WO2012155818A1 - Method and device for protecting user information based on credible resource - Google Patents

Method and device for protecting user information based on credible resource Download PDF

Info

Publication number
WO2012155818A1
WO2012155818A1 PCT/CN2012/075436 CN2012075436W WO2012155818A1 WO 2012155818 A1 WO2012155818 A1 WO 2012155818A1 CN 2012075436 W CN2012075436 W CN 2012075436W WO 2012155818 A1 WO2012155818 A1 WO 2012155818A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
bank
card number
user card
trusted
Prior art date
Application number
PCT/CN2012/075436
Other languages
French (fr)
Chinese (zh)
Inventor
柴洪峰
徐燕军
康建明
鲁志军
单长胜
徐静雯
何朔
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2012155818A1 publication Critical patent/WO2012155818A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks

Definitions

  • the present invention relates to network security and, more particularly, to a method and apparatus for protecting bank user information based on trusted resources. Background technique
  • the cardholder In the case of phishing scams, the cardholder is confused by the phishing website and enters the correct username (including account information) and password; or, in the form of phishing emails and phishing emails, gives fake links in emails and text messages, spoofing The cardholder logs into the phishing website in the fake link to defraud the cardholder's authentic identity authentication information.
  • the prior art adopts a blacklist method, and in the case where the current phishing websites are endless, the blacklist method is difficult to manage.
  • A. Obtain a user card number from a browsing page accessed by the user
  • the user card number is obtained from the sequence entered by the user in the browsing page.
  • the sequence is a string of numbers from 13 to 19 bits.
  • the sequence includes a digit string of 13 to 19 bits and other non-numeric symbols.
  • the time interval of the input operations of the numbers in the sequence is less than one second.
  • the bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
  • the user is prompted to information about the current operation by comparing the bank trusted payment web address in the bank authentication information of the user card number with the web address of the browsing page accessed by the user.
  • the prompt is in the form of a pop-up window in the browsing page.
  • step D when it is determined that the user is using the browsing page to access the non-trusted resource, the user is prompted to perform the current operation unsafe.
  • the trusted resource further includes a bank card number check bit position and a bank card number check algorithm.
  • step D when it is determined that the user is using the browse page to access the trusted resource, the step D further includes: Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting the user when the user card number verification is successful
  • the current operation is a safe operation.
  • an apparatus for protecting bank user information based on a trusted resource comprising bank authentication information, a bank identification code, wherein the bank authentication information corresponds to a bank identification code; the bank user information includes a user card number and a user password; the device includes a storage unit, a capture unit, and a judging unit, wherein
  • the storage unit is used to store and manage trusted resources
  • the determining unit is configured to determine a bank identification code for the user card number
  • the determining unit is further configured to determine bank identification information of the user card number based on the bank identification code regarding the user card number,
  • the judging unit is further configured to prompt the user for information on the current operation based on the bank authentication information regarding the user card number and the browsing page accessed by the user.
  • the capture unit obtains the user card number from the sequence entered by the user in the browsing page.
  • the sequence is a string of numbers from 13 to 19 bits.
  • the sequence includes a digit string of 13 to 19 bits and other non-numeric symbols.
  • the time interval of the input operations of the numbers in the sequence is less than one second.
  • the bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
  • the judging unit prompts the user for information on the current operation by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
  • the prompt is in the form of a pop-up window in the browsing page.
  • the determining unit prompts the user that the current operation is not secure.
  • the trusted resource further includes a bank card number check bit position and a bank card number verification algorithm.
  • the determining unit is further configured to: determine by using a bank identification code about the user card number Check digit position and check of user card number The algorithm, and using the check digit position and check algorithm of the user card number to verify the user card number, and prompting the user to perform the current operation as a safe operation when the user card number verification is successful.
  • the browsing page is a browsing page generated in a browser of a personal computer or a handheld communication device.
  • the storage unit is a remote storage unit.
  • the device is installed as a plugin in a browser used by the user to access the browsing page.
  • the device automatically starts monitoring service with the activation of the browser.
  • An advantage of the present invention is that it is easier to implement based on trusted resource information than blacklist management, and is more secure and reliable.
  • Another advantage of the present invention is that the screen blur capture technology is adopted, that is, not only for the pure digital string, but also for the middle of the separator, and the digital string with the operation time interval in the middle performs the capture action, which expands the scope of protection.
  • Another advantage of the present invention is the card number verification function, which is more accurate for payment operation prompts and better protects cardholder account information.
  • Another advantage of the present invention is that the IE security plug-in technology is adopted, which is convenient for installation, automatic triggering, and background operation, and does not affect the card holder's usual use, and is easy to accept.
  • 1 is a flow diagram of a method of protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention.
  • 2 is a schematic diagram of an apparatus for protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention.
  • the trusted resource can be stored in the database as a table, as shown in Table 1 below, the trusted resource can include the bank name, the bank trusted payment address, the bank identification code, the card number check digit location, and the card number. Algorithm. These data items for specific banks can provide a basis for protecting specific bank user information.
  • trusted resources for each bank of all cardholders can be maintained in the Trusted Resource Table, which provides uniform protection for all cardholders. Trusted resource tables are easier to maintain than blacklists.
  • Table 1 may also be other types or forms of information.
  • a bank trusted IP address can be used instead of a bank trusted payment address as a bank authentication information to provide cardholders with secure authentication.
  • the bank card bin is a bank identification code of a bank to which each card number is identified.
  • the bank user information to be protected includes the user card number and the user password.
  • the trusted resource may only include bank authentication information and a bank identification code, wherein each bank's bank authentication information corresponds to a bank identification code.
  • FIG. 1 there is shown a flow chart of a method for protecting bank user information based on trusted resources in accordance with an embodiment of the present invention.
  • the user card number is obtained from the browsing page accessed by the user.
  • the user card number can be obtained from an input sequence in a browsing page accessed by the user.
  • the sequence can be a string of numbers from 13 to 19 bits.
  • the sequence may include a numeric string of 13 to 19 bits and other non-numeric symbols, such as spaces or commas or dashes, and the like.
  • the time interval of the input operation of the numbers in the sequence is less than 1 second, so that in the case where the digital string is edited in multiple edit boxes, as long as the keyboard numeric key operation and the keyboard shift key operation and the mouse The time interval between move operations is less than 1 second and is also within the range of sequence capture.
  • the capture described above can be accomplished in a variety of ways, such as by a computer program.
  • the protection range of the user card number can be expanded.
  • the corresponding user card number conforming to the bank card number format can be extracted from the sequence according to the general bank card number format.
  • step B a bank identification code for the user card number, i.e., card bin, is determined. This step can be done by matching the acquired user card number with the bank identification code in the trusted resource.
  • step C bank identification information about the user card number is determined based on the bank identification code for the user card number.
  • the bank authentication information corresponds to the bank identification code, that is, a bank identification code corresponds to a bank identification information.
  • step D the user is prompted for information about the current operation based on the bank authentication information about the user card number and the browsing page accessed by the user.
  • the user's information about the current operation can be prompted by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
  • the pop-up dialog box may prompt the user that the currently accessed page may be an illegal page. In this way, when it is detected that the page accessed by the user is unsafe, the user is immediately notified of the security of the current operation before the user inputs the password or before the user clicks the confirmation button after entering the password.
  • the trusted resource may further include a bank card number check bit position and a bank card number verification algorithm.
  • the bit position and check algorithm, and the user card number is verified using the check digit position and check algorithm of the user card number.
  • the user card number verification is successful, the user is prompted to perform the current operation as a safe operation.
  • the user card number verification is successful, the user is prompted to perform a payment operation, and the user should pay attention to checking the information and protecting the security of the account, so that the user information can be more accurately and better protected.
  • FIG. 2 is a schematic diagram of an apparatus for protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention.
  • the protection device for protecting bank user information based on the trusted resource includes a storage unit, a capturing unit, and a determining unit.
  • the storage unit is used to store and manage trusted resources.
  • the storage unit may be disposed within the protection device or may be a remote storage unit configured to determine a bank identification code for the user card number via the network disconnect unit.
  • the judging unit may match the number in the user card number according to the bank identification code stored in the storage unit to determine the bank to which the user card number belongs.
  • the judging unit is further configured to determine the bank identification information of the user card number based on the bank identification code regarding the user card number.
  • the judging unit is further configured to prompt the user for information on the current operation based on the bank authentication information regarding the user card number and the browsing page accessed by the user.
  • the judging unit prompts the user for information regarding the current operation by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
  • the trusted resource may further include a bank card number check bit position and a bank card number verification algorithm.
  • the determining unit is further configured to:
  • Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting when the user card number verification is successful The user's current operation is a safe operation.
  • the browsing page may be a browsing page generated in a browser of a personal computer or handheld communication device.
  • the protection device is installed as a plug-in in a browser used by the user to access the browsing page.
  • the protection device automatically starts monitoring service with the activation of the browser.
  • the protection device can be a browser security plug-in, so there is no application, automatic installation, and the resident memory will be stored after installation. This protection mode is completely transparent to the user and does not interfere with the daily operation of the user, and is convenient for the user to accept.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)

Abstract

A method for protecting bank user information based on credible resource is provided by the invention. The method comprises the following steps of: A, acquiring a user card number from a browse page accessed by a user; B, determining the bank identification code for the user card number; C, determining the bank discrimination information about the user card number based on the bank identification code for the user card number; D, based on the bank discrimination information about the user card number and the browse page accessed by the user, prompting information about current operation to the user.

Description

一种基于可信资源保护银行用户信息的方法和装置  Method and device for protecting bank user information based on trusted resources
优先权要求 Priority claim
本申请要求了 2011年 5月 13 日提交的、 申请号为 201110124325.7、 发明名称为 "一种基于可信资源保护银行用户信息的方法和装置" 的中国 专利申请的优先权, 其全部内容通过引用结合在本申请中。 技术领域 The present application claims priority to Chinese Patent Application No. 201110124325.7, entitled "A Method and Apparatus for Protecting Bank User Information Based on Trusted Resources", filed on May 13, 2011, the entire contents of which are incorporated by reference. Combined in this application. Technical field
本发明涉及网络安全,并且尤其涉及基于可信资源保护银行用户信息的 方法和装置。 背景技术  The present invention relates to network security and, more particularly, to a method and apparatus for protecting bank user information based on trusted resources. Background technique
随着互联网支付业务的发展, 网络支付在提供支付便利的同时也带来各 种各样的问题, 其中网络钓鱼欺诈是一个最为突出的问题。 根据最新统计信 息显示, 近期, 克隆银行官方网站, 发送短信骗取网银用户资金的诈骗活动 再次猖獗。 中国互联网信息举报中心监测数据显示, 2010年以来, 与银行相 关的诈骗网站举报数量明显增加, 克隆网站多达 70多个。 在媒体公开报道 的案例中, 有用户被骗走的金额高达百万元。 据国家计算机网络应急中心估 算, "网络钓鱼" 给电子商务用户带来的损失目前已达 76亿元, 平均每位 网购用户被 "钓" 走的金额为 86元。  With the development of Internet payment services, online payment brings various kinds of problems while providing payment convenience. Among them, phishing fraud is one of the most prominent problems. According to the latest statistics, recently, the official website of the cloning bank, the fraudulent activity of sending SMS to swindle the funds of online banking users again. According to the monitoring data of the China Internet Information Reporting Center, since 2010, the number of bank-related fraudulent websites has increased significantly, and more than 70 cloned websites have been cloned. In the case of public reports in the media, the amount of users who were cheated was as high as one million yuan. According to the National Computer Network Emergency Center, the losses caused by "phishing" to e-commerce users have reached 7.6 billion yuan, and the average amount of online shopping users to be "fished" is 86 yuan.
在网络钓鱼欺诈的情况中,持卡人被钓鱼网站所迷惑而输入正确的用户 名 (含账号信息)和密码; 或者, 以钓鱼邮件和钓鱼短信方式在邮件和短信 中给出假链接, 诱骗持卡人登陆假链接中的钓鱼网站, 骗取持卡人的真实身 份认证信息。  In the case of phishing scams, the cardholder is confused by the phishing website and enters the correct username (including account information) and password; or, in the form of phishing emails and phishing emails, gives fake links in emails and text messages, spoofing The cardholder logs into the phishing website in the fake link to defraud the cardholder's authentic identity authentication information.
针对这些钓鱼欺手段, 各银行和一些支付公司设计了多种方式予以防 范,但这些方式只能预防各自的自由网站或者银行卡 /支付卡被钓鱼,无法提 供一个统一的防范策略保护所有持卡人。  In response to these phishing methods, banks and some payment companies have designed a variety of ways to prevent them, but these methods can only prevent their free websites or bank cards/payment cards from being phishing, and cannot provide a unified prevention policy to protect all cards. people.
另外, 现有技术采用的是黑名单方式, 在目前钓鱼网站层出不穷的情况 下, 黑名单方式难以管理。  In addition, the prior art adopts a blacklist method, and in the case where the current phishing websites are endless, the blacklist method is difficult to manage.
现有技术的另一个共同点是对用户合法身份进行验证, 例如被广泛使用 的用户名和密码方式。 然而, 通过盗用的真实的合法身份再去欺诈使得银行 和支付公司的网银系统难以防范。 因此, 为解决上述以及其它问题, 需要一种统一的防范技术解决方案。 发明内容 Another common feature of the prior art is the verification of the user's legal identity, such as being widely used. Username and password method. However, fraudulent use of stolen real legal identity makes it difficult for banks and payment companies to defend against online banking systems. Therefore, in order to solve the above and other problems, a unified defense technology solution is needed. Summary of the invention
为解决上述以及其它问题, 根据本发明的一个目的, 提供一种基于可信 资源保护银行用户信息的方法,可信资源包括银行鉴别信息、银行识别代码, 其中银行鉴别信息与银行识别代码——对应;银行用户信息包括用户卡号和 用户密码; 所述方法包括以下步骤:  In order to solve the above and other problems, according to an object of the present invention, a method for protecting bank user information based on a trusted resource including bank authentication information and a bank identification code, wherein the bank identification information and the bank identification code are provided, Corresponding; the bank user information includes a user card number and a user password; the method includes the following steps:
A、 从用户访问的浏览页面中获取用户卡号;  A. Obtain a user card number from a browsing page accessed by the user;
B、 确定关于用户卡号的银行识别代码;  B. Determine a bank identification code for the user card number;
C、 基于关于用户卡号的银行识别代码确定关于用户卡号的银行鉴别信 息;  C. determining bank identification information about the user card number based on the bank identification code regarding the user card number;
D、 基于关于用户卡号的银行鉴别信息和用户访问的浏览页面, 提示用 户关于当前的操作的信息。  D. Prompting the user for information about the current operation based on the bank authentication information about the user card number and the browsing page accessed by the user.
优选地,在步骤 A中,从用户在浏览页面中输入的序列中获取用户卡号。 优选地, 所述序列为 13至 19位的数字串。  Preferably, in step A, the user card number is obtained from the sequence entered by the user in the browsing page. Preferably, the sequence is a string of numbers from 13 to 19 bits.
优选地, 所述序列包括 13至 19位的数字串和其它非数字符号。  Preferably, the sequence includes a digit string of 13 to 19 bits and other non-numeric symbols.
优选地, 所述序列中的数字的输入操作的时间间隔少于 1秒。  Preferably, the time interval of the input operations of the numbers in the sequence is less than one second.
优选地, 所述银行鉴别信息包括银行可信支付网址和 /或银行可信 IP地 址。  Preferably, the bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
优选地,通过比较用户卡号的银行鉴别信息中的银行可信支付网址与用 户访问的浏览页面的网址来提示用户关于当前的操作的信息。  Preferably, the user is prompted to information about the current operation by comparing the bank trusted payment web address in the bank authentication information of the user card number with the web address of the browsing page accessed by the user.
优选地, 所述提示的形式是在浏览页面中弹出窗口。  Preferably, the prompt is in the form of a pop-up window in the browsing page.
优选地,在步骤 D中,当判断用户正在利用浏览页面访问非可信资源时, 提示用户当前的操作不安全。  Preferably, in step D, when it is determined that the user is using the browsing page to access the non-trusted resource, the user is prompted to perform the current operation unsafe.
优选地, 可信资源还包括银行卡号校验位位置和银行卡号校验算法, 在 步骤 D中, 当判断用户正在利用浏览页面访问可信资源时, 所述步骤 D进 一步包括: 利用关于用户卡号的银行识别代码确定用户卡号的校验位位置和校验 算法, 并且利用该用户卡号的校验位位置和校验算法来校验用户卡号, 当用户卡号校验成功时提示用户当前的操作为安全操作。 Preferably, the trusted resource further includes a bank card number check bit position and a bank card number check algorithm. In step D, when it is determined that the user is using the browse page to access the trusted resource, the step D further includes: Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting the user when the user card number verification is successful The current operation is a safe operation.
根据本发明的另一个目的,提供一种基于可信资源保护银行用户信息的 装置, 可信资源包括银行鉴别信息、 银行识别代码, 其中银行鉴别信息与银 行识别代码——对应; 银行用户信息包括用户卡号和用户密码; 该装置包括 存储单元、 捕获单元、 判断单元, 其中,  According to another object of the present invention, there is provided an apparatus for protecting bank user information based on a trusted resource, the trusted resource comprising bank authentication information, a bank identification code, wherein the bank authentication information corresponds to a bank identification code; the bank user information includes a user card number and a user password; the device includes a storage unit, a capture unit, and a judging unit, wherein
存储单元用于存储和管理可信资源;  The storage unit is used to store and manage trusted resources;
判断单元被配置成确定关于用户卡号的银行识别代码, The determining unit is configured to determine a bank identification code for the user card number,
判断单元进一步被配置成基于关于用户卡号的银行识别代码确定用户 卡号的银行鉴别信息,  The determining unit is further configured to determine bank identification information of the user card number based on the bank identification code regarding the user card number,
判断单元进一步被配置成基于关于用户卡号的银行鉴别信息和用户访 问的浏览页面, 提示用户关于当前的操作的信息。  The judging unit is further configured to prompt the user for information on the current operation based on the bank authentication information regarding the user card number and the browsing page accessed by the user.
优选地, 捕获单元从用户在浏览页面中输入的序列中获取用户卡号。 优选地, 所述序列为 13至 19位的数字串。  Preferably, the capture unit obtains the user card number from the sequence entered by the user in the browsing page. Preferably, the sequence is a string of numbers from 13 to 19 bits.
优选地, 所述序列包括 13至 19位的数字串和其它非数字符号。  Preferably, the sequence includes a digit string of 13 to 19 bits and other non-numeric symbols.
优选地, 所述序列中的数字的输入操作的时间间隔少于 1秒。  Preferably, the time interval of the input operations of the numbers in the sequence is less than one second.
优选地, 所述银行鉴别信息包括银行可信支付网址和 /或银行可信 IP地 址。  Preferably, the bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
优选地, 判断单元通过比较关于用户卡号的银行鉴别信息中的银行可信 支付网址与用户访问的浏览页面的网址来提示用户关于当前的操作的信息。  Preferably, the judging unit prompts the user for information on the current operation by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
优选地, 所述提示的形式是在浏览页面中弹出窗口。  Preferably, the prompt is in the form of a pop-up window in the browsing page.
优选地, 当用户正在利用浏览页面访问非可信资源时, 判断单元提示用 户当前的操作不安全。  Preferably, when the user is using the browsing page to access the non-trusted resource, the determining unit prompts the user that the current operation is not secure.
优选地, 可信资源还包括银行卡号校验位位置和银行卡号校验算法, 当 判断用户正在利用浏览页面访问可信资源时, 判断单元进一步被配置成: 利用关于用户卡号的银行识别代码确定用户卡号的校验位位置和校验 算法, 并且利用该用户卡号的校验位位置和校验算法来校验用户卡号, 以及 当用户卡号校验成功时提示用户当前的操作为安全操作。 Preferably, the trusted resource further includes a bank card number check bit position and a bank card number verification algorithm. When determining that the user is using the browse page to access the trusted resource, the determining unit is further configured to: determine by using a bank identification code about the user card number Check digit position and check of user card number The algorithm, and using the check digit position and check algorithm of the user card number to verify the user card number, and prompting the user to perform the current operation as a safe operation when the user card number verification is successful.
优选地, 浏览页面是在个人计算机或者手持通信设备的浏览器中产生的 浏览页面。  Preferably, the browsing page is a browsing page generated in a browser of a personal computer or a handheld communication device.
优选地, 存储单元为远程存储单元。  Preferably, the storage unit is a remote storage unit.
优选地, 装置作为插件被安装在用户访问浏览页面所使用的浏览器中。 优选地, 所述装置随浏览器的启动自动开始监测服务。  Preferably, the device is installed as a plugin in a browser used by the user to access the browsing page. Preferably, the device automatically starts monitoring service with the activation of the browser.
本发明的一个优点在于基于可信资源信息, 比黑名单管理易实施, 且更 安全可靠。  An advantage of the present invention is that it is easier to implement based on trusted resource information than blacklist management, and is more secure and reliable.
本发明的另一优点在于采用了屏幕模糊捕获技术, 即不单纯针对纯数字 串, 还针对中间有分隔符, 中间有操作时间间隔的数字串均开展捕获动作, 扩大了保护的范围。  Another advantage of the present invention is that the screen blur capture technology is adopted, that is, not only for the pure digital string, but also for the middle of the separator, and the digital string with the operation time interval in the middle performs the capture action, which expands the scope of protection.
本发明的另一优点在于卡号校验功能, 对支付操作提示能更准确, 更好 地保护了持卡人账户信息。  Another advantage of the present invention is the card number verification function, which is more accurate for payment operation prompts and better protects cardholder account information.
