CN110737901A - Logic vulnerability analysis method for network transaction service interaction process in design stage - Google Patents
Logic vulnerability analysis method for network transaction service interaction process in design stage Download PDFInfo
- Publication number
- CN110737901A CN110737901A CN201910957063.9A CN201910957063A CN110737901A CN 110737901 A CN110737901 A CN 110737901A CN 201910957063 A CN201910957063 A CN 201910957063A CN 110737901 A CN110737901 A CN 110737901A
- Authority
- CN
- China
- Prior art keywords
- network
- transaction
- logic
- interaction process
- service interaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/04—Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- Development Economics (AREA)
- General Business, Economics & Management (AREA)
- Technology Law (AREA)
- Strategic Management (AREA)
- Computing Systems (AREA)
- Marketing (AREA)
- Economics (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
logic vulnerability analysis method for a network transaction service interaction process in a design phase comprises the following steps of S100, modeling the network transaction service interaction process by using a color petri network to construct an interaction service process fusion network IBPF, S200, providing two basic security attributes of a transaction logic consistency and a transaction processing completion state in the network transaction service interaction process, S300, analyzing and verifying vulnerability of the network transaction service interaction process in the design phase by combining the interaction service process fusion network IBPF and the two basic security attributes based on an algorithm for finding logic vulnerability in the network transaction service interaction process, and the method can detect the logic vulnerability in the system design phase to avoid high cost caused by later maintenance and repair.
Description
Technical Field
The disclosure belongs to the technical field of network transaction security, and particularly relates to a logic vulnerability analysis method for an design-stage network transaction service interaction process.
Background
Participating agents often use an Application Programming Interface (API) to merge business service functions, and such complex business interactions create a new security challenge — a logic vulnerability.
In such a hybrid distributed system, it is very challenging to coordinate the state of the relevant principals in secure ways, when a user abuses the legitimate application specific behavior against the expectations of the developer, there are often logical vulnerabilities, and the developer often has no idea of how to implement sufficient server-side authorization checks on the received request parameters.
In order to solve this problem, methods must be provided, and modeling and analyzing the network transaction business interaction process in the design stage is important technical directions of the current secure network transaction.
Disclosure of Invention
In view of this, the present disclosure provides logic vulnerability analysis methods for a network transaction service interaction process in a design phase, including the following steps:
s100: modeling a network transaction service interaction process by using a color petri network, and constructing an interactive service flow fusion network IBPF;
s200, providing two basic security attributes of transaction logic consistency and transaction processing completion state in the network transaction service interaction process;
s300: and based on an algorithm for finding the logic loophole in the network transaction service interaction process, combining the interactive service flow with the integrated network IBPF and the two basic security attributes, and performing loophole analysis and verification on the network transaction service interaction process in the design stage.
By the technical scheme, the method can detect the logic loophole in the system design stage, avoid high cost caused by later maintenance and repair, and can be used in various multi-agent network transaction service interaction flows by properly defining the service flow and the data set.
Drawings
Fig. 1 is a schematic flow chart of a method for analyzing logic vulnerabilities of a network transaction service interaction process in design phases provided in embodiments of the present disclosure;
FIG. 2 is a business interaction process between a user, a merchant and a third party payment platform in embodiments of the present disclosure;
FIG. 3 is a complete IBPF-based network transaction service interaction process in embodiments of the present disclosure;
FIG. 4 is a state of transaction completion after an initial configuration change is made by the present disclosure.
Detailed Description
In embodiments, referring to fig. 1 to 4, a logic vulnerability analysis method of design phase network transaction business interaction processes is disclosed, which comprises the following steps:
s100: modeling a network transaction service interaction process by using a color petri network, and constructing an interactive service flow fusion network IBPF;
s200, providing two basic security attributes of transaction logic consistency and transaction processing completion state in the network transaction service interaction process;
s300: and based on an algorithm for finding the logic loophole in the network transaction service interaction process, combining the interactive service flow with the integrated network IBPF and the two basic security attributes, and performing loophole analysis and verification on the network transaction service interaction process in the design stage.
For the embodiment, the method can detect the logic loophole in the system design stage, and avoids high cost caused by later maintenance and repair.
In another embodiments, fig. 2 shows the transaction interaction process between the shopper, merchant and third party payment platform, the dashed rectangle representing the pseudo code of ValidatePara, finishOrder and UpdateStatus, during the checkout process, two communications are made between the merchant and the third party payment platform, communications inform the third party payment platform that payment with the authentication data (identification) is about to be made (step 2), then the third party payment platform sends information with a payment token for identifying the payment transaction, the merchant passes the payment transaction to the shopper (step 4), the shopper passes the token and the total price to the third party payment platform again, requests payment, the third party payment platform accepts and confirms the payment information (step 5), after which the third party payment platform redirects the shopper browser to the merchant's API interface finishOrder and the token, total price and payment ID as parameters (step 6), the merchant directly contacts the third party payment platform to check and complete the transaction, the authentication function of validatePara, the merchant's authentication function verifies the transfer function, and the merchant's payment status is set as a valid transaction status record if the merchant's contact status is "valid" and the merchant's contact status "returns the transaction status to the merchant's contact status" and the merchant's status "if the merchant's contact status is" valid "and the merchant's contact status is" and the merchant's status is returned to the transaction status "step 35, the merchant's contact status is updated". the merchant's status "and the merchant's status is updated". the merchant's payment platform returns the transaction to the merchant's payment platform, the merchant's payment status "step 35, the merchant's payment status" step 9, the merchant's payment status "step 3 transaction is then the merchant's payment platform returns the merchant's status" and the transaction is updated "and the merchant's payment platform returns.
For this embodiment, as long as there are valid orderIDs that can enter the session in the transaction success state (i.e., step 10 in FIG. 2), the updateStatus marks the order corresponding to the orderID as paid, regardless of whether it is actually paid or not, when the shopper has obtained valid unpaid more expensive order IDs, the orderID can be replaced in step 11, which allows the shopper to complete the transaction process by paying a relatively lower price.
In another embodiments, the color petri net is nine-tuple CPN ═ s (P, T, a, Σ, V, C, G, E, I), where:
1) p is finite set of libraries (which in our structure can represent both conditions and subjects, and can store data, etc.);
2) t is sets of finite transitions T, such that(indicating a network transaction event, or the occurrence of a transaction);
4) Σ is sets of finite, non-empty colors, representing different data types;
5) v is sets of finite Type variables, such that Type [ V ] ∈ Σ applies to all variables V ∈ V.
6) P → Σ is a function of color sets specified for each bin.
7)G:T→EXPRVIs decision functions that specify Boolean expressions for each transition t, resulting in a Type [ G (t)]Bool, to constrain and judge the occurrence of transitions.
8)E:A→EXPRVIs a function of arc expressions which assigns an arc expression to each arc a, such that Type [ E (a)]=C(p)MSWhere p is the library connected to arc a (mainly constraining the occurrence of arcs, data can be transmitted only if the criteria are met).
9)I:Is ID initialization functions, let Type [ I (p)]=C(p)MS(the initial data set is mainly defined).
For the purposes of this embodiment, the formalized representation of the CPN is the basis for defining various behavioral attributes and analytical methods.
In another embodiments, an IBPF is defined as follows:
definition 1: logic Business Process LBP ═ P, T, a, Σ, V, C, G, E, I, where:
LBP has three special libraries α and γ, wherein α ∈ P is called initial library and β ∈ P is called terminal library, γ ∈ P is called repository library,the point represents the pre-transition set in the front, the post-transition set in the back, and the same applies to the back.
Define 2: logical Business processes with Channels (Logic Business process Channels) as LBPC ═ P ∪ PIN∪PO,T,A∪AIN∪AOΣ, V, C ', G, E ', I '), wherein:
4)C′:(PIN∪PO) → Σ, if P ∈ P, then C' (P) ═ C (P);
5)E′:(AIN∪AO)→EXPRVif a ∈ a, then E' (a) ═ E (a);
LBPC is an extension of LBP that integrates interaction libraries (channels) to describe the communication channels for trading parameters between different principals.
The fusion operation phi of the two nets is LBPC1ΦLBPC2=LBPC=(P∪PIN∪POT, a, Σ, V, C, G, E, I), wherein P ═ P1∪P2,T=T1∪T2,A=A1∪A2,∑=∑1∪∑2,V=V1∪V2,(p∈Pn)→(C(p)=Cn(p))∧(I(p)=In(p)),(a∈An)→(A(a)=An(a)),(t∈Tn)→(G(t)=Gn(t))。
The CPL ML (Community Party of New pal Marxist-Leninist) language is built based on the functional programming language Standard ML (SML) and is extended by defining the construction of color sets and declaration variables.
colset User=witha1|a2;
var u,u1:User;
colsetMerch=with b1|b2;
var m,m1:Merch;
colset Tpp=with c1|c2;
var t,t1:Tpp;
colset UserPara=product User*BOOL;
colsetUserMerPara=product User*Merch*BOOL;
colset TPPara=product Tpp*BOOL;
colset MerPara=product Merch*BOOL;
var orderIDBOOL,grossBOOL,orderFinishedBOOL,Shop-perOrderBOOL,tokenBOOL,identityBOOL,payerIDBOOL,resultBOOL:BOOL;
colset Parameter=union orderID:UserMerPara+gross:UserMerPara+orderFinished:MerPara+ShopperOrder:
UserPara+token:TPPara+payerID:TPPara+result:TPPara+identity:MerPara;
Where colset User, Merch, and Tpp denote multiple principal sets, such as users (shoppers), merchants, and third party payment platforms. UserPara, UserMerPara, TPPara, and MerPara are types that describe transaction parameters used in the transaction process, which are passed and exchanged between different principals, and are composed of product and uneon types. The prefixes User, Mer, and TPP represent data generated by the User (shopper), merchant, and third party payment platform, respectively.
In another embodiments, FIG. 3 is a CPN model corresponding to the network trading system of FIG. 2, i.e., an LBPN network, during network trading, order ID, order total, merchant ID, and currency are compromised, so we describe this scenario using BOOL types, each trading parameter specifying BOOL values, characterized by "parameter name" + "BOOL", corresponding to orderIDBOOL, grossBOOL, payerIDBOOL, tokenBOOL for the channel depository, we named using "prefix" + "chank", k e N. UChan1 in FIG. 3 refers to the channel depository from which the user sends data, MerChan2 refers to the channel depository from which the merchant sends data, and TppChan3 refers to the channel depository from which the third party payment platform sends data.
In another embodiments, the step S300 specifically includes:
constructing initial configuration according to the logic vulnerabilities, obtaining termination states by using a state traversal algorithm, analyzing the corresponding logic vulnerabilities, and finally verifying other logic vulnerabilities by constructing new initial configuration.
For the embodiment, firstly, the logic loopholes are caused by tampered transaction parameters in the network service interaction process, and can be divided into four types according to destruction rules, namely, destruction of order ID, total order number, merchant ID and currency, then construction of initial configuration is performed based on the logic loopholes needing to be verified, termination states are obtained by using an algorithm, namely, the states of all main bodies after the transaction is completed, only parts of a state space are searched, then corresponding logic loopholes are analyzed by comparing the output termination states with ideal states, and finally, other logic loopholes are verified by constructing new initial configuration.
In another embodiments, the IBPF-based service interaction process proposes a method for analyzing a logical vulnerability of a network transaction interaction process, and based on existing attributes, the main security objective of the network transaction service interaction process is to ensure the following transaction conditions:
1. transaction processing completion status: at the initial identification M0In the following, m ∈ N, σ is the executable transition sequence of IBPF, and the following two conditions need to be satisfied:
wherein, E (t, β)m) Is from transition t to repository βmM (β)m) Depot βmThe U + + notation in (1) indicates accumulation, all belonging to the library βmThe cumulative sum of the leading transitions.
Condition indicates that the participant completed the transaction, and if the shopper was paid and the third party payment platform was in a paid state, the merchant must reach a state to complete the transaction Another aspect, if the shopper did not pay and the third party payment platform did not pay, the merchant cannot be in a run state for the pending transactionmThe number of tokens is equal to the number of tokens of the input variable on the input arc, which ensures the completion of a single transaction. Condition two represents any repository γmThe necessary transaction parameters should have been obtained, likewise, gammamThe number of tokens in (1) is equal to the number of tokens of the input variable on the input arc.
2. Transaction logic consistency in initial identification M0Then, M ∈ N, and each transaction end state M needs to satisfy the following condition:
Where condition states that there is no invalid data or parameter tampering during the transaction, condition two indicates that all transaction parameters must belong to the same transaction.
In another embodiments, to verify the vulnerability that "the user can pay less to complete the order", we first set initial configurations, M0(Tpp)=1’c1,M0(Merch)=1’b1++1’b2,M0(shop) ═ 1 'a 1+ + 1' a2, where a1 and a2 represent two shoppers, b1 and b2 represent two merchants, and c1 represents a third party payment platform, then sets of identifications omega (sets of tokens corresponding to the pool) that do not satisfy the causality of the transaction logic are obtained by constructing an algorithm for which the corresponding logic vulnerabilities are analyzed
The input is IBPF' (P ∪ P)IN∪P0,T,A,∑,V,C,G,E’,I)
And (3) outputting: identification set omega
2: let M0Is a root node and is marked as an intermediate state;
when the intermediate state nodes exist, selecting any intermediate state nodes as M;
3.1 if M is the trade finish state but does not satisfy the conformance of the trade logic , then omega is omega ∪ { M }, repeat step 3, otherwise proceed to step , (step is to judge if the state satisfies two conditions set by us under the initial identification, if yes, proceed to step 3.2, if not, save the state in the identification set, repeat step 3)
3.2 ifIf M does not occur at t, pi ═ pi ∪ { M }, repeating the step 3, otherwise, performing the next step ;
3.3 if none of the above is satisfied, then for T (T ∈ T) that all happen under M, if there is oneMark M 'as "intermediate state", pi ═ ∪ { M' }, repeat step 3;
3.4 remove the mark M marked as "intermediate state" and repeat step 3;
for FIG. 3, there are three root nodes, i.e., "intermediate nodes," each M0(Tpp)=1’c1,M0(Merch)=1’b1++1’b2,M0(chopper) ═ 1 'a 1+ + 1' a2, and any of these were selected as M of the algorithm, for example, M ═ M0(Tpp) ═ 1' c1, proceed with 3.1 of the algorithm, M is not the completion status of the transaction, then proceed with step 3.2,t, M may occur at T, M 'is generated (Tpcontr1), M' is marked as "intermediate state", and the operation in step 3 is repeated, where M 'is M' at the intermediate node (Tpcontr1), M is M ═ M0(Merch)=1’b1++1’b2,M0(chopper) ═ 1 'a 1+ + 1' a2, the selection of M is repeated, all the libraries which can be executed are traversed in turn until all the intermediate nodes are traversed, the algorithm is finished, and the output is transmittedGo out Ω, i.e., not satisfying the flag set for compliance with transaction logic .
FIG. 4 is a transaction ending state M after setting the initial configuration for FIG. 3, wherein
M(TpStore)=1’gross((a1,b1,true))++1’token((c1,true))++1’Identity((b1,true))
M(MStore)=1’orderID((a1,b1,true))++1’payerID((a1,true))++1’result((c1,true))
M (MData3) ═ 1' orderID ((a1, b1, true)): these three results show that the shopper a1 paid the order in merchant b1 and the payer was a1, and the third party payment platform feedback was error free, both presented in the third party payment platform and in the merchant's data sheet, which was stored in the system and not displayed to the relevant participants
M (tpend) ═ 1 ' c1, m (mend) ═ 1 ' b1, m (uend) ═ 1 ' a 1: there is no error in the information that indicates the final feedback to the third party payment platform and to the merchant and shopper that shopper a1 has completed the order in merchant b1
M (user) ═ 1' orderFinished ((b2, true)): indicating that the order in merchant b2 was paid in the shopper's data, where merchant b2 may be legally registered by shopper a1, a vulnerability arises when shopper a1 completes the order in merchant b1 by paying the order of merchant b2 and what is displayed on the merchant's side and third party payment platforms is that the order in b1 is complete.
The transaction process does not satisfy causality, i.e. the shopper can replace the original merchant by registering merchants by himself to complete the target order, which damages the interests of the merchants, and does not conform to causality of the transaction logic, which is mainly caused by the complex interaction process between the subjects.
Although the embodiments of the present invention have been described above with reference to the accompanying drawings, the present invention is not limited to the above-described embodiments and application fields, and the above-described embodiments are illustrative, instructive, and not restrictive. Those skilled in the art, having the benefit of this disclosure, may effect numerous modifications thereto without departing from the scope of the invention as defined by the appended claims.
Claims (7)
- The logic vulnerability analysis method for the network transaction service interaction process in the design stage of 1, concretely comprises the following steps:s100: modeling a network transaction service interaction process by using a color petri network, and constructing an interactive service flow fusion network IBPF;s200, providing two basic security attributes of transaction logic consistency and transaction processing completion state in the network transaction service interaction process;s300: and based on an algorithm for finding the logic loophole in the network transaction service interaction process, combining the interactive service flow with the integrated network IBPF and the two basic security attributes, and performing loophole analysis and verification on the network transaction service interaction process in the design stage.
- 2. The method of claim 1, wherein the color Petri Net in the step S100 is specifically defined as nine-tuple CPN (P, T, A, Σ, V, C, G, E, I), wherein preferably:1) p is finite sets of libraries, represented by circles;4) Σ is sets of finite non-empty colors;5) v is sets of finite Type variables, such that Type [ V ] ∈ Σ applies to all variables V ∈ V;6) p → Σ is a function of color sets specified for each bin;7)G:T→EXPRVis decision functions that specify Boolean expressions for each transition t, resulting in a Type [ G (t)]=Bool;8)E:A→EXPRVIs a function of arc expressions which assigns an arc expression to each arc a, such that Type [ E (a)]=C(p)MSWhere p is the library connected to arc a, MS represents the multiple set;
- 3. The method according to claim 1, wherein the interactive service flow fusion network IBPF in the S100 step describes a distributed, multi-subject and multi-session network transaction service interaction process based on a color petri net, which is specifically defined as:the logic business process LBP is (P, T, A, sigma, V, C, G, E, I), wherein the LBP has three special libraries α and gamma, wherein α epsilon P is called initial library place, β epsilon P is called termination library place, gamma epsilon P is called storage library place,logical service flows with channels LBPC ═ (P ∪ P)IN∪PO,T,A∪AIN∪AOSigma, V, C ', G, E ', I '), LBPC is extended from LBP, which integrates interaction libraries (channels) to describe communication channels for trading parameters between different subjects, where:4)C′:(PIN∪PO) → Σ, if P ∈ P, then C' (P) ═ C (P);5)E′:(AIN∪AO)→EXPRVif a ∈ a, then E' (a) ═ E (a);6)I′:(PIN∪PO)→EXPRφif P ∈ P, then I' (P) ═ I (P);the fusion operation phi of the two nets is LBPC1ΦLBPC2=LBPC=(P∪PIN∪POT, a, Σ, V, C, G, E, I), wherein P ═ P1∪P2,T=T1∪T2,A=A1∪A2,∑=∑1∪∑2,V=V1∪V2,(p∈Pn)→(C(p)=Cn(p))∧(I(p)=In(p)),(a∈An)→(A(a)=An(a)),(t∈Tn)→(G(t)=Gn(t));Interactive service flow convergence network IBPF (P ∪ P)IN∪PO,T,A,∑,V,C,G,E,I)=LBPC1ΦLBPC2Φ...ΦLBPCm IBPFs are fusions of m (m.gtoreq.2) LBPCs.
- 4. The method of claim 1, wherein the transaction logic in step S200 is defined as:at the initial identification M0Then, M ∈ N, and each transaction end state M needs to satisfy the following condition:wherein, βmDenotes a termination Bank, γmRepresenting a storage place, m is more than or equal to 2, and N is a natural number set.
- 5. The method according to claim 1, wherein the transaction processing completion status in step S200 is defined as:at the initial identification M0In the following, m ∈ N, σ is the executable transition sequence of IBPF, and the following two conditions need to be satisfied:1)wherein, βmDenotes a termination Bank, γmRepresenting a storage place, m is more than or equal to 2, and N is a natural number set.
- 6. The method according to claim 1, wherein the step S300 specifically comprises:constructing initial configuration according to the logic loopholes, obtaining termination states by utilizing an algorithm for discovering the logic loopholes in the interaction process of the network transaction service, analyzing the corresponding logic loopholes, and finally verifying other logic loopholes by constructing new initial configuration.
- 7. The method according to claim 1, wherein the algorithm for discovering the logic vulnerability in the network transaction service interaction process in step S300 specifically includes:step 2: let M0Is a root node and is marked as an intermediate state;step 3, when the intermediate state nodes exist, selecting any intermediate state nodes as M;step 3.1, if the M is the transaction completion state but does not meet the consistency of the transaction logic , repeating the step 3 if the Ω is Ω ∪ { M }, otherwise, performing the next step ;step 3.2: if it is notIf M does not occur at t, pi ═ pi ∪ { M }, repeating the step 3, otherwise, performing the next step ;step 3.3: if none of the above is satisfied, then for T (T ∈ T) that all happen at M, if there is oneMark M 'as "intermediate state", pi ═ ∪ { M' }, repeat step 3;step 3.4: remove M marked as "intermediate state" and repeat step 3.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910957063.9A CN110737901B (en) | 2019-10-11 | 2019-10-11 | Logic vulnerability analysis method for network transaction service interaction process in design stage |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910957063.9A CN110737901B (en) | 2019-10-11 | 2019-10-11 | Logic vulnerability analysis method for network transaction service interaction process in design stage |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110737901A true CN110737901A (en) | 2020-01-31 |
CN110737901B CN110737901B (en) | 2021-05-18 |
Family
ID=69268612
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910957063.9A Active CN110737901B (en) | 2019-10-11 | 2019-10-11 | Logic vulnerability analysis method for network transaction service interaction process in design stage |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110737901B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111404748A (en) * | 2020-03-18 | 2020-07-10 | 陕西师范大学 | Network resource configuration method based on time coloring Petri net |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105005891A (en) * | 2015-06-30 | 2015-10-28 | 湖南人文科技学院 | Color Petri-net based BPEL architecture mobile payment system |
CN108123956A (en) * | 2017-12-27 | 2018-06-05 | 中国人民解放军战略支援部队信息工程大学 | Password misuse leak detection method and system based on Petri network |
-
2019
- 2019-10-11 CN CN201910957063.9A patent/CN110737901B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105005891A (en) * | 2015-06-30 | 2015-10-28 | 湖南人文科技学院 | Color Petri-net based BPEL architecture mobile payment system |
CN108123956A (en) * | 2017-12-27 | 2018-06-05 | 中国人民解放军战略支援部队信息工程大学 | Password misuse leak detection method and system based on Petri network |
Non-Patent Citations (1)
Title |
---|
李文娟: "安全移动商务协议分析与研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111404748A (en) * | 2020-03-18 | 2020-07-10 | 陕西师范大学 | Network resource configuration method based on time coloring Petri net |
Also Published As
Publication number | Publication date |
---|---|
CN110737901B (en) | 2021-05-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI803466B (en) | Blockchain implemented method and system | |
KR102050129B1 (en) | Block chain supporting multiple one-way functions used for verification of blocks | |
Cohney et al. | Transactional scripts in contract stacks | |
CN106504094B (en) | Transaction matching method and system of distributed general ledger system based on block chain technology | |
JP2020080158A (en) | System and method for implementing deterministic finite automaton (dfa) through blockchain | |
KR102569751B1 (en) | Computer-implemented systems and methods for determining the state of machine-executable contracts implemented using blockchains | |
KR20210128452A (en) | Computer-implemented systems and methods for implementing transfers via blockchain networks. | |
WO2020106961A1 (en) | Lightweight blockchain supported transaction platform with proof-of-two consensus and centralized identification management | |
US20200320490A1 (en) | Method and system for conducting a transaction using private blockchain | |
JP2021520732A (en) | Computer-implemented systems and methods suitable for increasing the security of immediate offline blockchain transactions | |
US11803823B2 (en) | Systems and methods for blockchain-based payment transactions, alerts, and dispute settlement, using a blockchain interface server | |
CN106575400A (en) | Authentication system with message conversion | |
CN107909440B (en) | Transaction synchronous clearing method and system for distributed general ledger system | |
US20080215357A1 (en) | Detection of unknown scenarios | |
CN107730223A (en) | It is a kind of to polymerize the system and method paid | |
US20220084090A1 (en) | Systems and methods for managing direct exchange | |
US20230291561A1 (en) | Blockchain tokens | |
CN116194940A (en) | Tax mechanism based on blockchain | |
CN110737901B (en) | Logic vulnerability analysis method for network transaction service interaction process in design stage | |
Uriawan et al. | A dapp architecture for personal lending on blockchain | |
US20230013949A1 (en) | Interactive user interface systems and methods for analyzing transaction attributes and dispute information using blockchain | |
CN114358948A (en) | NFT atom exchange method, system, computer-readable storage medium and terminal device | |
Deljoo et al. | An agent-based framework for multi-domain service networks | |
Yi et al. | Bitcoin, Ethereum, Smart Contracts and Blockchain Types | |
Yu et al. | Analyzing the validation flaws of online shopping systems based on coloured Petri nets |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |