CN102811146A - Method and device for detecting message processing environment - Google Patents

Method and device for detecting message processing environment Download PDF

Info

Publication number
CN102811146A
CN102811146A CN2012103197489A CN201210319748A CN102811146A CN 102811146 A CN102811146 A CN 102811146A CN 2012103197489 A CN2012103197489 A CN 2012103197489A CN 201210319748 A CN201210319748 A CN 201210319748A CN 102811146 A CN102811146 A CN 102811146A
Authority
CN
China
Prior art keywords
client
information
current operation
module
current
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103197489A
Other languages
Chinese (zh)
Other versions
CN102811146B (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201210319748.9A priority Critical patent/CN102811146B/en
Publication of CN102811146A publication Critical patent/CN102811146A/en
Application granted granted Critical
Publication of CN102811146B publication Critical patent/CN102811146B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

The invention discloses a method and a device for detecting a message processing environment. The method comprises the following steps: (1) acquiring the current process information of a client; (2) judging whether the current running process of the client is safe or not according to the current process information, if so, carrying out the step (4); otherwise, carrying out the step (3); (3) determining whether there is potential safety risk in the message processing environment of the client; (4) judging whether the system information of the client stored in the device is the same as the system information received from the client, if so, carrying out the step (5); otherwise, carrying out the step (3); and (5) determining whether there is no safety risk in the message processing environment. According to the method and device for detecting the message processing environment, by judging the system information and the current processing information of the client, whether there is potential safety risk in the message processing environment of the client can be determined, and therefore, the safety of the message processing environment of the client is improved.

Description

A kind of method and apparatus of detection messages processing environment
Technical field
The present invention relates to information security field, particularly relate to a kind of method and apparatus of detection messages processing environment.
Background technology
Along with popularizing of ecommerce; Net silver is being played the part of more and more important role in daily life; System of the Internet bank is also all progressively opened by each bank, and the function of Net silver system not only comprises accounts information inquiry, accounting payment, also relates to the content of aspects such as loan, investment further.
In the Net silver system, user's authentication relies on the multiple assurance based on encryption mechanism, data signature mechanism and the user login code of RSA public-key cryptosystem usually.Ebanking server is tested to user's digital signature and login password, after upchecking, could confirm this user's identity.Unique identify label of user is the digital certificate that bank signs and issues, and user's login password transmits with the mode of ciphertext, has guaranteed the security reliability of authentication.
The inventor finds that there is following defective at least in prior art in realizing process of the present invention:
When the client at user place infects trojan horse program, after the trojan horse program operation, can intercepting, the password of the online bank window opened when surfing the Net of supervisory control system and user.When the user imported card number or password in the Net silver program, the coding of relevant information can be stolen, the safety of serious threat Net silver system.
Summary of the invention
The invention provides a kind of method and apparatus of detection messages processing environment, with the fail safe of the message handling environment that improves client.
The invention provides a kind of method of detection messages processing environment, may further comprise the steps:
1., obtain the current process information of client;
2., the process of judging the current operation of said client according to said current process information safety whether, if safety, then execution in step is 4.; Otherwise execution in step 3.;
3., there is potential safety hazard in the message handling environment of confirming said client;
4., judge whether the system information of the said client that self stores is identical with the system information that receives from said client, if identical, then execution in step 5.; Otherwise execution in step 3.;
5., there is not potential safety hazard in the message handling environment of confirming said client.
The present invention also provides a kind of method of detection messages processing environment, may further comprise the steps:
1., obtain the system information of client;
2., judge whether the system information of the said client that self stores is identical with the system information of the said client of obtaining, if identical, then execution in step 4.; Otherwise execution in step 3.;
3., there is potential safety hazard in the message handling environment of confirming said client;
4., according to the current process information of the said client obtained, whether the process of judging the current operation of said client safety, if safety, then execution in step 5.; Otherwise execution in step 3.;
5., there is not potential safety hazard in the message handling environment of confirming said client.
The present invention also provides a kind of device of detection messages processing environment, comprising:
Memory module is used to store the system information of client;
Acquisition module is used for obtaining from said client the current process information and the system information of said client;
First judge module, whether the process that is used for judging the current operation of said client according to said current process information safety;
Second judge module is used for judging whether the system information of said client of said memory module is identical with the system information that said acquisition module obtains from said client;
Determination module, the judged result that is used at said first judge module is dangerous, and/or the judged result of said second judge module confirms that for not simultaneously there is potential safety hazard in the message handling environment of said client; Judged result at said first judge module is a safety, and the judged result of said second judge module confirms that there is not potential safety hazard in the message handling environment of said client when being identical.
In the technical scheme provided by the invention, judge, confirm whether the message handling environment of client exists potential safety hazard, improved the fail safe of the message handling environment of client through system information and current process information to client.
Description of drawings
The method flow diagram of a kind of detection messages processing environment that Fig. 1 provides for the embodiment of the invention one;
The method flow diagram of a kind of detection messages processing environment that Fig. 2 provides for the embodiment of the invention two;
The method flow diagram of a kind of detection messages processing environment that Fig. 3 provides for the embodiment of the invention three;
Fig. 4 is the structure drawing of device of a kind of detection messages processing environment in the embodiment of the invention four;
Fig. 5 is the structure drawing of device of a kind of detection messages processing environment in the embodiment of the invention five.
Embodiment
To combine the accompanying drawing in the embodiment of the invention below, the technical scheme in the embodiment of the invention is carried out clear, intactly description, obviously, described embodiment only is the present invention's part embodiment, rather than whole embodiment.Based on the embodiment among the present invention, those of ordinary skills are not making the every other embodiment that is obtained under the creative work prerequisite, all belong to the scope of the present invention's protection.
The embodiment of the invention one provides a kind of method of detection messages processing environment, is applied to comprise in server and client side's the network system, and client stores has the control of downloading from server; Server stores has the system information of client; This system information can comprise CPU (CentralProcessingUnit; Central processing unit) one or more in type, mainboard model, OS name, user name and IP (InternetProtocol, the Internet Protocol) address.The method of above-mentioned detection messages processing environment may further comprise the steps:
Step 101, client are obtained system information and the current process information of self, generate the packet that comprises this system information and current process information, and this packet and clear text are sent to server.
Particularly; Client can be moved the control of downloading from server; Through the system information and the current process information of control collection client, wherein, system information can comprise CPU (CentralProcessingUnit; Central processing unit) one or more in type, mainboard model, OS name, user name and IP (InternetProtocol, the Internet Protocol) address.
For example, system information can be Pentium (R) Dual-Core (cpu type), P9X79PRO (mainboard model), MicrosoftWindowsXPProfessional (OS name), user (user name) and 192.0.0.1 (IP address).
Step 102, server judge from the source IP address of the packet of client reception whether be included in the preset IP address list, if be included in the preset IP address list, then execution in step 103; Otherwise, execution in step 106.
Wherein, Preset IP address list can be confirmed the IP address range of safety for server; For example; 192.0.0.1---192.255.0.1, when server when the source IP address of the packet that receives is 192.0.0.5, server can confirm that this source IP address is included in the preset IP address list; When server when the source IP address of the packet that receives is 192.255.0.5, server can confirm that this source IP address is not included in the preset IP address list, there is potential safety hazard in the message handling environment of client.
Step 103, server judge whether the system information of the client that self stores is identical with the system information that packet comprised that receives from this client, if identical, then execution in step 104; Otherwise, execution in step 106.
Whether the process that step 104, server are judged the current operation of client according to the current process information that packet comprised that receives from client safety, if safety, then execution in step 105; Otherwise, execution in step 106.
Particularly, server can preestablish first process list, comprises the process that has potential safety hazard in this first process list.After server receives the packet from client; Can be according to the current process information that packet comprised; Judge in the process of the current operation of client whether have the process in first process list,, confirm that then the process of the current operation of client is dangerous if exist; If do not exist, confirm that then the process of the current operation of client is safe.
For example, first process list of server default settings comprises A process, B process, C process and D process; When the current process information that packet comprised that receives when server is E process, F process and G process; Server can be confirmed not have the process in first process list in the process of the current operation of client, and then the process of the current operation of definite client is safe; When the current process information that packet comprised that receives when server is D process, E process and F process; Server can be confirmed to have the process in first process list in the process of the current operation of client, and then the process of the current operation of definite client is unsafe.
Server can preestablish second process list, comprises the process that does not have potential safety hazard in this second process list.After server receives the packet from client; Can be according to the current process information that packet comprised; Judge in the process of the current operation of client whether have the process outside second process list,, confirm that then the process of the current operation of client is dangerous if exist; If do not exist, confirm that then the process of the current operation of client is safe.
For example, second process list of server default settings comprises a process, b process, c process and d process; When the current process information that packet comprised that receives when server is a process and c process; Server can be confirmed not have the process outside second process list in the process of the current operation of client, and then the process of the current operation of definite client is safe; When the current process information that packet comprised that receives when server is a process, b process and e process; Server can be confirmed to have the process outside second process list in the process of the current operation of client, and then the process of the current operation of definite client is unsafe.
Step 105, server is handled the clear text from client.
Particularly, when server was judged the process safety of the current operation of client, server can confirm that there is not potential safety hazard in the message handling environment of client, handles the clear text that receives.
Step 106, server sends authentication request to client, comprises a random string in this authentication request.
Step 107, client will be forwarded to intelligent key apparatus from the random string that server receives.
Step 108, intelligent key apparatus use the private key of preset unsymmetrical key centering that random string is signed, and the digital signature that obtains and this unsymmetrical key are sent to client to pairing account information.
Step 109, client sends to server with digital signature that receives and account information.
Step 110, server obtains the corresponding right PKI of unsymmetrical key according to the account information that receives, and uses this PKI that the digital signature that receives is deciphered, and obtains random string.
Particularly, server can obtain the PKI of the corresponding unsymmetrical key centering of this number of the account information according to the account information Query Database that receives from database.
Step 111, whether the random string that server judgement deciphering obtains is identical with the random string that sends to client, if identical, then execution in step 112; Otherwise, execution in step 113.
Step 112, server sends the checking successful information to client, and the clear text from client is handled.
Particularly; When the random string that obtains when server deciphering is identical with the random string that sends to client; Server can confirm that there is not potential safety hazard in the message handling environment of client, sends the checking successful information to client, and the clear text that receives is handled.
Step 113, server sends authentication failed information to client, and there is potential safety hazard in the message handling environment of prompting client.
Particularly; Decipher random string that obtains and the random string that sends to client not simultaneously when server; Server can confirm that there is potential safety hazard in the message handling environment of client, sends authentication failed information to client, and there is potential safety hazard in the message handling environment of prompting client.
In the technical scheme that the embodiment of the invention provides; System information and current process information through to client are judged; Whether the message handling environment of confirming client exists potential safety hazard; And when there is potential safety hazard in the message handling environment of client, client is verified, improved the fail safe of the message handling environment of client.
In the embodiment of the invention one, server judges earlier whether the system information of client of self storage is identical with the system information that receives from this client, again the basis process safety whether of judging the current operation of client from the current process information of client reception; In the embodiment of the invention two; Whether the process that server also can be judged the current operation of client according to the current process information that receives from client safety, and whether the system information of client of judging self storage again is with identical from the system information of this client reception.In addition, after server confirms that there is not potential safety hazard in the message handling environment of client, can point out client to send clear text; Reception is from the clear text of client; And the clear text that receives handled, idiographic flow is as shown in Figure 2, may further comprise the steps:
Step 201, client are obtained system information and the current process information of self, and system information and current process information are sent to server.
Particularly; Client can be moved the control of downloading from server; Through the system information and the current process information of control collection client, wherein, system information can comprise CPU (CentralProcessingUnit; Central processing unit) one or more in type, mainboard model, OS name, user name and IP (InternetProtocol, the Internet Protocol) address.
Whether the process that step 202, server are judged the current operation of client according to the current process information that receives from client safety, if safety, then execution in step 203; Otherwise, execution in step 205.
Need to prove that in this step, whether safe server judge process the concrete operations of the current operation of client according to the current process information that receives from client, can be identical with the step 104 in the embodiment of the invention one.
Step 203, server judge whether the system information of the client that self stores is identical with the system information that receives from this client, if identical, then execution in step 204; Otherwise, execution in step 205.
Step 204, the server prompts client is sent clear text, receives the clear text from client, and this clear text is handled.
When server is judged the process safety of the current operation of client; Server can confirm that there is not potential safety hazard in the message handling environment of client; Send clear text through send information prompting client to client, and the clear text that receives is handled.
Step 205, server sends authentication request to client, comprises a random string in this ID authentication request.
Step 206, client will be forwarded to intelligent key apparatus from the random string that server receives.
Step 207; Intelligent key apparatus uses preset symmetric key to handle random string; Obtain HMAC (keyed-HashMessageAuthenticationCode; The Hash operation message authentication code that key is relevant) information sends to server with this HMAC information and this symmetric key corresponding account number information.
Step 208, server obtains corresponding symmetric key according to the account information that receives, and uses this symmetric key that the random string that sends to client is handled, and obtains HMAC information.
Particularly, server can obtain the corresponding symmetric key of this number of the account information according to the account information Query Database that receives from database.
Step 209, whether the HMAC information that the server judgment processing obtains is identical with the HMAC information that receives from client, if identical, then execution in step 210; Otherwise, execution in step 211.
Step 210, server sends the checking successful information to client, and the prompting client is sent clear text, when the clear text that receives from client, this clear text is handled.
Particularly; When the HMAC information that obtains when server process is identical with the HMAC information that receives from client; Server can confirm that there is not potential safety hazard in the message handling environment of client; Send clear text through send information prompting client to client, and the clear text that receives is handled.
Step 211, server sends authentication failed information to client, and there is potential safety hazard in the message handling environment of prompting client.
Particularly; The HMAC information that obtains when server process and the HMAC information that receives from client are not simultaneously; Server can confirm that there is potential safety hazard in the message handling environment of client, sends authentication failed information to client, and there is potential safety hazard in the message handling environment of prompting client.
In the technical scheme that the embodiment of the invention provides, judge, confirm whether the message handling environment of client exists potential safety hazard, improved the fail safe of the message handling environment of client through system information and current process information to client.
In the embodiment of the invention one and embodiment two; Whether the system information of client of being judged self storage by server is identical with the system information that receives from this client, and according to the process of judging the current operation of client from the current process information of client reception safety whether; In the embodiment of the invention three; Can also judge whether the system information of the client that self stores is identical with the system information that receives from this client by intelligent key apparatus; And the process of judging the current operation of client according to the current process information that receives from client safety whether; Idiographic flow is as shown in Figure 3, may further comprise the steps:
Step 301, client are obtained system information and the current process information of self, and system information and current process information are sent to intelligent key apparatus.
Particularly; Client can be moved the control of downloading from server; Through the system information and the current process information of control collection client, wherein, system information can comprise CPU (CentralProcessingUnit; Central processing unit) one or more in type, mainboard model, OS name, user name and IP (InternetProtocol, the Internet Protocol) address.
Whether the process that step 302, intelligent key apparatus are judged the current operation of client according to the current process information that receives from client safety, if safety, then execution in step 303; Otherwise, execution in step 305.
Particularly, intelligent key apparatus can preset first process list, perhaps receives first process list from server, comprises the process that has potential safety hazard in this first process list.After intelligent key apparatus receives the packet from client; Can be according to the current process information that packet comprised; Judge in the process of the current operation of client whether have the process in first process list,, confirm that then the process of the current operation of client is dangerous if exist; If do not exist, confirm that then the process of the current operation of client is safe.
For example, first process list that presets in the intelligent key apparatus comprises A process, B process, C process and D process; When the current process information that packet comprised that receives when intelligent key apparatus is E process, F process and G process; Intelligent key apparatus can be confirmed not have the process in first process list in the process of the current operation of client, and then the process of the current operation of definite client is safe; When the current process information that packet comprised that receives when intelligent key apparatus is D process, E process and F process; Intelligent key apparatus can be confirmed to have the process in first process list in the process of the current operation of client, and then the process of the current operation of definite client is unsafe.
Intelligent key apparatus can preset second process list, perhaps receives second process list from server, comprises the process that does not have potential safety hazard in this second process list.After intelligent key apparatus receives the packet from client; Can be according to the current process information that packet comprised; Judge in the process of the current operation of client whether have the process outside second process list,, confirm that then the process of the current operation of client is dangerous if exist; If do not exist, confirm that then the process of the current operation of client is safe.
For example, second process list that presets in the intelligent key apparatus comprises a process, b process, c process and d process; When the current process information that packet comprised that receives when intelligent key apparatus is a process and c process; Intelligent key apparatus can be confirmed not have the process outside second process list in the process of the current operation of client, and then the process of the current operation of definite client is safe; When the current process information that packet comprised that receives when intelligent key apparatus is a process, b process and e process; Intelligent key apparatus can be confirmed to have the process outside second process list in the process of the current operation of client, and then the process of the current operation of definite client is unsafe.
Step 303, intelligent key apparatus judge whether the system information of the client that self stores is identical with the system information that receives from this client, if identical, then execution in step 304; Otherwise, execution in step 305.
Step 304, intelligent key apparatus is handled the clear text from client.
When intelligent key apparatus is judged the process safety of the current operation of client; Intelligent key apparatus can confirm that there is not potential safety hazard in the message handling environment of client; Send clear text through send information prompting client to client, and the clear text that receives is carried out signature process.
Step 305, there is potential safety hazard in the message handling environment of intelligent key apparatus prompting client.
In the technical scheme that the embodiment of the invention provides, judge, confirm whether the message handling environment of client exists potential safety hazard, improved the fail safe of the message handling environment of client through system information and current process information to client.
As shown in Figure 4, the structure drawing of device for a kind of detection messages processing environment in the embodiment of the invention four comprises:
Memory module 401 is used to store the system information of client.
Wherein, system information comprises one or more in cpu type, mainboard model, OS name, user name and the IP address.
Acquisition module 402 is used for obtaining from said client the current process information and the system information of said client.
First judge module 403, whether the process that is used for judging the current operation of said client according to said current process information safety.
Particularly; First judge module 403; Specifically be used for judging according to said current process information whether the process of the current operation of said client exists the process in the first preset process list,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe;
Perhaps,
Judge in the process of the current operation of said client whether have the process outside the second preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe.
Second judge module 404 is used for judging whether the system information of said client of memory module 401 is identical with the system information that said acquisition module 402 obtains from said client.
Determination module 405, the judged result that is used at first judge module 403 is dangerous, and/or the judged result of second judge module 404 confirms that for not simultaneously there is potential safety hazard in the message handling environment of said client; Judged result at first judge module 403 is a safety, and the judged result of second judge module 404 confirms that there is not potential safety hazard in the message handling environment of said client when being identical.
Wherein, the current process packets of information of the client obtained from client of acquisition module 402 is contained in acquisition module 402 from the packet that client receives.
Correspondingly, first judge module 403 specifically is used for when the source IP address of packet is included in preset IP address list, and whether the process of judging the current operation of said client according to said current process information safety.
Determination module 405 also is used for when the source IP address of said packet is not included in preset IP address list, confirming that there is potential safety hazard in the message handling environment of said client.
Said apparatus also comprises:
The 3rd judge module 406 is used for judging whether the source IP address of said packet is included in preset IP address list.
First sending module 407 is used for after determination module 405 confirms that there is potential safety hazard in the message handling environment of said client, sending the authentication request that comprises random string to said client.
First receiver module 408 is used to receive digital signature and the account information from said client.
Deciphering module 409 is used for obtaining according to said account information the PKI of corresponding unsymmetrical key centering, uses said PKI that said digital signature is deciphered.
The 4th judge module 410 is used for judging whether deciphering module 409 is deciphered the random string that obtains identical with the random string of said authentication request.
Second sending module 411 is used in the judged result of the 4th judge module 410 sending the checking successful information to said client when being identical; For not simultaneously, send authentication failed information in the judged result of the 4th judge module 410 to said client.
In the technical scheme that the embodiment of the invention provides; System information and current process information through to client are judged; Whether the message handling environment of confirming client exists potential safety hazard; And when there is potential safety hazard in the message handling environment of client, client is verified, improved the fail safe of the message handling environment of client.
As shown in Figure 5, the structure drawing of device for a kind of detection messages processing environment in the embodiment of the invention five comprises:
Memory module 501 is used to store the system information of client.
Wherein, system information comprises one or more in cpu type, mainboard model, OS name, user name and the IP address.
Acquisition module 502 is used for obtaining from said client the current process information and the system information of said client.
First judge module 503, whether the process that is used for judging the current operation of said client according to said current process information safety.
Particularly; First judge module 503; Specifically be used for judging according to said current process information whether the process of the current operation of said client exists the process in the first preset process list,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe;
Perhaps,
Judge in the process of the current operation of said client whether have the process outside the second preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe.
Second judge module 504 is used for judging whether the system information of said client of memory module 501 is identical with the system information that said acquisition module obtains from said client.
Determination module 505, the judged result that is used at first judge module 503 is dangerous, and/or the judged result of second judge module 504 confirms that for not simultaneously there is potential safety hazard in the message handling environment of said client; Judged result at first judge module 503 is a safety, and the judged result of second judge module 504 confirms that there is not potential safety hazard in the message handling environment of said client when being identical.
Wherein, the system information of the said client obtained from said client of acquisition module 502 is included in acquisition module 502 from the packet that said client receives.
Correspondingly; Second judge module 504; Specifically be used for when the source IP address of said packet is included in preset IP address list, judge whether the system information of the said client in the memory module 501 is identical with the system information that said acquisition module obtains from said client.
Determination module 505 also is used for when the source IP address of said packet is not included in preset IP address list, confirming that there is potential safety hazard in the message handling environment of said client.
Said apparatus also comprises:
The 3rd judge module 506 is used for judging whether the source IP address of said packet is included in preset IP address list.
The 3rd sending module 507 is used for after determination module 505 confirms that there is potential safety hazard in the message handling environment of said client, sending the authentication request that comprises random string to said client.
Second receiver module 508 is used to receive HMAC information and the account information from said client.
Processing module 509 is used for obtaining corresponding symmetric key according to said account information, uses said symmetric key that said random string is handled.
The 5th judge module 510, whether being used for judging treatmenting module 509, to handle the HMAC information that obtains identical from the HMAC information of said client reception with second receiver module 508;
The 4th sending module 511 is used in the judged result of the 5th judge module 510 sending the checking successful information to said client when being identical; For not simultaneously, send authentication failed information in the judged result of the 5th judge module 510 to said client.
In the technical scheme that the embodiment of the invention provides, judge, confirm whether the message handling environment of client exists potential safety hazard, improved the fail safe of the message handling environment of client through system information and current process information to client.
In conjunction with the software module that the step in the method for embodiment description disclosed herein can directly be carried out with hardware, processor, perhaps the combination of the two is implemented.Software module can place the storage medium of any other form known in random asccess memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable ROM, register, hard disk, moveable magnetic disc, CD-ROM or the technical field.
The above; Be merely embodiment of the present invention, but protection scope of the present invention is not limited thereto, any technical staff who is familiar with the present technique field is in the technical scope that the present invention discloses; Can expect easily changing or replacement, all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion by said protection range with claim.

Claims (22)

1. the method for a detection messages processing environment is characterized in that, may further comprise the steps:
1., obtain the current process information of client;
2., the process of judging the current operation of said client according to said current process information safety whether, if safety, then execution in step is 4.; Otherwise execution in step 3.;
3., there is potential safety hazard in the message handling environment of confirming said client;
4., judge whether the system information of the said client that self stores is identical with the system information that receives from said client, if identical, then execution in step 5.; Otherwise execution in step 3.;
5., there is not potential safety hazard in the message handling environment of confirming said client.
2. the method for claim 1 is characterized in that, said current process packets of information is contained in from the packet that said client receives;
Whether the said process of judging the current operation of said client according to said current process information safety, is specially:
When the source IP address of said packet was included in the preset IP address list, whether the process of judging the current operation of said client according to said current process information safety;
Whether the said process of judging the current operation of said client according to said current process information before the safety, also comprises:
Whether the source IP address of judging said packet is included in the preset IP address list.
3. method as claimed in claim 2 is characterized in that, also comprises:
When the source IP address of said packet is not included in the preset IP address list, confirm that there is potential safety hazard in the message handling environment of said client.
4. the method for claim 1 is characterized in that, the message handling environment of said definite said client exists after the potential safety hazard, also comprises:
Send the authentication request that comprises random string to said client, receive digital signature and account information from said client;
Obtain the PKI of corresponding unsymmetrical key centering according to said account information, use said PKI that said digital signature is deciphered;
Whether the random string that the judgement deciphering obtains is identical with the random string in the said authentication request, if identical, then sends the checking successful information to said client, and the message from said client is handled; Otherwise, send authentication failed information to said client.
5. the method for claim 1 is characterized in that, the message handling environment of said definite said client exists after the potential safety hazard, also comprises:
Send the authentication request that comprises random string to said client, receive HMAC information and account information from said client;
Obtain corresponding symmetric key according to said account information; Use said symmetric key that said random string is handled; Whether the HMAC information that judgment processing obtains is identical with the HMAC information that receives from client; If identical, then send the checking successful information to said client, the message from said client is handled; Otherwise, send authentication failed information to said client.
6. the method for claim 1 is characterized in that, whether the said process of judging the current operation of said client according to said current process information safety, is specially:
Judge in the process of the current operation of said client whether have the process in the first preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe;
Perhaps,
Judge in the process of the current operation of said client whether have the process outside the second preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe.
7. the method for claim 1 is characterized in that, said system information comprises one or more in cpu type, mainboard model, OS name, user name and the IP address.
8. the method for a detection messages processing environment is characterized in that, may further comprise the steps:
1., obtain the system information of client;
2., judge whether the system information of the said client that self stores is identical with the system information of the said client of obtaining, if identical, then execution in step 4.; Otherwise execution in step 3.;
3., there is potential safety hazard in the message handling environment of confirming said client;
4., according to the current process information of the said client obtained, whether the process of judging the current operation of said client safety, if safety, then execution in step 5.; Otherwise execution in step 3.;
5., there is not potential safety hazard in the message handling environment of confirming said client.
9. method as claimed in claim 8 is characterized in that, the system information of the said said client of obtaining is included in from the packet that said client receives;
Saidly judge whether the system information of said client of self storage is identical with the system information of the said client of obtaining, and is specially:
When the source IP address of said packet is included in the preset IP address list, judge whether the system information of the said client that self stores is identical with the system information of the said client of obtaining;
Before whether the system information of system information and the said client of obtaining of the said said client of judging self storage is identical, also comprise:
Whether the source IP address of judging said packet is included in the preset IP address list.
10. method as claimed in claim 9 is characterized in that, also comprises:
When the source IP address of said packet is not included in the preset IP address list, confirm that there is potential safety hazard in the message handling environment of said client.
11. method as claimed in claim 8 is characterized in that, the message handling environment of said definite said client exists after the potential safety hazard, also comprises:
Send the authentication request that comprises random string to said client, receive digital signature and account information from said client;
Obtain the PKI of corresponding unsymmetrical key centering according to said account information, use said PKI that said digital signature is deciphered;
Whether the random string that the judgement deciphering obtains is identical with the random string in the said authentication request, if identical, then sends the checking successful information to said client, and the message from said client is handled; Otherwise, send authentication failed information to said client.
12. method as claimed in claim 8 is characterized in that, the message handling environment of said definite said client exists after the potential safety hazard, also comprises:
Send the authentication request that comprises random string to said client, receive HMAC information and account information from said client;
Obtain corresponding symmetric key according to said account information; Use said symmetric key that said random string is handled; Whether the HMAC information that judgment processing obtains is identical with the HMAC information that receives from client; If identical, then send the checking successful information to said client, the message from said client is handled; Otherwise, send authentication failed information to said client.
13. method as claimed in claim 8 is characterized in that, whether the said process of judging the current operation of said client according to said current process information safety, is specially:
Judge in the process of the current operation of said client whether have the process in the first preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe;
Perhaps,
Judge in the process of the current operation of said client whether have the process outside the second preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe.
14. method as claimed in claim 8 is characterized in that, said system information comprises one or more in cpu type, mainboard model, OS name, user name and the IP address.
15. the device of a detection messages processing environment is characterized in that, comprising:
Memory module is used to store the system information of client;
Acquisition module is used for obtaining from said client the current process information and the system information of said client;
First judge module, whether the process that is used for judging the current operation of said client according to said current process information safety;
Second judge module is used for judging whether the system information of said client of said memory module is identical with the system information that said acquisition module obtains from said client;
Determination module, the judged result that is used at said first judge module is dangerous, and/or the judged result of said second judge module confirms that for not simultaneously there is potential safety hazard in the message handling environment of said client; Judged result at said first judge module is a safety, and the judged result of said second judge module confirms that there is not potential safety hazard in the message handling environment of said client when being identical.
16. device as claimed in claim 15 is characterized in that, said current process packets of information is contained in said acquisition module from the packet that said client receives;
Said first judge module specifically is used for when the source IP address of said packet is included in preset IP address list, and whether the process of judging the current operation of said client according to said current process information safety;
Said device also comprises:
The 3rd judge module is used for judging whether the source IP address of said packet is included in preset IP address list.
17. device as claimed in claim 15 is characterized in that, said acquisition module is included in said acquisition module from the packet that said client receives from the system information of the said client that said client is obtained;
Said second judge module; Specifically be used for when the source IP address of said packet is included in preset IP address list, judge whether the system information of the said client in the said memory module is identical with the system information that said acquisition module obtains from said client;
Said device also comprises:
The 3rd judge module is used for judging whether the source IP address of said packet is included in preset IP address list.
18. like claim 16 or 17 described devices, it is characterized in that,
Said determination module also is used for when the source IP address of said packet is not included in preset IP address list, confirming that there is potential safety hazard in the message handling environment of said client.
19. device as claimed in claim 15 is characterized in that, also comprises:
First sending module is used for after said determination module confirms that there is potential safety hazard in the message handling environment of said client, sends the authentication request that comprises random string to said client;
First receiver module is used to receive digital signature and the account information from said client;
Deciphering module is used for obtaining according to said account information the PKI of corresponding unsymmetrical key centering, uses said PKI that said digital signature is deciphered;
The 4th judge module is used for judging whether said deciphering module is deciphered the random string that obtains identical with the random string of said authentication request,
Second sending module is used in the judged result of said the 4th judge module sending the checking successful information to said client when being identical; For not simultaneously, send authentication failed information in the judged result of said the 4th judge module to said client.
20. device as claimed in claim 15 is characterized in that, also comprises:
The 3rd sending module is used for after said determination module confirms that there is potential safety hazard in the message handling environment of said client, sends the authentication request that comprises random string to said client;
Second receiver module is used to receive HMAC information and the account information from said client;
Processing module is used for obtaining corresponding symmetric key according to said account information, uses said symmetric key that said random string is handled;
The 5th judge module is used to judge whether said processing module is handled the HMAC information that obtains identical from the HMAC information that said client receives with said second receiver module;
The 4th sending module is used in the judged result of said the 5th judge module sending the checking successful information to said client when being identical; For not simultaneously, send authentication failed information in the judged result of said the 5th judge module to said client.
21. device as claimed in claim 15 is characterized in that,
Said first judge module specifically is used for judging according to said current process information whether the process of the current operation of said client exists the process in the first preset process list, if exist, confirms that then the process of the current operation of said client is dangerous; If do not exist, confirm that then the process of the current operation of said client is safe;
Perhaps,
Judge in the process of the current operation of said client whether have the process outside the second preset process list according to said current process information,, confirm that then the process of the current operation of said client is dangerous if exist; If do not exist, confirm that then the process of the current operation of said client is safe.
22. device as claimed in claim 15 is characterized in that, said system information comprises one or more in cpu type, mainboard model, OS name, user name and the IP address.
CN201210319748.9A 2012-08-31 2012-08-31 Method and device for detecting message processing environment Active CN102811146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210319748.9A CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210319748.9A CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Publications (2)

Publication Number Publication Date
CN102811146A true CN102811146A (en) 2012-12-05
CN102811146B CN102811146B (en) 2015-03-04

Family

ID=47234733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210319748.9A Active CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Country Status (1)

Country Link
CN (1) CN102811146B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104392381A (en) * 2014-10-29 2015-03-04 中国建设银行股份有限公司 Risk monitoring method of transaction data and system thereof
CN105634863A (en) * 2015-12-28 2016-06-01 北京神州绿盟信息安全科技股份有限公司 Application protocol detection method and device

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119373A (en) * 2007-09-04 2008-02-06 北京大学 Gateway stream type virus scanning method and system
CN101119201A (en) * 2007-05-30 2008-02-06 北京润汇科技有限公司 Method for implementing conversation control and duration collection through DHCP extension
CN101256608A (en) * 2008-03-25 2008-09-03 北京飞天诚信科技有限公司 Safe operation method and system
CN102065063A (en) * 2009-11-13 2011-05-18 富士通株式会社 WEB authentication device, system and method
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform
US20140082149A1 (en) * 2003-07-02 2014-03-20 Amazon.Com, Inc. Predictive prefetching to reduce document generation times

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140082149A1 (en) * 2003-07-02 2014-03-20 Amazon.Com, Inc. Predictive prefetching to reduce document generation times
CN101119201A (en) * 2007-05-30 2008-02-06 北京润汇科技有限公司 Method for implementing conversation control and duration collection through DHCP extension
CN101119373A (en) * 2007-09-04 2008-02-06 北京大学 Gateway stream type virus scanning method and system
CN101256608A (en) * 2008-03-25 2008-09-03 北京飞天诚信科技有限公司 Safe operation method and system
CN102065063A (en) * 2009-11-13 2011-05-18 富士通株式会社 WEB authentication device, system and method
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104392381A (en) * 2014-10-29 2015-03-04 中国建设银行股份有限公司 Risk monitoring method of transaction data and system thereof
CN105634863A (en) * 2015-12-28 2016-06-01 北京神州绿盟信息安全科技股份有限公司 Application protocol detection method and device
CN105634863B (en) * 2015-12-28 2019-09-17 北京神州绿盟信息安全科技股份有限公司 A kind of method and apparatus of application protocol detection

Also Published As

Publication number Publication date
CN102811146B (en) 2015-03-04

Similar Documents

Publication Publication Date Title
TWI587672B (en) Login authentication method, client, server and system
CN105847245B (en) Electronic mailbox login authentication method and device
US20150363775A1 (en) Key protection method and system
CN108243176B (en) Data transmission method and device
CN103401880B (en) The system and method that a kind of industrial control network logs in automatically
CN110198297B (en) Flow data monitoring method and device, electronic equipment and computer readable medium
JP2018501567A (en) Device verification method and equipment
EP3068093A1 (en) Security authentication method and bidirectional forwarding detection method
US20130103944A1 (en) Hypertext Link Verification In Encrypted E-Mail For Mobile Devices
CN109413010B (en) Terminal authentication method, device and system
CN103905194B (en) Identity traceability authentication method and system
CN109714370B (en) HTTP (hyper text transport protocol) -based cloud security communication implementation method
CN103067402A (en) Method and system for digital certificate generation
US9332011B2 (en) Secure authentication system with automatic cancellation of fraudulent operations
CN110113351B (en) CC attack protection method and device, storage medium and computer equipment
US11838421B2 (en) Systems and methods for enhanced mobile device authentication
CN109729000B (en) Instant messaging method and device
WO2015158228A1 (en) Server, user equipment, and method for user equipment to interact with server
CN102811146B (en) Method and device for detecting message processing environment
CN111898101A (en) Application security equipment verification method and device
CN107911500B (en) Method, equipment and device for positioning user based on situation awareness and storage medium
WO2015081560A1 (en) Instant messaging client recognition method and recognition system
EP2587743A1 (en) Hypertext link verification in encrypted e-mail for mobile devices
CN110830507A (en) Resource access method, device, electronic equipment and system
CN113992387B (en) Resource management method, device, system, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address

Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085

Patentee after: Feitian Technologies Co.,Ltd.

Guo jiahuodiqu after: Zhong Guo

Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing

Patentee before: Feitian Technologies Co.,Ltd.

Guo jiahuodiqu before: Zhong Guo

CP03 Change of name, title or address