CN115037482A - Fraud detection method and device, electronic equipment and readable storage medium - Google Patents

Fraud detection method and device, electronic equipment and readable storage medium Download PDF

Info

Publication number
CN115037482A
CN115037482A CN202210656948.7A CN202210656948A CN115037482A CN 115037482 A CN115037482 A CN 115037482A CN 202210656948 A CN202210656948 A CN 202210656948A CN 115037482 A CN115037482 A CN 115037482A
Authority
CN
China
Prior art keywords
fraud
information
application
data set
terminal
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210656948.7A
Other languages
Chinese (zh)
Inventor
翟东岩
史领航
姚平
胡志远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Vivo Mobile Communication Co Ltd
Original Assignee
Vivo Mobile Communication Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Vivo Mobile Communication Co Ltd filed Critical Vivo Mobile Communication Co Ltd
Priority to CN202210656948.7A priority Critical patent/CN115037482A/en
Publication of CN115037482A publication Critical patent/CN115037482A/en
Priority to PCT/CN2023/098223 priority patent/WO2023236884A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3234Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving additional secure or trusted devices, e.g. TPM, smartcard, USB or software token
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/12Details relating to cryptographic hardware or logic circuitry
    • H04L2209/127Trusted platform modules [TPM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/56Financial cryptography, e.g. electronic payment or e-cash

Abstract

The application discloses a fraud detection method and device, electronic equipment and a readable storage medium, and belongs to the technical field of data processing. The method comprises the following steps: the method comprises the steps that a terminal obtains feature information associated with a target application and sends the feature information to a Trusted Execution Environment (TEE) side of the terminal under the condition that a detection request sent by the target application is received by the REE side, wherein the detection request is used for requesting fraud detection; and under the condition that the authorization verification of the target application is successful on the TEE side, the terminal compares the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result.

Description

Fraud detection method and device, electronic equipment and readable storage medium
Technical Field
The application belongs to the technical field of data processing, and particularly relates to a fraud detection method and device, electronic equipment and a readable storage medium.
Background
With the development of payment technology, mobile online payment is more and more popular, and accompanying fraudulent behaviors are more and more frequent, for example, a fraudulent team issues malicious/false connection or malicious applications through platforms such as communication and social contact, so as to induce users to pay funds, and the fraudulent team transfers funds, and the fraudulent payment behavior brings property loss to people.
In order to combat fraud, identification and detection of fraud are increasingly important, and currently, the detection mode of fraud is mainly implemented at an application level, for example, an application detects whether fraud exists through a blacklist. However, the application is vulnerable to attack or modification, etc., and thus the detection logic is easily bypassed, and the detection accuracy is low.
Disclosure of Invention
An object of the embodiments of the present application is to provide a method and an apparatus for detecting a fraudulent conduct, an electronic device, and a readable storage medium, which can improve accuracy of detecting a fraudulent conduct.
In a first aspect, an embodiment of the present application provides a method for detecting fraud, where the method includes:
the method comprises the steps that a terminal acquires feature information associated with a target application under the condition that a detection request sent by the target application is received by a Rich Execution Environment (REE) side, and sends the feature information to a Trusted Execution Environment (TEE) side of the terminal, wherein the detection request is used for requesting to detect fraudulent behaviors;
and under the condition that the authorization verification of the target application is successful on the TEE side, the terminal compares the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result.
In a second aspect, an embodiment of the present application provides a fraud detection apparatus, including:
the system comprises an acquisition module, a detection module and a processing module, wherein the acquisition module is used for acquiring characteristic information associated with a target application under the condition that a detection request sent by the target application is received by a Rich Execution Environment (REE) side;
the first sending module is used for sending the characteristic information to a Trusted Execution Environment (TEE) side of the terminal, and the detection request is used for requesting to detect the fraudulent behavior;
and the first determining module is used for comparing the characteristic information with the fraud characteristic data in the fraud characteristic data set under the condition that the terminal successfully authorizes and verifies the target application at the TEE side, and determining a fraud detection result.
In a third aspect, embodiments of the present application provide an electronic device, which includes a processor and a memory, where the memory stores a program or instructions executable on the processor, and the program or instructions, when executed by the processor, implement the steps of the method according to the first aspect.
In a fourth aspect, embodiments of the present application provide a readable storage medium, on which a program or instructions are stored, which when executed by a processor implement the steps of the method according to the first aspect.
In a fifth aspect, an embodiment of the present application provides a chip, where the chip includes a processor and a communication interface, where the communication interface is coupled to the processor, the communication interface is used to transmit image data, and the processor is used to execute a program or instructions to implement the method according to the first aspect.
In a sixth aspect, embodiments of the present application provide a computer program product, stored on a storage medium, for execution by at least one processor to implement the method according to the first aspect.
In this embodiment, the TEE side can provide a safer environment, which can reduce interference on fraud detection, and the TEE side of the terminal performs comparison to implement fraud detection to obtain a fraud detection result, which can improve the accuracy of fraud.
Drawings
Fig. 1 is a flowchart of a fraud detection method provided in an embodiment of the present application;
fig. 2 is a block diagram of a fraud detection system implementing a fraud detection method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a fraud detection method provided by an embodiment of the present application;
fig. 4 is a schematic block diagram of a fraud detection apparatus provided in an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device provided in an embodiment of the present application;
fig. 6 is a schematic hardware structure diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The technical solutions in the embodiments of the present application will be described clearly below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some, but not all, embodiments of the present application. All other embodiments that can be derived by one of ordinary skill in the art from the embodiments given herein are intended to be within the scope of the present disclosure.
The terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the application may be practiced in sequences other than those illustrated or described herein, and that the terms "first," "second," and the like are generally used herein in a generic sense and do not limit the number of terms, e.g., the first term can be one or more than one. In addition, "and/or" in the specification and claims means at least one of connected objects, a character "/" generally means that a preceding and succeeding related objects are in an "or" relationship.
The fraud detection method provided by the embodiment of the present application is described in detail below with reference to the accompanying drawings through specific embodiments and application scenarios thereof.
As shown in fig. 1, the present application provides a fraud detection method of an embodiment, which may be executed by a terminal, and includes:
step 101: the method comprises the steps that a terminal obtains feature information associated with a target application under the condition that a detection request sent by the target application is received by a Rich Execution Environment (REE) side, and sends the feature information to a Trusted Execution Environment (TEE) side of the terminal;
wherein the detection request is used for requesting fraud detection;
step 102: and under the condition that the authorization verification of the target application is successful on the TEE side, the terminal compares the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result.
It is understood that the terminal may include a Rich Execution Environment (REE) side and a Trusted Execution Environment (TEE) side, the TEE provides a secure Execution Environment for the terminal, for example, is commonly used for digital rights management, mobile payment, data protection, and the like, and the REE provides a general Environment for the terminal, for example, runs a general operating system and applications, and the like.
The target application may include, but is not limited to, a financial application, etc., it is noted that a financial application may include an application with payment functionality, etc., and may be, for example, a payment application. In the case that the target application is called or triggered, the fraud detection process of this embodiment may be triggered, for example, the target application is called to make payment, specifically, the payment function of the target application is called, and fraud detection may be triggered. In the detection process, firstly, the target application may send a detection request to the REE side of the terminal, and it is understood that the detection request may be sent to the REE side in a case where the target application is triggered to perform the payment function, so as to trigger the fraud detection.
And under the condition that the REE side of the terminal receives the detection request, acquiring the characteristic information associated with the target application and sending the characteristic information to the TEE side of the terminal, wherein the TEE side of the terminal can perform authorization verification on the target application. And under the condition that the authorization verification is passed, the TEE side of the terminal can compare the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result and realize fraud detection. That is, the REE side receives the detection request and obtains the feature information associated with the target application, the TEE side receives the feature information associated with the target application sent by the REE side, the TEE side compares the feature information associated with the target application with the fraud feature data in the fraud feature data set to realize the detection of the fraud, and the REE side and the TEE side of the terminal cooperate to complete the detection of the fraud. In addition, it should be noted that the fraud feature data set on the TEE side may be obtained from the cloud in advance and stored on the TEE side.
In this embodiment, the TEE side can provide a safer environment, so as to reduce interference on fraudulent behavior detection, the TEE side of the terminal performs comparison to implement fraudulent behavior detection, so as to obtain a fraudulent behavior detection result, which can improve accuracy of fraudulent behavior. Meanwhile, the REE side of the terminal receives the detection request, obtains the characteristic information related to the target application, and the TEE side of the terminal compares the characteristic information with the fraud characteristic data in the fraud characteristic data set to obtain a fraud detection result, namely, the fraud detection process can be shared on different execution environment sides, so that the execution pressure of the terminal in the execution environment of one side caused by the whole detection process in the execution environment of the side is reduced.
In one embodiment, the characteristic information includes at least one of:
application link information for indicating call order information for calling a plurality of applications including a target application;
packet name information applied in the application link information;
signature information applied in the application link information;
the behavior characteristics of the application in the application link information.
It can be understood that the target application is called according to the application call sequence in the application link information, that is, the target application is the application called and run last in the plurality of applications, and in the applications with adjacent call sequences in the plurality of applications, the former application calls the latter application to run, and the latter application is called and run by the former application. In the process of calling the target application, if a fraudulent behavior exists, there is a certain rule in the application calling sequence for realizing the calling of the target application, for example, a malicious application (also referred to as a fraudulent application, etc.) calls an intermediate application (for example, a browser, etc.) and then calls the target application through the intermediate application, that is, the calling sequence sequentially is: malicious applications, intermediate applications, target applications. Therefore, in the embodiment, the application link information can be acquired and compared with the fraud characteristic data to realize fraud detection.
In this embodiment, in the comparison process, the characteristic information associated with the target application is used and may include at least one of application link information, packet name information applied in the application link information, signature information applied in the application link information, and behavior characteristics applied in the application link information, and the characteristic information is compared with the fraud characteristic data to complete fraud detection.
In one embodiment, comparing the characteristic information with fraud characteristic data in the fraud characteristic data set to determine a fraud detection result includes:
comparing the characteristic information with the fraud characteristic data in the fraud characteristic data set according to a target comparison strategy to determine a fraud detection result;
the target ratio strategy is obtained by the terminal from the cloud in advance, and the fraud feature data set is obtained by the terminal from the cloud in advance.
It should be noted that, a target comparison policy may be configured in the cloud in advance, the REE side may obtain the target comparison policy from the cloud in advance and transmit the target comparison policy to the TEE side, and the TEE side compares the feature information with the fraud feature database according to the target comparison policy to determine a fraud detection result.
It can be understood that the target comparison policy may be determined according to the usage feedback of multiple users, that is, the illegal calling manner, the called application, and the like fed back by multiple users are collected and integrated to form a fraud feature data set.
In this embodiment, the target comparison strategy can be configured according to the requirement and stored in the cloud, the terminal obtains the pre-configured target comparison strategy from the cloud, compares the characteristic information with the fraud characteristic data in the fraud characteristic data set, and determines the fraud detection result so as to improve the fraud detection accuracy.
In one embodiment, the comparing the feature information with the fraud feature data in the fraud feature data set according to the target comparison policy to determine the fraud detection result includes:
determining that a fraud detection result is fraudulent when the application link information of a plurality of applications in the feature information is matched with the application calling sequence of a plurality of applications in the fraud feature data set; or
And determining that the fraud detection result is fraudulent when the application link information in the characteristic information is matched with the application calling sequence of a plurality of applications in the fraud characteristic data set, and at least one of the packet name information, the signature information and the behavior characteristic is matched in the fraud characteristic data set.
The fraud feature data set may include a plurality of predetermined application calling sequences, and may further include packet name information, signature information, behavior features, code features, authority features, and the like of a plurality of preset malicious applications, where a plurality of users are associated in the application link information, in this embodiment, the target comparison policy may be a policy matching the application call order, and may match the application link information in the feature information with the application call order of the plurality of applications in the fraudulent feature data set, in case the application link information in the feature information matches successfully with the application invocation order of the plurality of applications in the fraudulent feature data set, indicating that the target application was invoked in a predetermined order in the fraud signature data set, it may be determined that fraud is present, the fraud detection result indicating the existence of fraud can be obtained, and the fraud detection accuracy can be improved. Or, under the condition that the application link information in the feature information is successfully matched with the application calling sequence of the plurality of applications in the fraud feature data set, further detecting whether at least one of packet name information, signature information and behavior features in the feature information can be successfully matched in the fraud feature data set, and under the condition that at least one of packet name information, signature information and behavior features in the feature information is matched in the fraud feature data set, indicating that the malicious application is hit, determining that a fraud exists, namely obtaining a fraud detection result indicating that the fraud exists, thus further improving the accuracy of fraud detection.
In one embodiment, the detection request includes an authorization token, the method further comprising:
the terminal sends the authorization token to the TEE side at the REE side;
and the terminal determines that the authorization verification of the target application is successful under the condition that the authorization token is successfully verified at the TEE side.
After receiving the detection request, the REE side can transmit the authorization token to the TEE side, the TEE side verifies the validity of the authorization token, and can understand that the authorization verification of the target application can be determined to be successful only under the condition that the authorization token is successfully verified (namely, the authorization token is shown to be valid), under the condition, data comparison is further carried out, and the characteristic information is compared with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result, so that the validity of the data comparison can be improved, and the validity of the obtained fraud detection result is improved.
In one embodiment, the terminal determines that the authorization verification for the target application is successful if the TEE successfully verifies the authorization token, including:
and the terminal determines that the authorization verification of the target application is successful under the condition that the TEE successfully decrypts the authorization token and the decrypted authorization token is not expired.
It should be noted that, if the authorization token is valid, the authorization token should be decrypted successfully by the terminal and the validity period is not expired, and the terminal can decrypt the authorization token successfully, which may indicate that the authorization token is issued by the management service in the cloud. As an example, in the process of verifying the authorization token, whether the authorization token comes from the management service of the cloud and/or whether the validity period expires may be verified, in the case that the management service and/or the validity period of the authorization token comes from the cloud does not expire (indicating validity), it is determined that the authorization token is successfully verified, otherwise, it is determined that the authorization token is failed to be verified, an error prompt message may be returned to the REE side, and the REE side may return the error prompt message to the target application.
In one embodiment, the detection request includes at least one of package name information and signature information of the target application;
acquiring characteristic information associated with a target application, wherein the characteristic information comprises the following steps:
sending an identity verification request to a cloud, wherein the identity verification request comprises at least one of package name information and signature information of a target application, and the identity verification request is used for requesting identity verification of the target application;
receiving an authentication result sent by the cloud in response to the authentication request;
and acquiring the characteristic information under the condition that the identity authentication result shows that the identity authentication is passed.
