CN103166972A - Safety website access system, and equipment and method for same - Google Patents
Safety website access system, and equipment and method for same Download PDFInfo
- Publication number
- CN103166972A CN103166972A CN2013100978221A CN201310097822A CN103166972A CN 103166972 A CN103166972 A CN 103166972A CN 2013100978221 A CN2013100978221 A CN 2013100978221A CN 201310097822 A CN201310097822 A CN 201310097822A CN 103166972 A CN103166972 A CN 103166972A
- Authority
- CN
- China
- Prior art keywords
- network address
- security
- control server
- terminal equipment
- dimension code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a safety website access system, and equipment and a method for the same. The safety website access system comprises terminal equipment and a safety control server. The safety control server stores safety attributes of known websites. The terminal equipment comprises a scanner, a decoder, a transmission interface and a monitor, wherein the scanner is used for scanning a two-dimensional code; the decoder is used for decoding the two-dimensional code scanned by the scanner to obtain a website corresponding to the two-dimensional code; the transmission interface is used for transmitting the website to the safety control server for check, and receiving the safety attribute of the website from the safety control server; and the monitor is used for forbidding or allowing the connection of the website according to the safety attribute of the website.
Description
Technical field
The present invention relates to network safety filed, be specifically related to a kind of secure access network address system and wherein equipment and method.
Background technology
Nowadays two-dimension code is more and more universal, locates to see the figure of two-dimension code at roadside placard, bus platform advertisement, magazine page etc.The user just can obtain a string network address as long as take two-dimension code with the mobile phone of oneself, and the user just can access this network address.Businessman's this method commonly used guides the user to access the website of oneself.
Yet because two-dimension code designs for machine recognition, the people is difficult to content corresponding to identification two-dimension code with naked eyes, and this just provides opportunity for malicious websites.For example, the two-dimension code of Fig. 1 is the two-dimension code to network address " http://www.360.cn " coding, and what the user can not find out that this two-dimension code comprises with naked eyes is the connection of which website.Suppose that Fig. 2 is the two-dimension code of malicious websites " http://www.evil.com " coding.For two two-dimension codes in Fig. 1, Fig. 2, the user can't distinguish fully.If it is vigilant that the user has loosened, arbitrarily taken a two-dimension code, think that this is that the official website of businessman goes access, might just be attacked by malicious websites.
Summary of the invention
In view of the above problems, the present invention proposes a kind of secure access network address system and wherein equipment and method, in order to overcome exist in prior art can't verify the whether problem of safety of the corresponding network address of two-dimension code.
According to one aspect of the present invention, a kind of terminal equipment for secure access network address system is provided, described secure access network address system comprises the security control server, described security control server stores has the security attribute of known network address, described terminal equipment comprises: scanner is configured to two-dimension code is scanned; Decoder is configured to the two-dimension code that described scanner scanning obtains is decoded, and obtains the network address corresponding with described two-dimension code;
Coffret is configured to send to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends; Watch-dog is configured to forbid or the connection of the described network address of letting pass according to the security attribute of described network address.
Optionally, belong to the malice network address if the security attribute of described network address is described network address, described watch-dog also is configured to the described network address of reminding user and has security risk.
Optionally, belong to safe network address if the security attribute of described network address is described network address, described watch-dog also is configured to the described network address safety of reminding user.
Optionally, above-mentioned terminal equipment also comprises: connector, belong to safe network address if be configured to described network address, and open the webpage that described network address is pointed to.
Optionally, be unknown network address if the security attribute of described network address is described network address, described watch-dog also is configured to the described network address of reminding user may exist security risk.
Optionally, belong to the malice network address if described connector also is configured to described network address, open the webpage of described network address sensing and the snapshot of threat information thereof, wherein said snapshot is stored in described security control server.
Optionally, belong to malice network address or unknown network address if described connector also is configured to described network address, open the webpage that described network address is pointed to, and the disk write operation that will open the webpage that described network address points to is redirected to the file of appointment.
Optionally, described watch-dog is by one or more mode reminding users in label, bubble, pop-up window, drop-down menu and voice.
Optionally, wherein said security control server regularly carries out security sweep to the Internet resources that the known network address of its storage is pointed to, and upgrades according to the result of the security sweep security attribute to the corresponding network address of its storage.
According to another aspect of the present invention, a kind of secure access network address system also is provided, comprise: security control server and terminal equipment as above, wherein said security control server comprises: memory is configured to store the security attribute of known network address; Coffret is configured to receive its network address of obtaining that described terminal equipment sends, and wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes; Checker, the information with the known network address of described memory stores is consistent to be configured to network address that the described coffret of verification receives, and the security attribute of described network address is sent to described terminal equipment by described coffret.
Optionally, wherein said security control server also comprises: encoder, each the safe network address that is configured to store in described memory is encoded to two-dimension code.
Optionally, wherein said security control server also comprises: security scanners, the Internet resources that are configured to regularly the known network address of described memory stores be pointed to carry out security sweep, and upgrade according to the result of the security sweep security attribute to the corresponding network address of described memory stores.
Optionally, wherein said memory also is configured to generate webpage that the malice network address points to and snapshot and the storage of threat information thereof.
According to a further aspect of the invention, also provide a kind of method of secure access network address, having comprised: the security attribute of known network address has been stored to the security control server; Terminal equipment scans two-dimension code; Described terminal equipment is decoded to the two-dimension code that scanning obtains, and obtains the network address corresponding with described two-dimension code; Described mobile terminal sends to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends; Described mobile terminal is forbidden according to the security attribute of described network address or the connection of the described network address of letting pass.
Optionally, belong to the malice network address if the security attribute of described network address is described network address, there is security risk in the described network address of described terminal equipment reminding user.
Optionally, if being described network address, the security attribute of described network address belongs to safe network address, the described network address safety of described terminal equipment reminding user.
Optionally, said method also comprises: if described network address belongs to safe network address, described terminal equipment is opened the webpage that described network address is pointed to.
Optionally, be unknown network address if the security attribute of described network address is described network address, may there be security risk in the described network address of described terminal equipment reminding user.
Optionally, if described network address belongs to malice network address or unknown network address, open the webpage that described network address is pointed to, and the disk write operation that will open the webpage that described network address points to is redirected to the file of appointment.
Optionally, described terminal equipment is by one or more mode reminding users in label, bubble, pop-up window, drop-down menu and voice.
According to a further aspect of the invention, also provide a kind of control method of secure access network address, having comprised: the security attribute of known network address has been stored to the security control server; Its network address of obtaining that described security control server receiving terminal apparatus sends, wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes; Whether the described network address of described security control server verification is consistent with the information of the known network address of storing in described security control server; Described security control server sends to described terminal equipment with the security attribute of described network address.
Optionally, said method also comprises: described security control server is encoded to two-dimension code with each safe network address of its storage.
Optionally, said method also comprises: described security control server regularly carries out security sweep to the Internet resources that the known network address of its storage is pointed to, and upgrades according to the result of the security sweep security attribute to the corresponding network address of its storage.
Technical scheme of the present invention is after scanning the two-dimension code that comprises website information and decoding, the network address that namely automatically decoding is obtained and known network address are carried out the verification contrast, judge whether decoded network address belongs to known network address, and forbid or the connection of this network address of letting pass according to the security attribute of this network address, simultaneously can also provide corresponding prompting, solved and how to have verified the whether problem of safety of the corresponding network address of two-dimension code, effectively avoided by malicious websites attack may.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, for can clearer understanding technological means of the present invention, and can be implemented according to the content of specification, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Description of drawings
By reading hereinafter detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing only is used for the purpose of preferred implementation is shown, and does not think limitation of the present invention.And in whole accompanying drawing, represent identical parts with identical reference symbol.In the accompanying drawings:
Fig. 1 is the two-dimension code to network address " http://www.360.cn " coding;
Fig. 2 is the two-dimension code to network address " http://www.evil.com " coding;
Fig. 3 is the schematic diagram of the secure access network address system of one embodiment of the invention;
Fig. 4 is the method flow diagram that is suitable for the secure access network address carried out on the terminal equipment in secure access network address system of one embodiment of the invention;
Fig. 5 is the control method flow chart that is suitable for the secure access network address carried out on the security control server in secure access network address system of one embodiment of the invention.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, yet should be appreciated that and to realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order to understand the disclosure more thoroughly that these embodiment are provided, and can with the scope of the present disclosure complete convey to those skilled in the art.
Fig. 3 is the schematic diagram of the secure access network address system of one embodiment of the invention; As shown in the figure, this secure access network address system comprises terminal equipment 100 and security control server 200, terminal equipment 100 and security control server 200 respectively can be for one or more, an exemplary terminal equipment 100 and security control server 200 of having provided only in Fig. 3, it will be understood by those skilled in the art that the embodiment of the present invention is to the not restriction of number of terminal equipment 100 and security control server 200.
Wherein, terminal equipment 100 can be the mobile terminals such as smart mobile phone, panel computer, security control server 200 can for the server of terminal equipment 100 telecommunications, can be also the security module that is built in terminal equipment 100 inside.
Because each parts in terminal equipment 100 and each parts in security control server 200 relate to information interaction, therefore below, each included parts in included each parts and security control server 200 in first summarized introduction terminal equipment 100, then introduce each parts that relate in specifying information reciprocal process more in more detail.
Terminal equipment 100 comprises scanner 102, decoder 104, coffret 106 and watch-dog 108, and security control server 200 comprises memory 202, coffret 204 and checker 206.
102 pairs of the scanners of terminal equipment 100 are printed on placard or the two-dimension code figure that is presented at above electronic curtain etc. scans, and this two-dimension code is the coding of network address, is generally the explanation of what network address relevant for this two-dimension code on the side that is printed with the two-dimension code figure.The two-dimension code that scanner 102 obtains scanning sends to decoder 104 to decode, and obtains corresponding network address.Because the encoding and decoding technique of two-dimension code has been international standard, do not repeat them here.
Wherein, for preventing that the undesirable person from utilizing two-dimension code user cheating access malicious websites, before network address is encoded to two-dimension code, also can be encrypted according to the encryption method of certain setting character string to network address, the encryption method of this setting can be symmetric encipherment algorithm, also can be rivest, shamir, adelman.Terminal equipment 100 also can be decrypted according to the encryption method of this setting when decode two dimensional codes, thereby can effectively avoid the undesirable person to utilize the generation of the situation of two-dimension code user cheating access malicious websites.In the situation that two-dimension code has encryption, decoder 104 can comprise decoder module and deciphering module, deciphering module is decoded to the two-dimension code from scanner 102 that receives, the character string that obtains encrypting, then the character string that will encrypt sends to deciphering module, be decrypted according to the encryption method of setting by deciphering module, obtain corresponding network address.
The network address that decoder 104 obtains decoding sends to coffret 106, by coffret 106, this network address is sent to the coffret 204 of security control server 200.Coffret 204 sends to checker 206 with the network address that receives, and whether checker 206 stores the security attribute of this network address in consults memory 202 from memory 202 after receiving this network address.Wherein, store the security attribute of known network address in memory 202, known network address comprises known safe network address and known malice network address.If it is safe network address that memory 202 stores information and this network address of this network address, checker 206 is safe network address with the security attribute of this network address information exchange is crossed the coffret 106 that coffret 204 sends to terminal equipment 100; Be the malice network address if memory 202 stores information and this network address of this network address, checker 206 crosses for the information exchange of malice network address the coffret 106 that coffret 204 sends to terminal equipment 100 with the security attribute of this network address; If memory 202 does not store the information of this network address, checker 206 is unknown network address with the security attribute of this network address information exchange is crossed the coffret 106 that coffret 204 sends to terminal equipment 100.
In addition, memory 202 can also generate the webpage of malice network address sensing and snapshot and the storage of threat information thereof, wherein when generating snapshot, the title of the rogue programs such as the wooden horse that this malice network address can be planted, virus and the consequence that may cause are presented at certain position of the webpage of this malice network address sensing.Belong to the malice network address if inquire this network address in memory 202, checker 206 can also send to the coffret 106 of terminal equipment 100 with the webpage of this network address sensing and the snapshot of threat information thereof by coffret 204.
In addition, the network address that belongs to malice network address or unknown network address for security attribute, terminal equipment 100 can also be set up a temporary folder in advance, when opening the webpage of this network address sensing, the disk write operation of opening the webpage of this network address sensing is redirected to this temporary folder, like this, built the virtual execution environment of a safety.Terminal equipment 100 is opened any disk write operation that this network address produces, all will be redirected in this temporary folder, even comprise the rogue programs such as virus, wooden horse in the webpage that this network address is pointed to, after installing by force, also just be installed in this temporary folder, can not worked the mischief to terminal equipment 100.
wherein, watch-dog 108 is when reminding user, can pass through label, bubble, pop-up window, one or more mode reminding users in drop-down menu and voice, for example, suppose the two-dimension code that the current scanning of scanner 102 of terminal equipment 100 is shown in Figure 2 and send to decoder 104 to decode, obtain decoded network address " http://www.evil.com ", decoder 104 sends to security control server 200 to carry out verification network address " http://www.evil.com " by coffret 106, the coffret 204 of security control server 200 sends to checker 206 after receiving network address " http://www.evil.com ", whether store the information of network address " http://www.evil.com " in verifier 206 consults memory 202, suppose the information that stores network address " http://www.evil.com " in memory 202, and network address " http://www.evil.com " malice network address, checker 206 sends to the coffret 106 of mobile device 100 with the security attribute of the network address " http://www.evil.com " that inquires for the malice network address by coffret 204, by coffret 106 and then send to watch-dog 108, the connection that watch-dog 108 forbids opening this network address according to the security attribute that receives, also can pass through label simultaneously, bubble, pop-up window, one or more mode reminding user network address " http://www.evil.com " in drop-down menu and voice are the malice network address, for example, can eject label, show on label " http://www.evil.com for malice network address, the suggestion the access " prompting, the user is after seeing this prompting, can abandon connecting this network address, avoid being attacked by fishing website.
And in the situation that the security attribute of the network address that watch-dog 108 receives is safe network address, the user can be more relieved open the webpage that this network address is pointed to.Optionally, terminal equipment 100 can also comprise connector, and when connector was safe network address at the security attribute of the network address of watch-dog 108 receptions, the browsers that can call in terminal equipment 100 were opened this webpage.
Optionally, security control server 200 also can comprise encoder, encoder is encoded to two-dimension code with each safe network address of storage in memory 202, and the businessman that offers corresponding network address is printed on the print medias such as placard, or be sent on electronic curtain by coffret 204 and show, for 100 scannings of user's terminal equipment.
For preventing that the undesirable person from utilizing two-dimension code user cheating access malicious websites, can also be to before network address be encoded to two-dimension code, first be encrypted according to certain symmetric encryption method or the asymmet-ric encryption method character string with network address, encoder specifically can comprise encrypting module and coding module, encrypting module is encrypted each safe network address of storing in memory, the character string that obtains encrypting, then coding module is two-dimension code with the string encoding of encrypting.
In addition, the security attribute of some website is also to change, for example, supposing has a normal website A, and website A is safe under normal circumstances, but the leak that the undesirable person exists in certain section time utilization this website and implanted trojan horse program, like this, website A is just no longer safe.The problem that may change for solving the web portal security attribute, security control server 200 can also comprise security scanners, security scanners is regularly carried out security sweep to the Internet resources that the known network address of memory 202 storage is pointed to, and upgrades according to the result of the security sweep security attribute to the corresponding network address of memory 202 storages.
In above-described embodiment, after the two-dimension code that comprises website information being scanned and decodes, the network address that namely automatically decoding is obtained and known network address are carried out the verification contrast, judge whether decoded network address belongs to known network address, and forbid to the user or the connection of this network address of letting pass according to the security attribute of this network address, simultaneously can also provide corresponding prompting, improve the whether efficient of safety of the corresponding network address of checking two-dimension code, effectively avoided by the attack of fishing website may.
Corresponding with the secure access network address system of aforementioned one embodiment of the invention, Fig. 4 shows the method flow diagram that is suitable for according to an embodiment of the invention the secure access network address carried out on the terminal equipment in secure access network address system.As shown in the figure, the method comprises:
Step S410: the security attribute of known network address is stored to the security control server;
Step S420: terminal equipment scans two-dimension code;
Step S430: terminal equipment is decoded to the two-dimension code that scanning obtains, and obtains the network address corresponding with this two-dimension code;
Wherein in the situation that two-dimension code has encryption, step S420 comprises that specifically the two-dimension code that first scanning is obtained decodes, the character string that obtains encrypting, and then the character string of encrypting is decrypted, obtain network address expressly.
Step S440: terminal equipment sends to the security control server to carry out verification this network address, and receives the security attribute about this network address that the security control server sends;
Step S450: terminal equipment is forbidden according to the security attribute of this network address or the connection of this network address of letting pass.
Wherein, if the security attribute of network address is network address belong to malice network address, the connection of forbidding opening this network address, but simultaneously also the reminding user network address have security risk; If being network address, the security attribute of network address belongs to safe network address, the connection of letting pass and opening this network address, and simultaneously all right reminding user network address safety, at this moment, the browser that can call on terminal equipment is opened the webpage that this network address is pointed to; If the security attribute of network address is network address is unknown network address, the height of the level of security that can set according to the user is forbidden or the connection of this network address of letting pass, simultaneously can also the reminding user network address may there be security risk, the user is after seeing this prompting, can select modestly whether to access this unknown network address, even if access this unknown network address, also can improve the consciousness of safety precaution, avoid causing damage.
In addition, if this network address belongs to malice network address or unknown network address, can also open the webpage that this network address is pointed to, and the disk write operation that will open the webpage that described network address points to is redirected to the file of appointment.
Wherein, when the user is provided, can provide prompting by one or more modes in label, bubble, pop-up window, drop-down menu and voice.
System is corresponding with aforementioned one embodiment of the invention secure access network address, and Fig. 5 shows the control method flow chart that is suitable for according to an embodiment of the invention the secure access network address carried out on the security control server in secure access network address system.As shown in the figure, this control method comprises:
Step S510: the security attribute of known network address is stored to the security control server;
Step S520: its network address of obtaining that security control server receiving terminal apparatus sends, wherein terminal equipment obtains network address by scanning and decode two dimensional codes;
Step S530: whether the network address that the verification of security control server receives is consistent with the information of the known network address of storing in the security control server;
Step S540: the security control server sends to terminal equipment with the security attribute of this network address.
In above-described embodiment, after receiving the network address that decoding obtains to two-dimension code of terminal equipment transmission, this network address and known network address are carried out the verification contrast, judge whether decoded network address belongs to known network address, and with the security attribute of this network address to terminal equipment, and then terminal equipment can provide corresponding prompting for the user, thereby improved the whether efficient of safety of the corresponding network address of checking two-dimension code, user and then can select whether open the webpage that this network address is pointed to according to this prompting, thus effectively avoid by the attack of fishing website.
Optionally, said method can also comprise: each safe network address of storing in the security control server is encoded to two-dimension code.
Optionally, each safe network address of storing in the security control server is encoded to two-dimension code specifically can be comprised: first each safe network address of storing in the security control server is encrypted, then the character string that obtains encrypting, then is two-dimension code with the string encoding of encrypting.
Optionally, the Internet resources that the security control server can also be regularly points to the known network address of its storage carry out security sweep, and upgrade according to the result of the security sweep security attribute to the corresponding network address of its storage.
It is pointed out that for said method embodiment, because it is substantially similar to secure access network address system embodiment, so description is relatively simple, relevant part gets final product referring to the explanation of secure access network address system embodiment part.
Intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration at this algorithm that provides.Various general-purpose systems also can with based on using together with this teaching.According to top description, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.Should be understood that and to utilize various programming languages to realize content of the present invention described here, and the top description that language-specific is done is in order to disclose preferred forms of the present invention.
In the specification that provides herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can be in the situation that do not have these details to put into practice.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the description to exemplary embodiment of the present invention, each feature of the present invention is grouped together in single embodiment, figure or the description to it sometimes in the above.Yet the method for the disclosure should be construed to the following intention of reflection: namely the present invention for required protection requires the more feature of feature clearly put down in writing than institute in each claim.Or rather, as following claims reflected, inventive aspect was to be less than all features of the disclosed single embodiment in front.Therefore, follow claims of embodiment and incorporate clearly thus this embodiment into, wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change and they are arranged in one or more equipment different from this embodiment the module in the equipment in embodiment.Can be combined into a module or unit or assembly to the module in embodiment or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to disclosed all features in this specification (comprising claim, summary and the accompanying drawing followed) and so all processes or the unit of disclosed any method or equipment make up.Unless clearly statement in addition, in this specification (comprising claim, summary and the accompanying drawing followed), disclosed each feature can be by providing identical, being equal to or the alternative features of similar purpose replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment mean be in scope of the present invention within and form different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with compound mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, perhaps realizes with the software module of moving on one or more processor, and perhaps the combination with them realizes.It will be understood by those of skill in the art that and to use in practice microprocessor or digital signal processor (DSP) to realize according to some or all some or repertoire of parts in the equipment of the embodiment of the present invention.The present invention can also be embodied as be used to part or all equipment or the device program (for example, computer program and computer program) of carrying out method as described herein.The program of the present invention that realizes like this can be stored on computer-readable medium, perhaps can have the form of one or more signal.Such signal can be downloaded from internet website and obtain, and perhaps provides on carrier signal, perhaps provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not break away from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed in element or step in claim.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can realize by means of the hardware that includes some different elements and by means of the computer of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to come imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title with these word explanations.
The invention also discloses A1, a kind of terminal equipment for secure access network address system, described secure access network address system comprises the security control server, and described security control server stores has the security attribute of known network address, and described terminal equipment comprises:
Scanner is configured to two-dimension code is scanned;
Decoder is configured to the two-dimension code that described scanner scanning obtains is decoded, and obtains the network address corresponding with described two-dimension code;
Coffret is configured to send to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends;
Watch-dog is configured to forbid or the connection of the described network address of letting pass according to the security attribute of described network address.
A2, terminal equipment as described in A1 belong to the malice network address if the security attribute of described network address is described network address, and described watch-dog also is configured to the described network address of reminding user and has security risk.
A3, terminal equipment as described in A1 belong to safe network address if the security attribute of described network address is described network address, and described watch-dog also is configured to the described network address safety of reminding user.
A4, terminal equipment as described in A3 also comprise:
Connector belongs to safe network address if be configured to described network address, opens the webpage that described network address is pointed to.
A5, terminal equipment as described in A1 are unknown network address if the security attribute of described network address is described network address, and described watch-dog also is configured to the described network address of reminding user may exist security risk.
A6, terminal equipment as described in A4 belong to the malice network address if described connector also is configured to described network address, open the webpage of described network address sensing and the snapshot of threat information thereof, and wherein said snapshot is stored in described security control server.
A7, terminal equipment as described in A4, if also being configured to described network address, described connector belongs to malice network address or unknown network address, open the webpage that described network address is pointed to, and the disk write operation that will open the webpage that described network address points to is redirected to the file of appointment.
A8, terminal equipment as described in any one in A2-A7, described watch-dog is by one or more mode reminding users in label, bubble, pop-up window, drop-down menu and voice.
A9, terminal equipment as described in A1, wherein said security control server regularly carry out security sweep to the Internet resources that the known network address of its storage is pointed to, and upgrade according to the result of the security sweep security attribute to the corresponding network address of its storage.
The invention also discloses B10, a kind of secure access network address system, comprising: security control server and terminal equipment as described in any one in A1-A7, wherein said security control server comprises:
Memory is configured to store the security attribute of known network address;
Coffret is configured to receive its network address of obtaining that described terminal equipment sends, and wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes;
Checker, the information with the known network address of described memory stores is consistent to be configured to network address that the described coffret of verification receives, and the security attribute of described network address is sent to described terminal equipment by described coffret.
B11, system as described in B10, wherein said security control server also comprises:
Encoder, each the safe network address that is configured to store in described memory is encoded to two-dimension code.
B12, system as described in B10, wherein said security control server also comprises:
Security scanners, the Internet resources that are configured to regularly the known network address of described memory stores be pointed to carry out security sweep, and upgrade according to the result of the security sweep security attribute to the corresponding network address of described memory stores.
B13, system as described in B10, wherein said memory also is configured to generate the webpage of malice network address sensing and snapshot and the storage of threat information thereof.
The invention also discloses a kind of method of C14, secure access network address, comprising:
The security attribute of known network address is stored to the security control server;
Terminal equipment scans two-dimension code;
Described terminal equipment is decoded to the two-dimension code that scanning obtains, and obtains the network address corresponding with described two-dimension code;
Described mobile terminal sends to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends;
Described mobile terminal is forbidden according to the security attribute of described network address or the connection of the described network address of letting pass.
C15, method as described in C14 belong to the malice network address if the security attribute of described network address is described network address, and there is security risk in the described network address of described terminal equipment reminding user.
C16, method as described in C14 belong to safe network address if the security attribute of described network address is described network address, the described network address safety of described terminal equipment reminding user.
C17, method as described in C16 also comprise:
If described network address belongs to safe network address, described terminal equipment is opened the webpage that described network address is pointed to.
C18, method as described in C14 are unknown network address if the security attribute of described network address is described network address, and may there be security risk in the described network address of described terminal equipment reminding user.
C19, method as described in C14 if described network address belongs to malice network address or unknown network address, are opened the webpage that described network address is pointed to, and the disk write operation that will open the webpage that described network address points to is redirected to the file of appointment.
C20, method as described in any one in C15-C19, described terminal equipment is by one or more mode reminding users in label, bubble, pop-up window, drop-down menu and voice.
The invention also discloses the control method of D21, a kind of secure access network address, comprising:
The security attribute of known network address is stored to the security control server;
Its network address of obtaining that described security control server receiving terminal apparatus sends, wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes;
Whether the described network address of described security control server verification is consistent with the information of the known network address of storing in described security control server;
Described security control server sends to described terminal equipment with the security attribute of described network address.
D22, method as described in D21 also comprise:
Described security control server is encoded to two-dimension code with each safe network address of its storage.
D23, method as described in D21 also comprise:
Described security control server regularly carries out security sweep to the Internet resources that the known network address of its storage is pointed to, and upgrades according to the result of the security sweep security attribute to the corresponding network address of its storage.
Claims (10)
1. terminal equipment that is used for secure access network address system, described secure access network address system comprises the security control server, and described security control server stores has the security attribute of known network address, and described terminal equipment comprises:
Scanner is configured to two-dimension code is scanned;
Decoder is configured to the two-dimension code that described scanner scanning obtains is decoded, and obtains the network address corresponding with described two-dimension code;
Coffret is configured to send to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends;
Watch-dog is configured to forbid or the connection of the described network address of letting pass according to the security attribute of described network address.
2. terminal equipment as claimed in claim 1, belong to the malice network address if the security attribute of described network address is described network address, and described watch-dog also is configured to the described network address of reminding user and has security risk.
3. terminal equipment as claimed in claim 1, belong to safe network address if the security attribute of described network address is described network address, and described watch-dog also is configured to the described network address safety of reminding user.
4. secure access network address system comprises: security control server and terminal equipment as described in any one in claim 1-3, and wherein said security control server comprises:
Memory is configured to store the security attribute of known network address;
Coffret is configured to receive its network address of obtaining that described terminal equipment sends, and wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes;
Checker, the information with the known network address of described memory stores is consistent to be configured to network address that the described coffret of verification receives, and the security attribute of described network address is sent to described terminal equipment by described coffret.
5. system as claimed in claim 4, wherein said security control server also comprises:
Encoder, each the safe network address that is configured to store in described memory is encoded to two-dimension code.
6. the method for a secure access network address comprises:
The security attribute of known network address is stored to the security control server;
Terminal equipment scans two-dimension code;
Described terminal equipment is decoded to the two-dimension code that scanning obtains, and obtains the network address corresponding with described two-dimension code;
Described mobile terminal sends to described security control server to carry out verification described network address, and receives the security attribute about described network address that described security control server sends;
Described mobile terminal is forbidden according to the security attribute of described network address or the connection of the described network address of letting pass.
7. method as claimed in claim 6, belong to the malice network address if the security attribute of described network address is described network address, and there is security risk in the described network address of described terminal equipment reminding user.
8. method as claimed in claim 6, belong to safe network address if the security attribute of described network address is described network address, the described network address safety of described terminal equipment reminding user.
9. the control method of a secure access network address comprises:
The security attribute of known network address is stored to the security control server;
Its network address of obtaining that described security control server receiving terminal apparatus sends, wherein said terminal equipment obtains the network address corresponding with described two-dimension code by scanning and decode two dimensional codes;
Whether the described network address of described security control server verification is consistent with the information of the known network address of storing in described security control server;
Described security control server sends to described terminal equipment with the security attribute of described network address.
10. method as claimed in claim 9 also comprises:
Described security control server is encoded to two-dimension code with each safe network address of its storage.
Priority Applications (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100978221A CN103166972A (en) | 2013-03-25 | 2013-03-25 | Safety website access system, and equipment and method for same |
| PCT/CN2014/072469 WO2014154073A1 (en) | 2013-03-25 | 2014-02-24 | System for securely accessing network address, and device and method therein |
| US14/779,810 US10263999B2 (en) | 2013-03-25 | 2014-02-24 | System for securely accessing network address, and device and method therein |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013100978221A CN103166972A (en) | 2013-03-25 | 2013-03-25 | Safety website access system, and equipment and method for same |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103166972A true CN103166972A (en) | 2013-06-19 |
Family
ID=48589711
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013100978221A Pending CN103166972A (en) | 2013-03-25 | 2013-03-25 | Safety website access system, and equipment and method for same |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103166972A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103618789A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Method and equipment for building connection between client sides |
| CN103647779A (en) * | 2013-12-16 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting fishing fraud information through two-dimensional code |
| WO2014154073A1 (en) * | 2013-03-25 | 2014-10-02 | 北京奇虎科技有限公司 | System for securely accessing network address, and device and method therein |
| CN104239792A (en) * | 2013-06-21 | 2014-12-24 | 广州杰赛科技股份有限公司 | Cloud-based two-dimension code safety protecting method and device |
| WO2015154410A1 (en) * | 2013-09-27 | 2015-10-15 | 中兴通讯股份有限公司 | Wifi connection method, apparatus, mobile terminal and system |
| CN105184344A (en) * | 2015-08-21 | 2015-12-23 | 朱立松 | Method and device for improving application safety of two-dimension code |
| CN105391674A (en) * | 2014-09-04 | 2016-03-09 | 腾讯科技(深圳)有限公司 | Information processing method and system, server, and client |
| CN106055693A (en) * | 2016-06-12 | 2016-10-26 | 深圳市金立通信设备有限公司 | Information processing method and terminal |
| CN106599759A (en) * | 2016-12-22 | 2017-04-26 | 广东小天才科技有限公司 | Terminal information processing method and device |
| CN106951485A (en) * | 2017-03-13 | 2017-07-14 | 浙江贰贰网络有限公司 | Machine recognition addresses navigation platform system with artificial intelligence auxiliary judgment |
| CN107704790A (en) * | 2017-10-10 | 2018-02-16 | 徐高超 | A kind of method and system based on the checking of two-dimensional code scanning safety detection |
| CN113821774A (en) * | 2021-09-07 | 2021-12-21 | 安徽继远软件有限公司 | Terminal security risk module matching and verifying system |
| CN114124405A (en) * | 2020-07-29 | 2022-03-01 | 腾讯科技(深圳)有限公司 | Business processing method, system, computer equipment and computer readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102436508A (en) * | 2011-12-28 | 2012-05-02 | 奇智软件(北京)有限公司 | Method and device for browsing webpage based on sandbox technique |
| CN102664987A (en) * | 2012-03-23 | 2012-09-12 | 叶明� | Mobile-phone two-dimensional-code based method for warning before using mobile-phone two-dimensional-code to scan and link website |
| CN102663052A (en) * | 2012-03-29 | 2012-09-12 | 奇智软件(北京)有限公司 | Method and device for providing search results of search engine |
-
2013
- 2013-03-25 CN CN2013100978221A patent/CN103166972A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102436508A (en) * | 2011-12-28 | 2012-05-02 | 奇智软件(北京)有限公司 | Method and device for browsing webpage based on sandbox technique |
| CN102664987A (en) * | 2012-03-23 | 2012-09-12 | 叶明� | Mobile-phone two-dimensional-code based method for warning before using mobile-phone two-dimensional-code to scan and link website |
| CN102663052A (en) * | 2012-03-29 | 2012-09-12 | 奇智软件(北京)有限公司 | Method and device for providing search results of search engine |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014154073A1 (en) * | 2013-03-25 | 2014-10-02 | 北京奇虎科技有限公司 | System for securely accessing network address, and device and method therein |
| CN104239792A (en) * | 2013-06-21 | 2014-12-24 | 广州杰赛科技股份有限公司 | Cloud-based two-dimension code safety protecting method and device |
| WO2015154410A1 (en) * | 2013-09-27 | 2015-10-15 | 中兴通讯股份有限公司 | Wifi connection method, apparatus, mobile terminal and system |
| CN103618789B (en) * | 2013-11-28 | 2018-02-27 | 北京奇虎科技有限公司 | Connection method for building up and equipment between client |
| CN103618789A (en) * | 2013-11-28 | 2014-03-05 | 北京奇虎科技有限公司 | Method and equipment for building connection between client sides |
| CN103647779A (en) * | 2013-12-16 | 2014-03-19 | 北京奇虎科技有限公司 | Method and device for detecting fishing fraud information through two-dimensional code |
| CN105391674A (en) * | 2014-09-04 | 2016-03-09 | 腾讯科技(深圳)有限公司 | Information processing method and system, server, and client |
| CN105184344A (en) * | 2015-08-21 | 2015-12-23 | 朱立松 | Method and device for improving application safety of two-dimension code |
| CN106055693B (en) * | 2016-06-12 | 2020-01-10 | 深圳市金立通信设备有限公司 | Information processing method and terminal |
| CN106055693A (en) * | 2016-06-12 | 2016-10-26 | 深圳市金立通信设备有限公司 | Information processing method and terminal |
| CN106599759A (en) * | 2016-12-22 | 2017-04-26 | 广东小天才科技有限公司 | Terminal information processing method and device |
| CN106951485A (en) * | 2017-03-13 | 2017-07-14 | 浙江贰贰网络有限公司 | Machine recognition addresses navigation platform system with artificial intelligence auxiliary judgment |
| CN107704790A (en) * | 2017-10-10 | 2018-02-16 | 徐高超 | A kind of method and system based on the checking of two-dimensional code scanning safety detection |
| CN114124405A (en) * | 2020-07-29 | 2022-03-01 | 腾讯科技(深圳)有限公司 | Business processing method, system, computer equipment and computer readable storage medium |
| CN114124405B (en) * | 2020-07-29 | 2023-06-09 | 腾讯科技(深圳)有限公司 | Service processing method, system, computer equipment and computer readable storage medium |
| CN113821774A (en) * | 2021-09-07 | 2021-12-21 | 安徽继远软件有限公司 | Terminal security risk module matching and verifying system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103166972A (en) | Safety website access system, and equipment and method for same | |
| CN105512881B (en) | A kind of method and terminal for completing payment based on two dimensional code | |
| US11593579B2 (en) | Multiplexed quick response (“QR”) code experience derivation | |
| CN103116722A (en) | Processing method, processing device and processing system of notification board information | |
| CN103065178B (en) | A kind of Quick Response Code sharing apparatus, access means and sharing method | |
| CN103020687A (en) | Method and system for sharing two-dimension code | |
| CN103179640A (en) | Wireless local area network access system and method | |
| CN103152354B (en) | To method, system and client device that dangerous website is pointed out | |
| CN103491543A (en) | Method for detecting malicious websites through wireless terminal, and wireless terminal | |
| US10263999B2 (en) | System for securely accessing network address, and device and method therein | |
| CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
| CN104202345A (en) | Verification code generating method, device and system | |
| CN104052722A (en) | Web address security detection method, apparatus and system | |
| CN104820668A (en) | Compression of serialized data for communication from a client-side application | |
| US10176317B2 (en) | Method and apparatus for managing super user password on smart mobile terminal | |
| CN103929411A (en) | Information displaying method, terminal, safety server and system | |
| CN104243213A (en) | Method, device and system for acquiring configuration information of routers | |
| CN103701600A (en) | Input validation method and device | |
| CN103366149A (en) | Method and device for processing visual graphic code for mobile terminal | |
| CN102867147A (en) | File scanning method and device | |
| CN103617390A (en) | Malicious webpage judgment method, device and system | |
| CN103747010A (en) | Method, system and device for controlling PC (personal computer) by mobile terminal | |
| CN104063673A (en) | Method for inputting information in browser and browser device | |
| CN105472694A (en) | Method and device for accessing WiFi through scanning two-dimensional code | |
| CN104065633A (en) | Method, device and system for verifying by virtue of verification diagram |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20130619 |