CN106953845B - Method and device for protecting sensitive information input to webpage - Google Patents

Method and device for protecting sensitive information input to webpage Download PDF

Info

Publication number
CN106953845B
CN106953845B CN201710099408.2A CN201710099408A CN106953845B CN 106953845 B CN106953845 B CN 106953845B CN 201710099408 A CN201710099408 A CN 201710099408A CN 106953845 B CN106953845 B CN 106953845B
Authority
CN
China
Prior art keywords
sensitive information
preset
preset website
access
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710099408.2A
Other languages
Chinese (zh)
Other versions
CN106953845A (en
Inventor
朱浩然
杨阳
尹亚伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unionpay Co Ltd
Original Assignee
China Unionpay Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unionpay Co Ltd filed Critical China Unionpay Co Ltd
Priority to CN201710099408.2A priority Critical patent/CN106953845B/en
Publication of CN106953845A publication Critical patent/CN106953845A/en
Application granted granted Critical
Publication of CN106953845B publication Critical patent/CN106953845B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The embodiment of the invention relates to the field of computers, in particular to a method and a device for protecting sensitive information input by a webpage, which are used for protecting the sensitive information input by a user. In the embodiment of the invention, when the access behavior to the preset website is monitored, the access flow of the preset website is proxied; after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website; loading the encrypted sensitive information into the access flow of the agent; and sending the loaded access flow to a server of a preset website to protect sensitive information input by a user on the preset website.

Description

Method and device for protecting sensitive information input to webpage
Technical Field
The embodiment of the invention relates to the field of computers, in particular to a method and a device for protecting sensitive information input to a webpage.
Background
Currently, the domestic financial website provides services in the form of a security control installed by a user for protecting sensitive information input by the user on a payment website. The security control exists in a mode of a browser active X plug-in or NPAPI (network scene plug-in Application Programming Interface), and the protection of sensitive information input by a user on a payment website is realized by calling an operating system keyboard API (Application Programming Interface).
In the prior art, for example, in patent CN200410062399.2, a user is required to download and install a security control, the security control simulates keyboard keystrokes to generate random interference information to form mixed information in the process of inputting sensitive information by the user, and simultaneously the security control records the random interference information, and the security control filters the mixed information based on the recorded random interference information, transmits real sensitive information to an application program, and implements protection of the sensitive information of the user. However, the method for protecting the user sensitive information in the form of the security control has the following problems: (1) the security control uses an ActiveX plug-in or an NPAPI plug-in of a browser, but currently, the Microsoft EDGE browser abandons the support of the ActiveX plug-in, the Chrome (after 45 versions) browser also abandons the support of the NPAPI plug-in, and other browsers such as FireFox also eliminate the NPAPI plug-in; (2) the protection principle of the security plug-in is biased to an application layer, the security control uses an operating system keyboard API to provide services, the priority is not high enough, and when malicious software such as a keyboard, a screen display, browser flow and the like is intercepted, the protection function of the security control is greatly discounted; (3) the security control generally encrypts sensitive information of a user through a browser script, so that the efficiency is low, and the user experience is influenced when the encryption with a high security standard is realized.
In summary, the method for protecting sensitive information input by a user keyboard in the form of a security control in the prior art has the problems that the application range of the method is not wide enough, malicious software is easy to intercept the sensitive information of the user, and the encryption efficiency of the sensitive information is not high enough, so an effective method needs to be provided to solve the problems.
Disclosure of Invention
The embodiment of the invention provides a method and a device for protecting sensitive information input by a webpage, which are used for solving the problems that the application range of the method is not wide enough, malicious software is easy to intercept the sensitive information of a user, and the encryption efficiency of the sensitive information is not high enough in the method for protecting the sensitive information input by a user keyboard in the form of a security control in the prior art.
The embodiment of the invention provides a method for protecting sensitive information input to a webpage, which comprises the following steps:
when the access behavior of a preset website is monitored, the access flow of the preset website is proxied;
after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website;
loading the encrypted sensitive information into the access flow of the agent;
and sending the loaded access flow to a server of a preset website.
Optionally, acquiring sensitive information input by a user includes:
after detecting that a webpage input frame of a preset website is activated, acquiring sensitive information input by a user from an operating system layer, wherein the activation of the webpage input frame of the preset website is detected by identifying a first set identification bit in access flow, and the first set identification bit is used for sending the access flow by using a page script and is added in the access flow;
and replacing the sensitive information with a special symbol and sending the special symbol to the browser.
Optionally, the monitoring of the access behavior of the user to the preset website includes:
polling and monitoring the memory process to determine whether to start a browser;
after the browser is determined to be started, the access flow is analyzed to identify the access behavior of the preset website.
Optionally, loading the encrypted sensitive information into an access flow of the agent, including:
and when the webpage submitting action aiming at the preset website is detected, loading the encrypted sensitive information into the access flow of the agent.
Optionally, loading the encrypted sensitive information into an access flow of the agent, including:
after detecting the webpage submission action aiming at the preset website, identifying a second set identification bit in the access flow and replacing the encrypted sensitive information with the second set identification bit; the second setting identification bit is inserted at the corresponding position of the webpage client side script of the preset website in the webpage input box.
The embodiment of the invention also provides a device for protecting the sensitive information input to the webpage, which comprises the following components:
the proxy unit: the method comprises the steps of monitoring the access behavior of a preset website, and acting the access flow of the preset website;
an encryption unit: the system comprises a data processing module, a data processing module and a data processing module, wherein the data processing module is used for encrypting sensitive information input by a user according to a preset encryption mechanism after acquiring the sensitive information; the preset encryption mechanism is pre-agreed with a server of a preset website;
a loading unit: the system comprises a proxy and a server, wherein the proxy is used for loading encrypted sensitive information into access flow of the proxy;
a transmission unit: and the server is used for sending the loaded access flow to a preset website.
Optionally, the encryption unit is further configured to:
after detecting that a webpage input frame of a preset website is activated, acquiring sensitive information input by a user from an operating system layer, wherein the activation of the webpage input frame of the preset website is detected by identifying a first set identification bit in access flow, and the first set identification bit is used for sending the access flow by using a page script and is added in the access flow;
and replacing the sensitive information with a special symbol and sending the special symbol to the browser.
Optionally, the proxy unit is further configured to:
polling and monitoring the memory process to determine whether to start a browser;
after the browser is determined to be started, the access flow is analyzed to identify the access behavior of the preset website.
Optionally, the loading unit is specifically configured to:
and when the webpage submitting action aiming at the preset website is detected, loading the encrypted sensitive information into the access flow of the agent.
Optionally, the loading unit is further specifically configured to:
after detecting the webpage submission action aiming at the preset website, identifying a second set identification bit in the access flow and replacing the encrypted sensitive information with the second set identification bit; the second setting identification bit is inserted at the corresponding position of the webpage client side script of the preset website in the webpage input box.
The embodiment of the invention provides a method and a device for protecting sensitive information input to a webpage, which are used for proxying the access flow of a preset website when the access behavior of the preset website is monitored; after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website; loading the encrypted sensitive information into the access flow of the agent; and sending the loaded access flow to a server of a preset website. In the embodiment of the invention, when the access behavior to the preset website is monitored, the access flow of the preset website is proxied, so that the work in the form of system process service is realized, and the problem that part of browsers do not support plug-ins in the prior art is avoided; then after the sensitive information input by the user is obtained, the sensitive information is encrypted according to a preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, wherein the preset encryption mechanism is pre-agreed with a server of a preset website, so that on one hand, the problem that in the prior art, after the user inputs the sensitive information, the sensitive information is easily intercepted by malicious software such as a keyboard between an operating system and a browser in the process of sending the sensitive information to the browser is avoided, and on the other hand, after the sensitive information input by the user is obtained, the sensitive information is encrypted according to the preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, so that the risk that the sensitive information of the user is attacked and falsified by the malicious software can be avoided, and the safety of the sensitive information of the user is improved, on the other hand, the traditional method adopts a browser script encryption mode to encrypt sensitive information input by a user, the encryption efficiency is low, and the encryption efficiency is higher by adopting the method of encrypting the sensitive information input by the user in a system process; and finally, the loaded access flow is sent to a server of a preset website to finish the operation of the user on the preset website, so that the whole processes of password acquisition, encryption and loading are finished in a system background, and sensitive information can be prevented from being intercepted by malicious software such as screen display interception, browser flow interception and the like.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings that are required to be used in the description of the embodiments will be briefly described below.
Fig. 1 is a schematic flowchart of a method for protecting sensitive information input to a web page according to an embodiment of the present invention;
FIG. 2 provides an overall method flow diagram of the present invention for an embodiment of the present invention;
fig. 3 is a schematic structural diagram of sensitive information intercepted by malware in the prior art according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart of an overall system according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a protection device for inputting sensitive information into a web page according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more clearly apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
It should be understood that the technical solution of the embodiment of the present invention may be applied to protection of user sensitive information when a user operates on various preset websites, where the preset websites may be preset payment websites, such as union pay, industry, agriculture, etc., as long as the preset websites are supported by various banks, the user may perform operations such as login or payment on various preset websites, and the user sensitive information may be a card number, a password, etc. The present invention is mainly directed to a PC (personal computer) terminal.
The technical scheme of the invention is implemented on the premise that: a user installs a sensitive information protection system on a computer, and the system starts a process in an operating system background and starts up along with the startup of the computer to provide continuous protection service.
Fig. 1 exemplarily shows a flowchart of a method for protecting sensitive information input to a web page according to an embodiment of the present invention, as shown in fig. 1, the method includes the following steps:
s101: when the access behavior of a preset website is monitored, the access flow of the preset website is proxied;
s102: after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website;
s103: loading the encrypted sensitive information into the access flow of the agent;
s104: and sending the loaded access flow to a server of a preset website.
In S101, when the access behavior to the preset website is monitored, the access flow of the preset website is proxied. In a specific implementation, before the agent presets the access flow of the website, the method further includes: polling and monitoring the memory process to determine whether to start a browser; after the browser is determined to be started, the access flow is analyzed to identify the access behavior of the preset website. Specifically, the sensitive information protection system performs polling monitoring on a memory process of a user to determine a behavior of opening a browser by the user, because the user may perform various behaviors in specific implementation, such as opening the browser, opening a file, and the like, the various behaviors performed by the user need to be polled and monitored, and an action of opening the browser by the user is identified to determine a behavior of opening the browser by the user, where the browser may be a common browser such as iexpore, chrome, and firefox. After determining the behavior of the user for opening the browser, analyzing the user access flow, and determining whether the user opens the preset payment website, that is, identifying the access behavior of the user to the preset website, wherein in the specific implementation, it is determined whether the user opens the preset payment website by adopting a method of a page tag Title value of the browser, for example, the preset payment website can be stored in a list, for example, the page tag Title value is 'unionpay', if the unionpay is just in the stored preset payment website list, then the user opens the preset payment website, and at this time, the user performs proxy on the access flow of the user at the payment website. In a specific implementation, the access traffic of the user on the preset payment website may be proxied by using an underlying network interface or a network card driver layer interface. When the access behavior of the preset website is monitored, the access flow of the preset website is proxied, and the method disclosed by the invention works in a process service mode without depending on a plug-in, can be normally used under the condition that the browser does not support the plug-in, and avoids the problem that the plug-in cannot be normally used on part of the browser.
In S102, after the sensitive information input by the user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website. Specifically, after the user inputs the sensitive information on the keyboard, the sensitive information of the user is encrypted. In specific implementation, the encryption mechanism is to use a public key to perform asymmetric encryption on the sensitive information of the user, wherein the preset encryption mechanism is pre-agreed with a server of a preset website.
Optionally, acquiring sensitive information input by a user includes:
after detecting that a webpage input frame of a preset website is activated, acquiring sensitive information input by a user from an operating system layer, wherein the activation of the webpage input frame of the preset website is detected by identifying a first set identification bit in access flow, and the first set identification bit is used for sending the access flow by using a page script and is added in the access flow; and replacing the sensitive information with a special symbol and sending the special symbol to the browser. In specific implementation, the method for detecting activation of the webpage input box of the preset website may be a method for sending access traffic by using a page script, adding a first set identification bit in the traffic, and identifying the traffic during analysis by using a sensitive information protection system. When the activation of the webpage input box of the preset website is detected, the sensitive information input by the user is obtained from the operating system layer, in the specific implementation, the sensitive information input by the user can be obtained from the operating system layer by adopting an interrupt technology and a drive technology. The acquired sensitive information is replaced by special symbols, wherein the special symbols can be characters for example, the special symbols are fed back to an operating system, the special symbols are sent to a browser by the operating system and are displayed on a page, the displayed sensitive information is replaced by the special symbols, the displayed sensitive information is not real information, the sensitive information intercepted by the screen display and the browser flow malicious software is not real, and the content of the sensitive information really input by a user is ensured not to be leaked.
Therefore, after a user inputs sensitive information on a keyboard, the sensitive information protection system does two works, one work is to encrypt the sensitive information acquired from an operating system layer, so that the problem that the sensitive information is easily intercepted by malicious software on the keyboard between the operating system layer and a browser, namely a high layer is avoided, and the other work is to replace the acquired sensitive information with a special symbol, send the replaced sensitive information to the browser and display the replaced sensitive information back on a page, so that the problems of screen display interception by the malicious software and browser flow interception of the sensitive information are avoided, and even if the sensitive information is intercepted by the malicious software and the browser flow interception of the malicious software, the intercepted sensitive information is not real sensitive information.
In S103, loading the encrypted sensitive information into the access traffic of the agent, including: and when the webpage submitting action aiming at the preset website is detected, loading the encrypted sensitive information into the access flow of the agent. Specifically, the access flow of the user is analyzed, the webpage submission action of the user on the preset website is identified, and when the webpage submission action of the user on the preset website is identified, the encrypted sensitive information is loaded into the access flow of the agent. In specific implementation, when the user submits the action on the webpage of the preset website, the action may be submitted by clicking a button such as login or payment after the user finishes inputting the keyboard.
Optionally, loading the encrypted sensitive information into an access flow of the agent, including: after detecting the webpage submission action aiming at the preset website, identifying a second set identification bit in the access flow and replacing the encrypted sensitive information with the second set identification bit; the second setting identification bit is inserted at the corresponding position of the webpage client side script of the preset website in the webpage input box. Specifically, after a webpage submitting action aiming at a preset website is detected, a second set identification bit is inserted into a corresponding position of a webpage input box by a webpage client side script of the preset website, the sensitive information protection system obtains access flow of the preset website, identifies the second set identification bit in the access flow and replaces the encrypted sensitive information with the second set identification bit. For example, when a user clicks a button for logging in or paying in a preset payment website to submit, a webpage client script of the preset website is inserted into the second setting identification bit at a corresponding position of the webpage input box, assuming that the user name is: a certain; password: # #; and the sensitive information protection system acquires the access flow of the preset website, identifies a second set identification bit # in the access flow and replaces the encrypted sensitive information with the second set identification bit.
And S104, sending the loaded access flow to a server of a preset website. Specifically, the encrypted sensitive information with the set identification bit replaced is loaded into the access flow, the loaded access flow is sent to a server of a preset website, the server of the preset website decrypts the received access flow, and the user logs in or pays the preset payment website, and the like, wherein in specific implementation, the server of the preset website decrypts the received access flow by using a server private key. And sending the access flow loaded with the encrypted sensitive information to a server of a preset website, so as to further ensure the security of the sensitive information of the user.
For better understanding of the technical solution of the present invention, fig. 2 exemplarily shows an overall method flowchart of the present invention, as shown in fig. 2:
s201: starting;
s202: the sensitive information protection system starts a background process;
s203: polling and monitoring a user memory process, and determining that a user starts a browser;
s204: judging whether a user opens a preset website, if so, executing S205, otherwise, executing S203;
s205: the method comprises the steps of acting access flow of a preset website;
s206: judging whether a user activates a webpage input box of a preset website, if so, executing S207, otherwise, executing S205;
s207: taking over the keyboard input of a user and acquiring sensitive information input by the user;
s208: encrypting the acquired sensitive information input by the user;
s209: loading the encrypted sensitive information into the access flow of the agent;
s210: sending the loaded access flow to a server of a preset website;
s211: and (6) ending.
In the prior art, the problems are that: after a user inputs sensitive information on a keyboard, the sensitive information is sent to a browser by an operating system, the browser sends the sensitive information to a server, and malicious software such as a keyboard is easy to intercept the sensitive information input by the user between the operating system and the browser, so that the sensitive information input by the user is unsafe, and further economic loss of the user may be caused.
Compared with the prior art, in order to better highlight the advantages of the present invention, fig. 4 exemplarily shows a schematic flow diagram of the overall system of the present invention, as shown in fig. 4, a user inputs sensitive information on a keyboard, a sensitive information protection system encrypts the acquired sensitive information on the one hand when an operating system acquires the sensitive information input by the user, and on the other hand, replaces the acquired sensitive information with a special symbol, and sends the replaced sensitive information to a browser; when the user opens the preset payment website, the access flow of the user on the payment website is proxied, when the fact that the user clicks login or a payment button action on the payment website is identified to submit is recognized, the encrypted sensitive information is loaded into the access flow of the proxy, and the loaded access flow is sent to a server of the preset website.
In summary, compared with the prior art, in the technical scheme of the present invention, firstly, the system process service is adopted to work, and the problem that the conventional plug-in is not supported by the partial version browser is solved. The traditional method for protecting the security control of user sensitive information input uses the modes of ActiveX (general IE kernel browser) and NPAPI (general non-IE kernel browser) plug-ins to provide services. Currently, however, Microsoft EDGE browsers have abandoned support for ActiveX plug-ins, while Chrome (after version 45) browsers have also abandoned support for NPAPI plug-ins. Meanwhile, other browsers such as FireFox and the like also propose a plan for eliminating NPAPI plug-ins. In this case, the traditional security control cannot be used normally, but the proposed method works in the form of operating system process service without depending on browser plug-ins, and can be used normally under the condition that the browser does not support ActiveX and NPAPI plug-ins. Secondly, the sensitive information input by the user is ensured not to be intercepted by malicious software by using an interrupt technology and a driving technology of the bottom layer of the operating system. Because the technology is closer to the bottom layer of an operating system and has higher priority than general programs, more reliable security protection can be realized. Thirdly, the access flow of the user and the access flow of the preset website are subjected to proxy protection by using an access flow proxy technology, so that the security is higher. And fourthly, traffic proxy is carried out on the traffic of the user and the payment website, so that analysis, monitoring and processing are carried out, risks that the traffic of a browser of the user is attacked by malicious software to be tampered with information and the like are avoided, and the safety is higher. Fifthly, the scheme of carrying out asymmetric encryption on the user sensitive information input in the system process is adopted, so that the efficiency is higher. A scheme of asymmetrically encrypting user sensitive information input by using a page Javascript is adopted in a general payment website, but due to the limitation of the nature and the performance of a browser Javascript, the encryption efficiency is low. The method of the invention completes the encryption process in the operating system process, thereby having higher efficiency.
The embodiment of the invention provides a method for protecting sensitive information input to a webpage, which is used for substituting the access flow of a preset website when the access behavior of the preset website is monitored; after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website; loading the encrypted sensitive information into the access flow of the agent; and sending the loaded access flow to a server of a preset website. In the embodiment of the invention, when the access behavior to the preset website is monitored, the access flow of the preset website is proxied, so that the work in the form of system process service is realized, and the problem that part of browsers do not support plug-ins in the prior art is avoided; then after the sensitive information input by the user is obtained, the sensitive information is encrypted according to a preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, wherein the preset encryption mechanism is pre-agreed with a server of a preset website, so that on one hand, the problem that in the prior art, after the user inputs the sensitive information, the sensitive information is easily intercepted by malicious software such as a keyboard between an operating system and a browser in the process of sending the sensitive information to the browser is avoided, and on the other hand, after the sensitive information input by the user is obtained, the sensitive information is encrypted according to the preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, so that the risk that the sensitive information of the user is attacked and falsified by the malicious software can be avoided, and the safety of the sensitive information of the user is improved, on the other hand, the traditional method adopts a browser script encryption mode to encrypt sensitive information input by a user, the encryption efficiency is low, and the encryption efficiency is higher by adopting the method of encrypting the sensitive information input by the user in a system process; and finally, the loaded access flow is sent to a server of a preset website to finish the operation of the user on the preset website, so that the whole processes of password acquisition, encryption and loading are finished in a system background, and sensitive information can be prevented from being intercepted by malicious software such as screen display interception, browser flow interception and the like.
Based on the same conception, the protection device for inputting sensitive information to a web page provided by the embodiment of the present invention, as shown in fig. 5, includes a proxy unit 301, an encryption unit 302, a loading unit 303, and a sending unit 304. Wherein:
the proxy unit 301: the method comprises the steps of monitoring the access behavior of a preset website, and acting the access flow of the preset website;
the encryption unit 302: the system comprises a data processing module, a data processing module and a data processing module, wherein the data processing module is used for encrypting sensitive information input by a user according to a preset encryption mechanism after acquiring the sensitive information; the preset encryption mechanism is pre-agreed with a server of a preset website;
the loading unit 303: the system comprises a proxy and a server, wherein the proxy is used for loading encrypted sensitive information into access flow of the proxy;
the transmission unit 304: and the server is used for sending the loaded access flow to a preset website.
Optionally, the encryption unit 302 is further configured to:
after detecting that a webpage input frame of a preset website is activated, acquiring sensitive information input by a user from an operating system layer, wherein the activation of the webpage input frame of the preset website is detected by identifying a first set identification bit in access flow, and the first set identification bit is used for sending the access flow by using a page script and is added in the access flow;
and replacing the sensitive information with a special symbol and sending the special symbol to the browser.
Optionally, the proxy unit 301 is further configured to:
polling and monitoring the memory process to determine whether to start a browser;
after the browser is determined to be started, the access flow is analyzed to identify the access behavior of the preset website.
Optionally, the loading unit 303 is specifically configured to:
and when the webpage submitting action aiming at the preset website is detected, loading the encrypted sensitive information into the access flow of the agent.
Optionally, the loading unit 303 is further specifically configured to:
after detecting the webpage submission action aiming at the preset website, identifying a second set identification bit in the access flow and replacing the encrypted sensitive information with the second set identification bit; the second setting identification bit is inserted at the corresponding position of the webpage client side script of the preset website in the webpage input box.
From the above, it can be seen that: the embodiment of the invention provides a protection device for inputting sensitive information to a webpage, which is used for substituting the access flow of a preset website when monitoring the access behavior of the preset website; after the sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of a preset website; loading the encrypted sensitive information into the access flow of the agent; and sending the loaded access flow to a server of a preset website. In the embodiment of the invention, when the access behavior to the preset website is monitored, the access flow of the preset website is proxied, so that the work in the form of system process service is realized, and the problem that part of browsers do not support plug-ins in the prior art is avoided; then after the sensitive information input by the user is obtained, the sensitive information is encrypted according to a preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, wherein the preset encryption mechanism is pre-agreed with a server of a preset website, so that on one hand, the problem that in the prior art, after the user inputs the sensitive information, the sensitive information is easily intercepted by malicious software such as a keyboard between an operating system and a browser in the process of sending the sensitive information to the browser is avoided, and on the other hand, after the sensitive information input by the user is obtained, the sensitive information is encrypted according to the preset encryption mechanism, and the encrypted sensitive information is loaded into the access flow of the agent, so that the risk that the sensitive information of the user is attacked and falsified by the malicious software can be avoided, and the safety of the sensitive information of the user is improved, on the other hand, the traditional method adopts a browser script encryption mode to encrypt sensitive information input by a user, the encryption efficiency is low, and the encryption efficiency is higher by adopting the method of encrypting the sensitive information input by the user in a system process; and finally, the loaded access flow is sent to a server of a preset website to finish the operation of the user on the preset website, so that the whole processes of password acquisition, encryption and loading are finished in a system background, and sensitive information can be prevented from being intercepted by malicious software such as screen display interception, browser flow interception and the like.
It should be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.

Claims (10)

1. A method for protecting sensitive information input to a webpage is characterized by comprising the following steps:
when the access behavior of a preset website is monitored, the access flow of the preset website is proxied;
after sensitive information input by a user is obtained, encrypting the sensitive information according to a preset encryption mechanism; the preset encryption mechanism is pre-agreed with a server of the preset website;
loading the encrypted sensitive information into the access flow of the agent;
sending the loaded access flow to a server of the preset website;
the acquiring of the sensitive information input by the user includes:
after detecting that a webpage input box of the preset website is activated, acquiring sensitive information input by a user from an operating system layer, wherein the detection of the activation of the webpage input box of the preset website is detected by identifying a first set identification bit in the access flow, and the first set identification bit is used for sending the access flow by using a page script and adding the access flow into the access flow;
and replacing the sensitive information with a special symbol and sending the special symbol to the browser.
2. The method of claim 1, wherein the monitoring of the user's access behavior to the predetermined website comprises:
polling and monitoring the memory process to determine whether to start a browser;
and after the browser is determined to be started, analyzing the access flow to identify the access behavior of the preset website.
3. The method of claim 1 or 2, wherein loading the encrypted sensitive information into the access traffic of the agent comprises:
and when the webpage submitting action aiming at the preset website is detected, loading the encrypted sensitive information into the access flow of the agent.
4. The method of claim 3, wherein loading the encrypted sensitive information into the access traffic of the agent comprises:
after detecting a webpage submitting action aiming at the preset website, identifying a second set identification bit in the access flow and replacing the encrypted sensitive information with the second set identification bit; and the second set identification bit is inserted into the corresponding position of the webpage client side script of the preset website in the webpage input box.
5. A device for protecting sensitive information input to a web page, comprising:
the proxy unit is used for proxying the access flow of the preset website when the access behavior of the preset website is monitored;
the encryption unit is used for encrypting the sensitive information input by the user according to a preset encryption mechanism after the sensitive information is obtained; the preset encryption mechanism is pre-agreed with a server of the preset website;
the loading unit is used for loading the encrypted sensitive information into the access flow of the agent;
the sending unit is used for sending the loaded access flow to a server of the preset website;
the encryption unit is further configured to obtain sensitive information input by the user from an operating system layer after detecting that a web page input box of the preset website is activated, where the detection of the activation of the web page input box of the preset website is detected by identifying a first set identification bit in the access traffic, and the first set identification bit is used for sending the access traffic by using a page script and is added to the access traffic;
and replacing the sensitive information with a special symbol and sending the special symbol to the browser.
6. The apparatus of claim 5,
the proxy unit is also used for polling and monitoring the memory process to determine whether to start the browser;
and after the browser is determined to be started, analyzing the access flow to identify the access behavior of the preset website.
7. The apparatus of claim 5 or 6,
the loading unit is specifically configured to load the encrypted sensitive information into the access traffic of the agent when detecting that a webpage submitting action is performed on the preset website.
8. The apparatus of claim 7,
the loading unit is specifically further configured to, after detecting a web page submission action for the preset website, identify a second set identification bit in the access traffic and replace the encrypted sensitive information with the second set identification bit; and the second set identification bit is inserted into the corresponding position of the webpage client side script of the preset website in the webpage input box.
9. A computing device comprising a processor and a memory, wherein the memory stores a computer program that, when executed by the processor, causes the processor to perform the method of any of claims 1 to 4.
10. A computer-readable storage medium storing a computer program executable by a computing device, the program, when executed on the computing device, causing the computing device to perform the method of any of claims 1 to 4.
CN201710099408.2A 2017-02-23 2017-02-23 Method and device for protecting sensitive information input to webpage Active CN106953845B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710099408.2A CN106953845B (en) 2017-02-23 2017-02-23 Method and device for protecting sensitive information input to webpage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710099408.2A CN106953845B (en) 2017-02-23 2017-02-23 Method and device for protecting sensitive information input to webpage

Publications (2)

Publication Number Publication Date
CN106953845A CN106953845A (en) 2017-07-14
CN106953845B true CN106953845B (en) 2020-05-01

Family

ID=59466568

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710099408.2A Active CN106953845B (en) 2017-02-23 2017-02-23 Method and device for protecting sensitive information input to webpage

Country Status (1)

Country Link
CN (1) CN106953845B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108197495A (en) * 2018-01-16 2018-06-22 挖财网络技术有限公司 The guard method of sensitive information and device in application program
CN108900474A (en) * 2018-06-05 2018-11-27 苏州科达科技股份有限公司 The transmission method of sensitive information, device and electronic equipment
CN109062933A (en) * 2018-06-14 2018-12-21 四川斐讯信息技术有限公司 A kind for the treatment of method and apparatus of pair of browser
CN109587116A (en) * 2018-11-06 2019-04-05 交通银行股份有限公司 Guard method, client and the browser of browser input information

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409719A (en) * 2007-10-08 2009-04-15 联想(北京)有限公司 Method and client terminal for implementing network safety payment
CN102324008A (en) * 2011-09-23 2012-01-18 郑州信大捷安信息技术股份有限公司 Web bank's FTP client FTP and method of application based on USB safety storing encrypted card
CN103646211A (en) * 2013-12-05 2014-03-19 北京奇虎科技有限公司 Method and device for loading payment webpage in browser
CN103795703A (en) * 2011-04-18 2014-05-14 北京奇虎科技有限公司 Method for ensuring user network security and client
CN104580190A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Safety browser realizing method and safety browser device
CN104639503A (en) * 2013-11-11 2015-05-20 国际商业机器公司 Method, devices and system for protecting sensitive information
CN105100054A (en) * 2015-05-29 2015-11-25 北京奇虎科技有限公司 Method and device for logging into client

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0420409D0 (en) * 2004-09-14 2004-10-20 Waterleaf Ltd Online commercial transaction system and method of operation thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101409719A (en) * 2007-10-08 2009-04-15 联想(北京)有限公司 Method and client terminal for implementing network safety payment
CN103795703A (en) * 2011-04-18 2014-05-14 北京奇虎科技有限公司 Method for ensuring user network security and client
CN102324008A (en) * 2011-09-23 2012-01-18 郑州信大捷安信息技术股份有限公司 Web bank's FTP client FTP and method of application based on USB safety storing encrypted card
CN104639503A (en) * 2013-11-11 2015-05-20 国际商业机器公司 Method, devices and system for protecting sensitive information
CN103646211A (en) * 2013-12-05 2014-03-19 北京奇虎科技有限公司 Method and device for loading payment webpage in browser
CN104580190A (en) * 2014-12-30 2015-04-29 北京奇虎科技有限公司 Safety browser realizing method and safety browser device
CN105100054A (en) * 2015-05-29 2015-11-25 北京奇虎科技有限公司 Method and device for logging into client

Also Published As

Publication number Publication date
CN106953845A (en) 2017-07-14

Similar Documents

Publication Publication Date Title
US11924234B2 (en) Analyzing client application behavior to detect anomalies and prevent access
US11687653B2 (en) Methods and apparatus for identifying and removing malicious applications
US10904286B1 (en) Detection of phishing attacks using similarity analysis
US9876816B2 (en) Detecting stored cross-site scripting vulnerabilities in web applications
US9424424B2 (en) Client based local malware detection method
US20160036849A1 (en) Method, Apparatus and System for Detecting and Disabling Computer Disruptive Technologies
CN106953845B (en) Method and device for protecting sensitive information input to webpage
US20170243182A1 (en) Method of Visiting Online Banking Website and Browser
US9292701B1 (en) System and method for launching a browser in a safe mode
US20190222587A1 (en) System and method for detection of attacks in a computer network using deception elements
US11595436B2 (en) Rule-based dynamic security test system
CN112749088B (en) Application program detection method and device, electronic equipment and storage medium
CN113190838A (en) Web attack behavior detection method and system based on expression
US11196765B2 (en) Simulating user interactions for malware analysis
EP3652647B1 (en) System and method for detecting a malicious file using image analysis prior to execution of the file
CN106161373B (en) Safety protection information prompting method, safety monitoring device and system
US11736512B1 (en) Methods for automatically preventing data exfiltration and devices thereof
US10747900B1 (en) Discovering and controlling sensitive data available in temporary access memory
US11882143B1 (en) Cybersecurity system and method for protecting against zero-day attacks
US11874924B2 (en) Malicious JS detection based on automated user interaction emulation
JP7013297B2 (en) Fraud detection device, fraud detection network system, and fraud detection method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant