CN106888222A - A kind of monitoring method and device for preventing malice safety detection activity - Google Patents
A kind of monitoring method and device for preventing malice safety detection activity Download PDFInfo
- Publication number
- CN106888222A CN106888222A CN201710270868.7A CN201710270868A CN106888222A CN 106888222 A CN106888222 A CN 106888222A CN 201710270868 A CN201710270868 A CN 201710270868A CN 106888222 A CN106888222 A CN 106888222A
- Authority
- CN
- China
- Prior art keywords
- network interface
- interface card
- client
- instruction
- active
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The present invention relates to a kind of monitoring method and device for preventing malice safety detection activity, wherein, method includes:Configuration parameter, determines monitored object;The instruction of network interface card active state is sent to the monitored object, until discovery activity network interface card;Judge whether the client that network interface card is active is configured with local agent, if the client that network interface card is active is configured with local agent, then network interface card is active and is configured with the address information of the client of local agent write-in temporary file, and produces the notification instruction that please be process;According to the notification instruction that please be process, the temporary file is read, it is determined that process object;The instruction of disabling client activities network interface card is sent to the process object.
Description
Technical field
The present invention relates to calculating network security technology area, more particularly to a kind of monitoring for preventing malice safety detection activity
Method and device.
Background technology
Party A agrees to that Party B carries out the safety detection for Party A's internet sites, and has signed agreement, be considered as Party A to
Party B authorizes, and is to find safety inspections using the Main Means of safety problem but unauthorized by the safety detection activity for authorizing
Survey activity will develop into malicious attack behavior.When safety detection is carried out for B/S applications, there is a class to be blocked by agent way
The method cut, change http/https requests, is one of current safety detection most common method.Under this approach, pass through
The proxy configurations of client web browser are changed, all flows for causing client to produce are all proxied to be taken to the agency for specifying
Business device.Proxy server controls client request after the request for receiving client by means such as monitoring, modifications, treats
After achieving the goal, web server is then forwarded to.Web server according to submitting to the request for coming to respond, send out by response data
Proxy server is given, proxy server is controlled after the response for receiving real service device by means such as monitoring, modifications
Response, after purpose to be achieved, is then forwarded to client.More than it is considered as once safety detection activity.From application security protection
Angle considers that the safety detection activity for finding and blocking malice in time is a kind of effective means.
Current industry finds and blocks the method for malice safety detection activity to be mainly from web server side and consider, this
Sample causes very big pressure to web server side, and can not as early as possible find malicious attack behavior.
The content of the invention
It is to solve problem of the prior art, the present invention proposes a kind of monitoring method and dress for preventing malice safety detection activity
Put, the technical program is detected whether to be provided with local agent from client, and whether safety detection work is carried out as client
A dynamic Rule of judgment, and make alarm prompt accordingly or disconnect the treatment action of network.
To achieve the above object, the invention provides a kind of monitoring method for preventing malice safety detection activity, including:
Configuration parameter, determines monitored object;
The instruction of network interface card active state is sent to the monitored object, until discovery activity network interface card;
Judge whether the client that network interface card is active is configured with local agent, if what network interface card was active
Client is configured with local agent, then the address information of the client for being active and being configured with local agent network interface card is write
In entering temporary file, and produce the notification instruction that please be process;
According to the notification instruction that please be process, the temporary file is read, it is determined that process object;
The instruction of disabling client activities network interface card is sent to the process object.
Preferably, also include:
While sending the instruction of disabling client activities network interface card to the process object, text is sent to the process object
Word points out " client has set local agent, enables network interface card after please cancelling again and uses ".
Preferably, also include:
If the client that network interface card is active is configured without local agent, continue to be sent to the monitored object
The instruction of network interface card active state.
Preferably, the parameter is the address information of certain client.
To achieve the above object, present invention also offers a kind of supervising device for preventing malice safety detection activity, including:
Profile module, for configuration parameter, determines monitored object;
Instruction sending module, the instruction for sending network interface card active state to the monitored object, until finding to live
Dynamic network interface card;
Temporary file generation module, for judging whether the client that network interface card is active is configured with local agent,
If the client that network interface card is active is configured with local agent, network interface card is active and local generation is configured with
In the address information write-in temporary file of the client of reason, and produce the notification instruction that please be process;
Temporary file read module, for the notification instruction that please be processed according to, reads the temporary file, it is determined that place
Reason object;
First monitoring instruction sending module, the instruction for sending disabling client activities network interface card to the process object.
Preferably, also include:
Second monitoring instruction sending module, for sending the instruction for disabling client activities network interface card to the process object
Meanwhile, send text prompt " client has set local agent, enables network interface card after please cancelling again and uses " to the process object.
Preferably, if the instruction sending module is additionally operable to the client that network interface card is active and is configured without locally
Agency, then continue to send the instruction of network interface card active state to the monitored object.
Preferably, the parameter of the profile module configuration is the address information of certain client.
Above-mentioned technical proposal has the advantages that:
1st, malice safety detection activity can be limited from this source of client, is realized and examine safely under same LAN
The monitor in real time of survey activity and blocking.
2nd, the use of a class safety detection instrument can be effectively limited, so as to reduce malicious attack behavior.
3rd, the communication pressure of web server is alleviated, and can as early as possible finds malicious attack behavior.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing
The accompanying drawing to be used needed for having technology description is briefly described, it should be apparent that, drawings in the following description are only this
Some embodiments of invention, for those of ordinary skill in the art, on the premise of not paying creative work, can be with
Other accompanying drawings are obtained according to these accompanying drawings.
Fig. 1 is B/S Organization Charts when client is not provided with acting on behalf of;
Fig. 2 is B/S Organization Charts when client setting is acted on behalf of;
Fig. 3 prevents the monitoring method flow chart of malice safety detection activity for embodiment of the present invention proposition is a kind of;
Fig. 4 is that embodiment of the present invention proposition is a kind of prevents one of supervising device block diagram of malice safety detection activity;
Fig. 5 is that the embodiment of the present invention proposes the two of a kind of supervising device block diagram for preventing malice safety detection activity;
Fig. 6 is the supervising device structural representation of the present embodiment;
Fig. 7 is the internal structure schematic diagram of monitoring unit in the supervising device of the present embodiment;
Fig. 8 is the internal structure schematic diagram of processing unit in the supervising device of the present embodiment;
Fig. 9 is the conceptual scheme of the supervising device of the present embodiment;
Figure 10 is the workflow diagram of the supervising device of the present embodiment.
Specific embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation is described, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.It is based on
Embodiment in the present invention, it is every other that those of ordinary skill in the art are obtained under the premise of creative work is not made
Embodiment, belongs to the scope of protection of the invention.
1st, term explanation
Client:In B/S frameworks, http/https requests, a side of display http/https responses are sent.
Web server:In B/S frameworks, treatment http/https requests, a side of return http/https responses.
Proxy server:In B/S frameworks, between client and web server, can act on behalf of transmission client please
Ask, act on behalf of the side for receiving web server response.
2nd, scheme framework
As shown in figure 1, being B/S Organization Charts when client is not provided with acting on behalf of.Fig. 1 is illustrated and is not provided with proxy server
In the case of, the request/response relation between client and web server.Fig. 2 illustrates the situation for being provided with proxy server
Under, the request/response relation between client and proxy server, between proxy server and web server.
Agent monitors device in the way of access in radio or WLAN are accessed, is put by built-in network interface card with client
In same LAN, and network is reachable.Agent monitors device includes acting on behalf of monitoring modular and processing module, can be by configuring text
The customized mode of part parameter, sets the address information of the client of agent monitors assembly monitor, such as specifies the one of certain client
Individual specific ip, or specify a certain ip sections.Its basic functional principle is monitor client local agent facilities, once find,
Just carry out blocking processing.
In the technical program, local agent refers to that the ip addresses of the set agency of client are client activities network interface card
Ip, or value is the ip of " 127.0.0.1 ".Non-local agency refers to that other in addition to local agent act on behalf of set-up mode, such as visitor
The ip addresses of the set agency in family end are another ip of client under LAN.
The technical program is applied to client without setting agency or needing to set non-local agency, that is, disclosure satisfy that interconnection
The LAN environment of net access demand, is not suitable for client and must be provided with local agent that linking Internet demand could be met
LAN environment.Inapplicable scene citing:Agent software is mounted with client, at this time needs to open agent software, and
Client Agent server address is set into " 127.0.0.1 " could meet linking Internet demand.
Based on foregoing description, the embodiment of the present invention proposes a kind of monitoring method for preventing malice safety detection activity, such as Fig. 3
It is shown.Including:
Step 301):Configuration parameter, determines monitored object;
Specifically, the parameter is the address information of certain client.
Step 302):The instruction of network interface card active state is sent to the monitored object, until discovery activity network interface card;
Step 303):Judge whether the client that network interface card is active is configured with local agent, if network interface card is in
The client of active state is configured with local agent, then be active network interface card and be configured with the client of local agent
In address information write-in temporary file, and produce the notification instruction that please be process;
Specifically, also a kind of situation is:If the client that network interface card is active is configured without local agent,
Continue the instruction to monitored object transmission network interface card active state.
Step 304):According to the notification instruction that please be process, the temporary file is read, it is determined that process object;
Step 305):The instruction of disabling client activities network interface card is sent to the process object.
In step 305, while sending the instruction of disabling client activities network interface card to the process object, can also be to
The process object sends text prompt " client has set local agent, enables network interface card after please cancelling again and uses ".
One of ordinary skill in the art will appreciate that all or part of flow in realizing above-described embodiment method, Ke Yitong
Computer program is crossed to instruct the hardware of correlation to complete, described program can be stored in general computer read/write memory medium
In, the program is upon execution, it may include such as the flow of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
Based on foregoing description, the embodiment of the present invention also proposes a kind of supervising device for preventing malice safety detection activity, such as
Shown in Fig. 4.Including:
Profile module 401, for configuration parameter, determines monitored object;
Specifically, the parameter of the profile module configuration is the address information of certain client.
Instruction sending module 402, the instruction for sending network interface card active state to the monitored object, until finding
Movable network interface card;
Specifically, if instruction sending module 402 is additionally operable to the client that network interface card is active and is configured without locally
Agency, then continue to send the instruction of network interface card active state to the monitored object.
Temporary file generation module 403, for judging whether the client that network interface card is active is configured with local generation
Reason, if the client that network interface card is active is configured with local agent, network interface card is active and this is configured with
In the address information write-in temporary file of the client of ground agency, and produce the notification instruction that please be process;
Temporary file read module 404, for the notification instruction that please be processed according to, reads the temporary file, really
Fixed process object;
First monitoring instruction sending module 405, the finger for sending disabling client activities network interface card to the process object
Order.
On the basis of Fig. 4, the present invention implements also to propose that another kind prevents the supervising device of malice safety detection activity, such as
Shown in Fig. 5.Also include:
Second monitoring instruction sending module 406, the finger for sending disabling client activities network interface card to the process object
While order, " client has set local agent, and enabling network interface card after please cancelling again makes to send text prompt to the process object
With ".
Those skilled in the art will also be appreciated that the various functions that the embodiment of the present invention is listed are by hardware or soft
Part realizes depending on the design requirement of specific application and whole system.Those skilled in the art can be specific for every kind of
Using, it is possible to use various methods realize described function, but this realization is understood not to be protected beyond the embodiment of the present invention
The scope of shield.
Although additionally, being referred to some units of device in above-detailed, this division is only not strong
Property processed.In fact, according to the embodiment of the present invention, the feature and function of above-described two or more units can be
Embodied in one unit.Equally, the feature and function of an above-described unit can also be further divided into by multiple
Unit embodies.
Embodiment 1:
As shown in fig. 6, being the supervising device structural representation of the present embodiment.In the present embodiment, supervising device includes prison
Survey unit and processing unit two parts.As shown in fig. 7, for the internal structure of monitoring unit in the supervising device of the present embodiment is illustrated
Figure.Under same LAN, monitoring unit can adjust by program cycle detection, cycle detection time interval, it is contemplated that Hardware I/O
Expense, is recommended as 1 minute.
(1) profile module, for reading configuration file, determines monitoring object;
(2) instruction sending module, the instruction for sending network interface card active state to each client;
(3) temporary file generation module, for judging whether the client that network interface card is active is configured with local generation
Reason;Network interface card is active and is configured with the ip of the client of local agent one temporary file of write-in.
As shown in figure 8, being the internal structure schematic diagram of processing unit in the supervising device of the present embodiment.In processing unit
Temporary file read module reads temporary file after the notification instruction for receiving monitoring unit, it is determined that process object, treatment
The first monitoring instruction sending module in unit sends the instruction of disabling client activities network interface card to client, meanwhile, the second prison
Control instruction sending module sends text prompt to client:" client has set local agent, and enabling network interface card after please cancelling again makes
With ".The notification instruction that finishes of backward monitoring unit transmission processe, monitoring unit receives after the instruction, " followed from the first step
Ring detection client NIC state " is continued executing with.
Embodiment 2:
As shown in figure 9, the conceptual scheme of the supervising device for the present embodiment.As shown in Figure 10, it is the monitoring dress of the present embodiment
The workflow diagram put.Its job step is:
(1) in the enterprising line parameter configuration of monitoring module, monitored object is determined, such as certain client ip, or certain client
Ip sections, write configuration file.
(2) monitoring modular reads configuration file, determines monitoring object.
(3) instruction of network interface card active state is sent to detection object, discovery activity network interface card then jumps to next step, no
Then circulation of this step 1 minute.
(4) judge whether the client that network interface card is active is configured with local agent, it is found that local agent is then redirected
To next step, step (3) is otherwise jumped to.
(5) network interface card is active and is configured with the ip of the client of local agent one temporary file of write-in.
(6) notification instruction that please be process is sent to processing module.
(7) processing module reads temporary file after the notification instruction for receiving monitoring modular, it is determined that process object.
(8) instruction of disabling client activities network interface card is sent to object client.
(9) text prompt is sent to object client:" client has set local agent, and network interface card is enabled again after please cancelling
Use ".
(10) notification instruction finished to monitoring modular transmission processe.
(11) after monitoring modular receives the instruction, the execution of (2nd) step is jumped to.
From above-mentioned two embodiment, the technical program considers from client-side, detects whether to be provided with local generation
Whether reason, a Rule of judgment of safety detection activity is being carried out as client, and make alarm prompt or disconnection accordingly
The treatment action of network.So mitigate web server side significantly and cause very big pressure, and can as early as possible find malicious attack
Behavior.
Above-described specific embodiment, has been carried out further to the purpose of the present invention, technical scheme and beneficial effect
Describe in detail, should be understood that and the foregoing is only specific embodiment of the invention, be not intended to limit the present invention
Protection domain, all any modification, equivalent substitution and improvements within the spirit and principles in the present invention, done etc. all should include
Within protection scope of the present invention.
Claims (8)
1. a kind of monitoring method for preventing malice safety detection activity, it is characterised in that including:
Configuration parameter, determines monitored object;
The instruction of network interface card active state is sent to the monitored object, until discovery activity network interface card;
Judge whether the client that network interface card is active is configured with local agent, if the client that network interface card is active
End is configured with local agent, then the address information write-in of the client for being active and being configured with local agent network interface card is faced
When file in, and produce the notification instruction that please process;
According to the notification instruction that please be process, the temporary file is read, it is determined that process object;
The instruction of disabling client activities network interface card is sent to the process object.
2. monitoring method as claimed in claim 1, it is characterised in that also include:
While sending the instruction of disabling client activities network interface card to the process object, send word to the process object and carry
Show " client has set local agent, enables network interface card after please cancelling again and uses ".
3. monitoring method as claimed in claim 1 or 2, it is characterised in that also include:
If the client that network interface card is active is configured without local agent, continues to be sent to the monitored object and monitor
The instruction of network interface card active state.
4. monitoring method as claimed in claim 1 or 2, it is characterised in that the parameter is the address information of certain client.
5. a kind of supervising device for preventing malice safety detection activity, it is characterised in that including:
Profile module, for configuration parameter, determines monitored object;
Instruction sending module, the instruction for sending network interface card active state to the monitored object, until discovery activity net
Card;
Temporary file generation module, for judging whether the client that network interface card is active is configured with local agent, if
The client that network interface card is active is configured with local agent, then be active network interface card and be configured with local agent
In the address information write-in temporary file of client, and produce the notification instruction that please be process;
Temporary file read module, for the notification instruction that please be processed according to, reads the temporary file, it is determined that treatment is right
As;
First monitoring instruction sending module, the instruction for sending disabling client activities network interface card to the process object.
6. supervising device as claimed in claim 5, it is characterised in that also include:
Second monitoring instruction sending module, for sending the same of the instruction for disabling client activities network interface card to the process object
When, send text prompt " client has set local agent, enables network interface card after please cancelling again and uses " to the process object.
7. the supervising device as described in claim 5 or 6, it is characterised in that if the instruction sending module is additionally operable to network interface card
The client being active is configured without local agent, then continue to send network interface card active state to the monitored object
Instruction.
8. the supervising device as described in claim 5 or 6, it is characterised in that the parameter of the profile module configuration is certain
The address information of individual client.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710270868.7A CN106888222B (en) | 2017-04-24 | 2017-04-24 | Monitoring method and device for preventing malicious security detection activities |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710270868.7A CN106888222B (en) | 2017-04-24 | 2017-04-24 | Monitoring method and device for preventing malicious security detection activities |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106888222A true CN106888222A (en) | 2017-06-23 |
CN106888222B CN106888222B (en) | 2020-08-18 |
Family
ID=59183553
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710270868.7A Active CN106888222B (en) | 2017-04-24 | 2017-04-24 | Monitoring method and device for preventing malicious security detection activities |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106888222B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101022340A (en) * | 2007-03-30 | 2007-08-22 | 武汉烽火网络有限责任公司 | Intelligent control method for realizing city Ethernet exchanger switch-in security |
CN101132278A (en) * | 2006-08-24 | 2008-02-27 | 腾讯科技(深圳)有限公司 | System, method and scanning server for checking user's network proxy login |
CN101212375A (en) * | 2006-12-30 | 2008-07-02 | 北大方正集团有限公司 | Method and system for controlling network access via agent |
US20100313199A1 (en) * | 2007-08-30 | 2010-12-09 | Ying Chen | Method, Server and System for Converging Desktop Application and Web Application |
CN104954340A (en) * | 2014-03-31 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Proxy IP address detection method and device |
CN106411819A (en) * | 2015-07-30 | 2017-02-15 | 阿里巴巴集团控股有限公司 | Method and apparatus for recognizing proxy Internet protocol address |
-
2017
- 2017-04-24 CN CN201710270868.7A patent/CN106888222B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101132278A (en) * | 2006-08-24 | 2008-02-27 | 腾讯科技(深圳)有限公司 | System, method and scanning server for checking user's network proxy login |
CN101212375A (en) * | 2006-12-30 | 2008-07-02 | 北大方正集团有限公司 | Method and system for controlling network access via agent |
CN101022340A (en) * | 2007-03-30 | 2007-08-22 | 武汉烽火网络有限责任公司 | Intelligent control method for realizing city Ethernet exchanger switch-in security |
US20100313199A1 (en) * | 2007-08-30 | 2010-12-09 | Ying Chen | Method, Server and System for Converging Desktop Application and Web Application |
CN104954340A (en) * | 2014-03-31 | 2015-09-30 | 腾讯科技(深圳)有限公司 | Proxy IP address detection method and device |
CN106411819A (en) * | 2015-07-30 | 2017-02-15 | 阿里巴巴集团控股有限公司 | Method and apparatus for recognizing proxy Internet protocol address |
Also Published As
Publication number | Publication date |
---|---|
CN106888222B (en) | 2020-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109587135A (en) | Service interaction plateform system based on tertiary-structure network | |
CN106790758A (en) | A kind of method and device of the network object of access NAT network internals | |
WO2018093643A1 (en) | Security systems and methods using an automated bot with a natural language interface for improving response times for security alert response and mediation | |
CN102739684B (en) | Portal authentication method based on virtual IP address, and server thereof | |
CN101621428B (en) | Botnet detection method, botnet detection system and related equipment | |
WO2007094942A2 (en) | Dynamic threat event management system and method | |
US20080127322A1 (en) | Solicited remote control in an interactive management system | |
CN103959712B (en) | Time control in large-scale firewall cluster | |
CN107873129A (en) | Security service for not managed device | |
CN105939326A (en) | Message processing method and device | |
CN107911376A (en) | The WEB systems single-sign-on and access control implementation method of a kind of non-invasive | |
US10911487B2 (en) | On-device network protection | |
KR20160075610A (en) | Intelligent firewall access rules | |
CN107409119A (en) | Prestige is determined by network characteristic | |
Burlachenko et al. | Vulnerabilities analysis and defense based on MAS method in fast dynamic wireless networks | |
WO2023193513A1 (en) | Honeypot network operation method and apparatus, device, and storage medium | |
US7840663B1 (en) | Desktop security in peer-to-peer networks | |
CN107257344A (en) | The access method and its system of server | |
CN105245336B (en) | A kind of file encryption management system | |
CN102664913B (en) | Method and device for webpage access control | |
CN102754488A (en) | User access control method, apparatus and system | |
CN106888222A (en) | A kind of monitoring method and device for preventing malice safety detection activity | |
CN107517206A (en) | A kind of method, apparatus of secure communication, computer-readable recording medium and storage control | |
CN107391714A (en) | A kind of screenshot method, capture server, sectional drawing service system and medium | |
Jain et al. | General study of mobile agent based intrusion detection system (IDS) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20201225 Address after: 100140, 55, Fuxing Avenue, Xicheng District, Beijing Patentee after: INDUSTRIAL AND COMMERCIAL BANK OF CHINA Patentee after: ICBC Technology Co.,Ltd. Address before: 100140, 55, Fuxing Avenue, Xicheng District, Beijing Patentee before: INDUSTRIAL AND COMMERCIAL BANK OF CHINA |