CN116319091A - Method and system for preventing attendance checking and card punching cheating - Google Patents
Method and system for preventing attendance checking and card punching cheating Download PDFInfo
- Publication number
- CN116319091A CN116319091A CN202310560295.7A CN202310560295A CN116319091A CN 116319091 A CN116319091 A CN 116319091A CN 202310560295 A CN202310560295 A CN 202310560295A CN 116319091 A CN116319091 A CN 116319091A
- Authority
- CN
- China
- Prior art keywords
- app
- data
- sdk
- cheating
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004080 punching Methods 0.000 title claims abstract description 52
- 238000000034 method Methods 0.000 title claims abstract description 49
- 238000002347 injection Methods 0.000 claims description 23
- 239000007924 injection Substances 0.000 claims description 23
- 230000008569 process Effects 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 11
- 230000006399 behavior Effects 0.000 claims description 8
- 238000004422 calculation algorithm Methods 0.000 claims description 6
- 230000006870 function Effects 0.000 description 8
- 238000012795 verification Methods 0.000 description 7
- 230000009471 action Effects 0.000 description 4
- 238000001514 detection method Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 238000005336 cracking Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 241000565357 Fraxinus nigra Species 0.000 description 1
- 208000003443 Unconsciousness Diseases 0.000 description 1
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000001902 propagating effect Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000012857 repacking Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/109—Time management, e.g. calendars, reminders, meetings or time accounting
- G06Q10/1091—Recording time for administrative or management purposes
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C1/00—Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people
- G07C1/10—Registering, indicating or recording the time of events or elapsed time, e.g. time-recorders for work people together with the recording, indicating or registering of other data, e.g. of signs of identity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Educational Administration (AREA)
- Data Mining & Analysis (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Time Recorders, Dirve Recorders, Access Control (AREA)
Abstract
The invention discloses a method and a system for preventing attendance card punching cheating, comprising the following steps: step S1, integrating a secure SDK by an app; step S2, in the card punching link, the app calls an interface provided by the SDK, account data are provided for the SDK, the SDK calls a camera to acquire employee photo data and card punching information data, and risk identification is carried out on the system; step S3, the SDK uniformly encrypts and returns the acquired data to the app, and the app submits the data to the wind control service; s4, decrypting the data by the wind control service, and judging according to the obtained data; and returning the judging result of the data to the background server through the interface to inform the background server whether the employee has cheating or not. The method can effectively protect the business flow of attendance checking and card punching, and find and block the occurrence of cheating.
Description
Technical Field
The invention relates to the technical field of computers and data processing, in particular to a method and a system for preventing attendance checking and card punching cheating.
Background
There are many ways to check in the attendance of the company, and the traditional way has special card punching equipment, and the card punching is carried out through the face or the fingerprint. At present, many companies choose to use the app for punching cards, and the app for punching cards can effectively reduce the cost for larger companies, especially for the situation that the number of the local network points is large in the whole country, so that the expense of purchasing the punching card equipment can be saved. Generally, attendance and card punching have two core elements, namely, firstly, the attendance and card punching must be performed at a designated office place, and secondly, the attendance and card punching must be performed by personnel.
Using app to punch cards also requires that these two factors be met, otherwise attendance may not be as effective as expected.
At present, a lot of cheating software and black ash products exist on the market, and attendance checking and card punching of an app are specially done, so that related personnel can finish the attendance checking and card punching without going to a job site. The invention mainly aims at the problem, and designs a scheme which can discover and organize attendance checking and card punching cheating.
The existing scheme for checking work attendance in an app mode mainly achieves the functions of identification recognition through face recognition and position verification, wherein the position verification is generally achieved through GPS acquisition, and whether the GPS is near the work place or not is checked. However, there are a large number of black tools on the market, which are generally used for breaking the original app and modifying the logic inside, for example, using photo direct injection, modifying GPS by the tools, etc. to achieve the purpose of punching cards and cheating.
There are various means of cheating the black product. Firstly, cracking the app, modifying the logic of the app, then repacking, for example, shielding a camera face acquisition link, directly selecting local photo uploading for punching a card, and secondly, modifying the GPS data of the equipment through a position simulation tool to enable the app to acquire set false position information; there is also a way that the app does not need to be cracked, and the camera function of the system, and the system GPS acquisition function are hijacked by a code hijacking tool and then injected into information that the app prepares in advance. The cheating staff directly provides personal number information and photos for the black product, the black product finishes attendance checking and card punching through the tool, and the staff does not need to do anything at all.
In general, as shown in fig. 1, an attendance checking and card punching interaction flow is that a client collects account data, and submits the information to a background server through a face photo and equipment position information obtained by a camera, and the background carries out verification, including face verification, namely whether the photo is an employee; and (3) checking the position, and checking whether the position of the equipment is in the job site. And after verification is successful, the card punching is completed.
As shown in fig. 2, the breaking mode of the black product is generally a mode of modifying the normal system data acquisition of the app by means of code hijacking, information tampering and the like, and false information is directly injected into the app. Hijacking a system function through attack frameworks such as xpose or frida, injecting photo data, directly skipping a link of a camera for acquiring face information, and injecting prepared photos into an app; the location information of the device is modified by a code hijacking or location modification tool, such as fakelocation tool. The data that is ultimately submitted to the background is tampered device data.
At present, no unified and effective way is provided for preventing the situation, and the invention mainly discovers and prevents the card punching cheating behavior by adding a safety prevention and control mechanism.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention aims to provide a method and a system for preventing the attendance checking and the card punching from cheating, which can effectively protect the business flow of the attendance checking and the card punching, and discover and block the occurrence of the cheating.
In order to achieve the above purpose, the invention provides a method for preventing attendance checking and card punching cheating, which comprises the following steps:
step S1, integrating a secure SDK by an app;
step S2, in the card punching link, the app calls an interface provided by the SDK, account data are provided for the SDK, the SDK calls a camera to acquire employee photo data and card punching information data, and risk identification is carried out on the system;
step S3, the SDK uniformly encrypts and returns the acquired data to the app, and the app submits the data to the wind control service;
s4, decrypting the data by the wind control service, and judging according to the obtained data; and returning the judging result of the data to the background server through the interface to inform the background server whether the employee has cheating or not.
Further, in step S2, the card punching information includes device location information, a current app package name, an app signature, an app size, an app version number, an app process name, a device unique identifier, and WiFi information of a current job site.
Further, in step S2, the risk identification includes identifying whether there is an attack frame and whether there is code injection and hijacking.
Further, the attack framework includes an xpose or frida framework.
Further, the method of identification is as follows: the attack framework can leave files associated with the attack in the app operating environment, and a dynamic library associated with the attack can judge whether the attack framework is currently used or not by detecting the files and the dynamic library.
Further, the method of identifying further comprises: and acquiring an execution stack of the function, judging whether the information of code hijacking exists in the stack information, and detecting whether the character related to the attack and relevant to the attack frame exists in the stack.
Further, in step S3, the encryption scheme is as follows: encrypting in the SDK, collecting a certain equipment identifier by the SDK, calculating to obtain a secret key for encryption by a certain specific algorithm, encrypting data and transmitting the data to the background; meanwhile, the app acquires the equipment identifier once again outside the SDK and transmits the equipment identifier to the background, the same algorithm calculation is carried out when the background receives the equipment identifier, a secret key is obtained, and then the data is decrypted.
Further, in step S4, the wind control service decrypts the data, and determines according to the obtained data; the method comprises the steps of judging whether code hijacking and injection behaviors exist, judging whether app package information is tampered, judging whether the app package information is WiFi information of a job place, and judging whether the app package information is a device to check the attendance of a plurality of people through the unique device identifier and account data.
Further, the wind control service comprises two modules, namely a rule execution module and a table calculation module
On the other hand, the invention provides a system for preventing the attendance checking cheating, which is used for realizing the method for preventing the attendance checking cheating.
The beneficial effects of the invention are as follows:
the photo and the position data are acquired by the SDK, and the SDK is used for detecting hijacking and injection of the system interface and judging whether the system function hijacking exists or not when the SDK is acquired, and the SDK needs reinforcement and protection.
In the process of acquiring the photo and the position information, acquiring the information of an app package, including app size, app signature, app registration, app version, app process information and the like, comparing the information with the information of an official version, and ensuring that the app is the official version.
The method ensures that a device must be in a certain formulated place, besides GPS position information, available WiFi nearby can be collected, most of the sites have WiFi, and the collection of a WiFi list at the time can be helpful for judging whether the device is nearby the sites.
The security SDK is added on the client, the system data acquisition process is protected and verified, the risk identification service is added in the background, and the risk identification is carried out in the card punching process. The invention can effectively protect the business flow of checking work attendance and punching card, and find and block the occurrence of cheating.
Drawings
FIG. 1 shows a prior art attendance punch-card flow chart;
FIG. 2 shows a flow chart of an attendance punch card cheating method in the prior art;
FIG. 3 is a schematic diagram of a method for preventing attendance punch card cheating according to an embodiment of the present invention;
fig. 4 illustrates an operational flow diagram of a method of preventing attendance punch card cheating in accordance with an embodiment of the present invention.
Detailed Description
The following description of the embodiments of the present invention will be made more apparent and fully hereinafter with reference to the accompanying drawings, in which some, but not all embodiments of the invention are shown. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
In the description of the present invention, it should be noted that the directions or positional relationships indicated by the terms "center", "upper", "lower", "left", "right", "vertical", "horizontal", "inner", "outer", etc. are based on the directions or positional relationships shown in the drawings, are merely for convenience of describing the present invention and simplifying the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and thus should not be construed as limiting the present invention. Furthermore, the terms "first," "second," and "third" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance.
In the description of the present invention, it should be noted that, unless explicitly specified and limited otherwise, the terms "mounted," "connected," and "connected" are to be construed broadly, and may be either fixedly connected, detachably connected, or integrally connected, for example; can be mechanically or electrically connected; can be directly connected or indirectly connected through an intermediate medium, and can be communication between two elements. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
The following describes embodiments of the present invention in detail with reference to fig. 3 and 4. It should be understood that the detailed description and specific examples, while indicating and illustrating the invention, are not intended to limit the invention.
As shown in fig. 3, a method and a system for preventing attendance card swiping cheating according to an embodiment of the invention, wherein the method comprises the following steps:
step S1, integrating the secure SDK by the app.
The SDK is a separate toolkit, integrated by the handset app. The safe SDK comprises a basic data acquisition module and an environment risk identification module. The basic data acquisition module is used for acquiring basic data of equipment and an app, wherein the basic data comprises system information such as equipment model, version, mac address, android_id, imei, app version, app signature, app size, app process name and the like. The environment risk identification module is used for judging whether the current environment has risks or not, wherein the risks comprise code hijacking, code injection, simulators, attack frameworks and the like.
The secure SDK provides an api, and when the app calls the api, the SDK is driven to collect data and identify risks, and the SDK encrypts the collected data and returns the encrypted data to the app.
Step S2, in the card punching link, the app calls an interface provided by the SDK, account data are provided for the SDK, the SDK calls a camera to acquire employee photo data and card punching information, and risk identification is carried out on the system. The card punching information comprises equipment position information, current app package name, app signature, app size, app version number, app process name, equipment unique identification and WiFi information of a current job site, and the risk identification comprises the action of identifying whether an attack framework exists or not and whether code injection and hijacking exist or not. The attack frameworks include xpose or frida frameworks and the like.
After an app is published, its size, signature, and process information will not change over a particular version. The data are collected and checked in a decision system to detect whether the app package is tampered, if the black product reverses the official app, the tampered code logic is then repackaged, and at this time, much information of the app package may change, such as size, signature, version number, etc. The location information is mainly used for checking whether the user is at a designated office location, for example, a company requires a card to be punched at a designated place, for example, a company address, and the gps location information is mainly collected for detecting whether the location of the device is near the designated office location.
The risk identification flow is as follows:
s21, acquiring equipment position information in the card punching information, and detecting whether the position of equipment is in a set range;
if the position detection is not in the specified range, the position detection is directly used as the card punching failure processing to prompt the user that card punching is necessary in the office. In addition, the black product can also tamper with GPS, and generally, the code hijacking and injection mode is adopted, so that when the position information is acquired in the SDK, the code hijacking and injection mode can be detected at the same time when the APP is detected, and the mode is consistent with the injection mode of the photo.
S22, acquiring a current app packet name, an app signature, an app size, an app version number and an app process name in the card punching information, and judging whether the app packet is tampered;
from practical attack and defense experience, one of the important ways to find black production is to crack the app, reverse and repackage, so it is particularly emphasized here that the app is to be integrity checked.
And S23, identifying whether an attack frame exists or not and whether code injection and hijacking actions exist or not.
In step S23, it is determined whether there is an attack frame and whether there is code injection and code hijacking actions by detecting whether there is a file associated with an attack and a dynamic library associated with an attack or detecting whether the stack information contains characters associated with an attack.
If an app is to be attacked, the attack framework, mainly xpose and frida, needs to be installed first. And then hijacking the codes, such as hijacking the interfaces of the system and tampering the position information returned by the interfaces of the system when the geographical position information is acquired. The code injection refers to the code of an attacker inside the app, and some processes inside the app are modified, for example, the original logic of the app can call up a camera, after the attacker modifies the code, the step of tuning can be shielded, and the photo is directly used as an acquired result.
The principle and mode of attack frame recognition are as follows:
the first way is: the attack framework can leave files associated with the attack and dynamic libraries associated with the attack in the app operating environment, and whether the attack framework is used currently can be judged by detecting the files and the dynamic libraries. When the app is installed and uses an attack framework, files associated with the attack are so files, many frameworks can leave the so files associated with the attack in the app environment, the so files are necessary dependencies for the attack framework to run, and the files associated with the attack comprise substrate. So and yahfa. So, and whether the so files exist or not is detected. The detection mode is to check the application memory space, such as detecting map file information, and can check which so files are loaded by the application process, and if so files related to attack exist, the app is indicated to be injected by codes.
The second way is: acquiring an execution stack of a function, judging whether the stack information contains code hijacking information or not, and detecting whether characters associated with attack exist in the stack; another way is to detect the execution stack of the app, which is to directly read the loaded so file, detect whether the stack information contains characters associated with the attack, which may be a SandInlineHook, art _java_method_hook word, and many attack frameworks leave similar abnormal information in the stack, and determine whether there is a code injection situation according to the information.
The characters associated with the attack in the so files and the code stacks are obtained by analyzing a large number of black-out cracking tools, and summarizing and analyzing the reverse large number of illegally repacked apps, so that an attacker needs to modify GPS, tamper the data acquisition logic of the camera, use an xpose or frida type attack framework, and if some logic tampering of the original apps is to be realized, the so libraries are required to be introduced, and therefore, the targeted detection can judge whether the attack framework exists or not and whether code injection and code hijacking actions exist or not.
The invention further collects the local area network ip of the equipment under the condition of the WIFI network, and in general, under a specific WIFI network, the network segments of the local area network are set, for example, ip is 192.168.1.X, if the collected ip of the local area network is not the network segment, for example, 10.0.0.X, the equipment is not in the network environment of a company, and the equipment has higher cheating risk and can directly identify card punching failure.
And step S3, the SDK uniformly encrypts and returns the acquired data to the app, and the app submits the data to the wind control service through a background service server.
Encryption mode: encrypting in the SDK, collecting a certain device identifier such as android_id by the SDK, calculating by a plurality of specific algorithms such as hash, obtaining a key for encryption, encrypting the data and transmitting the data to the background. Meanwhile, outside the SDK, the app needs to acquire the android_id again and transmit the id into the background, the same algorithm calculation can be carried out when the background receives the android_id, a secret key is obtained, and then the data is decrypted. The method can ensure that the encryption of the SDK is one-machine-one-encryption, and ensure that the encrypted message cannot be cracked on a large scale.
And S4, decrypting the data by the wind control service, and judging according to the acquired data. Whether code hijacking and injection behaviors exist or not, whether the app package information is tampered or not, whether WiFi information of the job place is acquired or not, and whether one device checks attendance and punch a card for a plurality of people or not is judged through the unique device identifier and account data. And returning the judging result of the data to the background server through the interface to inform the background server whether the employee has cheating or not.
Code hijacking and injection are carried out by the SDK on the client, the identification result is true or false, whether injection or hijacking exists or not is indicated, and the server side can simply judge. Whether the app package is tampered is in accordance with the principle described above by comparing various information of the collected app package with a preconfigured value. The verification of WiFi is that the WiFi name of say job site is xxxx_wifi, and the WiFi name can be gathered to the SDK, carries out the verification to the backstage server, and whether the WiFi name of gathering indicates this for the appointed.
The wind control service mainly performs rule judgment and calculation.
The basic form of a single rule is a > b, including left variable, operator, right variable.
a is the left variable, greater than sign > is the operator, and b is the right variable.
For example, it is determined that the packet size of the app is equal to a set value, which is a rule.
The risk of fraud in this transaction is determined by a series of rules.
Specific rules are listed below:
whether there is code injection behavior = true;
whether there is code hijacking behavior = true;
whether the collected wifi name is equal to the real wifi name of the job site;
whether the app packet size is equal to a preset value;
whether the app version is an officially released version;
whether the app signature is equal to the signature of the official version;
whether the app process information is equal to the official version information;
today the number of accounts associated when the device is swiped exceeds 1;
in addition, after the index calculation, for example, after a certain employee punches a card, the unique identifier of the device is associated with an account in the system and stored in a database, if a plurality of people use one device to punch a card, the unique identifier of the device is associated with a plurality of accounts, and the data can be finally output to a rule in the form of an index to form the following steps:
a number of account numbers associated with one device >3, such a rule.
A single wind control service is used for judging, rules can be adjusted in real time, and various cheating risks can be effectively and rapidly handled.
The wind control service here includes two modules, one being a rule execution module and one being an index calculation module.
The rule execution module is mainly responsible for executing preconfigured rules, such as:
specific rules are listed below:
whether there is code injection behavior = true;
whether there is code hijacking behavior = true;
whether the collected wifi name is equal to the real wifi name of the job site;
whether the app packet size is equal to a preset value.
The rule execution module collects the reported data according to the preset rules in combination with the SDK, and comprehensively executes the data to obtain a rule final execution result, if any one of the above rules hits, for example
The app packet size is not equal to the preset value, and this rule is established, and the operation is considered to be risky.
The index calculation module provides a real-time calculation capability, for example, after each time of punching a card, the unique identifier of the device acquired from the SDK is associated with the account punched at this time and stored in the redis, the key is the unique identifier of the device, the value is the account, that is, the current device identifier is associated with an account, if the device uses other accounts again for punching a card, the account is also recorded in the redis, and the number of the associated accounts is changed into 2. When executing the rule, the SDK collects the unique identifier of the device, then reads the index from the index calculation module, executes the rule after reading the data, and judges whether the number of the accounts associated with the device is more than 1.
Rule judgment adopts a rule scoring weight mode, for example, the following steps:
equipment root or jail break 15 points
Discovery code hijacking 20 minutes
Discovery attack framework 20 points
Discovery code injection 20
Simulator 20 minutes
app size anomaly 10 minutes
app version number exception 10 minutes
app signature anomaly 10 points
10 minutes of app process name exception
Whether the location of the device GPS is 20 minutes around the company
Associating 2 accounts 10 points with the same device
More than 2 accounts 20 points are associated with the same equipment
And accumulating the weight scores of the rules after a certain rule hits, and finally summing all the rule hits, wherein the total score is more than 20 points, namely the risk is considered to be high, the probability of cheating is considered to be high, and the failure of the card is considered.
The rule weight and score can be adjusted according to the actual situation.
As shown in fig. 4, the specific flow of the punching tool of the present invention is as follows:
t1, a user punches a card app and logs in the app;
entering a card punching link, and enabling the system to call up a camera to acquire a face photo;
the app calls up the secure SDK and transmits the collected photo data and account data to the secure SDK;
t4, collecting app basic information, app version number, size, registration, signature and process information in the secure SDK, collecting device unique identification, collecting GPS position information, and identifying risks of the system, wherein the risks comprise code hijacking, code injection, whether the device root, whether a simulator and an attack frame;
t5, uniformly encrypting the photo, the account and the collected data by the secure SDK, and returning the encrypted data to the app;
the app submits a card punching request to a background server;
t7, the background server transmits the data submitted by the app to the wind control system;
t8. the wind control system firstly decrypts the data, calculates the preset index after decrypting the data, and then executes the preset rule; according to the weight score configured by the rule, a risk identification result is finally obtained, so that whether the card punching data has problems or not is determined;
t9. the wind control system returns the identified result and other decrypted data to the background server;
and T10, the background server performs data processing, including checking whether the photo is the same, finally determining whether the card passes by combining the result of the wind control identification, and returning the result to the app.
Any process or method description in a flowchart of the invention or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, which may be implemented in any computer-readable medium for use by an instruction execution system, apparatus, or device, which may be any medium that contains a program for storing, communicating, propagating, or transmitting for use by the execution system, apparatus, or device. Including read-only memory, magnetic or optical disks, and the like.
In the description herein, reference to the term "embodiment," "example," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the different embodiments or examples described in this specification and the features therein may be combined or combined by those skilled in the art without creating contradictions.
While embodiments of the present invention have been shown and described, it will be understood that the embodiments are illustrative and not to be construed as limiting the invention, and that various changes, modifications, substitutions and alterations may be made by those skilled in the art without departing from the scope of the invention.
Claims (10)
1. A method for preventing attendance checking and card punching cheating, which is characterized by comprising the following steps:
step S1, integrating a secure SDK by an app;
step S2, in the card punching link, the app calls an interface provided by the SDK, account data are provided for the SDK, the SDK calls a camera to acquire employee photo data and card punching information data, and risk identification is carried out on the system;
step S3, the SDK uniformly encrypts and returns the acquired data to the app, and the app submits the data to the wind control service;
s4, decrypting the data by the wind control service, and judging according to the obtained data; and returning the judging result of the data to the background server through the interface to inform the background server whether the employee has cheating or not.
2. The method according to claim 1, wherein in step S2, the card punching information includes device location information, current app package name, app signature, app size, app version number, app process name, device unique identifier, and WiFi information of current job site.
3. The method according to claim 1, wherein in step S2, the risk identification includes identifying whether there is an attack frame and whether there is code injection and hijacking.
4. A method of preventing attendance punch-card cheating as claimed in claim 3, wherein the attack framework comprises an xpose or frida framework.
5. A method for preventing attendance punch card cheating as claimed in claim 3, characterized in that the method for identifying is as follows: the attack framework can leave files associated with the attack in the app operating environment, and a dynamic library associated with the attack can judge whether the attack framework is currently used or not by detecting the files and the dynamic library.
6. The method for preventing attendance punch card cheating as recited in claim 5, wherein the method for identifying further comprises: and acquiring an execution stack of the function, judging whether the information of code hijacking exists in the stack information, and detecting whether characters associated with attack exist in the stack.
7. The method for preventing attendance card punching cheating according to claim 1, wherein in step S3, the encryption mode is as follows: encrypting in the SDK, collecting a certain equipment identifier by the SDK, calculating to obtain a secret key for encryption by a certain specific algorithm, encrypting data and transmitting the data to the background; meanwhile, the app acquires the equipment identifier once again outside the SDK and transmits the equipment identifier to the background, the same algorithm calculation is carried out when the background receives the equipment identifier, a secret key is obtained, and then the data is decrypted.
8. The method for preventing attendance card punching cheating according to claim 1, wherein in step S4, the wind control service decrypts the data and judges according to the obtained data; the method comprises the steps of judging whether code hijacking and injection behaviors exist, judging whether app package information is tampered, judging whether the app package information is WiFi information of a job place, and judging whether the app package information is a device to check the attendance of a plurality of people through the unique device identifier and account data.
9. The method of claim 1, wherein the air control service comprises two modules, one is a rule execution module and the other is a meter calculation module.
10. A system for preventing attendance punch-card cheating, characterized in that the system is used for realizing the method for preventing attendance punch-card cheating according to any one of claims 1-9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310560295.7A CN116319091A (en) | 2023-05-18 | 2023-05-18 | Method and system for preventing attendance checking and card punching cheating |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310560295.7A CN116319091A (en) | 2023-05-18 | 2023-05-18 | Method and system for preventing attendance checking and card punching cheating |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116319091A true CN116319091A (en) | 2023-06-23 |
Family
ID=86813548
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310560295.7A Pending CN116319091A (en) | 2023-05-18 | 2023-05-18 | Method and system for preventing attendance checking and card punching cheating |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116319091A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160212590A1 (en) * | 2011-06-01 | 2016-07-21 | Guy Decorte | System for Analyzing and Improving Device Location as a Function of Time |
| CN109584396A (en) * | 2018-11-27 | 2019-04-05 | 湛江开发区四洲网络科技有限公司 | Indoor positioning attendance management method and apparatus and indoor positioning Work attendance method and device |
| CN109829994A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | A kind of Work attendance method, device, computer equipment and readable storage medium storing program for executing |
| CN111833472A (en) * | 2020-07-15 | 2020-10-27 | 前海人寿保险股份有限公司 | Real-time attendance checking method and device and computer readable storage medium |
| CN112419681A (en) * | 2020-11-19 | 2021-02-26 | 杭州云深科技有限公司 | Target early warning method, electronic device, and medium |
| CN113593065A (en) * | 2021-06-28 | 2021-11-02 | 深圳云之家网络有限公司 | Intelligent attendance processing method and device, computer equipment and storage medium |
| CN114117414A (en) * | 2020-08-31 | 2022-03-01 | 中国移动通信集团重庆有限公司 | Security protection system, method, device and storage medium for mobile application |
-
2023
- 2023-05-18 CN CN202310560295.7A patent/CN116319091A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20160212590A1 (en) * | 2011-06-01 | 2016-07-21 | Guy Decorte | System for Analyzing and Improving Device Location as a Function of Time |
| CN109584396A (en) * | 2018-11-27 | 2019-04-05 | 湛江开发区四洲网络科技有限公司 | Indoor positioning attendance management method and apparatus and indoor positioning Work attendance method and device |
| CN109829994A (en) * | 2018-12-13 | 2019-05-31 | 平安万家医疗投资管理有限责任公司 | A kind of Work attendance method, device, computer equipment and readable storage medium storing program for executing |
| CN111833472A (en) * | 2020-07-15 | 2020-10-27 | 前海人寿保险股份有限公司 | Real-time attendance checking method and device and computer readable storage medium |
| CN114117414A (en) * | 2020-08-31 | 2022-03-01 | 中国移动通信集团重庆有限公司 | Security protection system, method, device and storage medium for mobile application |
| CN112419681A (en) * | 2020-11-19 | 2021-02-26 | 杭州云深科技有限公司 | Target early warning method, electronic device, and medium |
| CN113593065A (en) * | 2021-06-28 | 2021-11-02 | 深圳云之家网络有限公司 | Intelligent attendance processing method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN113726780B (en) | Network monitoring method and device based on situation awareness and electronic equipment | |
| CN112149123B (en) | Safety inspection system and method for application program | |
| CN113438249B (en) | Attack tracing method based on strategy | |
| CN115550063B (en) | Network information security supervision method and system | |
| CN113311809A (en) | Industrial control system-based safe operation and maintenance instruction blocking device and method | |
| CN110175067A (en) | A kind of mobile application tank force three-dimensional defence method and system | |
| CN110955897A (en) | Software research and development safety control visualization method and system based on big data | |
| CN116881979A (en) | Method, device and equipment for detecting data safety compliance | |
| CN115982681A (en) | Computer network identity verification system | |
| CN110995658A (en) | Gateway protection method, device, computer equipment and storage medium | |
| CN113987508A (en) | Vulnerability processing method, device, equipment and medium | |
| JP4843546B2 (en) | Information leakage monitoring system and information leakage monitoring method | |
| CN117272308A (en) | Software security test method, device, equipment, storage medium and program product | |
| CN116861422A (en) | API interface detection and protection method, device, equipment and storage medium | |
| CN114124453B (en) | Processing method and device of network security information, electronic equipment and storage medium | |
| CN116319091A (en) | Method and system for preventing attendance checking and card punching cheating | |
| Gourisetti et al. | Demonstration of the cybersecurity framework through real-world cyber attack | |
| CN116955441A (en) | Broken card early warning platform | |
| CN116074833A (en) | Method and device for judging short message verification code | |
| KR20220121744A (en) | IoT device monitoring method based on Big Data and Artificial intelligence and IoT device monitoring system performing the same | |
| CN102780686A (en) | Credible resource based method and device for protecting bank user information | |
| CN113360354A (en) | User operation behavior monitoring method, device, equipment and readable storage medium | |
| KR102192232B1 (en) | System for providing verification and guide line of cyber security based on block chain | |
| CN101227281A (en) | Dynamic anti stealing information and identification authenticating method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20230623 |