WO2017101706A1 - Method and apparatus for preventing human-machine interaction interface from being hijacked - Google Patents

Method and apparatus for preventing human-machine interaction interface from being hijacked Download PDF

Info

Publication number
WO2017101706A1
WO2017101706A1 PCT/CN2016/108656 CN2016108656W WO2017101706A1 WO 2017101706 A1 WO2017101706 A1 WO 2017101706A1 CN 2016108656 W CN2016108656 W CN 2016108656W WO 2017101706 A1 WO2017101706 A1 WO 2017101706A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
personalized information
information
user
personalized
Prior art date
Application number
PCT/CN2016/108656
Other languages
French (fr)
Chinese (zh)
Inventor
王旸
杨阳
朱浩然
陈舟
华锦芝
Original Assignee
中国银联股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中国银联股份有限公司 filed Critical 中国银联股份有限公司
Publication of WO2017101706A1 publication Critical patent/WO2017101706A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Definitions

  • the present invention relates to the field of network security technologies, and in particular, to a method and apparatus for preventing hijacking of a human-computer interaction interface.
  • Phishing refers to an attack method that illegally directs users to a phishing website that is very similar to the official website, allowing users to enter sensitive information in the application interface provided by the phishing website, thereby stealing sensitive information.
  • the browser detects the webpage address of the application interface when the application interface is displayed, and determines whether it is a webpage address in the malicious address database; when the detection result is malicious
  • the webpage address in the address library it is determined that the application interface is an interface provided by the phishing website, intercepting the access or issuing a warning message; and if the detection result is not the webpage address in the malicious address library, the normal display is performed.
  • the web address in the malicious address database is updated slowly, or the content of the included web address is not comprehensive enough, the user may still display the content of the phishing website that has not been intercepted, thereby revealing the sensitive information of the user and causing the user loss.
  • the existing interface display processing method has a security vulnerability and cannot effectively prevent illegal attacks on phishing websites.
  • the embodiment of the invention provides a method and a device for preventing hijacking of a human-computer interaction interface, which are used to solve the security vulnerabilities existing in the interface display processing method in the prior art.
  • the method of the present invention includes a method for preventing hijacking of a human-machine interface, the method comprising: reading personalized information of the application when launching an application, the personalized information being installed for the application Dedicated information set for the application; when the human-computer interaction interface of the application is displayed, the security status of the application is prompted according to the personalized information.
  • the method further includes:
  • the personalized information is written into the application or the personalized information is written into the startup program of the application.
  • writing the personalized information to the application or writing the personalized information to the startup program of the application includes:
  • the security status of the application is prompted according to the personalized information, including:
  • the security status of the user account is prompted according to the personalized information, including:
  • the security flag is displayed in a login interface of the application.
  • an embodiment of the present invention further provides an apparatus for preventing hijacking of a human-computer interaction interface, the apparatus comprising: a reading unit, configured to read the application when launching an application Personalized information, the personalized information is dedicated information set for the application when the application is installed; and a display unit, configured to display the human-computer interaction interface of the application, according to the personalized information prompt The security status of the application.
  • the device further includes: a personalized information processing unit, configured to acquire an installation package of the application from an application server;
  • the personalized information is written into the application or the personalized information is written into the startup program of the application.
  • the personalized information processing unit is specifically configured to: send a personalized information request message
  • the display unit is specifically configured to: display the personalized information in a login interface of the application;
  • a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
  • an embodiment of the present application provides an electronic device, including: a processor and a display;
  • the processor is configured to read personalized information of the application when launching an application, where the personalized information is dedicated information set for the application when the application is installed;
  • the display when used to display the human-computer interaction interface of the application, prompts the security status of the application according to the personalized information.
  • the processor is further configured to: acquire the security of the application from an application server. Packing; writing the personalized information to the application or writing the personalized information to the launching program of the application during installation of the installation package of the application.
  • the electronic device further includes a transceiver and a memory; the transceiver is configured to: send a personalized information request message; and receive the personalized information input by the user;
  • the memory is configured to store the personalized information in a local secure storage area
  • the processor is further configured to set an access right of the secure storage area, so that the application reads the personalized information from the secure storage area at startup.
  • the display is specifically configured to: display the personalized information in a login interface of the application;
  • a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
  • the personalized information includes at least one of the following information: a user's identity; a user's avatar information; a user's personalized signature; a user's iris; a user's voiceprint; a user's fingerprint; Last communication information before; the last access information before the application was started.
  • an embodiment of the present invention provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions are used to cause the computer to execute any of the above The method for preventing hijacking of human-computer interaction interface.
  • an embodiment of the present invention provides a computer program product, the computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instruction is When the computer executes, the computer is caused to perform the method for preventing hijacking of the human-machine interface according to any of the above.
  • the embodiment of the present invention sets personalized information, and the personalized information is specific information set for the application when the application is installed, and the personalized information of the application is read and displayed when the application is started.
  • the human-computer interaction interface of the application When the terminal is correct When reading and displaying, it is determined that the website currently accessed by the terminal is secure, otherwise, it is regarded as an illegal website, and an alarm or interception is performed. It can be seen that because of the particularity and unique characteristics of personalized information, phishing websites cannot display interfaces with personalized information, which can effectively prevent the possibility of hijacking of human-computer interface by phishing websites, and ensure sensitive information of users. The security of mobile terminal transactions.
  • FIG. 1 is a schematic flowchart of a method for preventing hijacking of a human-machine interface according to an embodiment of the present invention
  • FIG. 2 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention
  • FIG. 3 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention
  • FIG. 4 is a schematic diagram of a method for preventing hijacking of a human-computer interaction interface according to an embodiment of the present invention
  • FIG. 5 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention
  • FIG. 6 is a schematic flowchart of an apparatus for preventing hijacking of a human-machine interface according to an embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
  • a terminal a device that provides voice and/or data connectivity to a user, includes a wireless terminal or a wired terminal.
  • the wireless terminal may be a handheld device having a wireless connection function, for example, the wireless terminal may be a mobile phone (or "cellular" phone) and a computer with a mobile terminal.
  • the wireless terminal can also be a portable, pocket, handheld, computer built-in or in-vehicle mobile device.
  • an embodiment of the present invention provides a schematic flowchart of a method for preventing hijacking of a human-computer interaction interface, and specifically implementing the method includes:
  • Step S101 Read personalized information of the application when the application is started, and the personalized information is dedicated information set for the application when the application is installed.
  • Step S102 When displaying the human-computer interaction interface of the application, prompting the security status of the application according to the personalized information.
  • the application displays the personalized information or the identifier information associated with the personalized information, so that the user can Determine if the application being used is a secure application and prevent interference from the phishing program.
  • the so-called personalized information refers to the user-specific information of the mobile terminal, and the information has a unique feature.
  • the personalized information includes at least one of the following information: the identity of the user; the avatar information of the user; Personality signature; user's voiceprint; user's fingerprint; last communication information before the application is launched; last access information before the application is started.
  • the user identity may be the user's ID information or passport information.
  • the last communication information before the application is started generally refers to the user's order information or transaction information, etc.;
  • the last access information before startup usually refers to the user's Posting information, user access footprint and other information.
  • the personalized information may be determined at the time of application installation.
  • the information is written to the application's launcher.
  • the application's installation package is generally stored on a more secure application server, so the installation package of the application downloaded from the application server is generally secure.
  • the personalized information in the embodiment of the present invention may be information stored locally by the mobile terminal, or may be information obtained from a server corresponding to another website, because the locally saved personalized information may be extracted quickly.
  • the local personalized information is stored in the set secure storage area, so that the efficiency of the mobile terminal to obtain personalized information can be improved, and the security of the personalized information is also ensured, and the embodiment of the present invention is personalized.
  • the specific method of obtaining information is not limited.
  • the embodiment of the present invention further stores the personalized information by using the secure storage area of the mobile terminal. Specifically, the mobile terminal first sends the personalized information request message when the user pays or logs in. And then receiving the personalized information input by the user, and storing the personalized information in a local secure storage area; finally setting access rights of the secure storage area, so that the application starts from The secure storage area reads the personalized information.
  • the personalized information after obtaining the personalized information from the external server, the personalized information is saved in the secure storage area, and the access right of the secure storage area is set, and the access right ensures that the illegal website cannot obtain the personality from the mobile terminal.
  • Information when paying or logging in, request to obtain the use right of using personalized information in the application interface, and use the personalized information after obtaining the use right, for example, for the mobile terminal, through the security in the mobile terminal
  • An application such as a guard saves the above personalized information and sets access rights to the personalized information. This ensures the security of the personalized information of the user account, and thus can play the role of identification in the subsequent interface display.
  • the personalization information may be generated, and of course, the security flag may be generated based on the personalized information, indicating that the current interface belongs to the normal interface, and is not hijacked by the illegal website, specifically, displayed in the login interface of the application.
  • the personalized information or, generating a security mark according to the personalized information; displaying the security mark in a login interface of the application.
  • the so-called security sign can be a kind of prompting security icon, or it can be a pop-up box floating on the display interface.
  • the personalized information is image information, after the login interface is displayed, there will be insufficient display space in the remaining interfaces. Therefore, the use of security signs instead of image information, regardless of the type of security mark, is intended to give the user the purpose of making the current visit page a secure website.
  • the embodiment of the present invention further exemplifies according to different personalized information.
  • the embodiment of the present invention uses the iris to describe the example.
  • the user prompts the user to scan the iris of the eye before making a payment or logging in. When the scan is successful, Then you can do the next step, otherwise return the alarm information, or directly intercept the payment URL.
  • the mobile terminal side needs to pre-accord the eye iris scanning system, and store the iris sample of the user of the mobile terminal in the mobile terminal for use in verification.
  • the user binds his own photo with the user account, and when the user requests payment or login using the user account, when the user photo is correctly displayed on the human-computer interaction interface to be paid, the mobile terminal The user can identify whether the information is correct. If the information is found to be incorrect, the access can be stopped. Of course, if the mobile terminal side finds that the photo is failed to be read, the alarm information can also be returned, or the payment website can be directly intercepted.
  • the voiceprint is not only specific, but also relatively stable. After adulthood, the human voice can remain relatively stable for a long time. Experiments prove that whether the speaker deliberately imitates the voice and tone of others, or whispers softly, even if imitated Miao Weixiao, its voiceprints are always different.
  • the user's voiceprint information is bound to the user account.
  • the voiceprint authentication interface is first entered, and the problem is displayed on the authenticated human-computer interaction interface, and the user answers the question through the microphone of the mobile terminal. After receiving the voice information of the user, the voiceprint is judged to determine whether the voiceprint meets the requirements.
  • the user's favorite animal is taken as an example, and the user's voice information is collected through the mobile terminal microphone.
  • the voiceprint sample of the user of the mobile terminal needs to be saved on the mobile terminal side for comparison for subsequent verification.
  • the user binds his fingerprint to the user account, and when the user requests payment by using the user account, the user is prompted to input a fingerprint to authenticate by authenticating the human-computer interaction interface. If the verification is successful, the user is granted the subsequent Operation, otherwise give a warning message.
  • the fingerprint information of the user needs to be entered as a sample through the sensor on the mobile terminal for use in subsequent authentication. As for fingerprint input, it can be entered through a sensor or a camera on the mobile terminal, and the specific entry method is not limited.
  • the login is granted, otherwise the failure information is given.
  • the method for preventing hijacking of the human-computer interaction interface solves the problem that the interface display method provided by the prior art may cause the user to be in the illegal interface by acquiring the personalized information for receiving the user account.
  • the problem that the input sensitive information is stolen by the phishing website achieves the effect of avoiding the theft of sensitive information of the user account.
  • an embodiment of the present invention further provides an apparatus that can perform the foregoing method embodiments.
  • the apparatus provided by the embodiment of the present invention includes: a reading unit 201 and a display unit 202, wherein:
  • the reading unit 201 is configured to read personalized information of the application when the application is started, where the personalized information is dedicated information set for the application when the application is installed;
  • the display unit 202 is configured to prompt the security status of the application according to the personalized information when displaying the human-computer interaction interface of the application.
  • the application since different personalized information is set for the application, when the user uses the application, the application displays the personalized information or the identifier information associated with the personalized information, so that the user can Determine if the application being used is a secure application and prevent interference from the phishing program.
  • the so-called personalized information refers to the user-specific information of the mobile terminal, and the information has a unique feature.
  • the personalized information includes at least one of the following information: the identity of the user; the avatar information of the user; Personality signature; user's voiceprint; user's fingerprint; last communication information before the application is launched; last access information before the application is started.
  • the user identity may be the user's ID information or passport information.
  • the last communication information before the application is started generally refers to the user's order information or transaction information, etc.;
  • the last access information before startup usually refers to the user's posting information, the user's access footprint and other information.
  • the personalized information may be determined at the time of application installation. Further, before the reading unit 201 reads the personalized information, the personalized information processing unit 203 is required to acquire the personalized information, which is written into the application, and the personalized information processing unit 203 is configured to use the application server. Obtaining an installation package of the application; writing the personalized information to the application or writing the personalized information to the application during installation according to the installation package of the application; starting program.
  • the personalized information in the embodiment of the present invention may be information stored locally by the mobile terminal, or may be information obtained from a server corresponding to another website, because the locally saved personalized information may be extracted quickly.
  • the local personalized information is stored in the set secure storage area, so that the efficiency of the mobile terminal to obtain personalized information can be improved, and the security of the personalized information is also ensured, and the embodiment of the present invention is personalized.
  • the specific method of obtaining information is not limited.
  • the embodiment of the present invention further uses mobile
  • the personal information is stored in the secure storage area of the terminal.
  • the personalized information processing unit 203 is specifically configured to: send a personalized information request message; receive the personalized information input by the user, and The information is stored in a local secure storage area; the access rights of the secure storage area are set such that the application reads the personalized information from the secure storage area at startup.
  • the personalized information after obtaining the personalized information from the external server, the personalized information is saved in the secure storage area, and the access right of the secure storage area is set, and the access right ensures that the illegal website cannot obtain the personality from the mobile terminal.
  • Information when paying or logging in, request to obtain the use right of using personalized information in the application interface, and use the personalized information after obtaining the use right, for example, for the mobile terminal, through the security in the mobile terminal
  • An application such as a guard saves the above personalized information and sets access rights to the personalized information. This ensures the security of the personalized information of the user account, and thus can play the role of identification in the subsequent interface display.
  • the personalized information may be directly displayed on the interface when the application is started, and the security information may be generated based on the personalized information to indicate that the current interface belongs to the normal interface.
  • the display unit 202 is specifically configured to: display the personalized information in a login interface of the application; or generate a security flag according to the personalized information; The security flag is displayed in the login interface of the application.
  • the so-called security sign can be a kind of prompting security icon, or it can be a pop-up box floating on the display interface.
  • the personalized information is image information, after the login interface is displayed, there will be insufficient display space in the remaining interfaces. Therefore, the use of security signs instead of image information, regardless of the type of security mark, is intended to give the user the purpose of making the current visit page a secure website.
  • the embodiment of the present invention further exemplifies according to different personalized information.
  • the embodiment of the present invention uses the iris to describe the example, for example, the user reads the unit before making payment or logging in.
  • 201 prompts the user to perform scanning of the iris of the eye.
  • the display unit 202 displays the scanning result, and then the next operation may be performed, otherwise the alarm information is returned, or the payment website is directly intercepted.
  • the mobile terminal side needs to pre-accord the eye iris scanning system, and store the iris sample of the user of the mobile terminal in the mobile terminal for use in verification.
  • the user binds his/her own photo with the user account, and when the user requests payment or login using the user account, when the user interacts with the interface, the reading unit 201 reads the user.
  • Photo information when the display unit 202 correctly displays the user photo, the user of the mobile terminal can identify whether the information is correct. If the information is found to be incorrect, the access can be stopped. Of course, if the mobile terminal side finds that the reading of the photo fails, the same is true. You can return an alert message or directly intercept the payment URL.
  • the voiceprint is not only specific, but also relatively stable. After adulthood, the human voice can remain relatively stable for a long time. Experiments have shown that no matter whether the speaker deliberately imitates the voice and tone of others, or whispers softly speaking, even if the imitation is vivid, the voiceprint is always different.
  • the user's voiceprint information is bound to the user account.
  • the voiceprint authentication interface is first entered, and the problem is displayed on the authenticated human-computer interaction interface, and the user answers the question through the microphone of the mobile terminal. After receiving the voice information of the user, the voiceprint is judged to determine whether the voiceprint meets the requirements.
  • the display unit 202 asks the user's favorite animal as an example, and the reading unit 201 collects the user's voice information through the mobile terminal microphone.
  • the voiceprint sample of the user of the mobile terminal needs to be saved on the mobile terminal side for comparison for subsequent verification.
  • the user binds his fingerprint to the user account, and when the user requests payment by using the user account, the display unit 202 displays through the interface, and then inputs through the rear sensor.
  • the user indication is given, and the reading unit 201 prompts the user to input the fingerprint for verification by the authentication human-computer interaction interface. If the verification is successful, the subsequent operation is granted, otherwise the warning information is given.
  • the fingerprint information of the user needs to be entered as a sample through the sensor on the mobile terminal for use in subsequent authentication.
  • fingerprint input it can be entered through a sensor or a camera on the mobile terminal, and the specific entry method is not limited.
  • the login is granted, otherwise the failure information is given.
  • the embodiment of the present invention sets personalization information, which is specific information set for the application when the application is installed, and reads the personality of the application when the application is started. Information is displayed and displayed in the human-computer interaction interface of the application.
  • the terminal can correctly read and display, it is determined that the website currently accessed by the terminal is secure, otherwise, it is regarded as an illegal website, and an alarm or interception is performed. It can be seen that because of the particularity and unique characteristics of personalized information, phishing websites cannot display interfaces with personalized information, which can effectively prevent the possibility of hijacking of human-computer interface by phishing websites, and ensure sensitive information of users. The security of mobile terminal transactions.
  • the embodiment of the present application provides another electronic device.
  • 7 is a schematic structural diagram of an electronic device provided by the present invention, the electronic device 500 includes: a transceiver 501, a processor 502, a memory 503, a bus system 504, and a display 505;
  • the memory 503 is used to store a program.
  • the program can include program code, the program code including computer operating instructions.
  • the memory 503 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed. Memory 503 can also be a memory in processor 502.
  • the memory 503 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
  • Operation instructions include various operation instructions for implementing various operations.
  • Operating system includes various system programs for implementing various basic services and processing based on hard The task of the piece.
  • Processor 502 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 502 or an instruction in a form of software.
  • the processor 502 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component.
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • the methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed.
  • the general purpose processor may be a microprocessor or the processor or any conventional processor or the like.
  • the steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor.
  • the software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like.
  • the storage medium is located in the memory 503, and the processor 502 reads the information in the memory 503 and performs the following steps in conjunction with its hardware:
  • the transceiver 501 is configured to send a personalized information request message; and receive the personalized information input by a user;
  • the memory 503 is configured to store the personalized information in a local secure storage area
  • the processor 502 is configured to read personalized information of the application when the application is started, where the personalized information is dedicated information set for the application when the application is installed;
  • the display 505 is configured to prompt the security status of the application according to the personalized information when displaying the human-computer interaction interface of the application.
  • the processor 502 is further configured to: obtain an installation package of the application from an application server;
  • the personalized information is written into the application or the personalized information is written into the startup program of the application.
  • the processor 502 is further configured to set an access right of the secure storage area, so that the application reads the personalized information from the secure storage area at startup.
  • the display 505 is specifically configured to: display the personalized information in a login interface of the application;
  • a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
  • the personalized information includes at least one of the following information: an identity of the user;
  • the electronic device of the embodiment of the invention exists in various forms, including but not limited to:
  • Mobile communication devices These devices are characterized by mobile communication functions and are mainly aimed at providing voice and data communication. Such devices include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
  • Ultra-mobile personal computer equipment This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has mobile Internet access.
  • Such terminals include: PDAs, MIDs, and UMPC devices, such as the iPad.
  • Portable entertainment devices These devices can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, and smart toys and portable car navigation devices.
  • a program instructing related hardware may be completed by a program instructing related hardware, and the program is stored in a storage medium, including The instructions are used to cause a device (which may be a microcontroller, chip, etc.) or a processor to perform all or part of the steps of the various embodiments of the present application.
  • the foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
  • the present invention provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the prevention described in any of the above Human-computer interaction interface hijacking method.
  • the present invention also provides a computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to perform the human-computer interaction interface hijacking method according to any one of the above.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed in the present invention are a method and apparatus for preventing a human-machine interaction interface from being hijacked. The method comprises: when an application program is started, reading customized information of the application program, the customized information being special information set for the application program when the application program is installed; and when the human-machine interaction interface of the application program is displayed, prompting the security status of the application program according to the customized information, so as to resolve the security holes existing in the interface display processing method in the prior art.

Description

一种防止人机交互界面劫持的方法及装置Method and device for preventing human-computer interaction interface hijacking
本申请要求在2015年12月15日提交中华人民共和国知识产权局、申请号为201510937599.6,发明名称为“一种防止人机交互界面劫持的方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on December 15, 2015, submitted to the Intellectual Property Office of the People's Republic of China, application number 201510937599.6, and the invention name is "a method and device for preventing human-computer interaction interface hijacking". The content is incorporated herein by reference.
技术领域Technical field
本发明涉及网络安全技术领域,尤其涉及一种防止人机交互界面劫持的方法及装置。The present invention relates to the field of network security technologies, and in particular, to a method and apparatus for preventing hijacking of a human-computer interaction interface.
背景技术Background technique
近年来,银行、电商、支付类应用散布在各大中小型的电子市场,这些应用的用户登录界面一旦被钓鱼网站劫持和仿冒,就可能造成用户账户泄露和资金损失。网络钓鱼是指非法将用户引导至与官方网站非常相似的钓鱼网站,使得用户在钓鱼网站提供的应用界面中输入敏感信息,进而窃取敏感信息的一种攻击方式。In recent years, banks, e-commerce, and payment applications have been scattered in various small and medium-sized electronic markets. Once the user login interface of these applications is hijacked and counterfeited by phishing websites, user account leakage and capital loss may occur. Phishing refers to an attack method that illegally directs users to a phishing website that is very similar to the official website, allowing users to enter sensitive information in the application interface provided by the phishing website, thereby stealing sensitive information.
现有技术为了保证用户在应用界面中输入的敏感信息的安全,浏览器会在应用界面显示时,检测应用界面的网页地址,判断是否是恶意地址库中的网页地址;当检测结果为是恶意地址库中的网页地址时,则确定该应用界面是钓鱼网站提供的界面,拦截访问或者发出警告信息;而如果检测结果不是恶意地址库中的网页地址,则正常显示。但是,当恶意地址库中的网页地址更新速度慢,或者包含的网页地址内容不够全面时,用户很可能仍然可以会显示未被拦截的钓鱼网站的内容,进而泄露用户的敏感信息,给用户造成损失。In order to ensure the security of the sensitive information input by the user in the application interface, the browser detects the webpage address of the application interface when the application interface is displayed, and determines whether it is a webpage address in the malicious address database; when the detection result is malicious When the webpage address in the address library is used, it is determined that the application interface is an interface provided by the phishing website, intercepting the access or issuing a warning message; and if the detection result is not the webpage address in the malicious address library, the normal display is performed. However, when the web address in the malicious address database is updated slowly, or the content of the included web address is not comprehensive enough, the user may still display the content of the phishing website that has not been intercepted, thereby revealing the sensitive information of the user and causing the user loss.
因此,现有的界面显示处理方法存在安全漏洞,无法有效防范钓鱼网站的非法攻击。 Therefore, the existing interface display processing method has a security vulnerability and cannot effectively prevent illegal attacks on phishing websites.
发明内容Summary of the invention
本发明实施例提供一种防止人机交互界面劫持的方法及装置,用以解决现有技术中界面显示处理方法存在的安全漏洞。The embodiment of the invention provides a method and a device for preventing hijacking of a human-computer interaction interface, which are used to solve the security vulnerabilities existing in the interface display processing method in the prior art.
第一方面,本发明方法包括一种防止人机交互界面劫持的方法,该方法包括:在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。In a first aspect, the method of the present invention includes a method for preventing hijacking of a human-machine interface, the method comprising: reading personalized information of the application when launching an application, the personalized information being installed for the application Dedicated information set for the application; when the human-computer interaction interface of the application is displayed, the security status of the application is prompted according to the personalized information.
进一步地,,所述在启动应用程序时读取所述应用程序中的个性化信息之前,还包括:Further, before the personalization information in the application is read when the application is launched, the method further includes:
从应用服务器上获取所述应用程序的安装包;Obtaining an installation package of the application from an application server;
在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
进一步地,在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序,包括:Further, in the process of installing the installation package of the application, writing the personalized information to the application or writing the personalized information to the startup program of the application includes:
发送个性化信息请求消息;Sending a personalized information request message;
接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;Receiving the personalized information input by the user, and storing the personalized information in a local secure storage area;
设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。Setting an access right of the secure storage area to cause the application to read the personalized information from the secure storage area upon startup.
进一步地,所述显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况,包括:Further, when the human-computer interaction interface of the application is displayed, the security status of the application is prompted according to the personalized information, including:
显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述用户账户的安全状况,包括:When the human-computer interaction interface of the application is displayed, the security status of the user account is prompted according to the personalized information, including:
在所述应用程序的登录界面中显示所述个性化信息;Displaying the personalized information in a login interface of the application;
或者, Or,
根据所述个性化信息生成安全标志;Generating a security mark based on the personalized information;
在所述应用程序的登录界面中显示所述安全标志。The security flag is displayed in a login interface of the application.
第二方面,基于同样的发明构思,本发明实施例进一步地提供一种防止人机交互界面劫持的装置,该装置包括:读取单元,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;显示单元,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。In a second aspect, based on the same inventive concept, an embodiment of the present invention further provides an apparatus for preventing hijacking of a human-computer interaction interface, the apparatus comprising: a reading unit, configured to read the application when launching an application Personalized information, the personalized information is dedicated information set for the application when the application is installed; and a display unit, configured to display the human-computer interaction interface of the application, according to the personalized information prompt The security status of the application.
进一步地,所述装置还包括:个性化信息处理单元,用于从应用服务器上获取所述应用程序的安装包;Further, the device further includes: a personalized information processing unit, configured to acquire an installation package of the application from an application server;
在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
进一步地,所述个性化信息处理单元具体用于:发送个性化信息请求消息;Further, the personalized information processing unit is specifically configured to: send a personalized information request message;
接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;Receiving the personalized information input by the user, and storing the personalized information in a local secure storage area;
设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。Setting an access right of the secure storage area to cause the application to read the personalized information from the secure storage area upon startup.
进一步地,所述显示单元具体用于:在所述应用程序的登录界面中显示所述个性化信息;Further, the display unit is specifically configured to: display the personalized information in a login interface of the application;
或者,根据所述个性化信息生成安全标志,在所述应用程序的登录界面中显示所述安全标志。Alternatively, a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
第三方面,本申请实施例提供一种电子设备,包括:处理器、显示器;In a third aspect, an embodiment of the present application provides an electronic device, including: a processor and a display;
所述处理器,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;The processor is configured to read personalized information of the application when launching an application, where the personalized information is dedicated information set for the application when the application is installed;
所述显示器,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。The display, when used to display the human-computer interaction interface of the application, prompts the security status of the application according to the personalized information.
进一步地,所述处理器还用于:从应用服务器上获取所述应用程序的安 装包;在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。Further, the processor is further configured to: acquire the security of the application from an application server. Packing; writing the personalized information to the application or writing the personalized information to the launching program of the application during installation of the installation package of the application.
进一步地,所述电子设备还包括收发器、存储器;所述收发器用于:发送个性化信息请求消息;并接收用户输入的所述个性化信息;Further, the electronic device further includes a transceiver and a memory; the transceiver is configured to: send a personalized information request message; and receive the personalized information input by the user;
所述存储器,用于将所述个性化信息存储在本地的安全存储区域;The memory is configured to store the personalized information in a local secure storage area;
所述处理器还用于设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。The processor is further configured to set an access right of the secure storage area, so that the application reads the personalized information from the secure storage area at startup.
进一步地,所述显示器具体用于:在所述应用程序的登录界面中显示所述个性化信息;Further, the display is specifically configured to: display the personalized information in a login interface of the application;
或者,根据所述个性化信息生成安全标志,在所述应用程序的登录界面中显示所述安全标志。Alternatively, a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
其中,所述个性化信息包括如下信息中的至少一种:用户的身份标识;用户的头像信息;用户的个性签名;用户的虹膜;用户的声纹;用户的指纹;在所述应用程序启动前的最后一次通信信息;在所述应用程序启动前的最后一次访问信息。The personalized information includes at least one of the following information: a user's identity; a user's avatar information; a user's personalized signature; a user's iris; a user's voiceprint; a user's fingerprint; Last communication information before; the last access information before the application was started.
第四方面,本发明实施例提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行上述任一项所述的防止人机交互界面劫持的方法。In a fourth aspect, an embodiment of the present invention provides a non-transitory computer readable storage medium, where the non-transitory computer readable storage medium stores computer instructions, where the computer instructions are used to cause the computer to execute any of the above The method for preventing hijacking of human-computer interaction interface.
第五方面,本发明实施例提供一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任一项所述的防止人机交互界面劫持的方法。In a fifth aspect, an embodiment of the present invention provides a computer program product, the computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instruction is When the computer executes, the computer is caused to perform the method for preventing hijacking of the human-machine interface according to any of the above.
本发明实施例通过设置个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息,在启动应用程序时读取所述应用程序的个性化信息,并显示在所述应用程序的人机交互界面。当终端能够正确 读取并显示时,判断所述终端当前访问的网站安全,否则,则认定为非法网站,进行告警或者拦截。可见,因为个性化信息的特殊性和独一无二的特点,钓鱼网站无法显示含有个性化信息的界面,进而可以有效的预防人机交互界面被钓鱼网站劫持的可能性,保证了用户的敏感信息,提高了移动终端交易的安全性。The embodiment of the present invention sets personalized information, and the personalized information is specific information set for the application when the application is installed, and the personalized information of the application is read and displayed when the application is started. In the human-computer interaction interface of the application. When the terminal is correct When reading and displaying, it is determined that the website currently accessed by the terminal is secure, otherwise, it is regarded as an illegal website, and an alarm or interception is performed. It can be seen that because of the particularity and unique characteristics of personalized information, phishing websites cannot display interfaces with personalized information, which can effectively prevent the possibility of hijacking of human-computer interface by phishing websites, and ensure sensitive information of users. The security of mobile terminal transactions.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简要介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域的普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present invention, Those skilled in the art can also obtain other drawings based on these drawings without paying for inventive labor.
图1为本发明实施例提供一种防止人机交互界面劫持的方法流程示意图;FIG. 1 is a schematic flowchart of a method for preventing hijacking of a human-machine interface according to an embodiment of the present invention;
图2为本发明实施例提供一种场景一举例描述防止人机交互界面劫持的方法;FIG. 2 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention; FIG.
图3为本发明实施例提供一种场景二举例描述防止人机交互界面劫持的方法;FIG. 3 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention; FIG.
图4为本发明实施例提供一种场景三举例描述防止人机交互界面劫持的方法;FIG. 4 is a schematic diagram of a method for preventing hijacking of a human-computer interaction interface according to an embodiment of the present invention; FIG.
图5为本发明实施例提供一种场景四举例描述防止人机交互界面劫持的方法;FIG. 5 is a schematic diagram of a method for preventing hijacking of a human-machine interaction interface according to an embodiment of the present invention; FIG.
图6为本发明实施例提供一种防止人机交互界面劫持的装置流程示意图;FIG. 6 is a schematic flowchart of an apparatus for preventing hijacking of a human-machine interface according to an embodiment of the present invention;
图7为本发明实施例提供一种电子设备架构示意图。FIG. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
具体实施方式detailed description
为了使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本 发明作进一步地详细描述,显然,所描述的实施例仅仅是本发明一部份实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其它实施例,都属于本发明保护的范围。In order to make the objects, technical solutions and advantages of the present invention more clear, the following will be The invention is further described in detail, and it is apparent that the described embodiments are only a part of the embodiments of the invention, rather than all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明以下实施例中,终端,指向用户提供语音和/或数据连通性的设备,包括无线终端或有线终端。无线终端可以是具有无线连接功能的手持式设备、例如,无线终端可以是移动电话(或称为“蜂窝”电话)和具有移动终端的计算机。又如,无线终端也可以是便携式、袖珍式、手持式、计算机内置的或者车载的移动装置。In the following embodiments of the present invention, a terminal, a device that provides voice and/or data connectivity to a user, includes a wireless terminal or a wired terminal. The wireless terminal may be a handheld device having a wireless connection function, for example, the wireless terminal may be a mobile phone (or "cellular" phone) and a computer with a mobile terminal. As another example, the wireless terminal can also be a portable, pocket, handheld, computer built-in or in-vehicle mobile device.
参见图1所示,本发明实施例提供一种防止人机交互界面劫持的方法流程示意图,具体地实现方法包括:As shown in FIG. 1 , an embodiment of the present invention provides a schematic flowchart of a method for preventing hijacking of a human-computer interaction interface, and specifically implementing the method includes:
步骤S101,在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息。Step S101: Read personalized information of the application when the application is started, and the personalized information is dedicated information set for the application when the application is installed.
步骤S102,显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。Step S102: When displaying the human-computer interaction interface of the application, prompting the security status of the application according to the personalized information.
在上述实施例中,由于针对应用程序设定了不同的个性化信息,因此用户在使用该应用程序时,应用程序会显示该个性化信息或该个性化信息关联的标志信息,从而使得用户可以确定使用的应用程序是否为安全的应用程序,防止钓鱼程序的干扰。In the above embodiment, since different personalized information is set for the application, when the user uses the application, the application displays the personalized information or the identifier information associated with the personalized information, so that the user can Determine if the application being used is a secure application and prevent interference from the phishing program.
所谓个性化信息指的是移动终端的使用用户的专用信息,该信息具有独一无二的特点,一般,所述个性化信息包括如下信息中的至少一种:用户的身份标识;用户的头像信息;用户的个性签名;用户的声纹;用户的指纹;在所述应用程序启动前的最后一次通信信息;在所述应用程序启动前的最后一次访问信息。The so-called personalized information refers to the user-specific information of the mobile terminal, and the information has a unique feature. Generally, the personalized information includes at least one of the following information: the identity of the user; the avatar information of the user; Personality signature; user's voiceprint; user's fingerprint; last communication information before the application is launched; last access information before the application is started.
其中,用户的身份标识可以是用户的身份证信息或者护照信息等,另外,在所述应用程序启动前的最后一次通信信息通常指的是用户的订单信息或者交易信息等;在所述应用程序启动前的最后一次访问信息通常指的是用户的 发帖信息,用户的访问足迹等信息。The user identity may be the user's ID information or passport information. In addition, the last communication information before the application is started generally refers to the user's order information or transaction information, etc.; The last access information before startup usually refers to the user's Posting information, user access footprint and other information.
具体地,个性化信息可以是在应用程序安装时确定的。如在步骤S101之前,从应用服务器上获取所述应用程序的安装包;根据所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。应用程序的安装包一般都存储在安全程度比较高的应用服务器上,所以从应用服务器上下载的应用程序的安装包一般是安全的。In particular, the personalized information may be determined at the time of application installation. Obtaining, before step S101, an installation package of the application from an application server; writing the personalized information to the application or the personalization during installation according to the installation package of the application The information is written to the application's launcher. The application's installation package is generally stored on a more secure application server, so the installation package of the application downloaded from the application server is generally secure.
需要说明的是,本发明实施例中的个性化信息可以是移动终端本地保存的信息,也可以是从其它网站对应的服务器上获取的信息,因为本地保存的个性化信息可以被较快地提取,而且本地的个性化信息是保存在设定的安全存储区域,所以既能提高了移动终端获取个性化信息的效率,同时也保证了个性化信息的安全性,另外本发明实施例对个性化信息的具体获取方法并不做限定。It should be noted that the personalized information in the embodiment of the present invention may be information stored locally by the mobile terminal, or may be information obtained from a server corresponding to another website, because the locally saved personalized information may be extracted quickly. Moreover, the local personalized information is stored in the set secure storage area, so that the efficiency of the mobile terminal to obtain personalized information can be improved, and the security of the personalized information is also ensured, and the embodiment of the present invention is personalized. The specific method of obtaining information is not limited.
为了避免个性化信息被钓鱼网站获取,本发明实施例进一步的使用移动终端本地的安全存储区域对个性化信息进行存储,具体地,移动终端侧先是在用户支付或者登录时发送个性化信息请求消息;然后再接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;最后设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。In order to prevent the personalized information from being obtained by the phishing website, the embodiment of the present invention further stores the personalized information by using the secure storage area of the mobile terminal. Specifically, the mobile terminal first sends the personalized information request message when the user pays or logs in. And then receiving the personalized information input by the user, and storing the personalized information in a local secure storage area; finally setting access rights of the secure storage area, so that the application starts from The secure storage area reads the personalized information.
本发明实施例中,从外部服务器获取个性化信息之后,将个性化信息保存在安全存储区域,并设置安全存储区域的访问权限,所述访问权限保证了非法网站无法从移动终端中获取到个性化信息,在支付或者登录时,请求获取在应用界面中使用个性化信息的使用权限,并在得到使用权限之后,才使用个性化信息,例如,对于移动终端来说,通过移动终端中的安全卫士等应用保存上述个性化信息,并对所述个性化信息设置访问权限。这样保证了用户账户的个性化信息的安全,进而能够在后续界面显示中起到鉴别的作用。In the embodiment of the present invention, after obtaining the personalized information from the external server, the personalized information is saved in the secure storage area, and the access right of the secure storage area is set, and the access right ensures that the illegal website cannot obtain the personality from the mobile terminal. Information, when paying or logging in, request to obtain the use right of using personalized information in the application interface, and use the personalized information after obtaining the use right, for example, for the mobile terminal, through the security in the mobile terminal An application such as a guard saves the above personalized information and sets access rights to the personalized information. This ensures the security of the personalized information of the user account, and thus can play the role of identification in the subsequent interface display.
基于上述个性化信息的写入,在应用程序启动时,可以在界面上直接显 示所述个性化信息,当然也可以基于所述个性化信息生成安全标志,用来指示当前的界面属于正常界面,并未被非法网站劫持,具体地,在所述应用程序的登录界面中显示所述个性化信息;或者,根据所述个性化信息生成安全标志;在所述应用程序的登录界面中显示所述安全标志。Based on the above-mentioned writing of personalized information, when the application is started, it can be directly displayed on the interface. The personalization information may be generated, and of course, the security flag may be generated based on the personalized information, indicating that the current interface belongs to the normal interface, and is not hijacked by the illegal website, specifically, displayed in the login interface of the application. The personalized information; or, generating a security mark according to the personalized information; displaying the security mark in a login interface of the application.
所谓安全标志可以是一种提示安全的图标,也可以是一种在显示界面上悬浮的弹出框,当个性化信息是图像信息时,登录界面显示后,在其余界面会存在显示空间不足的问题,因此使用安全标志代替图像信息,无论是哪种安全标志,目的均是为了给用户发出当前访问页面为安全网站的目的。The so-called security sign can be a kind of prompting security icon, or it can be a pop-up box floating on the display interface. When the personalized information is image information, after the login interface is displayed, there will be insufficient display space in the remaining interfaces. Therefore, the use of security signs instead of image information, regardless of the type of security mark, is intended to give the user the purpose of making the current visit page a secure website.
为了更加详细地描述上述防止人机交互界面劫持的方法,本发明实施例进一步地依据不同的个性化信息进行举例阐述。In order to describe the above method for preventing human-computer interaction interface hijacking in more detail, the embodiment of the present invention further exemplifies according to different personalized information.
场景一:scene one:
如图2所示,因为眼睛虹膜具有与指纹独一无二的特点,本发明实施例利用虹膜进行举例描述,比如,用户通过在进行支付或者登录前,提示用户进行眼睛虹膜的扫描,当扫描成功时,则可以下一步的操作,否则返回告警信息,或者直接拦截该支付网址。当然,移动终端侧需要预先按照眼睛虹膜扫描系统,并在移动终端内部存储移动终端的使用用户的虹膜样本,以作验证时使用。As shown in FIG. 2, because the iris of the eye has the unique feature of the fingerprint, the embodiment of the present invention uses the iris to describe the example. For example, the user prompts the user to scan the iris of the eye before making a payment or logging in. When the scan is successful, Then you can do the next step, otherwise return the alarm information, or directly intercept the payment URL. Of course, the mobile terminal side needs to pre-accord the eye iris scanning system, and store the iris sample of the user of the mobile terminal in the mobile terminal for use in verification.
场景二:Scene 2:
如图3所示,比如,用户将自己的照片与用户账户进行绑定,在用户使用用户账户请求支付或者登录时,当在要进行支付的人机交互界面上正确显示用户照片时,移动终端的使用用户可以鉴别该信息是否正确,若发现不正确,可以停止访问,当然,若移动终端侧发现读取上述照片失败,同样也可以返回告警信息,或者直接拦截该支付网址。As shown in FIG. 3, for example, the user binds his own photo with the user account, and when the user requests payment or login using the user account, when the user photo is correctly displayed on the human-computer interaction interface to be paid, the mobile terminal The user can identify whether the information is correct. If the information is found to be incorrect, the access can be stopped. Of course, if the mobile terminal side finds that the photo is failed to be read, the alarm information can also be returned, or the payment website can be directly intercepted.
场景三:Scene 3:
如图4所示,基于现代科学研究表明,声纹不仅具有特定性,而且有相对稳定性的特点。成年以后,人的声音可保持长期相对稳定不变。实验证明,无论讲话者是故意模仿他人声音和语气,还是耳语轻声讲话,即使模仿得惟 妙惟肖,其声纹却始终不相同。将用户的声纹信息与用户账号进行绑定,在进入支付阶段或者登录阶段时,先进入声纹认证界面,通过在认证的人机交互界面上显示问题,由用户通过移动终端的麦克风回答问题,当接收到用户的语音信息后通过进行声纹的判断,判断所述声纹是否满足要求。本发明实施例以提问用户最喜欢的动物为例,通过移动终端麦克风收集用户的语音信息。当然在进行声纹认证之前,需要在移动终端侧保存该移动终端的用户的声纹样本,以供后续做验证时做比较使用。As shown in Figure 4, based on modern scientific research, the voiceprint is not only specific, but also relatively stable. After adulthood, the human voice can remain relatively stable for a long time. Experiments prove that whether the speaker deliberately imitates the voice and tone of others, or whispers softly, even if imitated Miao Weixiao, its voiceprints are always different. The user's voiceprint information is bound to the user account. When entering the payment phase or the login phase, the voiceprint authentication interface is first entered, and the problem is displayed on the authenticated human-computer interaction interface, and the user answers the question through the microphone of the mobile terminal. After receiving the voice information of the user, the voiceprint is judged to determine whether the voiceprint meets the requirements. In the embodiment of the present invention, the user's favorite animal is taken as an example, and the user's voice information is collected through the mobile terminal microphone. Of course, before the voiceprint authentication is performed, the voiceprint sample of the user of the mobile terminal needs to be saved on the mobile terminal side for comparison for subsequent verification.
若用户通过移动终端的麦克风回答问题的语音信息满足判定要求,则准予登录,否则给出失败信息。If the user answers the voice message of the question through the microphone of the mobile terminal to satisfy the determination request, the login is granted, otherwise the failure message is given.
场景四:Scene 4:
如图5所示,比如,用户将自己的指纹与用户账户进行绑定,在用户使用用户账户请求支付时,通过认证人机交互界面提示用户输入指纹进行验证,若验证成功,则准予后续的操作,否则给出警告信息。当然,在进行指纹认证前,需要通过移动终端上的传感器录入用户的指纹信息作为样本,以备后续认证时使用。至于指纹录入可以通过移动终端上的传感器或者摄像头进行录入,具体录入方法不做限定。As shown in FIG. 5, for example, the user binds his fingerprint to the user account, and when the user requests payment by using the user account, the user is prompted to input a fingerprint to authenticate by authenticating the human-computer interaction interface. If the verification is successful, the user is granted the subsequent Operation, otherwise give a warning message. Of course, before performing fingerprint authentication, the fingerprint information of the user needs to be entered as a sample through the sensor on the mobile terminal for use in subsequent authentication. As for fingerprint input, it can be entered through a sensor or a camera on the mobile terminal, and the specific entry method is not limited.
若用户通过移动终端的传感器扫描到的指纹信息满足判定要求,则准予登录,否则给出失败信息。If the fingerprint information scanned by the user through the sensor of the mobile terminal satisfies the determination request, the login is granted, otherwise the failure information is given.
综上所述,本实施例提供的防止人机交互界面劫持的方法,通过获取用于接收用户账户的个性化信息,解决了现有技术提供的界面显示方法可能会导致的用户在非法界面中输入的敏感信息被钓鱼网站盗取的问题,达到了可以避免用户账户的敏感信息被盗取的效果。In summary, the method for preventing hijacking of the human-computer interaction interface provided in this embodiment solves the problem that the interface display method provided by the prior art may cause the user to be in the illegal interface by acquiring the personalized information for receiving the user account. The problem that the input sensitive information is stolen by the phishing website achieves the effect of avoiding the theft of sensitive information of the user account.
基于相同的技术构思,本发明实施例还提供一种装置,该装置可执行上述方法实施例。本发明实施例提供的装置如图6所示,包括:读取单元201、显示单元202,其中:Based on the same technical concept, an embodiment of the present invention further provides an apparatus that can perform the foregoing method embodiments. As shown in FIG. 6, the apparatus provided by the embodiment of the present invention includes: a reading unit 201 and a display unit 202, wherein:
读取单元201,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息; The reading unit 201 is configured to read personalized information of the application when the application is started, where the personalized information is dedicated information set for the application when the application is installed;
显示单元202,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。在上述实施例中,由于针对应用程序设定了不同的个性化信息,因此用户在使用该应用程序时,应用程序会显示该个性化信息或该个性化信息关联的标志信息,从而使得用户可以确定使用的应用程序是否为安全的应用程序,防止钓鱼程序的干扰。The display unit 202 is configured to prompt the security status of the application according to the personalized information when displaying the human-computer interaction interface of the application. In the above embodiment, since different personalized information is set for the application, when the user uses the application, the application displays the personalized information or the identifier information associated with the personalized information, so that the user can Determine if the application being used is a secure application and prevent interference from the phishing program.
所谓个性化信息指的是移动终端的使用用户的专用信息,该信息具有独一无二的特点,一般,所述个性化信息包括如下信息中的至少一种:用户的身份标识;用户的头像信息;用户的个性签名;用户的声纹;用户的指纹;在所述应用程序启动前的最后一次通信信息;在所述应用程序启动前的最后一次访问信息。The so-called personalized information refers to the user-specific information of the mobile terminal, and the information has a unique feature. Generally, the personalized information includes at least one of the following information: the identity of the user; the avatar information of the user; Personality signature; user's voiceprint; user's fingerprint; last communication information before the application is launched; last access information before the application is started.
其中,用户的身份标识可以是用户的身份证信息或者护照信息等,另外,在所述应用程序启动前的最后一次通信信息通常指的是用户的订单信息或者交易信息等;在所述应用程序启动前的最后一次访问信息通常指的是用户的发帖信息,用户的访问足迹等信息。The user identity may be the user's ID information or passport information. In addition, the last communication information before the application is started generally refers to the user's order information or transaction information, etc.; The last access information before startup usually refers to the user's posting information, the user's access footprint and other information.
具体地,个性化信息可以是在应用程序安装时确定的。进一步地,在读取单元201读取个性化信息之前,需要利用个性化信息处理单元203获取个性化信息,并写入到应用程序中,所述个性化信息处理单元203,用于从应用服务器上获取所述应用程序的安装包;根据所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In particular, the personalized information may be determined at the time of application installation. Further, before the reading unit 201 reads the personalized information, the personalized information processing unit 203 is required to acquire the personalized information, which is written into the application, and the personalized information processing unit 203 is configured to use the application server. Obtaining an installation package of the application; writing the personalized information to the application or writing the personalized information to the application during installation according to the installation package of the application; starting program.
需要说明的是,本发明实施例中的个性化信息可以是移动终端本地保存的信息,也可以是从其它网站对应的服务器上获取的信息,因为本地保存的个性化信息可以被较快地提取,而且本地的个性化信息是保存在设定的安全存储区域,所以既能提高了移动终端获取个性化信息的效率,同时也保证了个性化信息的安全性,另外本发明实施例对个性化信息的具体获取方法并不做限定。It should be noted that the personalized information in the embodiment of the present invention may be information stored locally by the mobile terminal, or may be information obtained from a server corresponding to another website, because the locally saved personalized information may be extracted quickly. Moreover, the local personalized information is stored in the set secure storage area, so that the efficiency of the mobile terminal to obtain personalized information can be improved, and the security of the personalized information is also ensured, and the embodiment of the present invention is personalized. The specific method of obtaining information is not limited.
为了避免个性化信息被钓鱼网站获取,本发明实施例进一步的使用移动 终端本地的安全存储区域对个性化信息进行存储,具体地,所述个性化信息处理单元203具体用于:发送个性化信息请求消息;接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。In order to prevent personalized information from being acquired by a phishing website, the embodiment of the present invention further uses mobile The personal information is stored in the secure storage area of the terminal. Specifically, the personalized information processing unit 203 is specifically configured to: send a personalized information request message; receive the personalized information input by the user, and The information is stored in a local secure storage area; the access rights of the secure storage area are set such that the application reads the personalized information from the secure storage area at startup.
本发明实施例中,从外部服务器获取个性化信息之后,将个性化信息保存在安全存储区域,并设置安全存储区域的访问权限,所述访问权限保证了非法网站无法从移动终端中获取到个性化信息,在支付或者登录时,请求获取在应用界面中使用个性化信息的使用权限,并在得到使用权限之后,才使用个性化信息,例如,对于移动终端来说,通过移动终端中的安全卫士等应用保存上述个性化信息,并对所述个性化信息设置访问权限。这样保证了用户账户的个性化信息的安全,进而能够在后续界面显示中起到鉴别的作用。In the embodiment of the present invention, after obtaining the personalized information from the external server, the personalized information is saved in the secure storage area, and the access right of the secure storage area is set, and the access right ensures that the illegal website cannot obtain the personality from the mobile terminal. Information, when paying or logging in, request to obtain the use right of using personalized information in the application interface, and use the personalized information after obtaining the use right, for example, for the mobile terminal, through the security in the mobile terminal An application such as a guard saves the above personalized information and sets access rights to the personalized information. This ensures the security of the personalized information of the user account, and thus can play the role of identification in the subsequent interface display.
基于上述个性化信息的写入,在应用程序启动时,可以在界面上直接显示所述个性化信息,当然也可以基于所述个性化信息生成安全标志,用来指示当前的界面属于正常界面,并未被非法网站劫持,进一步地,所述显示单元202具体用于:在所述应用程序的登录界面中显示所述个性化信息;或者,根据所述个性化信息生成安全标志;在所述应用程序的登录界面中显示所述安全标志。The personalized information may be directly displayed on the interface when the application is started, and the security information may be generated based on the personalized information to indicate that the current interface belongs to the normal interface. The display unit 202 is specifically configured to: display the personalized information in a login interface of the application; or generate a security flag according to the personalized information; The security flag is displayed in the login interface of the application.
所谓安全标志可以是一种提示安全的图标,也可以是一种在显示界面上悬浮的弹出框,当个性化信息是图像信息时,登录界面显示后,在其余界面会存在显示空间不足的问题,因此使用安全标志代替图像信息,无论是哪种安全标志,目的均是为了给用户发出当前访问页面为安全网站的目的。The so-called security sign can be a kind of prompting security icon, or it can be a pop-up box floating on the display interface. When the personalized information is image information, after the login interface is displayed, there will be insufficient display space in the remaining interfaces. Therefore, the use of security signs instead of image information, regardless of the type of security mark, is intended to give the user the purpose of making the current visit page a secure website.
为了更加详细地描述上述防止人机交互界面劫持的装置的实现过程,本发明实施例进一步地依据不同的个性化信息进行举例阐述。In order to describe in more detail the implementation process of the device for preventing hijacking of the human-computer interaction interface, the embodiment of the present invention further exemplifies according to different personalized information.
场景一:scene one:
如图2所示,因为眼睛虹膜具有与指纹独一无二的特点,本发明实施例利用虹膜进行举例描述,比如,用户通过在进行支付或者登录前,读取单元 201提示用户进行眼睛虹膜的扫描,当扫描成功时,显示单元202显示扫描结果,则可以下一步的操作,否则返回告警信息,或者直接拦截该支付网址。当然,移动终端侧需要预先按照眼睛虹膜扫描系统,并在移动终端内部存储移动终端的使用用户的虹膜样本,以作验证时使用。As shown in FIG. 2, since the iris of the eye has the unique feature of the fingerprint, the embodiment of the present invention uses the iris to describe the example, for example, the user reads the unit before making payment or logging in. 201 prompts the user to perform scanning of the iris of the eye. When the scanning is successful, the display unit 202 displays the scanning result, and then the next operation may be performed, otherwise the alarm information is returned, or the payment website is directly intercepted. Of course, the mobile terminal side needs to pre-accord the eye iris scanning system, and store the iris sample of the user of the mobile terminal in the mobile terminal for use in verification.
场景二:Scene 2:
如图3所示,比如,用户将自己的照片与用户账户进行绑定,在用户使用用户账户请求支付或者登录时,当在要进行支付的人机交互界面上,读取单元201读取用户的照片信息,当显示单元202正确显示用户照片时,移动终端的使用用户可以鉴别该信息是否正确,若发现不正确,可以停止访问,当然,若移动终端侧发现读取上述照片失败,同样也可以返回告警信息,或者直接拦截该支付网址。As shown in FIG. 3, for example, the user binds his/her own photo with the user account, and when the user requests payment or login using the user account, when the user interacts with the interface, the reading unit 201 reads the user. Photo information, when the display unit 202 correctly displays the user photo, the user of the mobile terminal can identify whether the information is correct. If the information is found to be incorrect, the access can be stopped. Of course, if the mobile terminal side finds that the reading of the photo fails, the same is true. You can return an alert message or directly intercept the payment URL.
场景三:Scene 3:
如图4所示,基于现代科学研究表明,声纹不仅具有特定性,而且有相对稳定性的特点。成年以后,人的声音可保持长期相对稳定不变。实验证明,无论讲话者是故意模仿他人声音和语气,还是耳语轻声讲话,即使模仿得惟妙惟肖,其声纹却始终不相同。将用户的声纹信息与用户账号进行绑定,在进入支付阶段或者登录阶段时,先进入声纹认证界面,通过在认证的人机交互界面上显示问题,由用户通过移动终端的麦克风回答问题,当接收到用户的语音信息后通过进行声纹的判断,判断所述声纹是否满足要求。本发明实施例以显示单元202提问用户最喜欢的动物为例,读取单元201通过移动终端麦克风收集用户的语音信息。当然在进行声纹认证之前,需要在移动终端侧保存该移动终端的用户的声纹样本,以供后续做验证时做比较使用。As shown in Figure 4, based on modern scientific research, the voiceprint is not only specific, but also relatively stable. After adulthood, the human voice can remain relatively stable for a long time. Experiments have shown that no matter whether the speaker deliberately imitates the voice and tone of others, or whispers softly speaking, even if the imitation is vivid, the voiceprint is always different. The user's voiceprint information is bound to the user account. When entering the payment phase or the login phase, the voiceprint authentication interface is first entered, and the problem is displayed on the authenticated human-computer interaction interface, and the user answers the question through the microphone of the mobile terminal. After receiving the voice information of the user, the voiceprint is judged to determine whether the voiceprint meets the requirements. In the embodiment of the present invention, the display unit 202 asks the user's favorite animal as an example, and the reading unit 201 collects the user's voice information through the mobile terminal microphone. Of course, before the voiceprint authentication is performed, the voiceprint sample of the user of the mobile terminal needs to be saved on the mobile terminal side for comparison for subsequent verification.
若用户通过移动终端的麦克风回答问题的语音信息满足判定要求,则准予登录,否则给出失败信息。If the user answers the voice message of the question through the microphone of the mobile terminal to satisfy the determination request, the login is granted, otherwise the failure message is given.
场景四:Scene 4:
如图5所示,比如,用户将自己的指纹与用户账户进行绑定,在用户使用用户账户请求支付时,显示单元202通过界面显示请通过后置传感器输入 指纹的方式,给出用户指示,读取单元201通过认证人机交互界面提示用户输入指纹进行验证,若验证成功,则准予后续的操作,否则给出警告信息。当然,在进行指纹认证前,需要通过移动终端上的传感器录入用户的指纹信息作为样本,以备后续认证时使用。至于指纹录入可以通过移动终端上的传感器或者摄像头进行录入,具体录入方法不做限定。As shown in FIG. 5, for example, the user binds his fingerprint to the user account, and when the user requests payment by using the user account, the display unit 202 displays through the interface, and then inputs through the rear sensor. In the manner of the fingerprint, the user indication is given, and the reading unit 201 prompts the user to input the fingerprint for verification by the authentication human-computer interaction interface. If the verification is successful, the subsequent operation is granted, otherwise the warning information is given. Of course, before performing fingerprint authentication, the fingerprint information of the user needs to be entered as a sample through the sensor on the mobile terminal for use in subsequent authentication. As for fingerprint input, it can be entered through a sensor or a camera on the mobile terminal, and the specific entry method is not limited.
若用户通过移动终端的传感器扫描到的指纹信息满足判定要求,则准予登录,否则给出失败信息。If the fingerprint information scanned by the user through the sensor of the mobile terminal satisfies the determination request, the login is granted, otherwise the failure information is given.
综上所述,本发明实施例通过设置个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息,在启动应用程序时读取所述应用程序的个性化信息,并显示在所述应用程序的人机交互界面。当终端能够正确读取并显示时,判断所述终端当前访问的网站安全,否则,则认定为非法网站,进行告警或者拦截。可见,因为个性化信息的特殊性和独一无二的特点,钓鱼网站无法显示含有个性化信息的界面,进而可以有效的预防人机交互界面被钓鱼网站劫持的可能性,保证了用户的敏感信息,提高了移动终端交易的安全性。In summary, the embodiment of the present invention sets personalization information, which is specific information set for the application when the application is installed, and reads the personality of the application when the application is started. Information is displayed and displayed in the human-computer interaction interface of the application. When the terminal can correctly read and display, it is determined that the website currently accessed by the terminal is secure, otherwise, it is regarded as an illegal website, and an alarm or interception is performed. It can be seen that because of the particularity and unique characteristics of personalized information, phishing websites cannot display interfaces with personalized information, which can effectively prevent the possibility of hijacking of human-computer interface by phishing websites, and ensure sensitive information of users. The security of mobile terminal transactions.
基于相同的技术构思,本申请实施例提供另一种电子设备。图7为本发明提供的电子设备的结构示意图,该电子设备500包括:收发器501、处理器502、存储器503、总线系统504和显示器505;Based on the same technical concept, the embodiment of the present application provides another electronic device. 7 is a schematic structural diagram of an electronic device provided by the present invention, the electronic device 500 includes: a transceiver 501, a processor 502, a memory 503, a bus system 504, and a display 505;
其中,存储器503,用于存放程序。具体地,程序可以包括程序代码,程序代码包括计算机操作指令。存储器503可能为随机存取存储器(random access memory,简称RAM),也可能为非易失性存储器(non-volatile memory),例如至少一个磁盘存储器。图中仅示出了一个存储器,当然,存储器也可以根据需要,设置为多个。存储器503也可以是处理器502中的存储器。The memory 503 is used to store a program. In particular, the program can include program code, the program code including computer operating instructions. The memory 503 may be a random access memory (RAM) or a non-volatile memory, such as at least one disk storage. Only one memory is shown in the figure, of course, the memory can also be set to a plurality as needed. Memory 503 can also be a memory in processor 502.
存储器503存储了如下的元素,可执行模块或者数据结构,或者它们的子集,或者它们的扩展集:The memory 503 stores the following elements, executable modules or data structures, or a subset thereof, or an extended set thereof:
操作指令:包括各种操作指令,用于实现各种操作。Operation instructions: include various operation instructions for implementing various operations.
操作系统:包括各种系统程序,用于实现各种基础业务以及处理基于硬 件的任务。Operating system: includes various system programs for implementing various basic services and processing based on hard The task of the piece.
上述本申请实施例揭示的方法可以应用于处理器502和显示器505中,或者说由处理器502和显示器505实现。处理器502可能是一种集成电路芯片,具有信号的处理能力。在实现过程中,上述方法的各步骤可以通过处理器502中的硬件的集成逻辑电路或者软件形式的指令完成。上述的处理器502可以是通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。可以实现或者执行本申请实施例中的公开的各方法、步骤及逻辑框图。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。结合本申请实施例所公开的方法的步骤可以直接体现为硬件译码处理器执行完成,或者用译码处理器中的硬件及软件模块组合执行完成。软件模块可以位于随机存储器,闪存、只读存储器,可编程只读存储器或者电可擦写可编程存储器、寄存器等本领域成熟的存储介质中。该存储介质位于存储器503,处理器502读取存储器503中的信息,结合其硬件执行以下步骤:The method disclosed in the above embodiments of the present application may be applied to the processor 502 and the display 505, or implemented by the processor 502 and the display 505. Processor 502 may be an integrated circuit chip with signal processing capabilities. In the implementation process, each step of the above method may be completed by an integrated logic circuit of hardware in the processor 502 or an instruction in a form of software. The processor 502 described above may be a general purpose processor, a digital signal processor (DSP), an application specific integrated circuit (ASIC), a field programmable gate array (FPGA) or other programmable logic device, a discrete gate or transistor logic device, or discrete hardware. Component. The methods, steps, and logical block diagrams disclosed in the embodiments of the present application can be implemented or executed. The general purpose processor may be a microprocessor or the processor or any conventional processor or the like. The steps of the method disclosed in the embodiments of the present application may be directly implemented by the hardware decoding processor, or may be performed by a combination of hardware and software modules in the decoding processor. The software module can be located in a conventional storage medium such as random access memory, flash memory, read only memory, programmable read only memory or electrically erasable programmable memory, registers, and the like. The storage medium is located in the memory 503, and the processor 502 reads the information in the memory 503 and performs the following steps in conjunction with its hardware:
所述收发器501,用于发送个性化信息请求消息;并接收用户输入的所述个性化信息;The transceiver 501 is configured to send a personalized information request message; and receive the personalized information input by a user;
所述存储器503,用于将所述个性化信息存储在本地的安全存储区域;The memory 503 is configured to store the personalized information in a local secure storage area;
所述处理器502,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;The processor 502 is configured to read personalized information of the application when the application is started, where the personalized information is dedicated information set for the application when the application is installed;
所述显示器505,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。The display 505 is configured to prompt the security status of the application according to the personalized information when displaying the human-computer interaction interface of the application.
可选的,所述处理器502还用于:从应用服务器上获取所述应用程序的安装包;Optionally, the processor 502 is further configured to: obtain an installation package of the application from an application server;
在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。 In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
可选的,所述处理器502还用于设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。Optionally, the processor 502 is further configured to set an access right of the secure storage area, so that the application reads the personalized information from the secure storage area at startup.
进一步地,,所述显示器505具体用于:在所述应用程序的登录界面中显示所述个性化信息;Further, the display 505 is specifically configured to: display the personalized information in a login interface of the application;
或者,根据所述个性化信息生成安全标志,在所述应用程序的登录界面中显示所述安全标志。Alternatively, a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
其中,所述个性化信息包括如下信息中的至少一种:用户的身份标识;The personalized information includes at least one of the following information: an identity of the user;
用户的头像信息;用户的个性签名;用户的虹膜;User's avatar information; user's personalized signature; user's iris;
用户的声纹;用户的指纹;在所述应用程序启动前的最后一次通信信息;User's voiceprint; user's fingerprint; last communication information before the application is launched;
在所述应用程序启动前的最后一次访问信息。The last access information before the application was launched.
本发明实施例的电子设备以多种形式存在,包括但不限于:The electronic device of the embodiment of the invention exists in various forms, including but not limited to:
(1)移动通信设备:这类设备的特点是具备移动通信功能,并且以提供话音、数据通信为主要目标。这类设备包括:智能手机(例如iPhone)、多媒体手机、功能性手机,以及低端手机等。(1) Mobile communication devices: These devices are characterized by mobile communication functions and are mainly aimed at providing voice and data communication. Such devices include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
(2)超移动个人计算机设备:这类设备属于个人计算机的范畴,有计算和处理功能,一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等,例如iPad。(2) Ultra-mobile personal computer equipment: This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has mobile Internet access. Such terminals include: PDAs, MIDs, and UMPC devices, such as the iPad.
(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器(例如iPod),掌上游戏机,电子书,以及智能玩具和便携式车载导航设备。(3) Portable entertainment devices: These devices can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, and smart toys and portable car navigation devices.
(4)服务器:提供计算服务的设备,服务器的构成包括处理器、硬盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供高可靠的服务,因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(4) Server: A device that provides computing services. The server consists of a processor, a hard disk, a memory, a system bus, etc. The server is similar to a general-purpose computer architecture, but because of the need to provide highly reliable services, processing power and stability High reliability in terms of reliability, security, scalability, and manageability.
(5)其他具有数据交互功能的电子装置。(5) Other electronic devices with data interaction functions.
本领域技术人员可以理解实现上述实施例方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序存储在一个存储介质中,包括 若干指令用以使得一个设备(可以是单片机,芯片等)或处理器(processor)执行本申请各个实施例方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Those skilled in the art can understand that all or part of the steps in implementing the above embodiments may be completed by a program instructing related hardware, and the program is stored in a storage medium, including The instructions are used to cause a device (which may be a microcontroller, chip, etc.) or a processor to perform all or part of the steps of the various embodiments of the present application. The foregoing storage medium includes: a U disk, a mobile hard disk, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk, and the like. .
另外,本发明还提供一种非暂态计算机可读存储介质,所述非暂态计算机可读存储介质存储计算机指令,所述计算机指令用于使所述计算机执行上述任一项所述的防止人机交互界面劫持方法。Further, the present invention provides a non-transitory computer readable storage medium storing computer instructions for causing the computer to perform the prevention described in any of the above Human-computer interaction interface hijacking method.
另外,本发明还提供一种计算机程序产品,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括程序指令,当所述程序指令被计算机执行时,使所述计算机执行上述任一项所述的防止人机交互界面劫持方法。Additionally, the present invention also provides a computer program product comprising a computing program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions, when the program instructions are executed by a computer And causing the computer to perform the human-computer interaction interface hijacking method according to any one of the above.
尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例作出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。While the preferred embodiment of the invention has been described, it will be understood that Therefore, the appended claims are intended to be interpreted as including the preferred embodiments and the modifications and
显然,本领域的技术人员可以对本发明进行各种改动和变型而不脱离本发明的精神和范围。这样,倘若本发明的这些修改和变型属于本发明权利要求及其等同技术的范围之内,则本发明也意图包含这些改动和变型在内。 It is apparent that those skilled in the art can make various modifications and variations to the invention without departing from the spirit and scope of the invention. Thus, it is intended that the present invention cover the modifications and modifications of the invention

Claims (17)

  1. 一种防止人机交互界面劫持的方法,其特征在于,该方法包括:A method for preventing hijacking of a human-computer interaction interface, characterized in that the method comprises:
    在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;Reading personalization information of the application when launching the application, the personalized information being dedicated information set for the application when the application is installed;
    显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。When the human-computer interaction interface of the application is displayed, the security status of the application is prompted according to the personalized information.
  2. 如权利要求1所述的方法,其特征在于,所述在启动应用程序时读取所述应用程序中的个性化信息之前,还包括:The method according to claim 1, wherein the reading of the personalized information in the application when the application is launched further comprises:
    从应用服务器上获取所述应用程序的安装包;Obtaining an installation package of the application from an application server;
    在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
  3. 如权利要求2所述的方法,其特征在于,在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序,包括:The method of claim 2, wherein said personalization information is written to said application or said personalized information is written to said installation package during installation of said application The application's launcher, including:
    发送个性化信息请求消息;Sending a personalized information request message;
    接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;Receiving the personalized information input by the user, and storing the personalized information in a local secure storage area;
    设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。Setting an access right of the secure storage area to cause the application to read the personalized information from the secure storage area upon startup.
  4. 如权利要求1所述的方法,其特征在于,所述显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况,包括:The method according to claim 1, wherein when the human-machine interaction interface of the application is displayed, the security status of the application is prompted according to the personalized information, including:
    显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述用户账户的安全状况,包括:When the human-computer interaction interface of the application is displayed, the security status of the user account is prompted according to the personalized information, including:
    在所述应用程序的登录界面中显示所述个性化信息;Displaying the personalized information in a login interface of the application;
    或者,or,
    根据所述个性化信息生成安全标志; Generating a security mark based on the personalized information;
    在所述应用程序的登录界面中显示所述安全标志。The security flag is displayed in a login interface of the application.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述个性化信息包括如下信息中的至少一种:The method according to any one of claims 1 to 4, wherein the personalized information comprises at least one of the following information:
    用户的身份标识;User's identity;
    用户的头像信息;User's avatar information;
    用户的个性签名;User's signature;
    用户的虹膜;User's iris;
    用户的声纹;User's voiceprint;
    用户的指纹;User's fingerprint;
    在所述应用程序启动前的最后一次通信信息;The last communication message before the application was started;
    在所述应用程序启动前的最后一次访问信息。The last access information before the application was launched.
  6. 一种防止人机交互界面劫持的装置,其特征在于,该装置包括:A device for preventing hijacking of a human-computer interaction interface, characterized in that the device comprises:
    读取单元,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;a reading unit, configured to read personalized information of the application when launching an application, where the personalized information is dedicated information set for the application when the application is installed;
    显示单元,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。And a display unit, configured to: when the human-computer interaction interface of the application is displayed, prompt the security status of the application according to the personalized information.
  7. 如权利要求6所述的装置,其特征在于,还包括:The device of claim 6 further comprising:
    个性化信息处理单元,用于从应用服务器上获取所述应用程序的安装包;a personalized information processing unit, configured to obtain an installation package of the application from an application server;
    在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
  8. 如权利要求7所述的装置,其特征在于,所述个性化信息处理单元具体用于:The device according to claim 7, wherein the personalized information processing unit is specifically configured to:
    发送个性化信息请求消息;Sending a personalized information request message;
    接收用户输入的所述个性化信息,并将所述个性化信息存储在本地的安全存储区域;Receiving the personalized information input by the user, and storing the personalized information in a local secure storage area;
    设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。 Setting an access right of the secure storage area to cause the application to read the personalized information from the secure storage area upon startup.
  9. 如权利要求6所述的装置,其特征在于,所述显示单元具体用于:The device according to claim 6, wherein the display unit is specifically configured to:
    在所述应用程序的登录界面中显示所述个性化信息;Displaying the personalized information in a login interface of the application;
    或者,or,
    根据所述个性化信息生成安全标志;Generating a security mark based on the personalized information;
    在所述应用程序的登录界面中显示所述安全标志。The security flag is displayed in a login interface of the application.
  10. 如权利要求6至9任一项所述的装置,其特征在于,所述个性化信息包括如下信息中的至少一种:The apparatus according to any one of claims 6 to 9, wherein the personalized information comprises at least one of the following information:
    用户的身份标识;User's identity;
    用户的头像信息;User's avatar information;
    用户的个性签名;User's signature;
    用户的虹膜;User's iris;
    用户的声纹;User's voiceprint;
    用户的指纹;User's fingerprint;
    在所述应用程序启动前的最后一次通信信息;The last communication message before the application was started;
    在所述应用程序启动前的最后一次访问信息。The last access information before the application was launched.
  11. 一种电子设备,其特征在于,包括:处理器、显示器;An electronic device, comprising: a processor and a display;
    所述处理器,用于在启动应用程序时读取所述应用程序的个性化信息,所述个性化信息为所述应用程序安装时针对所述应用程序设置的专用信息;The processor is configured to read personalized information of the application when launching an application, where the personalized information is dedicated information set for the application when the application is installed;
    所述显示器,用于显示所述应用程序的人机交互界面时,根据所述个性化信息提示所述应用程序的安全状况。The display, when used to display the human-computer interaction interface of the application, prompts the security status of the application according to the personalized information.
  12. 如权利要求11所述的电子设备,其特征在于,所述处理器还用于:The electronic device according to claim 11, wherein the processor is further configured to:
    从应用服务器上获取所述应用程序的安装包;Obtaining an installation package of the application from an application server;
    在所述应用程序的安装包进行安装的过程中,将所述个性化信息写入所述应用程序或将所述个性化信息写入所述应用程序的启动程序。In the process of installing the installation package of the application, the personalized information is written into the application or the personalized information is written into the startup program of the application.
  13. 如权利要求12所述的电子设备,其特征在于,所述电子设备还包括收发器、存储器;The electronic device according to claim 12, wherein the electronic device further comprises a transceiver and a memory;
    所述收发器用于:发送个性化信息请求消息;并接收用户输入的所述个 性化信息;The transceiver is configured to: send a personalized information request message; and receive the user input Sexualized information;
    所述存储器,用于将所述个性化信息存储在本地的安全存储区域;The memory is configured to store the personalized information in a local secure storage area;
    所述处理器还用于设定所述安全存储区域的访问权限,以使所述应用程序在启动时从所述安全存储区域读取所述所述个性化信息。The processor is further configured to set an access right of the secure storage area, so that the application reads the personalized information from the secure storage area at startup.
  14. 如权利要求11所述的电子设备,其特征在于,所述显示器具体用于:The electronic device according to claim 11, wherein the display is specifically configured to:
    在所述应用程序的登录界面中显示所述个性化信息;Displaying the personalized information in a login interface of the application;
    或者,根据所述个性化信息生成安全标志,在所述应用程序的登录界面中显示所述安全标志。Alternatively, a security flag is generated according to the personalized information, and the security flag is displayed in a login interface of the application.
  15. 如权利要求11至14任一项所述的电子设备,其特征在于,所述个性化信息包括如下信息中的至少一种:The electronic device according to any one of claims 11 to 14, wherein the personalized information comprises at least one of the following information:
    用户的身份标识;User's identity;
    用户的头像信息;User's avatar information;
    用户的个性签名;User's signature;
    用户的虹膜;User's iris;
    用户的声纹;User's voiceprint;
    用户的指纹;User's fingerprint;
    在所述应用程序启动前的最后一次通信信息;The last communication message before the application was started;
    在所述应用程序启动前的最后一次访问信息。The last access information before the application was launched.
  16. 一种非暂态计算机存储介质,其特征在于,所述非暂态计算机可读存储介质存储有计算机可执行指令,所述计算机可执行指令用于使所述计算机执行权利要求1至5任一项所述的方法。A non-transitory computer storage medium, characterized in that the non-transitory computer readable storage medium stores computer executable instructions for causing the computer to perform any of claims 1 to 5 The method described in the item.
  17. 一种计算机程序产品,其特征在于,所述计算机程序产品包括存储在非暂态计算机可读存储介质上的计算程序,所述计算机程序包括所述计算机可执行指令,当所述计算机可执行指令被计算机执行时,使所述计算机执行权利要求1至5任一项所述的方法。 A computer program product, comprising: a computing program stored on a non-transitory computer readable storage medium, the computer program comprising the computer executable instructions, when the computer executable instructions When executed by a computer, the computer is caused to perform the method of any one of claims 1 to 5.
PCT/CN2016/108656 2015-12-15 2016-12-06 Method and apparatus for preventing human-machine interaction interface from being hijacked WO2017101706A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510937599.6A CN105933269B (en) 2015-12-15 2015-12-15 Method and device for preventing man-machine interaction interface hijacking
CN201510937599.6 2015-12-15

Publications (1)

Publication Number Publication Date
WO2017101706A1 true WO2017101706A1 (en) 2017-06-22

Family

ID=56840037

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/108656 WO2017101706A1 (en) 2015-12-15 2016-12-06 Method and apparatus for preventing human-machine interaction interface from being hijacked

Country Status (2)

Country Link
CN (1) CN105933269B (en)
WO (1) WO2017101706A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105933269B (en) * 2015-12-15 2020-05-01 中国银联股份有限公司 Method and device for preventing man-machine interaction interface hijacking

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103825999A (en) * 2012-11-19 2014-05-28 腾讯科技(深圳)有限公司 Application program function display method and device
CN104469768A (en) * 2014-11-06 2015-03-25 中国联合网络通信集团有限公司 User identity verifying method and device based on application software
CN104504324A (en) * 2014-12-03 2015-04-08 深圳市深信服电子科技有限公司 Mobile application certification strengthening method and system
CN104835042A (en) * 2015-04-30 2015-08-12 北京奇虎科技有限公司 Method, apparatus and mobile terminal for improving payment security
CN105933269A (en) * 2015-12-15 2016-09-07 中国银联股份有限公司 Method and device for preventing man-machine interaction interface hijacking

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9021468B1 (en) * 2010-05-18 2015-04-28 Google Inc. Bundling extension installation with web browser installation
CN104753883B (en) * 2013-12-30 2017-01-25 腾讯科技(深圳)有限公司 interface display method, device and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103825999A (en) * 2012-11-19 2014-05-28 腾讯科技(深圳)有限公司 Application program function display method and device
CN104469768A (en) * 2014-11-06 2015-03-25 中国联合网络通信集团有限公司 User identity verifying method and device based on application software
CN104504324A (en) * 2014-12-03 2015-04-08 深圳市深信服电子科技有限公司 Mobile application certification strengthening method and system
CN104835042A (en) * 2015-04-30 2015-08-12 北京奇虎科技有限公司 Method, apparatus and mobile terminal for improving payment security
CN105933269A (en) * 2015-12-15 2016-09-07 中国银联股份有限公司 Method and device for preventing man-machine interaction interface hijacking

Also Published As

Publication number Publication date
CN105933269A (en) 2016-09-07
CN105933269B (en) 2020-05-01

Similar Documents

Publication Publication Date Title
US11405386B2 (en) Electronic device for authenticating user and operating method thereof
AU2016247162B2 (en) Methods and systems for improving the accuracy performance of authentication systems
US9083701B2 (en) Method for providing active security authentication, and terminal and system supporting same
WO2017114289A1 (en) Bank-card information authentication method, client terminal, and banking system
WO2014201830A1 (en) Method and device for detecting software-tampering
EP3176719B1 (en) Methods and devices for acquiring certification document
CN112313983A (en) User authentication using companion device
WO2017088745A1 (en) Information processing method and apparatus, and electronic device
WO2017088744A1 (en) Information processing method and device, and electronic equipment
KR20170049317A (en) Apparatus and method for authenticating using speech recognition
TWI697860B (en) Information sharing method, device and electronic equipment
CN112260983B (en) Identity authentication method, device, equipment and computer readable storage medium
WO2017101706A1 (en) Method and apparatus for preventing human-machine interaction interface from being hijacked
CN112740209A (en) Electronic device providing service by using secure element and method of operating the same
US10659599B2 (en) Certificate loading method and related product
US9426144B1 (en) Single sign-on service security protections
CN114741679A (en) Identity information verification method, device and storage medium
CN115080975A (en) Data transmission method and device
KR20150106140A (en) Hardware security module and operation method thereof
CN111625801A (en) Security protection method and device based on biological characteristics

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16874763

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16874763

Country of ref document: EP

Kind code of ref document: A1