本发明的另一优点在于采用 IE安全插件技术, 便于安装, 自动触发, 后台作业, 不影响持卡人的曰常使用, 易于接受。  Another advantage of the present invention is that the IE security plug-in technology is adopted, which is convenient for installation, automatic triggering, and background operation, and does not affect the card holder's usual use, and is easy to accept.
附图说明 DRAWINGS
在参照附图阅读了本发明的具体实施方式以后, 本领域技术人员将会更 清楚地了解本发明的各个方面。 本领域技术人员应当理解的是, 这些附图仅 仅用于配合具体实施方式说明本发明的技术方案, 而并非意在对本发明的保 护范围构成限制。 其中,  Various aspects of the present invention will become apparent to those skilled in the <RTIgt; It should be understood by those skilled in the art that these drawings are only intended to illustrate the technical solutions of the present invention, and are not intended to limit the scope of the present invention. among them,
图 1是根据本发明实施例的基于可信资源保护银行用户信息的方法的流 程图。 图 2是根据本发明实施例的基于可信资源保护银行用户信息的装置的示 意图。  1 is a flow diagram of a method of protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention. 2 is a schematic diagram of an apparatus for protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention.
具体实施方式 detailed description
下面参照附图, 对本发明的具体实施方式作进一步的详细描述。 在本发明中,可信资源可以作为一张表存储在数据库中,如下表 1所示, 可信资源可以包括银行名称、 银行可信支付地址、 银行识别代码、 卡号校验 位位置和卡号校验算法。针对特定银行的这些数据项可以为保护特定银行用 户信息提供依据。 另外, 可以在可信资源表中维护关于所有持卡人的各个银 行的可信资源, 如此可以为所有的持卡人提供统一的防范。 可信资源表相对 于黑名单的方式更加易于维护。 DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS Hereinafter, embodiments of the present invention will be further described in detail with reference to the accompanying drawings. In the present invention, the trusted resource can be stored in the database as a table, as shown in Table 1 below, the trusted resource can include the bank name, the bank trusted payment address, the bank identification code, the card number check digit location, and the card number. Algorithm. These data items for specific banks can provide a basis for protecting specific bank user information. In addition, trusted resources for each bank of all cardholders can be maintained in the Trusted Resource Table, which provides uniform protection for all cardholders. Trusted resource tables are easier to maintain than blacklists.
Figure imgf000007_0001
Figure imgf000007_0001
表 1  Table 1
本领域的技术人员可以理解的是,表 1中的数据项还可以是其它类型或 者形式的信息。 例如, 可以使用银行可信 IP地址代替银行可信支付地址作 为银行鉴别信息为持卡人提供安全验证。 这里, 银行卡 bin是用于识别各个 卡号的所属银行的银行识别代码。 Those skilled in the art will appreciate that the data items in Table 1 may also be other types or forms of information. For example, a bank trusted IP address can be used instead of a bank trusted payment address as a bank authentication information to provide cardholders with secure authentication. Here, the bank card bin is a bank identification code of a bank to which each card number is identified.
要保护的银行用户信息包括用户卡号和用户密码。 在一个实施例中, 可信资源可仅包括银行鉴别信息和银行识别代码, 其 中每个银行的银行鉴别信息与银行识别代码——对应。  The bank user information to be protected includes the user card number and the user password. In one embodiment, the trusted resource may only include bank authentication information and a bank identification code, wherein each bank's bank authentication information corresponds to a bank identification code.
如图 1所示, 其示出根据本发明实施例的基于可信资源保护银行用户信 息的方法的流程图。  As shown in FIG. 1, there is shown a flow chart of a method for protecting bank user information based on trusted resources in accordance with an embodiment of the present invention.
在步骤 A中, 从用户访问的浏览页面中获取用户卡号。 例如, 如本领域 技术人员所熟知的, 可以从用户访问的浏览页面中的输入序列获取用户卡 号。 该序列可以为 13至 19位的数字串。 可替代地, 该序列可以包括 13至 19位的数字串和其它非数字符号,例如空格或逗号或短横线等等。可替代地, 该序列中的数字的输入操作的时间间隔少于 1秒, 如此, 在数字串分在多个 编辑框中编辑的情况下, 只要键盘数字键操作和键盘移位键操作及鼠标移动 操作之间的时间间隔小于 1秒钟, 也属于序列捕获的范围。 本领域技术人员 应当理解的是, 可以通过诸如计算机程序的各种方式实现上述的捕获。 通过 这种模糊捕获方法, 可以扩大对用户卡号的保护范围。 在确定输入序列后, 可以根据通用银行卡号格式从该序列中提取相应的符合银行卡号格式的用 户卡号。 In step A, the user card number is obtained from the browsing page accessed by the user. For example, as is well known to those skilled in the art, the user card number can be obtained from an input sequence in a browsing page accessed by the user. The sequence can be a string of numbers from 13 to 19 bits. Alternatively, the sequence may include a numeric string of 13 to 19 bits and other non-numeric symbols, such as spaces or commas or dashes, and the like. Alternatively, the time interval of the input operation of the numbers in the sequence is less than 1 second, so that in the case where the digital string is edited in multiple edit boxes, as long as the keyboard numeric key operation and the keyboard shift key operation and the mouse The time interval between move operations is less than 1 second and is also within the range of sequence capture. Those skilled in the art It should be understood that the capture described above can be accomplished in a variety of ways, such as by a computer program. Through this fuzzy capture method, the protection range of the user card number can be expanded. After determining the input sequence, the corresponding user card number conforming to the bank card number format can be extracted from the sequence according to the general bank card number format.
在步骤 B中, 确定关于用户卡号的银行识别代码, 即卡 bin。 这一步可 以通过将获取的用户卡号中与可信资源中的银行识别代码进行匹配来完成。  In step B, a bank identification code for the user card number, i.e., card bin, is determined. This step can be done by matching the acquired user card number with the bank identification code in the trusted resource.
在步骤 C中,基于关于用户卡号的银行识别代码确定关于用户卡号的银 行鉴别信息。 这里, 银行鉴别信息与银行识别代码——对应, 即一个银行识 别代码对应一项银行鉴别信息。  In step C, bank identification information about the user card number is determined based on the bank identification code for the user card number. Here, the bank authentication information corresponds to the bank identification code, that is, a bank identification code corresponds to a bank identification information.
在步骤 D 中, 基于关于用户卡号的银行鉴别信息和用户访问的浏览页 面, 提示用户关于当前的操作的信息。 例如, 可以通过比较关于用户卡号的 银行鉴别信息中的银行可信支付网址与用户访问的浏览页面的网址来提示 用户关于当前的操作的信息。  In step D, the user is prompted for information about the current operation based on the bank authentication information about the user card number and the browsing page accessed by the user. For example, the user's information about the current operation can be prompted by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
在一个实施例中, 当关于用户卡号的银行鉴别信息中的银行可信支付网 址与用户访问的浏览页面的网址不一致时,确定用户正在通过浏览页面访问 非可信资源, 从而提示用户当前的操作不安全。 这里可以通过弹出对话框的 形式提示用户当前访问的页面可能为非法页面。 如此, 当一检测到用户访问 的页面不安全时立即向用户报告, 可以尽可能在用户输入密码之前或者在用 户输入密码后点击确认键之前即时通知用户当前操作的安全性。  In an embodiment, when the bank trusted payment website in the bank identification information about the user card number is inconsistent with the website address of the browsing page accessed by the user, it is determined that the user is accessing the non-trusted resource by browsing the page, thereby prompting the user to perform the current operation. Not safe. Here, the pop-up dialog box may prompt the user that the currently accessed page may be an illegal page. In this way, when it is detected that the page accessed by the user is unsafe, the user is immediately notified of the security of the current operation before the user inputs the password or before the user clicks the confirmation button after entering the password.
在另一实施例中,可信资源还可以包括银行卡号校验位位置和银行卡号 校验算法, 在步骤 D中, 当判断用户正在利用浏览页面访问可信资源时, 所  In another embodiment, the trusted resource may further include a bank card number check bit position and a bank card number verification algorithm. In step D, when it is determined that the user is using the browse page to access the trusted resource,
位位置和校验算法, 并且利用该用户卡号的校验位位置和校验算法来校验用 户卡号。当用户卡号校验成功时提示用户当前的操作为安全操作。可替代地, 当用户卡号校验成功时提示用户可能在进行支付操作,应注意核对信息并保 护自己的账户安全, 如此可以更准确更好地保护用户信息。 The bit position and check algorithm, and the user card number is verified using the check digit position and check algorithm of the user card number. When the user card number verification is successful, the user is prompted to perform the current operation as a safe operation. Alternatively, when the user card number verification is successful, the user is prompted to perform a payment operation, and the user should pay attention to checking the information and protecting the security of the account, so that the user information can be more accurately and better protected.
图 2是根据本发明实施例的基于可信资源保护银行用户信息的装置的示 意图。  2 is a schematic diagram of an apparatus for protecting bank user information based on trusted resources, in accordance with an embodiment of the present invention.
如图 2所示,基于可信资源保护银行用户信息的保护装置包括存储单元、 捕获单元、 判断单元。 其中, 存储单元用于存储和管理可信资源。 这里, 存 储单元可以被设置在保护装置内部或者可以是远程存储单元,从而通过网络 断单元被配置成确定关于用户卡号的银行识别代码。 这里, 判断单元可以根 据存储单元中存储的银行识别代码对用户卡号中的数字进行匹配从而确定 用户卡号所属的银行。 As shown in FIG. 2, the protection device for protecting bank user information based on the trusted resource includes a storage unit, a capturing unit, and a determining unit. The storage unit is used to store and manage trusted resources. Here, save The storage unit may be disposed within the protection device or may be a remote storage unit configured to determine a bank identification code for the user card number via the network disconnect unit. Here, the judging unit may match the number in the user card number according to the bank identification code stored in the storage unit to determine the bank to which the user card number belongs.
判断单元进一步被配置成基于关于用户卡号的银行识别代码确定用户 卡号的银行鉴别信息。  The judging unit is further configured to determine the bank identification information of the user card number based on the bank identification code regarding the user card number.
判断单元进一步被配置成基于关于用户卡号的银行鉴别信息和用户访 问的浏览页面, 提示用户关于当前的操作的信息。  The judging unit is further configured to prompt the user for information on the current operation based on the bank authentication information regarding the user card number and the browsing page accessed by the user.
在一个实施例中,判断单元通过比较关于用户卡号的银行鉴别信息中的 银行可信支付网址与用户访问的浏览页面的网址来提示用户关于当前的操 作的信息。  In one embodiment, the judging unit prompts the user for information regarding the current operation by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user.
在一个实施例中,可信资源还可以包括银行卡号校验位位置和银行卡号 校验算法,  In an embodiment, the trusted resource may further include a bank card number check bit position and a bank card number verification algorithm.
当判断用户正在利用浏览页面访问可信资源时, 判断单元进一步被配置 成:  When it is determined that the user is using the browsing page to access the trusted resource, the determining unit is further configured to:
利用关于用户卡号的银行识别代码确定用户卡号的校验位位置和校验 算法, 并且利用该用户卡号的校验位位置和校验算法来校验用户卡号, 以及 当用户卡号校验成功时提示用户当前的操作为安全操作。  Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting when the user card number verification is successful The user's current operation is a safe operation.
在本发明的实施例中, 浏览页面可以是在个人计算机或者手持通信设备 的浏览器中产生的浏览页面。  In an embodiment of the invention, the browsing page may be a browsing page generated in a browser of a personal computer or handheld communication device.
在本发明的另一实施例中,保护装置作为插件被安装在用户访问浏览页 面所使用的浏览器中。可选地,保护装置随浏览器的启动自动开始监测服务。 这里, 保护装置可以是浏览器安全插件, 因此无应用序, 自动安装, 安装以 后将常驻内存, 这种保护方式对用户完全透明, 不干扰用户日常操作, 便于 用户接受。 通过以上实施方式的描述, 本领域中的普通技术人员能够理解, 在不偏 离本发明的精神和范围的情况下, 还可以对本发明的具体实施方式作各种变 更和替换。 这些变更和替换都落在本发明权利要求书所限定的范围内。  In another embodiment of the invention, the protection device is installed as a plug-in in a browser used by the user to access the browsing page. Optionally, the protection device automatically starts monitoring service with the activation of the browser. Here, the protection device can be a browser security plug-in, so there is no application, automatic installation, and the resident memory will be stored after installation. This protection mode is completely transparent to the user and does not interfere with the daily operation of the user, and is convenient for the user to accept. It will be apparent to those skilled in the art that <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; Such changes and substitutions are intended to fall within the scope of the appended claims.

Claims

权 利 要 求 Rights request
1、 一种基于可信资源保护银行用户信息的方法, 其特征在于, 可信资源包括银行鉴别信息、 银行识别代码, 其中银行鉴别信息与银行 识别代码——对应; A method for protecting bank user information based on a trusted resource, wherein the trusted resource comprises bank identification information and a bank identification code, wherein the bank identification information corresponds to a bank identification code;
银行用户信息包括用户卡号和用户密码;  Bank user information includes user card number and user password;
所述方法包括以下步骤:  The method includes the following steps:
A、 从用户访问的浏览页面中获取用户卡号;  A. Obtain a user card number from a browsing page accessed by the user;
B、 确定关于用户卡号的银行识别代码;  B. Determine a bank identification code for the user card number;
C、 基于关于用户卡号的银行识别代码确定关于用户卡号的银行鉴别信 息;  C. determining bank identification information about the user card number based on the bank identification code regarding the user card number;
D、 基于关于用户卡号的银行鉴别信息和用户访问的浏览页面, 提示用 户关于当前的操作的信息。  D. Prompting the user for information about the current operation based on the bank authentication information about the user card number and the browsing page accessed by the user.
2、 根据权利要求 1所述的方法, 其特征在于, 在步骤 A中, 从用户在 浏览页面中输入的序列中获取用户卡号。 2. The method according to claim 1, wherein in step A, the user card number is obtained from a sequence entered by the user in the browsing page.
3、 根据权利要求 2所述的方法, 其特征在于, 所述序列为 13至 19位 的数字串。 3. Method according to claim 2, characterized in that said sequence is a string of numbers from 13 to 19 digits.
4、 根据权利要求 2所述的方法, 其特征在于, 所述序列包括 13至 19 位的数字串和其它非数字符号。 4. The method of claim 2, wherein the sequence comprises a digit string of 13 to 19 bits and other non-numeric symbols.
5、 根据权利要求 2所述的方法, 其特征在于, 所述序列中的数字的输 入操作的时间间隔少于 1秒。 5. Method according to claim 2, characterized in that the time interval of the input operations of the numbers in the sequence is less than one second.
6、 根据权利要求 1所述的方法, 其特征在于, 所述银行鉴别信息包括 银行可信支付网址和 /或银行可信 IP地址。 6. The method according to claim 1, wherein the bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
7、 根据权利要求 6所述的方法, 其特征在于, 通过比较关于用户卡号 的银行鉴别信息中的银行可信支付网址与用户访问的浏览页面的网址来提 示用户关于当前的操作的信息。 7. The method according to claim 6, wherein the information about the current operation of the user is prompted by comparing the bank trusted payment website in the bank authentication information about the user card number with the website address of the browsing page accessed by the user.
8、 如权利要求 1所述的方法, 其特征在于, 所述提示的形式是在浏览 页面中弹出窗口。 8. The method of claim 1, wherein the prompt is in the form of a pop-up window in the browsing page.
9、 根据权利要求 1所述的方法, 其特征在于, 在步骤 D中, 当判断用 户正在利用浏览页面访问非可信资源时, 提示用户当前的操作不安全。 9. The method according to claim 1, wherein in step D, when it is determined that the user is using the browsing page to access the non-trusted resource, the user is prompted to perform the current operation unsafe.
10、 根据权利要求 1所述的方法, 其特征在于, 10. The method of claim 1 wherein:
所述可信资源还包括银行卡号校验位位置和银行卡号校验算法, 在步骤 D中, 当判断用户正在利用浏览页面访问可信资源时,所述步骤 D进一步包括:  The trusted resource further includes a bank card number check bit position and a bank card number check algorithm. In step D, when it is determined that the user is using the browse page to access the trusted resource, the step D further includes:
利用关于用户卡号的银行识别代码确定用户卡号的校验位位置和校验 算法, 并且利用该用户卡号的校验位位置和校验算法来校验用户卡号, 当用户卡号校验成功时提示用户当前的操作为安全操作。  Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting the user when the user card number verification is successful The current operation is a safe operation.
11、 一种基于可信资源保护银行用户信息的装置, 其特征在于, 可信资源包括银行鉴别信息、 银行识别代码, 其中银行鉴别信息与银行 识别代码——对应; 11. A device for protecting bank user information based on a trusted resource, wherein the trusted resource comprises bank identification information and a bank identification code, wherein the bank authentication information corresponds to a bank identification code.
银行用户信息包括用户卡号和用户密码;  Bank user information includes user card number and user password;
该装置包括存储单元、 捕获单元、 判断单元, 其中,  The device includes a storage unit, a capture unit, and a judging unit, wherein
存储单元用于存储和管理可信资源;  The storage unit is used to store and manage trusted resources;
判断单元被配置成确定关于用户卡号的银行识别代码, 判断单元进一步被配置成基于关于用户卡号的银行识别代码确定用户 卡号的银行鉴别信息, The determining unit is configured to determine a bank identification code for the user card number, The determining unit is further configured to determine bank identification information of the user card number based on the bank identification code regarding the user card number,
判断单元进一步被配置成基于关于用户卡号的银行鉴别信息和用户访 问的浏览页面, 提示用户关于当前的操作的信息。  The judging unit is further configured to prompt the user for information on the current operation based on the bank authentication information regarding the user card number and the browsing page accessed by the user.
12、 根据权利要求 11所述的装置, 其特征在于, 捕获单元从用户在浏 览页面中输入的序列中获取用户卡号。 12. Apparatus according to claim 11 wherein the capture unit obtains the user card number from a sequence entered by the user in the browsing page.
13、 根据权利要求 12所述的装置, 其特征在于, 所述序列为 13至 19 位的数字串。 13. Apparatus according to claim 12 wherein said sequence is a string of numbers from 13 to 19 bits.
14、根据权利要求 12所述的装置, 其特征在于, 所述序列包括 13至 19 位的数字串和其它非数字符号。 14. Apparatus according to claim 12 wherein said sequence comprises a digit string of 13 to 19 bits and other non-numeric symbols.
15、 根据权利要求 12所述的装置, 其特征在于, 所述序列中的数字的 输入操作的时间间隔少于 1秒。 15. Apparatus according to claim 12 wherein the time interval between the input operations of the digits in the sequence is less than one second.
16、 根据权利要求 11所述的装置, 其特征在于, 所述银行鉴别信息包 括银行可信支付网址和 /或银行可信 IP地址。 16. Apparatus according to claim 11 wherein said bank authentication information comprises a bank trusted payment website and/or a bank trusted IP address.
17、 根据权利要求 16所述的装置, 其特征在于, 判断单元通过比较关 于用户卡号的银行鉴别信息中的银行可信支付网址与用户访问的浏览页面 的网址来提示用户关于当前的操作的信息。 17. The apparatus according to claim 16, wherein the judging unit prompts the user for information on the current operation by comparing the bank trusted payment web address in the bank authentication information about the user card number with the web address of the browsing page accessed by the user. .
18、 如权利要求 11 所述的装置, 其特征在于, 所述提示的形式是在浏 览页面中弹出窗口。 18. The apparatus of claim 11, wherein the prompt is in the form of a pop-up window in a browsing page.
19、 根据权利要求 11所述的装置, 其特征在于, 当用户正在利用浏览 页面访问非可信资源时, 判断单元提示用户当前的操作不安全。 19. The apparatus according to claim 11, wherein when the user is using browsing When the page accesses the non-trusted resource, the judging unit prompts the user that the current operation is not secure.
20、 根据权利要求 11所述的装置, 其特征在于, 20. Apparatus according to claim 11 wherein:
所述可信资源还包括银行卡号校验位位置和银行卡号校验算法, 当判断用户正在利用浏览页面访问可信资源时, 判断单元进一步被配置 成:  The trusted resource further includes a bank card number check bit position and a bank card number verification algorithm. When it is determined that the user is using the browse page to access the trusted resource, the determining unit is further configured to:
利用关于用户卡号的银行识别代码确定用户卡号的校验位位置和校验 算法, 并且利用该用户卡号的校验位位置和校验算法来校验用户卡号, 以及 当用户卡号校验成功时提示用户当前的操作为安全操作。  Determining the check digit position and verification algorithm of the user card number by using the bank identification code of the user card number, and verifying the user card number by using the check digit position and the check algorithm of the user card number, and prompting when the user card number verification is successful The user's current operation is a safe operation.
21、 根据权利要求 11所述的装置, 其特征在于, 所述浏览页面是在个 人计算机或者手持通信设备的浏览器中产生的浏览页面。 The apparatus according to claim 11, wherein the browsing page is a browsing page generated in a browser of a personal computer or a handheld communication device.
22、 根据权利要求 12所述的装置, 其特征在于, 所述存储单元为远程 存储单元。 22. The apparatus according to claim 12, wherein the storage unit is a remote storage unit.
23、 根据权利要求 12所述的装置, 其特征在于, 所述装置作为插件被 安装在用户访问浏览页面所使用的浏览器中。 23. The apparatus according to claim 12, wherein the apparatus is installed as a plug-in in a browser used by a user to access a browsing page.
24、 根据权利要求 23所述的装置, 其特征在于, 所述装置随浏览器的 启动自动开始监测服务。 24. Apparatus according to claim 23 wherein said apparatus automatically initiates monitoring services as the browser is activated.
PCT/CN2012/075436 2011-05-13 2012-05-14 Method and device for protecting user information based on credible resource WO2012155818A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201110124325.7 2011-05-13
CN2011101243257A CN102780686A (en) 2011-05-13 2011-05-13 Credible resource based method and device for protecting bank user information

Publications (1)

Publication Number Publication Date
WO2012155818A1 true WO2012155818A1 (en) 2012-11-22

Family

ID=47125442

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2012/075436 WO2012155818A1 (en) 2011-05-13 2012-05-14 Method and device for protecting user information based on credible resource

Country Status (2)

Country Link
CN (1) CN102780686A (en)
WO (1) WO2012155818A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103854169B (en) * 2012-11-28 2019-02-12 北京京东尚科信息技术有限公司 Integrated Payments system
CN104217494B (en) * 2013-05-30 2017-07-07 财付通支付科技有限公司 A kind of card number method of calibration and device
CN110956467A (en) * 2019-10-30 2020-04-03 网银在线(北京)科技有限公司 Data storage method, device and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738240A (en) * 2004-08-16 2006-02-22 彭国展 Attestation method and safe identification method for network identity
CN1900963A (en) * 2005-07-18 2007-01-24 中国银联股份有限公司 Online safety payment system
CN101714272A (en) * 2009-11-19 2010-05-26 北京邮电大学 Method for protecting number and password of bank card from stealing by phishing website

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8122251B2 (en) * 2007-09-19 2012-02-21 Alcatel Lucent Method and apparatus for preventing phishing attacks
WO2009085045A1 (en) * 2007-12-28 2009-07-09 Agere Systems Inc. Credit and debit card transaction approval using location verification
US20090126795A1 (en) * 2009-01-10 2009-05-21 Williams Charles J 3-D energy cell w/t reflector

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1738240A (en) * 2004-08-16 2006-02-22 彭国展 Attestation method and safe identification method for network identity
CN1900963A (en) * 2005-07-18 2007-01-24 中国银联股份有限公司 Online safety payment system
CN101714272A (en) * 2009-11-19 2010-05-26 北京邮电大学 Method for protecting number and password of bank card from stealing by phishing website

Also Published As

Publication number Publication date
CN102780686A (en) 2012-11-14

Similar Documents

Publication Publication Date Title
US9832225B2 (en) Identity theft countermeasures
US20190028467A1 (en) System and method of notifying mobile devices to complete transactions
US8381293B2 (en) Identity theft countermeasures
CN101340281B (en) Method and system for safe login input on network
US11470116B2 (en) Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity
WO2015188788A1 (en) Method and apparatus for protecting mobile terminal payment security, and mobile terminal
EP1904920A2 (en) System and method for security in global computer transactions that enable reverse-authentication of a server by a client
EP3011721B1 (en) System and method for filtering electronic messages
CN101216867A (en) A logging-on process cipher protection method by means of background synchronization
Kang et al. Security considerations for smart phone smishing attacks
Hammood et al. A review of user authentication model for online banking system based on mobile IMEI number
WO2012155818A1 (en) Method and device for protecting user information based on credible resource
US20090210713A1 (en) Method and a system for securing and authenticating a message
Glăvan et al. Detection of phishing attacks using the anti-phishing framework
Digwal et al. Detection of phishing website based on deep learning
Singh et al. When social networks meet payment: a security perspective
TW201112720A (en) Method of communication device recognition code and dynamic code for network identification and telephone fraud certification
JP2009015612A (en) Authentication system, authentication computer, and program
KR20140123251A (en) Method and system for providing certification of financial service page
US20230046412A1 (en) System and method for verifying authenticity of inbound emails within an organization
CN115423456A (en) Zero-trust digital RMB payment system and safety protection method
Xiong Research on the internet banking security based on dynamic password
GB2616145A (en) Fraud detection device for checking and authenticating person, application fraud detection method, and application fraud detection program
Disha et al. Phishing & Anti-Phishing: A Review
Sujatha et al. URL Analysis and cross site scripting with secured authentication protocol system in financial services

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12785761

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 240214

122 Ep: pct application non-entry in european phase

Ref document number: 12785761

Country of ref document: EP

Kind code of ref document: A1