CN113902458A - Malicious user identification method and device and computer equipment - Google Patents

Malicious user identification method and device and computer equipment Download PDF

Info

Publication number
CN113902458A
CN113902458A CN202111479736.8A CN202111479736A CN113902458A CN 113902458 A CN113902458 A CN 113902458A CN 202111479736 A CN202111479736 A CN 202111479736A CN 113902458 A CN113902458 A CN 113902458A
Authority
CN
China
Prior art keywords
application program
simulator
operating environment
application
running environment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111479736.8A
Other languages
Chinese (zh)
Inventor
宋子豪
邹延迪
李尚锦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Huoli Tianhui Technology Co ltd
Original Assignee
Shenzhen Huoli Tianhui Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Huoli Tianhui Technology Co ltd filed Critical Shenzhen Huoli Tianhui Technology Co ltd
Priority to CN202111479736.8A priority Critical patent/CN113902458A/en
Publication of CN113902458A publication Critical patent/CN113902458A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/018Certifying business or products
    • G06Q30/0185Product, service or business identity fraud
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Development Economics (AREA)
  • Accounting & Taxation (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Finance (AREA)
  • Stored Programmes (AREA)

Abstract

The application relates to a method and a device for identifying malicious users and computer equipment. The method comprises the following steps: acquiring running environment information of an application program; judging whether the operating environment of the application program is a simulator or not according to the operating environment information; if the running environment of the application program is a simulator, acquiring user information corresponding to the application program; and if the user information meets the preset malicious user condition, carrying out user prohibition according to the user information. By adopting the method and the device, malicious users can be prevented from utilizing the convenient environment of the simulator to carry out malicious behaviors such as malicious registration and malicious bill swiping on the application program.

Description

Malicious user identification method and device and computer equipment
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method and an apparatus for identifying a malicious user, and a computer device.
Background
At present, an android simulator is a simulator capable of simulating the operating environment of an android system on various platforms such as Windows and Linux. After a user installs the android simulator on a computer, various android APPs (applications) can be installed and operated in an android system simulated by the android simulator, and great convenience is brought to daily life. However, a malicious user may utilize the convenient environment of the android simulator to perform malicious behaviors such as malicious registration and malicious billing on the APP. Therefore, a method that can identify malicious users using the android simulator is highly desirable.
Disclosure of Invention
In view of the foregoing, it is desirable to provide a method, an apparatus, and a computer device for identifying a malicious user.
In a first aspect, a method for identifying a malicious user is provided, where the method includes:
acquiring running environment information of an application program;
judging whether the operating environment of the application program is a simulator or not according to the operating environment information;
if the running environment of the application program is a simulator, acquiring user information corresponding to the application program;
and if the user information meets the preset malicious user condition, carrying out user prohibition according to the user information.
As an optional implementation, the operating environment information includes: the determining whether the operating environment of the application program is a simulator according to the operating environment information includes:
and if the times of each value of the global variable in the program counter are 0, judging that the running environment of the application program is a simulator.
As an optional implementation, the operating environment information includes: the determining, according to the operating environment information, whether the operating environment of the application is a simulator, of a filename included in an installation path of the application, includes:
and if the preset file name exists in the file names, judging that the running environment of the application program is a simulator.
As an optional implementation, the operating environment information includes: battery power, charged state, wireless network communication technology WIFI, global positioning system GPS, bluetooth, temperature sensor in one or more, according to operation environment information judges whether application's operational environment is the simulator, include:
Figure DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE003
a weight representing the charge level of the battery,
Figure DEST_PATH_IMAGE005
a characteristic value representing a battery level, if the battery level in the operating environment is a fixed value
Figure 54757DEST_PATH_IMAGE006
Is 1, otherwise is 0;
Figure 569046DEST_PATH_IMAGE008
a weight representing the state of charge,
Figure 403010DEST_PATH_IMAGE010
a characteristic value representing a state of charge, if the state of charge is not present in the operating environment
Figure DEST_PATH_IMAGE011
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE013
the weight of the WIFI is represented by a weight,
Figure DEST_PATH_IMAGE015
a characteristic value representing WIFI, if the WIFI is not present in the operating environment, then
Figure 258709DEST_PATH_IMAGE016
Is 1, otherwise is 0;
Figure 423105DEST_PATH_IMAGE018
representing GPSThe weight of the weight is calculated,
Figure 103485DEST_PATH_IMAGE020
a characteristic value representing a GPS, if the GPS is not present in the operating environment
Figure DEST_PATH_IMAGE021
Is 1, otherwise is 0;
Figure 100002_DEST_PATH_IMAGE023
the weight of the bluetooth is represented and,
Figure DEST_PATH_IMAGE025
a characteristic value representing Bluetooth, if the Bluetooth is not present in the operating environment
Figure 685514DEST_PATH_IMAGE026
Is 1, otherwise is 0;
Figure 202077DEST_PATH_IMAGE028
the weight of the temperature sensor is represented by,
Figure 888273DEST_PATH_IMAGE030
a characteristic value representing a temperature sensor, if the temperature sensor is not present in the operating environment
Figure DEST_PATH_IMAGE031
Is 1, otherwise is 0; if it is not
Figure DEST_PATH_IMAGE033
And if the running environment of the application program is greater than the first preset value, judging that the running environment of the application program is a simulator.
As an optional implementation, the operating environment information includes: one or more of call records, contacts, messages, photo albums, the installation number of application programs and simulator auxiliary application programs, wherein the step of judging whether the running environment of the application program is a simulator or not according to the running environment information comprises the following steps:
Figure 323DEST_PATH_IMAGE034
wherein the content of the first and second substances,
Figure 113773DEST_PATH_IMAGE036
a weight representing the call record is determined,
Figure 117632DEST_PATH_IMAGE038
a feature value representing a call log, if the call log is not present in the operating environment
Figure 100002_DEST_PATH_IMAGE039
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE041
the weight of the contact is represented and,
Figure DEST_PATH_IMAGE043
a characteristic value representing a contact, if the contact is not present in the runtime environment, then
Figure 987280DEST_PATH_IMAGE044
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE046
the weight of the short message is represented,
Figure DEST_PATH_IMAGE048
representing the characteristic value of the short message, if the short message does not exist in the operating environment, the characteristic value of the short message is represented, and if the short message does not exist in the operating environment, the characteristic value of the short message is represented
Figure DEST_PATH_IMAGE049
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE051
the weight of the photo album is represented and,
Figure DEST_PATH_IMAGE053
representing a characteristic value of the album, if said runningThe album is not present in the environment, then
Figure DEST_PATH_IMAGE054
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE056
a weight representing the number of applications installed,
Figure DEST_PATH_IMAGE058
a characteristic value representing the installation quantity of the application programs, if the installation quantity of the application programs in the running environment is less than a preset threshold value, the characteristic value is used for judging whether the installation quantity of the application programs is less than a preset threshold value
Figure DEST_PATH_IMAGE059
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE061
representing the weight of the simulator secondary application,
Figure DEST_PATH_IMAGE063
a feature value representing a simulator secondary application, if the simulator secondary application is present in the runtime environment
Figure DEST_PATH_IMAGE064
Is 1, otherwise is 0; if it is not
Figure DEST_PATH_IMAGE066
And if the running environment of the application program is larger than the second preset value, judging that the running environment of the application program is a simulator.
As an optional implementation manner, the user information includes the current detection time, the total current access amount, and the number of page interfaces accessing the application program at the same time; judging whether the user information meets preset malicious user conditions or not, wherein the judging step comprises the following steps:
determining the total number of normal accesses corresponding to the current detection time according to the current detection time and a preset total number of normal accesses determining method;
and if the total current access quantity is greater than the total normal access quantity and the page interface quantity is greater than a preset page interface quantity threshold value, judging that the user information meets a preset malicious user condition.
As an optional implementation manner, according to the current detection time and a preset method for determining the total number of normal accesses, a formula for determining the total number of normal accesses corresponding to the current detection time is as follows:
Figure DEST_PATH_IMAGE067
wherein T represents the current detection time, F represents the total number of normal accesses, A1、A2、A3、B1、B2、B3、T1、T2Is a constant.
As an optional implementation, the method further comprises:
in the installation process of the application program, acquiring the current version number and a first integrity check code of the application program;
and inquiring a second integrity check code corresponding to the current version number in the corresponding relation between the pre-stored version number and the integrity check code, and if the second integrity check code is different from the first integrity check code, preventing the application program from being installed.
In a second aspect, an apparatus for identifying a malicious user is provided, the apparatus comprising:
the first acquisition module is used for acquiring the running environment information of the application program;
the judging module is used for judging whether the running environment of the application program is a simulator or not according to the running environment information;
the second acquisition module is used for acquiring the user information corresponding to the application program if the running environment of the application program is a simulator;
and the forbidding module is used for carrying out user forbidding according to the user information if the user information meets the preset malicious user condition.
As an optional implementation, the operating environment information includes: the determination module is specifically configured to:
and if the times of each value of the global variable in the program counter are 0, judging that the running environment of the application program is a simulator.
As an optional implementation, the operating environment information includes: the determining module is specifically configured to:
and if the preset file name exists in the file names, judging that the running environment of the application program is a simulator.
As an optional implementation, the operating environment information includes: battery power, charged state, wireless network communication technology WIFI, global positioning system GPS, bluetooth, one or more in the temperature sensor, the judging module specifically is used for:
and judging whether the running environment of the application program is a simulator or not according to one or more of the battery electric quantity, the charging state, the WIFI, the GPS, the Bluetooth and the temperature sensor.
As an optional implementation, the operating environment information includes: one or more of call records, contacts, messages, photo albums, installation quantity of application programs and auxiliary application programs of the simulator, wherein the judgment module is specifically used for:
and judging whether the running environment of the application program is a simulator or not according to one or more of the call records, the contacts, the short messages, the photo album, the installation number of the application programs and the auxiliary application programs of the simulator.
As an optional implementation manner, the user information includes the current detection time, the total current access amount, and the number of page interfaces accessing the application program at the same time; the block module further comprises:
the determining module is used for determining the total number of normal accesses corresponding to the current detection time according to the current detection time and a preset total number of normal accesses determining method;
and the judging module is used for judging that the user information meets the preset malicious user condition if the total current access quantity is greater than the total normal access quantity and the page interface quantity is greater than a preset page interface quantity threshold value.
As an optional implementation, the apparatus further comprises:
the third acquisition module is used for acquiring the current version number and the first integrity check code of the application program in the installation process of the application program;
and the stopping module is used for inquiring a second integrity check code corresponding to the current version number in the corresponding relation between the pre-stored version number and the integrity check code, and stopping the installation of the application program if the second integrity check code is different from the first integrity check code.
In a third aspect, a computer device is provided, comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor to, when executed, perform the method steps of the first aspect.
In a fourth aspect, a computer-readable storage medium is provided, having stored thereon a computer program which, when being executed by a processor, carries out the method steps of the first aspect.
The application provides a method, a device and a computer device for identifying malicious users, and the technical scheme provided by the embodiment of the application at least brings the following beneficial effects: after the application program is installed in the terminal or the simulator installed on the terminal, the computer equipment acquires the running environment information of the application program, and then judges whether the running environment of the application program is the simulator or not according to the running environment information. And if the running environment of the application program is the simulator, the computer equipment acquires the user information corresponding to the application program. And if the user information meets the preset malicious user condition, the computer equipment performs user prohibition according to the user information. By the method, the problem that malicious users utilize the convenient environment of the simulator to carry out malicious behaviors such as malicious registration and malicious bill swiping on the application program can be solved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic application environment diagram of a malicious user identification method according to an embodiment of the present disclosure;
fig. 2 is a flowchart of a method for identifying a malicious user according to an embodiment of the present disclosure;
fig. 3 is a schematic structural diagram of an apparatus for identifying a malicious user according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a computer device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application. The malicious user identification method provided by the application can be applied to the application environment shown in fig. 1. Wherein the terminal 101 communicates with the server 102 via a network. The terminal 101 may install and run the application directly or through the simulator. The server 102 may obtain the running environment information of the application program, and determine whether the running environment of the application program is a simulator according to the running environment information. If the running environment of the application is a simulator, the server 102 may obtain the user information corresponding to the application. If the user information meets the preset malicious user condition, the server 102 may perform user barring according to the user information. The terminal 101 may be, but not limited to, various personal computers, notebook computers, smart phones, tablet computers, and portable wearable devices, and the server 102 may be implemented by an independent server or a server cluster formed by a plurality of servers.
A detailed description will be given below of an identification method for a malicious user according to an embodiment of the present application with reference to a specific implementation manner, and fig. 2 is a flowchart of the identification method for a malicious user according to the embodiment of the present application, and as shown in fig. 2, specific steps are as follows:
step 201, obtaining the running environment information of the application program.
In implementation, when a user needs to use a certain application program, the user can download the installation package of the application program through an application store on the terminal or obtain the installation package of the application program in other ways, and install the application program in the terminal or a simulator installed on the terminal. After installation is complete, the user can run the application by clicking on the application icon. In the installation and operation process of the application program, the server can perform information transmission with the terminal to acquire operation environment information, user information and the like of the application program. In order to prevent malicious users from utilizing the convenient environment of the simulator and carrying out malicious behaviors such as malicious registration and malicious bill swiping on the application program, the server can acquire the running environment information of the application program. The running environment information of the application program may include the number of times of each value of the global variable in the program counter, a file name included in an installation path of the application program, a battery level, a charging state, a wireless network communication technology wifi (wireless fidelity), a global Positioning system gps (global Positioning system), bluetooth, a temperature sensor call record, a contact, a short message, an album, an application program installation number, a simulator auxiliary application program, and the like. In addition, the Message Digest Algorithm MD5 (Message Digest Algorithm MD 5) may be used to encrypt the transmission information between the terminal and the server, so as to prevent malicious users from using the simulator to recognize the request information in the transmission information to perform a simulation request.
Step 202, judging whether the running environment of the application program is a simulator or not according to the running environment information.
In implementation, the server determines whether the operating environment of the application is a simulator according to the acquired operating environment information. If the running environment of the application is a non-simulator, no processing is performed. If the running environment of the application is a simulator, step 203 is performed.
For different specific information contained in the operating environment information, the server determines, according to the operating environment information, whether the operating environment of the application program is a simulator or not, and the method is also different, and the embodiment of the application provides four feasible methods, specifically as follows:
in a first mode, the operating environment information includes: the processing procedure that the server judges whether the running environment of the application program is the simulator or not according to the running environment information is as follows: and if the times of each value of the global variable in the program counter are 0, judging that the running environment of the application program is the simulator.
In implementation, the server determines whether the operating environment of the application program is the simulator according to the times of the values of the global variable in the program counter, and if the times of the values of the global variable in the program counter are 0, the server determines that the operating environment of the application program is the simulator. Currently, most real machines use the ARM architecture, while most simulators are the X86 architecture running on a personal computer. Therefore, the distinction between ARM and X86 can be used to determine whether it is a simulator. For simulators using the virtual operating system simulator Qemu (quick emulator), it can be detected by an optimization feature of the Qemu binary translation: a simulator physical CPU (Central Processing Unit) increments a program counter by one after each instruction is executed, and the program counter is always the latest value; qemu updates the program counter when it comes to the time it needs to return the latest value, and does not update every time otherwise. Thus, the program counter will point to the very beginning of a code block, since the program counter needs to be updated each time a branch jump is taken. Then it should also be possible for a virtual CPU to increment the program counter every time an instruction in the code is executed, thus ensuring that the program counter is the latest value. However, since the translated code is executed locally, i.e. emulated CPU, it is only necessary to return a correct value when the original code needs to access the program counter (since this does not affect the normal operation on the host system), and this feature can be used to directly determine whether the operating environment is an emulator. The server may start 2 threads T1 and T2. T1 adds Gi to Gt for a global variable G, which is assigned a value of 1 each time the loop G is completed. T2 reads G cyclically. The number of occurrences of the statistic N (an arbitrary number of Gi to Gt). If the two thread scripts are virtual CPUs, the number statistics in the middle running state can not be obtained, and the task scheduling of T2 can only occur after the execution of T1 is finished, so that the two thread scripts can be compiled into the so shared library, the return value is the number statistics in the middle running state, and if the return value is 0, the virtual CPUs can judge that the running environment of the application program is simulators.
In a second mode, the operating environment information includes: the processing procedure that the server judges whether the running environment of the application program is a simulator or not according to the running environment information is as follows: and if the preset file name exists in the file names, judging that the running environment of the application program is the simulator.
In implementation, the server determines whether the operating environment of the application is a simulator according to a file name included in an installation path of the application, and if the preset file name exists in the file name, the server determines that the operating environment of the application is the simulator. The preset file name is a file name unique to the simulator, such as qemu _ pipe and qemud.
In a third mode, the operating environment information includes: battery power, charged state, WIFI, GPS, bluetooth, temperature sensor in one or more, the server is according to the operational environment information, and whether the operational environment of judgement application is the processing procedure of simulator as follows: and judging whether the running environment of the application program is a simulator or not according to one or more of battery power, charging state, WIFI, GPS, Bluetooth and a temperature sensor.
In implementation, the battery capacity of the simulator is generally a constant value, and the charging state, the WIFI, the GPS, the Bluetooth, the temperature sensor and the like are not available. Therefore, the server can judge whether the running environment of the application program is a simulator according to one or more of battery power, charging state, WIFI, GPS, Bluetooth and temperature sensors. The formula for judging whether the running environment of the application program is a simulator by the server is as follows:
Figure 219416DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE068
a weight representing the charge level of the battery,
Figure DEST_PATH_IMAGE069
a characteristic value representing the battery level, if the battery level in the operating environment is a fixed value
Figure DEST_PATH_IMAGE070
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE071
a weight representing the state of charge,
Figure DEST_PATH_IMAGE072
a characteristic value representing a state of charge, if the state of charge is not present in the operating environment
Figure DEST_PATH_IMAGE073
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE074
the weight of the WIFI is represented by a weight,
Figure DEST_PATH_IMAGE075
representing a characteristic value of WIFI, if no WIFI exists in the operating environment, then
Figure DEST_PATH_IMAGE076
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE077
the weight of the GPS is represented by the weight,
Figure DEST_PATH_IMAGE078
representing a characteristic value of the GPS, if the GPS is not present in the operating environment
Figure DEST_PATH_IMAGE079
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE080
the weight of the bluetooth is represented and,
Figure DEST_PATH_IMAGE081
characteristic values representing bluetooth, if no bluetooth is present in the operating environment
Figure DEST_PATH_IMAGE082
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE083
the weight of the temperature sensor is represented by,
Figure DEST_PATH_IMAGE084
representing a characteristic value of a temperature sensor, if the temperature sensor is not present in the operating environment
Figure DEST_PATH_IMAGE085
Is 1, otherwise is 0; if it is not
Figure DEST_PATH_IMAGE086
And if the running environment of the application program is greater than the first preset value, judging that the running environment of the application program is a simulator.
In a fourth mode, the operating environment information includes: the processing process that the server judges whether the running environment of the application program is the simulator or not according to the running environment information comprises one or more of call records, contacts, short messages, photo albums, the installation number of the application program and the auxiliary application program of the simulator as follows: and judging whether the operating environment of the application program is the simulator or not according to one or more of call records, contacts, messages, photo albums, the installation number of the application programs and auxiliary application programs of the simulator.
In implementation, generally, the simulator does not have call records, contacts, messages, photo albums and the like, the installation number of the application programs is less than the threshold value of the installation number of the real machine application programs set according to industry experience, and the auxiliary application programs of the simulator can be installed. Therefore, the server can judge whether the running environment of the application program is the simulator or not according to one or more of call records, contacts, messages, photo albums, the installation number of the application program and the auxiliary application program of the simulator. The formula for judging whether the running environment of the application program is a simulator by the server is as follows:
Figure 252836DEST_PATH_IMAGE034
wherein the content of the first and second substances,
Figure DEST_PATH_IMAGE087
a weight representing the call record is determined,
Figure DEST_PATH_IMAGE088
a characteristic value representing a call log, if no call log exists in the operating environment
Figure 39264DEST_PATH_IMAGE038
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE090
the weight of the contact is represented and,
Figure DEST_PATH_IMAGE092
representing contactsCharacteristic value, if no contact exists in the operating environment, then
Figure DEST_PATH_IMAGE093
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE095
the weight of the short message is represented,
Figure DEST_PATH_IMAGE097
the characteristic value of the short message is represented, if the short message does not exist in the operating environment, the short message is represented
Figure DEST_PATH_IMAGE098
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE100
the weight of the photo album is represented and,
Figure DEST_PATH_IMAGE102
a characteristic value representing the album, if the album does not exist in the operating environment
Figure DEST_PATH_IMAGE103
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE105
a weight representing the number of applications installed,
Figure DEST_PATH_IMAGE107
a characteristic value representing the installation quantity of the application programs, if the installation quantity of the application programs in the running environment is less than a preset threshold value
Figure DEST_PATH_IMAGE108
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE109
representing the weight of the simulator secondary application,
Figure DEST_PATH_IMAGE110
characteristic values representing simulator secondary applications, if any, in the runtime environment
Figure DEST_PATH_IMAGE111
Is 1, otherwise is 0; if it is not
Figure DEST_PATH_IMAGE112
And if the running environment of the application program is larger than the second preset value, judging that the running environment of the application program is a simulator.
Step 203, if the running environment of the application program is the simulator, acquiring the user information corresponding to the application program.
In implementation, if the running environment of the application program is the simulator, the server acquires the user information corresponding to the application program. The user information includes detection time, the total current access amount, the number of page interfaces accessing the application program at the same time, and the like.
And 204, if the user information meets the preset malicious user condition, carrying out user prohibition according to the user information.
In implementation, if the user information meets a preset malicious user condition, the server performs user barring according to the user information. The preset malicious user condition is a judgment condition set according to industry experience, and whether the user is a malicious user can be judged according to the preset malicious user condition and user information. In addition, the user blocking mode can be various, and the embodiment of the application provides three blocking strategies: the method comprises the steps of forbidding a user login account, a forbidding equipment identification and a forbidding access address. In the implementation, two of the three blocking strategies can be combined according to specific situations, or the three blocking strategies can be adopted at the same time. The specific strategy is as follows: the method comprises the steps of blocking a user login account, shielding information of the login account, and limiting normal data access of the login account; the blocking of the device identification restricts normal data access for the device identification. Wherein, the simulator equipment identification is reset after being reinstalled, so that the simulator equipment identification is suggested to be used together with other blocking strategies; the blocking of the access address restricts normal data access of the access address.
As an optional implementation manner, the user information includes the current detection time, the current total number of accesses, and the number of page interfaces accessing the application program at the same time; the processing process of the server for judging whether the user information meets the preset malicious user condition is as follows:
step one, determining a normal access total number corresponding to the current detection time according to the current detection time and a preset normal access total number determination method.
In implementation, the server determines the total number of normal accesses corresponding to the current detection time according to the current detection time and a preset total number of normal accesses determining method. The formula for determining the total number of normal accesses corresponding to the current detection time by the server is as follows:
Figure 555346DEST_PATH_IMAGE067
wherein T represents the current detection time, F represents the total number of normal accesses, A1、A2、A3、B1、B2、B3、T1、T2Is a constant.
And step two, if the total number of current accesses is greater than the total number of normal accesses and the page interface number is greater than a preset page interface number threshold value, judging that the user information meets a preset malicious user condition.
In implementation, if the total number of current accesses is greater than the total number of normal accesses, and the page interface number is greater than a preset page interface number threshold, the server determines that the user information meets a preset malicious user condition. The preset page interface number threshold value is a constant set according to industry experience.
As an optional implementation manner, in order to prevent a user from installing and running a tampered application program, and performing malicious activities such as malicious registration and malicious billing by using the tampered application program, the processing procedure of the server further includes:
step one, in the installation process of the application program, the current version number and the first integrity check code of the application program are obtained.
In implementation, during the installation process of the application program, the server acquires the current version number and the first integrity check code of the application program. The server may determine a first integrity check code of the application program according to the data transmitted by the terminal, where the first integrity check code may reflect integrity information of the application program, and the first integrity check code may be a hash value.
And step two, inquiring a second integrity check code corresponding to the current version number in the corresponding relation between the pre-stored version number and the integrity check code, and if the second integrity check code is different from the first integrity check code, preventing the application program from being installed.
In implementation, the server queries a second integrity check code corresponding to the current version number in a corresponding relationship between a pre-stored version number and the integrity check code, and if the second integrity check code is different from the first integrity check code, the application program is a modified program, and the server directly prevents the application program from being installed. The second integrity check code may be a hash value. In addition, the pseudo-encryption of the installation package of the application program can prevent the analysis of the installation package of the application program, and further prevent the application program from being falsified.
The embodiment of the application provides a method for identifying a malicious user, after an application is installed in a terminal or a simulator installed on the terminal, computer equipment acquires running environment information of the application, and then judges whether the running environment of the application is the simulator or not according to the running environment information. And if the running environment of the application program is the simulator, the computer equipment acquires the user information corresponding to the application program. And if the user information meets the preset malicious user condition, the computer equipment performs user prohibition according to the user information. By the method, the problem that malicious users utilize the convenient environment of the simulator to carry out malicious behaviors such as malicious registration and malicious bill swiping on the application program can be solved.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a portion of the steps in fig. 2 may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed in turn or alternately with other steps or at least a portion of the other steps or stages.
It is understood that the same/similar parts between the embodiments of the method described above in this specification can be referred to each other, and each embodiment focuses on the differences from the other embodiments, and it is sufficient that the relevant points are referred to the descriptions of the other method embodiments.
An embodiment of the present application further provides an apparatus for identifying a malicious user, as shown in fig. 3, the apparatus includes:
a first obtaining module 310, configured to obtain operating environment information of an application;
a judging module 320, configured to judge whether the operating environment of the application is a simulator according to the operating environment information;
a second obtaining module 330, configured to obtain user information corresponding to the application program if the running environment of the application program is the simulator;
and the forbidding module 340 is configured to perform user forbidding according to the user information if the user information meets a preset malicious user condition.
As an alternative embodiment, the operation environment information includes: the judging module is specifically configured to:
and if the times of each value of the global variable in the program counter are 0, judging that the running environment of the application program is the simulator.
As an alternative embodiment, the operation environment information includes: the determining module is specifically configured to:
and if the preset file name exists in the file names, judging that the running environment of the application program is the simulator.
As an alternative embodiment, the operation environment information includes: battery power, charged state, wireless network communication technology WIFI, global positioning system GPS, bluetooth, one or more in the temperature sensor, this judging module specifically is used for:
and judging whether the running environment of the application program is a simulator or not according to one or more of battery power, charging state, WIFI, GPS, Bluetooth and a temperature sensor.
As an alternative embodiment, the operation environment information includes: one or more of call records, contacts, messages, photo albums, installation quantity of application programs and simulator auxiliary application programs, wherein the judging module is specifically used for:
and judging whether the operating environment of the application program is the simulator or not according to one or more of call records, contacts, messages, photo albums, the installation number of the application programs and auxiliary application programs of the simulator.
As an optional implementation manner, the user information includes the current detection time, the current total number of accesses, and the number of page interfaces accessing the application program at the same time; the block module further comprises:
the determining module is used for determining the total number of the normal accesses corresponding to the current detection time according to the current detection time and a preset total number of the normal accesses;
and the judging module is used for judging that the user information meets the preset malicious user condition if the total current access quantity is greater than the total normal access quantity and the page interface quantity is greater than a preset page interface quantity threshold value.
As an optional implementation, the apparatus further comprises:
the third acquisition module is used for acquiring the current version number and the first integrity check code of the application program in the installation process of the application program;
and the stopping module is used for inquiring a second integrity check code corresponding to the current version number in the corresponding relation between the pre-stored version number and the integrity check code, and stopping the installation of the application program if the second integrity check code is different from the first integrity check code.
The embodiment of the application provides a malicious user identification device, after an application program is installed in a terminal or a simulator installed on the terminal, computer equipment acquires running environment information of the application program, and then judges whether the running environment of the application program is the simulator or not according to the running environment information. And if the running environment of the application program is the simulator, the computer equipment acquires the user information corresponding to the application program. And if the user information meets the preset malicious user condition, the computer equipment performs user prohibition according to the user information. By the method, the problem that malicious users utilize the convenient environment of the simulator to carry out malicious behaviors such as malicious registration and malicious bill swiping on the application program can be solved.
For specific limitations of the identification device for the malicious user, reference may be made to the above limitations of the identification method for the malicious user, which are not described herein again. The modules in the malicious user identification device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, as shown in fig. 4, and includes a memory and a processor, where the memory stores a computer program that can be executed on the processor, and the processor implements the method steps of the above-mentioned identification of malicious users when executing the computer program.
In an embodiment, a computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the above-mentioned steps of the method of identification of a malicious user.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
It should be further noted that the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims (10)

1. A method for identifying a malicious user, the method comprising:
acquiring running environment information of an application program;
judging whether the operating environment of the application program is a simulator or not according to the operating environment information;
if the running environment of the application program is a simulator, acquiring user information corresponding to the application program;
and if the user information meets the preset malicious user condition, carrying out user prohibition according to the user information.
2. The method of claim 1, wherein the operating environment information comprises: the determining whether the operating environment of the application program is a simulator according to the operating environment information includes:
and if the times of each value of the global variable in the program counter are 0, judging that the running environment of the application program is a simulator.
3. The method of claim 1, wherein the operating environment information comprises: the determining, according to the operating environment information, whether the operating environment of the application is a simulator, of a filename included in an installation path of the application, includes:
and if the preset file name exists in the file names, judging that the running environment of the application program is a simulator.
4. The method of claim 1, wherein the operating environment information comprises: battery power, charged state, wireless network communication technology WIFI, global positioning system GPS, bluetooth, temperature sensor in one or more, according to operation environment information judges whether application's operational environment is the simulator, include:
Figure 705160DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 957149DEST_PATH_IMAGE002
a weight representing the charge level of the battery,
Figure 591393DEST_PATH_IMAGE003
a characteristic value representing a battery level, if the battery level in the operating environment is a fixed value
Figure 247DEST_PATH_IMAGE004
Is 1, otherwise is 0;
Figure 833073DEST_PATH_IMAGE005
a weight representing the state of charge,
Figure 193648DEST_PATH_IMAGE006
a characteristic value representing a state of charge, if the state of charge is not present in the operating environment
Figure 924974DEST_PATH_IMAGE007
Is 1, otherwise is 0;
Figure 825934DEST_PATH_IMAGE008
the weight of the WIFI is represented by a weight,
Figure 450951DEST_PATH_IMAGE009
a characteristic value representing WIFI, if the WIFI is not present in the operating environment, then
Figure 362187DEST_PATH_IMAGE009
Is 1, otherwise is 0;
Figure 767760DEST_PATH_IMAGE010
the weight of the GPS is represented by the weight,
Figure 410094DEST_PATH_IMAGE011
a characteristic value representing a GPS, if the GPS is not present in the operating environment
Figure 30563DEST_PATH_IMAGE012
Is 1, otherwise is 0;
Figure 795256DEST_PATH_IMAGE013
the weight of the bluetooth is represented and,
Figure 625809DEST_PATH_IMAGE014
a characteristic value representing Bluetooth, if the Bluetooth is not present in the operating environment
Figure 117839DEST_PATH_IMAGE015
Is 1, otherwise is 0;
Figure 842081DEST_PATH_IMAGE016
the weight of the temperature sensor is represented by,
Figure 715360DEST_PATH_IMAGE017
a characteristic value representing a temperature sensor, if the temperature sensor is not present in the operating environment
Figure 111837DEST_PATH_IMAGE018
Is 1, otherwise is 0; if it is not
Figure 955028DEST_PATH_IMAGE020
And if the running environment of the application program is greater than the first preset value, judging that the running environment of the application program is a simulator.
5. The method of claim 1, wherein the operating environment information comprises: one or more of call records, contacts, messages, photo albums, the installation number of application programs and simulator auxiliary application programs, wherein the step of judging whether the running environment of the application program is a simulator or not according to the running environment information comprises the following steps:
Figure 986307DEST_PATH_IMAGE021
wherein the content of the first and second substances,
Figure 30486DEST_PATH_IMAGE022
a weight representing the call record is determined,
Figure DEST_PATH_IMAGE023
a feature value representing a call log, if the call log is not present in the operating environment
Figure 507735DEST_PATH_IMAGE024
Is 1, otherwise is 0;
Figure 357879DEST_PATH_IMAGE025
the weight of the contact is represented and,
Figure 932080DEST_PATH_IMAGE026
a characteristic value representing a contact, if the contact is not present in the runtime environment, then
Figure 255483DEST_PATH_IMAGE027
Is 1, otherwise is 0;
Figure 610241DEST_PATH_IMAGE028
the weight of the short message is represented,
Figure 14809DEST_PATH_IMAGE029
representing the characteristic value of the short message, if the short message does not exist in the operating environment, the characteristic value of the short message is represented, and if the short message does not exist in the operating environment, the characteristic value of the short message is represented
Figure 443516DEST_PATH_IMAGE030
Is 1, otherwise is 0;
Figure 891815DEST_PATH_IMAGE031
the weight of the photo album is represented and,
Figure 266294DEST_PATH_IMAGE032
a characteristic value representing an album, if the album does not exist in the operating environment, then
Figure 254978DEST_PATH_IMAGE033
Is 1, otherwise is 0;
Figure 538192DEST_PATH_IMAGE034
a weight representing the number of applications installed,
Figure 173704DEST_PATH_IMAGE035
a characteristic value representing the installation quantity of the application programs, if the installation quantity of the application programs in the running environment is less than a preset threshold value, the characteristic value is used for judging whether the installation quantity of the application programs is less than a preset threshold value
Figure 299792DEST_PATH_IMAGE036
Is 1, otherwise is 0;
Figure DEST_PATH_IMAGE037
representing the weight of the simulator secondary application,
Figure 13539DEST_PATH_IMAGE038
a feature value representing a simulator secondary application, if the simulator secondary application is present in the runtime environment
Figure DEST_PATH_IMAGE039
Is 1, otherwise is 0; if it is not
Figure 88942DEST_PATH_IMAGE040
And if the running environment of the application program is larger than the second preset value, judging that the running environment of the application program is a simulator.
6. The method of claim 1, wherein the user information comprises a current detection time, a total number of current accesses, and a number of page interfaces accessing the application at the same time; judging whether the user information meets preset malicious user conditions or not, wherein the judging step comprises the following steps:
determining the total number of normal accesses corresponding to the current detection time according to the current detection time and a preset total number of normal accesses determining method;
and if the total current access quantity is greater than the total normal access quantity and the page interface quantity is greater than a preset page interface quantity threshold value, judging that the user information meets a preset malicious user condition.
7. The method according to claim 6, wherein according to the current detection time and a preset total number of normal accesses determining method, the formula for determining the total number of normal accesses corresponding to the current detection time is as follows:
Figure 144623DEST_PATH_IMAGE041
wherein T represents the current detection time, F represents the total number of normal accesses, A1、A2、A3、B1、B2、B3、T1、T2Is a constant.
8. The method of claim 1, further comprising:
in the installation process of the application program, acquiring the current version number and a first integrity check code of the application program;
and inquiring a second integrity check code corresponding to the current version number in the corresponding relation between the pre-stored version number and the integrity check code, and if the second integrity check code is different from the first integrity check code, preventing the application program from being installed.
9. An apparatus for identifying a malicious user, the apparatus comprising:
the first acquisition module is used for acquiring the running environment information of the application program;
the judging module is used for judging whether the running environment of the application program is a simulator or not according to the running environment information;
the second acquisition module is used for acquiring the user information corresponding to the application program if the running environment of the application program is a simulator;
and the forbidding module is used for carrying out user forbidding according to the user information if the user information meets the preset malicious user condition.
10. A computer device comprising a memory and a processor, the memory having stored thereon a computer program operable on the processor, wherein the processor, when executing the computer program, performs the steps of the method of any of claims 1 to 8.
CN202111479736.8A 2021-12-07 2021-12-07 Malicious user identification method and device and computer equipment Pending CN113902458A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111479736.8A CN113902458A (en) 2021-12-07 2021-12-07 Malicious user identification method and device and computer equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111479736.8A CN113902458A (en) 2021-12-07 2021-12-07 Malicious user identification method and device and computer equipment

Publications (1)

Publication Number Publication Date
CN113902458A true CN113902458A (en) 2022-01-07

Family

ID=79025507

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111479736.8A Pending CN113902458A (en) 2021-12-07 2021-12-07 Malicious user identification method and device and computer equipment

Country Status (1)

Country Link
CN (1) CN113902458A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114860348A (en) * 2022-06-09 2022-08-05 北京奇艺世纪科技有限公司 Android simulator identification method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927484A (en) * 2014-04-21 2014-07-16 西安电子科技大学宁波信息技术研究院 Malicious program behavior capture method based on Qemu
CN107729749A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 With reference to system information and the Android simulator detection method and device of ardware feature
CN107729750A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 With reference to configuration information and the Android simulator detection method and device of ardware feature
CN109117250A (en) * 2018-07-27 2019-01-01 平安科技(深圳)有限公司 A kind of simulator recognition methods, identification equipment and computer-readable medium
CN109144665A (en) * 2018-07-27 2019-01-04 平安科技(深圳)有限公司 A kind of simulator recognition methods, identification equipment and computer-readable medium
CN113450149A (en) * 2021-06-30 2021-09-28 中国建设银行股份有限公司 Information processing method and device, electronic equipment and computer readable medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103927484A (en) * 2014-04-21 2014-07-16 西安电子科技大学宁波信息技术研究院 Malicious program behavior capture method based on Qemu
CN107729749A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 With reference to system information and the Android simulator detection method and device of ardware feature
CN107729750A (en) * 2017-09-30 2018-02-23 北京梆梆安全科技有限公司 With reference to configuration information and the Android simulator detection method and device of ardware feature
CN109117250A (en) * 2018-07-27 2019-01-01 平安科技(深圳)有限公司 A kind of simulator recognition methods, identification equipment and computer-readable medium
CN109144665A (en) * 2018-07-27 2019-01-04 平安科技(深圳)有限公司 A kind of simulator recognition methods, identification equipment and computer-readable medium
CN113450149A (en) * 2021-06-30 2021-09-28 中国建设银行股份有限公司 Information processing method and device, electronic equipment and computer readable medium

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114860348A (en) * 2022-06-09 2022-08-05 北京奇艺世纪科技有限公司 Android simulator identification method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
KR101214893B1 (en) Apparatus and method for detecting similarity amongf applications
CN106569859B (en) Target file loading method and device
CA3152837A1 (en) Simulator detection method and system
CN109241731B (en) Privacy information protection method and device based on virtual application and storage medium
CN108733797B (en) File processing method and related device
US20110219454A1 (en) Methods of identifying activex control distribution site, detecting security vulnerability in activex control and immunizing the same
CN109271789B (en) Malicious process detection method and device, electronic equipment and storage medium
CN107797818A (en) Application program updating method and device
CN109582907A (en) Method of calibration, device, equipment and the readable storage medium storing program for executing of web page resources integrality
CN109446753A (en) Detect method, apparatus, computer equipment and the storage medium of pirate application program
CN111191226A (en) Method, device, equipment and storage medium for determining program by using privilege-offering vulnerability
CN110688168A (en) Method, device and equipment for improving starting speed of application program and storage medium
Tang et al. Detecting permission over-claim of android applications with static and semantic analysis approach
CN110837391B (en) Application program hot updating method and device, storage medium and electronic equipment
CN113902458A (en) Malicious user identification method and device and computer equipment
CN105074670A (en) Log output control device, method, and program
CN104036193A (en) Local cross-domain vulnerability detection method and device for application program
CN106034150B (en) Application program dynamic pushing method, device and system
CN112445705B (en) Software running system, method and device based on trusted verification and computer equipment
Kim et al. Detecting illegally-copied apps on android devices
CN113609478A (en) IOS platform application program tampering detection method and device
Nakamura et al. Reducing resource consumption of selinux for embedded systems with contributions to open-source ecosystems
CN109426546A (en) Using starting method and device, computer storage medium and equipment
CN114489698A (en) Application program installation method and device
CN109409038A (en) A kind of dynamic link library file cracks risk checking method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20220107