CN110704867A - Method, system, medium and apparatus for integral theft prevention - Google Patents

Method, system, medium and apparatus for integral theft prevention Download PDF

Info

Publication number
CN110704867A
CN110704867A CN201910842064.9A CN201910842064A CN110704867A CN 110704867 A CN110704867 A CN 110704867A CN 201910842064 A CN201910842064 A CN 201910842064A CN 110704867 A CN110704867 A CN 110704867A
Authority
CN
China
Prior art keywords
target data
preset
client
data
integral
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201910842064.9A
Other languages
Chinese (zh)
Other versions
CN110704867B (en
Inventor
吴金龙
单文杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yijifen eCommerce Co Ltd
Original Assignee
Yijifen eCommerce Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yijifen eCommerce Co Ltd filed Critical Yijifen eCommerce Co Ltd
Priority to CN201910842064.9A priority Critical patent/CN110704867B/en
Publication of CN110704867A publication Critical patent/CN110704867A/en
Application granted granted Critical
Publication of CN110704867B publication Critical patent/CN110704867B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/02Marketing; Price estimation or determination; Fundraising
    • G06Q30/0207Discounts or incentives, e.g. coupons or rebates
    • G06Q30/0208Trade or exchange of goods or services in exchange for incentives or rewards
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Accounting & Taxation (AREA)
  • Development Economics (AREA)
  • Strategic Management (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Game Theory and Decision Science (AREA)
  • Marketing (AREA)
  • General Business, Economics & Management (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a system, a medium and a device for integral theft prevention, wherein the method comprises the following steps: generating a first preset number of target data, and establishing a one-to-one correspondence relationship between the target data and the service data; dividing the target data into a preset part of target data, and respectively inserting the part of target data into data of a preset integral deduction page or encrypting the part of target data and sending the encrypted part of target data to a client; and receiving target data acquired by the client, and generating early warning information when the target data acquired by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data. The method, the system, the medium and the device for preventing the credit from being stolen are used for preventing third-party merchants from stealing user credits under the condition that users do not know based on the one-to-one corresponding relation between target data and business data, effectively reducing the risk of credit exchange and protecting the credit asset safety of the users.

Description

Method, system, medium and apparatus for integral theft prevention
Technical Field
The invention relates to the technical field of integration, in particular to a method, a system, a medium and a device for integration theft prevention.
Background
After the credit exchange capability is developed into an industrial capability from the inside of an organization and becomes the standard capability of a plurality of enterprises, the credit exchange capability is used as a provider of the standard capability to control the safety of a credit use scene, so that the foundation guarantee for the loss of the credit exchange capability is formed, the background of each organization and company in the market is complex, and when the credit exchange capability cannot be guaranteed, some non-compliant means can be adopted, so that the user is confused in using the credit and is hindered in the loss of the credit, the credit exchange capability provider can timely find out the non-compliant and non-compliant credit use scenes of third-party merchants and timely give early warning, which is particularly important, under the background, a credit operation technology team deeply studies the non-compliant and non-compliant means possibly adopted by the third-party merchants, so that the means which have the greatest influence and the worst influence at present, the method is characterized in that a third-party merchant steals points of a user under the condition that the user does not know, the third-party merchant encapsulates the point capacity provided by a point company (including a point capacity providing server and a data acquisition and analysis center) in a client app of the third-party merchant, the client app looks abnormal on the surface, once the user is installed, the client app simulates user behaviors in a background to finish point deduction, and the user does not feel the point stealing process.
Therefore, it is desirable to solve the problem of how to prevent third-party merchants from stealing user points under the condition that users are unaware of, prevent point theft, and protect the point asset security of users.
Disclosure of Invention
In view of the above drawbacks of the prior art, an object of the present invention is to provide a method, a system, a medium, and a device for preventing credit from being stolen, and protecting the security of credit assets of a user by preventing a third-party merchant from stealing user credit without knowing a user in the prior art.
To achieve the above and other related objects, the present invention provides an integral anti-theft method, comprising the steps of: generating a first preset number of target data, and establishing a one-to-one correspondence relationship between the target data and the service data; dividing the target data into a preset part of target data, and respectively inserting the part of target data into data of a preset integral deduction page or encrypting the part of target data and sending the encrypted part of target data to a client; and receiving target data acquired by the client, and generating early warning information when the target data acquired by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data.
In an embodiment of the present invention, the dividing the target data into a predetermined part of partial target data, and inserting the partial target data into data of a predetermined point deduction page or encrypting the partial target data and sending the encrypted partial target data to the client includes: dividing the target data into a second preset number of first part of target data, a third preset number of second part of target data and a fourth preset number of third part of target data; encrypting the first part of target data, and sending the encrypted first part of target data to a client for inserting into a Cookie of the client; randomly inserting the second part of target data into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page; generating prefix IDs for the third part of target data according to the fourth preset quantity, and inserting the prefix IDs into data of an html hidden field of an integral deduction page; and sending the point deduction page to a client so as to enable the client to carry out point exchange.
In an embodiment of the present invention, the service data is: order number, credit redemption serial number, customer number or device number for the credit.
In one embodiment of the present invention, the portion of the target data is encrypted using a 3DES encryption algorithm.
In an embodiment of the present invention, the predetermined percentage is 20%.
In an embodiment of the present invention, the method further includes sending the warning information to a preset receiving end.
In order to achieve the above object, the present invention also provides an integral antitheft system, including: the system comprises a corresponding module, an inserting module and an early warning module; the corresponding module is used for generating a first preset number of target data and establishing a one-to-one corresponding relation between the target data and the service data; the inserting module is used for dividing the target data into a preset part of target data, respectively inserting the part of target data into data of a preset integral deduction page or encrypting the part of target data and sending the encrypted part of target data to a client; the early warning module is used for receiving the target data acquired by the client and generating early warning information when the target data acquired by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data.
To achieve the above object, the present invention further provides a computer-readable storage medium having a computer program stored thereon, which when executed by a processor, implements any of the above methods for integral theft prevention.
In order to achieve the above object, the present invention also provides an integral theft prevention device, including: a processor and a memory; the memory is used for storing a computer program; the processor is connected with the memory and is used for executing the computer program stored in the memory so as to enable the integral anti-theft device to execute any integral anti-theft method.
Finally, the present invention also provides an integral antitheft system, comprising: the system comprises the integral anti-theft device and a client; the client is used for collecting target data and sending the target data to the integral anti-theft device.
As described above, the method, system, medium, and apparatus for integral theft prevention according to the present invention have the following advantageous effects: the third-party commercial tenant is prevented from stealing the user points under the condition that the user does not know, the point exchange risk is effectively reduced, and the point asset safety of the user is protected.
Drawings
FIG. 1 is a flow chart illustrating an integrated theft prevention method according to an embodiment of the present invention;
FIG. 2 is a flow chart of the integral anti-theft method of the present invention in a further embodiment;
FIG. 3 is a schematic diagram of an embodiment of the anti-theft system for credit of the present invention;
FIG. 4 is a schematic structural diagram of an integral anti-theft device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an integration theft prevention system according to another embodiment of the present invention.
Description of the element reference numerals
31 corresponding module
32 plug-in module
33 early warning module
41 processor
42 memory
Device for preventing 51 integral from being stolen
52 client
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, so that the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, the type, quantity and proportion of the components in actual implementation can be changed freely, and the layout of the components can be more complicated.
The method, the system, the medium and the device for preventing the credit from being stolen effectively prevent the third-party commercial tenant from stealing the user credit under the condition that the user does not know, reduce the credit exchange risk and protect the credit asset safety of the user.
As shown in fig. 1, in an embodiment, the method for integral theft prevention of the present invention includes the following steps:
step S11, generating a first preset number of target data, and establishing a one-to-one correspondence relationship between the target data and the service data.
Specifically, the target data is a randomly generated number of preset digits.
Specifically, the first preset number may be 11, 12, 13, 14, or 15.
Specifically, the service data is: order number, credit redemption serial number, customer number or device number for the credit.
Specifically, a one-to-one correspondence relationship is established between the target data and the service data, and a one-to-one correspondence relationship is established between one target data and one service data.
Step S12, dividing the target data into partial target data of a preset portion, and inserting the partial target data into data of a preset integral subtraction page or encrypting and sending the partial target data to a client.
Specifically, the dividing the target data into a preset part of partial target data, and inserting the partial target data into data of a preset integral deduction page or encrypting and sending the partial target data to a client includes: dividing the target data into a second preset number of first part of target data, a third preset number of second part of target data and a fourth preset number of third part of target data; encrypting the first part of target data, and sending the encrypted first part of target data to a client for inserting into a Cookie of the client; randomly inserting the second part of target data into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page; generating prefix IDs for the third part of target data according to the fourth preset quantity, and inserting the prefix IDs into data of an html hidden field of an integral deduction page; and sending the point deduction page to a client so as to enable the client to carry out point exchange.
Specifically, the first preset number of the target data is 11. Dividing the target data into a second preset number of first part target data, a third preset number of second part target data and a fourth preset number of third part target data. The second preset number is 1, the third preset number is 5, and the fourth preset number is 5. And encrypting the 1 first part of target data by adopting a 3DES encryption algorithm, and sending the encrypted target data to a client. 3DES, also known as Triple DES, is a mode of DES (data Encryption algorithm) Encryption algorithm that encrypts data three times using 3 keys of 56 bits. The client inserts the first portion of the target data into a Cookie. Cookies, and sometimes their complex forms, refer to data (usually encrypted) that certain websites store on the user's local terminal for purposes of user identity identification and session tracking. Specifically, the Cookie inserted into the first part of target data is disguised as service data, and is named UserInfo. Randomly inserting the second part of target data with the third preset number of 5 into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page. For example, if the third preset number is 5 and the preset multiple is 4 times, the fifth preset number is greater than or equal to 20. Html (an application under the standard generalized markup language) element refers to all codes from a start tag (starttag) to an end tag (end tag), Html elements start with the start tag and Html elements end with the end tag, the content of the elements is the content between the start tag and the end tag, some Html elements have empty content (empty), the empty elements close in the start tag (end with the end of the start tag), and most Html elements can have attributes. Most html elements can be nested (other html elements can be included). The Html document is composed of nested Html elements. And randomly inserting the third preset number of 5 second parts of target data into a fifth preset number of 20 html elements, namely selecting 5 html elements for insertion. The html element exists in a point deduction page, and the point deduction page is displayed on the client when the user redeems points. The html element can be a picture, a label, a control, and the like. The html element is inserted with the third predetermined number 5 of second portions of the targeting data, but the naming convention of id strictly follows the business convention and cannot be exposed by id, and this html element is assembled with the targeting data. Then, the remaining 5 target data, that is, the third target data of the fourth preset number, are used to generate the prefix ID according to the fourth preset number, for example, if the fourth preset number is 5, then the prefix ID is a html hidden field of a fixed prefix ID plus value (this value refers to all the remaining target data numbers, for example, if the fourth preset number is 5, then this value is 5). And randomly inserting the html hidden field inserted into the third part of target data of the fourth preset number into html codes of an integral deduction page. The hidden field is not visible to the user in the page, and the purpose of inserting the hidden field in the form is to collect or send information for use by the program processing the form. When the browser clicks the send button to send the form, the information of the hidden field is also sent to the server together.
Step S13, target data collected by the client are received, and early warning information is generated when the target data collected by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data.
Specifically, the client searches for target data in a Cookie, an html element and an html hidden field. And receiving the target data collected by the client.
Specifically, the client searches for target data in a Cookie, an html element and an html hidden domain through a first JS script, wherein JS is Javascript which is a script language developed by LiveScript of Netscape. The client side collects the target data and other data at the same time, and conducts multilayer processing such as sequencing, coding and encryption on the collected data to obtain processed data. The client acquires the integral anti-theft device and sends a second JS script, the processed data is decrypted and decoded through the second JS script, target data is separated from the data, and the target data obtained through separation is coded again and encrypted by the 3DES and then sent to a target data analysis center of the integral anti-theft device.
Specifically, the first JS script and the second JS script are generated by an integral anti-theft device and are sent to the client. The integral embezzlement prevention device can be used for continuously upgrading and editing the first JS script and the second JS script to irregularly change and upgrade the first JS script and the second JS script, interference elements are added, the complexity of cracking is increased, and integral embezzlement is prevented.
Specifically, target data collected by the client is received, and whether the proportion of service data, which cannot be found in a one-to-one correspondence manner, of the target data collected by the client is lower than 20% is judged within 5 minutes. I.e. the preset time period is 5 minutes, and the preset percentage is 20%. And generating early warning information when the target data acquired by the client in every five minutes has a proportion of more than or equal to 20% and cannot find one-to-one corresponding service data. Therefore, the control of integral anti-theft is carried out in time, and prompt is achieved in time.
Specifically, the method further comprises the step of sending the early warning information to a preset receiving end.
Specifically, the information is sent to a preset receiving end in a short message or email mode. The preset receiving end is a preset mailbox or a preset mobile phone. And the users of the mailbox and the mobile phone log in the target data analysis center to pull the service data detail for study and judgment, if the target data without the reverse data marks are all of the same cooperative merchant, and the qualification, the grade and the like of the cooperative merchant are not clear, the users can judge the credit stealing behavior, and perform one-key shutdown operation on the access authority of the cooperative merchant. Therefore, the use risk of the cooperative merchants on the point redemption capability can be effectively controlled, and the safety of the point assets of the users is guaranteed.
As shown in fig. 2, in an embodiment of the method for preventing theft of credit of the present invention, a client (in fig. 2, user app) displays a third-party merchant service page, a user confirms whether to redeem credit, if not, the credit redemption is completed, if so, a credit redemption request is sent to a third-party merchant server, the third-party merchant server verifies the identity of the user, and if the third-party merchant server verifies that the identity information of the user is correct, the client displays the credit redemption page and sends a request for redeeming credit to the credit theft prevention device (including a credit capability providing server and a data acquisition and analysis center). The credit capability providing server of the credit anti-theft device checks the payment information of the third-party commercial tenant, generates a first preset amount of target data after the checking is passed, and establishes a one-to-one correspondence relationship between the target data and the service data; dividing the target data into partial target data of a preset part, and respectively inserting the partial target data into data of a preset integral deduction page or encrypting the partial target data and sending the partial target data to a client (a user app in fig. 2); the point capability providing server sends the target data and the service data to a data acquisition and analysis center (the link for generating the target data and the service data is shown in fig. 2). And the client displays the score deduction page and sends the secondary authentication random code to the score capability providing server. And the point capability providing server side verifies that the secondary authentication random code is correct and then carries out point deduction, sends a point deduction result to the client side and sends the point deduction result to the third-party merchant server side. And the third-party merchant server processes corresponding services for the user. The data acquisition and analysis center receives the target data acquired by the client, and generates short message early warning information when the target data acquired by the client exceeding 20% of a preset percentage in a preset time period cannot find one-to-one corresponding service data. The method is used for preventing a third-party merchant server (a third-party merchant) from stealing the points of the user under the condition that the user does not know. The third-party merchant packages the credit capability provided by the credit company in the client of the third-party merchant, the client appears to be abnormal on the surface, once the user installs the credit company, the client can simulate the user behavior in the background to finish credit deduction, and the user does not feel the credit company in the whole credit stealing process. The method can establish a one-to-one correspondence relationship based on the target data and the business data, and verify whether the point exchange is initiated by the user, so that the third-party merchant server is prevented from stealing the points of the user under the condition that the user does not know, and the point exchange is carried out. Therefore, the third-party merchant server is prevented from simulating user behaviors in the background by using the client app, for example, the third-party merchant server interest client app sends a point exchange request to the point capacity providing server, and the user does not know at the moment and carries out point deduction. However, the user is not informed and cannot generate the point deduction page at the client, and the client cannot send the collected target data to the data collection and analysis center, so that point exchange performed by a counterfeit user at a third-party merchant server can be detected.
As shown in fig. 2, in an embodiment, the integral anti-theft system of the present invention includes: a correspondence module 31, an insertion module 32 and an early warning module 33.
The correspondence module 31 is configured to generate a first preset number of target data, and establish a one-to-one correspondence between the target data and the service data.
Specifically, the target data is a randomly generated number of preset digits.
Specifically, the first preset number may be 11, 12, 13, 14, or 15.
Specifically, the service data is: order number, credit redemption serial number, customer number or device number for the credit.
Specifically, a one-to-one correspondence relationship is established between the target data and the service data, and a one-to-one correspondence relationship is established between one target data and one service data.
The inserting module 32 is configured to divide the target data into a preset part of target data, and insert each of the part of target data into data of a preset integral deduction page or encrypt and send the part of target data to a client.
Specifically, the dividing the target data into a preset part of partial target data, and inserting the partial target data into data of a preset integral deduction page or encrypting and sending the partial target data to a client includes: dividing the target data into a second preset number of first part of target data, a third preset number of second part of target data and a fourth preset number of third part of target data; encrypting the first part of target data, and sending the encrypted first part of target data to a client for inserting into a Cookie of the client; randomly inserting the second part of target data into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page; generating prefix IDs for the third part of target data according to the fourth preset quantity, and inserting the prefix IDs into data of an html hidden field of an integral deduction page; and sending the point deduction page to a client so as to enable the client to carry out point exchange.
Specifically, the first preset number of the target data is 11. Dividing the target data into a second preset number of first part target data, a third preset number of second part target data and a fourth preset number of third part target data. The second preset number is 1, the third preset number is 5, and the fourth preset number is 5. And encrypting the 1 first part of target data by adopting a 3DES encryption algorithm, and sending the encrypted target data to a client. 3DES, also known as Triple DES, is a mode of DES (data Encryption algorithm) Encryption algorithm that encrypts data three times using 3 keys of 56 bits. The client inserts the first portion of the target data into a Cookie. Cookies, and sometimes their complex forms, refer to data (usually encrypted) that certain websites store on the user's local terminal for purposes of user identity identification and session tracking. Specifically, the Cookie inserted into the first part of target data is disguised as service data, and is named UserInfo. Randomly inserting the second part of target data with the third preset number of 5 into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page. For example, if the third preset number is 5 and the preset multiple is 4 times, the fifth preset number is greater than or equal to 20. Html (an application under the standard generalized markup language) element refers to all codes from a start tag (starttag) to an end tag (end tag), Html elements start with the start tag and Html elements end with the end tag, the content of the elements is the content between the start tag and the end tag, some Html elements have empty content (empty), the empty elements close in the start tag (end with the end of the start tag), and most Html elements can have attributes. Most html elements can be nested (other html elements can be included). The Html document is composed of nested Html elements. And randomly inserting the third preset number of 5 second parts of target data into a fifth preset number of 20 html elements, namely selecting 5 html elements for insertion. The html element exists in a point deduction page, and the point deduction page is displayed on the client when the user redeems points. The html element can be a picture, a label, a control, and the like. The html element is inserted with the third predetermined number 5 of second portions of the targeting data, but the naming convention of id strictly follows the business convention and cannot be exposed by id, and this html element is assembled with the targeting data. Then, the remaining 5 target data, that is, the third target data of the fourth preset number, are used to generate the prefix ID according to the fourth preset number, for example, if the fourth preset number is 5, then the prefix ID is a html hidden field of a fixed prefix ID plus value (this value refers to all the remaining target data numbers, for example, if the fourth preset number is 5, then this value is 5). And randomly inserting the html hidden field inserted into the third part of target data of the fourth preset number into html codes of an integral deduction page. The hidden field is not visible to the user in the page, and the purpose of inserting the hidden field in the form is to collect or send information for use by the program processing the form. When the browser clicks the send button to send the form, the information of the hidden field is also sent to the server together.
The early warning module 33 is configured to receive the target data acquired by the client, and generate early warning information when the one-to-one corresponding service data cannot be found from the target data acquired by the client exceeding a preset percentage in a preset time period.
Specifically, the client searches for target data in a Cookie, an html element and an html hidden field. Target data collected by the client is received,
specifically, the client searches for target data in a Cookie, an html element and an html hidden domain through a first JS script, wherein JS is Javascript which is a script language developed by LiveScript of Netscape. The client side passes through first JS script is gathering also can gather other data when target data, will the data of gathering carry out multilayer processing such as sequencing, code, encryption and obtain the data after handling. The client acquires the integral anti-theft device and sends a second JS script, the processed data is decrypted and decoded through the second JS script, target data is separated from the data, and the target data obtained through separation is coded again and encrypted by the 3DES and then sent to a target data analysis center of the integral anti-theft device.
Specifically, target data collected by the client is received, and whether the proportion of service data, which cannot be found in a one-to-one correspondence manner, of the target data collected by the client is lower than 20% is judged within 5 minutes. I.e. the preset time period is 5 minutes, and the preset percentage is 20%. And generating early warning information when the target data acquired by the client in every five minutes has a proportion of more than or equal to 20% and cannot find one-to-one corresponding service data. Therefore, the control of integral anti-theft is carried out in time, and prompt is achieved in time.
Specifically, the method further comprises the step of sending the early warning information to a preset receiving end.
Specifically, the information is sent to a preset receiving end in a short message or email mode. The preset receiving end is a preset mailbox or a preset mobile phone. And the users of the mailbox and the mobile phone log in the target data analysis center to pull the service data detail for study and judgment, if the target data without the reverse data marks are all of the same cooperative merchant, and the qualification, the grade and the like of the cooperative merchant are not clear, the users can judge the credit stealing behavior, and perform one-key shutdown operation on the access authority of the cooperative merchant. Therefore, the use risk of the cooperative merchants on the point redemption capability can be effectively controlled, and the safety of the point assets of the users is guaranteed.
It should be noted that the division of the modules of the above system is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the x module may be a processing element that is set up separately, or may be implemented by being integrated in a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and the function of the x module may be called and executed by a processing element of the apparatus. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.
For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when one of the above modules is implemented in the form of a Processing element scheduler code, the Processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor capable of calling program code. For another example, these modules may be integrated together and implemented in the form of a system-on-a-chip (SOC).
In an embodiment of the present invention, the present invention further includes a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, implements any of the above methods for theft prevention.
Those of ordinary skill in the art will understand that: all or part of the steps for implementing the above method embodiments may be performed by hardware associated with a computer program. The aforementioned computer program may be stored in a computer readable storage medium. When executed, the program performs steps comprising the method embodiments described above; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
As shown in fig. 3, in an embodiment, the apparatus for preventing credit from being stolen of the present invention includes: a processor 41 and a memory 42; the memory 42 is used for storing computer programs; the processor 41 is connected to the memory 42, and is configured to execute the computer program stored in the memory 42, so that the integral anti-theft device executes any one of the integral anti-theft methods.
Specifically, the memory 42 includes: various media that can store program codes, such as ROM, RAM, magnetic disk, U-disk, memory card, or optical disk.
Preferably, the Processor 41 may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; the integrated Circuit may also be a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, or discrete hardware components.
As shown in fig. 4, in an embodiment, the system for preventing theft of credit of the present invention includes the device 51 for preventing theft of credit and the client 52.
The client 52 is configured to collect target data and send the target data to the integral anti-theft device 51.
Specifically, the client 52 searches for target data in the Cookie, html element, and html hidden field. The credit theft prevention device 51 is used for receiving the target data collected by the client 52,
specifically, the client 52 searches for target data in the Cookie, html element and html hidden field through the first JS script, where JS is Javascript, and Javascript is a script language developed by LiveScript of Netscape. The client 52 acquires the target data and acquires other data through the first JS script, and performs multilayer processing such as sequencing, coding and encryption on the acquired data to acquire the processed data. The client 52 acquires that the integral anti-theft device 51 sends a second JS script, decrypts and decodes the processed data through the second JS script, separates target data from the decoded data, encodes the separated target data again and encrypts the 3DES data, and sends the target data to the target data analysis center of the integral anti-theft device 51.
Specifically, the first JS script and the second JS script are both generated by the integral antitheft device 51 and sent to the client 52. The device 51 for integral theft prevention can be used for continuously upgrading and editing the first JS script and the second JS script to irregularly change and upgrade the first JS script, and interference elements are added to increase the complexity of cracking and prevent integral theft.
In summary, the method, the system, the medium and the device for preventing the credit from being stolen can effectively prevent the third-party commercial tenant from stealing the user credit under the condition that the user does not know, reduce the credit exchange risk and protect the credit asset security of the user. Therefore, the invention effectively overcomes various defects in the prior art and has high industrial utilization value.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (10)

1. An integral anti-theft method is characterized by comprising the following steps:
generating a first preset number of target data, and establishing a one-to-one correspondence relationship between the target data and the service data;
dividing the target data into a preset part of target data, and respectively inserting the part of target data into data of a preset integral deduction page or encrypting the part of target data and sending the encrypted part of target data to a client;
and receiving target data acquired by the client, and generating early warning information when the target data acquired by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data.
2. The method according to claim 1, wherein the dividing the target data into the partial target data of the predetermined portion, and inserting the partial target data into the data of the predetermined point deduction page or encrypting and transmitting the partial target data to the client comprises:
dividing the target data into a second preset number of first part of target data, a third preset number of second part of target data and a fourth preset number of third part of target data;
encrypting the first part of target data, and sending the encrypted first part of target data to a client for inserting into a Cookie of the client;
randomly inserting the second part of target data into a fifth preset number of html elements, wherein the fifth preset number is greater than or equal to a preset multiple of the third preset number, and the html elements exist in an integral deduction page;
generating prefix IDs for the third part of target data according to the fourth preset quantity, and inserting the prefix IDs into data of an html hidden field of an integral deduction page;
and sending the point deduction page to a client so as to enable the client to carry out point exchange.
3. The credit guard against theft method according to claim 2, wherein the service data is: order number, credit redemption serial number, customer number or device number for the credit.
4. The method according to claim 1, wherein the partial target data is encrypted using a 3DES encryption algorithm.
5. The method for integral theft protection according to claim 1, wherein the preset percentage is 20%.
6. The method for integral theft prevention according to claim 1, further comprising sending the warning information to a preset receiving end.
7. An integral antitheft system, comprising: the system comprises a corresponding module, an inserting module and an early warning module;
the corresponding module is used for generating a first preset number of target data and establishing a one-to-one corresponding relation between the target data and the service data;
the inserting module is used for dividing the target data into a preset part of target data, respectively inserting the part of target data into data of a preset integral deduction page or encrypting the part of target data and sending the encrypted part of target data to a client;
the early warning module is used for receiving the target data acquired by the client and generating early warning information when the target data acquired by the client exceeding a preset percentage in a preset time period cannot find one-to-one corresponding service data.
8. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the method for credit theft protection according to any one of claims 1 to 6.
9. An integral antitheft device, comprising: a processor and a memory;
the memory is used for storing a computer program;
the processor is connected with the memory and is used for executing the computer program stored in the memory so as to cause the credit anti-theft device to execute the credit anti-theft method of any one of claims 1 to 6.
10. A credit theft prevention system comprising the credit theft prevention device of claim 9 and a client; the client is used for collecting target data and sending the target data to the integral anti-theft device.
CN201910842064.9A 2019-09-06 2019-09-06 Integral anti-theft method, system, medium and device Active CN110704867B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910842064.9A CN110704867B (en) 2019-09-06 2019-09-06 Integral anti-theft method, system, medium and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910842064.9A CN110704867B (en) 2019-09-06 2019-09-06 Integral anti-theft method, system, medium and device

Publications (2)

Publication Number Publication Date
CN110704867A true CN110704867A (en) 2020-01-17
CN110704867B CN110704867B (en) 2023-06-16

Family

ID=69194415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910842064.9A Active CN110704867B (en) 2019-09-06 2019-09-06 Integral anti-theft method, system, medium and device

Country Status (1)

Country Link
CN (1) CN110704867B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040107135A1 (en) * 2002-12-03 2004-06-03 Craig Deatherage Electronic coupon distribution and redemption system and method
US7006993B1 (en) * 1999-05-28 2006-02-28 The Coca-Cola Company Method and apparatus for surrogate control of network-based electronic transactions
US20060074745A1 (en) * 2003-02-28 2006-04-06 Yasushi Shiomi Calculation device and method and point or coupon service system
CN101393631A (en) * 2007-09-19 2009-03-25 麦比罗株式会社 Integration method employing mobile communication terminal
CN101751635A (en) * 2008-12-22 2010-06-23 中国移动通信集团辽宁有限公司 Point reward exchanging system, device and method
CN102968736A (en) * 2012-11-20 2013-03-13 北京思特奇信息技术股份有限公司 Credits exchange method and system
CN104200375A (en) * 2014-08-18 2014-12-10 中国建设银行股份有限公司 Information processing method and information processing system for exchanging credits
CN104778584A (en) * 2015-03-31 2015-07-15 杨欲奇 Commodity exchange method and system
KR20160014799A (en) * 2014-07-28 2016-02-12 원투씨엠 주식회사 Method for Providing Exchanging Right by using Touch Module
CN105574738A (en) * 2015-12-15 2016-05-11 武汉德瑞斯商贸有限公司 Cross-platform integral exchange system
US20170011387A1 (en) * 2015-07-08 2017-01-12 Outerwall Inc. Systems and associated methods for exchanging gift cards
CN106790056A (en) * 2016-12-20 2017-05-31 中国科学院苏州生物医学工程技术研究所 Reduce the method and system of the data theft risk of data bank
US20180063190A1 (en) * 2016-08-23 2018-03-01 Duo Security, Inc. Method for identifying phishing websites and hindering associated activity
US9972047B1 (en) * 2008-04-18 2018-05-15 Capital One Services, Llc Systems and methods for performing a purchase transaction using rewards points
CN108683666A (en) * 2018-05-16 2018-10-19 新华三信息安全技术有限公司 A kind of web page identification method and device

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7006993B1 (en) * 1999-05-28 2006-02-28 The Coca-Cola Company Method and apparatus for surrogate control of network-based electronic transactions
US20040107135A1 (en) * 2002-12-03 2004-06-03 Craig Deatherage Electronic coupon distribution and redemption system and method
US20060074745A1 (en) * 2003-02-28 2006-04-06 Yasushi Shiomi Calculation device and method and point or coupon service system
CN101393631A (en) * 2007-09-19 2009-03-25 麦比罗株式会社 Integration method employing mobile communication terminal
US9972047B1 (en) * 2008-04-18 2018-05-15 Capital One Services, Llc Systems and methods for performing a purchase transaction using rewards points
CN101751635A (en) * 2008-12-22 2010-06-23 中国移动通信集团辽宁有限公司 Point reward exchanging system, device and method
CN102968736A (en) * 2012-11-20 2013-03-13 北京思特奇信息技术股份有限公司 Credits exchange method and system
KR20160014799A (en) * 2014-07-28 2016-02-12 원투씨엠 주식회사 Method for Providing Exchanging Right by using Touch Module
CN104200375A (en) * 2014-08-18 2014-12-10 中国建设银行股份有限公司 Information processing method and information processing system for exchanging credits
CN104778584A (en) * 2015-03-31 2015-07-15 杨欲奇 Commodity exchange method and system
US20170011387A1 (en) * 2015-07-08 2017-01-12 Outerwall Inc. Systems and associated methods for exchanging gift cards
CN105574738A (en) * 2015-12-15 2016-05-11 武汉德瑞斯商贸有限公司 Cross-platform integral exchange system
US20180063190A1 (en) * 2016-08-23 2018-03-01 Duo Security, Inc. Method for identifying phishing websites and hindering associated activity
CN106790056A (en) * 2016-12-20 2017-05-31 中国科学院苏州生物医学工程技术研究所 Reduce the method and system of the data theft risk of data bank
CN108683666A (en) * 2018-05-16 2018-10-19 新华三信息安全技术有限公司 A kind of web page identification method and device

Also Published As

Publication number Publication date
CN110704867B (en) 2023-06-16

Similar Documents

Publication Publication Date Title
US9904919B2 (en) Verification of portable consumer devices
US9582801B2 (en) Secure communication of payment information to merchants using a verification token
RU2518680C2 (en) Verification of portable consumer devices
CN108734028B (en) Data management method based on block chain, block chain link point and storage medium
US20160267493A1 (en) Product anti-counterfeiting method, apparatus and system
CN105262779B (en) Identity authentication method, device and system
CA3024139C (en) Secure collection of sensitive data
US20160260091A1 (en) Universal wallet for digital currency
CN110688662A (en) Sensitive data desensitization and inverse desensitization method and electronic equipment
CN108073821B (en) Data security processing method and device
US20090144308A1 (en) Phishing redirect for consumer education: fraud detection
AU2010292125B2 (en) Secure communication of payment information to merchants using a verification token
EP1873704A1 (en) Method and system for determining whether the origin of a payment request is a specific e-commerce network source
JPWO2003017157A1 (en) Identification information issuing device and method, authentication device and method, program, and recording medium
KR101351435B1 (en) Protection of series data
CN103020815A (en) Method, device and system for processing payment transaction
CN112187805B (en) Escort encryption method and device, electronic equipment and computer storage medium
JP2004171039A (en) Identification information issuing system, device, method, program and recording medium
CN110704867B (en) Integral anti-theft method, system, medium and device
US20170206530A1 (en) Method and system for call authentication and providing reliability
CN111582954A (en) False data identification method and device
EP4376348A1 (en) Computer-implemented method and computer program product for verifying an origin of a cryptographic token and distributed database system
CN102819696A (en) Method and device for preventing account data from being illegally accessed
CN106973044B (en) Method for identifying data owner in big data transaction
WO2001054003A1 (en) Secure internet payment method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 3011A, 3rd Floor, No. 379 and 383 Quyang Road, Hongkou District, Shanghai, 200081

Applicant after: Yijifen (Shanghai) Digital Technology Co.,Ltd.

Address before: Room 3011A, 3rd Floor, No. 379 and 383 Quyang Road, Hongkou District, Shanghai 200080

Applicant before: Yijifen e-commerce (Shanghai) Co.,Ltd.

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant