CN1874227A - Network site system with defensive pseudo network, and defensive method of pseudo network site - Google Patents
Network site system with defensive pseudo network, and defensive method of pseudo network site Download PDFInfo
- Publication number
- CN1874227A CN1874227A CN 200610092915 CN200610092915A CN1874227A CN 1874227 A CN1874227 A CN 1874227A CN 200610092915 CN200610092915 CN 200610092915 CN 200610092915 A CN200610092915 A CN 200610092915A CN 1874227 A CN1874227 A CN 1874227A
- Authority
- CN
- China
- Prior art keywords
- user
- website
- counterfeiting information
- pseudo
- fake certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The system includes sever at network site and user terminal. The server includes network communication module, module of guarding against false, authentication module, and central processing module. The method of guarding against false includes steps: storing user's information for guarding against false in database of information for guarding against false in the server; after receiving request of authentication for guarding against false, the server queries information for guarding against false based on information of the user carried in the request, and sends the queried result to user terminal; after receiving validation information of authentication for guarding against false, user account name and information of cipher code, the server carries out authentication for user ID; sending information of successful logging in to user terminal if authentication is passed; otherwise, sending error to user. The invention prevents user from logging in false site.
Description
Technical field
The present invention relates to defend the web station system and the website method for anti-counterfeit of pseudo-website, relate in particular to false proof web station system and the website method for anti-counterfeit that effectively to protect website user profile.
Background technology
Along with development of internet technology, ecommerce is development with surprising rapidity, simultaneously, the spreading unchecked of hacker's attack, virus and trojan horse program, the fail safe of network is challenged day by day.Fake site, e-mail bomb (E-mailBomb), glacial epoch wooden horse, code red, shock wave virus, worm-type virus, Sasser or the like, the continuous conversion renovation of virus sample trees, performance characteristic is also very strange, its purpose otherwise be the change computerized information make its machine that can not normally move or delay, the surge network traffics increase the network bandwidth, network congestion is blocked down to paralysis, or steal others' privacy, obtain its hidden purpose.Wherein, false website of bank is as a kind of main phishing method, repeatedly success deceive user's true password, bank client has been caused very big loss, bank's reputation is also caused adverse effect, also become one of factors leading to social instability.
Pseudo-website claims the fake site again, is a cover outward appearance and true similar website, website, is used to steal the true log-on message (generally including user number and password) of website, and its domain name also is provided with to such an extent that be similar to true website.These websites often can be found in various search engines.If real user is logined at pseudo-website, then pseudo-website will be noted client's log-on message, and rational error message of prompting client.It is target of attack that present pseudo-website provides the website of financial service with Web bank etc. mostly, the offender is behind the true logon information that obtains the user, just can utilize client's log-on message to enter true website with client identity authentication, enforcement is to the disadvantageous behavior of client, for example, client's fund is produced or carry out shopping online with client's account.
The individual Web bank of domestic each tame bank adopted persuasion and education mostly, distinguish different editions, the individual Web bank that has only the digital certificate version is just provided the attack of means defence pseudo-website such as account transfer.Though the offender is difficult to enter the personal version that needs digital certificate to login, but promptly allowing to login popular version inquires about, also run counter to the promise that bank maintains secrecy for the client, indivedual banks are because there is the logic leak in the combination process between each business, and the stolen report of client's microfinance also happens occasionally.
Summary of the invention
The objective of the invention is at the existing in prior technology defective; the web station system and the pseudo-website defence method of defence pseudo-website are provided; the function of differentiating the website true and false is provided, thereby prevents that other people from stealing user's log-on message by pseudo-website, effectively protects user profile.
To achieve these goals, the invention provides a kind of web station system of defending pseudo-website, comprising:
Website server is used to provide the user to ask the data of browsing, and this Website server comprises network communication module, is used for the data interaction with the Internet; False proof module is connected with described network communication module, is used to provide anti-counterfeiting information; Authentication module is connected with described network communication module, is used for user identity is authenticated; Central processing module is connected with described network communication module and authentication module, the data that are used to the user to provide request to browse; And user terminal, with Website server by Internet connection, be used for by the internet access Website server, carry out data interaction with Website server.
Wherein, described false proof module can comprise: the anti-counterfeiting information database is used to store user's anti-counterfeiting information; The anti-counterfeiting information enquiry module is connected with described network communication module and anti-counterfeiting information database, is used for according to the user profile that receives, and extracts corresponding anti-counterfeiting information from the anti-counterfeiting information database; And the anti-counterfeiting information output module, be connected with described anti-counterfeiting information enquiry module and network communication module, be used for anti-counterfeiting information is sent to user terminal by the Internet.
Described system also can comprise: the anti-counterfeiting information input unit, be connected with described anti-counterfeiting information database and central processing module, and be used for user's anti-counterfeiting information is saved in described anti-counterfeiting information database; Mobile communication module is connected with described false proof module, is used for anti-counterfeiting information is sent to by the mobile network user's portable terminal.
The present invention also provides a kind of pseudo-website defence method, comprising:
Steps A, user's anti-counterfeiting information is stored in the anti-counterfeiting information database of Website server;
After step B, Website server receive the anti-fake certificate request, according to the user profile inquiry anti-counterfeiting information that carries in this anti-fake certificate request;
Step C, Website server are sent to relevant user terminals with anti-counterfeiting information;
Step D, after receiving anti-fake certificate confirmation, user account names and encrypted message, Website server authenticates user identity, if authentication is passed through, then sends the login successful information to user terminal, otherwise, send error message to user terminal.
Wherein this method also can comprise: when the user terminal access Website server, show the anti-fake certificate information, the prompting user carries out the website anti-fake certificate.Described anti-fake certificate information can be shown in the assigned address of logon web page, and after the user imported account name and clicks the anti-fake certificate button, user terminal sent the anti-fake certificate request that carries user account names to Website server; The information of described anti-pseudo-website also can popup web page form show, in the anti-fake certificate page that ejects, be provided with the edit box that is used to input the anti-fake certificate user name, after the user inputed the anti-fake certificate user name and clicks the anti-fake certificate request, user terminal sent the anti-fake certificate request that carries the anti-fake certificate user name to Website server.
After receiving the anti-fake certificate confirmation, Website server sends the login page data to user terminal, is provided with the edit box that is used to input user account names and password in this login page.The user uses for convenience, makes the user need not import too much information, and when described anti-fake certificate user name and user account names unanimity, user terminal is when showing login page, at the edit box explicit user account name that is used for importing user account names.
Can the anti-fake certificate user name be set to different information, at this moment,, then need in the anti-counterfeiting information database, the anti-fake certificate user name be associated with user account names if want automatic explicit user account name when showing login page with user account names; Website server is after receiving the anti-fake certificate confirmation, according to anti-fake certificate user name inquiring user account name; Website server to user terminal send the login page data in carry user account names information; User terminal is shown in user account names the edit box that is used for importing user account names when showing login page.
This method also can comprise: Website server is sent to the portable terminal of binding with the anti-fake certificate user name with user's anti-counterfeiting information by the mobile network.
After authenticating user identification passed through, Website server was revised the anti-counterfeiting information that relative users is revised in request according to the anti-counterfeiting information that user terminal sends.Website server according to the incidence relation of false proof account user name and user account number name, is revised the anti-counterfeiting information of corresponding false proof account user name correspondence when revising anti-counterfeiting information.
The present invention makes things convenient for the user that the true and false of differentiating the website is provided, and can prevent the user to login pseudo-website, prevents that other people from stealing user's log-on message by pseudo-website, thereby can effectively protect user profile.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Description of drawings
Fig. 1 is the web station system structural representation of defence pseudo-website of the present invention;
Fig. 2 is false proof module one a specific embodiment structural representation of the present invention;
Fig. 3 is a pseudo-website defence method flow chart of the present invention;
Fig. 4 is another specific embodiment structural representation of false proof module of the present invention.
Embodiment
As shown in Figure 1, be the web station system structural representation of defence pseudo-website of the present invention, comprise Website server 1 and user terminal 2.Website server and user terminal carry out data interaction by the Internet, for the user provides the data browsed of request.
Website server comprises: network communication module 11, false proof module 12, authentication module 13 and central processing module 14.Network communication module 11 is used for the data interaction with the Internet; False proof module 12 is connected with network communication module 11, is used to provide anti-counterfeiting information; Authentication module 13 is connected with network communication module 11, is used for user identity is authenticated; Central processing module 14 is connected with described network communication module 11 and authentication module 13, the data that are used to the user by authentication to provide request to browse.
The present invention mainly is to have added anti-fake certificate to the improvement of existing web station system, other functions of website, as inquire and browse etc., all identical with website using.The anti-fake certificate function is realized that by false proof module 12 this module can be when user's request be carried out anti-fake certificate to the website, and the anti-counterfeiting information that the user is reserved or sets in advance is sent to the user, differentiates the true and false of website for the user.The anti-counterfeiting information that the user reserves or sets in advance can be the combination in any of literal, numeral, picture, audio frequency, video or above-mentioned various formatted datas.
As shown in Figure 2, for false proof module one specific embodiment structural representation, comprising: anti-counterfeiting information database 121, anti-counterfeiting information enquiry module 122 and anti-counterfeiting information output module 123.Anti-counterfeiting information database 121 is used to store user's anti-counterfeiting information; Anti-counterfeiting information enquiry module 122 is connected with network communication module 11 and anti-counterfeiting information database 121, is used for according to the user profile that receives, and extracts corresponding anti-counterfeiting information from anti-counterfeiting information database 121; Anti-counterfeiting information output module 123 is connected with anti-counterfeiting information enquiry module 122 and network communication module 11, is used for anti-counterfeiting information is sent to user terminal 2 by the Internet.
As shown in Figure 3, be pseudo-website defence method flow chart of the present invention, comprise:
Steps A, user's anti-counterfeiting information is stored in the anti-counterfeiting information database of Website server;
After step B, Website server receive the anti-fake certificate request, according to the user profile inquiry anti-counterfeiting information that carries in this anti-fake certificate request;
Step C, Website server are sent to relevant user terminals with anti-counterfeiting information;
Step D, after receiving anti-fake certificate confirmation, user account names and encrypted message, Website server authenticates user identity, if authentication is passed through, then sends the login successful information to user terminal, otherwise, send error message to user terminal.
The user can keep for anti-counterfeiting information the website staff, is stored in the anti-counterfeiting information database by the website staff, also can login modification after by authentication by the user.As shown in Figure 4, in another specific embodiment of false proof module of the present invention, further added anti-counterfeiting information input unit 124, be connected with anti-counterfeiting information database 121 and central processing unit 14, after staff or user are by authentication, can or revise anti-counterfeiting information in the anti-counterfeiting information database 121 by 124 inputs of anti-counterfeiting information input module.According to the difference of user identity, revise the authority difference, the staff can make amendment to all users' anti-counterfeiting information, and the user makes amendment to the anti-counterfeiting information of current login account only.
But, because some user account names are stolen by pseudo-website malice by other people, other people also can obtain the anti-counterfeiting information that the user reserves by the input user account names, if antiforge function is added into pseudo-website with the anti-counterfeiting information of the user account names that is stolen, the user still is difficult to distinguish the true and false of website so.Can adopt following dual mode to strengthen fail safe: a kind of is that anti-counterfeiting information is sent to the portable terminal of binding with user account names; Another kind is that the user is provided with the anti-fake certificate user name different with user account names, thereby as long as other people do not know that the newly-installed anti-fake certificate account name of user just can not obtain the anti-counterfeiting information that the user is provided with.
In Website server one specific embodiment of the present invention, also can add mobile communication module, be connected with false proof module, be used for anti-counterfeiting information is sent to by the mobile network user's portable terminal.
When user account names and anti-fake certificate user name not simultaneously, after login account, can revise anti-counterfeiting information in order to make the user, need the two is associated.The corresponding relation of the two can be stored in the anti-counterfeiting information database, also can be stored in central processing module.Website server need be determined the anti-fake certificate user name according to the incidence relation of user account names and user account names and anti-fake certificate user name receiving after anti-counterfeiting information revises request, and and then revises corresponding anti-counterfeiting information.
When the user terminal access Website server, show the anti-fake certificate information, the prompting user carries out the website anti-fake certificate.The anti-fake certificate information can be shown in the assigned address of logon web page, and after the user imported account name and clicks the anti-fake certificate button, user terminal sent the anti-fake certificate request that carries user account names to Website server; When Website server setting user account names is consistent with the anti-fake certificate user name, Website server can be directly according to the anti-counterfeiting information of user account names inquiring user, and this anti-counterfeiting information is sent to user terminal by the Internet, or be sent to portable terminal by the mobile network.When Website server support setting is specifically designed to the anti-fake certificate user name of anti-fake certificate, need inquires about false proof account user name according to the user account names in this anti-fake certificate request, and and then inquire about and obtain anti-counterfeiting information.
The information of anti-pseudo-website also can popup web page form show, in the anti-fake certificate page that ejects, be provided for inputing the edit box of anti-fake certificate user name, after the user inputs the anti-fake certificate user name and clicks the anti-fake certificate request, user terminal sends the anti-fake certificate request that carries the anti-fake certificate user name to Website server, Website server is inquired about anti-counterfeiting information according to the anti-fake certificate user name, and sends to the user.
The user is after confirming anti-counterfeiting information, and user terminal sends the anti-fake certificate confirmation to Website server.After receiving the anti-fake certificate confirmation, Website server sends the login page data to user terminal, is provided with the edit box that is used to input user account names and password in this login page.
In order to make the user needn't import too much account information, when anti-fake certificate user name and user account names unanimity, user terminal can directly be shown in user account names in the corresponding edit box when showing login page.When anti-fake certificate user name and user account names not simultaneously, Website server can be according to anti-fake certificate user name inquiring user account name, then send to user terminal the login page data in carry user account names information, user terminal just can be shown in user account names the edit box that is used for importing user account names when showing login page.
The present invention makes things convenient for the user that the true and false of differentiating the website is provided, and can prevent the user to login pseudo-website, prevents that other people from stealing user's log-on message by pseudo-website, thereby can effectively protect user profile.
Should be noted that at last: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit; Although with reference to preferred embodiment the present invention is had been described in detail, those of ordinary skill in the field should be appreciated that still and can make amendment or the part technical characterictic is equal to replacement the specific embodiment of the present invention; And not breaking away from the spirit of technical solution of the present invention, it all should be encompassed in the middle of the technical scheme scope that the present invention asks for protection.
Claims (14)
1, a kind of web station system of defending pseudo-website, comprising:
Website server is used to provide the user to ask the data of browsing, and this Website server comprises
Network communication module is used for the data interaction with the Internet;
False proof module is connected with described network communication module, is used to provide anti-counterfeiting information;
Authentication module is connected with described network communication module, is used for user identity is authenticated;
Central processing module is connected with described network communication module and authentication module, is used to the user
The data that provide request to browse;
User terminal, with Website server by Internet connection, be used for by the internet access Website server, carry out data interaction with Website server.
2, the web station system of defence pseudo-website according to claim 1, wherein said false proof module comprises:
The anti-counterfeiting information database is used to store user's anti-counterfeiting information;
The anti-counterfeiting information enquiry module is connected with described network communication module and anti-counterfeiting information database, is used for according to the user profile that receives, and extracts corresponding anti-counterfeiting information from the anti-counterfeiting information database;
The anti-counterfeiting information output module is connected with described anti-counterfeiting information enquiry module and network communication module, is used for anti-counterfeiting information is sent to user terminal by the Internet.
3, the web station system of defence pseudo-website according to claim 2, wherein said false proof module also comprises: the anti-counterfeiting information input unit, be connected with described anti-counterfeiting information database and central processing module, be used for user's anti-counterfeiting information is saved in described anti-counterfeiting information database.
4, according to the web station system of the arbitrary described defence pseudo-website of claim 1-3, wherein said Website server also comprises mobile communication module, is connected with described false proof module, is used for anti-counterfeiting information is sent to by the mobile network user's portable terminal.
5, a kind of pseudo-website defence method, comprising:
Steps A, user's anti-counterfeiting information is stored in the anti-counterfeiting information database of Website server;
After step B, Website server receive the anti-fake certificate request, according to the user profile inquiry anti-counterfeiting information that carries in this anti-fake certificate request;
Step C, Website server are sent to relevant user terminals with anti-counterfeiting information;
Step D, after receiving anti-fake certificate confirmation, user account names and encrypted message, Website server authenticates user identity, if authentication is passed through, then sends the login successful information to user terminal, otherwise, send error message to user terminal.
6, pseudo-website defence method according to claim 5 wherein also comprises: when the user terminal access Website server, show the anti-fake certificate information, the prompting user carries out the website anti-fake certificate.
7, pseudo-website defence method according to claim 6, wherein said anti-fake certificate information is shown in the assigned address of logon web page, after the user imported account name and clicks the anti-fake certificate button, user terminal sent the anti-fake certificate request that carries user account names to Website server.
8, pseudo-website defence method according to claim 6, the information of wherein said anti-pseudo-website shows with the form of popup web page, in the anti-fake certificate page that ejects, be provided with the edit box that is used to input the anti-fake certificate user name, after the user inputed the anti-fake certificate user name and clicks the anti-fake certificate request, user terminal sent the anti-fake certificate request that carries the anti-fake certificate user name to Website server.
9, pseudo-website defence method according to claim 8, wherein after described step B, also comprise: after receiving the anti-fake certificate confirmation, Website server sends the login page data to user terminal, is provided with the edit box that is used to input user account names and password in this login page.
10, pseudo-website defence method according to claim 9, wherein said anti-fake certificate user name and user account names unanimity, user terminal is when showing login page, at the edit box explicit user account name that is used for importing user account names.
11, pseudo-website defence method according to claim 10 wherein also comprises: in the anti-counterfeiting information database anti-fake certificate user name is associated with user account names; Website server is after receiving the anti-fake certificate confirmation, according to anti-fake certificate user name inquiring user account name; Website server carries user account names information in the login page data that user terminal sends; User terminal is shown in being used on user's login page with user account names and imports the edit box of user account names.
12, according to the arbitrary described pseudo-website defence method of claim 5-11, wherein also comprise: Website server is sent to the portable terminal of binding with the anti-fake certificate user name with user's anti-counterfeiting information by the mobile network.
13, according to the arbitrary described pseudo-website defence method of claim 5-11, wherein also comprise: after authenticating user identification passed through, Website server was revised the anti-counterfeiting information that relative users is revised in request according to the anti-counterfeiting information that user terminal sends.
14, pseudo-website defence method according to claim 13, wherein Website server according to the incidence relation of false proof account user name and user account number name, is revised the anti-counterfeiting information of corresponding false proof account user name correspondence when revising anti-counterfeiting information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610092915 CN1874227A (en) | 2006-06-09 | 2006-06-09 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200610092915 CN1874227A (en) | 2006-06-09 | 2006-06-09 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1874227A true CN1874227A (en) | 2006-12-06 |
Family
ID=37484511
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200610092915 Pending CN1874227A (en) | 2006-06-09 | 2006-06-09 | Network site system with defensive pseudo network, and defensive method of pseudo network site |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1874227A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101552674B (en) * | 2009-05-19 | 2011-09-07 | 中国民生银行股份有限公司 | Method and system for recognizing pseudo-website |
| CN102857485A (en) * | 2012-03-22 | 2013-01-02 | 孙银海 | System and method capable of showing authentication success of website |
| CN102882853A (en) * | 2012-09-05 | 2013-01-16 | 孙银海 | System and method for internet user authentication |
| CN103812836A (en) * | 2012-11-12 | 2014-05-21 | 孙银海 | System and method for website to send user reserved information |
| CN104144146A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for visiting website |
| CN105763509A (en) * | 2014-12-17 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Method and system for recognizing fake webpage |
| CN107124390A (en) * | 2016-02-25 | 2017-09-01 | 阿里巴巴集团控股有限公司 | Prevention-Security, implementation method, the apparatus and system of computing device |
-
2006
- 2006-06-09 CN CN 200610092915 patent/CN1874227A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101552674B (en) * | 2009-05-19 | 2011-09-07 | 中国民生银行股份有限公司 | Method and system for recognizing pseudo-website |
| CN102857485A (en) * | 2012-03-22 | 2013-01-02 | 孙银海 | System and method capable of showing authentication success of website |
| CN102882853A (en) * | 2012-09-05 | 2013-01-16 | 孙银海 | System and method for internet user authentication |
| CN103812836A (en) * | 2012-11-12 | 2014-05-21 | 孙银海 | System and method for website to send user reserved information |
| CN103812836B (en) * | 2012-11-12 | 2017-09-29 | 孙银海 | A kind of website sends the system and method that user reserves information |
| CN104144146A (en) * | 2013-05-10 | 2014-11-12 | 中国电信股份有限公司 | Method and system for visiting website |
| CN105763509A (en) * | 2014-12-17 | 2016-07-13 | 阿里巴巴集团控股有限公司 | Method and system for recognizing fake webpage |
| CN107124390A (en) * | 2016-02-25 | 2017-09-01 | 阿里巴巴集团控股有限公司 | Prevention-Security, implementation method, the apparatus and system of computing device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sigler | Crypto-jacking: how cyber-criminals are exploiting the crypto-currency boom | |
| Kim et al. | Modified cyber kill chain model for multimedia service environments | |
| US8769706B2 (en) | System and method for user to verify a network resource address is trusted | |
| US20170230342A1 (en) | Masking and Unmasking Data over a Network | |
| CN1874227A (en) | Network site system with defensive pseudo network, and defensive method of pseudo network site | |
| US9379896B1 (en) | Compromised password mitigation | |
| US9225728B2 (en) | Method and device for anonymous entity identification | |
| US20100154055A1 (en) | Prefix Domain Matching for Anti-Phishing Pattern Matching | |
| CN111885133B (en) | Block chain-based data processing method and device and computer storage medium | |
| EP2428017B1 (en) | Method and apparatus for rating urls | |
| Singh et al. | SQL injection: Types, methodology, attack queries and prevention | |
| CN105323253A (en) | Identity verification method and device | |
| CN101552674B (en) | Method and system for recognizing pseudo-website | |
| CN105915494A (en) | Anti-stealing-link method and system | |
| US20090328142A1 (en) | Systems and Methods for Webpage Verification Using Data-Hiding Technology | |
| CN107276986B (en) | Method, device and system for protecting website through machine learning | |
| CN108449348B (en) | Online authentication system and method supporting user identity privacy protection | |
| Alam et al. | A case study of sql injection vulnerabilities assessment of. bd domain web applications | |
| CN110943840A (en) | Signature verification method and system | |
| US20190124111A1 (en) | Responding and processing method for dnssec negative response | |
| CN114928452A (en) | Access request verification method, device, storage medium and server | |
| CN110543774B (en) | XML (extensive Makeup language) file private data protection method and system in cloud environment | |
| CN103188208A (en) | Authority control method and authority control system of webpage access, and call center | |
| CN109525613B (en) | Request processing system and method | |
| Wardman et al. | Identifying vulnerable websites by analysis of common strings in phishing URLs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20061206 |