminal and the first network device, and the network environment information pre-bound to the account is device information of the second terminal and the second network device, the first determining unit 56 may further include: a third determining module 1300, a fifth processing module 1320, and a sixth processing module 1330.

The third determining module 1300 is configured to determine whether the device information of the first terminal is the same as the device information of the second terminal, and whether the device information of the first network device is the same as the device information of the second network device; a fifth processing module 1320, configured to allow the application software to execute the function of transferring the virtual resource if the device information of the first terminal is the same as the device information of the second terminal and the device information of the first network device is the same as the device information of the second network device; a sixth processing module 1330, configured to suspend the application software from executing the function of transferring the virtual resource if the device information of the first terminal is different from the device information of the second terminal, and/or the device information of the first network device is different from the device information of the second network device.

It should be noted here that the third determining module 1300, the fifth processing module 1320, and the sixth processing module 1330 correspond to steps S2400 to S2420 in the first embodiment, and the three modules are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Example 4

Fig. 10 is a schematic structural diagram of a virtual resource secure transfer apparatus according to a third embodiment of the present method. As shown in fig. 10, the apparatus includes: a second access unit 1400, a second binding unit 1410, and a third determination unit 1420.

The second access unit 1400 is configured to enable the first terminal to access the internet through a first network device, where the first network device is any one of network devices in a network device group; a second binding unit 1410, configured to, after the first terminal starts application software for transferring virtual resources, pre-bind an account of the currently logged-in application software with network environment information, where the network environment information includes: device information of the first network device and/or the first terminal; a third determining unit 1420, configured to determine whether to allow the function of transferring the virtual resource to be executed by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account after the account logs in the application software again.

It should be noted here that the second access unit 1400, the second binding unit 1410, and the third determining unit 1420 correspond to steps S100 to S300 in the first embodiment, and the three units are the same as the examples and application scenarios implemented by the corresponding steps, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Preferably, as shown in fig. 11, before the third determining unit 1420 is executed, the apparatus may further include: a second login unit 1500, a second request unit 1520, and a second obtaining unit 1540.

The second login unit 1500 is configured to log in the application software for transferring the virtual resource again, where the application software is installed in the second terminal; a second request unit 1520 for initiating a request for transferring a virtual resource by application software; a second obtaining unit 1540, configured to obtain, according to the request, the network environment information currently corresponding to the account, where the network environment information currently corresponding to the account includes: and the device information of the second terminal and/or the device information of a second network device accessed by the second terminal, wherein the second network device is any one network device in the network device group.

It should be noted here that the second login unit 1500, the second request unit 1520, and the second obtaining unit 1540 correspond to steps S240 to S280 in the first embodiment, and the three units are the same as the corresponding steps in the implementation example and the application scenario, but are not limited to the disclosure in the first embodiment. It should be noted that the modules described above as part of the apparatus may be run in the computer terminal 10 provided in the first embodiment.

Example 5

An embodiment of the present invention may provide a system for securely transferring virtual resources, as shown in fig. 12, the system may include the following: at least one network device 1600, a first terminal 1610.

The first terminal 1610 is configured to select any one network device to access the internet, and is configured to, after an account logs in the first terminal (for example, start application software for transferring virtual resources, and after the account logs in the application software), obtain network environment information currently corresponding to the account, and determine whether to allow execution of a function of transferring virtual resources by detecting whether the network environment information currently corresponding to the account is matched with network environment information pre-bound to the account; the current network environment information corresponding to the account comprises: the device information of the terminal and/or the device information of the network device accessed by the terminal.

Optionally, the system may further include: the second terminal selects any one network device to access the Internet, and is used for binding the account with the device information of the second terminal and/or the network device accessed by the second terminal after the account logs in the second terminal, and acquiring the pre-bound network environment information of the account; the first terminal and the second terminal are the same or different terminal devices, and the first network device and the second network device are the same or different network devices.

As can be seen from the above, in the scheme provided in the fifth embodiment of the present application, no matter where a user connects to the internet and uses any terminal to log in the account in the application software, each time the user initiates a transfer request through the application software, the scheme always obtains the device information of the terminal currently used by the user and/or the information of the network device connected to the terminal, matches the information with the network environment information pre-bound to the user account, and determines whether to allow transfer of virtual resources according to the matching result, and if the terminal device such as a mobile phone is lost, the transfer cannot be performed if the scene of logging in the account does not match the pre-bound environment information. Through the scheme, the safety of mobile payment is improved, and the technical problem that the safety of the existing mobile payment mode is low is solved.

Example 6

Embodiment 6 of the present invention may provide a mobile terminal, which may be any one mobile terminal device in a mobile terminal group. Optionally, in this embodiment, the mobile terminal may also be replaced with a terminal device such as a mobile terminal.

Optionally, in this embodiment, the mobile terminal may be located in at least one network device of a plurality of network devices of a computer network.

In this embodiment, the mobile terminal may execute the program code of the following steps: after an account logs in a first terminal, initiating a request for transferring virtual resources; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account.

Alternatively, fig. 13 is a block diagram of a mobile terminal according to an embodiment of the present invention. As shown in fig. 13, the mobile terminal a may include: one or more processors 51 (only one of which is shown), a memory 53, and a transmission device 55.

The memory 53 may be used to store software programs and modules, such as program instructions/modules corresponding to the security vulnerability detection method and apparatus in the embodiment of the present invention, and the processor 51 executes various functional applications and data processing by running the software programs and modules stored in the memory 53, that is, implements the above-mentioned detection method for system vulnerability attacks. The memory 53 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, the memory 53 may further include memory located remotely from the processor 51, which may be connected to terminal a via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.

The transmission means 55 is used for receiving or transmitting data via a network. Examples of the network may include a wired network and a wireless network. In one example, the transmission device 55 includes a Network adapter (NIC) that can be connected to a router via a Network cable and other Network devices to communicate with the internet or a local area Network. In one example, the transmission device 55 is a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.

Specifically, the memory 53 is used for storing preset action conditions, information of preset authorized users, and application programs.

The processor 51 may call the information and applications stored in the memory 53 through the transmission device to perform the following steps: after an account logs in a first terminal, initiating a request for transferring virtual resources; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account.

Optionally, the processor 51 may further execute program codes of the following steps: the second terminal accesses the Internet through second network equipment; after the account logs in the second terminal, the account is bound with the equipment information of the second terminal and/or second network equipment accessed by the second terminal, and the pre-bound network environment information of the account is obtained; the first terminal and the second terminal are the same or different terminal devices, and the first network device and the second network device are the same or different network devices.

Optionally, the processor 51 may further execute program codes of the following steps: the second terminal sets a plurality of transfer modes corresponding to the account; the second terminal stores the account, the multiple transfer modes corresponding to the account and the network environment information pre-bound with the account to the second terminal local and sends the network environment information to the server for storage.

Optionally, the processor 51 may further execute program codes of the following steps: reading the transfer quantity of the virtual resources, and acquiring a plurality of transfer modes corresponding to the account; and determining one transfer mode from a plurality of preset transfer modes according to the transfer quantity of the virtual resources to transfer the virtual resources.

Optionally, the processor 51 may further execute program codes of the following steps: under the condition that the transfer quantity of the virtual resources is less than or equal to a first threshold value, transferring the virtual resources in a password-free transfer mode; under the condition that the transfer quantity of the virtual resources is greater than a first threshold value and less than or equal to a second threshold value, transferring the virtual resources by adopting a short password transfer mode; and under the condition that the transfer quantity of the virtual resources is greater than a second threshold value, transferring the virtual resources by adopting a complete password transfer mode.

Optionally, the processor 51 may further execute program codes of the following steps: receiving a transfer password of an account; sending the network environment information, the transfer quantity of the virtual resources, a transfer mode determined by the transfer quantity and the transfer password which correspond to the account at present to a server; receiving a verification result of the server, wherein the verification result comprises: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to a determined transfer mode; otherwise, the transfer of the virtual resources fails.

Optionally, the processor 51 may further execute program codes of the following steps: the device information includes any one or a combination of a plurality of information: MAC address, unique identification of the device and random code.

Optionally, the processor 51 may further execute program codes of the following steps: under the condition that the network environment information currently corresponding to the account is the equipment information of the first terminal and the network environment information pre-bound to the account is the equipment information of the second terminal, the step of determining whether to allow execution of the function of transferring the virtual resources by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account comprises the following steps: judging whether the equipment information of the first terminal is the same as the equipment information of the second terminal; under the condition that the equipment information of the first terminal is the same as that of the second terminal, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first terminal is different from the equipment information of the second terminal, stopping the application software from executing the function of transferring the virtual resources.

Optionally, the processor 51 may further execute program codes of the following steps: under the condition that the network environment information currently corresponding to the account is the device information of the first network device and the network environment information pre-bound to the account is the device information of the second network device, the step of determining whether to allow execution of the function of transferring the virtual resources by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account comprises the following steps: judging whether the equipment information of the first network equipment is the same as the equipment information of the second network equipment; under the condition that the equipment information of the first network equipment is the same as that of the second network equipment, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first network equipment is different from the equipment information of the second network equipment, stopping the application software from executing the function of transferring the virtual resources.

Optionally, the processor 51 may further execute program codes of the following steps: under the condition that the current corresponding network environment information of the account is the equipment information of the first terminal and the first network equipment, and the pre-bound network environment information of the account is the equipment information of the second terminal and the second network equipment, the step of determining whether to allow the function of transferring the virtual resources to be executed by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account comprises the following steps: judging whether the equipment information of the first terminal is the same as the equipment information of the second terminal and whether the equipment information of the first network equipment is the same as the equipment information of the second network equipment; under the condition that the equipment information of the first terminal is the same as that of the second terminal and the equipment information of the first network equipment and that of the second network equipment are also the same, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first terminal is different from the equipment information of the second terminal and/or the equipment information of the first network equipment is different from the equipment information of the second network equipment, stopping the application software from executing the function of transferring the virtual resources.

The embodiment of the invention provides a scheme of a safe transfer method of virtual resources. After logging in a first terminal through an account, initiating a request for transferring virtual resources; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the method comprises the steps that equipment information of a first terminal and/or equipment information of first network equipment accessed by the first terminal is/are obtained, wherein the first network equipment is any one of network equipment in a network equipment group; whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account, so that the aim of improving the security of mobile payment is fulfilled, and the technical problem that the security of the conventional mobile payment mode is low is solved.

It can be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration, and the Mobile terminal may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 13 is a diagram illustrating a structure of the electronic device. For example, the mobile terminal 10 may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 10 or have a different configuration than shown in FIG. 13.

Those skilled in the art will appreciate that all or part of the steps in the methods of the above embodiments may be implemented by a program instructing hardware associated with the terminal device, where the program may be stored in a computer-readable storage medium, and the storage medium may include: flash disks, Read-Only memories (ROMs), Random Access Memories (RAMs), magnetic or optical disks, and the like.

Example 7

Embodiment 7 of the present invention may provide a mobile terminal, which may be any one mobile terminal device in a mobile terminal group. Optionally, in this embodiment, the mobile terminal may also be replaced with a terminal device such as a mobile terminal.

In this embodiment, the program code of the following steps in the secure transfer method of virtual resources of the mobile terminal: the method comprises the steps that a first terminal accesses the Internet through first network equipment, wherein the first network equipment is any one of network equipment in a network equipment group; after the first terminal starts application software for transferring virtual resources, an account of the current login application software is pre-bound with network environment information, wherein the network environment information comprises: device information of the first network device and/or the first terminal; after the account logs in the application software again, whether the function of transferring the virtual resources is allowed to be executed is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account.

The processor 51 may call the information and applications stored in the memory 53 through the transmission device to perform the following steps: the method comprises the steps that a first terminal accesses the Internet through first network equipment, wherein the first network equipment is any one of network equipment in a network equipment group; after the first terminal starts application software for transferring virtual resources, an account of the current login application software is pre-bound with network environment information, wherein the network environment information comprises: device information of the first network device and/or the first terminal; after the account logs in the application software again, whether the function of transferring the virtual resources is allowed to be executed is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account.

Optionally, the processor 51 may further execute program codes of the following steps: before determining whether to allow execution of the function of transferring virtual resources, the method further comprises: logging in application software for transferring the virtual resources again by the account, wherein the application software is installed on the second terminal; initiating, by application software, a request for transferring a virtual resource; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: and the device information of the second terminal and/or the device information of a second network device accessed by the second terminal, wherein the second network device is any one network device in the network device group.

The embodiment of the invention provides a scheme of a safe transfer method of virtual resources. Accessing the internet through a first network device by a first terminal, wherein the first network device is any one of network devices in a network device group; after the first terminal starts application software for transferring virtual resources, an account of the current login application software is pre-bound with network environment information, wherein the network environment information comprises: device information of the first network device and/or the first terminal; after the application software is logged in again by the account, whether the function of transferring the virtual resources is allowed to be executed is determined by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound by the account, so that the aim of improving the security of mobile payment is fulfilled, and the technical problem of low security of the conventional mobile payment mode is solved.

It can be understood by those skilled in the art that the structure shown in fig. 13 is only an illustration, and the Mobile terminal may also be a terminal device such as a smart phone (e.g., an Android phone, an iOS phone, etc.), a tablet computer, a palmtop computer, a Mobile Internet Device (MID), a PAD, and the like. Fig. 13 is a diagram illustrating a structure of the electronic device. For example, the mobile terminal 10 may also include more or fewer components (e.g., network interfaces, display devices, etc.) than shown in FIG. 13, or have a different configuration than that shown in FIG. 13.

Example 8

The embodiment of the invention also provides a storage medium. Optionally, in this embodiment, the storage medium may be configured to store a program code executed by the secure virtual resource transfer method provided in the first embodiment.

Optionally, in this embodiment, the storage medium may be located in any one of mobile terminals in a mobile terminal group in a computer network, or in any one of mobile terminals in a mobile terminal group.

Optionally, in this embodiment, the storage medium is configured to store program code for performing the following steps:

and S1, after the account logs in the first terminal, initiating a request for transferring the virtual resource.

S3, acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account includes: the device information of the first terminal and/or the device information of the first network device accessed by the first terminal, wherein the first network device is any one of the network device group.

And S5, determining whether to allow the function of transferring the virtual resource to be executed by detecting whether the network environment information corresponding to the account currently matches with the network environment information pre-bound by the account.

Optionally, the storage medium is further arranged to store program code for performing the steps of: the second terminal accesses the Internet through second network equipment; after the account logs in the second terminal, the account is bound with the equipment information of the second terminal and/or second network equipment accessed by the second terminal, and the pre-bound network environment information of the account is obtained; the first terminal and the second terminal are the same or different terminal devices.

Optionally, the storage medium is further arranged to store program code for performing the steps of: the second terminal sets a plurality of transfer modes corresponding to the account; the second terminal stores the account, the multiple transfer modes corresponding to the account and the network environment information bound with the account to the second terminal local and sends the information to the server for storage.

Optionally, the storage medium is further arranged to store program code for performing the steps of: reading the transfer quantity of the virtual resources, and acquiring a plurality of transfer modes corresponding to the account; and determining one transfer mode from a plurality of preset transfer modes according to the transfer quantity of the virtual resources to transfer the virtual resources.

Optionally, the storage medium is further arranged to store program code for performing the steps of: under the condition that the transfer quantity of the virtual resources is less than or equal to a first threshold value, transferring the virtual resources in a password-free transfer mode; under the condition that the transfer quantity of the virtual resources is greater than a first threshold value and less than or equal to a second threshold value, transferring the virtual resources by adopting a short password transfer mode; and under the condition that the transfer quantity of the virtual resources is greater than a second threshold value, transferring the virtual resources by adopting a complete password transfer mode.

Optionally, the storage medium is further arranged to store program code for performing the steps of: receiving a transfer password of an account; sending the network environment information, the transfer quantity of the virtual resources, a transfer mode determined by the transfer quantity and the transfer password which correspond to the account at present to a server; receiving a verification result of the server, wherein the verification result comprises: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to a determined transfer mode; otherwise, the transfer of the virtual resources fails.

Optionally, the storage medium is further arranged to store program code for performing the steps of: the device information includes any one or a combination of a plurality of information: MAC address, unique identification of the device and random code.

Optionally, the storage medium is further arranged to store program code for performing the steps of: under the condition that the network environment information currently corresponding to the account is the equipment information of the first terminal and the network environment information pre-bound to the account is the equipment information of the second terminal, the step of determining whether to allow execution of the function of transferring the virtual resources by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account comprises the following steps: judging whether the equipment information of the first terminal is the same as the equipment information of the second terminal; under the condition that the equipment information of the first terminal is the same as that of the second terminal, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first terminal is different from the equipment information of the second terminal, stopping the application software from executing the function of transferring the virtual resources.

Optionally, the storage medium is further arranged to store program code for performing the steps of: under the condition that the network environment information currently corresponding to the account is the device information of the first network device and the network environment information pre-bound to the account is the device information of the second network device, the step of determining whether to allow execution of the function of transferring the virtual resources by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account comprises the following steps: judging whether the equipment information of the first network equipment is the same as the equipment information of the second network equipment; under the condition that the equipment information of the first network equipment is the same as that of the second network equipment, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first network equipment is different from the equipment information of the second network equipment, stopping the application software from executing the function of transferring the virtual resources.

Optionally, the storage medium is further arranged to store program code for performing the steps of: under the condition that the current corresponding network environment information of the account is the equipment information of the first terminal and the first network equipment, and the pre-bound network environment information of the account is the equipment information of the second terminal and the second network equipment, the step of determining whether to allow the function of transferring the virtual resources to be executed by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account comprises the following steps: judging whether the equipment information of the first terminal is the same as the equipment information of the second terminal and whether the equipment information of the first network equipment is the same as the equipment information of the second network equipment; under the condition that the equipment information of the first terminal is the same as that of the second terminal and the equipment information of the first network equipment and that of the second network equipment are also the same, allowing the application software to execute the function of transferring the virtual resources; and under the condition that the equipment information of the first terminal is different from the equipment information of the second terminal and/or the equipment information of the first network equipment is different from the equipment information of the second network equipment, stopping the application software from executing the function of transferring the virtual resources.

Optionally, in this embodiment, the storage medium may include, but is not limited to: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

Optionally, the specific example in this embodiment may refer to the example described in embodiment 1 above, and this embodiment is not described again here.

It should be noted here that any one of the mobile terminal groups may establish a communication relationship with the web server and the scanner, and the scanner may scan the value commands of the web application executed by the php on the mobile terminal.

The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.

In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.

In the several embodiments provided in the present application, it should be understood that the disclosed client may be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, a division of a unit is merely a division of a logic function, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.

Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.

The foregoing is only a preferred embodiment of the present invention, and it should be noted that it is obvious to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and these modifications and improvements should also be considered as the protection scope of the present invention.

Example 9

step S11: the method comprises the steps that a first terminal accesses the Internet through first network equipment, wherein the first network equipment is any one of network equipment in a network equipment group;

step S31: after the first terminal starts application software for transferring virtual resources, an account of the current login application software is pre-bound with network environment information, wherein the network environment information comprises: device information of the first network device and/or the first terminal; in that

Step S51: after the account logs in the application software again, whether the function of transferring the virtual resources is allowed to be executed or not is determined by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account.

Optionally, the storage medium is further arranged to store program code for performing the steps of: logging in application software for transferring the virtual resources again by the account, wherein the application software is installed on the second terminal; initiating, by application software, a request for transferring a virtual resource; acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: and the device information of the second terminal and/or the device information of a second network device accessed by the second terminal, wherein the second network device is any one network device in the network device group.

Optionally, the specific example in this embodiment may refer to the example described in embodiment 2 above, and this embodiment is not described again here.

Example 10

The embodiment of the invention also provides a storage medium, which comprises a stored program, wherein when the program runs, the device where the storage medium is located is controlled to execute the above-mentioned method for securely transferring the virtual resource.

Example 11

The embodiment of the invention also provides a processor, which is used for running the program, wherein the program executes the secure transfer method of the virtual resource when running.

Claims

1. A method for secure transfer of virtual resources, comprising:

after an account logs in a first terminal, initiating a request for transferring virtual resources, wherein after a user successfully logs in a pre-registered account in a login function provided by application software, the request for transferring the virtual resources is initiated through the application software;

acquiring the current corresponding network environment information of the account according to the request, wherein the current corresponding network environment information of the account comprises: the device information of the first terminal and the device information of a first network device accessed by the first terminal are obtained, wherein the first network device is any one network device in a network device group;

determining whether to allow execution of a function of transferring virtual resources by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account;

before the account logs in the first terminal, the method further comprises the following steps:

the second terminal accesses the Internet through second network equipment;

after the account logs in the second terminal, the account is bound with the equipment information of the second terminal and the second network equipment accessed by the second terminal, and the pre-bound network environment information of the account is obtained;

the first terminal and the second terminal are the same or different terminal devices, and the first network device and the second network device are the same or different network devices;

after obtaining the network environment information pre-bound to the account, the method further comprises:

the second terminal sets a plurality of transfer modes corresponding to the account, wherein the transfer modes comprise: a password-free transfer mode, a short password transfer mode and a complete password transfer mode;

the second terminal stores the account, the multiple transfer modes corresponding to the account and the network environment information bound with the account to the local second terminal and sends the information to a server for storage;

the method for determining whether to allow execution of the function of transferring the virtual resources by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account includes: when the user logs in the application software in different terminal equipment for multiple times with the same account, matching the equipment information of the terminal equipment currently used by the user with the equipment information of the terminal equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result; when the user logs in with the same account by using the same terminal, and the same terminal is connected with different network equipment for multiple times, matching the equipment information of the network equipment currently used by the user with the equipment information of the network equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result.

2. The method of claim 1, wherein in the event that it is determined that the function of transferring virtual resources is allowed to be performed, prior to performing the function of transferring virtual resources, the method further comprises:

reading the transfer quantity of the virtual resources and acquiring a plurality of transfer modes corresponding to the account;

and determining one transfer mode from the preset multiple transfer modes according to the transfer quantity of the virtual resources to transfer the virtual resources.

3. The method according to claim 2, wherein determining one transfer mode from the plurality of preset transfer modes according to the transfer quantity of the virtual resource to transfer the virtual resource comprises:

under the condition that the transfer quantity of the virtual resources is less than or equal to a first threshold value, transferring the virtual resources in a password-free transfer mode;

under the condition that the transfer quantity of the virtual resources is larger than the first threshold value and smaller than or equal to a second threshold value, transferring the virtual resources in a short password transfer mode;

and under the condition that the transfer quantity of the virtual resources is larger than the second threshold value, transferring the virtual resources in a complete password transfer mode.

4. The method of claim 3, wherein the step of performing the function of transferring virtual resources comprises:

receiving a transfer password of the account;

sending the network environment information corresponding to the account, the transfer quantity of the virtual resources, a transfer mode determined by the transfer quantity and the transfer password to the server;

receiving a verification result of the server, wherein the verification result comprises: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to the determined transfer mode; otherwise, the transfer of the virtual resource fails.

5. The method of claim 1, wherein the device information comprises any one or more of the following: MAC address, unique identification of the device and random code.

6. The method according to any one of claims 1 to 5, wherein in a case that the network environment information currently corresponding to the account is the device information of the first terminal and the first network device, and the network environment information pre-bound to the account is the device information of the second terminal and the second network device, the step of determining whether to allow execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account matches the network environment information pre-bound to the account includes:

judging whether the equipment information of the first terminal is the same as the equipment information of the second terminal and whether the equipment information of the first network equipment is the same as the equipment information of the second network equipment;

allowing the application software to execute a function of transferring virtual resources under the condition that the equipment information of the first terminal is the same as that of the second terminal and the equipment information of the first network equipment and that of the second network equipment are also the same;

and under the condition that the equipment information of the first terminal is different from the equipment information of the second terminal and/or the equipment information of the first network equipment is different from the equipment information of the second network equipment, stopping the application software from executing the function of transferring the virtual resources.

7. An apparatus for secure transfer of virtual resources, comprising:

the device comprises a first request unit, a second request unit and a third request unit, wherein the first request unit is used for initiating a request for transferring virtual resources after an account logs in a first terminal, and the user initiates the request for transferring the virtual resources through application software after successfully logging in a pre-registered account in a login function provided by the application software;

a first obtaining unit, configured to obtain, according to the request, network environment information currently corresponding to the account, where the network environment information currently corresponding to the account includes: the device information of the first terminal and the device information of a first network device accessed by the first terminal are obtained, wherein the first network device is any one network device in a network device group;

the first determining unit is used for determining whether to allow execution of a function of transferring virtual resources by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account;

the device further comprises:

the first access unit is used for the second terminal to access the Internet through second network equipment;

the first binding unit is used for binding the account with the equipment information of the second terminal and second network equipment accessed by the second terminal after the account logs in the second terminal, and acquiring pre-bound network environment information of the account;

the device further comprises:

the setting unit is used for setting a plurality of transfer modes corresponding to the account, wherein the transfer modes comprise: a password-free transfer mode, a short password transfer mode and a complete password transfer mode;

the storage unit is used for storing the account, the multiple transfer modes corresponding to the account and the network environment information bound with the account to the local second terminal and sending the network environment information to a server for storage;

the device is further used for determining whether to allow the execution of the function of transferring the virtual resource by detecting whether the network environment information currently corresponding to the account is matched with the network environment information pre-bound to the account through the following steps: when the user logs in the application software in different terminal equipment for multiple times with the same account, matching the equipment information of the terminal equipment currently used by the user with the equipment information of the terminal equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result; when the user logs in with the same account by using the same terminal, and the same terminal is connected with different network equipment for multiple times, matching the equipment information of the network equipment currently used by the user with the equipment information of the network equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result.

8. The apparatus of claim 7, further comprising:

the reading unit is used for reading the transfer quantity of the virtual resources and acquiring a plurality of transfer modes corresponding to the account;

a second determining unit, configured to determine one transfer manner from the multiple preset transfer manners according to the transfer number of the virtual resource, so as to transfer the virtual resource.

9. The apparatus according to claim 8, wherein the second determining unit comprises:

the first transfer module is used for transferring the virtual resources in a password-free transfer mode under the condition that the transfer quantity of the virtual resources is less than or equal to a first threshold value;

a second transfer module, configured to transfer the virtual resource in a short password transfer manner when the transfer number of the virtual resource is greater than the first threshold and is less than or equal to a second threshold;

and the third transfer module is used for transferring the virtual resources by adopting a complete password transfer mode under the condition that the transfer quantity of the virtual resources is greater than the second threshold value.

10. The apparatus of claim 9, wherein the first determining unit comprises:

the receiving module is used for receiving the transfer password of the account;

a sending module, configured to send the network environment information currently corresponding to the account, the transfer amount of the virtual resource, a transfer manner determined by the transfer amount, and the transfer password to the server;

a second receiving module, configured to receive a verification result of the server, where the verification result includes: if the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account, and the transfer password of the account is the same as the preset password, transferring the virtual resource according to the determined transfer mode; otherwise, the transfer of the virtual resource fails.

11. The apparatus of claim 7, wherein the device information comprises any one or more of the following: MAC address, unique identification of the device and random code.

12. The apparatus according to any one of claims 7 to 11, wherein in a case that the network environment information currently corresponding to the account is device information of the first terminal and the first network device, and the network environment information pre-bound to the account is device information of the second terminal and the second network device, the first determining unit further includes:

a third determining module, configured to determine whether the device information of the first terminal is the same as the device information of the second terminal, and whether the device information of the first network device is the same as the device information of the second network device;

a fifth processing module, configured to allow the application software to execute a function of transferring virtual resources if the device information of the first terminal is the same as the device information of the second terminal, and the device information of the first network device is the same as the device information of the second network device;

a sixth processing module, configured to suspend the application software from executing the function of transferring the virtual resource if the device information of the first terminal is different from the device information of the second terminal, and/or the device information of the first network device is different from the device information of the second network device.

13. A system for secure transfer of virtual resources, comprising:

at least one network device;

the system comprises a first terminal, a second terminal and a third terminal, wherein the first terminal selects any one network device to access the Internet, and is used for acquiring the current corresponding network environment information of an account after the account logs in the first terminal, and determining whether to allow execution of a function of transferring virtual resources by detecting whether the current corresponding network environment information of the account is matched with the pre-bound network environment information of the account;

wherein the current network environment information corresponding to the account includes: the device information of the terminal and the device information of the network device accessed by the terminal;

after a user successfully logs in an account successfully registered in advance in a login function provided by application software, initiating a request for transferring virtual resources through the application software;

the system further comprises:

the second terminal selects any one network device to access the Internet, and is used for binding the account with the device information of the second terminal and the network device accessed by the second terminal after the account logs in the second terminal, so as to obtain the pre-bound network environment information of the account;

the first terminal and the second terminal are the same or different terminal equipment;

the second terminal is further configured to set a plurality of transfer modes corresponding to the account, where the transfer modes include: a password-free transfer mode, a short password transfer mode and a complete password transfer mode; the second terminal is also used for storing the account, the multiple transfer modes corresponding to the account and the network environment information bound with the account to the local second terminal and sending the network environment information to a server for storage;

the first terminal is further configured to determine whether to allow execution of a function of transferring virtual resources by detecting whether network environment information currently corresponding to the account matches network environment information pre-bound to the account, through the following steps: when the user logs in the application software in different terminal equipment for multiple times with the same account, matching the equipment information of the terminal equipment currently used by the user with the equipment information of the terminal equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result; when the user logs in with the same account by using the same terminal, and the same terminal is connected with different network equipment for multiple times, matching the equipment information of the network equipment currently used by the user with the equipment information of the network equipment bound with the account in advance to obtain a matching result, and determining whether to allow execution of the function of transferring the virtual resources according to the matching result.