CN107948179A - Network payment monitoring method and system - Google Patents
Network payment monitoring method and system Download PDFInfo
- Publication number
- CN107948179A CN107948179A CN201711270496.4A CN201711270496A CN107948179A CN 107948179 A CN107948179 A CN 107948179A CN 201711270496 A CN201711270496 A CN 201711270496A CN 107948179 A CN107948179 A CN 107948179A
- Authority
- CN
- China
- Prior art keywords
- address
- server
- network
- target data
- payment request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/325—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The present invention provides a kind of network payment monitoring method and system, method and is applied to system.System includes the detection device and server being in communication with each other, the output terminal electric connection of detection device and gateway device, and server is used to provide payment services.Method includes:Detection device obtains the data message of gateway device output, and whether the destination address for detecting the data message is default malice network address, if the first prompt message of output, to prompt the destination address of user's data message as malice network address;When detecting user in the access operational order inputted after receiving the first prompt message, detection device record includes the public network IP address of the data message and the target data of private network IP address and is sent to server;When receiving payment request, whether the public network IP address and private network IP address that judge the payment request match server with the target data, the pause response payment request in matching.
Description
Technical field
The present invention relates to network monitor technical field, in particular to a kind of network payment monitoring method and system.
Background technology
During user surfs the Internet, some malicious websites are may have access to, swindle, gambling are contained in these malicious websites
The hostile contents such as rich, false sale.It may occur to turn by swindle in these malicious websites in the case where user does not discover
The behaviors such as account, so that the property to user causes damages.
The content of the invention
In view of this, it is an object of the invention to provide a kind of network payment monitoring method and system, to improve above-mentioned ask
Topic.
In order to achieve the above object, the embodiment of the present invention provides a kind of network payment monitoring method, applied to being in communication with each other
Detection device and server, the output terminal of the detection device and gateway device is electrically connected, and the server is used to provide
Payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and detects the destination of the data message
Whether location is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user
For malice network address;
When detecting user in the access operational order inputted after receiving first prompt message, the detection is set
Note includes the public network IP address of the data message and the target data of private network IP address and sends the target data
To the server;
The server judges the public network IP address and private network IP address of the payment request when receiving payment request
Whether matched with the target data, the pause response payment request in matching.
Alternatively, the server judges the public network IP address and private network IP address and the number of targets of the payment request
According to whether matching, including:
Identify the public network IP address and private network IP address of the payment request;
With the presence or absence of the public network IP address for including the payment request in the target data that the whois lookup receives
And the target data of private network IP address, if including judging public network IP address and private network IP address and the institute of the payment request
State target data matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message,
The method further includes:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data
Server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including institute
The target data of subscriber identity information is stated, if in the presence of pause responds the payment request.
Alternatively, the target data further includes the term of validity of the target data;The method further includes:
The server deletes the target data for reaching the term of validity.
Alternatively, the method further includes:
The server exports the second prompt message, to prompt user described when pause responds the payment request
Malicious websites were accessed in the term of validity;
When receiving access operational order associated with second prompt message input by user, the server is rung
Answer the payment request.
The embodiment of the present invention also provides a kind of network payment monitoring method, applied to detection device and the detection device
The first server of communication connection and the second server with first server communication connection, the detection device and net
The output terminal for closing equipment is electrically connected, and the second server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and detects the destination of the data message
Whether location is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user
For malice network address;
When detecting user in the access operational order inputted after receiving first prompt message, the detection is set
Note includes the public network IP address of the data message and the target data of private network IP address and sends the target data
To the first server;
The second server obtains the number of targets of current record in the first server when receiving payment request
According to, and judge whether the public network IP address of the payment request and private network IP address match with the target data, in matching
Pause responds the payment request.
Alternatively, the second server judges the public network IP address and private network IP address and the mesh of the payment request
Whether mark data match, including:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of public network IP address and the private network IP for including the payment request
The target data of location, if in the presence of judging the public network IP address and private network IP address and the target data of the payment request
Matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message,
The method further includes:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data
Second server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of bag
The target data of the subscriber identity information is included, if in the presence of pause responds the payment request.
The embodiment of the present invention also provides a kind of network payment monitoring system, including the detection device being in communication with each other and service
Device, the output terminal of the detection device and gateway device are electrically connected, and the server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the data message
Whether destination address is default malice network address, if so, the first prompt message of output, to prompt the mesh of data message described in user
Address be malice network address;
The detection device, is additionally operable to the access behaviour inputted after detecting that user is receiving first prompt message
When instructing, record includes the public network IP address of the data message and the target data of private network IP address and by the number of targets
According to being sent to the server;
The server, for when receiving payment request, judging the public network IP address and private network of the payment request
Whether IP address matches with the target data, the pause response payment request in matching.
The embodiment of the present invention also provides a kind of network payment monitoring system, including detection device, leads to the detection device
Believe the first server of connection and the second server with first server communication connection, the detection device and gateway
The output terminal of equipment is electrically connected, and the second server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the data message
Whether destination address is default malice network address, if so, the first prompt message of output, to prompt the mesh of data message described in user
Address be malice network address;
The detection device, is additionally operable to the access behaviour inputted after detecting that user is receiving first prompt message
When instructing, record includes the public network IP address of the data message and the target data of private network IP address and by the number of targets
According to being sent to the first server;
The second server, for when receiving payment request, obtaining current record in the first server
Target data, and judge whether the public network IP address of the payment request and private network IP address match with the target data,
Pause responds the payment request during matching.
In terms of existing technologies, the embodiment of the present invention has the advantages that:
The embodiment of the present invention provides a kind of network payment monitoring method and system, and it is defeated to obtain gateway device by detection device
The data message gone out, and detect whether the destination address of data message got is default malice network address, if so, output the
One prompt message, to prompt the destination address of user's data message as malice network address.When detect user receive this
During the access operational order inputted after one prompt message, detection device records the public network IP address and private network for including the data message
The target data is simultaneously sent to server by the target data of IP address.Server judges to pay when receiving payment request
Whether the public network IP address and private network IP address of request match with the target data, the pause response payment request in matching.Such as
This, can transfer accounts to avoid user in malicious websites by swindle.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below will be to needed in the embodiment attached
Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore be not construed as pair
The restriction of scope, for those of ordinary skill in the art, without creative efforts, can also be according to this
A little attached drawings obtain other relevant attached drawings.
Fig. 1 is that a kind of network payment that first embodiment of the invention provides monitors system and gateway device and user terminal
Interaction schematic diagram;
Fig. 2 is a kind of block diagram for detection device that first embodiment of the invention provides;
Fig. 3 is a kind of flow diagram for network payment monitoring method that first embodiment of the invention provides;
Fig. 4 is that a kind of network payment that second embodiment of the invention provides monitors system and gateway device and user terminal
Interaction schematic diagram;
Fig. 5 is a kind of flow diagram for network payment monitoring method that second embodiment of the invention provides.
Icon:100 (400)-network payment monitoring system;110 (410)-detection device;111- memories;112- processing
Device;113- communication units;120- servers;420- first servers;430- second servers;200- gateway devices;300- is used
Family terminal.
Embodiment
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, the technical solution in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is
Part of the embodiment of the present invention, instead of all the embodiments.The present invention implementation being usually described and illustrated herein in the accompanying drawings
The component of example can be arranged and designed with a variety of configurations.
Therefore, below the detailed description of the embodiment of the present invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on the embodiments of the present invention, this area is common
Technical staff's all other embodiments obtained without creative efforts, belong to the model that the present invention protects
Enclose.
It should be noted that:Similar label and letter represents similar terms in following attached drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent attached drawing in a attached drawing.
First embodiment
Fig. 1 is refer to, is network payment monitoring system 100, gateway device 200 and user's end provided in an embodiment of the present invention
The interaction schematic diagram at end 300.The network payment monitoring system 100 includes the detection device 110 and server being in communication with each other
120。
Wherein, the output terminal of the detection device 110 and gateway device 200 is electrically connected, that is, the detection device
110 data messages got from the gateway device 200 be by NAT (Network Address Translation,
Network address translation) message.
The input terminal of the user terminal 300 and gateway device 200 communicates to connect, in the present embodiment, can have one,
Two or more user terminals 300 are communicated to connect with the gateway device 200, and the user terminal 300 can pass through
The gateway device 200 sends datagram to public network.The detection device 110, which is used to obtain, passes through the gateway device 200
The data message sent to public network.
In the present embodiment, the server 120 is used to provide payment services, for example, the server 120 can be branch
The corresponding server of the client such as Fu Bao, bank paying client.
As shown in Fig. 2, it is a kind of block diagram of detection device 110 provided in an embodiment of the present invention.The detection is set
Standby 110 include memory 111, processor 112 and communication unit 113.
The memory 111, processor 112 and 113 each element of communication unit are directly or indirectly electrical between each other
Connection, to realize the transmission of data or interaction.For example, these elements can pass through one or more communication bus or letter between each other
Number line, which is realized, to be electrically connected.At least one and network payment provided in an embodiment of the present invention is stored with the memory 111 to supervise
The corresponding function module of survey method.The processor 112 is used for when receiving execute instruction, performs in the memory 111
Executable module.Wherein, the memory 111 may be, but not limited to, random access memory (Random Access
Memory, RAM), read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable
Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only
Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only
Memory, EEPROM) etc..
The processor 112 is probably a kind of IC chip, has the disposal ability of signal.Above-mentioned processor can
To be general processor, including central processing unit (Central Processing Unit, CPU), network processing unit (Network
Processor, NP) etc.;Can also be digital signal processor (DSP)), application-specific integrated circuit (ASIC), field programmable gate
Array (FPGA) either other programmable logic device, discrete gate or transistor logic, discrete hardware components.Can be real
Now or perform the embodiment of the present invention in disclosed each method, step and logic diagram.General processor can be microprocessor
Device or the processor can also be any conventional processors etc..
The communication unit 113 is used to establish the communication connection with the server 120, to realize and the server
120 data interaction.
It should be appreciated that in the present embodiment, the structure shown in Fig. 2 is only to illustrate.The detection device can also have than
More or less component shown in Fig. 2, or there is the configuration different from shown in Fig. 2.In addition, each component shown in Fig. 2 can
Realized in the form of software, hardware or its combination.
In the present embodiment, connection relation and the detection between the server 120 includes component and each component
Equipment 110 is similar, and details are not described herein.
Study and find through inventor, in practical applications, since the method for existing identification malicious websites has inaccuracy
Place, thus, to user carry out malicious websites prompting while be provided to user continue access passage.And user
Once continue to access, it is possible to swindled, so as to carry out corresponding bank transfer, caused damages.
In view of the above-mentioned problems, inventor's design limits the payment behavior for accessing the user of malicious websites, so as to keep away
Exempt from the user to be swindled.
Fig. 3 is refer to, is a kind of flow diagram of network payment monitoring method provided in an embodiment of the present invention, the net
Network pays the network payment that monitoring method is applied to shown in Fig. 1 and monitors system 100.
Step S110, the detection device 110 obtain the data message that the gateway device 200 exports, and described in detection
Whether the destination address of data message is default malice network address, if so, the first prompt message of output, to prompt number described in user
Destination address according to message is malice network address.
In the present embodiment, the data message that the gateway device 200 exports is the message by NAT, that is, gateway is set
Standby 200 by private network IP (Internet Protocol) address conversions of the data message received into corresponding public network IP address,
So that the data message can be sent in public network.
In the present embodiment, the default malice network address refers to default malice URL (Uniform Resource
Locator) address.Alternatively, when the detection device 110 starts, malice URL storehouses can be downloaded from corresponding high in the clouds, and
Malice URL storehouses that can be in real time with the high in the clouds synchronize.Wherein, the malice URL storehouses are with including multiple malice URL
Location.
During implementation, the destination address that the detection device 110 detects the data message whether there is in the malice URL
In storehouse, if, it is determined that the destination address of the data message is malice network address, and exports the first prompt message.
Alternatively, in the present embodiment, the detection device 110 can export the first prompting letter as follows
Breath:
The destination address of the data message is redirected to default malice and reminds the page.
In detail, the detection device 110 can be by http protocol 302 by the destination address weight of the data message
It is directed to the malice and reminds the page, so that the user terminal 300 for sending the data message jumps to the malice and reminds page
Face.
In the present embodiment, the malice, which is reminded, can show on the page just like " website that you access is malicious websites " etc.
Signal language, chooses whether to continue the option-tag accessed in addition, the malice reminds to show on the page for user.When
When user selects the malice to remind the label of " continuing to access " on the page, the user terminal 300 of the user is to the detection
Equipment send with the malice remind the associated access operational order of the page, namely with the associated access of the first prompt message
Operational order.
Step S120, when receiving access operational order associated with first prompt message input by user, institute
Stating the record of detection device 110 includes the public network IP address of the data message and the target data of private network IP address and by the mesh
Mark data sending gives the server 120.
In the present embodiment, when user is selecting to continue to access corresponding malice network address after receiving the first prompt message,
The payment behavior of the user is limited.
During implementation, the detection device 110 obtains the public network IP address and private network IP address of the data message, record bag
Include the target data of the public network IP address and private network IP address and the target data is sent to the server 120.
In the present embodiment, since the detection device 110 is connected to the output terminal of the gateway device 200, thus, the detection device
110 can get the public network IP address of the data message.
Study and find through inventor, existing detection method or equipment be typically directly by the identity information of user (e.g.,
Identity card, cell-phone number etc.) identify a user, however, and can all carry the identity of user in not all data message
Information, therefore, the situation for having inaccuracy often occur.
Therefore in the present embodiment, inventor's design passes through public network IP address and private network IP address of the user during online
To uniquely identify a user.Inventor's analysis finds that user is during online, if having been dispensed into public network IP address
And private network IP address, then in a short time, its public network IP address and private network IP address will not change.Also, in same local
In net, the private network IP address of each user will not must repeat, therefore, it is possible to the group by public network IP address and private network IP address
Close to uniquely identify a user.
Step S130, the server 120 judge the public network IP address of the payment request when receiving payment request
And whether private network IP address matches with the target data, the pause response payment request in matching.
In the present embodiment, the target data refers to the target data that the server 120 records.
The server 120 docks received payment request and is monitored, if the public network IP of the payment request received
Location and private network IP address are matched with any one in the target data recorded, then pause responds the payment request.
Inventor further study show that, in practical applications, the NAT mechanism of a few devices business can cause the equipment vendor
It is different from the public network IP for accessing payment mechanism that user accesses malice URL network address, so as to can not pass through private network IP address or public network IP
The combination identification user of address.Thus, in this situation, in the step S130, judge the public network IP of the payment request
The step of whether address and private network IP address match with the target data, can include following sub-step:
Identify the public network IP address and private network IP address of the payment request;
The server 120 is searched in the target data received with the presence or absence of the public network IP for including the payment request
Location and the target data of private network IP address, if including, judge the payment request public network IP address and private network IP address with
The target data matching.
For the user of a few devices business, due to its payment request and the public network for the request for accessing malice URL network address
IP address and private network IP address are originally different, its payment request can not necessarily match with target data.In this situation, institute
State target data and further include the subscriber identity information obtained according to the private network IP of the data message, the method can also include
Following steps:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data
Server 120 obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of bag
The target data of the subscriber identity information is included, if in the presence of pause responds the payment request.
By above-mentioned design, the network payment behavior of most of user can be monitored, so as to avoid the big portion
User is divided to transfer accounts by swindle.
Alternatively, in the present embodiment, in order to avoid to user pay limitations affect to the user in other normal websites
Payment behavior, can be the target data set the term of validity.That is, the target data further includes the target data
The term of validity.Correspondingly, in the present embodiment, the method can also include the following steps:
The server 120 deletes the target data for reaching the term of validity in the target data of record.
Alternatively, inventor it has been investigated that, in practical applications, it is understood that there may be malicious websites erroneous judgement situation, and,
In some cases, although the website that user accesses is malicious websites, the payment behavior of user is not to be subject to swindle
's.For said circumstances, the method can also include the following steps:
The server 120 exports the second prompt message, to prompt user in institute when pause responds the payment request
State and malicious websites were accessed in the term of validity;
When receiving access operational order associated with second prompt message input by user, the server
The 120 response payment requests.
In the present embodiment, can include choosing whether to continue the option mark accessed for user in second prompt message
Label, when user clicks on the option-tag for wherein " continuing to access ", the corresponding user terminal 300 of the user can be to the server
120 send and the associated access operational order of second prompt message.
By above-mentioned design, in malicious websites swindle can be subject to transfer accounts to avoid user, so as to cause any property loss.
Second embodiment
As shown in figure 4, be a kind of network payment monitoring system 400 provided in an embodiment of the present invention with gateway device 200 and
The interaction schematic diagram of user terminal 300, the system comprises detection device 410, with the detection device 410 communication connection
One server 420 and the second server 430 with the first server 420 communication connection.
Wherein, the output terminal of the detection device 410 and the gateway device 200 is electrically connected, the second server
430 are used to provide payment services, and in the present embodiment, the second server 430 is equivalent to the server in first embodiment
120。
In the present embodiment, shown in the detection device 410, first server 420 and second server 430 and Fig. 2
Detection device 110 included by component and each component between connection relation it is similar, details are not described herein.
The present embodiment is substantially similar with first embodiment, its difference is, in the present embodiment, the network payment prison
Examining system 400 includes being used to store the first server 420 of target data, thus, the detection device 410 is by the target of record
Data sending is obtained to first server 420, the second server 430 when receiving payment request from first server 420
Take target data.
As shown in figure 5, it is a kind of network applied to the monitoring system 400 of network payment shown in Fig. 4 provided in this embodiment
Pay monitoring method.The specific steps and flow of method shown in Fig. 5 are elaborated below.
Step S210, the detection device 410 obtain the data message that the gateway device 200 exports, and described in detection
Whether the destination address of data message is default malice network address, if so, the first prompt message of output, to prompt number described in user
Destination address according to message is malice network address.
Step S220, when receiving access operational order associated with first prompt message input by user, institute
Stating the record of detection device 410 includes the public network IP address of the data message and the target data of private network IP address and by the mesh
Mark data sending gives the first server 420.
Step S230, the second server 430 are obtained in the first server 430 when receiving payment request
The target data of current record, and judge that the public network IP address of the payment request and private network IP address are with the target data
No matching, the pause response payment request in matching.
Wherein, in step S230, the second server 430 judges the public network IP address and private network IP of the payment request
The step of whether address matches with the target data, can include following sub-step:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of public network IP address and the private network IP for including the payment request
The target data of location, if in the presence of judging the public network IP address and private network IP address and the target data of the payment request
Matching.
Alternatively, the target data further includes the subscriber identity information obtained according to the private network IP of the data message,
The method can also include the following steps:
It is described when the public network IP address and private network IP address that the payment request includes are mismatched with the target data
Whether second server 430 obtains the corresponding subscriber identity information of the payment request, and search in the target data of record and deposit
Including the target data of the subscriber identity information, if in the presence of pause responds the payment request.
Alternatively, in the present embodiment, the target data further includes the term of validity of the target data.In this situation
Under, the target data can also include the following steps:
The first server 420 deletes the target data for reaching the term of validity in the target data of record.
In conclusion a kind of network payment monitoring method provided in an embodiment of the present invention and system, pass through detection device 110
(410) data message that gateway device 200 exports is obtained, and whether the destination address for detecting the data message got is default
Malice network address, if so, output the first prompt message, to prompt the destination address of user's data message as malice network address.When
User is detected in the access operational order inputted after receiving first prompt message, detection device 110 (410) record bag
Include the public network IP address of the data message and the target data of private network IP address and the target data is sent to server 120
(or first server 420).Server 120 (or second server 430) judges payment request when receiving payment request
Whether public network IP address and private network IP address match with the target data, the pause response payment request in matching.In this way, can be with
User is avoided to transfer accounts in malicious websites by swindle.
In embodiment provided herein, it should be understood that disclosed apparatus and method, can also be by other
Mode realize.Device embodiment described above is only schematical, for example, the flow chart and block diagram in attached drawing are shown
The device of multiple embodiments according to the present invention, the architectural framework in the cards of method and computer program product, function
And operation.At this point, each square frame in flow chart or block diagram can represent one of a module, program segment or code
Point, a part for the module, program segment or code includes one or more and is used for realization the executable of defined logic function
Instruction.It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be with different from attached
The order marked in figure occurs.For example, two continuous square frames can essentially perform substantially in parallel, they also may be used sometimes
To perform in the opposite order, this is depending on involved function.It is it is also noted that each in block diagram and/or flow chart
The combination of square frame and the square frame in block diagram and/or flow chart, function or the dedicated of action can be based on as defined in execution
The system of hardware is realized, or can be realized with the combination of specialized hardware and computer instruction.
In addition, each function module in each embodiment of the present invention can integrate to form an independent portion
Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with
It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words
The part to contribute to the prior art or the part of the technical solution can be embodied in the form of software product, the meter
Calculation machine software product is stored in a storage medium, including some instructions are used so that a computer equipment (can be
People's computer, server, or network equipment etc.) perform all or part of step of each embodiment the method for the present invention.
And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited
Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.
It should be noted that herein, relational terms such as first and second and the like are used merely to a reality
Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation
In any this actual relation or order.Moreover, term " comprising ", "comprising" or its any other variant are intended to
Non-exclusive inclusion, so that process, method, article or equipment including a series of elements not only will including those
Element, but also including other elements that are not explicitly listed, or further include as this process, method, article or equipment
Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that
Also there are other identical element in process, method, article or equipment including the key element.
The above description is merely a specific embodiment, but protection scope of the present invention is not limited thereto, any
Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained
Cover within protection scope of the present invention.Therefore, protection scope of the present invention answers the scope of the claims of being subject to.
Claims (10)
1. a kind of network payment monitoring method, it is characterised in that applied to the detection device and server being in communication with each other, the inspection
The output terminal of measurement equipment and gateway device is electrically connected, and the server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and the destination address for detecting the data message is
No is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user as evil
Meaning network address;
When receiving access operational order associated with first prompt message input by user, the detection device record
The target data is simultaneously sent to described by the target data of public network IP address and private network IP address including the data message
Server;
The server judges public network IP address and private network IP address and the institute of the payment request when receiving payment request
State whether target data matches, the pause response payment request in matching.
2. according to the method described in claim 1, it is characterized in that, the server with judging the public network IP of the payment request
Whether location and private network IP address match with the target data, including:
Identify the public network IP address and private network IP address of the payment request;
With the presence or absence of public network IP address and the private for including the payment request in the target data that the whois lookup receives
The target data of net IP address, if including judging the public network IP address and private network IP address and the mesh of the payment request
Mark Data Matching.
3. method according to claim 1 or 2, it is characterised in that the target data is further included according to the datagram
The subscriber identity information that the private network IP of text is obtained, the method further include:
When the public network IP address and private network IP address that the payment request includes are mismatched with the target data, the service
Device obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including the use
The target data of family identity information, if in the presence of pause responds the payment request.
4. method according to claim 1 or 2, it is characterised in that the target data further includes the target data
The term of validity;The method further includes:
The server deletes the target data for reaching the term of validity.
5. according to the method described in claim 4, it is characterized in that, the method further includes:
The server exports the second prompt message when pause responds the payment request, to prompt user described effective
Malicious websites were accessed in phase;
When receiving access operational order associated with second prompt message input by user, the server responds institute
State payment request.
6. a kind of network payment monitoring method, it is characterised in that communicated to connect applied to detection device, with the detection device
First server and with the first server communication connection second server, the detection device and gateway device it is defeated
Outlet is electrically connected, and the second server is used to provide payment services, the described method includes:
The detection device obtains the data message of the gateway device output, and the destination address for detecting the data message is
No is default malice network address, if so, the first prompt message of output, to prompt the destination address of data message described in user as evil
Meaning network address;
When receiving access operational order associated with first prompt message input by user, the detection device record
The target data is simultaneously sent to described by the target data of public network IP address and private network IP address including the data message
First server;
The second server obtains the target data of current record in the first server when receiving payment request,
And judge whether the public network IP address of the payment request and private network IP address match with the target data, suspend in matching
Respond the payment request.
7. according to the method described in claim 6, it is characterized in that, the second server judges the public network of the payment request
Whether IP address and private network IP address match with the target data, including:
Identify the public network IP address and private network IP address of the payment request;
Search in the target data got with the presence or absence of the public network IP address and private network IP address for including the payment request
Target data, if in the presence of the public network IP address and private network IP address for judging the payment request are matched with the target data.
8. the method according to claim 6 or 7, it is characterised in that the target data is further included according to the datagram
The subscriber identity information that the private network IP of text is obtained, the method further include:
When the public network IP address and private network IP address that the payment request includes are mismatched with the target data, described second
Server obtains the corresponding subscriber identity information of the payment request, and searches in the target data of record with the presence or absence of including institute
The target data of subscriber identity information is stated, if in the presence of pause responds the payment request.
9. a kind of network payment monitors system, it is characterised in that including the detection device and server being in communication with each other, the detection
The output terminal of equipment and gateway device is electrically connected, and the server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the purpose of the data message
Whether address is default malice network address, if so, the first prompt message of output, to prompt the destination of data message described in user
Location is malice network address;
The detection device, is additionally operable to that the input by user and associated access operational order of first prompt message ought be received
When, record includes the public network IP address of the data message and the target data of private network IP address and sends the target data
To the server;
The server, for when receiving payment request, judging public network IP address and the private network IP of the payment request
Whether location matches with the target data, the pause response payment request in matching.
10. a kind of network payment monitors system, it is characterised in that is communicated to connect including detection device, with the detection device
First server and with the first server communication connection second server, the detection device and gateway device it is defeated
Outlet is electrically connected, and the second server is used to provide payment services;
The detection device, for obtaining the data message of the gateway device output, and detects the purpose of the data message
Whether address is default malice network address, if so, the first prompt message of output, to prompt the destination of data message described in user
Location is malice network address;
The detection device, is additionally operable to that the input by user and associated access operational order of first prompt message ought be received
When, record includes the public network IP address of the data message and the target data of private network IP address and sends the target data
To the first server;
The second server, for when receiving payment request, obtaining the target of current record in the first server
Data, and judge whether the public network IP address of the payment request and private network IP address match with the target data, matching
When pause respond the payment request.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711270496.4A CN107948179B (en) | 2017-12-05 | 2017-12-05 | Network payment monitoring method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711270496.4A CN107948179B (en) | 2017-12-05 | 2017-12-05 | Network payment monitoring method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107948179A true CN107948179A (en) | 2018-04-20 |
CN107948179B CN107948179B (en) | 2020-09-18 |
Family
ID=61944815
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711270496.4A Active CN107948179B (en) | 2017-12-05 | 2017-12-05 | Network payment monitoring method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107948179B (en) |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102065573A (en) * | 2010-12-28 | 2011-05-18 | 北京高信达通信技术有限公司福州分公司 | WAP gateway agent service data processing method and server |
CN102111417A (en) * | 2011-03-01 | 2011-06-29 | 中国工商银行股份有限公司 | Method, device, service and system for online banking data authentication |
CN102402620A (en) * | 2011-12-26 | 2012-04-04 | 余姚市供电局 | Method and system for defending malicious webpage |
CN102647417A (en) * | 2012-03-31 | 2012-08-22 | 奇智软件(北京)有限公司 | Method, device and system realizing network access and network system |
CN102694772A (en) * | 2011-03-23 | 2012-09-26 | 腾讯科技(深圳)有限公司 | Apparatus, system and method for accessing internet web pages |
CN102882886A (en) * | 2012-10-17 | 2013-01-16 | 北京奇虎科技有限公司 | Network terminal and method for presenting visited website associated information |
CN102930211A (en) * | 2012-11-07 | 2013-02-13 | 北京奇虎科技有限公司 | Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser |
CN103001856A (en) * | 2012-12-05 | 2013-03-27 | 华为软件技术有限公司 | Information sharing method and system and instant messaging (IM) client and server |
US20150295951A1 (en) * | 2012-12-24 | 2015-10-15 | Tencent Technology (Shenzhen) Company Limited | Method, server, and system for automatically rating reputation of a web site |
CN106131016A (en) * | 2016-07-13 | 2016-11-16 | 北京知道创宇信息技术有限公司 | Maliciously URL detection interference method, system and device |
CN106789980A (en) * | 2016-12-07 | 2017-05-31 | 北京亚鸿世纪科技发展有限公司 | A kind of monitoring administration method and device of website legitimacy |
-
2017
- 2017-12-05 CN CN201711270496.4A patent/CN107948179B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102065573A (en) * | 2010-12-28 | 2011-05-18 | 北京高信达通信技术有限公司福州分公司 | WAP gateway agent service data processing method and server |
CN102111417A (en) * | 2011-03-01 | 2011-06-29 | 中国工商银行股份有限公司 | Method, device, service and system for online banking data authentication |
CN102694772A (en) * | 2011-03-23 | 2012-09-26 | 腾讯科技(深圳)有限公司 | Apparatus, system and method for accessing internet web pages |
CN102402620A (en) * | 2011-12-26 | 2012-04-04 | 余姚市供电局 | Method and system for defending malicious webpage |
CN102647417A (en) * | 2012-03-31 | 2012-08-22 | 奇智软件(北京)有限公司 | Method, device and system realizing network access and network system |
CN102882886A (en) * | 2012-10-17 | 2013-01-16 | 北京奇虎科技有限公司 | Network terminal and method for presenting visited website associated information |
CN102930211A (en) * | 2012-11-07 | 2013-02-13 | 北京奇虎科技有限公司 | Method for intercepting malicious URLs in multi-kernel browser and multi-kernel browser |
CN103001856A (en) * | 2012-12-05 | 2013-03-27 | 华为软件技术有限公司 | Information sharing method and system and instant messaging (IM) client and server |
US20150295951A1 (en) * | 2012-12-24 | 2015-10-15 | Tencent Technology (Shenzhen) Company Limited | Method, server, and system for automatically rating reputation of a web site |
CN106131016A (en) * | 2016-07-13 | 2016-11-16 | 北京知道创宇信息技术有限公司 | Maliciously URL detection interference method, system and device |
CN106789980A (en) * | 2016-12-07 | 2017-05-31 | 北京亚鸿世纪科技发展有限公司 | A kind of monitoring administration method and device of website legitimacy |
Also Published As
Publication number | Publication date |
---|---|
CN107948179B (en) | 2020-09-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20240061550A1 (en) | Systems and methods for proactive analysis of artifacts associated with information resources | |
CN103875015B (en) | Gathered using the multiple-factor identity fingerprint of user behavior | |
US8307431B2 (en) | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions | |
US8893286B1 (en) | Systems and methods for preventing fraudulent activity associated with typo-squatting procedures | |
US20120151045A1 (en) | System and method for improved detection and monitoring of online accounts | |
CN109039987A (en) | A kind of user account login method, device, electronic equipment and storage medium | |
CN104935605B (en) | The detection method of fishing website, apparatus and system | |
CN104239577A (en) | Method and device for detecting authenticity of webpage data | |
US20160337378A1 (en) | Method and apparatus for detecting security of online shopping environment | |
CN102710770A (en) | Identification method for network access equipment and implementation system for identification method | |
CN107172064B (en) | Data access control method and device and server | |
CN105897947B (en) | The Network Access Method and device of mobile terminal | |
CN103491543A (en) | Method for detecting malicious websites through wireless terminal, and wireless terminal | |
US8141150B1 (en) | Method and apparatus for automatic identification of phishing sites from low-level network traffic | |
CN109889511B (en) | Process DNS activity monitoring method, equipment and medium | |
CN105516192B (en) | A kind of mail address is safe to identify control method and device | |
CN102255778A (en) | Anti-hijacking domain name authorization monitoring system | |
Afroz et al. | Exploring server-side blocking of regions | |
CN107395650A (en) | Even method and device is returned based on sandbox detection file identification wooden horse | |
CN105515882B (en) | Website security detection method and device | |
CN111225038B (en) | Server access method and device | |
CN110995542B (en) | Network state detection method, system and related equipment | |
CN115051867B (en) | Illegal external connection behavior detection method and device, electronic equipment and medium | |
CN105450462A (en) | On-line state monitoring method and system | |
US9904661B2 (en) | Real-time agreement analysis |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd. Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd. |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |