KR102107560B1 - 서비스 동작의 보안을 검증하는 방법, 장치, 단말기 및 서버 - Google Patents

서비스 동작의 보안을 검증하는 방법, 장치, 단말기 및 서버 Download PDF

Info

Publication number
KR102107560B1
KR102107560B1 KR1020177012991A KR20177012991A KR102107560B1 KR 102107560 B1 KR102107560 B1 KR 102107560B1 KR 1020177012991 A KR1020177012991 A KR 1020177012991A KR 20177012991 A KR20177012991 A KR 20177012991A KR 102107560 B1 KR102107560 B1 KR 102107560B1
Authority
KR
South Korea
Prior art keywords
service
reliability analysis
terminal
service operation
risk control
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
KR1020177012991A
Other languages
English (en)
Korean (ko)
Other versions
KR20170069271A (ko
Inventor
쿤 루
Original Assignee
알리바바 그룹 홀딩 리미티드
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 알리바바 그룹 홀딩 리미티드 filed Critical 알리바바 그룹 홀딩 리미티드
Publication of KR20170069271A publication Critical patent/KR20170069271A/ko
Application granted granted Critical
Publication of KR102107560B1 publication Critical patent/KR102107560B1/ko
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/384Payment protocols; Details thereof using social networks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/316User authentication by observing the pattern of computer usage, e.g. typical user behaviour
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/20Point-of-sale [POS] network systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0609Qualifying participants for shopping transactions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/01Social networking
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Social Psychology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Telephonic Communication Services (AREA)
KR1020177012991A 2014-10-13 2015-10-12 서비스 동작의 보안을 검증하는 방법, 장치, 단말기 및 서버 Active KR102107560B1 (ko)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
CN201410539483.2A CN105516071B (zh) 2014-10-13 2014-10-13 验证业务操作安全性的方法、装置、终端及服务器
CN201410539483.2 2014-10-13
PCT/US2015/055120 WO2016093945A1 (en) 2014-10-13 2015-10-12 Method, device, terminal, and server for verifying security of service operation

Publications (2)

Publication Number Publication Date
KR20170069271A KR20170069271A (ko) 2017-06-20
KR102107560B1 true KR102107560B1 (ko) 2020-05-08

Family

ID=55655636

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020177012991A Active KR102107560B1 (ko) 2014-10-13 2015-10-12 서비스 동작의 보안을 검증하는 방법, 장치, 단말기 및 서버

Country Status (10)

Country Link
US (1) US10313353B2 (enExample)
EP (1) EP3207464B1 (enExample)
JP (1) JP6800147B2 (enExample)
KR (1) KR102107560B1 (enExample)
CN (2) CN105516071B (enExample)
ES (1) ES2867751T3 (enExample)
PL (1) PL3207464T3 (enExample)
SG (1) SG11201702758WA (enExample)
TW (1) TWI666563B (enExample)
WO (1) WO2016093945A1 (enExample)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106296406A (zh) 2015-05-13 2017-01-04 阿里巴巴集团控股有限公司 交互数据的处理方法及装置
CN106656932B (zh) 2015-11-02 2020-03-20 阿里巴巴集团控股有限公司 一种业务处理方法及装置
US10303889B2 (en) * 2016-01-07 2019-05-28 Emmanuel Gonzalez System and method to reduce inappropriate email and online behavior
CN107016473B (zh) * 2016-01-27 2022-11-22 创新先进技术有限公司 一种风险控制方法和设备
US10038700B1 (en) * 2016-03-29 2018-07-31 EMC IP Holding Company LLC Establishing trustworthiness of devices in the internet of things (IoT) to control inter-device communication
CN107644340A (zh) 2016-07-22 2018-01-30 阿里巴巴集团控股有限公司 风险识别方法、客户端设备及风险识别系统
CN108074024B (zh) * 2016-11-10 2022-04-08 蚂蚁蓉信(成都)网络科技有限公司 可信数据传输方法、装置及系统
TWI668657B (zh) * 2017-01-20 2019-08-11 香港商阿里巴巴集團服務有限公司 Business processing method and device
CN109754319B (zh) * 2017-11-07 2022-11-25 腾讯科技(深圳)有限公司 信用分值确定系统、方法、终端及服务器
US11017100B2 (en) * 2018-08-03 2021-05-25 Verizon Patent And Licensing Inc. Identity fraud risk engine platform
CN112418580A (zh) 2019-08-22 2021-02-26 上海哔哩哔哩科技有限公司 一种风险控制方法、计算机设备及可读存储介
CN112434894A (zh) * 2019-08-23 2021-03-02 上海哔哩哔哩科技有限公司 一种实时风险控制方法、计算机设备及可读存储介质
CN110781500A (zh) * 2019-09-30 2020-02-11 口碑(上海)信息技术有限公司 一种数据风控系统以及方法
CN112836218B (zh) * 2020-05-09 2024-04-16 支付宝(杭州)信息技术有限公司 风险识别方法及装置和电子设备
CN112184231B (zh) * 2020-11-02 2022-06-28 支付宝(杭州)信息技术有限公司 一种可信业务确定方法及装置
CN114124343B (zh) * 2020-11-16 2023-11-14 神州融安数字科技(北京)有限公司 保护隐私的风险评分信息查询方法、装置、系统及设备
CN112988727B (zh) * 2021-03-25 2022-09-16 北京百度网讯科技有限公司 数据标注方法、装置、设备、存储介质及计算机程序产品
CN114389901B (zh) * 2022-03-24 2022-08-23 湖南三湘银行股份有限公司 一种基于在线化的客户认证系统

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090199264A1 (en) 2008-01-31 2009-08-06 Intuit Inc. Dynamic trust model for authenticating a user
US20130097659A1 (en) 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment
US8856894B1 (en) 2012-11-28 2014-10-07 Consumerinfo.Com, Inc. Always on authentication

Family Cites Families (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7614078B1 (en) * 2003-04-02 2009-11-03 Cisco Technology, Inc. Threshold access based upon stored credentials
JP5087850B2 (ja) * 2006-03-14 2012-12-05 富士通株式会社 サービス仲介方法、サービス仲介装置及びサービス仲介システム
US9003488B2 (en) * 2007-06-06 2015-04-07 Datavalet Technologies System and method for remote device recognition at public hotspots
TWI521451B (zh) * 2009-07-29 2016-02-11 Danal Taiwan Co Ltd To assess the risk of online consumption of trading control methods, systems and online transactions to pay methods
US20110219424A1 (en) * 2010-03-05 2011-09-08 Microsoft Corporation Information protection using zones
CN102045634A (zh) * 2010-11-12 2011-05-04 深圳市爱贝信息技术有限公司 基于移动终端地理位置异常的用户安全控制方法及装置
CN107103548A (zh) * 2011-11-17 2017-08-29 阿里巴巴集团控股有限公司 网络行为数据的监控方法和系统以及风险监控方法和系统
US9747440B2 (en) * 2012-08-15 2017-08-29 Qualcomm Incorporated On-line behavioral analysis engine in mobile device with multiple analyzer model providers
US9166962B2 (en) * 2012-11-14 2015-10-20 Blackberry Limited Mobile communications device providing heuristic security authentication features and related methods
CN103024744B (zh) * 2012-12-24 2015-08-05 百度在线网络技术(北京)有限公司 移动终端的身份验证的方法和系统
US9262610B2 (en) * 2013-01-23 2016-02-16 Facebook, Inc. Imposter account detection and remediation in a social networking system
WO2014145395A2 (en) * 2013-03-15 2014-09-18 Rohter Consulting LLC System and method for consumer fraud protection
US10475029B2 (en) * 2013-03-15 2019-11-12 Allowify Llc System and method for consumer fraud protection
US9003196B2 (en) * 2013-05-13 2015-04-07 Hoyos Labs Corp. System and method for authorizing access to access-controlled environments
CN103530772A (zh) * 2013-09-30 2014-01-22 深圳钱盒信息技术有限公司 一种移动互联支付风险控制方法及系统
CN103944722B (zh) * 2014-04-17 2017-05-10 华北科技学院 一种互联网环境下用户可信行为的识别方法
US10362136B2 (en) * 2014-08-20 2019-07-23 Visa International Service Association Device profile data usage for state management in mobile device authentication
US20160239649A1 (en) * 2015-02-13 2016-08-18 Qualcomm Incorporated Continuous authentication
US9654477B1 (en) * 2015-05-05 2017-05-16 Wells Fargo Bank, N. A. Adaptive authentication
US10140600B2 (en) * 2015-07-01 2018-11-27 Liveensure, Inc. System and method for mobile peer authentication and asset control

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090199264A1 (en) 2008-01-31 2009-08-06 Intuit Inc. Dynamic trust model for authenticating a user
US20130097659A1 (en) 2011-10-17 2013-04-18 Mcafee, Inc. System and method for whitelisting applications in a mobile network environment
US8856894B1 (en) 2012-11-28 2014-10-07 Consumerinfo.Com, Inc. Always on authentication

Also Published As

Publication number Publication date
EP3207464B1 (en) 2021-04-07
SG11201702758WA (en) 2017-05-30
JP6800147B2 (ja) 2020-12-16
CN110084007B (zh) 2023-11-28
TWI666563B (zh) 2019-07-21
TW201614535A (en) 2016-04-16
CN110084007A (zh) 2019-08-02
WO2016093945A1 (en) 2016-06-16
ES2867751T3 (es) 2021-10-20
CN105516071B (zh) 2019-01-18
JP2017531875A (ja) 2017-10-26
US20160103997A1 (en) 2016-04-14
EP3207464A4 (en) 2017-10-04
PL3207464T3 (pl) 2021-07-19
CN105516071A (zh) 2016-04-20
EP3207464A1 (en) 2017-08-23
US10313353B2 (en) 2019-06-04
KR20170069271A (ko) 2017-06-20

Similar Documents

Publication Publication Date Title
KR102107560B1 (ko) 서비스 동작의 보안을 검증하는 방법, 장치, 단말기 및 서버
US10862843B2 (en) Computerized system and method for modifying a message to apply security features to the message's content
CN106605246B (zh) 用于基于计算设备来认证用户的系统与方法
US10032037B1 (en) Establishing application trust levels using taint propagation as a service
EP3474210B1 (en) User account controls for online transactions
US9690926B2 (en) User authentication based on established network activity
US10607263B2 (en) Computerized systems and methods for authenticating users on a network device via dynamically allocated authenticating state machines hosted on a computer network
US20210099431A1 (en) Synthetic identity and network egress for user privacy
US9544317B2 (en) Identification of potential fraudulent website activity
US11044222B2 (en) Automated connection of electronic messaging and social networking services method and apparatus
US12062052B2 (en) Systems for securing transactions based on merchant trust score
CN105308991A (zh) 基于位置的网络cookie的系统和方法
US10049222B1 (en) Establishing application trust levels using taint propagation
US12229750B2 (en) Systems and methods for generating and using virtual card numbers
WO2022173649A1 (en) Fraud prevention systems and methods for selectively generating virtual account numbers
US12445448B2 (en) Computer-based systems and/or computing devices programmed for role-based authentication during customer service sessions; and methods of use thereof
CN113946739A (zh) 敏感数据查询方法、装置、设备及存储介质
CN114331466A (zh) 一种商品核验的方法及装置

Legal Events

Date Code Title Description
PA0105 International application

Patent event date: 20170512

Patent event code: PA01051R01D

Comment text: International Patent Application

PG1501 Laying open of application
A201 Request for examination
PA0201 Request for examination

Patent event code: PA02012R01D

Patent event date: 20181029

Comment text: Request for Examination of Application

A302 Request for accelerated examination
PA0302 Request for accelerated examination

Patent event date: 20190716

Patent event code: PA03022R01D

Comment text: Request for Accelerated Examination

E902 Notification of reason for refusal
PE0902 Notice of grounds for rejection

Comment text: Notification of reason for refusal

Patent event date: 20191010

Patent event code: PE09021S01D

E701 Decision to grant or registration of patent right
PE0701 Decision of registration

Patent event code: PE07011S01D

Comment text: Decision to Grant Registration

Patent event date: 20200203

GRNT Written decision to grant
PR0701 Registration of establishment

Comment text: Registration of Establishment

Patent event date: 20200428

Patent event code: PR07011E01D

PR1002 Payment of registration fee

Payment date: 20200429

End annual number: 3

Start annual number: 1

PG1601 Publication of registration
PR1001 Payment of annual fee

Payment date: 20230413

Start annual number: 4

End annual number: 4

PR1001 Payment of annual fee

Payment date: 20240315

Start annual number: 5

End annual number: 5