CN104021328A - Phishing website identification method and system based on light sensitive technology - Google Patents
Phishing website identification method and system based on light sensitive technology Download PDFInfo
- Publication number
- CN104021328A CN104021328A CN201410286858.9A CN201410286858A CN104021328A CN 104021328 A CN104021328 A CN 104021328A CN 201410286858 A CN201410286858 A CN 201410286858A CN 104021328 A CN104021328 A CN 104021328A
- Authority
- CN
- China
- Prior art keywords
- information
- fishing website
- light sensation
- photoelectric
- image
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
Abstract
The invention discloses a phishing website identification method and a phishing website identification system based on a light sensitive technology. The phishing website identification method comprises the following specific steps: encrypting user information with combination of time information, thereby generating images to be identified; reading information in the images by an photoelectric security device, and extracting digital information from the information; decrypting the digital information; comparing the decrypted digital information with the user information; and showing a comparison result. With introduction of the light sensitive technology, a user can identify an identification image in a transaction page by the security device with the light sensitive technology, and then a phishing website can be automatically identified, so that the use difficulty of the user is lowered; as the light sensitive technology is combined with a safe transaction device, the accuracy and validity of an identification result are guaranteed, and the security of network transaction is improved.
Description
Technical field
The present invention relates to network security technology, relate in particular to a kind of fishnet station discrimination method and system.
Background technology
Along with the widespread use of infotech, Internet service is swift and violent growing up thereupon also, and user account has risen to safely unprecedented critical role.Although anti-invasion software is with considerable scale, still have lawless person to utilize various gimmicks cleverly illegally to obtain user profile, fishing website is exactly the most fierce a kind of of the impetus in recent years.The frequent appearance of fishing website, has seriously affected the development of on-line finance service, ecommerce, and harm public interest affects the confidence of public's applying Internet.Conventionally fishing website camouflage becomes website of bank, steals account and encrypted message that visitor submits to.By modes such as note, Emails, propagate, by issuing victim through the link of camouflage, make it be connected to fishing website.The page of fishing website is in full accord with true web station interface, thereby obtains easily the important informations such as account that victim submits to and password.
Fishing website not only appears on web webpage, also by forms such as mobile phone web pages, mobile phone A PP, appears on mobile phone now.Bank, often relies on the modes such as website, domain name and encrypting web state of repeatedly reminding user to check login to judge whether webpage is legal webpage now.In the prior art, mainly still by the mode of artificial cognition, identify fishing website, if determine, some websites is fishing website, URL (the Universal Resource Locator) address that is about to this website adds blacklist, yet, because fishing website often utilizes nuance, as the true network address of the next counterfeit www.icbc.com of the false network address with www.lcbc.com, to a part of user, often still can succeed.Therefore, rely on the artificial fishing website of differentiating, have very large unreliability, and be not suitable for crowd's application on a large scale.
Chinese patent (CN102957664) discloses method and the device of identification fishing website, it is by the URL address in terminal and network side interactive information, and the embedding URL address in the page of setting page type is as URL address to be identified, when the first similarity of the URL address of URL address to be identified and setting is in setting range, the URL address that is fishing website by URL Address Recognition to be identified.This patent has realized a kind of method of automatic identification fishing website, improved to a certain extent the recognition efficiency of fishing website, yet, nuance and diversity due to fishing website, the degree of accuracy of this method identification fishing website still can not satisfy the demands, and a kind of method of therefore seeking more simple and effective fishing website becomes a kind of necessity.
Summary of the invention
For the problems referred to above, the object of this invention is to provide a kind of fishing website discrimination method and system relating to based on light sensation technology, when making the correct effectively identification of user fishing website, farthest ensure the information security of self, effectively avoid user's leakage of information in process of exchange on the net.
Technical scheme provided by the invention is as follows:
A fishing website discrimination method based on light sensation technology, wherein, comprising:
Binding time information is encrypted operation to user profile, generates the image for identification;
Photoelectric safety device reads the information in described image, and extracts the numerical information in described information;
Decipher described numerical information;
Compare numerical information and described user profile after described deciphering;
Show comparison result.
Preferably, described user profile comprises the identifying information of described photoelectric safety device.
Preferably, described image comprises the block structure of at least one black and/or white.
Preferably, described photoelectric safety device comprises at least one photoelectric sensor.
Preferably, described photoelectric sensor is corresponding one by one with the block structure in described image.
A fishing website recognition system based on light sensation technology, wherein, comprising:
Management devices generates the image for identification for user profile is encrypted simultaneously;
Display device, for being shown to user by described image;
Photoelectric safety device, reads and extracts the numerical information in described image, described numerical information is decrypted simultaneously, and the described information decrypting and described user profile are compared.
Preferably, described display device comprises mobile phone or computer equipment.
Preferably, in described photoelectric safety device, also comprise supply module and load module.
Preferably, described photoelectric safety device further comprises:
Photoelectric sensing module, for reading and extract the numerical information of described image;
Deciphering module, for described numerical information is carried out to decompiling, the information simultaneously decompiling being gone out and described user profile are compared;
Display module, for being shown to user by described comparing result.
Preferably, in described photoelectric sensing module, at least comprise a photoelectric sensor.
The present invention is by the introducing of light sensation technology, without network address, the page, encryption etc. are carried out to people in order to identify, user only need to use the recognition image in the safety feature identification transaction page that adds light sensation technology, can realize the automatic discriminating to fishing website, reduce to a great extent the difficulty that user uses; The present invention simultaneously also uses light sensation technology in conjunction with Secure Transaction device, ensured correctness and the validity of identification result, the security that has simultaneously improved network trading.
Accompanying drawing explanation
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail:
Fig. 1 is the fishing website discrimination method based on light sensation technology in the present invention;
Fig. 2 is transaction page schematic diagram in the present invention;
Fig. 3 is the fishing website recognition system schematic diagram based on light sensation technology in the present invention;
Fig. 4 is photoelectric safety device schematic diagram in the present invention.
Embodiment
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below in conjunction with drawings and Examples, the present invention is specifically described.Accompanying drawing in the following describes is only some embodiments of the present invention.For those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.
As shown in Figure 1, the invention provides a kind of fishing website discrimination method based on light sensation technology, wherein, specifically comprise the following steps:
Binding time information is encrypted operation to user profile, generates the image for identification;
Information in photoelectric safety device reading images, and the numerical information in information extraction;
Deciphering numerical information;
Numerical information and user profile after comparison deciphering;
Show comparison result.
Particularly, in the present invention, by increasing in transaction page in conjunction with safety feature for the image of light sensation identification, realize.In an embodiment of the present invention, above-mentioned safety feature can be widely used in the transaction occasions such as Web bank, for example: U shield, electronic cipher device etc.The present invention is without restriction to the concrete form of safety feature, and the safety feature of quovis modo, as long as this safety feature can be used in safe network trading place, its objective is the safety that ensures user network transaction, is all applicable in method of the present invention.
In the present invention, first the Back Administration Module in transaction page is used HASH algorithm (hash algorithm) to be encrypted user profile in conjunction with user profile and temporal information key element, generates the image information for identification simultaneously.Particularly, user profile includes, but are not limited to the identifying information of above-mentioned safety feature etc., same, the present invention is without restriction to user profile content, the information of quovis modo, as long as this information is for this safety feature of unique identification, is all applicable in the present invention.Further, administration module utilizes HASH algorithm information to be mapped to the binary value of regular length, and then generates the recognition image that supplies being comprised of black and white block structure, finally in display page, shows, for identification.
Preferably, the identifying information of photoelectric safety device comprises, the information such as sequence number as U shield, electronic cipher device etc., also comprise other identification informations that can identify photoelectric safety device.
Preferably, the above-mentioned block structure that comprises at least one black and/or white for recognition image.
Preferably, when user carries out Secure Transaction, as carry out Net silver when operation, in the webpage of concluding the business, will occur, as the picture in " webpage discriminating district ", it is comprised of some black and white color lumps, treats that user uses photoelectric safety device to differentiate it.Especially, as shown in Figure 2, the block structure by six row two row in " webpage discriminating district " of the present invention forms, wherein, the block representation 1 of black, white block representation 0, the numerical information of the quantity of black and white block structure in the user profile after encrypting determines.
Preferably, for recognition image, there is ageing and uniqueness, this image only can by with it one to one photoelectric safety device identify, administration module is when being encrypted user profile simultaneously, owing to having added temporal information, this image a period of time can be changed, as 5 minutes, effectively prevented that usurping of fishing website from copying.
Preferably, the sequence number information of the Back Administration Module binding time in transaction page and photoelectric safety device is encrypted and generates the image information for identification simultaneously photoelectric safety device.Particularly, the first information after encryption, as: 1234, corresponding scale-of-two is 001010011100, and Back Administration Module represents 0/1 information obtaining, and then shows in display page with above-mentioned black and white piece.Further as shown in Figure 2, administration module shows above-mentioned binary number in differentiating district, wherein, in figure, six regions in left side represent to represent respectively " 001010 " of numeral " 12 " from top to bottom, and six regions on right side represent " 011100 " of numeral " 34 " from top to bottom.Especially, the present invention is not restricted the quantity of the black and white color lump in " webpage discriminating district ", by binary number corresponding to numerical information after encrypting, is determined.
In the present invention, photoelectric safety device is comprised of some photoelectric sensors, at least comprise that a photoelectric sensor forms receiving unit, quantity and the arrangement of the black and white color lump in its quantity and arrangement and confession recognition image are consistent, carry out corresponding one by one, as, photoelectric sensor is arranged in the form of six row two row, make the photoelectric safety device interior information that supplies in a large number the different color blocks in recognition image that receives at one time, assurance photoelectric safety device is identified image fast, subsequently image information is converted to 0/1 information.Further, while using above-mentioned safety feature to identify confession recognition image when user carries out Secure Transaction, only the photoelectric sensor in photoelectric safety device partly need be aimed to " the webpage discriminating district " in transaction page, photoelectric sensor can start voluntarily the black and white block structure in image is identified; Especially, photoelectric sensor only just can start when this region is differentiated, otherwise photoelectric safety device can not start, and transaction also just can not complete.
In the present invention, after converting information in recognition image to 0/1 information, in photoelectric safety device, adopt and encrypt identical calculated factor, use identical algorithmic procedure to be decrypted processing to it, information is carried out to decompiling, generate the second information.Preferably; the present invention uses special chip to be decrypted above-mentioned numerical information, and in the present invention, we are without restriction to the concrete model of the chip of deciphering; as long as this chip can completely achieve the above object, realize and all should be included in protection scope of the present invention the deciphering of information.
Further, above-mentioned photoelectric safety device is compared the second information and the first information that decrypt, and the viewing area in safety feature by comparison information subsequently, as shown in LCDs, if the second information is consistent with the first information, differentiates and pass through; Accordingly, if the second information and the first information are inconsistent, judge that the website of concluding the business is illegal fishing website, photoelectric safety device will send alarm signal, and reminding user interrupts transaction.Especially, only have by above-mentioned evaluation, user can use photoelectric safety device to proceed follow-up normal network trading operation.
Further preferably, the photoelectric safety device in the present invention is included in Network Bank security device, as added photoelectric sensor module to complete in U shield, electronic cipher device etc.The use of Network Bank security device, makes fishing website be difficult to this to destroy or distort, and greatly improved correctness and the validity of identification result, thereby user can relievedly use.
The present invention also provides a kind of fishing website recognition system based on light sensation technology, as shown in Figure 3, specifically comprises:
Management devices generates the image for identification for user profile is encrypted simultaneously;
Display device, for being shown to user by image;
Photoelectric safety device, reads and extracts the numerical information in image, numerical information is decrypted simultaneously, and the information decrypting and user profile are compared.
In the present invention, first the management devices in transaction page is encrypted and then generates the image information for user's identification in conjunction with user profile and temporal information key element to user profile.Particularly, user profile comprises the identifying information of photoelectric safety device, as sequence number etc.Further, management devices utilizes HASH algorithm pair, and then generates the recognition image that supplies being comprised of black and white block structure, finally in display page, shows, for identification.
Preferably, above-mentioned display device comprises mobile phone or computer equipment.For being provided, recognition image as shown in Figure 2 identifies for user.
Preferably, photoelectric safety device further comprises, as shown in Figure 4:
Photoelectric sensing module, for reading and extract the numerical information of image;
Deciphering module, for numerical information is carried out to decompiling, the information and the user profile that decompiling are gone out are compared simultaneously;
Display module, for being shown to user by comparing result.
Preferably, in photoelectric sensor, at least comprise a photoelectric sensor, quantity and the arrangement of the black and white color lump in its quantity and arrangement and confession recognition image are consistent, corresponding one by one, make the photoelectric safety device interior information that supplies in a large number the different color blocks in identification, extraction image that receives at one time, image information is converted to 0/1 numerical information simultaneously.
Preferably, in electrooptical device module, also comprise supply module, as battery and load module, as supplementary modules such as keyboards.
The present invention is by the introducing of light sensation technology, without network address, the page, encryption etc. are carried out to people in order to identify, user only need to use the recognition image in the safety feature identification transaction page that adds light sensation technology, can realize the automatic discriminating to fishing website, reduce to a great extent the difficulty that user uses; The present invention simultaneously also uses light sensation technology in conjunction with Secure Transaction device, ensured correctness and the validity of identification result, the security that has simultaneously improved network trading.
Adopt above-mentioned preferred version, user can observe the data of needed entity on same interface simultaneously, and has the data cases of the entity of relation with this entity, gives user a kind of more directly perceived, more comprehensively mode.Make user jump to the overall situation from part, or the situation that deeply more the understanding of details need to be understood.
Claims (10)
1. the fishing website discrimination method based on light sensation technology, is characterized in that, comprising:
Binding time information is encrypted operation to user profile, generates the image for identification;
Photoelectric safety device reads the information in described image, and extracts the numerical information in described information;
Decipher described numerical information;
Compare numerical information and described user profile after described deciphering;
Show comparison result.
2. the fishing website authentication technique based on light sensation technology as claimed in claim 1, is characterized in that, described user profile comprises the identifying information of described photoelectric safety device.
3. the fishing website discrimination method based on light sensation technology as claimed in claim 1, is characterized in that, described image comprises the block structure of at least one black and/or white.
4. the fishing website discrimination method based on light sensation technology as claimed in claim 3, is characterized in that, described photoelectric safety device comprises at least one photoelectric sensor.
5. the fishing website discrimination method based on light sensation technology as claimed in claim 4, is characterized in that, described photoelectric sensor is corresponding one by one with the block structure in described image.
6. the fishing website recognition system based on light sensation technology, is characterized in that, comprising:
Management devices generates the image for identification for user profile is encrypted simultaneously;
Display device, for being shown to user by described image;
Photoelectric safety device, reads and extracts the numerical information in described image, described numerical information is decrypted simultaneously, and the described information decrypting and described user profile are compared.
7. the fishing website recognition system based on light sensation technology as claimed in claim 6, is characterized in that, described display device comprises mobile phone or computer equipment.
8. the fishing website recognition system based on light sensation technology as claimed in claim 6, is characterized in that, also comprises supply module and load module in described photoelectric safety device.
9. the fishing website recognition system based on light sensation technology as claimed in claim 6, is characterized in that, described photoelectric safety device further comprises:
Photoelectric sensing module, for reading and extract the numerical information of described image;
Deciphering module, for described numerical information is carried out to decompiling, the information simultaneously decompiling being gone out and described user profile are compared;
Display module, for being shown to user by described comparing result.
10. the fishing website recognition system based on light sensation technology as claimed in claim 9, is characterized in that, at least comprises a photoelectric sensor in described photoelectric sensing module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286858.9A CN104021328B (en) | 2014-06-24 | 2014-06-24 | Fishing website discrimination method and system based on light sensation technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410286858.9A CN104021328B (en) | 2014-06-24 | 2014-06-24 | Fishing website discrimination method and system based on light sensation technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104021328A true CN104021328A (en) | 2014-09-03 |
| CN104021328B CN104021328B (en) | 2018-02-06 |
Family
ID=51438077
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410286858.9A Active CN104021328B (en) | 2014-06-24 | 2014-06-24 | Fishing website discrimination method and system based on light sensation technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104021328B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506543A (en) * | 2014-12-26 | 2015-04-08 | 上海众人网络安全技术有限公司 | Security certification system and method based on optical signals |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| US20080212771A1 (en) * | 2005-10-05 | 2008-09-04 | Privasphere Ag | Method and Devices For User Authentication |
| CN102075547A (en) * | 2011-02-18 | 2011-05-25 | 北京天地融科技有限公司 | Dynamic password generating method and device and authentication method and system |
| CN102347942A (en) * | 2011-07-01 | 2012-02-08 | 飞天诚信科技股份有限公司 | Information safety method based on image acquisition and system thereof |
| CN102647410A (en) * | 2012-03-14 | 2012-08-22 | 上海众人网络安全技术有限公司 | Information safe system and method based on light sensation identification |
| CN102841997A (en) * | 2012-07-10 | 2012-12-26 | 郭小卫 | Method and device for achieving authentication on intelligent device by mobile terminal |
| CN103530936A (en) * | 2013-10-08 | 2014-01-22 | 上海众人网络安全技术有限公司 | Electronic cipherer and transaction historical record retention query method of electronic cipherer |
-
2014
- 2014-06-24 CN CN201410286858.9A patent/CN104021328B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080212771A1 (en) * | 2005-10-05 | 2008-09-04 | Privasphere Ag | Method and Devices For User Authentication |
| CN101051907A (en) * | 2007-05-14 | 2007-10-10 | 北京握奇数据系统有限公司 | Safety certifying method and its system for facing signature data |
| CN102075547A (en) * | 2011-02-18 | 2011-05-25 | 北京天地融科技有限公司 | Dynamic password generating method and device and authentication method and system |
| CN102347942A (en) * | 2011-07-01 | 2012-02-08 | 飞天诚信科技股份有限公司 | Information safety method based on image acquisition and system thereof |
| CN102647410A (en) * | 2012-03-14 | 2012-08-22 | 上海众人网络安全技术有限公司 | Information safe system and method based on light sensation identification |
| CN102841997A (en) * | 2012-07-10 | 2012-12-26 | 郭小卫 | Method and device for achieving authentication on intelligent device by mobile terminal |
| CN103530936A (en) * | 2013-10-08 | 2014-01-22 | 上海众人网络安全技术有限公司 | Electronic cipherer and transaction historical record retention query method of electronic cipherer |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104506543A (en) * | 2014-12-26 | 2015-04-08 | 上海众人网络安全技术有限公司 | Security certification system and method based on optical signals |
| CN104506543B (en) * | 2014-12-26 | 2017-11-17 | 上海众人网络安全技术有限公司 | A kind of security certification system and its authentication method based on optical signal |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104021328B (en) | 2018-02-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10708251B2 (en) | Portable authentication and encryption device and system | |
| US20180060878A1 (en) | Data authenticity identification method and device for safety check of two-dimensional code | |
| CN101272237B (en) | Method and system for automatically generating and filling login information | |
| CN106789939B (en) | A kind of detection method for phishing site and device | |
| US20160026862A1 (en) | Eye reflected content for verification of user liveliness | |
| US10270808B1 (en) | Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity | |
| CN105787324A (en) | Computer information security system | |
| KR20050058296A (en) | Method and system for monitoring user interaction with a computer | |
| TW200939065A (en) | Method and system for securing access to an unsecure network utilizing a transparent identification member | |
| CN103606047A (en) | Password management system | |
| CN107871081A (en) | A kind of computer information safe system | |
| WO2015090170A1 (en) | Digital watermarking data processing module, chip and smart digital watermarking mobile phone | |
| CN105491077A (en) | Identity authentication system | |
| US8825728B2 (en) | Entering confidential information on an untrusted machine | |
| CN104023332B (en) | A kind of electric terminal and its SMS encryption, decryption method | |
| Khan et al. | Cyber security using arabic captcha scheme. | |
| CN106161710A (en) | A kind of user account safety management system based on smart mobile phone | |
| CN102609656A (en) | USB (universal serial bus) key safety enhancing method and USB key safety enhancing system based on image identification | |
| CN102170437A (en) | System and method for realizing Phishing identification based on challenge password token | |
| CN201707674U (en) | Safety device, electronic reader and electronic book security service system | |
| ATE525826T1 (en) | AUTHORIZATION OF A TRANSACTION | |
| WO2023273070A1 (en) | Registration method and system, and electronic device, storage medium and computer program product | |
| CN105337742A (en) | LFSR (Linear Feedback Shift Register) file encryption and decryption methods based on human face image features and GPS (Global Position System) information | |
| Devadiga et al. | E-banking security using cryptography, steganography and data mining | |
| CN108900472A (en) | The transmission method and device of information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20160422 Address after: 201821, room 4, building 1411, 211 Yecheng Road, Jiading Industrial Zone, Shanghai, China Applicant after: Shanghai PeopleNet Security Technology Co., Ltd. Address before: 201203 Shanghai City, Pudong New Area Zhangjiang hi tech park Zuchongzhi Road No. 899 Building 9 room 01 4 Applicant before: Shanghai everybody Science and Technology Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |