CN107705124A - Mobile payment Environmental security check and evaluation system and method based on threat diagram - Google Patents
Mobile payment Environmental security check and evaluation system and method based on threat diagram Download PDFInfo
- Publication number
- CN107705124A CN107705124A CN201710828386.9A CN201710828386A CN107705124A CN 107705124 A CN107705124 A CN 107705124A CN 201710828386 A CN201710828386 A CN 201710828386A CN 107705124 A CN107705124 A CN 107705124A
- Authority
- CN
- China
- Prior art keywords
- risk
- value
- module
- point
- evaluation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- Finance (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a kind of mobile payment Environmental security check and evaluation system and method based on threat diagram, it is related to mobile payment, safety of payment and payment environment check and evaluation technology.This method is 1. risk indicator check and evaluation;Arranged 2. risk indicator is collected;3. calculating purpose threatens point value-at-risk;4. Integral safety evaluation;5. showing interface.The present invention has following advantages and good effect:1. compatibility can make corresponding change into Third-party payment App application according to specific business and protection focus, reach the safeguard function more refined;2. taking into full account the relation between each leak node, comprehensive assessment result more tallies with the actual situation.
Description
Technical field
The present invention relates to mobile payment, safety of payment and payment environment check and evaluation technology, more particularly to one kind to be based on prestige
Coerce the mobile payment Environmental security check and evaluation system and method for figure.
Background technology
With the rise of mobile payment, the safety problem about mobile payment also emerges in an endless stream.For mobile payment security
In terms of the research of problem is mainly security protection system, and do not cause enough attention for the environmental security before payment,
Also without preferably Environmental security appraisal procedure.It can not only be provided safely for continuation payment for the check and evaluation of Environmental security
With reference to and prevention effect, the interference of some unsafe factors can also be just excluded before safety of payment protection system is entered.
Third party's safety detection software of existing general mobile terminal, such as major security guard's software, is for universal
Security threat detects, and possesses powerful security information information and cloud service computing capability, ensures certain security context.But pin
During to the specifically App of a certain payment correlation, it is impossible to protect App safety of payment, and these Third-party payments well
App companies often focus more on itself App security context and safety service, it is impossible to which compatibility arrives Third-party payment App application
In and the safeguard function that changes more refined with reaching accordingly made according to specific business and protection focus.
The content of the invention
The purpose of the present invention, which is that, overcomes shortcoming and defect existing for prior art, there is provided a kind of shifting based on threat diagram
Dynamic payment environment safety detecting evaluation system and its method.
The object of the present invention is achieved like this:
Mobile terminal, App inherently safe check and evaluation modules and risk indicator are collected module and interacted successively, and collection obtains App
The risk indicator of itself and its corresponding value-at-risk;Scanning engine and risk indicator collect module interaction, and collection obtains Android systems
The risk indicator and its corresponding value-at-risk of system environment and third-party application environment;Risk indicator collects module, data base administration system
System and database are interacted successively, and risk indicator and its corresponding value-at-risk are arranged and stored to risk indicator database;Database, number
Threaten point value-at-risk computing module to interact successively according to base management system and purpose, purpose is calculated and threatens point value-at-risk, and deposits
Storage to purpose threatens point data base;Purpose threatens point value-at-risk computing module, Integral safety evaluation module and showing interface module
Interact successively, Integral safety evaluation result is subjected to showing interface.
Purpose threatens the value-at-risk of point to calculate and is achieved in that the risk indicator and its wind of risk indicator lane database
Danger value is read out as leak node and its value-at-risk, is considered the actual relationship between leak node, is fully portrayed leak section
Contact between point, the leak node risk association figure in threat diagram is built, and updated each according to the contact between leak node
The value-at-risk of leak node, transition probability is set up between leak node and purpose threaten point, with leak node after renewal
Purpose in value-at-risk structure threat diagram threatens point risk association figure, is obtained finally by Information Security Risk computational methods and experience
Go out each purpose and threaten the calculation formula of point, so construct the whole threat diagram about Android mobile payment environment and
Each purpose threatens the calculation formula of point, threatens the calculation formula of point to calculate the value-at-risk that purpose threatens point based on purpose.
Threat diagram takes into full account the relation between each leak node so that final Integral safety evaluation result and actual conditions
More conform to.
Specifically:
First, the mobile payment Environmental security check and evaluation system (abbreviation system) based on threat diagram
The system includes mobile terminal 100 and service end 200;
Mobile terminal 100 is made up of scanning engine 110 and showing interface module 120, and scanning engine 110 is by android system
Environment measuring evaluation module 111 and third-party application environment measuring evaluation module 112 form;
Service end 200 is whole by App inherently safe check and evaluations module 210, risk indicator collection module 220, risk indicator
Reason module 230, purpose threaten point value-at-risk computing module 240 and Integral safety evaluation module 250 to form, and risk indicator arranges mould
Block 230 is made up of database 231 and data base management system 232, and database 231 is by risk indicator database 231A and purpose prestige
Coerce point data base 231B compositions.
Its interactive relation is:
Mobile terminal 100, App inherently safe check and evaluations module 210 and risk indicator are collected module 220 and interacted successively, search
Collection obtains App itself risk indicator and its corresponding value-at-risk;
Scanning engine 110 and risk indicator are collected module 220 and interacted, and collection obtains android system environment and third party
The risk indicator of application environment and its corresponding value-at-risk;
Risk indicator collects module 220, data base management system 232 and database 231 interact successively, by risk indicator and
Its corresponding value-at-risk, which arranges, to be stored to risk indicator database 231A;
Database 231, data base management system 232 and purpose threaten point value-at-risk computing module 240 to interact successively, calculate
Obtain purpose and threaten point value-at-risk, and store to purpose and threaten point data base 231B;
Purpose threatens point value-at-risk computing module 240, Integral safety evaluation module 250 and showing interface module 120 successively
Interaction, Integral safety evaluation result is subjected to showing interface.
2nd, the mobile payment Environmental security check and evaluation method (abbreviation method) based on threat diagram
This method comprises the following steps:
1. risk indicator check and evaluation
Scanning engine on mobile terminal carries out android system environment measuring assessment and third-party application environment measuring is commented
Estimate, mobile terminal sends the APK for paying application to service end, carries out App inherently safe check and evaluations in service end, obtains risk
Index and its corresponding value-at-risk;
Arranged 2. risk indicator is collected
The step risk indicator that 1. check and evaluation obtains and its corresponding value-at-risk are collected into module arrangement through risk indicator to deposit
Store up to risk indicator database;
3. calculating purpose threatens point value-at-risk
Using step 2. in risk indicator and its corresponding value-at-risk, based on threat diagram principle, calculate purpose and threaten point
Value-at-risk, and store to purpose and threaten point data base;
4. Integral safety evaluation
A point value-at-risk is threatened according to each purpose, carries out Integral safety evaluation, assessment result includes risk indicator and its right
Value-at-risk, purpose is answered to threaten point value-at-risk, analysis and suggestion;
5. showing interface
By step, 4. middle Integral safety evaluation result carries out showing interface with JSON format transmission to client.
The present invention has following advantages and good effect:
1. compatibility can be done and change accordingly according to specific business and protection focus into Third-party payment App application
Become, reach the safeguard function more refined;
2. taking into full account the relation between each leak node, comprehensive assessment result more tallies with the actual situation.
Brief description of the drawings
Fig. 1 is the block diagram of the system;
Fig. 2 is relationships between nodes schematic diagram of this method step 3. in threat diagram principle;
Fig. 3 is leak node risk association figure of this method step 3. in threat diagram principle;
Fig. 4 is that purpose of this method step 3. in threat diagram principle threatens a point risk association figure;
Fig. 5 is the workflow diagram of this method step 3.;
In figure:
100-mobile terminal,
110-scanning engine,
111-android system environment measuring evaluation module,
112-third-party application environment measuring evaluation module;
120-showing interface module.
200-service end,
210-App inherently safe check and evaluation modules;
220-risk indicator collects module;
230-risk indicator sorting module,
231-database,
231A-risk indicator database,
231B-purpose threatens point data base,
232-data base management system;
240-purpose threatens point value-at-risk computing module;
250-Integral safety evaluation module.
English to Chinese
App:It is Application abbreviation, due to the prevalence of the smart mobile phones such as iPhone, App refers to the of smart mobile phone
Tripartite's application program.There are Apple iTunes shops, the BlackBerry of Blackberry user in more famous App shops
App World, Android Android Market, also Nokia Ovi store, and the application store of Microsoft.
On 2 15th, 2016, Ministry of Industry and Information represented, 2015, shares 3545 sections of App and receives 12321 report centers and using shop
Link undercarriage disposal.Slightly fluctuated by undercarriage App quantity within 2015, overall is in reduction trend.[1] 2016 on August is from 1, hand
Machine App carries out system of real name registration.
Embodiment
Describe in detail with reference to the accompanying drawings and examples:
First, system
1st, it is overall
Such as Fig. 1, the system includes mobile terminal 100 and service end 200;
Mobile terminal 100 is made up of scanning engine 110 and showing interface module 120, and scanning engine 110 is by android system
Environment measuring evaluation module 111 and third-party application environment measuring evaluation module 112 form;
Service end 200 is whole by App inherently safe check and evaluations module 210, risk indicator collection module 220, risk indicator
Reason module 230, purpose threaten point value-at-risk computing module 240 and Integral safety evaluation module 250 to form, and risk indicator arranges mould
Block 230 is made up of database 231 and data base management system 232, and database 231 is by risk indicator database 231A and purpose prestige
Coerce point data base 231B compositions.
Its interactive relation is:
Mobile terminal 100, App inherently safe check and evaluations module 210 and risk indicator are collected module 220 and interacted successively, search
Collection obtains App itself risk indicator and its corresponding value-at-risk;
Scanning engine 110 and risk indicator are collected module 220 and interacted, and collection obtains android system environment and third party
The risk indicator of application environment and its corresponding value-at-risk;
Risk indicator collects module 220, data base management system 232 and database 231 interact successively, by risk indicator and
Its corresponding value-at-risk, which arranges, to be stored to risk indicator database 231A;
Database 231, data base management system 232 and purpose threaten point value-at-risk computing module 240 to interact successively, calculate
Obtain purpose and threaten point value-at-risk, and store to purpose and threaten point data base 231B;
Purpose threatens point value-at-risk computing module 240, Integral safety evaluation module 250 and showing interface module 120 successively
Interaction, Integral safety evaluation result is subjected to showing interface.
2nd, functional module
1) android system environment measuring evaluation module 111, third-party application environment measuring evaluation module 112 and App from
Body safety detection evaluation module 210
The function of three modules is the check and evaluation of leak;Hole Detection function is with reference to existing detection method;Leak
Risk size evaluation function be that the system is exclusive, the theoretical method used for:The risk that leak is measured in terms of some is big
Small, each aspect assigns a weights, to react its influence degree to risk size;Each aspect is divided into some grades again,
These grades are represented respectively with a series of different values;The value for representing grade is multiplied with weights, just obtains one side
Metric, then the metric of all aspects is added up, just obtain the risk size of leak.
2) purpose threatens point value-at-risk computing module 240
Its function is that the risk indicator and its value-at-risk that will be stored in risk indicator lane database are read out as leak
Node and its value-at-risk, it is rear to be based on threat diagram principle, calculate purpose and threaten point value-at-risk;Particularly, the module is carried out successively
Read leak node and its value-at-risk, the value-at-risk established leak node risk association figure, update leak node, establish purpose prestige
The side of body point risk association figure and calculate purpose threaten point 5 steps of value-at-risk, be calculated sensitive information leakage, system destruction,
Data corruption, remote control threaten, the value-at-risk of 6 purposes threat points of man-in-the-middle attack and property threat.
2nd, method
Step is 1.:Risk indicator check and evaluation
Scanning engine on mobile terminal carries out android system environment measuring assessment and third-party application environment measuring is commented
Estimate, mobile terminal sends the APK for paying application to service end, carries out App inherently safe check and evaluations in service end, obtains risk
Index and its corresponding value-at-risk.
Risk indicator:What scanning engine and App inherently safe check and evaluation modules detected can make to mobile payment environment
Into each leak type of threat, a corresponding risk indicator.
Value-at-risk:The risk size of risk indicator is assessed, obtains its value-at-risk.
Due to the detection method comparative maturity of existing leak, it is not illustrated here, leak is mainly explained below
Value-at-risk assesses principle and method.
Value-at-risk be based on vulnerability exploit difficulty, leak coverage and the leak extent of injury these three attributes etc. it is grading
What row was assessed.
Leak can be divided into two major classes --- simple leak and complicated leak.
The grade of three attributes of simple leak is unique, and the value-at-risk of corresponding risk indicator is unique.
Complicated three attributes of leak may be different for different mobile terminals, attribute ratings, so needing to carry out specifically
Attribute ratings detect, and reevaluate value-at-risk.
It is as shown in table 1 that the value-at-risk of leak assesses table.
The value-at-risk of table 1 assesses table
Unknown parameter [X, Y, Z] represents to threaten vulnerability exploit difficulty, leak coverage and the leak of node of graph to endanger journey
Three attribute ratings of degree, weight 1-X:Y:Z=3:2:5.If certain complicated leak is in certain one-time detection, its vulnerability exploit is difficult
Degree, three attribute ratings of leak coverage and the leak extent of injury are respectively:It is very high, medium, very high, [X=0.9, Y=
0.5, Z=0.9], corresponding value-at-risk is:3* (1-X)+2*Y+5*Z=5.8.
Mobile payment Environmental security leak is from three aspects:Android system Environmental security leak, third-party application
Environmental security leak, App inherently safe leaks.
(C1 to the C28 in table is represented and leak as shown in table 2, table 3, table 4 for risk indicator corresponding to leak and its value-at-risk
Leak node in one-to-one threat diagram).
The android system Environmental security vulnerability assessment table of table 2
The third-party application Environmental security vulnerability assessment table of table 3
The App inherently safe vulnerability assessment tables of table 4
The value-at-risk of risk indicator is obtained according to table 2, table 3 and table 4.
Step is 2.:Risk indicator, which is collected, to be arranged
The risk that risk indicator collection module collection integration scanning engine and App inherently safe check and evaluation modules obtain refers to
Mark, then after data base management system arranges, risk indicator database is arrived in storage.
Step is 3.:Calculate purpose and threaten point value-at-risk.
Using step 2. in risk indicator and its corresponding value-at-risk, based on threat diagram principle, calculate purpose and threaten point
Value-at-risk, and store to purpose and threaten point data base.
I, threat diagram principle
I, the definition in threat diagram
1 is defined, threatens node of graph:Node type has 2 classes, and purpose threatens point (S classes node), leak node (C classes node);
Purpose threatens point (S classes node) to share 6, S1 sensitive information leakages, S2 system destructions, S3 data corruptions, and S4 is remote
Process control threatens, S5 man-in-the-middle attacks, and S6 properties threaten, and purpose threatens the risk size of point to be referred to as the risk that purpose threatens point
Value, useRepresent;
Assessment is android system environment measuring assessment after testing, third-party application environment measuring is assessed and App itself peaces
Full check and evaluation obtains risk indicator, the corresponding leak type of a risk indicator, and a leak type is corresponded in threat diagram
A leak node (C classes node), the value-at-risk of risk indicator be corresponding to leak node value-at-risk, useRepresent.
2 are defined, threatens side:In threat diagram, for the wire definition between node to threaten side, every threatens side to represent one two-by-two
The secondary attack path that may occur;WithRepresent that turning for attack transmission occurs between two nodes on threat side
Move probability.
3 are defined, attack path:By threaten while L1, L2 ..., Ln and when threatening contained by the set that forms of node be defined as
Attack path, wherein threatening side LiTerminal for threaten side Li+1Initial point;For any attack path, threat therein
The quantity N (L) >=1 on side.
4 are defined, relationships between nodes:Relation is there may be between node two-by-two in threat diagram, and this relation can be divided into
4 kinds of following relations:Transmit, with or and must be through;Fig. 2 is this 4 kinds of relationships between nodes schematic diagrams:
1) " transmission " relation:Due to node a presence, node b is caused on certain probability, and b presence is possible to lead
Cause node c formation.According to independence, in the transitive relation of node, node c new value-at-risk T can pass through calculation formula
(1.1) obtain;
Wherein,For node a to b transition probability, operatorAccorded with using product calculation.
2) "AND" relation:The node c origin cause of formation is { a ... ... b }, in "AND" relation, it is necessary to all in { a ... ... b }
Node exists simultaneously, can form node c, whereinNode c new value-at-risk T calculation formula are (1.2).
3) "or" relation:The node c origin cause of formation is { a ... ... b }, in "or" relation, as long as { a ... ... b } has a section
Point is present, it becomes possible to forms node c, node c new value-at-risk T calculation formula are (1.3).
4) " must through " relation:From node a, if to reach node c, centre has to pass through some node { b ... ...
n}.In this case, for node c new value-at-risk T calculating by the way of intermediate node risk average, such as formula
(1.4)。
5 are defined, threat diagram:Value-at-risk comprising all nodes and node and transition probability when threatening while and threatening
Set be threat diagram, threat diagram is divided into 2 classes --- leak node risk association figure and purpose threaten a point risk association figure.
Leak node risk association figure:Comprising leak node and its value-at-risk, also comprising the threat side between leak node
And its transition probability.
Purpose threatens point risk association figure:Point is threatened comprising leak node and its value-at-risk and purpose, also comprising leak section
Point and purpose threaten the threat side and its transition probability between point.Wherein, the value-at-risk of leak node is by leak node wind
The principle of relation updates obtained value-at-risk between threat side and its transition probability and 4 interior joints of definition in dangerous associated diagram.
II, transition probability assess principle
It is as shown in table 5 that transition probability quantifies scoring criteria.
The node relationships transition probability of table 5 quantifies table
| Probable value | Description |
| 0.1 | Node association is faint |
| 0.3 | Node is relevant, but attack method is unknown |
| 0.5 | Node is relevant, but attack method is known a little |
| 0.7 | Node is relevant, but attack method is specific |
| 0.9 | Node is relevant, directly results in the follow-up utilization for threatening node of graph |
| 0.2,0.4,0.6,0.8 | Above-mentioned judgement median |
Transition probability between node, the value in Fig. 3 and Fig. 4 can be used as a kind of reference, here about leak node to mesh
Threat point transition probability, with reference to the data that some domestic well-known leaks submit platforms.By analyzing conventional leak
Data, especially related leak and the leak submitted is submitted to report that the leak in analysis report influences, analyzing and associating leak
The contact between result and purpose threat point is influenceed, the node that must spring a leak threatens the transition probability of point to purpose.
III, purpose threaten point value-at-risk Computing Principle
Point risk association figure is threatened according to purpose, obtains the value-at-risk calculation formula that each purpose threatens point.
The final value-at-risk of point is threatened for each purpose:
For more than in the formula of (1.5)~(1.10), Ki=0 or 1, if node Ci exists after testing, Ki=1, otherwise
Ki=0,Value-at-risk after being updated for node Ci, the transition probability on the threat side in point risk association figure is threatened for the purpose of Pi.
Above-mentioned formula is being embodied to theoretical formula of drawing of based on threat diagram principle and repeatedly experiment and corrected
Empirical equation.
II, which calculates purpose, threatens point value-at-risk
Such as Fig. 5, calculate purpose and threaten point value-at-risk to comprise the following steps:
A. leak node and its value-at-risk are read, the risk indicator and its value-at-risk of risk indicator lane database will be stored in
Read out as leak node and its value-at-risk -501;
B. leak node risk association figure -502 is established;
C. the value-at-risk of leak node is updated;The value-at-risk of foundation leak node risk association figure renewal leak node-
503;
D. establish purpose and threaten point risk association figure;Point wind is threatened with the purpose of establishing of the value-at-risk of leak node after renewal
Dangerous associated diagram -504;
E. the value-at-risk that purpose threatens point is calculated, the value-at-risk based on formula (1.5)~(1.10) calculating purpose threat point-
505。
Step is 4.:Integral safety evaluation
A point value-at-risk is threatened according to each purpose, carries out Integral safety evaluation, assessment result includes risk indicator and its right
Value-at-risk, purpose is answered to threaten point value-at-risk, analysis and suggestion.
The value-at-risk of point is threatened with reference to risk indicator and its corresponding value-at-risk and purpose, with reference to table 6, analyzes current mobile branch
The security risk grade of environment is paid, user's suggestion is provided, completes Integral safety evaluation.
The security risk of table 6 is subordinate to table of grading
Step is 5.:Showing interface.
By step, 4. middle Integral safety evaluation result carries out showing interface with JSON format transmission to client.
3rd, working mechanism
Android system environment measuring evaluation module 111, third-party application environment measuring evaluation module 112 and App itself
Safety detection evaluation module 210 realizes that Hole Detection and value-at-risk are assessed.Risk indicator collects module 220 and risk indicator arranges
Module 230 realizes the collection, arrangement and storage of risk indicator and its value-at-risk.Purpose threatens the base of point value-at-risk computing module 240
The value-at-risk of purpose threat point is calculated in threat diagram principle.Integral safety evaluation module 250 threatens the value-at-risk of point based on purpose
Carry out Integral safety evaluation.Showing interface module 120 receives Integral safety evaluation result and carries out showing interface to user.
Claims (3)
1. the mobile payment Environmental security check and evaluation system based on threat diagram, it is characterised in that:
Including mobile terminal(100)And service end(200);
Mobile terminal(100)By scanning engine(110)With showing interface module(120)Composition, scanning engine(110)By Android
System environments check and evaluation module(111)With third-party application environment measuring evaluation module(112)Composition;
Service end(200)By App inherently safe check and evaluation modules(210), risk indicator collect module(220), risk indicator
Sorting module(230), purpose threaten point a value-at-risk computing module(240)With Integral safety evaluation module(250)Composition, risk refer to
Mark sorting module(230)By database(231)And data base management system(232)Composition, database(231)By risk indicator number
According to storehouse(231A)Point data base is threatened with purpose(231B)Composition;
Its interactive relation is:
Mobile terminal(100), App inherently safe check and evaluation modules(210)Module is collected with risk indicator(220)Interact successively,
Collect the risk indicator for obtaining App itself and its corresponding value-at-risk;
Scanning engine(110)Module is collected with risk indicator(220)Interaction, collection obtain android system environment and third party
The risk indicator of application environment and its corresponding value-at-risk;
Risk indicator collects module(220), data base management system(232)Interacted successively with database 231, by risk indicator and
Its corresponding value-at-risk, which arranges, to be stored to risk indicator database(231A);
Database(231), data base management system(232)Point value-at-risk computing module is threatened with purpose(240)Interact, count successively
Calculation obtains purpose and threatens point value-at-risk, and stores to purpose and threaten point data base(231B);
Purpose threatens point value-at-risk computing module(240), Integral safety evaluation module(250)With showing interface module(120)According to
Secondary interaction, Integral safety evaluation result is subjected to showing interface.
2. the mobile payment Environmental security check and evaluation method based on system described in claim 1, it is characterised in that including following
Step:
1. risk indicator check and evaluation
Scanning engine on mobile terminal carries out android system environment measuring assessment and third-party application environment measuring is assessed, and moves
Moved end sends the APK for paying application to service end, carries out App inherently safe check and evaluations in service end, obtains risk indicator
And its corresponding value-at-risk;
Arranged 2. risk indicator is collected
By the step risk indicator that 1. check and evaluation obtains and its corresponding value-at-risk through risk indicator collect module arrange store to
Risk indicator database;
3. calculating purpose threatens point value-at-risk
Using step 2. in risk indicator and its corresponding value-at-risk, based on threat diagram principle, calculate the risk that purpose threatens point
Value, and store to purpose and threaten point data base;
4. Integral safety evaluation
Point value-at-risk is threatened according to each purpose, carries out Integral safety evaluation, assessment result includes risk indicator and its corresponding wind
Danger value, purpose threaten point value-at-risk, analysis and suggestion;
5. showing interface
By step, 4. middle Integral safety evaluation result carries out showing interface with JSON format transmission to client.
3. the mobile payment Environmental security check and evaluation method as described in claim 2, it is characterised in that 3. step calculates purpose
Point value-at-risk is threatened to comprise the following steps:
A. leak node and its value-at-risk are read, the risk indicator for being stored in risk indicator lane database and its value-at-risk are read
Out it is used as leak node and its value-at-risk(501);
B. leak node risk association figure is established(502);
C. the value-at-risk of leak node is updated;Value-at-risk according to leak node risk association figure renewal leak node(503);
D. establish purpose and threaten point risk association figure;Point risk is threatened to close with the purpose of establishing of the value-at-risk of leak node after renewal
Connection figure(504);
E. the value-at-risk that purpose threatens point is calculated(505).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710828386.9A CN107705124A (en) | 2017-09-14 | 2017-09-14 | Mobile payment Environmental security check and evaluation system and method based on threat diagram |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710828386.9A CN107705124A (en) | 2017-09-14 | 2017-09-14 | Mobile payment Environmental security check and evaluation system and method based on threat diagram |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107705124A true CN107705124A (en) | 2018-02-16 |
Family
ID=61171669
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710828386.9A Pending CN107705124A (en) | 2017-09-14 | 2017-09-14 | Mobile payment Environmental security check and evaluation system and method based on threat diagram |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107705124A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859360A (en) * | 2022-12-22 | 2023-03-28 | 郑州云智信安安全技术有限公司 | APP personal data security detection scoring device and method |
| CN115859360B (en) * | 2022-12-22 | 2024-05-10 | 郑州云智信安安全技术有限公司 | APP personal data security detection scoring device and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573547A (en) * | 2014-10-21 | 2015-04-29 | 江苏通付盾信息科技有限公司 | Information interaction safety protection system and operation realization method thereof |
| CN105763562A (en) * | 2016-04-15 | 2016-07-13 | 全球能源互联网研究院 | Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model |
-
2017
- 2017-09-14 CN CN201710828386.9A patent/CN107705124A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104573547A (en) * | 2014-10-21 | 2015-04-29 | 江苏通付盾信息科技有限公司 | Information interaction safety protection system and operation realization method thereof |
| CN105763562A (en) * | 2016-04-15 | 2016-07-13 | 全球能源互联网研究院 | Electric power information network vulnerability threat evaluation model establishment method faced to electric power CPS risk evaluation and evaluation system based on the model |
Non-Patent Citations (2)
| Title |
|---|
| 余健仪: "手机支付安全威胁与策略分析", 《金卡工程》 * |
| 逯全芳: "移动智能终端安全评估技术研究及在Android平台下的实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115859360A (en) * | 2022-12-22 | 2023-03-28 | 郑州云智信安安全技术有限公司 | APP personal data security detection scoring device and method |
| CN115859360B (en) * | 2022-12-22 | 2024-05-10 | 郑州云智信安安全技术有限公司 | APP personal data security detection scoring device and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Poudel et al. | Designing a reliable bio-fuel supply chain network considering link failure probabilities | |
| Meynard et al. | Beyond taxonomic diversity patterns: how do α, β and γ components of bird functional and phylogenetic diversity respond to environmental gradients across France? | |
| CN103366121B (en) | Safety detection method, device and system | |
| Colabianchi et al. | Discussing resilience in the context of cyber physical systems | |
| CN108540218A (en) | Electric power optical cable safety failure processing method and processing device | |
| CN103297267B (en) | A kind of methods of risk assessment of network behavior and system | |
| CN109615524A (en) | Recognition methods, device, computer equipment and the storage medium of crime of laundering clique | |
| Hawker et al. | Comparing earth observation and inundation models to map flood hazards | |
| CN106209829A (en) | A kind of network security management system based on warning strategies | |
| CN104125112A (en) | Physical-information fuzzy inference based smart power grid attack detection method | |
| CN107426019A (en) | Network failure determines method, computer equipment and computer-readable recording medium | |
| CN115222303B (en) | Industry risk data analysis method and system based on big data and storage medium | |
| CN105488031A (en) | Method and apparatus for detecting similar short messages | |
| CN108108624A (en) | Information security method for evaluating quality and device based on products & services | |
| CN105806400A (en) | Intelligent method and system for monitoring hydrant's safety state | |
| CN109615211A (en) | A kind of Project Risk Assessment system, method and a kind of storage medium | |
| CN107507291B (en) | Visual inspection management method and device | |
| Raihan | Nexus between information technology and economic growth: new insights from India | |
| CN104320271A (en) | Network device security evaluation method and device | |
| CN104850797B (en) | Device security management method and apparatus | |
| CN104504274B (en) | A kind of pipeline Index and device | |
| CN106127463A (en) | One is transferred accounts control method and terminal unit | |
| CN107705124A (en) | Mobile payment Environmental security check and evaluation system and method based on threat diagram | |
| CN106022663A (en) | Risk assessment system for mountain fires approaching to transmission lines | |
| CN110334012A (en) | A kind of methods of risk assessment and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20180821 Address after: 430074 Optics Valley Avenue, Hongshan, Wuhan, Hubei, 35, Optics Valley headquarters 2 phase 1 2 rooms Applicant after: Wuhan leaning sword Technology Co., Ltd. Address before: 430074 1037 Luo Yu Road, Hongshan District, Wuhan, Hubei. Applicant before: Huazhong University of Science and Technology |
|
| TA01 | Transfer of patent application right | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180216 |
|
| WD01 | Invention patent application deemed withdrawn after publication |