CN102469096B - Method for secure loading of browser online bank - Google Patents
Method for secure loading of browser online bank Download PDFInfo
- Publication number
- CN102469096B CN102469096B CN201010552553.XA CN201010552553A CN102469096B CN 102469096 B CN102469096 B CN 102469096B CN 201010552553 A CN201010552553 A CN 201010552553A CN 102469096 B CN102469096 B CN 102469096B
- Authority
- CN
- China
- Prior art keywords
- browser
- safe control
- net silver
- server
- control
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 20
- 238000011068 loading method Methods 0.000 title claims abstract description 9
- BQCADISMDOOEFD-UHFFFAOYSA-N Silver Chemical compound [Ag] BQCADISMDOOEFD-UHFFFAOYSA-N 0.000 claims description 49
- 229910052709 silver Inorganic materials 0.000 claims description 49
- 239000004332 silver Substances 0.000 claims description 49
- 230000001360 synchronised effect Effects 0.000 claims description 12
- 238000001514 detection method Methods 0.000 claims description 8
- 230000003993 interaction Effects 0.000 claims description 7
- 230000036541 health Effects 0.000 claims description 2
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 7
- 241000700605 Viruses Species 0.000 description 4
- 238000009434 installation Methods 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 241000283086 Equidae Species 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 231100000225 lethality Toxicity 0.000 description 1
- 230000003612 virological effect Effects 0.000 description 1
Abstract
The invention provides a method for secure loading of a browser online bank, which comprises the following steps of: judging whether a user needs to log in the online bank by the browser or not; and installing related security controls needed by the online bank when the user needs to log in the online bank.
Description
Technical field
The present invention relates to secure browser field, particularly a kind of browser online bank loading method.
Technical background
Due to the rise of internet, bring a lot of conveniences to the whole operation of bank, operation, traditional bank mainly relies on site to expand the management functions of oneself, expands the field of oneself, existence now owing to there being internet, the whole scope of business of present bank expands much in fact.In fact Web bank provides at any time to client, everywhere by any way, any place, financial service any time.This mode meets the requirement of client, and growth momentum is very swift and violent.
But have employed different safe control for the financial service banking system of each type, the safe control of input is logged in than if any controlling, there is the safe control for certifying digital signature when paying, different operating system even for different user also has corresponding safe control, and anti-phishing plug-in unit etc. is numerous.And incompatible between the space of each bank, when certain bank service uses for first time or use the safe control installation suggestion always running into automatic spring during Net silver in new client environment.Some browser such as IE can not directly install, but needs user's yellow strip notice clicked above screen to allow to install and could install smoothly, and a lot of space also needs user's refresh page just can continue to use after installation terminates.And the list of coming from other website redirects time often this may lose efficacy, and caused needing to regenerate order number etc., bothered very much.
Web bank applies multiple safety precaution mechanism, as multiple safety approachs such as CA digital certificate, fire wall, intrusion detections, is safe theoretically.But this security mechanism is mainly used on server, the safety precaution to client has exactly been neglected by Web bank, many at present trojan horses being similar to " Net silver robber " are all steal user account password by client, thus reach the object that it steals Web bank's fund.
For the most famous " Net silver robber ", virus can create executable file and hook and calling module file in subscriber computer, and edit the registry, can run when system starts.Virus master routine opens 2 timers, and every 3 seconds, timer 1 has checked whether that conventional anti-virus and firewall software run, once find, stop these processes immediately, simultaneously also the viral registry entry of automatic write-back and virus document.Timer 2, every the IE window of 0.5 second search subscriber, if find that user just to go to bank interface at debarkation net, is then attempted stealing registration card number and password.Once success, just the information stolen is saved in shared drive, once again be communicated with network, wooden horse will send to virus authors the user account preserved in shared drive and password by Email.As can be seen here, new trojan horse emerges in an endless stream, and often sometimes the safe control of bank upgrade have certain delayed.Therefore in this time period, the security of subscriber set needs to be fully protected.
And the mode usurping Net silver user profile mostly is and uses the mode of wooden horse to steal user account information, and when user at input accounts information time the most under attack often when.And the Net silver control installing latest edition effectively can avoid the potential safety hazard that uses old version control to bring.
Ensure when therefore the Net silver control of latest edition being installed in time and logging in Net silver that computer security is the two large problems being badly in need of at present solving.
Summary of the invention
In view of this, for solving the problem, the invention provides a kind of method for secure loading of browser online bank.
In order to achieve the above object, the invention provides a kind of method for secure loading of browser online bank, wherein, browser carries out information interaction by internet and ebanking server, and it comprises the following steps: browser judges that user is the need of login ebanking server; When browser detects that user needs to log in Net silver, the up-to-date safe control logged in required for Net silver installed by browser.
Preferably, described browser judges that user comprises the need of the determination methods logged in ebanking server step: browser detection user whether directly opens Net silver login page or whether browser detection current web page jumps to Net silver login page.
Preferably, the up-to-date safe control logged in required for Net silver installed by described browser is the whole safe control be associated with this Net silver.
Preferably, described method comprises further: when browser detects that user needs to carry out security sweep to computing machine when logging in Net silver.
Preferably, described browser at regular intervals synchronous with ebanking server once, obtain the up-to-date safe control of ebanking server.
Preferably, when browser detects that user needs to log in Net silver, the safe control of comparison browser this locality and the safe control of ebanking server, when the safe control of this locality is identical with the safe control of ebanking server, the safe control logged in required for Net silver installed by browser; When the safe control of this locality is different with the safe control of ebanking server, safe control up-to-date in browser downloads ebanking server substitutes local safe control, and installs the up-to-date safe control downloaded.
Preferably, described browser local security control comprises further to the comparison step of the safe control of ebanking server: the version of comparison local security control and ebanking server safe control or the code length of comparison safe control or the version information of associated documents or relevant registry information.
Preferably, described browser also carries out information interaction with browser server by internet, the safe control of described browser server and the safe control of ebanking server keep synchronous, when the safe control of ebanking server end has the version of renewal, described browser server synchronized update safe control, and push up-to-date safe control to described browser.
Embodiment provided by the invention, by the associated safety control required for Auto-mounting Net silver, decreases the trouble in user's use and puzzlement, and simultaneously automatically synchronous with bank safety control, real-time is greatly improved.When user needs to carry out security sweep to computing machine when logging in Net silver, thoroughly stop the infringement of trojan horse program.
Accompanying drawing explanation
Fig. 1 is the process flow diagram of a specific embodiment of a kind of method for secure loading of browser online bank of the present invention.
Embodiment
User is always required to install a lot of safe control when logging in Net silver, and for industrial and commercial bank's Net silver, wanting to log in individual Web bank just needs download and install following control.
1. anti-fishing website safe control (helping you effectively to take precautions against the swindle of fishing website (webpage));
2. little e safety detection (for your computer carries out once safety health check-up);
3. industrial and commercial bank's Net silver assistant (directly complete certificate drives, the installation of control and system mend, realize one-stop download).
And it is also not complete to install these safe control, if U shield client also will download according to the difference of brand and install different controls, and after often installing control, also require that user is restarted browser and come into force to make safe control.
The invention provides a kind of method for secure loading of browser online bank, wherein, browser carries out information interaction by internet and ebanking server, and shown in Fig. 1, it comprises the following steps.
Step 101, browser judges that user is the need of login ebanking server.
In a specific embodiment, described browser judges that user specifically comprises the need of the determination methods logged in ebanking server step, and browser detection user whether directly opens Net silver login page or whether browser detection current web page jumps to Net silver login page.
Sometimes user can carry out Net silver operation by the Net silver login page directly opened under new system environments in collection, sometimes user also can jump to the different e-Bank payment pages by shopping website under different system environmentss, just needs to install the safe control of Net silver once jump to Net silver login page user.If but user just browses to the page of such as bank, now perhaps user does not have the demand of Net silver operation, and it is inappropriate for therefore now installing Net silver control.
Step 102, when browser detects that user needs to log in Net silver, the up-to-date safe control logged in required for Net silver installed by browser.
Because the safe control of ebanking server end is numerous, therefore in a specific embodiment, the whole safe control be associated with this Net silver installed by described browser.After the safe control installation be all associated terminates, user can not be required to install safe control when the service using this ebanking server to provide again.
Due to the development of technology and the lethality of trojan horse more and more stronger, the safe control of ebanking server end also can likely upgrade at any time, therefore in a specific embodiment, described browser at regular intervals synchronous with ebanking server once, obtain the up-to-date safe control of ebanking server.
In another specific embodiment, when browser detects that user needs to log in Net silver, the safe control of comparison browser this locality and the safe control of ebanking server.Concrete, can the version of comparison local security control and ebanking server safe control, also can the code length of comparison safe control or the version information of associated documents or relevant registry information.When the safe control of this locality is identical with the safe control of ebanking server, the safe control logged in required for Net silver installed by browser; When the safe control of this locality is different with the safe control of ebanking server, safe control up-to-date in browser downloads ebanking server substitutes local safe control, and installs the up-to-date safe control downloaded.
Be no matter browser at regular intervals synchronous with ebanking server or when logging in Net silver and ebanking server comparison all need necessarily extra network overhead, therefore in a specific embodiment, described browser also carries out information interaction with browser server by internet, browser server is connected with each browser terminal, for providing service for each browser terminal.Described browser server and ebanking server carry out information interaction, the safe control of browser server and the safe control of ebanking server keep synchronous, when the safe control of ebanking server end changes new, described browser server synchronized update safe control, and push up-to-date safe control to described browser.
Synchronous with each ebanking server and be pushed to upgrading safe control the network overhead that browser can save user greatly by browser server, up-to-date safe control can be obtained in the very first time simultaneously.
Step 103, when browser detects that user needs to carry out security sweep to computing machine when logging in Net silver.
Although safe control can protect the infringement of user when using Net silver not by trojan horse; if but the infected trojan horse for existing Network Bank security system of nearest appearance of user; or subscriber computer existence has loaded and the trojan horse of hiding, and probably still can constitute a threat to the account of user.Therefore the present invention is in a specific embodiment, when browsing it and detecting that user needs to log in Net silver, starts antivirus software and carries out security sweep to computing machine, can protect user account safety further like this.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement etc., all should be included within protection scope of the present invention.
Claims (6)
1. a method for secure loading of browser online bank, wherein, browser carries out information interaction by internet and ebanking server, and it comprises the following steps:
Browser judges that user is the need of login ebanking server;
When described browser detects that described user needs to log in Net silver, the up-to-date safe control logging in described Net silver and be associated initiatively downloaded by described browser from described ebanking server side, and the described up-to-date safe control downloaded is installed, the wherein said up-to-date safe control be associated comprises: at least one in the control of anti-fishing website safe control when logging in described Net silver, computer security health check-up class control when logging in described Net silver, assistant's tool-class control when logging in described Net silver and mobile digital certificate instrument when logging in described Net silver; And
Described browser also carries out information interaction with browser server by internet, and the safe control of described browser server and the safe control of ebanking server keep synchronous, when the safe control of ebanking server end has the version of renewal, described browser server synchronized update safe control, and push described up-to-date safe control to described browser.
2. method according to claim 1, is characterized in that, described browser judges that user comprises the need of the determination methods logged in ebanking server step:
Browser detection user whether directly opens Net silver login page or whether browser detection current web page jumps to Net silver login page.
3. method according to claim 1, is characterized in that, described method comprises further: when browser detects that user needs to carry out security sweep to computing machine when logging in Net silver.
4. method according to claim 1, is characterized in that, described browser at regular intervals synchronous with ebanking server once, obtain the up-to-date safe control of ebanking server.
5. method according to claim 1, it is characterized in that, when browser detects that user needs to log in Net silver, the safe control of comparison browser this locality and the safe control of ebanking server, when the safe control of this locality is identical with the safe control of ebanking server, the safe control logged in required for Net silver installed by browser; When the safe control of this locality is different with the safe control of ebanking server, safe control up-to-date in browser downloads ebanking server substitutes local safe control, and installs the up-to-date safe control downloaded.
6. method according to claim 5, it is characterized in that, described browser local security control comprises further to the comparison step of the safe control of ebanking server: the version of comparison local security control and ebanking server safe control or the code length of comparison safe control or the version information of associated documents or relevant registry information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010552553.XA CN102469096B (en) | 2010-11-19 | 2010-11-19 | Method for secure loading of browser online bank |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010552553.XA CN102469096B (en) | 2010-11-19 | 2010-11-19 | Method for secure loading of browser online bank |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102469096A CN102469096A (en) | 2012-05-23 |
| CN102469096B true CN102469096B (en) | 2015-03-25 |
Family
ID=46072270
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010552553.XA Active CN102469096B (en) | 2010-11-19 | 2010-11-19 | Method for secure loading of browser online bank |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102469096B (en) |
Families Citing this family (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106519025B (en) | 2007-09-26 | 2021-04-23 | 中外制药株式会社 | Method for changing isoelectric point of antibody by using amino acid substitution of CDR |
| CN103685157A (en) * | 2012-09-04 | 2014-03-26 | 珠海市君天电子科技有限公司 | Method and system for collecting phishing websites based on payment |
| CN102981846B (en) * | 2012-11-13 | 2016-10-05 | 北京奇虎科技有限公司 | The method that Password Input frame element is processed and browser |
| CN103716391A (en) * | 2013-12-26 | 2014-04-09 | 星云融创(北京)信息技术有限公司 | Implementation method for content caching and router |
| CN104021015A (en) * | 2014-05-30 | 2014-09-03 | 北京奇虎科技有限公司 | E-bank website access method and browser |
| CN104123222B (en) * | 2014-06-30 | 2017-04-19 | 北京奇虎科技有限公司 | Security detection method and device of browser and electronic equipment |
| CN104731627B (en) * | 2015-03-31 | 2016-09-28 | 北京奇虎科技有限公司 | The method and device of Net silver client terminal start-up |
| CN111666172B (en) * | 2020-06-07 | 2023-07-07 | 中信银行股份有限公司 | Method and device for protecting internet banking environment, electronic equipment and storage medium |
| CN113656109B (en) * | 2021-09-01 | 2023-07-04 | 中国农业银行股份有限公司 | Security control calling method, device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100345078C (en) * | 2004-07-09 | 2007-10-24 | 中国民生银行股份有限公司 | Method of implementing cipher protection against computer keyboard information interfference |
| CN101179562A (en) * | 2006-12-08 | 2008-05-14 | 腾讯科技(深圳)有限公司 | Method and system for restraining use of network control in authorization website |
| CN101388772A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Digital signature method and system |
-
2010
- 2010-11-19 CN CN201010552553.XA patent/CN102469096B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100345078C (en) * | 2004-07-09 | 2007-10-24 | 中国民生银行股份有限公司 | Method of implementing cipher protection against computer keyboard information interfference |
| CN101179562A (en) * | 2006-12-08 | 2008-05-14 | 腾讯科技(深圳)有限公司 | Method and system for restraining use of network control in authorization website |
| CN101388772A (en) * | 2007-09-10 | 2009-03-18 | 捷德(中国)信息科技有限公司 | Digital signature method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102469096A (en) | 2012-05-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102469096B (en) | Method for secure loading of browser online bank | |
| US10834107B1 (en) | Launcher for setting analysis environment variations for malware detection | |
| KR101514984B1 (en) | Detecting system for detecting Homepage spreading Virus and Detecting method thereof | |
| EP3195127B1 (en) | Analyzing client application behavior to detect anomalies and prevent access | |
| EP3712793B1 (en) | Integrity assurance during runtime | |
| JP6624771B2 (en) | Client-based local malware detection method | |
| US20170286678A1 (en) | Behavior Profiling for Malware Detection | |
| US9325725B2 (en) | Automated deployment of protection agents to devices connected to a distributed computer network | |
| US9659175B2 (en) | Methods and apparatus for identifying and removing malicious applications | |
| US7810159B2 (en) | Methods, computer networks and computer program products for reducing the vulnerability of user devices | |
| US9015829B2 (en) | Preventing and responding to disabling of malware protection software | |
| CN101827104B (en) | Multi anti-virus engine-based network virus joint defense method | |
| WO2012142938A1 (en) | Method and client for ensuring user network security | |
| JP2017511923A (en) | Virus processing method, apparatus, system, device, and computer storage medium | |
| CN102132287A (en) | Protecting virtual guest machine from attacks by infected host | |
| US8099784B1 (en) | Behavioral detection based on uninstaller modification or removal | |
| US7757284B1 (en) | Threat-resistant installer | |
| CN111177727A (en) | Vulnerability detection method and device | |
| KR100961149B1 (en) | Method for detecting malicious site, method for gathering information of malicious site, apparatus, system, and recording medium having computer program recorded | |
| US20060236108A1 (en) | Instant process termination tool to recover control of an information handling system | |
| CN102946391A (en) | Method for prompting malicious website in browser and browser | |
| KR101372906B1 (en) | Method and system to prevent malware code | |
| US8925088B1 (en) | Method and apparatus for automatically excluding false positives from detection as malware | |
| US9069964B2 (en) | Identification of malicious activities through non-logged-in host usage | |
| CN111176687A (en) | Method, device, equipment and storage medium for updating cloud host client program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING QIHU TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20150827 Owner name: QIZHI SOFTWARE (BEIJING) CO., LTD. Effective date: 20150827 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20150827 Address after: 100088, D, room 112, block 28, Xinjie Avenue, Xinjie street, Beijing, Xicheng District Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee after: Qizhi software (Beijing) Co.,Ltd. Address before: 100025 Beijing Chaoyang District City No. 71 Jianguo Road Huitong Times Plaza D block No. 1 Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20240109 Address after: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: Room 112, Building D, No. 28 Xinjiekou Outer Street, Xicheng District, Beijing, 100088 (Deshengjiayuan District) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |