CN104021467A - Method and device for protecting payment security of mobile terminal and mobile terminal - Google Patents

Method and device for protecting payment security of mobile terminal and mobile terminal Download PDF

Info

Publication number
CN104021467A
CN104021467A CN201410261588.6A CN201410261588A CN104021467A CN 104021467 A CN104021467 A CN 104021467A CN 201410261588 A CN201410261588 A CN 201410261588A CN 104021467 A CN104021467 A CN 104021467A
Authority
CN
China
Prior art keywords
payment
mobile terminal
client
information
white list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410261588.6A
Other languages
Chinese (zh)
Inventor
孟齐源
高祎玮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410261588.6A priority Critical patent/CN104021467A/en
Publication of CN104021467A publication Critical patent/CN104021467A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06QDATA PROCESSING SYSTEMS OR METHODS, SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL, SUPERVISORY OR FORECASTING PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification

Abstract

The invention provides a method and device for protecting payment security of a mobile terminal and the mobile terminal. The method for protecting the payment security of the mobile terminal comprises the steps that the operation state of the mobile terminal is monitored so as to confirm that the mobile terminal enters in a payment scene; the progress change in the mobile terminal is monitored; whether a changing process is progresses in a payment environment white list or not is inquired, and progress information allowing operation to be completed in the payment environment is included in the payment environment white list; if the changing process is not the progresses in the payment environment white list, the changing process is terminated. According to the method and device for protecting the payment security of the mobile terminal, after the mobile terminal enters in the payment scene, the change condition of the progress in the terminal is monitored and analyzed, the progress not allowed to operate in the payment scene is terminated in time, and therefore the security of the payment scene can be protected, and the security of mobile payment is improved.

Description

Method and apparatus and the mobile terminal of protection mobile terminal payment safety
Technical field
The present invention relates to moving communicating field, particularly relate to a kind of method and apparatus and mobile terminal of protecting mobile terminal payment safety.
Background technology
Mobile payment is merged terminal device, internet, application provider and financial institution mutually, for user provides monetary payoff, the financial business such as pay the fees.Along with mobile e-business develops rapidly, third party's payment, bank etc. fall over each other to release mobile payment client, and the transaction such as shopping, financing, service for life class client, also in continuous appearance, has greatly enriched the market applied environment of mobile payment.
Mobile payment user's cell-phone number or other signs, as associated payment account, are carried out payment transaction activity by identity validation.Mobile payment access way can comprise the modes such as note, voice, network connection.In remote mobile payment technical field, internetwork connection mode is most widely used at present, and user provides the businessman of certain commodity or service to send transaction application by moving to, utilize wireless network transmissions transaction data and complete transaction payment.
The security of mobile payment is to affect the key factor that can payment transaction develop.The security of mobile payment relates to the security problems of the maintaining secrecy of user profile, user's fund and payment information, and its security risk facing mainly comes from two aspects: the security of network and system, the security of terminal.
Aspect terminal, some trojan horse programs and Fishing net standing-meeting disguise oneself as paying website and payment client terminal, gain user's account number cipher by cheating or directly carry out financial swindling, in prior art, mainly relies on scanning to remove wooden horse, guarantees end message safety.Yet some wooden horses only just start after specific condition triggers, the mode of dependence static scanning cannot be eliminated the potential safety hazard of payment completely.
Summary of the invention
In view of the above problems, the present invention has been proposed to a kind of device and corresponding protection mobile terminal payment safety method that overcomes the problems referred to above or the mobile terminal addressing the above problem at least in part and protection mobile terminal payment safety is provided.
Further object of the present invention is will improve mobile terminal in the security paying under environment.
According to one aspect of the present invention, provide a kind of method of protecting mobile terminal payment safety.The method comprises: the running status of monitoring mobile terminal enters payment scene to determine mobile terminal; Process in monitoring mobile terminal changes; Whether the process that changes of inquiry is the process paying in environment white list, wherein pays to preserve in advance in environment white list to allow the progress information that moves in paying environment; If not, the process that termination changes.
Alternatively, the running status of monitoring mobile terminal comprises: the information of obtaining the new client starting in mobile terminal; The information of client and preset payment class client-side information are compared; In the successful situation of comparison, determine that mobile terminal enters payment scene.
Alternatively, client-side information and preset payment class client-side information are compared and comprised: the client-side information of client-side information and preset payment client terminal list is compared, if there is the consistent list items of comparison result, compare successfully, in payment client terminal list, preserve in advance the characteristic information of multiple payment class client; And/or bag name and tag name in extraction client-side information, in inquiry packet name and tag name, whether comprise the feature key word that pays class client, if compare successfully.
Alternatively, the process variation in monitoring mobile terminal comprises: the process variation in monitoring mobile terminal comprises: monitoring mobile terminal has or not new window to eject, and determines the process of ejection new window.
Alternatively, the process variation in monitoring mobile terminal comprises: monitoring mobile terminal has or not new process initiation; Whether the process that inquiry changes is that the process paying in environment white list comprises: the process newly starting and the process paying in environment white list are carried out to characteristic matching, if the match is successful, determine that the new process starting is for paying the process in environment white list.
Alternatively, the process paying in environment white list comprises: process, the system process that the permission of recording in buffer memory is opened and be judged to be the process without payment risk by cloud killing server.
Alternatively, the process in monitoring mobile terminal also comprises before changing: the process of moving in enumerating mobile terminal; Stop not belonging to the process enumerating that pays environment white list.
According to another aspect of the present invention, also provide a kind of device of protecting mobile terminal payment safety.This device comprises: pay identification module, the running status that is configured to monitor mobile terminal enters payment scene to determine mobile terminal; Process monitoring module, the process that is configured to monitor in mobile terminal changes; Process analysis module, whether be the process that pay in environment white list, wherein pay to preserve in advance in environment white list to allow the progress information that moves in paying environment if being configured to the process that changes of inquiry; Procedure termination module, is configured to stop not belonging to the process changing that pays environment white list.
Alternatively, paying identification module is also configured to: the information of obtaining the new client starting in mobile terminal; The information of client and preset payment class client-side information are compared; In the successful situation of comparison, determine that mobile terminal enters payment scene.
Alternatively, payment identification module comprises: comparing submodule, be configured to the client-side information of client-side information and preset payment client terminal list to compare, if there is the consistent list items of comparison result, compare successfully, in payment client terminal list, preserve in advance the characteristic information of multiple payment class client; Signature analysis submodule, is configured to extract bag name and tag name in client-side information, whether comprises the feature key word that pays class client, if compare successfully in inquiry packet name and tag name.
Alternatively, process monitoring module is also configured to: control mobile terminal has or not new window to eject, and determines the process that ejects new window.
Alternatively, process monitoring module is also configured to: monitoring mobile terminal has or not new process initiation; Process analysis module is also configured to: the process newly starting and the process paying in environment white list are carried out to characteristic matching, if the match is successful, determine that the new process starting is for paying the process in environment white list.
Alternatively, the device of above protection mobile terminal payment safety also comprises: the process module of clearing out a gathering place, is configured to enumerate the process of moving in mobile terminal, and stops not belonging to the process enumerating that pays environment white list.
According to another aspect of the present invention, provide a kind of mobile terminal.This mobile terminal comprises: the device of above any protection mobile terminal payment safety of introducing.
The method and apparatus of protection mobile terminal payment safety of the present invention is after entering payment scene; the situation of change of process in terminal is monitored and analyzed; termination in time does not allow the process of moving in paying environment; therefore can protect the safety that pays scene, improve the security of mobile payment.
Further, the method for protection mobile terminal payment safety of the present invention, when entering payment scene, removes and pays irrelevant process, completes to pay and clears out a gathering place, for secure payment provides safe payment environment.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
According to the detailed description to the specific embodiment of the invention by reference to the accompanying drawings below, those skilled in the art will understand above-mentioned and other objects, advantage and feature of the present invention more.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 is the schematic diagram of protecting according to an embodiment of the invention the device of mobile terminal payment safety;
Fig. 2 is the schematic diagram of protecting according to an embodiment of the invention the method for mobile terminal payment safety;
Fig. 3 is according to determining in the method for payment based on mobile terminal of the embodiment of the present invention that mobile terminal enters the process flow diagram that pays scene;
Fig. 4 is according to the interfacial effect figure of client scan in the method for payment based on mobile terminal of the embodiment of the present invention;
Fig. 5 is the design sketch that carries out version verification according in the method for payment based on mobile terminal of the embodiment of the present invention;
Fig. 6 is according to paying the process flow diagram of clearing out a gathering place in the method for payment based on mobile terminal of the embodiment of the present invention; And
Fig. 7 is according to a kind of optional process flow diagram of the method for payment based on mobile terminal of the embodiment of the present invention.
Embodiment
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
Fig. 1 is the schematic diagram of protecting according to an embodiment of the invention the device 100 of mobile terminal payment safety; the device 100 of this protection mobile terminal payment safety can comprise in general manner: pay identification module 110, process monitoring module 120, process analysis module 130, procedure termination module 140, the process module 150 of clearing out a gathering place; can be according to the functional requirement of the device of the protection mobile terminal payment safety of the present embodiment with upper module; be configured flexibly; under some optional environment, can not configure above all modules.
The device 100 of the protection mobile terminal payment safety of the present embodiment can be installed in the mobile terminal or other mobile payment devices of the present embodiment, and moves in mobile terminal carries out the process of mobile payment, improves the security of the payment data of mobile terminal.
In each parts of the device 100 of the protection mobile terminal payment safety of above the present embodiment, pay identification module 110 and to determine mobile terminal, enter payment scene for monitoring the running status of mobile terminal.Paying determining of scene can determine according to the running status of mobile terminal, for example, obtain the information of the new client starting in mobile terminal; The information of client and preset payment class client-side information are compared; In the successful situation of comparison, determine that mobile terminal enters payment scene, the client who namely utilizes mobile terminal to start brings in judgement and pays scene, when mobile terminal being detected, have after new client terminal start-up, utilize whether the new client starting of information contrast judgement is mobile payment client, if determine that mobile terminal has started payment client terminal, can determine that mobile terminal enters payment scene.Whether the new client starting of judgement is that the process of mobile payment client can mate to realize by local client side list checking and client features.
A kind of concrete structure that pays identification module 110 can arrange: comparing submodule and signature analysis submodule.Wherein, comparing submodule is compared the client-side information of client-side information and preset payment client terminal list, if there is the consistent list items of comparison result, compare successfully, in payment client terminal list, preserve in advance the characteristic information of multiple payment class client.Signature analysis submodule extracts bag name and the tag name in client-side information, whether comprises the feature key word that pays class client, if compare successfully in inquiry packet name and tag name.The payment client terminal list that comparing submodule is used can dynamically be adjusted according to the concrete service condition of mobile terminal, to record all information that payment client terminal has been installed.
The feature of using in signature analysis submodule generally can comprise name and tag name (lable), can comprise the features such as signature, version number in addition.Signature analysis can carry out in mobile terminal this locality, also characteristic information can be uploaded to high in the clouds, after being judged, judged result is returned to mobile terminal by high in the clouds.
The process that process monitoring module 120 is monitored in mobile terminal under paying scene changes, and the situation that process changes comprises: monitoring mobile terminal has or not new process initiation, or has or not new Process Window to eject.
In process monitoring module 120, detect after process variation, whether the process that 130 inquiries of process analysis module change is the process paying in environment white list, whether the new window that for example inquiry is ejected is the window that allows the process of running background in paying scene to eject in the new window opened of user or white list, if not, need to stop this process by procedure termination module.Again for example, the process newly starting and the process paying in environment white list are carried out to characteristic matching, if the match is successful, determine that the new process starting is for paying the process in environment white list.
The process paying in environment white list can comprise: the process that the permission of recording in buffer memory is opened, system process and be judged to be without the process of payment risk etc. and do not have influential process to paying by cloud killing server, the checking of this white list is carried out and can be adopted the mode of local verification and cloud checking to carry out, for example first in this locality, carry out buffer memory checking, signature verification, system process checking, if confirmation process belongs to the process in white list, can complete checking, if cannot verifying, this locality can also mate beyond the clouds, to avoid stopping not having paying environment the process of security threat.
Procedure termination module 140 does not belong to for stopping the process changing that pays environment white list, thereby guarantee payment under environment, mobile terminal can not produce the process exerting an influence to paying, eliminated the potential safety hazard of end side in mobile payment, can also reduce on the other hand irrelevant process to the taking of data transmission channel, improve and pay efficiency.
In addition, the process module 150 of clearing out a gathering place can also enter and pay after scene mobile terminal being detected, enumerates the process of moving in mobile terminal, and stops not belonging to the process enumerating that pays environment white list.Namely, clear out a gathering place 150 pairs of modules of process pay environment and clear out a gathering place, can remove the process irrelevant with mobile payment, prevent the data that the wooden horse that moved or other rogue programs are stolen mobile payment client, but also can reduce taking of network channel.
The device of the protection mobile terminal payment safety of the present embodiment; can open and pay after class client user being detected; first verification pays class client, and after confirming the security of payment class client, pays and clear out a gathering place; to stop the not process in paying environment white list; and in payment process, the process that detects in real time mobile terminal changes, and the not process in paying environment white list that stops restarts; protection pays environment, until mobile terminal exits payment scene.In the whole process of mobile payment, guarantee the payment safety of terminal aspect.
The embodiment of the present invention also provides a kind of method of protecting mobile terminal payment safety; carrying out of any one protection mobile terminal payment safety that the method for this protection mobile terminal payment safety can be introduced by above embodiment, the security with the mobile terminal that improves the present embodiment in payment process.Fig. 2 is the schematic diagram of protecting according to an embodiment of the invention the method for mobile terminal payment safety, and as shown in the figure, the method for this protection mobile terminal payment safety comprises the following steps:
Step S202, the running status of monitoring mobile terminal enters payment scene to determine mobile terminal;
Step S204, the process in monitoring mobile terminal changes;
Step S206, whether the process that inquiry changes is the process paying in environment white list;
Step S208, if not, stops the process changing.
Wherein pay to preserve in advance in environment white list allow the progress information that moves in paying environment, the process of opening such as the permission of recording in buffer memory, system process and by cloud killing server, be judged to be the process that can move without the process of payment risk etc. in paying scene.
If it is the process paying in environment white list that step S206 judges the process of changing, allows this process operation, and can suspend the flow process of mobile payment.
The running status of monitoring mobile terminal in step S202 specifically can comprise: the information of obtaining the new client starting in mobile terminal; The information of client and preset payment class client-side information are compared; In the successful situation of comparison, determine that mobile terminal enters payment scene.Thereby the client that can start according to mobile terminal brings in judgement and enters payment scene, when mobile terminal being detected, have after new client terminal start-up, whether the new client starting of judgement is mobile payment client, if determine that mobile terminal has started payment client terminal, determine that mobile terminal enters payment scene.Whether the new client starting of judgement is that the process of mobile payment client can mate to realize by local client side list checking and client features.Fig. 3 is that this flow process comprises according to determining in the method for payment based on mobile terminal of the embodiment of the present invention that mobile terminal enters the process flow diagram that pays scene:
Whether step S302, have new client terminal start-up in monitoring mobile terminal;
Step S304, whether the new client starting of judgement is the client recording in local payment client terminal list, if so, determines and enters payment scene, if not, can further perform step the definite payment scene that do not enter of S306;
Step S306, if so, whether the feature of the new client starting of judgement determined and entered payment scene with payment class client features keyword match, if not, determine and do not enter payment scene;
In step S304, mobile terminal can be preserved in advance a payment client terminal list in this locality, the payment class client-side information of installing for record move terminal, specifically the client-side information of client-side information and payment client terminal list can be compared, as there is the consistent list items of comparison result, compare successfully, determine and enter payment scene.When the client of new startup is not in list, can perform step S306 utilizes the method for cloud inquiry further to determine, such as the characteristic informations such as bag name, tag name, version information that extract client, with the feature key word that whether comprises payment class client in inquiry packet name and tag name, if compare successfully, determine and enter payment scene.Above payment client terminal list can dynamically be adjusted according to the service condition of mobile terminal, to record all information that payment client terminal has been installed.
After step S202, can also first to payment client terminal, carry out version verification, and pay and clear out a gathering place, close and pay irrelevant process.
Payment client terminal is carried out to the process of version verification and can first carry out virus scan, authority to client, the characteristic matching such as characteristic information, can be by the bag name of client for unascertainable client, signature, the information such as version number are uploaded to high in the clouds and verify, if the result of checking determines that client comprises wooden horse or virus, prompting user unloads, it for the result, is the client that does not comprise wooden horse or virus, can analyze successively the following content of this client: whether be copyrighted software, whether through secondary, pack, whether there is fraud, when client is the legal payment class client without swindle, enter the flow process that pays scene.If client, by checking, can not pointed out user, for example, to user, recommend copyrighted software or prompting payment risk.
Above version verification can be used the fail-safe software with application safety analytic function preset in mobile terminal to carry out, the option of operation that for example preset safety of payment scans in security guard's software, user, this option of operation is clicked or other operation after, security guard is according to above-mentioned version checking process, and scanning pays class client.Fig. 4 is according to the interfacial effect figure of client scan in the method for payment based on mobile terminal of the embodiment of the present invention, and Fig. 5 is the design sketch that carries out version verification according in the method for payment based on mobile terminal of the embodiment of the present invention.As figure on the main interface of fail-safe software except the button of rapid scanning, button that can also preset safety of payment, operates after above button user, security guard is scanned successively to the authority of client, bag name, tag name, version number.
Fig. 6 is that this flow process comprises the following steps according to paying the process flow diagram of clearing out a gathering place in the method for payment based on mobile terminal of the embodiment of the present invention:
Mobile terminal enter pay scene and payment client terminal version by checking after, enumerate all processes of the current operation of mobile terminal, then successively process is carried out judging: local cache inquiry judging, the judgement of white signature, system process judgement, cloud killing judgement, the judgement of cloud killing result.
Wherein, local cache inquiry judging refers in file scanning process the feature (file path of file, file size, the last modification time of file, document creation time, by three elements, calculate MD5 in full, SHA1) be stored in local data base, thereby can obtain by local data base the file attribute information of file to be scanned.Such as file size, file modification time and file path etc.In system, file attribute information can carry out real-time update according to the modification of file.According to file path, from local data base, obtain fileinfo for same file, if application layer scan perception is to file size, the last modification time of file, the document creation time does not change, and drive layer (qutmdrv.sys) in file monitor process, also not monitor file write operation occurred, we just think among twice sweep that file does not change so, and the feature that just can directly obtain this document from database is as full text MD5, in full the information such as SHA1.File monitor mainly drives and does, and is mainly whether audit drives detection file to be changed.For example, there is write operation, or attribute is revised, can in database, record this situation of change, and think that this document lost efficacy, in file scanning process, the feature of file (file path, file size, the last modification time of file, document creation time, calculate MD5, SHA1 in full by three elements) is stored in to local data base.If unmodified mistake, the feature that just can directly obtain this document from database is as full text MD5, in full the information such as SHA1.
Because the creation-time of the last modification time of file and file can be revised, if file size is identical so file content changes, and the last modification time of file and the creation-time of file also change into the same, just can cause the method can get a wrong file identification, therefore introduced file monitor, when file generation write operation or other retouching operation, just the corresponding record of local cache database is done to an invalid flag, during lower flyback retrace, again obtain the feature of file.
By local cache inquire about can also determine the process of current scanning with before scanning process mate, for example before this process, be confirmed as white list process, can under payment environment, retain this process, before this process, be confirmed as blacklist process, can add black/grey process list, and remove, for local cache, inquiry can be designated as gray list process without result or the indefinite process of type, carries out next step judgement.
White signature judgement refers to and judges that whether current process is the process of the forward some white signatures of the sequence of local record, for example use 1000 can be defined as white signature signature corresponding to process compared, if confirmation process signature belongs to white signature, can under payment environment, retain this process, if process signature, in white signature, does not need to carry out next step judgement.
System process judgement refers to and judges whether current process is system core process, generally speaking, the UID of system core process (User Identification, user identity proves) be less than 1000, therefore 1000 the process of UID can being less than retains this process paying under environment, otherwise need to carry out next step judgement.
Cloud killing judgement refers to whether the feature of inquiring client terminal mates with the client features in high in the clouds, if there is not the feature of mating with client features in high in the clouds, can under payment environment, retain this process, if inquired beyond the clouds in character pair, need to carry out next step judgement.
The judgement of cloud killing result refers to determines that the result of client cloud killing is white sample or black sample, if white sample can retain this process under payment environment, if be confirmed as black sample, can add black/grey process list, and remove.
A plurality of deterministic processes are carried out successively above, adopt non-black be white strategy, stop all black/grey processes, only allow white process to keep operation paying environment.
After completing and paying and to clear out a gathering place, carry out process monitoring, analysis and processing.Fig. 7 is according to a kind of optional process flow diagram of the method for payment based on mobile terminal of the embodiment of the present invention, and this optional flow process can comprise:
After completing payment liquidation, monitor mobile terminal simultaneously and have or not new process initiation and monitoring mobile terminal to have or not new window to eject, when monitoring new window, execution following steps:
S702, whether monitoring mobile terminal has new Process Window to occur;
S704, whether the new window that inquiry is ejected is the window that the new window opened of user or the process that allows running background in paying scene eject, and performs step if not S706, if so, performs step S708;
S706, closes this new window on backstage, and without pointing out to user;
S708, allows new window to carry out, and by suspend payment client;
When the new process of monitoring, carry out following steps:
Step S710, monitoring mobile terminal has or not new process initiation;
Step S712, call and pay the cache policy clear out a gathering place and carry out process checking, compare with the white process and black/grey process that pay before buffer memory in the process of clearing out a gathering place, cache policy equally can use characteristic the mode of comparison carry out, file path for example, file size, the last modification time of file, document creation time, by three elements, calculate MD5 or SHA1 in full, introduce above, at this, do not repeat;
Step S714, determines whether the process that stops in the process of clearing out a gathering place if so, to perform step S718, if not, and execution step S716;
Step S716, the logic that this process is cleared out a gathering place according to payment further detects, detect steps such as can adopting equally local cache inquiry judging, the judgement of white signature, system process judgement, cloud killing judgement, the judgement of cloud killing result and carry out, the new process not occurring during payment is cleared out a gathering place scans;
Step S718, stops new process.
After step S708 and S718, can judge respectively whether current payment scene exits, judge whether user has closed payment client terminal; return to respectively if not execution step S702 and step S708; if so, finish to pay environmental protection, return and pay scene mobile terminal state before.
The method of the protection mobile terminal payment safety of the present embodiment is after entering payment scene; the situation of change of process in terminal is monitored and analyzed; stop existing in time the process of payment risk, therefore can protect the safety that pays scene, improve the security of mobile payment.And when entering payment scene, remove and pay irrelevant process, completing to pay and clear out a gathering place, for secure payment provides safe payment environment.Thereby eliminated the potential safety hazard causing due to mobile terminal process in mobile payment process.
In the instructions that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the client modules that moves on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize according to the device of protection mobile terminal payment safety of the embodiment of the present invention and the some or all functions of the some or all parts in mobile terminal.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
So far, those skilled in the art will recognize that, although detailed, illustrate and described a plurality of exemplary embodiment of the present invention herein, but, without departing from the spirit and scope of the present invention, still can directly determine or derive many other modification or the modification that meets the principle of the invention according to content disclosed by the invention.Therefore, scope of the present invention should be understood and regard as and cover all these other modification or modifications.
The embodiment of the present invention also provides A1. method of protecting mobile terminal payment safety, comprising:
The running status of monitoring mobile terminal enters payment scene to determine described mobile terminal;
The process of monitoring in described mobile terminal changes;
Whether the process that inquiry changes is the process paying in environment white list, preserves in advance the progress information that permission moves in paying environment in wherein said payment environment white list;
If not, the process changing described in termination.
A2. according to the method described in A1, wherein, the running status of monitoring mobile terminal comprises:
Obtain the information of the new client starting in described mobile terminal;
The information of described client and preset payment class client-side information are compared;
In the successful situation of comparison, determine that described mobile terminal enters payment scene.
A3. according to the method described in A2, wherein, described client-side information and preset payment class client-side information are compared and are comprised:
The client-side information of described client-side information and preset payment client terminal list is compared, if there is the consistent list items of comparison result, compare successfully, in described payment client terminal list, preserve in advance the characteristic information of multiple payment class client; And/or
Extract bag name and tag name in described client-side information, inquire about in described bag name and tag name whether comprise the feature key word that pays class client, if compare successfully.
A4. according to the method described in any one in A1 to A3, wherein,
Process variation in monitoring mobile terminal comprises: monitor described mobile terminal and have or not new window to eject, and determine the process that ejects new window.
A5. according to the method described in any one in A1 to A3, wherein,
Process variation in monitoring mobile terminal comprises: monitor described mobile terminal and have or not new process initiation;
Whether the process that inquiry changes is that the process paying in environment white list comprises: the process newly starting and the process in described payment environment white list are carried out to characteristic matching, if the match is successful, the process of determining described new startup is the process in described payment environment white list.
A6. according to the method described in A5, wherein, the process in described payment environment white list comprises: process, the system process that the permission of recording in buffer memory is opened and be judged to be the process without payment risk by cloud killing server.
A7. according to the method described in any one in A1 to A6, wherein, before changing, the process in monitoring mobile terminal also comprises:
Enumerate the process of moving in described mobile terminal;
Stop not belonging to the process enumerating of described payment environment white list.
The embodiment of the present invention also provides B8. device of protecting mobile terminal payment safety, comprising:
Pay identification module, the running status that is configured to monitor mobile terminal enters payment scene to determine described mobile terminal;
Process monitoring module, the process that is configured to monitor in described mobile terminal changes;
Process analysis module, is configured to inquire about whether the process changing is the process paying in environment white list, preserves in advance the progress information that permission moves in paying environment in wherein said payment environment white list;
Procedure termination module, is configured to the process changing that termination does not belong to described payment environment white list.
B9. according to the device described in B8, wherein, described payment identification module is also configured to:
Obtain the information of the new client starting in described mobile terminal;
The information of described client and preset payment class client-side information are compared;
In the successful situation of comparison, determine that described mobile terminal enters payment scene.
B10. according to the device described in B9, wherein, described payment identification module comprises:
Comparing submodule, be configured to the client-side information of described client-side information and preset payment client terminal list to compare, if there is the consistent list items of comparison result, compare successfully, in described payment client terminal list, preserve in advance the characteristic information of multiple payment class client;
Signature analysis submodule, is configured to extract bag name and tag name in described client-side information, inquires about in described bag name and tag name whether comprise the feature key word that pays class client, if compare successfully.
B11. according to the device described in any one in B8 to B10, wherein,
Described process monitoring module is also configured to: control described mobile terminal and have or not new window to eject, and determine the process that ejects new window.
B12. according to the device described in any one in B8 to B10, wherein,
Described process monitoring module is also configured to: monitor described mobile terminal and have or not new process initiation;
Described process analysis module is also configured to: the process newly starting and the process in described payment environment white list are carried out to characteristic matching, if the match is successful, the process of determining described new startup is the process in described payment environment white list.
B13. according to the device described in any one in B8 to B12, also comprise:
The process module of clearing out a gathering place, is configured to enumerate the process of moving in described mobile terminal, and stops not belonging to the process enumerating of described payment environment white list.
The embodiment of the present invention also provides C14. mobile terminal, comprising: the device of the protection mobile terminal payment safety in B8 to B13 described in any one.

Claims (10)

1. a method of protecting mobile terminal payment safety, comprising:
The running status of monitoring mobile terminal enters payment scene to determine described mobile terminal;
The process of monitoring in described mobile terminal changes;
Whether the process that inquiry changes is the process paying in environment white list, preserves in advance the progress information that permission moves in paying environment in wherein said payment environment white list;
If not, the process changing described in termination.
2. method according to claim 1, wherein, the running status of monitoring mobile terminal comprises:
Obtain the information of the new client starting in described mobile terminal;
The information of described client and preset payment class client-side information are compared;
In the successful situation of comparison, determine that described mobile terminal enters payment scene.
3. method according to claim 2, wherein, described client-side information and preset payment class client-side information are compared and comprised:
The client-side information of described client-side information and preset payment client terminal list is compared, if there is the consistent list items of comparison result, compare successfully, in described payment client terminal list, preserve in advance the characteristic information of multiple payment class client; And/or
Extract bag name and tag name in described client-side information, inquire about in described bag name and tag name whether comprise the feature key word that pays class client, if compare successfully.
4. according to the method in any one of claims 1 to 3, wherein,
Process variation in monitoring mobile terminal comprises: monitor described mobile terminal and have or not new window to eject, and determine the process that ejects new window.
5. according to the method in any one of claims 1 to 3, wherein,
Process variation in monitoring mobile terminal comprises: monitor described mobile terminal and have or not new process initiation;
Whether the process that inquiry changes is that the process paying in environment white list comprises: the process newly starting and the process in described payment environment white list are carried out to characteristic matching, if the match is successful, the process of determining described new startup is the process in described payment environment white list.
6. method according to claim 5, wherein, the process in described payment environment white list comprises: process, the system process that the permission of recording in buffer memory is opened and be judged to be the process without payment risk by cloud killing server.
7. according to the method described in any one in claim 1 to 6, wherein, before changing, the process in monitoring mobile terminal also comprises:
Enumerate the process of moving in described mobile terminal;
Stop not belonging to the process enumerating of described payment environment white list.
8. a device of protecting mobile terminal payment safety, comprising:
Pay identification module, the running status that is configured to monitor mobile terminal enters payment scene to determine described mobile terminal;
Process monitoring module, the process that is configured to monitor in described mobile terminal changes;
Process analysis module, is configured to inquire about whether the process changing is the process paying in environment white list, preserves in advance the progress information that permission moves in paying environment in wherein said payment environment white list;
Procedure termination module, is configured to the process changing that termination does not belong to described payment environment white list.
9. device according to claim 8, wherein, described payment identification module is also configured to:
Obtain the information of the new client starting in described mobile terminal;
The information of described client and preset payment class client-side information are compared;
In the successful situation of comparison, determine that described mobile terminal enters payment scene.
10. a mobile terminal, comprising:
The device of the protection mobile terminal payment safety in claim 8 or 9 described in any one.
CN201410261588.6A 2014-06-12 2014-06-12 Method and device for protecting payment security of mobile terminal and mobile terminal Pending CN104021467A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410261588.6A CN104021467A (en) 2014-06-12 2014-06-12 Method and device for protecting payment security of mobile terminal and mobile terminal

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410261588.6A CN104021467A (en) 2014-06-12 2014-06-12 Method and device for protecting payment security of mobile terminal and mobile terminal
PCT/CN2015/081384 WO2015188788A1 (en) 2014-06-12 2015-06-12 Method and apparatus for protecting mobile terminal payment security, and mobile terminal

Publications (1)

Publication Number Publication Date
CN104021467A true CN104021467A (en) 2014-09-03

Family

ID=51438207

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410261588.6A Pending CN104021467A (en) 2014-06-12 2014-06-12 Method and device for protecting payment security of mobile terminal and mobile terminal

Country Status (2)

Country Link
CN (1) CN104021467A (en)
WO (1) WO2015188788A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104376274A (en) * 2014-11-21 2015-02-25 北京奇虎科技有限公司 Mobile terminal payment interface protection method and device
WO2015188788A1 (en) * 2014-06-12 2015-12-17 北京奇虎科技有限公司 Method and apparatus for protecting mobile terminal payment security, and mobile terminal
CN105260660A (en) * 2015-09-14 2016-01-20 百度在线网络技术(北京)有限公司 Monitoring method, device and system of intelligent terminal payment environment
WO2016015680A1 (en) * 2014-08-01 2016-02-04 北京奇虎科技有限公司 Security detection method and security detection apparatus for mobile terminal input window
CN106204003A (en) * 2015-04-29 2016-12-07 阿里巴巴集团控股有限公司 The safe transfer method of virtual resource, Apparatus and system
CN106228066A (en) * 2016-07-13 2016-12-14 北京金山安全软件有限公司 The process address space prevents malicious modification method, device and terminal
CN106560832A (en) * 2015-12-31 2017-04-12 哈尔滨安天科技股份有限公司 Method and system intercepting Linux core malicious process escalating privilege
CN106651357A (en) * 2016-11-16 2017-05-10 网易乐得科技有限公司 Method and device for recommending payment mode
CN106888186A (en) * 2015-12-15 2017-06-23 北京奇虎科技有限公司 Mobile terminal payment class application security method of payment and device
CN108600162A (en) * 2018-03-13 2018-09-28 江苏通付盾科技有限公司 User authen method and device, computing device and computer storage media
WO2019001388A1 (en) * 2017-06-28 2019-01-03 Oppo广东移动通信有限公司 Payment application program management method and device, and mobile terminal
CN109993525A (en) * 2017-12-29 2019-07-09 广东欧珀移动通信有限公司 Applied program processing method and device, electronic equipment, computer readable storage medium
CN110120964A (en) * 2018-02-07 2019-08-13 北京三快在线科技有限公司 User behavior monitoring method and device and calculating equipment
CN112837059A (en) * 2021-01-12 2021-05-25 曹燕 Payment strategy calling method for block chain security protection and digital financial platform

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109992965B (en) * 2017-12-29 2021-08-17 Oppo广东移动通信有限公司 Process processing method and device, electronic equipment and computer readable storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103795703A (en) * 2011-04-18 2014-05-14 北京奇虎科技有限公司 Method for ensuring user network security and client
CN102222292B (en) * 2011-05-27 2013-08-14 北京洋浦伟业科技发展有限公司 Mobile phone payment protection method
CN102999718B (en) * 2011-09-16 2015-07-29 腾讯科技(深圳)有限公司 The anti-amendment method and apparatus of a kind of payment webpage
CN104021467A (en) * 2014-06-12 2014-09-03 北京奇虎科技有限公司 Method and device for protecting payment security of mobile terminal and mobile terminal

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 Method for ensuring network security of user and client

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015188788A1 (en) * 2014-06-12 2015-12-17 北京奇虎科技有限公司 Method and apparatus for protecting mobile terminal payment security, and mobile terminal
WO2016015680A1 (en) * 2014-08-01 2016-02-04 北京奇虎科技有限公司 Security detection method and security detection apparatus for mobile terminal input window
CN104376274B (en) * 2014-11-21 2017-08-25 北京奇虎科技有限公司 The guard method of mobile terminal payment interface and device
CN104376274A (en) * 2014-11-21 2015-02-25 北京奇虎科技有限公司 Mobile terminal payment interface protection method and device
CN106204003B (en) * 2015-04-29 2021-02-23 创新先进技术有限公司 Method, device and system for safely transferring virtual resources
CN106204003A (en) * 2015-04-29 2016-12-07 阿里巴巴集团控股有限公司 The safe transfer method of virtual resource, Apparatus and system
CN105260660A (en) * 2015-09-14 2016-01-20 百度在线网络技术(北京)有限公司 Monitoring method, device and system of intelligent terminal payment environment
CN106888186A (en) * 2015-12-15 2017-06-23 北京奇虎科技有限公司 Mobile terminal payment class application security method of payment and device
CN106560832A (en) * 2015-12-31 2017-04-12 哈尔滨安天科技股份有限公司 Method and system intercepting Linux core malicious process escalating privilege
CN106228066B (en) * 2016-07-13 2019-12-03 珠海豹趣科技有限公司 The process address space prevents malicious modification method, apparatus and terminal
CN106228066A (en) * 2016-07-13 2016-12-14 北京金山安全软件有限公司 The process address space prevents malicious modification method, device and terminal
CN106651357A (en) * 2016-11-16 2017-05-10 网易乐得科技有限公司 Method and device for recommending payment mode
CN106651357B (en) * 2016-11-16 2021-06-22 网易乐得科技有限公司 Payment mode recommendation method and device
WO2019001388A1 (en) * 2017-06-28 2019-01-03 Oppo广东移动通信有限公司 Payment application program management method and device, and mobile terminal
CN109993525A (en) * 2017-12-29 2019-07-09 广东欧珀移动通信有限公司 Applied program processing method and device, electronic equipment, computer readable storage medium
CN110120964A (en) * 2018-02-07 2019-08-13 北京三快在线科技有限公司 User behavior monitoring method and device and calculating equipment
CN108600162A (en) * 2018-03-13 2018-09-28 江苏通付盾科技有限公司 User authen method and device, computing device and computer storage media
CN108600162B (en) * 2018-03-13 2021-04-30 江苏通付盾科技有限公司 User authentication method and device, computing equipment and computer storage medium
CN112837059A (en) * 2021-01-12 2021-05-25 曹燕 Payment strategy calling method for block chain security protection and digital financial platform

Also Published As

Publication number Publication date
WO2015188788A1 (en) 2015-12-17

Similar Documents

Publication Publication Date Title
CN104021467A (en) Method and device for protecting payment security of mobile terminal and mobile terminal
CN104009977B (en) A kind of method and system of information protection
US8608487B2 (en) Phishing redirect for consumer education: fraud detection
RU2018129947A (en) COMPUTER SECURITY SYSTEM BASED ON ARTIFICIAL INTELLIGENCE
CN103065088B (en) Based on the system and method for the ruling detection computations machine security threat of computer user
CN103116722A (en) Processing method, processing device and processing system of notification board information
CN101816148A (en) Be used to verify, data transmit and the system and method for protection against phishing
CN104376274A (en) Mobile terminal payment interface protection method and device
CN104182687A (en) Security detecting method and security detecting device for mobile terminal input window
CN106934282A (en) The system and method to the access of data are controlled using the API for disabled user
CN103310139A (en) Input validation method and input validation device
CN104080058A (en) Information processing method and device
CN106326737B (en) System and method for detecting the harmful file that can be executed on virtual stack machine
KR102071160B1 (en) Application Information Methods and Devices for Risk Management
CN106921626B (en) User registration method and device
CN108600162A (en) User authen method and device, computing device and computer storage media
US10373135B2 (en) System and method for performing secure online banking transactions
CN107302586A (en) A kind of Webshell detection methods and device, computer installation, readable storage medium storing program for executing
CN111083165A (en) Login interception method and system based on combined anti-collision library platform
CN109753796B (en) Big data computer network safety protection device and use method
Lee et al. A study on realtime detecting smishing on cloud computing environments
CN108052842B (en) Signature data storage and verification method and device
Kywe et al. Dissecting developer policy violating apps: characterization and detection
CN104408368B (en) Network address detection method and device
CN105809074B (en) USB data transmission control method, device, control assembly and system

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140903

RJ01 Rejection of invention patent application after publication