CN112866226A - Network security protection method and device - Google Patents
Network security protection method and device Download PDFInfo
- Publication number
- CN112866226A CN112866226A CN202110039316.1A CN202110039316A CN112866226A CN 112866226 A CN112866226 A CN 112866226A CN 202110039316 A CN202110039316 A CN 202110039316A CN 112866226 A CN112866226 A CN 112866226A
- Authority
- CN
- China
- Prior art keywords
- information
- service information
- application terminal
- service
- target service
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
Abstract
The present disclosure provides a network security protection method, including: obtaining protected target service information from an application terminal; executing a protection action aiming at the target service information according to the information type of the target service information; and under the condition that the execution result of the protection action indicates the service information to be executed, controlling the application terminal to perform service operation based on the service information to be executed. The disclosure also provides a network security protection device, an electronic device and a computer storage medium.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a network security protection method and apparatus.
Background
With the rapid development of computer technology, various applications have exhibited explosive growth. In the field of financial business, various applications realize the provision of various types of services, and the operation safety of the business in an application end influences the operation safety of the financial business.
In the process of realizing the technical concept of the disclosure, the inventor finds that an application end protection system in the related technology is weak, a necessary protection mechanism is obviously lost, a business operation risk coefficient is high, and the requirement of high safety in the financial field cannot be well met.
Disclosure of Invention
One aspect of the present disclosure provides a network security protection method, applied to a server, including: obtaining protected target service information from an application terminal; executing a protection action aiming at the target service information according to the information type of the target service information; and under the condition that the execution result of the protection action indicates the service information to be executed, controlling the application terminal to perform service operation based on the service information to be executed.
Optionally, the acquiring protected target service information from the application terminal includes: acquiring a source code packet associated with a preset protected service in the application terminal to serve as the target service information; the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps: performing a scrambling operation on the source code packet to obtain a scrambled source code packet, wherein the scrambling operation includes at least one of: coding processing, encryption processing, deformation processing, reconstruction processing and business process scrambling processing.
Optionally, the scrambled source code packet constitutes the service information to be executed; the controlling the application terminal to perform service operation based on the service information to be executed includes: and sending the scrambled source code packet to the application end so that the application end carries out descrambling operation aiming at the scrambled source code packet to obtain a descrambled source code packet and operates the descrambled source code packet, wherein the descrambling operation corresponds to the scrambling operation.
Optionally, the acquiring protected target service information from the application terminal includes: acquiring a link request initiated for a preset protected service in the application terminal to serve as the target service information; the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps: generating authorization control information for the link request.
Optionally, the authorization control information constitutes the service information to be executed; the controlling the application terminal to perform service operation based on the service information to be executed includes: sending the authorization control information to the application terminal so that the application terminal initiates an access request aiming at the protected service based on the authorization control information; responding to the received access request from the application terminal, and verifying whether authorization verification information input by a user in the access request is consistent with the authorization control information; and if so, returning the request resource aiming at the access request to the application terminal.
Optionally, the acquiring protected target service information from the application terminal includes: monitoring whether a preset protected service is triggered in the application terminal; if so, using a service request password associated with the protected service as the target service information; the executing the protection action aiming at the target service information comprises the following steps: sending an encryption instruction to the application end so that the application end executes encryption operation aiming at the service request password according to an encryption key indicated by the encryption instruction to obtain an encrypted service request password; and acquiring the encrypted service request password from the application terminal, wherein the encryption key is a periodically updated key added with a scrambling control word.
Optionally, the controlling the application end to perform the service operation based on the service information to be executed includes: carrying out decryption operation aiming at the encrypted service request password to obtain a decrypted service request password; verifying whether the decrypted service request password is legal or not; and if so, returning a request resource aiming at the service request password to the application terminal.
Optionally, the acquiring protected target service information from the application terminal includes: acquiring running environment information of the application terminal to serve as the target service information; the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps: and carrying out threat detection operation based on the operating environment information to obtain a detection result.
Optionally, the performing a threat detection operation based on the operating environment information to obtain a detection result includes: matching operation based on the operating environment information and preset threat characteristics is carried out to obtain a threat matching score, wherein the threat matching score is determined by the number of matched threat characteristics and the type of the threat characteristics; and determining that the running environment of the application end has a security threat under the condition that the threat matching score is higher than a preset threshold value.
Optionally, the performing a threat detection operation based on the operating environment information to obtain a detection result includes: determining system fingerprint characteristics of the application terminal based on the running environment information; judging whether the system fingerprint characteristics of the application terminal are changed in the same session; and if so, determining that the running environment of the application end has security threat.
Optionally, the acquiring protected target service information from the application terminal includes: acquiring user operation information in the application terminal to serve as the target service information; the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps: and comparing the user operation information with preset threat characteristics to determine whether the running environment of the application end has a security threat.
Another aspect of the present disclosure provides a network security protection device, applied to a server, including: the acquisition module is used for acquiring protected target service information from the application terminal; the first processing module is used for executing a protection action aiming at the target service information according to the information type of the target service information; and the second processing module is used for controlling the application terminal to perform service operation based on the service information to be executed under the condition that the execution result of the protection action indicates the service information to be executed.
Optionally, the obtaining module includes a first obtaining sub-module, configured to obtain a source code packet associated with a preset protected service in the application terminal, so as to serve as the target service information; the first processing module comprises a first processing submodule configured to perform a scrambling operation on the source code packet to obtain a scrambled source code packet, where the scrambling operation includes at least one of: coding processing, encryption processing, deformation processing, reconstruction processing and business process scrambling processing.
Optionally, the scrambled source code packet constitutes the service information to be executed; the second processing module comprises a second processing submodule and is used for sending the scrambled source code packet to the application end so that the application end carries out descrambling operation aiming at the scrambled source code packet to obtain a descrambled source code packet and operates the descrambled source code packet, wherein the descrambling operation corresponds to the scrambling operation.
Optionally, the obtaining module includes a second obtaining sub-module, configured to obtain, as the target service information, a link request initiated in the application terminal for a preset protected service; the first processing module includes a third processing sub-module for generating authorization control information for the link request.
Optionally, the authorization control information constitutes the service information to be executed; the second processing module comprises: a fourth processing sub-module, configured to send the authorization control information to the application end, so that the application end initiates an access request for the protected service based on the authorization control information; a fifth processing submodule, configured to verify, in response to the received access request from the application terminal, whether authorization verification information input by a user in the access request is consistent with the authorization control information; and if so, returning the request resource aiming at the access request to the application terminal.
Optionally, the obtaining module includes a third obtaining submodule, configured to monitor whether a preset protected service is triggered in the application terminal; if so, using a service request password associated with the protected service as the target service information; the first processing module comprises: a sixth processing sub-module, configured to send an encryption instruction to the application end, so that the application end executes an encryption operation for the service request password according to an encryption key indicated by the encryption instruction, to obtain an encrypted service request password; and the seventh processing submodule is used for acquiring the encrypted service request password from the application terminal, wherein the encryption key is a periodically updated key added with a scrambling control word.
Optionally, the encrypted service request password constitutes the service information to be executed, and the second processing module includes: the eighth processing submodule is used for carrying out decryption operation on the encrypted service request password to obtain a decrypted service request password; a ninth processing sub-module, configured to verify whether the decrypted service request password is legal; and if so, returning a request resource aiming at the service request password to the application terminal.
Optionally, the obtaining module includes a fourth obtaining sub-module, configured to obtain the operating environment information of the application terminal, so as to serve as the target service information; the first processing module comprises a tenth processing submodule and is used for carrying out threat detection operation based on the operating environment information to obtain a detection result.
Optionally, the tenth processing submodule includes: the first processing unit is used for performing matching operation based on the operating environment information and preset threat characteristics to obtain a threat matching score, wherein the threat matching score is determined by the number of matched threat characteristics and the type of the threat characteristics; and the second processing unit is used for determining that the running environment of the application end has a security threat under the condition that the threat matching score is higher than a preset threshold value.
Optionally, the tenth processing submodule includes: the third processing unit is used for determining the system fingerprint characteristics of the application terminal based on the running environment information; the fourth processing unit is used for judging whether the system fingerprint characteristics of the application end are changed in the same session; and if so, determining that the running environment of the application end has security threat.
Optionally, the obtaining module includes a fifth obtaining sub-module, configured to obtain user operation information in the application terminal, so as to serve as the target service information; the first processing module comprises an eleventh processing submodule and is used for comparing the user operation information with preset threat characteristics so as to determine whether the running environment of the application end has a security threat.
Another aspect of the present disclosure provides an electronic device comprising one or more processors; memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the methods of embodiments of the present disclosure.
Another aspect of the present disclosure provides a computer-readable storage medium storing computer-executable instructions that, when executed, implement the method of embodiments of the present disclosure.
Another aspect of the present disclosure provides a computer program product comprising computer readable instructions, wherein the computer readable instructions are used for executing the network security protection method of the embodiments of the present disclosure when executed.
Drawings
For a more complete understanding of the present disclosure and the advantages thereof, reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which,
fig. 1 schematically illustrates a system architecture of a network security defense method and apparatus according to an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flow chart of a network security protection method according to an embodiment of the present disclosure;
FIG. 3A schematically illustrates a flow chart of another network security defense method according to an embodiment of the present disclosure;
FIG. 3B is a schematic diagram illustrating an information interaction between a server and an application according to an embodiment of the disclosure;
FIG. 4A schematically illustrates a flow chart of another network security defense method according to an embodiment of the present disclosure;
FIG. 4B is a schematic diagram illustrating another information interaction between a server and an application according to an embodiment of the disclosure;
FIG. 5A schematically illustrates a flow chart of yet another network security defense method according to an embodiment of the present disclosure;
FIG. 5B is a schematic diagram illustrating another information interaction between a server and an application according to an embodiment of the disclosure;
FIG. 6A schematically illustrates a flow chart of yet another network security defense method according to an embodiment of the present disclosure;
FIG. 6B is a schematic diagram illustrating still another information interaction between a server and an application according to an embodiment of the disclosure;
FIG. 7 schematically shows a block diagram of a server according to an embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a network security guard in accordance with an embodiment of the present disclosure; and
fig. 9 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It is to be understood that such description is merely illustrative and not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. Moreover, in the following description, descriptions of well-known structures and techniques are omitted so as to not unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and the like, as used herein, specify the presence of stated features, operations, and/or components, but do not preclude the presence or addition of one or more other features, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It is noted that the terms used herein should be interpreted as having a meaning that is consistent with the context of this specification and should not be interpreted in an idealized or overly formal sense.
Where a convention analogous to "at least one of A, B and C, etc." is used, in general such a construction is intended in the sense one having skill in the art would understand the convention (e.g., "a system having at least one of A, B and C" would include but not be limited to systems that have a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).
Some block diagrams and/or flow diagrams are shown in the figures. It will be understood that some blocks of the block diagrams and/or flowchart illustrations, or combinations thereof, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable network security device such that the instructions, which execute via the processor, create means for implementing the functions/acts specified in the block diagrams and/or flowchart block or blocks. The techniques of this disclosure may be implemented in hardware and/or software (including firmware, microcode, etc.). In addition, the techniques of this disclosure may take the form of a computer program product on a computer-readable storage medium having instructions stored thereon for use by or in connection with an instruction execution system.
The embodiment of the disclosure provides a network security protection method and a protection device capable of applying the method. The method is applied to a server and specifically comprises the following operations of firstly acquiring protected target service information from an application terminal, then executing a protection action aiming at the target service information according to the information type of the target service information, and controlling the application terminal to perform service operation based on the service information to be executed under the condition that the execution result of the protection action indicates the service information to be executed.
Fig. 1 schematically shows a system architecture of a network security protection method and apparatus according to an embodiment of the present disclosure. It should be noted that fig. 1 is only an example of a system architecture to which the embodiments of the present disclosure may be applied to help those skilled in the art understand the technical content of the present disclosure, and does not mean that the embodiments of the present disclosure may not be applied to other devices, systems, environments or scenarios.
As shown in fig. 1, the system architecture 100 includes an application (a plurality of which are shown, e.g., applications 101, 102, 103) and a server (e.g., server 104). The server is in communication connection with the application, the actual form of the application may be a physical device, a virtual machine, an application program, a code tool, and the like, and for example, the application may be an application installed in the user terminal, or may be a browser applied in the user terminal, and the embodiment is not limited herein with respect to the specific form of the application.
The server 104 obtains protected target service information from the application (e.g., the application 101, 102, 103), executes a protection action for the target service information according to the information type of the target service information, and controls the application (e.g., the application 101, 102, 103) to perform a service operation based on the to-be-executed service information when the execution result of the protection action indicates the to-be-executed service information.
It should be noted that the network security protection method and apparatus of the embodiments of the present disclosure may be used in the financial field, and may also be used in any field other than the financial field. The present disclosure will be described in detail below with reference to the drawings and specific embodiments.
Fig. 2 schematically shows a flowchart of a network security protection method applied to a server according to an embodiment of the present disclosure.
As shown in FIG. 2, the method 200 may include operations S210-S230.
In operation S210, target service information from the protected service in the application is acquired.
In this embodiment, specifically, preset target service information protected from the application end is obtained, where the target service information may include, for example, running environment information of the application end, user operation information in the application end, a source code associated with the preset protected service in the application end, a service request password input by the user in the application end and associated with the preset protected service, a link request initiated by the user in the application end and directed to the preset protected service, and the like. The types of the target service information are different, and the protection action contents aiming at the target service information are different.
Next, in operation S220, a protection action for the target service information is performed according to the information type of the target service information.
In this embodiment, specifically, according to the information type of the target service information, a protection action for the target service information is performed, and the content of the protection action may include performing a threat detection operation, a scrambling operation, an access control operation, a validity verification operation, and the like for the target service information. Wherein the scrambling operation may comprise at least one of: the method comprises the steps of encoding processing, encrypting processing, deforming processing, reconstructing processing and business process scrambling processing, wherein the access control operation can comprise the steps of generating a dynamic token, presetting verification action and the like.
Next, in operation S230, in case that the execution result of the protection action indicates the service information to be executed, the control application performs the service operation based on the service information to be executed.
In this embodiment, specifically, after the protection action for the target service information is completed, whether to control the application terminal to execute the subsequent service operation is determined according to whether the execution result of the protection action indicates the service information to be executed. Illustratively, after the scrambling operation for the target service information is completed and the scrambled service information is obtained, the scrambled service information constitutes the service information to be executed, and the service end controls the application end to perform the service operation based on the scrambled service information. And after the threat detection operation aiming at the target service information is completed and the threat detection result is obtained, the threat detection result does not form the service information to be executed. However, the server may determine whether to communicate with the application end to return the service data to the application end according to the threat detection result.
In the embodiment of the disclosure, protected target service information from an application terminal is acquired; executing a protection action aiming at the target service information according to the information type of the target service information; and under the condition that the execution result of the protection action indicates the service information to be executed, controlling the application terminal to perform service operation based on the service information to be executed. The method comprises the steps that a server side is used for executing protection actions aiming at target business information, under the condition that execution results of the protection actions indicate business information to be executed, an application side is controlled to carry out business operation based on the business information to be executed, and by constructing a collaborative safety protection mechanism of the application side, the method is beneficial to realizing key business protection and operation threat detection aiming at the application side, is beneficial to improving safety protection capability of business operation in the application side, and is beneficial to meeting high safety requirements in the field of financial business.
Fig. 3A schematically illustrates a flow chart of another network security protection method according to an embodiment of the present disclosure.
As shown in FIG. 3A, the method 300 may include operations S310-S330.
In operation S310, a source code packet associated with a preset protected service in an application is obtained as target service information.
In this embodiment, specifically, a source code packet associated with a preset protected service in an application is obtained, where the preset protected service may specifically be a preset key service triggered in the application, and the key service may include, for example, a payment service, a transfer service, a balance inquiry service, a financial product transaction service, and the like. And acquiring a source code packet associated with the protected service, and taking the source code packet as protected target service information.
Next, in operation S320, a scrambling operation is performed on the source code packet to obtain a scrambled source code packet, where the scrambling operation includes at least one of: coding processing, encryption processing, deformation processing, reconstruction processing and business process scrambling processing.
In this embodiment, specifically, a scrambling operation is performed on the source code packet, and specifically, at least through scrambling processing such as an encoding operation, an encryption operation, a transformation operation, and a reconstruction operation, protection processing may be performed on key information such as a variable name, an array, an object, a character string, and a function of the source code in the source code packet, so as to obtain the scrambled source code packet. Optionally, a service flow scrambling process for the source code packet may also be performed, and specifically, a hidden code execution flow may be implemented by constructing an interference control flow, a flattening control flow, and the like, so as to obtain a scrambled source code packet. The scrambling operation aiming at the source code packet is carried out to obtain the scrambled source code packet, the confidentiality of the key code in the application end is protected, the hidden business logic function is favorably realized, and the debugged and tampered risks of the code can be well resisted.
Next, in operation S330, the scrambled source code packet is sent to the application end, so that the application end performs a descrambling operation on the scrambled source code packet, obtains a descrambled source code packet and runs the descrambled source code packet, where the descrambling operation corresponds to the scrambling operation.
In this embodiment, specifically, the scrambled source code packet is sent to the application end, so that the application end executes a descrambling operation corresponding to the scrambling operation, and a descrambled source code packet is obtained. And the application terminal realizes the service provision for the user by operating the descrambled source code packet. The source code packet associated with the protected service in the application terminal is scrambled, so that confidentiality protection of the source code running at the front end is facilitated, the source code is displayed and run in an unreadable mode, the service execution flow in the application terminal is facilitated to be hidden, and the safety of service running in the application terminal is facilitated to be guaranteed.
Fig. 3B schematically shows an information interaction diagram between a server and an application according to an embodiment of the present disclosure.
As shown in fig. 3B, the source code packet scrambling module of the service end 302 executes scrambling operation on the source code packet to obtain a scrambled source code packet, and sends the scrambled source code packet to the application end 301, so that the application end 301 descrambles the received scrambled source code packet to obtain a descrambled source code packet and operates, thereby implementing normal service provision.
Fig. 4A schematically illustrates a flow chart of another network security protection method according to an embodiment of the present disclosure.
As shown in FIG. 4A, the method 400 may include operations S410-S430.
In operation S410, a link request initiated for a preset protected service in an application is obtained as target service information.
In this embodiment, specifically, a link request initiated by a user in an application end for a preset protected service is obtained, where the link request is used to request connection of contents such as a link and a form in a protected service page in the application end. And acquiring the link request initiated by the user in the application end, and taking the link request as protected target service information.
Next, in operation S420, authorization control information for the link request is generated.
In the present embodiment, specifically, the authorization control information for the link request is generated, and specifically, the dynamic token and the preset verification action for the link request may be generated. The dynamic token may include a dynamic verification number, a dynamic verification word, a dynamic verification pattern, and the like, and the preset verification action indicates the user to perform a specified verification operation, for example, the verification pattern is spliced, or the verification pattern is moved or rotated to a specified position. Optionally, the time efficiency information associated with the authorization control information is set, and the authorization control information is invalid when the current time does not meet the time efficiency information of the authorization control information or the generation time of the authorization control information exceeds a preset time.
The method and the device have the advantages that the authorization control information aiming at the link request is generated, so that the automation tool, the automation script program, the replay attack and the like of an attacker can be resisted favorably, and the one-time authorization control information is granted to the link request of the current access page, so that the safety protection capability of the service operation in the application end can be improved favorably.
Next, in operation S430, the authorization control information is sent to the application end, so that the application end initiates an access request for the protected service based on the authorization control information, verifies whether the authorization verification information input by the user in the access request is consistent with the authorization control information in response to the received access request from the application end, and returns a request resource for the access request to the application end if the authorization verification information is consistent with the authorization control information.
In this embodiment, specifically, the authorization control information is sent to the application end, so that the user in the application end initiates an access request for the protected service based on the received authorization control information. Specifically, the user inputs authorization and verification information corresponding to the authorization and control information, or completes a specified verification action according to the requirement of the authorization and control information, and generates an access request for protected services. The server side obtains the access request from the application side, verifies whether the authorization verification information input by the user in the access request is consistent with the authorization control information, and if so, determines that the obtained access request is a legal request. Or, checking whether the verification action finished by the user is consistent with the authorization verification information, and if so, determining that the obtained access request is a legal request. And after the access request is determined to be a legal request, returning the request resource aiming at the access request to the application terminal.
And verifying whether the authorization verification information input by the user is consistent with the authorization control information or not, wherein the verification includes verifying whether the format and the content of the authorization verification information are the same as those of the authorization control information or verifying whether the authorization verification information is information obtained by operating according to the requirement of the authorization control information or not. Optionally, it is further required to verify whether the authorization verification information is used for the first time, verify whether the aging information of the authorization verification information meets a preset requirement, and verify whether the authorization verification information is matched with the URL requested to be accessed by the user, if so, determine that the authorization verification information is legal verification information, return normal page content to the application terminal, otherwise, intercept the access request from the application terminal.
Fig. 4B schematically shows another information interaction diagram between the server and the application according to the embodiment of the disclosure.
As shown in fig. 4B, the application 401 initiates a link request for a preset protected service, and the authorization control module of the server 402 obtains the link request from the application 401, generates authorization control information based on the link request, and sends the authorization control information to the application 401, so that the application 401 initiates an access request for the preset protected service based on the received authorization control information. The server 402 receives the access request from the application 401, verifies whether the access request is legal, and returns a request resource associated with the access request to the application 401 after determining that the access request is a legal request.
Fig. 5A schematically illustrates a flow chart of yet another network security defense method according to an embodiment of the present disclosure.
As shown in FIG. 5A, the method 500 may include operations S510-S530.
In operation S510, it is monitored whether the preset protected service is triggered in the application, and if so, a service request password associated with the protected service is used as the target service information.
In this embodiment, specifically, whether the preset protected service is triggered in the monitoring application is monitored, and the preset protected service may include, for example, a payment service, a transfer service, a balance inquiry service, a financial product transaction service, and the like. The method for monitoring whether the protected service is triggered in the application end comprises the steps of monitoring the event name of an input box in the application end and determining whether a user triggers the protected service according to the event name of the input box. And after the preset protected service is monitored, taking a service request password input by a user through an input box as protected target service information.
Illustratively, the server issues a JS password protection component to the application to protect the key service request password in the application. After the preset protected service is triggered in the application terminal, the server terminal sends a protection component operation instruction to the application terminal, the application terminal monitors a keyboard event in the browser by operating the JS password protection component, and intercepts keyboard input information to realize acquisition of a service request password input by a user.
Next, in operation S520, an encryption command is sent to the application end, so that the application end performs an encryption operation for the service request password according to the encryption key indicated by the encryption command, obtains the encrypted service request password, and obtains the encrypted service request password from the application end.
In this embodiment, specifically, an encryption instruction is sent to the application end, so that the application end performs an encryption operation for the service request password according to the encryption key indicated by the encryption instruction. The encryption key indicated by the encryption instruction is a periodically updated key added with a scrambling control word, and the server side performs denaturation protection on the encryption key and inserts an invalid hash string into the encryption key to increase the decryption difficulty of the encryption key. In addition, the server periodically updates the encryption key at regular time, so that the cracking difficulty of the encryption key is further increased.
And the application terminal executes the encryption operation aiming at the service request password according to the received encryption key to obtain the encrypted service request password. The user inputs the service request password to request to obtain corresponding service data from the server, the server obtains the encrypted service request password from the application, and the service request password is subjected to transmission protection operation, so that the data transmission safety between the server and the application is ensured, and the service safety operation in the application is ensured.
Next, in operation S530, a decryption operation is performed on the encrypted service request password to obtain a decrypted service request password, and it is verified whether the decrypted service request password is legal, if so, a request resource for the service request password is returned to the application terminal.
In this embodiment, specifically, after obtaining the encrypted service request password, the server performs a decryption operation on the encrypted service request password by using a decryption key consistent with the encryption key, so as to obtain the decrypted service request password. The service end verifies whether the service request password is legal, specifically verifies whether the contents, format, aging information and the like of the service request password are legal, and if so, the application end returns the request resource aiming at the service request password.
Fig. 5B schematically shows another information interaction diagram between the server and the application according to the embodiment of the disclosure.
As shown in fig. 5B, the key service information protection module of the server 502 monitors whether the preset protected service is triggered in the application 501, and after it is monitored that the preset protected service is triggered in the application 501, a service request password associated with the preset protected service is used as the target service information. The server 502 sends an encryption instruction to the application 501, so that the application 501 executes an encryption operation for the service request password according to the encryption key indicated by the encryption instruction, obtains the encrypted service request password, and sends the encrypted service request password to the server 502. The server 502 performs a decryption operation on the received encrypted service request password to obtain a decrypted service request password. The server 502 verifies whether the service request password is legal, and if so, returns the request resource to the application 501.
Fig. 6A schematically illustrates a flow chart of yet another network security protection method according to an embodiment of the present disclosure.
As shown in FIG. 6A, the method 600 may include operations S610-S620.
In operation S610, user operation information and/or execution environment information in the application terminal is acquired.
In this embodiment, specifically, user operation information and/or running environment information in the application terminal is obtained, where the user operation information may include, for example, mouse operation information in the application terminal, and the mouse operation information may include, for example, information such as mouse click frequency and mouse sliding track. The obtained operating environment information may include, for example, information such as operating system version, application-related system users and user groups, database version and configuration, file descriptor restrictions, information directory, and important files.
Next, in operation S620, a threat detection operation based on the user operation information and/or the operating environment information is performed, and a detection result is obtained.
In this embodiment, specifically, the threat detection operation based on the operating environment information includes: matching operation based on the running environment information and preset threat characteristics is carried out to obtain a threat matching score, wherein the threat matching score is determined by the number of matched threat characteristics and the type of the threat characteristics; and determining that the running environment of the application end has a security threat under the condition that the threat matching score is higher than a preset threshold value. Since the hazard levels for different types of threat characteristics may be different, the preset weights for different types of threat characteristics may be different. In general, the greater the number of threat features matched, the greater the weight of the threat feature, and the higher the threat match score. For example, the matching threat characteristics may be weighted and summed to serve as a threat match score.
Or, based on the operating environment information, determining the system fingerprint characteristics of the application end, and judging whether the system fingerprint characteristics of the application end are changed in the same session, if so, determining that the operating environment of the application end has security threat. Specifically, a system hash value of the application terminal is determined based on the acquired running environment information, and the system hash value is used as a system fingerprint feature of the application terminal. In the same normal session, the system fingerprint characteristics of the application end cannot be changed, when the application end is attacked by an automated script program, an attacker intercepts a service request of the application end, and forwards the changed service request to the server end after the service request is changed, and at the moment, the server end detects that the system fingerprint characteristics of the application end are changed, and determines that the running environment of the application end has security threat.
Performing a threat detection operation based on user operation information, comprising: and comparing the user operation information with the preset threat characteristics to determine whether the running environment of the application end has the security threat. The normal operation of the user is different from the automatic attack and the replay attack initiated by the automatic script program, the user operation information is compared with the preset threat characteristic, and whether the running environment of the application end has the security threat or not is determined according to the comparison result. After the operating environment of the application terminal is determined to have security threat, the service terminal can stop the communication connection with the application terminal or refuse to provide data service for the application terminal, so that the automatic attack and replay attack in the application terminal can be resisted, and the service operation security in the application terminal can be ensured.
By constructing a safety protection system taking an application end as a front end, recognizing the safety threat of the front end operation environment by utilizing the application end in a cooperative manner, performing confidentiality protection on key codes operated by the front end, performing encryption transmission protection on key service data, blocking automatic attack and replay attack by access control, realizing a comprehensive protection mechanism covering multiple dimensions by cooperating with light-weight modules, being beneficial to constructing a comprehensive and comprehensive safety protection system in the financial service field, being beneficial to ensuring the safety protection capability of service operation in the application end, being beneficial to reducing the risk coefficient of financial service operation, and being capable of better meeting the high safety requirement in the financial field.
Fig. 6B schematically illustrates still another information interaction diagram between the server and the application according to an embodiment of the disclosure.
As shown in fig. 6B, the threat detection module of the server 602 issues an acquisition code to the application 601 (specifically, to the information acquisition module in the application 601), so that the application 601 acquires the operating environment information and the user operation information in the application according to the received acquisition code, and sends an information acquisition result to the server 602. The server 602 performs a threat detection operation based on the operating environment information and the user operation information, obtains a threat detection result, and sends the threat detection result to the application 601, and the application 601 receives the threat detection result and performs a subsequent operation based on the threat detection result.
Fig. 7 schematically shows a block diagram of a server according to an embodiment of the present disclosure, and as shown in fig. 7, the server 700 includes a source code packet scrambling module, an authorization control module, a key traffic information protection module, and a threat detection module. Each module in the server 700 is configured to execute the corresponding security protection method in the foregoing embodiment, which is not described herein again.
Fig. 8 schematically illustrates a block diagram of a network security guard in accordance with an embodiment of the present disclosure.
As shown in fig. 8, the network security guard 800 includes an obtaining module 801, a first processing module 802, and a second processing module 803.
Specifically, the obtaining module 801 is configured to obtain protected target service information from an application; a first processing module 802, configured to execute a protection action for the target service information according to the information type of the target service information; the second processing module 803 is configured to, when the execution result of the protection action indicates to-be-executed service information, control the application end to perform a service operation based on the to-be-executed service information.
In the embodiment of the disclosure, protected target service information from an application terminal is acquired; executing a protection action aiming at the target service information according to the information type of the target service information; and under the condition that the execution result of the protection action indicates the service information to be executed, controlling the application terminal to perform service operation based on the service information to be executed. The method comprises the steps that a server side is used for executing protection actions aiming at target business information, under the condition that execution results of the protection actions indicate business information to be executed, an application side is controlled to carry out business operation based on the business information to be executed, and by constructing a collaborative safety protection mechanism of the application side, the method is beneficial to realizing key business protection and operation threat detection aiming at the application side, is beneficial to improving safety protection capability of business operation in the application side, and is beneficial to meeting high safety requirements in the field of financial business.
As a possible embodiment, the obtaining module includes a first obtaining sub-module, configured to obtain a source code packet associated with a preset protected service in an application, as target service information; the first processing module comprises a first processing submodule and is used for carrying out scrambling operation on the source code packet to obtain a scrambled source code packet, wherein the scrambling operation comprises at least one of the following operations: coding processing, encryption processing, deformation processing, reconstruction processing and business process scrambling processing.
As a possible embodiment, scrambling the source code packet to form service information to be executed; the second processing module comprises a second processing submodule and is used for sending the scrambled source code packet to the application end so that the application end carries out descrambling operation aiming at the scrambled source code packet to obtain the descrambled source code packet and operates, wherein the descrambling operation corresponds to the scrambling operation.
As a possible embodiment, the obtaining module includes a second obtaining sub-module, configured to obtain a link request, which is initiated by the application end for a preset protected service, as target service information; the first processing module includes a third processing sub-module for generating entitlement control information for the link request.
As a possible embodiment, the authorization control information constitutes service information to be executed; the second processing module comprises: the fourth processing submodule is used for sending the authorization control information to the application terminal so that the application terminal initiates an access request aiming at the protected service based on the authorization control information; the fifth processing submodule is used for responding to the received access request from the application terminal and verifying whether the authorization verification information input by the user in the access request is consistent with the authorization control information; and if so, returning the request resource aiming at the access request to the application terminal.
As a possible embodiment, the obtaining module includes a third obtaining sub-module, configured to monitor whether a preset protected service is triggered in the application; if so, using a service request password associated with the protected service as target service information; the first processing module includes: the sixth processing submodule is used for sending an encryption instruction to the application end so that the application end executes encryption operation aiming at the service request password according to the encryption key indicated by the encryption instruction to obtain the encrypted service request password; and the seventh processing submodule is used for acquiring the encrypted service request password from the application terminal, wherein the encryption key is a periodically updated key added with the scrambling control word.
As a possible embodiment, the encrypted service request password constitutes service information to be executed, and the second processing module includes: the eighth processing submodule is used for carrying out decryption operation on the encrypted service request password to obtain a decrypted service request password; the ninth processing submodule is used for verifying whether the decrypted service request password is legal or not; and if so, returning the request resource aiming at the service request password to the application terminal.
As a possible embodiment, the obtaining module includes a fourth obtaining sub-module, configured to obtain the operating environment information of the application terminal, so as to serve as the target service information; the first processing module comprises a tenth processing submodule and is used for carrying out threat detection operation based on the running environment information to obtain a detection result.
As a possible embodiment, the tenth processing submodule includes: the first processing unit is used for performing matching operation based on the running environment information and preset threat characteristics to obtain a threat matching score, wherein the threat matching score is determined by the number of matched threat characteristics and the type of the threat characteristics; and the second processing unit is used for determining that the safety threat exists in the operating environment of the application terminal under the condition that the threat matching score is higher than a preset threshold value.
As a possible embodiment, the tenth processing submodule includes: the third processing unit is used for determining the system fingerprint characteristics of the application terminal based on the running environment information; the fourth processing unit is used for judging whether the system fingerprint characteristics of the application end are changed in the same session; and if so, determining that the running environment of the application end has security threat.
As a possible embodiment, the obtaining module includes a fifth obtaining sub-module, configured to obtain user operation information in the application terminal, as target service information; the first processing module comprises an eleventh processing submodule for comparing the user operation information with the preset threat characteristic so as to determine whether the running environment of the application end has the security threat.
It should be noted that, in the embodiments of the present disclosure, the implementation of the apparatus portion is the same as or similar to the implementation of the method portion, and is not described herein again.
Any of the modules according to embodiments of the present disclosure, or at least part of the functionality of any of them, may be implemented in one module. Any one or more of the modules according to the embodiments of the present disclosure may be implemented by being split into a plurality of modules. Any one or more of the modules according to the embodiments of the present disclosure may be implemented at least in part as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in any other reasonable manner of hardware or firmware by integrating or packaging the circuit, or in any one of three implementations, or in any suitable combination of any of the software, hardware, and firmware. Or one or more of the modules according to embodiments of the disclosure, may be implemented at least partly as computer program modules which, when executed, may perform corresponding functions.
For example, any number of the obtaining module 801, the first processing module 802, and the second processing module 803 may be combined and implemented in one module, or any one of them may be split into a plurality of modules. Alternatively, at least part of the functionality of one or more of these modules may be combined with at least part of the functionality of the other modules and implemented in one module. According to an embodiment of the present disclosure, at least one of the obtaining module 801, the first processing module 802 and the second processing module 803 may be implemented at least partially as a hardware circuit, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a substrate, a system on a package, an Application Specific Integrated Circuit (ASIC), or may be implemented in hardware or firmware in any other reasonable manner of integrating or packaging a circuit, or in any one of three implementations of software, hardware and firmware, or in any suitable combination of any of them. At least one of the obtaining module 801, the first processing module 802 and the second processing module 803 may be at least partly implemented as a computer program module, which when executed may perform a corresponding function.
Fig. 9 schematically shows a block diagram of an electronic device according to an embodiment of the disclosure. The electronic device shown in fig. 9 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present disclosure.
As shown in fig. 9, the electronic device 900 includes a processor 910, a computer-readable storage medium 920. The electronic device 900 may perform a method according to an embodiment of the disclosure.
In particular, processor 910 may include, for example, a general purpose microprocessor, an instruction set processor and/or related chip set and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), and/or the like. The processor 910 may also include onboard memory for caching purposes. The processor 910 may be a single processing module or a plurality of processing modules for performing the different actions of the method flows according to embodiments of the present disclosure.
Computer-readable storage media 920, for example, may be non-volatile computer-readable storage media, specific examples including, but not limited to: magnetic storage devices, such as magnetic tape or Hard Disk Drives (HDDs); optical storage devices, such as compact disks (CD-ROMs); a memory, such as a Random Access Memory (RAM) or a flash memory; and so on.
The computer-readable storage medium 920 may include a computer program 921, which computer program 921 may include code/computer-executable instructions that, when executed by the processor 910, cause the processor 910 to perform a method according to an embodiment of the present disclosure, or any variation thereof.
The computer program 921 may be configured with, for example, computer program code comprising computer program modules. For example, in an example embodiment, code in computer program 921 may include one or more program modules, including 921A, modules 921B, … …, for example. It should be noted that the division and number of the modules are not fixed, and those skilled in the art may use suitable program modules or program module combinations according to actual situations, so that the processor 910 may execute the method according to the embodiment of the present disclosure or any variation thereof when the program modules are executed by the processor 910.
According to an embodiment of the present disclosure, at least one of the obtaining module 801, the first processing module 802 and the second processing module 803 may be implemented as a computer program module described with reference to fig. 9, which, when executed by the processor 910, may implement the respective operations described above.
The present disclosure also provides a computer-readable storage medium, which may be contained in the apparatus/device/system described in the above embodiments; or may exist separately and not be assembled into the device/apparatus/system. The computer-readable storage medium carries one or more programs which, when executed, implement the method according to an embodiment of the disclosure.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
It will be understood by those skilled in the art that while the present disclosure has been shown and described with reference to certain exemplary embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the present disclosure as defined by the appended claims and their equivalents. Accordingly, the scope of the present disclosure should not be limited to the above-described embodiments, but should be defined not only by the appended claims, but also by equivalents thereof.
Claims (14)
1. A network security protection method is applied to a server and comprises the following steps:
obtaining protected target service information from an application terminal;
executing a protection action aiming at the target service information according to the information type of the target service information; and
and under the condition that the execution result of the protection action indicates the service information to be executed, controlling the application terminal to perform service operation based on the service information to be executed.
2. The method of claim 1, wherein,
the acquiring protected target service information from the application terminal includes:
acquiring a source code packet associated with a preset protected service in the application terminal to serve as the target service information;
the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps:
performing a scrambling operation on the source code packet to obtain a scrambled source code packet, wherein the scrambling operation includes at least one of: coding processing, encryption processing, deformation processing, reconstruction processing and business process scrambling processing.
3. The method of claim 2, wherein the scrambled source code packet constitutes the traffic information to be performed; the controlling the application terminal to perform service operation based on the service information to be executed includes:
and sending the scrambled source code packet to the application end so that the application end carries out descrambling operation aiming at the scrambled source code packet to obtain a descrambled source code packet and operates the descrambled source code packet, wherein the descrambling operation corresponds to the scrambling operation.
4. The method of claim 1, wherein,
the acquiring protected target service information from the application terminal includes:
acquiring a link request initiated for a preset protected service in the application terminal to serve as the target service information;
the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps:
generating authorization control information for the link request.
5. The method of claim 4, wherein the authorization control information constitutes the to-be-executed service information; the controlling the application terminal to perform service operation based on the service information to be executed includes:
sending the authorization control information to the application terminal so that the application terminal initiates an access request aiming at the protected service based on the authorization control information;
responding to the received access request from the application terminal, and verifying whether authorization verification information input by a user in the access request is consistent with the authorization control information;
and if so, returning the request resource aiming at the access request to the application terminal.
6. The method of claim 1, wherein,
the acquiring protected target service information from the application terminal includes:
monitoring whether a preset protected service is triggered in the application terminal;
if so, using a service request password associated with the protected service as the target service information;
the executing the protection action aiming at the target service information comprises the following steps:
sending an encryption instruction to the application end so that the application end executes encryption operation aiming at the service request password according to an encryption key indicated by the encryption instruction to obtain an encrypted service request password;
obtaining the encrypted service request password from the application terminal,
the encryption key is a periodic updating key added with a scrambling control word.
7. The method of claim 6, wherein the encrypted service request password constitutes the service information to be executed, and the controlling the application terminal to perform a service operation based on the service information to be executed comprises:
carrying out decryption operation aiming at the encrypted service request password to obtain a decrypted service request password;
verifying whether the decrypted service request password is legal or not;
and if so, returning a request resource aiming at the service request password to the application terminal.
8. The method of claim 1, wherein,
the acquiring protected target service information from the application terminal includes:
acquiring running environment information of the application terminal to serve as the target service information;
the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps:
and carrying out threat detection operation based on the operating environment information to obtain a detection result.
9. The method of claim 8, wherein performing a threat detection operation based on the operating environment information, resulting in a detection result, comprises:
matching operation based on the operating environment information and preset threat characteristics is carried out to obtain a threat matching score, wherein the threat matching score is determined by the number of matched threat characteristics and the type of the threat characteristics; and
and under the condition that the threat matching score is higher than a preset threshold value, determining that a security threat exists in the operating environment of the application end.
10. The method of claim 8, wherein performing a threat detection operation based on the operating environment information, resulting in a detection result, comprises:
determining system fingerprint characteristics of the application terminal based on the running environment information;
judging whether the system fingerprint characteristics of the application terminal are changed in the same session;
and if so, determining that the running environment of the application end has security threat.
11. The method of claim 1, wherein,
the acquiring protected target service information from the application terminal includes:
acquiring user operation information in the application terminal to serve as the target service information;
the executing the protection action aiming at the target service information according to the information type of the target service information comprises the following steps:
and comparing the user operation information with preset threat characteristics to determine whether the running environment of the application end has a security threat.
12. A network safety protection device is applied to a server and comprises:
the acquisition module is used for acquiring protected target service information from the application terminal;
the first processing module is used for executing a protection action aiming at the target service information according to the information type of the target service information; and
and the second processing module is used for controlling the application terminal to perform service operation based on the service information to be executed under the condition that the execution result of the protection action indicates the service information to be executed.
13. An electronic device, comprising:
one or more processors; and
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of any of claims 1-11.
14. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 11.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110039316.1A CN112866226B (en) | 2021-01-12 | 2021-01-12 | Network security protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110039316.1A CN112866226B (en) | 2021-01-12 | 2021-01-12 | Network security protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112866226A true CN112866226A (en) | 2021-05-28 |
| CN112866226B CN112866226B (en) | 2023-03-10 |
Family
ID=76003140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110039316.1A Active CN112866226B (en) | 2021-01-12 | 2021-01-12 | Network security protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112866226B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5369707A (en) * | 1993-01-27 | 1994-11-29 | Tecsec Incorporated | Secure network method and apparatus |
| WO2018010139A1 (en) * | 2016-07-14 | 2018-01-18 | 富士通株式会社 | Group communication device and method, and communication system |
| CN108924137A (en) * | 2018-07-04 | 2018-11-30 | 吴科 | Method for secret protection and system under a kind of environment of internet of things |
| CN110719265A (en) * | 2019-09-23 | 2020-01-21 | 腾讯科技(深圳)有限公司 | Method, device and equipment for realizing network security communication |
| CN111245811A (en) * | 2020-01-07 | 2020-06-05 | 北京字节跳动网络技术有限公司 | Information encryption method and device and electronic equipment |
-
2021
- 2021-01-12 CN CN202110039316.1A patent/CN112866226B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5369707A (en) * | 1993-01-27 | 1994-11-29 | Tecsec Incorporated | Secure network method and apparatus |
| WO2018010139A1 (en) * | 2016-07-14 | 2018-01-18 | 富士通株式会社 | Group communication device and method, and communication system |
| CN108924137A (en) * | 2018-07-04 | 2018-11-30 | 吴科 | Method for secret protection and system under a kind of environment of internet of things |
| CN110719265A (en) * | 2019-09-23 | 2020-01-21 | 腾讯科技(深圳)有限公司 | Method, device and equipment for realizing network security communication |
| CN111245811A (en) * | 2020-01-07 | 2020-06-05 | 北京字节跳动网络技术有限公司 | Information encryption method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112866226B (en) | 2023-03-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11093604B2 (en) | Personalized and cryptographically secure access control in trusted execution environment | |
| AU2017323588B9 (en) | Systems and methods for providing identity assurance for decentralized applications | |
| CN108604262B (en) | Protecting web pages, web applications, and applications | |
| US9560033B2 (en) | Method and system for authenticating user identity | |
| CN112257086B (en) | User privacy data protection method and electronic equipment | |
| CN103154960A (en) | Methods and systems for generation of authorized virtual appliances | |
| CN1716199A (en) | System and method for protected operating system boot using state validation | |
| US8452982B2 (en) | Methods and systems for migrating content licenses | |
| CN104199657A (en) | Call method and device for open platform | |
| JP7223067B2 (en) | Methods, apparatus, electronics, computer readable storage media and computer programs for processing user requests | |
| CN104283686A (en) | Digital right management method and system | |
| EP3381166B1 (en) | Systems and methods for cross-channel device binding | |
| CN113630412B (en) | Resource downloading method, resource downloading device, electronic equipment and storage medium | |
| CN112699404A (en) | Method, device and equipment for verifying authority and storage medium | |
| CN112866226B (en) | Network security protection method and device | |
| US11526633B2 (en) | Media exfiltration prevention system | |
| EP3123384B1 (en) | Protecting an item of software | |
| CN108985079B (en) | Data verification method and verification system | |
| CN108259490B (en) | Client verification method and device | |
| US11874752B1 (en) | Methods and systems for facilitating cyber inspection of connected and autonomous electrical vehicles using smart charging stations | |
| CN114915462B (en) | Cross-station request forgery attack defense method and device, electronic equipment and medium | |
| KR102644153B1 (en) | Apparatus and method for data security | |
| CN111562916B (en) | Method and device for sharing algorithm | |
| CN113271306B (en) | Data request and transmission method, device and system | |
| Shuang | Using Context to Verify User Intentions |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |