Background technology
The online recognition technology is widely used in to Net silver, payment merchant, network game and ecommerce provide risk management, and good recognition technology plays enormous function for reducing online transaction swindle, protection businessman and consumer's interests.Along with the internationalization of economy, each government, department, all kinds of scale enterprise etc. all guarantee to have higher requirement to internet safe both at home and abroad.
In order to guarantee that online transaction realizes smoothly, various safe practices in network security, have been used at present, like biological identity identifying technology, encryption technology, key management technology, digital signature etc.Biological identity identifying technology is because the uncertain factor of the restriction of dealer's payment and acquisition of information has limited the development of online transaction to a certain extent.And classical encryption technology is in today of cloud computing technical development, and the hacker can control thousands of or station server up to ten thousand and carry out Brute Force.Traditional in addition firewall technology also not too adapts to the needs of development, and some advanced technology can get around bank, the important data of fire compartment wall theft of mechanisms such as enterprise, and then cause great loss.
In traditional transaction security solution, the reliability that people tend to strengthen client more ensures its transaction service system safety.In fact, online hacker cribber makes profit as one's only aim, and the means renovation is made a lot of variety, and the client secure technology does not catch up with the fraudulent means renovation.The too much security monitoring meeting of client simultaneously brings great inconvenience and distrust to the user, thereby influences honest client trading experience, injury client conversion ratio.
International now online payment merchant such as PayPal etc. are devoted to simplify the payment flow of client, improve the client trading experience.To fundamentally solve the reliability of transaction system so, must combine client to set about (after taking place like the fishing steal-number, judge the steal-number transaction risk of this transaction, and intelligence being putd question to and reduced risks with the authentication client at server end from server end; And for example in time find to collect money from the audience in the sales promotion instance and provide the Tracing Control means to spread unchecked to avoid it).And this and do not mean that client will not do any variation; On the contrary; Need make up a kind of equipment for surfing the net recognition system simultaneously at client and server end (especially modern senior server end) just; As the preparatory implantation running environment of client, could improve safety and the convenience of client in network trading conscientiously.
Summary of the invention
Defective in view of above-mentioned prior art existence; The objective of the invention is to propose a kind of method and realization system thereof that realizes unique identification equipment for surfing the net; Functions such as equipment for surfing the net inquiry, Risk-warning, device traces back are provided for the consumer; And judge the confidence level of concluding the business fast, thereby improve safety of payment.
Above-mentioned first purpose of the present invention will be achieved through following technical scheme, and its step comprises as follows.
S1, user are through equipment for surfing the net connected reference web service layer, and web service layer gathers and obtains user's equipment for surfing the net information through being embedded in the software of the client application page, comprises device attribute, state bag, real IP and user behavior attribute;
S2, user's equipment for surfing the net connect the equipment fingerprint database of having set up and retrieve, and whether self exists in identification, contain the historical record of the equipment for surfing the net of all ginseng visits in the said cloud database;
S3; The user gets into the application layer visit or carries out concrete trading function; Equipment fingerprint management platform by based on the cloud computing cluster is integrated machine recognition monitor network and risk control; Through the unique identification of the network attribute of equipment and judge whether equipment for surfing the net exists the fraud of changing unintentionally or having a mind to, wherein network attribute comprises network traffics, user's internet behavior attribute at least to the equipment for surfing the net among S1, the S2;
S4 carries out identification record to the user to this operation of equipment for surfing the net, and the result is stored in the equipment fingerprint database.
Further, device attribute described in the S1 comprises the browser attribute at least, geographical position attribute, time and time zone attribute, application attribute and operating system attribute.
Further, through in client's webpage of equipment for surfing the net, embedding html tag, the user of equipment for surfing the net connected reference web service layer is retrieved, screens among the S1.
Further, the process of carrying out the unique identification of equipment for surfing the net based on the equipment fingerprint management platform of cloud computing cluster among the S3 comprises, I, adopts the method that comprises Javascript, PHP, Flash, Image at least through online plug-in unit collection user and facility information; Perhaps in client's webpage, dispose the code of application level fingerprint;
II, set up the Beacon server, collect user and facility information in the step I, or the code of application level fingerprint, close and be called data;
III, apparatus for establishing fingerprint database compare, merge, generate device id with collected data, and storage simultaneously becomes the learning sample data in the equipment fingerprint database;
IV, set up statistical model, weigh recognition result.
Further, judge based on the equipment fingerprint management platform of cloud computing cluster whether equipment for surfing the net exists the process of the fraud of changing unintentionally or having a mind to comprise among the S3,
V, based on online equipment for surfing the net recognition result and real-time network attribute, calculate risk engine by the background server of equipment fingerprint management platform;
VI, on equipment for surfing the net, set up and return the API service interface of risk factor, and set up subscriber administration interface and start accordingly or close dispensing unit.
Above-mentioned second purpose of the present invention will be achieved through following technical scheme, and its system forms and comprises: equipment for surfing the net, and the user is through equipment for surfing the net connected reference web service layer, and said equipment for surfing the net information comprises device attribute, state bag and real IP at least; Web service layer is used to provide the path of user's equipment for surfing the net access application layer, and through being embedded in the software of the client application page, gathers user's equipment for surfing the net information of obtaining; Application layer: be used to provide the visit of user's equipment for surfing the net or carry out concrete trading function; Equipment fingerprint management platform is integrated formation machine recognition monitor network and risk control unit based on the cloud computing cluster, also has Beacon server, equipment fingerprint database.
Further, the said software that is embedded in the client application page is at least html tag, is used for the checkout page that the user submits registration to, lands or customizes.
Further, contain overall black and white lists attribute data, transactions history behavior and training data in the said equipment fingerprint database.
Further, said equipment for surfing the net is provided with API service interface, the subscriber administration interface that is used to return risk factor and starts accordingly or cut out dispensing unit.
After technique scheme of the present invention is able to implement, compares to its outstanding effect of conventional art and be: make full use of the attribute and the cloud computing cluster powerful calculating discriminating power of network, unique identification equipment for surfing the net; For the consumer provides the equipment for surfing the net inquiry; Risk-warning, functions such as device traces back can be discerned both parties role accurately; Judge the confidence level of transaction fast, thereby improved the fail safe of transaction.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, below in conjunction with case study on implementation and accompanying drawing, to further explain of the present invention.
User of the present invention does not need install software or server, only need utilize the equipment for surfing the net access websites application program of client (perhaps user), inserts HTML label allocation and the HTTPS API Calls function weblication server to client.The customer administrator can visit this equipment fingerprint management platform, and customization is fit to client's model, rule.
As shown in Figure 1, be the realization system architecture diagram of the equipment for surfing the net recognition technology among the present invention, the workflow that can summarize whole equipment for surfing the net recognition methods through this system architecture diagram is following steps:
S1, user are through equipment for surfing the net connected reference web service layer, and software or the plug-in unit of web service layer through being embedded in the client application page gathered and obtained user's equipment for surfing the net information, comprises device attribute, state bag, real IP and user behavior attribute.
S2 when user's equipment for surfing the net gets into network, also can connect the equipment fingerprint database of having set up and retrieve, and whether self exists in identification, wherein contains the historical record of the equipment for surfing the net of all ginseng visits in this cloud database.
S3; The user gets into application layer visit or carries out concrete trading function (like payment function etc.); Equipment fingerprint management platform by based on the cloud computing cluster is integrated machine recognition monitor network and risk control; Equipment for surfing the net among S1, the S2 through the unique identification of the network attribute of equipment and judge whether equipment for surfing the net exists the fraud of changing unintentionally or having a mind to, it is emphasized that wherein network attribute comprises network traffics and user's internet behavior attribute etc.
S4 carries out identification record to the user to this operation of equipment for surfing the net, and the result is stored in the equipment fingerprint database of cloud computing cluster (server cluster under the cloud notion).
As shown in Figure 2, be the system deployment sketch map of equipment for surfing the net recognition system of the present invention.Visible from illustrating: client (user side) is by the browser attribute, geographical position attribute, time and time zone attribute, application attribute and operating system attribute formation; Network layer is by the network connection attribute, network routing property, TCP bag attribute and http protocol attribute composition; And by equipment for surfing the net fingerprint management platform construction disaggregated model, rule model, overall black and white lists attribute, transactions history behavior and training data etc.; The information of these clients, network layer, equipment for surfing the net management platform all storage and uniform is carried out mass data processing to the machine information network in high in the clouds.Concrete Business Processing is the operation personnel operation of user and client by the model personnel.
Implement from recognition methods is concrete; As shown in Figure 3, the operation of equipment for surfing the net recognition system can be divided into following data flow: utilize technology such as Javascript, Flash, obtain the attribute of equipment for surfing the net; Simultaneously the state bag is monitored, real IP is detected; Set up the Beacon server, and store corresponding informance into the Beacon server; At Beacon server end analytic attribute buffer memory, carry out elementary swindle detecting then; By the device id engine device attribute is stored, contrasts, merged afterwards, produce machine Id; By intelligence engine and risk engine transaction is stored subsequently, models treated, and to model judgement marking, for later stage optimization provides data; The result is inquired about through attribute data before by the API server at last, user identity is verified, added up, return recognition result to the user through the API service interface.
This equipment fingerprint controlling platform has contained the code that the client need add transaction or the configuration of login page starting drive to, integrates back-end system for deep layer more, and this control desk also provides the application programming interfaces of alternative use.
The process of the unique identification of this equipment for surfing the net (comprising PC, Smart Phone, iPad, TV etc.) does.
1), set up the machine fingerprint and collect code, utilize to comprise Javascript/PHP/Flash/Image and other method, through the application of online plug-in unit, collect customer data and equipment data.The code portions that also can collect the application level fingerprint is deployed in the applying web page.
2), set up the Beacon server, in order to obtain the physics and the network attribute of equipment for surfing the net.Attribute or active collection network and device attribute that passive collection is delivered to from application request.
3), set up high performance property store, contrast and cooperative mechanism, set up unified machine fingerprint database, for later learning equipment, identification provide sample data.Optional storehouse model comprises (Mysql, KV, Bigtable, Memcached).
4), foundation is based on the statistical model of machine attribute---can well weigh the quality of recognition result, for the later change of model provides reliable data support.The precision definition of model as follows.
Ture Positives: the known device number that successfully identifies :=A;
Flash Negatives: missing the known device that should identify, should be that known device but is taken as unknown device=B;
Flash Positives: the known device that wrong identification goes out should be that unknown device is but treated as known device=C;
Real known device is: A+B-C=D.Can get 1. accurate rates>90% (A/D); 2. leak and grab rate < 5% (B/>D); 3. mistake is grabbed rate < 5% (C/>D).
In addition; Judge that whether equipment for surfing the net exists the implementation procedure of the fraud of changing unintentionally or having a mind to mainly is the risk engine of rely on setting up based on risk rule, risk rule is based on that online device attribute and real-time network attribute calculate through background server.And rely on the service interface API of apparatus for establishing fingerprint, collecting data, using when returning assessment result; Rely on simultaneously and set up available administration interface and start accordingly or close dispensing unit, wherein administration interface comprises the management of model, the management of risk rule and the management of system level.
As shown in Figure 4, be the equipment fingerprint platform integration client terminal website of equipment for surfing the net recognition system of the present invention and the process chart of back-end processing system.At first need the html tag configuration be embedded into client's webpage, the user screens the page (like registration, the page etc. of checking out of login or customization) before will submitting a transaction in advance to.In this process, the equipment for surfing the net recognition system will be done some inspections, and these labels that are embedded into client will obtain visitor's information, and analyse and compare.Promptly when visitor's submission was once concluded the business, the Beacon server end can notify retrieval about this configuration of devices information, and was qualified, just allowed further operation.Concrete handling process is: step 1: user and system of the present invention need a cooperation code, generate a unique session id (Session-ID) by the user, and embed html page with cooperation code (Partner-code); Step 2: in the time of user capture browser load page, equipment for surfing the net recognition system of the present invention will be on the basis of not disturbing client, pellucidly the configure browser device; The label that is embedded into html page obtains data as far as possible widely in the brief time that can when user capture, stop; Step 3: after the user submitted one-time request to, application program was through transmitting relevant session id, and cooperation code and API key (Secret-key) are to be implemented system queries to the present invention; Other identifying information also need be transmitted with reference to checking ID like transaction, is configured and fraud detection to use more accurate device; Step 4: by equipment fingerprint management platform query analysis, and return equipment for surfing the net information, historical transaction record, market public praise and the relevant device that links together with session id; Step 5: the equipment for surfing the net recognition system keeps return data.
The system based on the Internet cloud computing of the invention described above, the mass data of obtaining with the unified net nationality storehouse that is placed on high in the clouds, and has good Information Security, for user's safety of payment provides the more safeguard protection barrier of deep layer.
The enforcement of technique scheme of the present invention; Utilize existing information technology means, set up the household register storehouse of an equipment for surfing the net, the technology of unique identification equipment for surfing the net is provided at the cloud computing cluster; For the Internet consumer provides the self-shield means, for businessman provides the risk management service.And on the basis of experiment, have the effect of science, be mainly reflected in following three aspects.
1) identification reliability---existing technology (correlation technique that comprises ThreatMetrix and BlueCava) is quick more than 10 times comparing to aspect the equipment for surfing the net fingerprint technique, and accurate rate improves more than 40%, thereby more reliable.For the client provides critical data---equipment for surfing the net ID, collect the equipment for surfing the net attribute, the equipment for surfing the net attribute there is special data representation, so that equipment for surfing the net ID inquiry and attribute data reduction.
2) robustness of system---owing to have all uncertain factors in the reality, the object model of being set up can only be coarse expression of actual physics system.The present invention makes system still can keep the performance of expecting under model inaccuracy and the condition that has other changing factors, makes the inaccuracy of variation and the model of model not influence stability and other dynamic properties of system.When system runs into mistake, can in the shortest time, recover normal function.
3) fail safe of system---fundamentally solve the reliability of transaction system; Must combine client to set about (after taking place like the fishing steal-number from server end; In the steal-number transaction risk of this transaction of server end judgement, and the intelligence enquirement is reduced risks with the authentication client; And for example in time find to collect money from the audience in the sales promotion instance and provide the Tracing Control means to spread unchecked to avoid it); Let safety system have the server end risk judgement of dynamic self-teaching; When security service being provided, also to guarantee the core data and the basic service of protection system under fire for the client.
The above is merely embodiments of the invention, not in order to the restriction the present invention, all any modifications of in spirit of the present invention and principle, being done, be equal to the replacement or the improvement etc., all should be included in protection scope of the present invention.