The method comprises the steps that identity verification is required to be carried out on a target application in the process of obtaining characteristic information associated with the target application, an REE side sends an identity verification request for the target application to a cloud side, after the cloud side receives the identity verification request, identity verification can be carried out by using at least one of package name information and signature information of the target application to obtain an identity verification result and send the identity verification result to the REE side, and the REE side obtains the characteristic information associated with the target application under the condition that the identity verification result shows that the identity verification is passed, so that the safety of characteristic information obtaining is ensured.
In one embodiment, the terminal receives a data updating request sent by a target application at an REE side; and if the target application is successfully updated and verified, sending the update data in the data update request to the TEE side, and updating the fraud characteristic data set by the TEE side by using the update data.
The method comprises the steps that the data updating request is sent to a TEE side, the TEE side updates a fraud feature data set by using the update data, and therefore data updating safety is ensured on one hand, and on the other hand, timeliness of the fraud feature data in the fraud feature data set can be improved.
The following describes the process of the above fraud detection method in a specific embodiment.
The fraud detection method of the embodiment of the application is an anti-fraud detection method fusing terminal side hardware, a frame, application layer capability and cloud service capability, and comprises the following aspects:
protection scheme based on black grey production feature data set (fraud feature data set) on TEE side:
the black and grey product characteristic data set can be collected through attack and defense countermeasure analysis, black and grey product intelligence and other channels, and includes but is not limited to malicious application package names, malicious application signatures, malicious behavior characteristics, malicious application code characteristics (such as memory occupation and specific class names in operation), malicious application permission characteristics and the like. The management service of cloud end can issue the collected black and grey characteristic data set to the terminal side through the credible data transmission channel, and in addition, the black and grey characteristic data set can be stored in the TEE side of the terminal side, and can be updated and the like.
The black gray product characteristic data set updating scheme based on the TEE side comprises the following steps:
the black and gray product feature data set is issued/preset by a cloud corresponding to the terminal, the terminal can reserve a feature data updating interface, the updating interface performs authority verification through identity authentication, signature authentication and feature identification applied to the terminal side, a user passing the verification can update the updating data received by the updating interface to the black and gray product feature data set of the TEE side, a single application can be independently supplemented to the black and gray product feature data set and is appointed to be used only by the user, the data is not used for matching with other processes under the unauthorized condition, and the effect of customizing the data is achieved.
And (3) detecting a frame layer calling chain:
the complete application calls link detection, the logic of which is divided into two dimensions:
the method comprises the steps of firstly, carrying out universal logic, namely, from the lifecycle of application installation, use and uninstallation, in the application installation process, scanning an application installation package by a system, extracting the installation package characteristics and code characteristics of the application installation package, carrying out comparison with the black grey product characteristic data set to finish risk identification, and in the use process, extracting the application use running state, identifying the malicious behavior characteristics (such as hidden pull-up payment application, induced payment in an interface, gambling and the like), carrying out characteristic comparison and the like.
Secondly, in the use logic, the application running behavior information in the use process of the user, such as the application starting sequence (namely the application calling sequence or the application calling link, assuming that the payment process of the fraud application is that the fraud application is in the photo browser or the browser), is matched in the application calling link, and the fraud application is identified and matched through the features in the general logic, so that the fraud behavior identification existing on the link at this time can be completed, namely, a risk prompt can be given before the user pays, the link features can also be extracted in an implementation mode, and data comparison and peer-to-peer can be realized in modes such as key link field hash value (hash) comparison and the like.
As shown in fig. 2, a block diagram of a fraud detection system implementing a fraud detection method is shown.
For the REE side:
(1) anti-fraud detection
Receiving a security capability evaluation request from a terminal anti-fraud security detection, wherein the request comprises a behavior identifier of the anti-fraud behavior detection and an authorization token of a management service;
the REE side communication agent and the TEE side communication agent are utilized to transfer the fraud characteristic data set to TEE side anti-fraud security detection;
and returning the fraud detection result of the TEE side anti-fraud security detection to the calling party (target application).
(2) Framework security capability
Receiving a call request of 'anti-fraud detection', and acquiring anti-fraud data in the TEE side and detection acquisition requirements (including application link information, behavior characteristics, signature information, packet name information and the like) corresponding to the strategies through a communication agent;
data are roughly corrected depending on a strategy, and application link information in a strategy range is collated and transmitted to a TEE side for anti-fraud security detection;
(3) anti-fraud data support Application Program Interface (API)
The data writing request of the calling party is received, the communication proxy is communicated with an anti-fraud data management service, the anti-fraud data management service is a cloud management service, the identity and the data of the calling party are verified to be legal, and a fraud feature data set in the TEE side is updated through a trusted terminal and a trusted terminal.
For the TEE side:
(1) anti-fraud security detection
Receiving an anti-fraud query capability request from an "anti-fraud detection" at the REE side, where the request includes a behavior identifier of the "anti-fraud detection", an authorization token of a management service, and security state information at the REE side, and detecting whether the access request is valid according to a policy of response, for example:
according to the identifier of the anti-fraud detection of the terminal, checking whether the target application has the authority of calling the anti-fraud detection;
verify the validity of the authorization token (e.g., whether the token comes from a management service of the mobile device, whether the token is expired, etc.), and check the management service for the right to invoke "anti-fraud detection".
Carrying out digital signature on the fraud detection result through a private key of the terminal;
acquiring application stack information in a specific strategy range in front of a calling party through the frame security capability, comparing the acquired application stack information with fraud feature data in a fraud feature data set preset (issued) in the TEE, and returning a fraud detection result and a digital signature to the anti-fraud detection of the REE side;
update data from the fraud feature data set and the anti-fraud data support application program interface in the anti-fraud data management service is accepted, and the data set of the TEE policy can be updated (the priority of update is first in time).
For anti-fraud data management services:
wherein the basic data may include:
(1) fraud feature data set
By accessing to the national anti-fraud center, the system protection black product data burying points, the actual attack and defense confrontation, the black grey product intelligence and other sources, a comprehensive fraud characteristic data set can be established, which includes but is not limited to: package name, signature, application link information, behavior characteristics, etc.;
(2) anti-fraud policy (contrast policy)
And (3) anti-fraud detection capability configuration, such as calling chain range policy setting, namely a calling process of a specific number in front of the target application, how to calculate feature configuration in the process, and the like.
Wherein, basic service and interface:
(1) authorization management
Receiving an authorization request for an anti-fraud security detection capability of "anti-fraud detection" (anti-fraud end-side data ingress);
authentication "anti-fraud detection";
generating an authorization token for "anti-fraud detection";
returning the authorization token to "anti-fraud detection";
(2) anti-fraud data support data authentication interface
And when the end and the end are updated, verifying whether the data pass compliance audit, and ensuring the data controllability when the end-to-end data are updated.
As shown in fig. 3, the specific process of the method of the embodiment of the present application is as follows:
1. a preparation stage:
configuring anti-fraud capability information:
collecting multivariate fraud feature data, and generating a comprehensive fraud feature data set according to a strategy;
configuring fraud characteristic policy content, such as detecting call sequence information of a pulled application and the like;
and (3) application authorization configuration:
generating and configuring an authorization token and access authority of an authorization application;
an access authority white list is configured in an authorization management module in the cloud, an authorization token is issued to a TEE side through a trusted data transmission channel after signature protection, and the TEE side carries out signature verification through a preset key to solve the authorization token and the validity period thereof;
importing the end-side data model into background configuration:
data configuration: carrying out cloud audit on the model which can be updated by the terminal side and then storing the characteristic value;
and importing authorization configuration: and generating and configuring a token and an access right which can lead in fraud data at the terminal side.
2. Query phase (detection phase)
A caller (target application) initiates a detection request (containing an authorization token) to REE side anti-fraud detection;
the method comprises the steps that the REE side of a terminal carries out identity verification on a visitor (target application), in the verification process, the REE side communicates with a cloud end, the cloud end realizes identity verification on the target application, an identity verification result is issued to the REE side, after the identity verification is passed, the frame security capability side collects feature information related to the target application according to strategies, such as application link information, package name information, signature information, behavior features and the like, and transmits the feature information to the anti-fraud security capability of the TEE side.
The method comprises the steps that a terminal TEE side 'anti-fraud safety capability' verifies an authorization token, if the verification fails, operation is immediately terminated, error prompt information is returned to 'anti-fraud detection' of the REE side, the 'anti-fraud detection' records the error information through an access control mechanism and returns the error information to a calling party, and meanwhile, under the condition that the application unit time is frequently accessed and authentication is frequently failed (for example, the authentication is continuously failed for 1000 times within 1 min), the 'anti-fraud detection' can properly limit the calling frequency and times of the calling party (for example, 30min requests are forbidden);
the TEE side compares the feature information transmitted by the REE side with features in the fraud feature data set according to a comparison strategy, for example, the comparison strategy specifies a rule for payment application when the calling sequence is malicious application > specific application >, the TEE side matches through the rule, if the calling sequence of the application and the information of the malicious application are hit, the TEE side returns risk prompt information to anti-fraud detection, the risk prompt information is informed to a calling party through the anti-fraud detection, and if the calling sequence and the information of the malicious application are not hit, the TEE side returns the information of the problem which is not found temporarily;
(3) terminal side data synchronization stage:
and the authorization mode refers to the logic of the query stage, if the authority passes, the updated data is transmitted to the TEE side through the REE, and the 'anti-fraud security capability' in the TEE side completes the updating of the data.
According to the fraud detection method provided by the embodiment of the application, the execution subject can be a fraud detection device. In the embodiment of the present application, a method for performing fraud detection by using a fraud detection apparatus is taken as an example, and the fraud detection apparatus provided in the embodiment of the present application is described.
As shown in fig. 4, a fraud detection apparatus 400 of an embodiment is provided, which can be used in an electronic device, and the apparatus 400 includes:
an obtaining module 401, configured to obtain feature information associated with a target application when a detection request sent by the target application is received on a rich execution environment REE side;
a first sending module 402, configured to send the feature information to a trusted execution environment TEE side of the terminal, where the detection request is used to request to perform fraud detection;
the first determining module 403 is configured to, when the terminal successfully authenticates the authorization of the target application on the TEE side, compare the feature information with the fraud feature data in the fraud feature data set, and determine a fraud detection result.
In one embodiment, the characteristic information includes at least one of:
application link information for indicating call order information for calling a plurality of applications including a target application;
packet name information applied in the application link information;
signature information applied in the application link information;
the behavior characteristics of the application in the link information are applied.
In an embodiment, the first determining module 403 is specifically configured to compare the feature information with the fraudulent feature data in the fraudulent feature data set according to the target comparison policy, and determine a detection result of the fraudulent behavior;
the target ratio strategy is obtained by the terminal from the cloud in advance, and the fraud feature data set is obtained by the terminal from the cloud in advance.
In an embodiment, the first determining module 403 is further specifically configured to:
determining that a fraud detection result is fraudulent when the application link information of a plurality of applications in the characteristic information is matched with the application calling sequence of a plurality of applications in the fraud characteristic data set; or alternatively
And determining that the fraud detection result is fraudulent when the application link information of the plurality of applications in the characteristic information is matched with the application calling sequence of the plurality of applications in the fraud characteristic data set, and at least one of the packet name information, the signature information and the behavior characteristics is matched in the fraud characteristic data set.
In one embodiment, the detection request includes an authorization token, the apparatus further comprising:
the second sending module is used for sending the authorization token to the TEE side at the REE side;
and the second determining module is used for determining that the authorization verification of the target application is successful under the condition that the authorization token is successfully verified on the TEE side.
In one embodiment, the detection request includes at least one of package name information and signature information of the target application;
an acquisition module, comprising:
the third sending module is used for sending an identity verification request to the cloud, wherein the identity verification request comprises at least one of package name information and signature information of the target application, and the identity verification request is used for requesting identity verification of the target application;
the first receiving module is used for receiving an authentication result sent by the cloud in response to the authentication request;
and the characteristic information acquisition module is used for acquiring the characteristic information under the condition that the identity verification result shows that the identity verification passes.
The fraud detection apparatus in the embodiment of the present application may be an electronic device, or may be a component in the electronic device, such as an integrated circuit or a chip. The electronic Device may be a terminal or other devices except the terminal, and the electronic Device may be a Mobile phone, a tablet computer, a notebook computer, a palm computer, a vehicle-mounted electronic Device, a Mobile Internet Device (MID), an Augmented Reality (AR)/Virtual Reality (VR) Device, a robot, a wearable Device, a super-Mobile personal computer (UMPC), a netbook or a Personal Digital Assistant (PDA), and the like, and may also be a Network Attached Storage (NAS), a Personal Computer (PC), a Television (TV), a teller machine or a self-service machine, and the embodiments of the present application are not particularly limited.
The fraud detection apparatus in the embodiment of the present application may be an apparatus having an operating system. The operating system may be an Android (Android) operating system, an ios operating system, or other possible operating systems, and embodiments of the present application are not limited specifically.
The device for detecting fraudulent activity provided in the embodiment of the present application can implement each process implemented by the above-mentioned method for detecting fraudulent activity, for example, each process implemented by the method embodiments in fig. 1 to fig. 3, and is not described herein again in order to avoid repetition.
Optionally, as shown in fig. 5, an electronic device 500 is further provided in this embodiment of the present application, and includes a processor 501 and a memory 502, where the memory 502 stores a program or an instruction that can be executed on the processor 501, and when the program or the instruction is executed by the processor 501, the steps of the foregoing fraud detection method embodiment are implemented, and the same technical effect can be achieved, and details are not repeated here to avoid repetition.
It should be noted that the electronic devices in the embodiments of the present application include the mobile electronic device and the non-mobile electronic device described above.
Fig. 6 is a schematic diagram of a hardware structure of an electronic device implementing an embodiment of the present application.
The electronic device 600 includes, but is not limited to: a radio frequency unit 601, a network module 602, an audio output unit 603, an input unit 604, a sensor 605, a display unit 606, a user input unit 606, an interface unit 608, a memory 609, a processor 610, and the like.
Those skilled in the art will appreciate that the electronic device 600 may further comprise a power source (e.g., a battery) for supplying power to the various components, and the power source may be logically connected to the processor 610 through a power management system, so as to implement functions of managing charging, discharging, and power consumption through the power management system. The electronic device structure shown in fig. 6 does not constitute a limitation of the electronic device, and the electronic device may include more or less components than those shown, or combine some components, or arrange different components, and thus, the description is omitted here.
Wherein, the processor 610 is configured to:
under the condition that a rich execution environment REE side receives a detection request sent by a target application, acquiring characteristic information associated with the target application;
sending the characteristic information to a Trusted Execution Environment (TEE) side of the terminal, wherein the detection request is used for requesting fraud detection;
and under the condition that the TEE side successfully authorizes and verifies the target application, comparing the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result.
In one embodiment, the characteristic information includes at least one of:
application link information for indicating call sequence information for calling a plurality of applications including a target application;
packet name information applied in the application link information;
signature information applied in the application link information;
the behavior characteristics of the application in the link information are applied.
In one embodiment, the processor 610 is configured to compare the feature information with fraud feature data in the fraud feature data set according to the target comparison policy, and determine a fraud detection result;
the target ratio strategy is obtained by the terminal from the cloud in advance, and the fraud feature data set is obtained by the terminal from the cloud in advance.
In an embodiment, the processor 610 is further specifically configured to determine that a fraud detection result is that a fraud exists when the application link information of the multiple applications in the feature information matches the application call order of the multiple applications in the fraud feature data set; or alternatively
And determining that the fraud detection result is fraudulent when the application link information of the plurality of applications in the characteristic information is matched with the application calling sequence of the plurality of applications in the fraud characteristic data set, and at least one of the packet name information, the signature information and the behavior characteristics is matched in the fraud characteristic data set.
In one embodiment, the detection request includes an authorization token;
the radio frequency unit 601 is used for sending the authorization token to the TEE side at the REE side;
and the processor 610 is used for determining that the authorization verification of the target application is successful under the condition that the authorization token is successfully verified on the TEE side.
In one embodiment, the detection request includes at least one of package name information and signature information of the target application;
the radio frequency unit 601 is configured to send an authentication request to the cloud, where the authentication request includes at least one of package name information and signature information of a target application, and the authentication request is used to request authentication of the target application;
the radio frequency unit 601 is configured to receive an authentication result sent by the cloud in response to the authentication request;
and a processor 610, configured to obtain the feature information if the authentication result indicates that the authentication is passed.
It is to be understood that, in the embodiment of the present application, the input Unit 604 may include a Graphics Processing Unit (GPU) 6041 and a microphone 6042, and the Graphics Processing Unit 6041 processes image data of a still picture or a video obtained by an image capturing apparatus (such as a camera) in a video capturing mode or an image capturing mode. The display unit 606 may include a display panel 6061, and the display panel 6061 may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like. The user input unit 606 includes at least one of a touch panel 6061 and other input devices 6062. A touch panel 6061, also referred to as a touch screen. The touch panel 6061 may include two parts of a touch detection device and a touch controller. Other input devices 6062 may include, but are not limited to, a physical keyboard, function keys (e.g., volume control keys, switch keys, etc.), a trackball, a mouse, and a joystick, which are not described in detail herein.
The memory 609 may be used to store software programs and various data, and the memory 609 may mainly include a first storage area storing programs or instructions and a second storage area storing data, wherein the first storage area may store an operating system, application programs or instructions required for at least one function (such as a sound playing function, an image playing function, etc.), and the like. Further, the memory 609 may include volatile memory or nonvolatile memory, or alternatively, the memory x09 may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. The volatile Memory may be a Random Access Memory (RAM), a Static Random Access Memory (Static RAM, SRAM), a Dynamic Random Access Memory (Dynamic RAM, DRAM), a Synchronous Dynamic Random Access Memory (Synchronous DRAM, SDRAM), a Double Data Rate Synchronous Dynamic Random Access Memory (Double Data Rate SDRAM, ddr SDRAM), an Enhanced Synchronous SDRAM (ESDRAM), a Synchronous Link DRAM (SLDRAM), and a Direct Memory bus RAM (DRRAM). The memory 609 in the embodiments of the subject application include, but are not limited to, these and any other suitable types of memory.
Processor 610 may include one or more processing units; optionally, including but not limited to applications and operating systems. The processor 610 may integrate an application processor, which primarily handles operating systems, user interfaces, applications, etc., and a modem processor, which primarily handles wireless communications. It will be appreciated that the modem processor described above may not be integrated into the processor 610.
The embodiments of the present application further provide a readable storage medium, where a program or an instruction is stored, and when the program or the instruction is executed by a processor, the program or the instruction implements the processes of the foregoing fraud detection method embodiment, and can achieve the same technical effects, and in order to avoid repetition, details are not repeated here.
The processor is the processor in the electronic device in the above embodiment. Readable storage media, including computer readable storage media such as computer read only memory ROM, random access memory RAM, magnetic or optical disks, and the like.
The embodiment of the present application further provides a chip, which includes a processor and a communication interface, the communication interface is coupled to the processor, the communication interface is configured to transmit image data, and the processor is configured to execute a program or an instruction, so as to implement each process of the foregoing fraud detection method embodiment, and achieve the same technical effect, and in order to avoid repetition, the details are not repeated here.
It should be understood that the chips mentioned in the embodiments of the present application may also be referred to as a system-on-chip, or a system-on-chip.
Embodiments of the present application provide a computer program product, where the program product is stored in a storage medium, and the program product is executed by at least one processor to implement the processes of the above-mentioned embodiments of the fraud detection method, and achieve the same technical effects, and in order to avoid repetition, details are not repeated here.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element. Further, it should be noted that the scope of the methods and apparatus of the embodiments of the present application is not limited to performing the functions in the order illustrated or discussed, but may include performing the functions in a substantially simultaneous manner or in a reverse order based on the functions involved, e.g., the methods described may be performed in an order different than that described, and various steps may be added, omitted, or combined. In addition, features described with reference to certain examples may be combined in other examples.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present application or portions thereof that contribute to the prior art may be embodied in the form of a computer software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal (which may be a mobile phone, a computer, a server, or a network device, etc.) to execute the method according to the embodiments of the present application.
While the present embodiments have been described with reference to the accompanying drawings, it is to be understood that the invention is not limited to the precise embodiments described above, which are meant to be illustrative and not restrictive, and that various changes may be made therein by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (14)

1. A method of fraud detection, the method comprising:
the method comprises the steps that a terminal obtains feature information associated with a target application and sends the feature information to a Trusted Execution Environment (TEE) side of the terminal under the condition that a detection request sent by the target application is received by the REE side, wherein the detection request is used for requesting fraud detection;
and under the condition that the authorization verification of the target application is successful on the TEE side, the terminal compares the characteristic information with the fraud characteristic data in the fraud characteristic data set to determine a fraud detection result.
2. The method of claim 1, wherein the characteristic information comprises at least one of:
application link information for indicating call order information for calling a plurality of applications including the target application;
packet name information applied in the application link information;
signature information applied in the application link information;
the behavior characteristics of the application in the application link information.
3. The method according to claim 1 or 2, wherein comparing the characteristic information with fraud characteristic data in a fraud characteristic data set to determine a fraud detection result comprises:
comparing the characteristic information with fraud characteristic data in the fraud characteristic data set according to a target comparison strategy, and determining the fraud detection result;
the target ratio strategy is obtained by the terminal from a cloud terminal in advance, and the fraud feature data set is obtained by the terminal from the cloud terminal in advance.
4. The method according to claim 3, wherein the comparing the feature information with the fraud feature data in the fraud feature data set according to a target comparison policy to determine the fraud detection result comprises:
determining that the fraud detection result is fraudulent when the application link information in the feature information is matched with the application calling sequence of a plurality of applications in the fraud feature data set; or alternatively
And determining that the fraud detection result is fraudulent when the application link information of the plurality of applications in the feature information is matched with the application calling sequence of the plurality of applications in the fraud feature data set, and at least one of the packet name information, the signature information and the behavior feature is matched in the fraud feature data set.
5. The method of claim 1, wherein the detection request includes an authorization token, the method further comprising:
the terminal sends the authorization token to the TEE side at the REE side;
and the terminal determines that the target application is successfully authorized and verified under the condition that the authorization token is successfully verified on the TEE side.
6. The method of claim 1, wherein the detection request includes at least one of package name information and signature information of the target application;
the obtaining of the feature information associated with the target application includes:
sending an identity verification request to a cloud, wherein the identity verification request comprises at least one of package name information and signature information of the target application, and the identity verification request is used for requesting identity verification of the target application;
receiving an authentication result sent by the cloud in response to the authentication request;
and acquiring the characteristic information under the condition that the identity verification result shows that the identity verification is passed.
7. An apparatus for fraud detection, the apparatus comprising:
the device comprises an acquisition module, a detection module and a processing module, wherein the acquisition module is used for acquiring characteristic information associated with a target application under the condition that a detection request sent by the target application is received by a rich execution environment REE side;
the first sending module is used for sending the characteristic information to a Trusted Execution Environment (TEE) side of the terminal, and the detection request is used for requesting to detect the fraudulent behavior;
and the first determining module is used for comparing the characteristic information with the fraud characteristic data in the fraud characteristic data set under the condition that the authorization verification of the target application is successful on the TEE side, and determining a fraud behavior detection result.
8. The apparatus of claim 7, wherein the characteristic information comprises at least one of:
application link information for indicating call order information for calling a plurality of applications including the target application;
packet name information applied in the application link information;
signature information applied in the application link information;
the behavior characteristics of the application in the application link information.
9. The apparatus according to claim 7 or 8, wherein the first determining module is configured to compare the feature information with fraud feature data in the fraud feature data set according to a target comparison policy, and determine the fraud detection result;
the target ratio strategy is obtained by the terminal from a cloud terminal in advance, and the fraud feature data set is obtained by the terminal from the cloud terminal in advance.
10. The apparatus according to claim 9, wherein the comparing the feature information with the fraudulent feature data in the fraudulent feature data set according to the target comparison policy to determine the fraudulent detection result comprises:
determining that the fraudulent behavior detection result is fraudulent behavior when the application link information of the plurality of applications in the feature information is matched with the application calling sequence of the plurality of applications in the fraudulent feature data set; or
And determining that the fraud detection result is fraudulent when the application link information of the plurality of applications in the feature information is matched with the application calling sequence of the plurality of applications in the fraud feature data set, and at least one of the packet name information, the signature information and the behavior feature is matched in the fraud feature data set.
11. The apparatus of claim 7, wherein the detection request includes an authorization token, the apparatus further comprising:
a second sending module, configured to send the authorization token to the TEE side on the REE side;
a second determining module, configured to determine that the authorization verification of the target application is successful if the TEE side successfully verifies the authorization token.
12. The apparatus according to claim 7, wherein the detection request includes at least one of package name information and signature information of the target application;
the acquisition module comprises:
a third sending module, configured to send an authentication request to a cloud, where the authentication request includes at least one of package name information and signature information of the target application, and the authentication request is used to request authentication of the target application;
the first receiving module is used for receiving an authentication result sent by the cloud end in response to the authentication request;
and the characteristic information acquisition module is used for acquiring the characteristic information under the condition that the identity verification result shows that the identity verification passes.
13. An electronic device comprising a processor and a memory, the memory storing a program or instructions executable on the processor, the program or instructions when executed by the processor implementing the steps of the fraud detection method of any of claims 1-6.
14. A readable storage medium, on which a program or instructions are stored, which program or instructions, when executed by a processor, carry out the steps of the fraud detection method of any of claims 1-6.
CN202210656948.7A 2022-06-10 2022-06-10 Fraud detection method and device, electronic equipment and readable storage medium Pending CN115037482A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202210656948.7A CN115037482A (en) 2022-06-10 2022-06-10 Fraud detection method and device, electronic equipment and readable storage medium
PCT/CN2023/098223 WO2023236884A1 (en) 2022-06-10 2023-06-05 Fraudulent behavior detection method and apparatus, electronic device, and readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210656948.7A CN115037482A (en) 2022-06-10 2022-06-10 Fraud detection method and device, electronic equipment and readable storage medium

Publications (1)

Publication Number Publication Date
CN115037482A true CN115037482A (en) 2022-09-09

Family

ID=83125214

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210656948.7A Pending CN115037482A (en) 2022-06-10 2022-06-10 Fraud detection method and device, electronic equipment and readable storage medium

Country Status (2)

Country Link
CN (1) CN115037482A (en)
WO (1) WO2023236884A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023236884A1 (en) * 2022-06-10 2023-12-14 维沃移动通信有限公司 Fraudulent behavior detection method and apparatus, electronic device, and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295350A (en) * 2015-06-04 2017-01-04 联想移动通信软件(武汉)有限公司 Auth method, device and the terminal of a kind of credible execution environment
CN109787943A (en) * 2017-11-14 2019-05-21 华为技术有限公司 A kind of method and apparatus of resisting abnegation service aggression
CN110096881A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Malice calls means of defence, device, equipment and computer-readable medium
CN111046383A (en) * 2018-10-12 2020-04-21 华为技术有限公司 Terminal attack defense method and device, terminal and cloud server
KR20200073413A (en) * 2018-12-14 2020-06-24 서울여자대학교 산학협력단 Trusted execution environment system
CN111859394A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 TEE-based software behavior active measurement method and system

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7272728B2 (en) * 2004-06-14 2007-09-18 Iovation, Inc. Network security and fraud detection system and method
US20200322364A1 (en) * 2012-10-02 2020-10-08 Mordecai Barkan Program verification and malware detection
US11212281B2 (en) * 2019-08-23 2021-12-28 Sap Se Attacker detection via fingerprinting cookie mechanism
CN112307464A (en) * 2020-10-30 2021-02-02 维沃移动通信有限公司 Fraud identification method and device and electronic equipment
CN114598541B (en) * 2022-03-18 2024-03-29 维沃移动通信有限公司 Security assessment method and device, electronic equipment and readable storage medium
CN115037482A (en) * 2022-06-10 2022-09-09 维沃移动通信有限公司 Fraud detection method and device, electronic equipment and readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106295350A (en) * 2015-06-04 2017-01-04 联想移动通信软件(武汉)有限公司 Auth method, device and the terminal of a kind of credible execution environment
CN109787943A (en) * 2017-11-14 2019-05-21 华为技术有限公司 A kind of method and apparatus of resisting abnegation service aggression
CN111046383A (en) * 2018-10-12 2020-04-21 华为技术有限公司 Terminal attack defense method and device, terminal and cloud server
KR20200073413A (en) * 2018-12-14 2020-06-24 서울여자대학교 산학협력단 Trusted execution environment system
CN110096881A (en) * 2019-05-07 2019-08-06 百度在线网络技术(北京)有限公司 Malice calls means of defence, device, equipment and computer-readable medium
CN111859394A (en) * 2020-07-21 2020-10-30 中国人民解放军国防科技大学 TEE-based software behavior active measurement method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023236884A1 (en) * 2022-06-10 2023-12-14 维沃移动通信有限公司 Fraudulent behavior detection method and apparatus, electronic device, and readable storage medium

Also Published As

Publication number Publication date
WO2023236884A1 (en) 2023-12-14

Similar Documents

Publication Publication Date Title
CN111429254B (en) Business data processing method and device and readable storage medium
US11206247B2 (en) System and method for providing controlled application programming interface security
JP7030981B2 (en) Asset management methods and equipment, and electronic devices
CN110036613B (en) System and method for providing identity authentication for decentralized applications
WO2017197974A1 (en) Biometric characteristic-based security authentication method, device and electronic equipment
CN110826043B (en) Digital identity application system and method, identity authentication system and method
CN113902446A (en) Face payment security method based on security unit and trusted execution environment
US10212151B2 (en) Method for operating a designated service, service unlocking method, and terminal
US20100268649A1 (en) Method and Apparatus for Electronic Ticket Processing
US20190026456A1 (en) Methods and Apparatus for Authentication of Joint Account Login
KR20080091347A (en) Method for creating a secure counter on an on-board computer system comprising a chip card
RU2603549C2 (en) Verification method, device and system for protection against counterfeit
US11403633B2 (en) Method for sending digital information
US11943256B2 (en) Link detection method and apparatus, electronic device, and storage medium
CN108335105B (en) Data processing method and related equipment
EP3579595B1 (en) Improved system and method for internet access age-verification
CN114598541B (en) Security assessment method and device, electronic equipment and readable storage medium
WO2023236884A1 (en) Fraudulent behavior detection method and apparatus, electronic device, and readable storage medium
CN116915493A (en) Secure login method, device, system, computer equipment and storage medium
CN115482132A (en) Data processing method and device for electronic contract based on block chain and server
CN113938878A (en) Equipment identifier anti-counterfeiting method and device and electronic equipment
CN106534047A (en) Information transmitting method and apparatus based on Trust application
WO2007066994A1 (en) Apparatus and method for providing personal information sharing service using signed callback url message
CN112511510B (en) Authorization authentication method, system, electronic equipment and readable storage medium
CN111082927B (en) Private key management method and device and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination