CN110348980A

CN110348980A - System, the method and apparatus of safety check

Info

Publication number: CN110348980A
Application number: CN201810307708.XA
Authority: CN
Inventors: 李潇霄
Original assignee: Alibaba Group Holding Ltd
Current assignee: Alibaba Group Holding Ltd
Priority date: 2018-04-08
Filing date: 2018-04-08
Publication date: 2019-10-18

Abstract

The invention discloses a kind of systems of safety check, method and apparatus.Wherein, this method comprises: first server, when webpage target application listed by browser execution, monitoring judges behavioral data with the presence or absence of risk for operating behavioral data caused by the behavior of webpage；Server is communicated with first server, in behavioral data, there are in the case where risk, generation verifying to be identified, and verifying mark is sent to webpage；Terminal obtains parsing result for scanning and parsing verifying mark；Wherein, server is also used to verify behavioral data according to parsing result.The present invention solves the technical problem of the effect difference intercepted in the prior art to crawler.

Description

System, the method and apparatus of safety check

Technical field

The present invention relates to data processing fields, system, method and apparatus in particular to a kind of safety check.

Background technique

Currently, the application program of mainstream book keeping operation and small amount debt-credit class in the market, such as 51 credits card, digging wealth, cash are white Card etc., it usually needs debt-credit air control is carried out to user, it is therefore desirable to the finance data of user is obtained, such as: consumer record, account The information such as remaining sum, account flowing water.

The one way in which that these application programs obtain user's finance data is the gold that user is crawled using web crawlers Melt the assets and financial consumption information of account, therefore these application programs are referred to as crawler app.And doing crawler confrontation When, if all intercepted once the operation for detecting the presence of risk to it using intercepting again, it is easy to user's Normal operating carries out accidentally interception, therefore is climbed at present usually using the mode of verification is counter, below to currently used several anti- Mode is climbed to be illustrated respectively.

1) graphical verification code

Due to there is a large amount of identifying code libraries, Intercepting effect of the general picture check code to crawler app in the market It is poor；If it is the identifying code of intelligence, for example specific topic is calculated and selects, although general exam pool solution is not, crawler clothes Business device rear end can directly be cracked around this verification mode, not exposed to give user.

2) short message check code

If air control system identification can be handed down to one short message check code of user, user is needed to fill in risk operations Short message check code is user's operation to verify the risk operations recognized, also comes from crawler app, crawler app is usual Preferable user's official documents and correspondence can be provided, while short message check code backfill outer frame is revealed to user, after being inserted after allowing user to receive short message, Pass through verification with this.Complete verifying after user's backfill, misleading air control system think risk operations be user into Capable, therefore the risk operations identified will not be intercepted, crawler app can be done directly crawling for data.

3) sliding block

The logic of sliding block behind itself just collects the behavior of user's sliding slider, including movement track, speed of taking action, whole Time, the information such as pressing dynamics distinguish people and machine, and crawler app simulates the random action trail of sliding slider of people, carry out Certain forgery parameter information is submitted, and causes backstage that can judge by accident to identification, to bypass the monitoring of air control system.

From the foregoing, it will be observed that the anti-effect for climbing mode in presently relevant technology is all not ideal enough.

For the problem of the effect difference intercepted in the prior art to crawler, currently no effective solution has been proposed.

Summary of the invention

The embodiment of the invention provides a kind of systems of safety check, method and apparatus, at least to solve in the prior art To the technical problem for the effect difference that crawler intercepts.

According to an aspect of an embodiment of the present invention, a kind of system of safety check is provided, comprising: first server, When webpage target application listed by browser execution, monitor for operating behavior number caused by the behavior of webpage According to, and judge behavioral data with the presence or absence of risk；Second server is communicated with first server, for existing in behavioral data In the case where risk, verifying mark is generated, and verifying mark is sent to webpage；Terminal, for scanning and parsing verifying mark, Obtain parsing result；Wherein, second server is also used to verify behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of method of safety check is additionally provided, comprising: webpage passes through clear Device of looking at runs listed target application, and first server is monitored for operating behavioral data caused by the behavior of webpage, In, behavioral data is the data generated when operating webpage；First server, which detects behavioral data, whether there is risk；In behavior number According to there are in the case where risk, first server controls the corresponding second server of target application and generates verifying mark, wherein eventually Verifying mark is scanned and is parsed at end, obtains parsing result, second server verifies behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of safe checking method is additionally provided, comprising: second server root Verifying mark is generated according to the control of first server, wherein when webpage target application listed by browser execution, the One server monitoring is for operating behavioral data caused by the behavior of webpage, and in behavioral data there are in the case where risk, It controls second server and generates verifying mark；Second server returns to verifying mark to webpage, wherein terminal, which is scanned and parsed, to be tested Card mark, obtains parsing result；Second server verifies behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of safe checking method is additionally provided, comprising: terminal is scanned and solved Analysis verifying mark, obtains parsing result, wherein when webpage target application listed by browser execution, first service Device monitoring is for operating behavioral data caused by the behavior of webpage, and in behavioral data there are in the case where risk, control the Two servers generate verifying mark；Parsing result is sent to the corresponding second server of target application, wherein second server It is also used to verify behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of storage medium is additionally provided, which is characterized in that storage medium packet Include the program of storage, wherein equipment where control storage medium executes following steps in program operation: webpage passes through browser Run listed target application, behavioral data caused by first server monitoring behavior, wherein behavioral data is operation net The data generated when page；First server, which detects behavioral data, whether there is risk；In behavioral data there are in the case where risk, First server controls the corresponding second server of target application and generates verifying mark, wherein terminal scans and parses verifying mark Know, obtains parsing result, second server verifies behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of processor is additionally provided, which is characterized in that processor is for transporting Line program, wherein program executes following steps when running: webpage passes through the listed target application of browser execution, the first clothes Device monitoring be engaged in for operating behavioral data caused by the behavior of webpage, wherein behavioral data is the number generated when operating webpage According to；First server, which detects behavioral data, whether there is risk；In behavioral data there are in the case where risk, first server control The corresponding second server of target application processed generates verifying mark, wherein terminal scan and parse verifying mark, obtains parsing and ties Fruit, second server verify behavioral data according to parsing result.

According to another aspect of an embodiment of the present invention, a kind of system is additionally provided, comprising: processor；And memory, with Processor connection, for providing the instruction for handling following processing step for processor: webpage is listed by browser execution Target application, first server are monitored for operating behavioral data caused by the behavior of webpage, wherein behavioral data is operation The data generated when webpage；First server, which detects behavioral data, whether there is risk；The case where there are risks for behavioral data Under, first server controls the corresponding second server of target application and generates verifying mark, wherein terminal scans and parses verifying Mark, obtains parsing result, second server verifies behavioral data according to parsing result.

In embodiments of the present invention, the listed target application of browser execution, first server prison are passed through by webpage Control is for operating behavioral data caused by the behavior of webpage, wherein behavioral data is the data generated when operating webpage；First Server, which detects behavioral data, whether there is risk；In behavioral data there are in the case where risk, first server controls target Verifying mark is generated using corresponding second server, wherein terminal scans and parses verifying mark, obtains parsing result, the Two servers verify behavioral data according to parsing result, to realize the behavioral data in user by first server It being identified as there are in the case where risk, webpage prompt user's using terminal scanning validation mark verifies behavior data, Risk can be released through the above scheme, allow users to continue normal use, therefore keep dredging for business continuation after reporting by mistake Effect is preferable, and while ensure that the interception effect of crawler verification, ensure that can continue after the operation of normal users is reported by mistake Operation；It is identified as by first server there are in the case where risk in the behavioral data of crawler app, webpage can also prompt user to make It is identified, the behavior operation data of crawler is authenticated, but user itself does not operate, therefore use with terminal scanning validation Family can feel that strongly information is crawled, to independently abandon the business of crawler app offer.

The application above-mentioned example solves the technical problem of the effect difference intercepted in the prior art to crawler as a result, and solves Conflict between the decision degree for looking after and reporting by mistake and experiencing and fought crawler of having determined.

Detailed description of the invention

The drawings described herein are used to provide a further understanding of the present invention, constitutes part of this application, this hair Bright illustrative embodiments and their description are used to explain the present invention, and are not constituted improper limitations of the present invention.In the accompanying drawings:

Fig. 1 is the schematic diagram according to a kind of system of safety check of the embodiment of the present application 1；

Fig. 2 is the data interaction figure according to a kind of safety check system of the embodiment of the present application 1；

Fig. 3 shows a kind of hardware configuration of the terminal (or mobile device) of method for realizing safety check Block diagram；

Fig. 4 is a kind of flow chart of the method for according to embodiments of the present invention 2 safety check；

Fig. 5 is the flow chart according to a kind of method of safety check of the embodiment of the present application 3；

Fig. 6 is the flow chart according to a kind of method of safety check of the embodiment of the present application 4；

Fig. 7 is the schematic diagram according to a kind of device of safety check of the embodiment of the present application 5；

Fig. 8 is the schematic diagram according to a kind of device of safety check of the embodiment of the present application 6；

Fig. 9 is the schematic diagram according to a kind of device of safety check of the embodiment of the present application 7；And

Figure 10 is a kind of structural block diagram of according to embodiments of the present invention 9 terminal.

Specific embodiment

In order to enable those skilled in the art to better understand the solution of the present invention, below in conjunction in the embodiment of the present invention Attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is only The embodiment of a part of the invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill people The model that the present invention protects all should belong in member's every other embodiment obtained without making creative work It encloses.

It should be noted that description and claims of this specification and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to the embodiment of the present invention described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.

Firstly, the part noun or term that occur during the embodiment of the present application is described are suitable for following solution It releases:

Crawler: be it is a kind of according to certain rules, automatically grab the program or script of webpage information.

Image authentication code: being a kind of form using graphic verification.User logs at interface, fill in login name and password it Afterwards, also accurately to fill in picture validation code can just login successfully, intelligent graphical verification code, be a kind of based on pattern but mixing Identifying code that is Chinese semantic and understanding, or it is mixed with the figure of simple computation, intelligent graphical verification code, in addition to distinguishing Knowledge will also carry out human brain and do simple understanding or calculate.

Short message verification code: being a kind of effective identifying code form by transmission identifying code to mobile phone.It can effectively verify The authenticity of code registrant's phone number.

Embodiment 1

According to embodiments of the present invention, a kind of embodiment of the system of safety check is provided, this application provides such as Fig. 1 institutes The schematic diagram of the system of the safety check shown, the system include:

First server 10 is monitored when webpage target application listed by browser execution for operating webpage Behavior caused by behavioral data, and judge behavioral data with the presence or absence of risk.

Specifically, above-mentioned first server can be to be deployed in the data service for being used to carry out air control of distal end or local Device, the first server can install air control engine, by the engine-operated preset air control rule of air control, thus to behavioral data Judged with the presence or absence of risk.First server can be communicated with second server and terminal, for by the wind of behavioral data Control result (judging result that whether there is risk) is sent to second server, and verifies in second server to behavioral data After success, receives the authorized order that terminal is sent and complete this so as to inform whether webpage continues to execute behavioral data Safety check.

It should be noted that above-mentioned first server and following second servers can be the same server, it can also To be independent two servers.In the example that first server and second server are the same server, in server It may include air control engine modules and safety product service module, executed by air control engine modules by the air control engine of installation The step of first server executes in the application is executed what second server in the application executed by safety product service module Step.

In this embodiment, target application is the application that user logs on webpage.Target application can have a variety of logins Mode, such as: cell phone client log in, computer page end log in etc..When user logs in target application on webpage, first The behavioral data that server real-time monitoring webpage receives.Behavioral data can be operation of the user to webpage, with Financial Management For, behavioral data, which can be, to be pulled bill operation, is transferred to amount of money operation, produces amount of money operation etc..

In the above scheme, first server judges that behavioral data can be there are many mode, for example, the with the presence or absence of risk One server may determine that whether behavioral data is preset risk behavior data.Specifically, first server can be according to climbing Worm crawls habit, presets multiple risk behavior data, when detect the received behavioral data of webpage be preset risk behavior When any one in data, determine that there are risks for behavior data.For another example first server can also detect preset time The quantity of the behavioral data inside received, if the quantity of the behavioral data received in preset time is more than preset quantity, Determine that there are risks for current behavioral data.

In an alternative embodiment, it is illustrated so that target application is Financial Management application as an example, user is in webpage Upper login Financial Management application, and carried out the operation for pulling bill, in this course, webpage pull account receiving user After single behavioral data, this behavioral data is passed into first server in real time, and trigger and seek advice to first server, to ask Ask this behavioral data with the presence or absence of crawler risk, if bill information can be presented for user.

Second server 20, communicates with first server, for, there are in the case where risk, generating verifying in behavioral data Mark, and verifying mark is sent to webpage.

Specifically, above-mentioned second server can be the server for being deployed in target application server-side, second server is raw At above-mentioned verifying mark can be two dimensional code or bar code, second server can according to currently on webpage log in target answer Account information generates verifying mark, and after verifying mark is sent to webpage by second server, webpage can show verifying mark Know, so that terminal parses it.

In an alternative embodiment, first server determines behavioral data there are risk, by this risk identification As a result it is sent to second server, second server generates two dimension according to the account information for currently logging in target application on webpage Code, and two dimensional code is sent to webpage, what webpage was shown at this time is no longer the corresponding response results of behavioral data, but the two dimension Code.

It, can be by first server by risk identification in the case where first server determines behavioral data there is no risk As a result it informs webpage, that is, informing that this time crawler risk is not present in behavioral data to page end, behavioral data can be presented for user Corresponding information.

Terminal 30 obtains parsing result for scanning and parsing verifying mark；Wherein, second server is also used to basis Parsing result verifies behavioral data.

Specifically, second server can be tied according to parsing if terminal has permission and parses to verifying mark Fruit verifies behavioral data, if terminal does not have permission to parse verifying mark, can parse failure, second service Device can not also verify behavioral data, and this time verifying process terminates, and webpage cannot show that behavioral data is corresponding to user Information.

In an alternative embodiment, verifying mark carries the account letter that target application is currently logged on webpage Breath, in the case where terminal has permission and parses to verifying mark, second server will log in target application on webpage Account information verified with the account information for logging in client in terminal, to realize verifying to behavioral data.

Above-mentioned verifying obtains the corresponding information of behavioral data for determining whether this behavioral data has permission, to finance For the behavioral data for pulling bill in management application, it is used to determine whether behavior data to have the right to behavior data verification Limit pulls bill.If be proved to be successful, then it is assumed that behavior data are operated by user itself, and webpage can show bill, If authentication failed, then it is assumed that behavior data be as caused by crawler, in order to achieve the purpose that it is counter climb, forbid web page display account It is single.

In an alternative embodiment, still by taking Financial Management is applied as an example, user after logon account, carries out on webpage The operation of bill is pulled, after webpage receives the behavioral data for pulling bill, behavioral data is transferred to first server, first Server analyzes behavioral data, when determining that behavior data are risky, risk identification result is sent to target and is answered Second server, second server generate two dimensional code according to the account information for logging in target application on webpage, and by two Dimension code is sent to webpage, and display reminding information " executes current operation to be verified, please make while web displaying two dimensional code It scans the two dimensional code with listed cell phone client to be verified ".

User is according to the two dimensional code and prompt information of web displaying, using the terminal for the client for having logged in target application, Open the client of target application, the functionality scan two dimensional code swept using sweeping in client, with the account logged in webpage It is verified, to verify whether this behavioral data is the manual operation of user, and then determines whether this behavioral data has Permission pull the bill of the user.

It needs to be illustrated, be identified as by first server there are in the case where risk in the behavioral data of user, Webpage prompt user's using terminal scanning validation mark verifies behavior data, can release wind through the above scheme Danger allows users to continue normal use, thus keep that business continues after reporting by mistake to dredge effect preferable, ensure that crawler school While the interception effect tested, ensure that can continue to operate after the operation of normal users is reported by mistake；In the behavioral data of crawler app It is identified as by first server there are in the case where risk, webpage can also prompt user's using terminal scanning validation to identify, to climbing The behavior operation data of worm authenticates, but user itself does not operate, therefore user can feel that information is climbed strongly It takes, to independently abandon the business of crawler app offer.

As a kind of optional embodiment of the application, second server is also used to judge whether terminal uses target application Client scan verify mark, if it is judged that be it is no, then forbid terminal parsing verifying identify.

It should be noted that second server can be safety product server-side during above-mentioned verifying, safety is produced Product server-side has carried out the first layer parsing credible comparison in source in authentication process, i.e., must use the visitor for having logged in target application Family end is scanned verifying mark, and other applications can not identify the verifying and parse.

If the determination result is NO, terminal can not parse verifying mark, and terminal can prompt user to log at this time Scanning validation identifies again after the client of target application.

As a kind of optional embodiment of the application, second server is also used to judge that client account is stepped at the terminal Record client number whether be more than preset times, if it is judged that be it is no, then forbid terminal parsing verifying identify, wherein Client account is the account for logging in client when scanning validation identifies at the terminal.

Specifically, can be determined if the number that client account logs in client at the terminal is more than preset times Terminal is the common terminal of the client account, it can be considered that the terminal is trusted terminal.In a kind of optional implementation In example, it can carry out burying a little in target application, to carry out data acquisition, so that it is determined that the common terminal of client account.

In the above scheme, second server will also carry out the credible comparison of second layer equipment, if scanning validation mark Equipment is not credible equipment, does not also allow equipment parsing verifying mark.

In the case where above-mentioned judging result is no, terminal can not parse verifying mark, and terminal can prompt user at this time After the client for logging in target application using common terminal, then scanning validation mark.

As a kind of optional embodiment of the application, parsing result is that the webpage account of target application is logged on webpage Information.

In the above scheme, webpage account information may include the account and password that target application is logged on webpage.Such as Fruit terminal can parse verifying mark, then illustrate that terminal is trusted terminal, when scanning, used client was mesh Mark the client of application.

In an alternative embodiment, still by taking Financial Management is applied as an example, user is using the account password of itself in net Financial Management application is logged on page, when air control system detection is to there are when the behavioral data of risk, control second server is generated Two dimensional code, second server generate two dimensional code according to the account and password that log in target application on webpage, and by web displaying Two dimensional code.The terminal of user is equipped with the client of Financial Management application, and user logs in client at the terminal, passes through client In sweep two dimensional code on the functionality scan webpage swept.

The terminal used due to user is trusted terminal, and the application program that when scanning uses is trusted application program (i.e. target application itself), therefore two dimensional code can be parsed after scanning input two dimensional code, it obtains logging on webpage The account and password of target application, i.e. webpage account information.

As a kind of optional embodiment of the application, terminal is also used to that obtained webpage account information and client will be parsed End account information is sent to second server, wherein client account information is that scanning validation logs in visitor when identifying at the terminal The account information at family end；Second server is also used to verify webpage account information according to client account information.

In the above scheme, user is after two dimensional code of the using terminal to webpage is scanned, if terminal can be right Two dimensional code is parsed, then illustrates that terminal is trusted terminal, used client is the visitor of target application when terminal scans Family end.It also needs to verify webpage account information at this time, therefore terminal is by webpage account information and the client of itself Account information is sent to second server together, is verified by second server to the two information.

As a kind of optional embodiment of the application, second server is also used in webpage account information and client account Determination is proved to be successful in the identical situation of family information, is determined in the case where webpage account information is with client account information difference Authentication failed.

In an alternative embodiment, logging in the webpage account information of target application in page end is account: abc, close Code: 123456.The client account information that target application client has been logged in terminal is account: abc, password: 123456. Second server determines webpage account information and client account after webpage account information and client account information are compared Family information is identical, therefore is proved to be successful.

In an alternative embodiment, the webpage account information that target application is logged in page end is account: abc, Password: 123456.The client account information that target application client has been logged in terminal is account: bca, password: 654321.Second server determines webpage account information and visitor after webpage account information and client account information are compared Family end account information is different, therefore authentication failed.

In the above scheme of the present embodiment, second server is also used to carry out third layer identity comparison authentication, i.e. webpage The comparison of account information and client account information.Therefore, verifying identification (RNC-ID) analytic is planned to invite to ask at url rear mold in above scheme and is mentioned The mode of friendship not can bypass.Thus before identity comparison authentication, the credible comparison in first layer parsing source and the second layer are also provided with Comparison that equipment is credible, therefore further demonstrate the permission of parsing verifying mark and the permission of operation equipment.

As a kind of optional embodiment of the application, second server is also used to return to verifying knot to the client of terminal Fruit；Terminal is also used to detect authorized order in the case where being proved to be successful, and the authorized order that will test is sent to the first clothes Business device.

Above-mentioned authorized order can be generated by user's operation client.

Above-mentioned verification result may include being proved to be successful and authentication failed, when verification result is authentication failed, the second clothes Verification result is returned to the client of terminal by business device, and by the Client-Prompt user in terminal, this time verifying does not pass through, this Secondary behavioral data will be blocked, for example, can show in client: authentication failed can not execute your current operation, would you please It is verified using client identical with webpage login account.

And in the case where being proved to be successful, second server while verification result to be sent to the client of terminal, There is authorization page in client, for prompting user to authorize this behavioral data, specifically, client can be shown: Would you please be confirmed whether that webpage is allowed to execute the operation for this time pulling bill.When user selects " permission ", illustrate operating terminal For the user with actual operational capacity, terminal detects authorized order.

As a kind of optional embodiment of the application, first server is also used in the case where receiving authorized order Determination authenticates successfully behavioral data, and to webpage Authorization execution behavioral data.

In the above scheme, when the client of terminal receives the authorized order of user, authorized order is forwarded to One server is exported final authenticating result by first server, before first server exports authenticating result, can also be set More regular groups are set, using more information as identification condition, when authenticating result circulates in operation flow, if discovery Risk can still block in time.

As a kind of optional embodiment of the application, first server, which is also used to detect in preset time, receives authorization Number is instructed, if number is greater than predetermined quantity, forbids webpage respondent behavior data.

Specifically, predetermined quantity can be 3-5 times, if the number of the authorized order received in the predetermined time is more, It then there may be the risk attacked, therefore webpage forbidden to respond behavior data, thus termination process.

Fig. 2 is according to a kind of data interaction figure of safety check system of the embodiment of the present application 1, below with reference to Fig. 2, to upper Safety check system executive mode is stated to be further described.

Whether step S21, target application page end 40 acquire behavioral data, can be in existing to the inquiry of first server 10 For the corresponding content of data.

Specifically, the page end 40 of above-mentioned target application logs in target application, acquisition behavioral data it Afterwards, behavioral data is passed to first server 10 by webpage, and whether behavioral data can be presented to the inquiry of first server 10 Corresponding content.

For example, behavioral data is used to pull the bill of user, then webpage will go if target application is Financial Management application After passing to first server for data, ask whether to show bill to user to first server.

Step S22, first server 10 carry out risk identification decision, risk identification result are sent to second server 20。

In above-mentioned steps S22, first server analyzes behavioral data according to preset air control rule, thus Risk identification decision is carried out, for determining that behavioral data whether there is the risk of crawler.Above-mentioned risk identification result can be sent to The corresponding second server of target application.

Step S23, second server 20 generates two dimensional code, and two dimensional code is sent to page end 40.

Second server 20 generates two dimensional code according to the account information at log-on webpage end, after being sent to page end 40, by net 40 two-dimensional code display of page end.

Step S24, the client 50 for running target application at the terminal scan the two-dimensional code, and pass through second server 20 It is verified.

In above-mentioned steps S24, if second server verifying logs in the terminal of client as trusted terminal, and client End is the client of target application, then client 50 parses two dimensional code and obtains account information (the webpage account at log-on webpage end 20 Information), and the account information (client account information) of the account information at log-on webpage end 20 and login client 50 is sent To second server 20, verifying is compared by second server 20.

Verification result is back to client 50 by step S25, second server 20.

If client 50 can decode two dimensional code, illustrate that client 50 is mounted in trusted terminal, client 50 be trusted client, the i.e. client of target application.

Second server 20 is after receiving the webpage account information and client account information that client 50 is sent, by two Identity information is compared, if webpage account information is identical with client account information, is proved to be successful, if webpage account Information and client account information are different, then authentication failed.

Step S26, client 50 receives authorized order, and authorized order is sent to first server 10.

Specifically, client 50 prompts mistake, and blocks current business if authentication failed, if be proved to be successful, Client-Prompt user confirms on the client executes behavior data, and when user's confirmation, client 50 receives authorization Instruction.

Step S27, first server 10 send the result of decision to page end 40.

In above-mentioned steps S27, the result of decision is whether to pass through authentication.First server 10 carries out further decision, such as Fruit first server 10 has received the authorized order of the transmission of client 50, it is determined that and client is operated by user is practical, It is thus determined that this time the result of decision is sent to page end 40, page end 40 is allowed to show to user by behavioral data by authentication This time corresponding operation of behavioral data.

Embodiment 2

According to embodiments of the present invention, the embodiment of a kind of method of safety check is additionally provided, it should be noted that attached The step of process of figure illustrates can execute in a computer system such as a set of computer executable instructions, though also, So logical order is shown in flow charts, but in some cases, it can be to be different from shown by sequence execution herein Or the step of description.

Embodiment of the method provided by the embodiment of the present application one can be in mobile terminal, terminal or similar fortune It calculates and is executed in device.Fig. 3 shows a kind of the hard of the terminal (or mobile device) of method for realizing safety check Part structural block diagram.As shown in figure 3, terminal 30 (or mobile device 30) may include one or more (uses in figure 302a, 302b ... ..., 302n are shown) (processor 302 can include but is not limited to Micro-processor MCV or can processor 302 The processing unit of programmed logic device FPGA etc.), memory 304 for storing data and the transmission for communication function Module 306.It in addition to this, can also include: display, input/output interface (I/O interface), universal serial bus (USB) end Mouth (a port that can be used as in the port of I/O interface is included), network interface, power supply and/or camera.This field is common Technical staff is appreciated that structure shown in Fig. 3 is only to illustrate, and does not cause to limit to the structure of above-mentioned electronic device.Example Such as, terminal 30 may also include than shown in Fig. 1 more perhaps less component or with different from shown in Fig. 3 Configuration.

It is to be noted that said one or multiple processors 302 and/or other data processing circuits lead to herein Can often " data processing circuit " be referred to as.The data processing circuit all or part of can be presented as software, hardware, firmware Or any other combination.In addition, data processing circuit for single independent processing module or all or part of can be integrated to meter In any one in other elements in calculation machine terminal 30 (or mobile device).As involved in the embodiment of the present application, The data processing circuit controls (such as the selection for the variable resistance end path connecting with interface) as a kind of processor.

Memory 304 can be used for storing the software program and module of application software, such as the safety in the embodiment of the present invention Corresponding program instruction/the data storage device of the method for verification, processor 302 are stored in soft in memory 304 by operation Part program and module realize the method for above-mentioned safety check thereby executing various function application and data processing.It deposits Reservoir 304 may include high speed random access memory, may also include nonvolatile memory, as one or more magnetic storage fills It sets, flash memory or other non-volatile solid state memories.In some instances, memory 304 can further comprise relative to place The remotely located memory of device 302 is managed, these remote memories can pass through network connection to terminal 30.Above-mentioned network Example include but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.

Transmitting device 306 is used to that data to be received or sent via a network.Above-mentioned network specific example may include The wireless network that the communication providers of terminal 30 provide.In an example, transmitting device 306 includes that a network is suitable Orchestration (Network Interface Controller, NIC), can be connected by base station with other network equipments so as to Internet is communicated.In an example, transmitting device 306 can be radio frequency (Radio Frequency, RF) module, For wirelessly being communicated with internet.

Display can such as touch-screen type liquid crystal display (LCD), the liquid crystal display aloow user with The user interface of terminal 30 (or mobile device) interacts.

Herein it should be noted that in some optional embodiments, above-mentioned computer equipment shown in FIG. 1 (or movement is set It is standby) it may include hardware element (including circuit), software element (including the computer generation that may be stored on the computer-readable medium Code) or both hardware element and software element combination.It should be pointed out that Fig. 1 is only a reality of particular embodiment Example, and it is intended to show that the type for the component that may be present in above-mentioned computer equipment (or mobile device).

Under above-mentioned running environment, this application provides the methods of safety check as shown in Figure 4.In this embodiment, First server is equipped with air control engine, and first server can execute following step by air control engine.Fig. 4 is according to this hair A kind of flow chart of the method for safety check of bright embodiment 2.

Step S41, webpage are monitored by the listed target application of browser execution, first server for operating webpage Behavior caused by behavioral data.

Specifically, target application is the application that user logs on webpage.Target application can have the side of a variety of logins Formula, such as: cell phone client logs in, computer page end logs in etc..When user logs in target application on webpage, first service The behavioral data that device real time monitoring webpage receives.Behavioral data can be operation of the user to webpage, with Financial Management application For, behavioral data, which can be, to be pulled bill operation, is transferred to amount of money operation, produces amount of money operation etc..

Step S43, first server, which detects behavioral data, whether there is risk.

In above-mentioned steps S43, in the above scheme, first server judges that behavioral data can have with the presence or absence of risk Various ways, for example, first server may determine that whether behavioral data is preset risk behavior data.Specifically, first Server can crawl habit according to crawler, preset multiple risk behavior data, when detecting the received behavioral data of webpage When for any one in preset risk behavior data, determine that there are risks for behavior data.For another example first server is also It can detecte the quantity of the behavioral data received in preset time, if the quantity of the behavioral data received in preset time More than preset quantity, it is determined that there are risks for current behavioral data.

Step S45, in behavioral data there are in the case where risk, first server controls corresponding second clothes of target application Business device generates verifying mark, wherein terminal scans and parses verifying and identifies, and obtains parsing result, second server is according to parsing As a result behavioral data is verified.

Specifically, the corresponding second server of above-mentioned target application is second for completing the various businesses of target application Server, above-mentioned verifying mark can be two dimensional code or bar code, and second server can be according to currently logging in mesh on webpage The account information of mark application generates verifying mark, and after verifying mark is sent to webpage by second server, webpage can show and test Card mark, so that terminal parses it.In the case where first server determines that risk is not present in behavioral data, Ke Yiyou Risk identification result is informed page end by first server, that is, inform that this time crawler risk is not present in behavioral data to page end, The corresponding information of behavioral data can be presented for user.

As a kind of optional embodiment of the application, in behavioral data there are in the case where risk, in first server After controlling the corresponding second server generation verifying mark of target application, the above method further include: first server detection is awarded Power instruction, wherein authorized order is received by terminal in the successful situation of behavior data verification and is sent to first server； First server determination in the case where receiving authorized order authenticates successfully behavioral data, and to webpage Authorization execution behavior Data.

In the above scheme, after second server is to behavioral data verifying, it is also necessary to which first server is to behavior number According to being authenticated, webpage process performing data are just allowed after the authentication is passed.

After second server is verified behavioral data, second server is in the visitor that verification result is sent to terminal While the end of family, there is authorization page in client, for prompting user to authorize this behavioral data, specifically, client End can be shown: would you please be confirmed whether that webpage is allowed to execute the operation for this time pulling bill.When user selects " permission ", explanation Operating terminal is the user with actual operational capacity, and terminal detects authorized order.

When the client of terminal receives the authorized order of user, authorized order is forwarded to first server, by One server exports final authenticating result, and before first server exports authenticating result, more rules can also be arranged Group, still can be with if discovery risk when authenticating result circulates in operation flow using more information as identification condition It blocks in time.

Embodiment 3

According to embodiments of the present invention, the embodiment of a kind of method of safety check is provided, Fig. 5 is implemented according to the application A kind of flow chart of the method for safety check of example 3, this method comprises:

Step S51, second server generate verifying mark according to the control of first server, wherein when webpage is by clear When device of looking at runs listed target application, first server is monitored for operating behavioral data caused by the behavior of webpage, And in behavioral data there are in the case where risk, control second server generates verifying mark.

Specifically, above-mentioned second server can be the second server for being deployed in target application server-side, above-mentioned verifying Mark can be two dimensional code or bar code, and second server can be according to the account information for currently logging in target application on webpage Verifying mark is generated, after verifying mark is sent to webpage by second server, webpage can show verifying mark, so as to terminal pair It is parsed.

Herein it should be noted that in this embodiment, first server is equipped with air control engine, first in the embodiment The step of server executes can be executed by the air control engine of installation.

Step S53, second server return to verifying mark to webpage, wherein terminal scans and parse verifying mark, obtains Parsing result.

Step S55, second server verify behavioral data according to parsing result.

In an alternative embodiment, verifying mark carries the account letter that target application is currently logged on webpage Breath, in the case where parsing result is the parsing result to verifying mark, verifying is identified terminal account information by second server It is verified with the account information for logging in client in terminal, to realize the verifying to behavioral data.

As a kind of optional embodiment, before second server verifies behavioral data according to parsing result, The above method further include: judge whether terminal uses the client scan of target application to verify mark；If it is judged that be it is no, Then forbid terminal parsing verifying mark.

It should be noted that second server can be safety product server-side during above-mentioned authentication, safety is produced Product server-side has carried out the first layer parsing credible comparison in source in authentication process, i.e., must use the visitor for having logged in target application Family end is scanned verifying mark, and other applications can not identify the verifying and parse.

As a kind of optional embodiment, before second server verifies behavioral data according to parsing result, The above method further include: whether the number for judging that client account logs in client at the terminal is more than preset times；If sentenced Disconnected result be it is no, then forbid terminal parsing verifying mark, wherein client account logs at the terminal when being scanning validation mark The account of client.

As a kind of optional embodiment, second server verifies behavioral data according to parsing result, comprising: the Two servers receive parsing result, wherein parsing result is the webpage account information that target application is logged on webpage；Second clothes Business device verifies webpage account information；Second server returns to verification result to terminal.

As a kind of optional embodiment, second server verifies webpage account information, comprising: second server obtains visitor Family end account information, wherein client account information is the account information for logging in client when scanning validation identifies at the terminal； If webpage account information is identical with client account information, it is determined that be proved to be successful；If webpage account information and client Account information is different, it is determined that authentication failed.

In the above scheme, second server be also used to carry out third layer identity comparison authentication, i.e., webpage account information and The comparison of client account information.Therefore, identification (RNC-ID) analytic will be verified in above scheme plan to invite at url rear mold seek the mode of submission not It can bypass.Before identity comparison authentication, it is also provided with the credible comparison in first layer parsing source and the credible comparison of second layer equipment, into One step has demonstrate,proved the permission of parsing verifying mark and the permission of operation equipment.

Embodiment 4

According to embodiments of the present invention, the embodiment of a kind of method of safety check is provided, Fig. 6 is implemented according to the application A kind of flow chart of the method for safety check of example 4, this method comprises:

Step S61, terminal scan and parse verifying mark, obtain parsing result, wherein when webpage passes through browser execution When listed target application, first server is monitored for operating behavioral data caused by the behavior of webpage, and in behavior For data there are in the case where risk, control second server generates verifying mark.

Parsing result is sent to the corresponding second server of target application, wherein second server is also used by step S63 In being verified according to parsing result to behavioral data.

If parsing result is parsing failure, second server be can be confirmed to behavioral data authentication failed, if solution Analysis result is parsing result, then second server verifies behavioral data according to parsing result, and specific verification mode can be with As shown in Example 1.

As a kind of optional embodiment, after parsing result to be sent to the corresponding second server of target application, Method further include: terminal detects authorized order in the case where second server is proved to be successful webpage account information；Terminal will The authorized order detected is sent to first server, wherein first server is determined in the case where receiving authorized order It authenticates successfully, and to webpage Authorization execution behavioral data.

It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the present invention is not limited by the sequence of acts described because According to the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, and related actions and modules is not necessarily of the invention It is necessary.

Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, technical solution of the present invention is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, second server or network equipment etc.) method that executes each embodiment of the present invention.

Embodiment 5

According to embodiments of the present invention, it additionally provides a kind of for implementing the dress of the safety check of the method for above-mentioned safety check It sets, Fig. 7 is according to a kind of schematic diagram of the device of safety check of the embodiment of the present application 5, as shown in fig. 7, the device 700 wraps It includes:

Monitoring module 702, for webpage by the listed target application of browser execution, first server monitoring is used for Operate behavioral data caused by the behavior of webpage.

Detection module 704 whether there is risk for first server detection behavioral data.

Control module 706, for, there are in the case where risk, it is corresponding that first server controls target application in behavioral data Second server generate verifying mark, wherein terminal scan and parse verifying identify, obtain parsing result, second server Behavioral data is verified according to parsing result.

Herein it should be noted that above-mentioned monitoring module 702, monitoring module 702 and control module 706 correspond to embodiment Step S41 to step S45 in 2, three modules are identical as example and application scenarios that corresponding step is realized, but are not limited to One disclosure of that of above-described embodiment.It should be noted that above-mentioned module may operate in implementation as a part of device In the terminal 10 that example one provides.

As a kind of optional embodiment, above-mentioned apparatus further include: detection unit, in behavioral data, there are risks In the case of, after the corresponding second server of first server control target application generates verifying mark, first server inspection Survey authorized order, wherein authorized order is received by terminal in the successful situation of behavior data verification and is sent to first service Device；Determination unit, for first server, in the case where receiving authorized order, determination authenticates successfully behavioral data, and to Webpage Authorization execution behavioral data.

Embodiment 6

According to embodiments of the present invention, it additionally provides a kind of for implementing the dress of the safety check of the method for above-mentioned safety check It sets, Fig. 8 is according to a kind of schematic diagram of the device of safety check of the embodiment of the present application 6, as shown in figure 8, the device 800 wraps It includes:

Control module 802 generates verifying mark according to the control of first server for second server, wherein work as net When page is by browser execution listed target application, first server is monitored for operating row caused by the behavior of webpage For data, and in behavioral data there are in the case where risk, control second server generates verifying mark.

Return module 804 returns to verifying mark to webpage for second server, wherein terminal scans and parses verifying Mark, obtains parsing result.

Authentication module 806 verifies behavioral data according to parsing result for second server.

Herein it should be noted that above-mentioned control module 802, return module 804 and parsing module 806 correspond to embodiment Step S51 to step S55 in 3, three modules are identical as example and application scenarios that corresponding step is realized, but are not limited to One disclosure of that of above-described embodiment.It should be noted that above-mentioned module may operate in implementation as a part of device In the terminal 10 that example one provides.

As a kind of optional embodiment, device further include: first judgment module is used in second server according to parsing As a result before verifying to behavioral data, judge whether terminal uses the client scan of target application to verify mark；First Disabled module, be used for if it is judged that be it is no, then forbid terminal parsing verifying identify.

As a kind of optional embodiment, above-mentioned apparatus further include: the second judgment module, for second server according to Before parsing result verifies behavioral data, judge client account log at the terminal client number whether be more than Preset times；Second disabled module, be used for if it is judged that be it is no, then forbid terminal parsing verifying identify, wherein client Account is to log in the account of client when scanning validation identifies at the terminal.

As a kind of optional embodiment, authentication module includes: receiving submodule, receives parsing knot for second server Fruit, wherein parsing result is the webpage account information that target application is logged on webpage；Submodule is verified, second service is used for Device verifies webpage account information；Submodule is returned, returns to verification result to terminal for second server.

As a kind of optional embodiment, verifying submodule includes: acquiring unit, obtains client for second server Account information, wherein client account information is the account information for logging in client when scanning validation identifies at the terminal；First Determination unit, if identical with client account information for webpage account information, it is determined that be proved to be successful；Second determines list Member, if for webpage account information and client account information difference, it is determined that authentication failed.

Embodiment 7

According to embodiments of the present invention, it additionally provides a kind of for implementing the dress of the safety check of the method for above-mentioned safety check It sets, Fig. 9 is according to a kind of schematic diagram of the device of safety check of the embodiment of the present application 7, as shown in figure 9, the device 900 wraps It includes:

Parsing module 902 scans and is parsed for terminal verifying mark, obtain parsing result, wherein when webpage is by clear When device of looking at runs listed target application, first server is monitored for operating behavioral data caused by the behavior of webpage, And in behavioral data there are in the case where risk, control second server generates verifying mark.

Sending module 904, for parsing result to be sent to the corresponding second server of target application, wherein the second clothes Business device is also used to verify behavioral data according to parsing result.

Herein it should be noted that above-mentioned parsing module 902 and sending module 904 correspond to the step S61 in embodiment 4 To step S65, two modules are identical as example and application scenarios that corresponding step is realized, but are not limited to the above embodiments one Disclosure of that.It should be noted that above-mentioned module may operate in the meter of the offer of embodiment one as a part of device In calculation machine terminal 10.

As a kind of optional embodiment, above-mentioned apparatus further include: detection module, for parsing result to be sent to mesh After the corresponding second server of mark application, terminal is in the case where second server is proved to be successful webpage account information, inspection Survey authorized order；Sending module, the authorized order that will test for terminal are sent to first server, wherein first service Device determination in the case where receiving authorized order authenticates successfully, and to webpage Authorization execution behavioral data.

Embodiment 8

According to embodiments of the present invention, a kind of system is additionally provided, comprising:

Processor；And

Memory is connect with processor, for providing the instruction for handling following processing step for processor:

Webpage monitors the behavior institute for operating webpage by the listed target application of browser execution, first server The behavioral data of generation, wherein behavioral data is the data generated when operating webpage；

First server, which detects behavioral data, whether there is risk；

In behavioral data there are in the case where risk, first server controls the corresponding second server of target application and generates Verifying mark, wherein terminal scans and parse verifying mark, obtains parsing result, second server is according to parsing result to row It is verified for data.

Embodiment 9

The embodiment of the present invention can provide a kind of terminal, which can be in terminal group Any one computer terminal.Optionally, in the present embodiment, above-mentioned terminal also could alternatively be mobile whole The terminal devices such as end.

Optionally, in the present embodiment, above-mentioned terminal can be located in multiple network equipments of computer network At least one network equipment.

In the present embodiment, above-mentioned terminal can execute the program generation of following steps in the method for safety check Code: webpage is monitored by the listed target application of browser execution, first server for operating produced by the behavior of webpage Behavioral data, wherein behavioral data is the data that generate when operating webpage；First server detection behavioral data whether there is Risk；In behavioral data there are in the case where risk, the corresponding second server generation of first server control target application is tested Card mark, wherein terminal scans and parse verifying mark, obtains parsing result, second server is according to parsing result to behavior Data are verified.

Optionally, Figure 10 is a kind of structural block diagram of terminal according to an embodiment of the present invention.As shown in Figure 10, should Terminal A may include: one or more (one is only shown in figure) processors 1002, memory 1004 and peripheral hardware Interface 1006.

Wherein, memory can be used for storing software program and module, such as the side of the safety check in the embodiment of the present invention Method and the corresponding program instruction/module of device, the software program and module that processor is stored in memory by operation, from And perform various functions application and data processing, that is, realize the method for above-mentioned safety check.Memory may include high speed with Machine memory, can also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non- Volatile solid-state.In some instances, memory can further comprise the memory remotely located relative to processor, These remote memories can pass through network connection to terminal 10.The example of above-mentioned network includes but is not limited to interconnect Net, intranet, local area network, mobile radio communication and combinations thereof.

Processor can call the information and application program of memory storage by transmitting device, to execute following step: Webpage is monitored by the listed target application of browser execution, first server for operating row caused by the behavior of webpage For data, wherein behavioral data is the data generated when operating webpage；First server, which detects behavioral data, whether there is wind Danger；In behavioral data there are in the case where risk, first server controls the corresponding second server of target application and generates verifying Mark, wherein terminal scans and parse verifying mark, obtains parsing result, second server is according to parsing result to behavior number According to being verified.

Optionally, the program code of following steps can also be performed in above-mentioned processor: first server detects authorized order, Wherein, authorized order is received by terminal in the successful situation of behavior data verification and is sent to first server；First service Device determination in the case where receiving authorized order authenticates successfully behavioral data, and to webpage Authorization execution behavioral data.

Using the embodiment of the present invention, a kind of method of safety check is provided, has been stepped on by webpage by browser execution The target application of record, first server monitor behavioral data, wherein behavioral data is the data generated when operating webpage；First Server, which detects behavioral data, whether there is risk；In behavioral data there are in the case where risk, first server controls target Verifying mark is generated using corresponding second server, wherein terminal scans and parses verifying mark, obtains parsing result, the Two servers verify behavioral data according to parsing result, to realize the behavioral data in user by first server It being identified as there are in the case where risk, webpage prompt user's using terminal scanning validation mark verifies behavior data, Risk can be released through the above scheme, allow users to continue normal use, therefore keep dredging for business continuation after reporting by mistake Effect is preferable, and while ensure that the interception effect of crawler verification, ensure that can continue after the operation of normal users is reported by mistake Operation；It is identified as by first server there are in the case where risk in the behavioral data of crawler app, webpage can also prompt user to make It is identified, the behavior operation data of crawler is authenticated, but user itself does not operate, therefore use with terminal scanning validation Family can feel that strongly information is crawled, to independently abandon the business of crawler app offer.

It will appreciated by the skilled person that structure shown in Fig. 10 is only to illustrate, terminal is also possible to Smart phone (such as Android phone, iOS mobile phone), tablet computer, applause computer and mobile internet device (Mobile Internet Devices, MID), the terminal devices such as PAD.Figure 10 it does not cause to limit to the structure of above-mentioned electronic device.Example Such as, terminal 10 may also include the more or less component (such as network interface, display device) than shown in Figure 10, Or with the configuration different from shown in Figure 10.

Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing the relevant hardware of terminal device by program, which can store in a computer readable storage medium In, storage medium may include: flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), disk or CD etc..

Embodiment 10

The embodiments of the present invention also provide a kind of storage mediums.Optionally, in the present embodiment, above-mentioned storage medium can With program code performed by the method for saving safety check provided by above-described embodiment one.

Optionally, in the present embodiment, above-mentioned storage medium can be located in computer network in computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.

Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps: net Page is monitored by the listed target application of browser execution, first server for operating behavior caused by the behavior of webpage Data, wherein behavioral data is the data generated when operating webpage；First server, which detects behavioral data, whether there is risk； In behavioral data there are in the case where risk, first server controls the corresponding second server of target application and generates verifying mark Know, wherein terminal scans and parse verifying mark, obtains parsing result, second server is according to parsing result to behavioral data It is verified.

The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.

In the above embodiment of the invention, it all emphasizes particularly on different fields to the description of each embodiment, does not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.

In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.

The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.

It, can also be in addition, the functional units in various embodiments of the present invention may be integrated into one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.

If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, technical solution of the present invention is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the present invention whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.

The above is only a preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, various improvements and modifications may be made without departing from the principle of the present invention, these improvements and modifications are also answered It is considered as protection scope of the present invention.

Claims

1. a kind of system of safety check characterized by comprising

First server is monitored when webpage target application listed by browser execution for operating the webpage Behavioral data caused by behavior, and judge the behavioral data with the presence or absence of risk；

Second server is communicated with the first server, in the behavioral data, there are in the case where risk, generation to be tested Card mark, and verifying mark is sent to the webpage；

Terminal obtains parsing result for scanning and parsing the verifying mark；

Wherein, the second server is also used to verify the behavioral data according to the parsing result.

2. system according to claim 1, which is characterized in that whether the second server is also used to judge the terminal Mark is verified described in client scan using the target application, if it is judged that be it is no, then forbid terminal parsing The verifying mark.

3. system according to claim 2, which is characterized in that the second server is also used to judge that client account exists Whether the number that the client is logged in the terminal is more than preset times, if it is judged that be it is no, then forbid the end End parses the verifying mark, wherein the client account logs in institute when identifying for the scanning verifying on the terminal State the account of client.

4. system as claimed in any of claims 1 to 3, which is characterized in that the parsing result is in the net The webpage account information of the target application is logged on page.

5. system according to claim 4, which is characterized in that

The terminal is also used to the webpage account information and client account information that parsing obtains being sent to described second Server, wherein the client account information is to log in the client on the terminal when scanning verifying mark Account information；

The second server is also used to verify the webpage account information according to the client account information.

6. system according to claim 5, which is characterized in that the second server is also used to believe in the webpage account It ceases determination in situation identical with the client account information to be proved to be successful, in the webpage account information and the client Authentication failed is determined in the case that account information is different.

7. system according to claim 6, which is characterized in that

The second server is also used to return to verification result to the client of the terminal；

The terminal is also used to detect authorized order in the case where being proved to be successful, and the authorized order that will test is sent To the first server.

8. system according to claim 7, which is characterized in that the first server is also used to receiving the authorization Determination authenticates successfully the behavioral data in the case where instruction, and to behavioral data described in the webpage Authorization execution.

9. system according to claim 7, which is characterized in that it is inscribed that the first server is also used to detect preset time The number of authorized order is received, if the number is greater than predetermined quantity, the webpage is forbidden to respond the behavioral data.

10. a kind of method of safety check characterized by comprising

Webpage monitors the behavior institute for operating the webpage by the listed target application of browser execution, first server The behavioral data of generation；

The first server, which detects the behavioral data, whether there is risk；

In the behavioral data there are in the case where risk, the first server controls corresponding second clothes of the target application Business device generates verifying mark, wherein terminal scans and parse the verifying mark, obtains parsing result, the second server The behavioral data is verified according to the parsing result.

11. according to the method described in claim 10, it is characterized in that, in the behavioral data there are in the case where risk, After the first server controls the corresponding second server generation verifying mark of the target application, the method is also wrapped It includes:

The first server detects authorized order, wherein the authorized order is the case where the behavioral data is proved to be successful Under, it is received by the terminal and is sent to the first server；

First server determination in the case where receiving the authorized order authenticates successfully the behavioral data, and to Behavioral data described in the webpage Authorization execution.

12. a kind of safe checking method characterized by comprising

Second server generates verifying mark according to the control of first server, wherein when webpage has been stepped on by browser execution When the target application of record, first server monitoring for operating behavioral data caused by the behavior of the webpage, and The behavioral data generates the verifying mark there are the second server in the case where risk, is controlled；

The second server returns to the verifying mark to the webpage, wherein terminal scans and parse verifying mark, obtains Parsing result；

The second server verifies the behavioral data according to the parsing result.

13. according to the method for claim 12, which is characterized in that in the second server according to the parsing result pair Before the behavioral data is verified, the method also includes:

Judge whether the terminal uses and verifies mark described in the client scan of the target application；

If it is judged that be it is no, then forbid the terminal to parse the verifying and identify.

14. according to the method for claim 13, which is characterized in that in the second server according to the parsing result pair Before the behavioral data is verified, the method also includes:

Whether the number for judging that client account logs in the client on the terminal is more than preset times；

If it is judged that be it is no, then forbid the terminal to parse the verifying mark, wherein the client account is to scan The account of the client is logged in when the verifying mark on the terminal.

15. method described in any one of 2 to 14 according to claim 1, which is characterized in that the second server is according to institute Parsing result is stated to verify the behavioral data, comprising:

The second server receives the parsing result, wherein the parsing result is that the mesh is logged on the webpage Mark the webpage account information of application；

The second server verifies the webpage account information；

The second server returns to verification result to the terminal.

16. according to the method for claim 15, which is characterized in that the second server verifies the webpage account letter Breath, comprising:

The second server obtains client account information, wherein the client account information is to scan the verifying mark The account information of the client is logged in when knowledge on the terminal；

If webpage account information is identical with the client account information, it is determined that be proved to be successful；

If webpage account information is different with the client account information, it is determined that authentication failed.

17. a kind of safe checking method characterized by comprising

Terminal scans and parses verifying mark, obtains parsing result, wherein when webpage passes through the listed target of browser execution In application, first server is monitored for operating behavioral data caused by the behavior of the webpage, and in the behavioral data There are in the case where risk, control second server generates the verifying mark；

The parsing result is sent to the corresponding second server of target application, wherein the second server is also used to root The behavioral data is verified according to the parsing result.

18. according to the method for claim 17, which is characterized in that corresponding the parsing result is sent to target application Second server after, the method also includes:

The terminal detects authorized order in the case where the second server is proved to be successful the webpage account information；

The authorized order that the terminal will test is sent to first server, wherein the first server is receiving It is authenticated successfully to determination in the case where the authorized order, and to behavioral data described in the webpage Authorization execution.

19. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment execute following steps: webpage is by the listed target application of browser execution, the One server monitoring is for operating behavioral data caused by the behavior of the webpage, wherein the behavioral data is operation institute The data generated when stating webpage；The first server, which detects the behavioral data, whether there is risk；In the behavioral data There are in the case where risk, the first server controls the corresponding second server of the target application and generates verifying mark, Wherein, terminal scans and parses the verifying mark, obtains parsing result, the second server is according to the parsing result pair The behavioral data is verified.

20. a kind of processor, which is characterized in that the processor is for running program, wherein executed such as when described program is run Lower step: webpage monitors the row for operating the webpage by the listed target application of browser execution, first server For generated behavioral data, wherein the behavioral data is the data generated when operating the webpage；The first server The behavioral data is detected with the presence or absence of risk；In the behavioral data there are in the case where risk, the first server control It makes the corresponding second server of the target application and generates verifying mark, wherein terminal scans and parse the verifying mark, obtains To parsing result, the second server verifies the behavioral data according to the parsing result.

21. a kind of system characterized by comprising

Processor；And

Memory is connected to the processor, for providing the instruction for handling following processing step for the processor:

Webpage monitors the behavior institute for operating the webpage by the listed target application of browser execution, first server The behavioral data of generation, wherein the behavioral data is the data generated when operating the webpage；

The first server, which detects the behavioral data, whether there is risk；