CN101267311B - A method, device and system for preventing network bank from hijacking data - Google Patents
A method, device and system for preventing network bank from hijacking data Download PDFInfo
- Publication number
- CN101267311B CN101267311B CN2008101040104A CN200810104010A CN101267311B CN 101267311 B CN101267311 B CN 101267311B CN 2008101040104 A CN2008101040104 A CN 2008101040104A CN 200810104010 A CN200810104010 A CN 200810104010A CN 101267311 B CN101267311 B CN 101267311B
- Authority
- CN
- China
- Prior art keywords
- sign indicating
- indicating number
- business data
- key business
- accidental validation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention provides a method, a device and a system for preventing data in an Internet bank from hijacking, the method comprises the steps of: receiving a bank service request and extracting the key service data in the bank service request; generating a random verification code for the key service data; generating a figure which displays the key service data and the random verification code; sending the figure to users and receiving the verification codes input by the users; judging whether the received verification code is as the same as the random verification code contained in the sent figure, if so, performing the sequent bank service processing, if not, terminating the bank service. The technical proposal of the invention adopts the figure technology to protect the important data information of users from juggling, enhancing the security of trade information at the client.
Description
Technical field
The present invention is about the data security field of Web bank, especially in regard to a kind of method, device and system of preventing network bank from hijacking data.
Background technology
Web bank uses and is based upon the Internet and open computing platform, and promptly on the ordinary individual PC, because its opening, there is more security threat in this environment, as virus, wooden horse etc.Under this environment, because the client browser of bank system of web adopts text mode to show the transaction data element, and there be separating in demonstration and the transmission in browser for client's Transaction Information, this will cause certain threat to customer information safety, promptly cause the inconsistent of the actual use information of client's finding information and system.
Rogue programs such as wooden horse can be when screen display, and the data of using the client to wish, but when user end to server sends request, critical data is distorted are as the number of the account that keeps accounts that the client is transferred accounts, go into account name and replace; After server carries out relevant treatment, show the trade confirmation page, rogue program utilization such as wooden horse this moment shows and the separating of transmission, the information that the quilt that server is returned is distorted makes the data that the client wishes again into and shows, the client carries out relevant authentication, submits the validation of information request once more to after importing payment cipher, behind the server end checking client password, to handle according to the information of keeping accounts that the quilt that receives is before distorted, cause the clients fund loss.Because the SSL of the safety that Web bank adopts connects, data are encrypted transmission in network transmission process, and this process is safer, and data tampering described above occurs in this machine of client, are distorting that this machine carries out before and after use SSL transmission.
Instance analysis by above potential safety hazard as can be known, existing Web bank client exists a major reason of potential safety hazard to be, distorted easily in user's critical data that client shows, the data that cause actual transmissions are with to be shown to user's data inconsistent, thereby cause the loss of user's fund.And client browser adopts text mode to show the transaction data element, and the data of these text displays are easy to be hunted down and revise, and further distorting for malice provides convenience.
Application number is 200410074253.X, publication number is CN158884446A, denomination of invention is a kind of method that provides the mode of dynamic encryption to improve network security for the user for " dynamic encrypting device and command identifying method thereof in a kind of network " discloses, and this document merges therewith as prior art file of the present invention.
Summary of the invention
The method, device and the system that the purpose of this invention is to provide a kind of preventing network bank from hijacking data.The present invention utilizes figure to show key business data by graph technology is applied to bank system of web, has significantly reduced the possibility that key business data is discerned and distorted by rogue programs such as wooden horses in client, has improved Web bank's safety of data.
For realizing above goal of the invention, the embodiment of the invention provides a kind of method of preventing network bank from hijacking data, and described method comprises: extract the key business data in the banking request; For described key business data generates the accidental validation sign indicating number; Generation is used to show the figure of the graphical format of described key business data and described accidental validation sign indicating number; Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled; Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines; The figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after will having carried out the torsional deformation processing and having increased the background content processing sends to the user, and receives the identifying code of user's input; Judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then carry out follow-up banking and handle, if difference then stop described banking.
For realizing above goal of the invention, the embodiment of the invention also provides a kind of device of preventing network bank from hijacking data, and described device comprises: the key business data extraction unit, extract the key business data in the banking request; The identifying code generation unit is for described key business data generates the accidental validation sign indicating number; The figure generation unit, generation shows the figure of the graphical format of described key business data and described accidental validation sign indicating number; Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled; Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines; Communication unit, the figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after will having carried out the torsional deformation processing and having increased the background content processing sends to the user, and receives the identifying code of user's input; The identifying code comparing unit, judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then carry out follow-up banking and handle, if difference then stop described banking.
For realizing above goal of the invention, the embodiment of the invention also provides a kind of system of preventing network bank from hijacking data, described system comprises client, Web bank's server and banking processing unit, described client connects described Web bank server by external network, described Web bank server connects described banking processing unit by banking network, described client is used to receive the banking request of user's input, and sends to described Web bank server; Described Web bank server is used for described banking request is transmitted to described banking processing unit; Described banking processing unit is used for described banking request is handled; Described system also comprises and prevents the hijacking data device, connects described banking processing unit; The described hijacking data device that prevents comprises: the key business data extraction unit, extract the key business data in the described banking request; The identifying code generation unit is for described key business data generates the accidental validation sign indicating number; The figure generation unit, generation shows the figure of the graphical format of described key business data and described accidental validation sign indicating number; Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled; Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines; Communication unit, the figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after will having carried out the torsional deformation processing and having increased the background content processing sends to the user, and receives the identifying code of user's input; The identifying code comparing unit, judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then notify described banking processing unit to carry out follow-up banking and handle, if difference then notify described banking processing unit to stop described banking.
The present invention utilizes graph technology, the go to bank safety of significant data of reinforcing network.Confirm in original user profile on the basis of mode, increase graphics mode explicit user significant data, cooperate relevant interference obfuscation simultaneously, assurance client's real trade data and client's screen are checked data consistent.Improve the fail safe of Transaction Information, reduce sensitive data and be identified the risk of being distorted i.e. transaction abduction in client in client.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, does not constitute limitation of the invention.In the accompanying drawings:
Fig. 1 is the systematic schematic diagram of the embodiment of the invention;
Fig. 2 is one of schematic diagram that prevents the hijacking data device of the embodiment of the invention;
Fig. 3 is two of the schematic diagram that prevents the hijacking data device of the embodiment of the invention;
Fig. 4 is three of the schematic diagram that prevents the hijacking data device of the embodiment of the invention;
The detailed schematic diagram of the figure generation unit of Fig. 5 embodiment of the invention;
Fig. 6 prevents the operation principle flow chart of hijacking data for the embodiment of the invention prevents the hijacking data device;
Fig. 7 is the method flow diagram that prevents hijacking data of a kind of reality of the application embodiment of the invention;
Fig. 8 is for using a kind of figure of embodiment of the invention actual displayed.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer,, the present invention is described in further details below in conjunction with execution mode and accompanying drawing.At this, exemplary embodiment of the present invention and explanation thereof are used to explain the present invention, but not as a limitation of the invention.
The embodiment of the invention provides a kind of method, device and system of preventing network bank from hijacking data.When the user carries out Internet-based banking services, adopting graphics mode to show for the user in client user's significant data confirms, this figure not only explicit user important information also is shown as the accidental validation sign indicating number that this time Internet-based banking services generate, the user confirms the user's important information that comprises in the figure, and the accidental validation sign indicating number that shows in the tablet pattern, bank system of web receives this identifying code and judges whether the accidental validation sign indicating number that shows in identifying code that the user imports and the figure is identical, if identical then represent that the data of this banking are believable and proceed follow-up banking and handle; If it is inequality then stop this time banking.
The method of the embodiment of the invention is to utilize graph technology to show the transaction critical data, prevent critical data in client by the identification of rogue programs such as wooden horse and the device distorted.The core of this method is to adopt graphics mode to show transaction data, uses technology such as relevant interference obfuscation and identifying code to improve the fail safe of figure self simultaneously.Use the independent picture request and quote technology such as inspection, anti-buffer memory, guarantee the availability of picture.
Fig. 1 is the systematic schematic diagram of the preventing network bank from hijacking data of present embodiment, and this system has increased on existing bank system of web and prevents the hijacking data device.As shown in Figure 1, this system comprises: client 101, Web bank's server 103, banking processing unit 105 and prevent hijacking data device 106.Wherein: client 101 connects Web bank's server 103 by external network 102; Web bank's server 103 connects banking processing unit 105 by banking network 104; 105 connections of banking processing unit prevent hijacking data device 106.
Client 101 is used to receive the banking request of user's input, and sends to Web bank's server 103; Web bank's server 103 is used for described banking request is transmitted to banking processing unit 105; Banking processing unit 105 is used for described banking request is handled; Prevent hijacking data device 106, be used for that the responsible consumer data of Internet-based banking services are generated figure and confirm to the user, under the situation that only guaranteed responsible consumer data are not distorted just transmitting bank's business processing device 105 proceed banking and handle; If find that data are distorted, then transmitting bank's business processing device 105 stops this banking.
Fig. 2 is one of schematic diagram that prevents in hijacking data device 106.As shown in the figure, prevent that hijacking data device 106 from comprising: communication unit 201, be used to receive the banking request, in the present embodiment, this request is transmitted by the banking processing unit.Key business data extraction unit 202 is used for extracting the key business data of described banking request.In the present embodiment, extract different key business data for different business: as transfer accounts, the transaction of exchange rate class, extract and change number of the account over to, change name in an account book over to, the amount of money; Buy the transaction of the product or the class of signing an agreement, then extract key messages such as protocol name, name of product.The information content is unit with the field, dynamically obtains from the banking request, guarantees the correct transaction security that just can effectively protect the client of key message of every business.
Identifying code generation unit 203 is used to described key business data to generate the accidental validation sign indicating number.This element is mainly used in and prevents that figure is forged.Identifying code is the sequence by visual character combinations such as upper and lower case letter, numerals.Identifying code is at random, and the identifying code of each graphical display all is to obtain by random device.An identifying code can only be used once, and is deleted at once after the identifying code checking, will point out mistake when using same identifying code to carry out multiple authentication.
Fig. 3 be prevent hijacking data device 106 schematic diagram two.Different with Fig. 2 is that the communication unit 201 of Fig. 3 also is used to receive the graphical display request, sends this graphical display request by the banking processing unit in the present embodiment.The hijacking data device 106 that prevents of Fig. 3 also comprises graphical display requesting processing 206, is used to extract the initiator information of described graphical display request; Judge whether described initiator is bank system of web; If then extract key business data, generate the accidental validation sign indicating number, and generate the figure that shows described key business data and described accidental validation sign indicating number; If not, then refuse described graphical display request.
Graphical display requesting processing 206 is used to check the validity of figure request.Utilize the referer attribute of HTTP head in the graphical display request, check the promoter of request, only could ask display graphics, promptly carry out the door chain inspection with the Net silver system.Banking processing unit 105 needs following cooperation this element: use independently HTTPS request acquisition figure on the transaction page of banking processing 105, initiated separately by the graphical display area on the affirmation transaction page, the IFRAME framework is used in this graphics field.This IFRAME is carried out the not setting of buffer memory figure, and promptly each figure request all is new, guarantees the discrete visit actions such as retreating, refresh of client in the page browsing process, all obtains new figure.
Fig. 4 be prevent hijacking data device 106 schematic diagram three.Different with Fig. 3 is that Fig. 4 also comprises timing trigger unit 207, for the accidental validation sign indicating number that is generated is provided with effective time; If arrive described effective time, then requests verification sign indicating number generation unit 203 regenerates the accidental validation sign indicating number, and demand graph generation unit 204 regenerates described figure according to the accidental validation sign indicating number and the described key business data that regenerate.This timing trigger unit 207 is for identifying code is provided with the term of validity, and the identifying code that exceeds the time limit will go out of use; User's input validation sign indicating number before the deadline confirms to submit to.Being provided with of this term of validity increased the difficulty that rogue programs such as wooden horse are discerned and distorted figure, and wooden horse can only be finished identification before the deadline and distort.
Fig. 5 is the detailed schematic diagram of figure generation unit 204.As shown in the figure, figure generation unit 204 comprises displaying contents structural unit 501, is used for according to described key business data and described accidental validation sign indicating number constructing graphic displaying contents, as the mode of composition of determining key business data and accidental validation sign indicating number etc.
Display effect is provided with unit 502, is used for the display effect of described displaying contents is provided with.This element twists the key business data and the verification code information that show on the figure, be out of shape, and exhaust position at random, increases interference element simultaneously, and reaching human eye can discern, and the impalpable display effect of rogue programs such as wooden horse.Information on the figure is out of shape demonstration, as using multiple fonts at random, carries out the demonstration of overstriking, italic or correlation combiner at random, and the relevant distortion of use converting algorithm carries out the distortion demonstration of whole figure etc.Exhaust position can prevent effectively that figure from being cut and reducing by rogue programs such as wooden horses at random, again because the client must tell identifying code input, then forces the client necessarily to check information on the figure.Increase to disturb content in addition, as interfering line etc.; Use abundant color to disturb, be convenient to human eye identification, but increase the difficulty of computer Recognition.
Display background adding device 503 is used to described displaying contents to add background.This element is used to prevent that wooden horse or rogue program from cutting, reducing figure, and then carries out composite assembly and become dummy pattern to cheat the client.Increase background content on the figure, as the background lines of background patterns or similar bank note, its pattern exists certain continuity and logicality, and for example, Background just can be used the logo of industrial and commercial bank, and lines is just with horizontal line, vertical line, oblique line, wave etc.
Display format selected cell 504 is used for selecting at random a kind of graphical format to generate the figure that comprises described displaying contents and background.This element is used for selecting at random graphical format.Dynamically use the different graphic form, as use BMP, JPG, forms such as PNG carry out the demonstration of graphical content.Graphical format at random, the difficulty that has increased the identification of rogue programs such as wooden horse and distorted figure, but be transparent for the client, the effect that the client sees on screen is the same, this is provided with the consistency that had both guaranteed the graphic style style, increases the difficulty that identification is distorted again.
Fig. 6 prevents the operation principle flow chart of hijacking data for the present invention prevents the hijacking data device.
Step S601 receives the graphical display request, in a better embodiment, initiates the HTTPS request separately by the graphical display area on the affirmation transaction page of banking processing unit 105, and the IFRAME framework is used in this graphics field.This IFRAME is carried out the not setting of buffer memory figure, and promptly each graphical display request all is new, guarantees the discrete visit actions such as retreating, refresh of client in the page browsing process, all obtains new figure.
Whether step S602 judges this request from the Net silver system, if not then entering step S603 from the Net silver system; If from the Net silver system then enter step S604.In a better embodiment, can utilize the referer attribute of HTTP head in the graphical display request, check the promoter of request.
Step S603 if not from the Net silver system, then refuses this graphical display request.
If step S604 from the Net silver system, then extracts key business data from user's banking request.These key business data are according to different types of transaction and difference.As transfer accounts, exchange rate class transaction, extract and change number of the account over to, change name in an account book over to, the amount of money; Buy the transaction of the product or the class of signing an agreement, then extract key messages such as protocol name, name of product.The information content is unit with the field, dynamically obtains from the banking request, guarantees the correct transaction security that just can effectively protect the client of key message of every business.
Step S605 generates the accidental validation sign indicating number.This accidental validation sign indicating number will return to the user as the part of figure together with key business data.Identifying code can be the sequence by visual character combinations such as upper and lower case letter, numerals.Identifying code is at random, and the identifying code of each graphical display all is to obtain by random device.An identifying code can only be used once, and is deleted at once after the identifying code checking, will point out mistake when using same identifying code to carry out multiple authentication.
Step S606 judges that whether the identifying code that is generated has surpassed the term of validity, regenerates identifying code if surpassed the term of validity then returned step S605; If do not have the term of validity then entered step S607.Being provided with of this term of validity increased the difficulty that rogue programs such as wooden horse are discerned and distorted figure, and wooden horse can only be finished identification before the deadline and distort.
Step S607 returns the user according to key business data and accidental validation sign indicating number generation figure, and receives the identifying code of user's input.This figure generative process comprises: according to described key business data and described accidental validation sign indicating number constructing graphic displaying contents; Display effect to described displaying contents is provided with; For described displaying contents adds background; And select a kind of graphical format to generate at random to comprise the described figure of stating displaying contents and background.
Step S608, relatively whether the identifying code that produces at random that shows of the identifying code of user's input and picture is identical, if identical then carry out the subsequent banks Business Processing; If it is inequality then stop this banking.
Fig. 7 is the method flow diagram that prevents hijacking data of a kind of reality of the application embodiment of the invention.
Step 701: the user is typing transaction data and submission on client 101;
Step 702: Web bank's server 103 is transmitted the banking request to banking processing unit 105;
Step 703: banking processing unit 105 is checked the data validity and the echo Transaction Information affirmation page;
Step 704: the trade prevention of the affirmation page of client 101 is kidnapped graphical display area and is initiated the graphical display request automatically;
Step 705: Web bank's server 103 is transmitted the graphical display request to banking processing unit 105;
Step 706: the legitimacy that prevents hijacking data device inspection graphical display request source;
Step 707: prevent that the hijacking data device from determining key business data according to user's transaction data;
Step 708: generate the accidental validation sign indicating number;
Step 709: image content and picture format that need to determine formation;
Step 710: add figure ground;
Step 711: the graphical display effect is set, and will returns to the user through the figure of above processing;
Step 712: the figure of customer inspection echo, and input validation sign indicating number;
Step 713: identifying code issued by the banking processing unit prevent the hijacking data device;
Step 714: checking is by then carrying out the subsequent banks Business Processing, otherwise stops this banking.
Fig. 8 is for using a kind of figure of embodiment of the invention actual displayed.
Authentic and valid in order to guarantee the data that Business Processing uses, embody the real wish of user, the information of avoiding the user to submit to or confirming is distorted before and after client transmissions by rogue programs such as wooden horses, the embodiment of the invention provides a kind of solution of lightweight, promptly uses graphics mode to show the transaction key message.This kind mode drops into little, but can significantly reduce the possibility that client-side information is identified and distorted, and improves the fail safe of Transaction Information in client; And without processing such as the extra installation procedure of client or the upgradings of being correlated with, customer transaction flow process and use habit are consistent substantially, are easy to the user and accept.
Above-described embodiment; purpose of the present invention, technical scheme and beneficial effect are further described; institute is understood that; the above only is the specific embodiment of the present invention; and be not intended to limit the scope of the invention; within the spirit and principles in the present invention all, any modification of being made, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the method for a preventing network bank from hijacking data is characterized in that, described method comprises:
Receive the banking request and extract key business data in the described banking request;
For described key business data generates the accidental validation sign indicating number;
Generation is used to show the figure of the graphical format of described key business data and described accidental validation sign indicating number;
Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled;
Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines;
The figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after will having carried out the torsional deformation processing and having increased the background content processing sends to the user, and receives the identifying code of user's input;
Judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then carry out follow-up banking and handle, if difference then stop described banking.
2. method according to claim 1 is characterized in that, described method also comprises:
Receive the graphical display request;
Extract the initiator information of described graphical display request;
Judge whether described initiator is bank system of web; If then generate the figure that shows described key business data and described accidental validation sign indicating number; If not, then refuse described graphical display request.
3. method according to claim 1 is characterized in that, generates the figure that shows described key business data and described accidental validation sign indicating number, comprising:
According to described key business data and described accidental validation sign indicating number constructing graphic displaying contents;
Display effect to described displaying contents is provided with;
For described displaying contents adds background;
Select a kind of graphical format to generate the figure that comprises described displaying contents and background at random.
4. method according to claim 1 is characterized in that, described method also comprises:
For the accidental validation sign indicating number that is generated is provided with effective time;
If arrive described effective time, then request regenerates the accidental validation sign indicating number, and regenerates described figure according to accidental validation sign indicating number that regenerates and described key business data.
5. the device of a preventing network bank from hijacking data is characterized in that, described device comprises:
Communication unit is used to receive the banking request;
The key business data extraction unit is used for extracting the key business data of described banking request;
The identifying code generation unit is used to described key business data to generate the accidental validation sign indicating number;
The figure generation unit is used to generate the figure of the graphical format that shows described key business data and described accidental validation sign indicating number; Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled; Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines;
Described communication unit, also be used for the figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after having carried out the torsional deformation processing and having increased the background content processing is sent to the user, and the identifying code that receives user's input;
The identifying code comparing unit, judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then carry out follow-up banking and handle, if difference then stop described banking.
6. device according to claim 5 is characterized in that, described communication unit also is used to receive the graphical display request; Described device also comprises: the graphical display requesting processing;
Described graphical display requesting processing is used to extract the initiator information of described graphical display request; Judge whether described initiator is bank system of web; If then generate the figure that shows described key business data and described accidental validation sign indicating number; If not, then refuse described graphical display request.
7. device according to claim 5 is characterized in that, described figure generation unit comprises:
The displaying contents structural unit is according to described key business data and described accidental validation sign indicating number constructing graphic displaying contents;
Display effect is provided with the unit, and the display effect of described displaying contents is provided with;
The display background adding device is for described displaying contents adds background;
The display format selected cell selects a kind of graphical format to generate the figure that comprises described displaying contents and background at random.
8. device according to claim 5 is characterized in that, described device also comprises:
Timing trigger unit is for the accidental validation sign indicating number that is generated is provided with effective time; If arrive described effective time, then request regenerates the accidental validation sign indicating number, and regenerates described figure according to accidental validation sign indicating number that regenerates and described key business data.
9. the system of a preventing network bank from hijacking data, described system comprises client, Web bank's server and banking processing unit, described client connects described Web bank server by external network, described Web bank server connects described banking processing unit by banking network, described client, be used to receive the banking request of user's input, and send to described Web bank server; Described Web bank server is used for described banking request is transmitted to described banking processing unit; Described banking processing unit is used for described banking request is handled; It is characterized in that described system also comprises and prevents the hijacking data device, connects described banking processing unit; The described hijacking data device that prevents comprises:
Communication unit is used to receive the banking request;
The key business data extraction unit is used for extracting the key business data of described banking request;
The identifying code generation unit is used to described key business data to generate the accidental validation sign indicating number;
The figure generation unit is used to generate the figure of the graphical format that shows described key business data and described accidental validation sign indicating number; Key business data that described figure and described figure are comprised and accidental validation sign indicating number carry out torsional deformation to be handled; Figure after the torsional deformation processing is increased the processing of the background content that comprises background patterns and background lines;
Described communication unit, also be used for the figure of the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines after having carried out the torsional deformation processing and having increased the background content processing is sent to the user, and the identifying code that receives user's input;
The identifying code comparing unit, judge whether the accidental validation sign indicating number that comprises in the figure of identifying code that is received and the graphical format that comprises key business data, accidental validation sign indicating number, background patterns and background lines that is sent is identical, if identical then carry out follow-up banking and handle, if difference then stop described banking.
10. system according to claim 9 is characterized in that, described communication unit also is used to receive the graphical display request; The described hijacking data device that prevents also comprises: the graphical display requesting processing;
Described graphical display requesting processing is used to extract the initiator information of described graphical display request; Judge whether described initiator is bank system of web; If then generate the figure that shows described key business data and described accidental validation sign indicating number; If not, then refuse described graphical display request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101040104A CN101267311B (en) | 2008-04-14 | 2008-04-14 | A method, device and system for preventing network bank from hijacking data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2008101040104A CN101267311B (en) | 2008-04-14 | 2008-04-14 | A method, device and system for preventing network bank from hijacking data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101267311A CN101267311A (en) | 2008-09-17 |
| CN101267311B true CN101267311B (en) | 2010-10-06 |
Family
ID=39989464
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2008101040104A Active CN101267311B (en) | 2008-04-14 | 2008-04-14 | A method, device and system for preventing network bank from hijacking data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101267311B (en) |
Families Citing this family (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102281138B (en) * | 2010-06-12 | 2014-05-07 | 国民技术股份有限公司 | Method and system for improving safety of verification code |
| CN102761580B (en) * | 2011-04-29 | 2015-06-17 | 阿里巴巴集团控股有限公司 | Information safety processing method, processing server and processing client side |
| CN102542453B (en) * | 2011-12-27 | 2015-09-30 | 大唐微电子技术有限公司 | Mobile payment identity verification method |
| CN102663317B (en) * | 2012-03-05 | 2016-07-27 | 浪潮通用软件有限公司 | Business paper and critical data circulation process security hardening system |
| CN103268447B (en) * | 2013-05-10 | 2016-03-02 | 广东欧珀移动通信有限公司 | A kind of anti-fishing method and system |
| CN104298912B (en) * | 2013-07-15 | 2018-12-11 | 深圳市腾讯计算机系统有限公司 | Anti- identifying code implementation method, generation method and the device cracked |
| CN104660555B (en) * | 2013-11-19 | 2019-05-03 | 腾讯科技(深圳)有限公司 | A kind of confirmation processing method, relevant apparatus and system |
| CN104125234A (en) * | 2014-08-06 | 2014-10-29 | 沈文策 | Method and system for dynamic image security verification |
| CN104463605A (en) * | 2014-12-19 | 2015-03-25 | 百度在线网络技术(北京)有限公司 | Coupon code anti-cheating method and device |
| CN105634739B (en) * | 2015-04-21 | 2019-03-22 | 宇龙计算机通信科技(深圳)有限公司 | The processing method of payment request, the processing unit of payment request and terminal |
| CN106936575A (en) * | 2015-12-29 | 2017-07-07 | 张仁平 | A kind of verification code system for allowing intelligent program to be difficult to |
| CN107016541B (en) * | 2017-04-14 | 2018-07-13 | 桂林微网互联信息技术有限公司 | Encrypted card |
| CN108599944A (en) * | 2018-05-04 | 2018-09-28 | 贵州大学 | A kind of identifying code short message transparent encryption method based on handset identities |
| CN112968912B (en) * | 2021-04-01 | 2023-01-13 | 上海帆立信息科技有限公司 | Multi-mode security verification code method for long-link Internet service |
-
2008
- 2008-04-14 CN CN2008101040104A patent/CN101267311B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN101267311A (en) | 2008-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101267311B (en) | A method, device and system for preventing network bank from hijacking data | |
| US11694200B2 (en) | Secure account creation | |
| US20230162157A1 (en) | System and method having increased security using simple mail transfer protocol emails verified by spf and dkim processes | |
| US9450969B2 (en) | System and method for key challenge validation | |
| CA2901756C (en) | Financial account authentication | |
| CA3008396C (en) | Browser extension for limited-use secure token payment | |
| CA2880608C (en) | Method for generating a code, authorization method and authorization system for authorizing an operation | |
| CN103023638B (en) | A kind of auth method based on mobile terminal and device | |
| US20120137352A1 (en) | Method and system for abstracted and randomized one-time use passwords for transactional authentication | |
| CN106575400A (en) | Authentication system with message conversion | |
| CN104408622B (en) | System and method for realizing electronic transaction confirmation based on independent password equipment | |
| WO2015096800A1 (en) | Data processing method, intermediate server and system | |
| US20140172701A1 (en) | Funds Transfer Using Two Dimensional Barcodes | |
| CN101697220A (en) | Systems and methods for secure pin-based transactions | |
| CN103886456A (en) | Payment system based on dynamic display two-dimension code and implementation method thereof | |
| CN108960820A (en) | A kind of real name identification method based on block chain, system and storage medium | |
| CN106878244B (en) | Authenticity certification information providing method and device | |
| CN101950403A (en) | Data processing method, device and system based on internet banking | |
| CN105516225A (en) | Operation object method, device and system | |
| TWI640938B (en) | Online fund transfer methods and systems | |
| EP2357596A1 (en) | Secure online order confirmation method | |
| CN201985878U (en) | Data processing system based on Internet banking | |
| CN206584404U (en) | A kind of O2O payment administrative systems | |
| CN117236953A (en) | Transaction method and device, storage medium and program product thereof | |
| CN107301598A (en) | The register method and system of a kind of Transaction Account number |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |