WO2015188728A1 - Mobile payment security protection method, apparatus and cloud server - Google Patents

Mobile payment security protection method, apparatus and cloud server Download PDF

Info

Publication number
WO2015188728A1
WO2015188728A1 PCT/CN2015/080901 CN2015080901W WO2015188728A1 WO 2015188728 A1 WO2015188728 A1 WO 2015188728A1 CN 2015080901 W CN2015080901 W CN 2015080901W WO 2015188728 A1 WO2015188728 A1 WO 2015188728A1
Authority
WO
WIPO (PCT)
Prior art keywords
client
payment
icon
malicious
security
Prior art date
Application number
PCT/CN2015/080901
Other languages
French (fr)
Chinese (zh)
Inventor
孟齐源
路轶
李常坤
高祎玮
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201410256086.4A external-priority patent/CN104021339A/en
Priority claimed from CN201410336534.1A external-priority patent/CN104134143B/en
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2015188728A1 publication Critical patent/WO2015188728A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3827Use of message hashing

Definitions

  • the present invention relates to the field of mobile terminal technologies, and in particular, to a mobile payment security protection method, device and cloud server, and a secure payment method and device for a mobile terminal.
  • Mobile payment refers to a service method that allows users to use their mobile terminals (such as mobile phones) to pay for goods or services they consume.
  • the user sends a payment instruction directly or indirectly to the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate a money payment and a fund transfer behavior, thereby realizing the mobile payment function.
  • the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate a money payment and a fund transfer behavior, thereby realizing the mobile payment function.
  • banking and other companies are rushing to launch mobile payment clients.
  • Shopping clients such as shopping, wealth management and life services are also emerging, which greatly enriches the market application environment of mobile payment.
  • the security of mobile payments is a key factor affecting the development of payment services.
  • the security of mobile payment involves the confidentiality of user information, the security of user funds and payment information, and the security risks it faces mainly come from two aspects: network and system security, and the security of mobile terminals.
  • the present invention has been made in order to provide a mobile payment security protection method, apparatus, and cloud server that overcome the above problems or at least partially solve the above problems, and a secure payment method and apparatus for the mobile terminal.
  • a method for protecting mobile payment security including: acquiring feature information of a payment type client when monitoring a trigger event of a mobile terminal payment type client, wherein the feature information refers to The unique identification information of the payment type client is matched with the feature information in the preset white list to obtain a matching result, wherein the white list includes a mobile that can safely complete the payment type operation The feature information of the terminal payment type client; determining, according to the matching result, whether the payment type client is a malicious client; and processing the payment client according to the determination result.
  • a method for protecting mobile payment security comprising: receiving, from a mobile terminal, a query request for querying whether a payment terminal client of a mobile terminal is a malicious client, wherein the query request carries An icon of the payment-type client; calculating a similarity between the icon of the payment-type client and the icon in the preset icon library, and determining an icon in the icon library that the similarity is greater than or equal to a preset threshold; Presetting the mapping relationship between the icon in the icon library and the known payment client, querying the known payment client corresponding to the determined icon; determining whether the known payment client is a malicious client
  • the terminal obtains the result of the judgment; and the result of the judgment is used as a result of the query of the payment client as a malicious client, and is sent to the mobile terminal.
  • a mobile payment security protection device comprising:
  • the acquiring module is configured to acquire the feature information of the payment class client when the trigger event of the payment terminal of the mobile terminal is monitored, where the feature information refers to the unique identity information of the payment class client;
  • the matching module is configured to match the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes a mobile terminal payment client capable of performing a payment type operation securely.
  • Characteristic information
  • the first determining module is configured to determine, according to the matching result, whether the payment client is a malicious client
  • the processing module is configured to process the payment client according to the determination result.
  • a cloud server including:
  • the request receiving module is configured to receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client;
  • a calculation module configured to calculate an similarity between an icon of the payment client and an icon in the preset icon library, and determine an icon in the icon library that the similarity is greater than or equal to a preset threshold
  • the query module is configured to query, according to a preset mapping relationship between the icon in the icon library and a known payment client, a known payment client corresponding to the determined icon;
  • the third determining module is configured to determine whether the known payment client is a malicious client, and obtain a determination result
  • the sending module is configured to use the judgment result as a query result of whether the payment client is a malicious client, and send the result to the mobile terminal.
  • the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client.
  • the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice.
  • a secure payment method for a mobile terminal includes: monitoring, when a payment-type client installed in a mobile terminal starts, acquiring identity identification information of the payment-type client, wherein The identity information includes at least one of the following: a package name information of the payment type client, version information of the payment type client, signature information of the payment type client, and determining the identifier according to the identity information of the payment type client. Whether the security of the payment type client is verified; if so, the payment operation is performed by the payment type client.
  • a secure payment device for a mobile terminal which is applied to a mobile terminal, and includes: a monitoring module configured to monitor a payment type client installed on the mobile terminal to be activated; and an acquisition module configured to acquire The identification information of the payment-type client is detected, wherein the identity identification information includes at least one of the following: a package name information of the payment-type client, version information of the payment-type client, and the payment-type client
  • the determining module is configured to determine whether the security of the payment client is verified according to the identity information of the payment client
  • the processing module is configured to: if it is determined that the security of the payment client is verified, use the The payment type client performs a payment operation.
  • the embodiment of the present invention when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information.
  • the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used.
  • the embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation.
  • the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
  • a computer program comprising computer readable code, when the computer readable code is run on a computing device, causing the computing device to perform any of the above Mobile payment security protection method and/or secure payment method of mobile terminal.
  • a computer readable medium storing the above computer program is provided.
  • FIG. 1 is a flow chart showing a method for protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention
  • FIG. 2 is a flow chart showing a method for protecting mobile payment security on the cloud server side according to an embodiment of the present invention
  • FIG. 3 is another flow chart showing a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention
  • FIG. 4 is a third flowchart of a method for protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention
  • FIG. 5 is a flow chart showing a method for protecting mobile payment security in combination with a mobile terminal and a cloud server according to an embodiment of the present invention
  • FIG. 6 shows another flow chart of a method for protecting mobile payment security combining a mobile terminal and a cloud server according to an embodiment of the present invention
  • FIG. 7 is a schematic structural diagram of a mobile payment security protection apparatus on a mobile terminal side according to an embodiment of the present invention.
  • FIG. 8 is a schematic structural diagram of a cloud server according to an embodiment of the present invention.
  • FIG. 9 is a flowchart showing a process of a secure payment method of a mobile terminal according to an embodiment of the present invention.
  • FIG. 10 is a flowchart showing a process of a secure payment method of a mobile terminal according to a preferred embodiment of the present invention.
  • FIG. 11 is a schematic structural diagram of a secure payment apparatus of a mobile terminal according to an embodiment of the present invention.
  • FIG. 12 is a block diagram showing the structure of a secure payment device of a mobile terminal according to a preferred embodiment of the present invention.
  • Figure 13 is a block diagram schematically showing a computing device for performing a mobile payment security protection method and/or a secure payment method of a mobile terminal according to the present invention
  • Fig. 14 schematically shows a storage unit for holding or carrying a program code for implementing a mobile payment security protection method and/or a secure payment method of a mobile terminal according to the present invention.
  • FIG. 1 is a flow chart showing a method of protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention. As shown in FIG. 1, the method includes at least the following steps S102 to S108.
  • step S102 when the trigger event of the payment client of the mobile terminal is detected, the feature information of the payment client is obtained, where the feature information refers to the unique identity information of the payment client.
  • Step S104 Matching the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes feature information of the mobile terminal payment client that can securely perform the payment class operation.
  • Step S106 Determine, according to the matching result, whether the payment type client is a malicious client.
  • Step S108 Processing the payment client according to the determination result.
  • the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client.
  • the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice.
  • the trigger event of the payment class client may include multiple events. For example, install a payment class client, such as downloading the installation package of the payment class client, and install it.
  • a payment type client is started, such as a payment type client, for browsing and payment.
  • scanning a payment-type client such as scanning a payment-type client through a security guard.
  • the payment type client is updated, such as downloading the update package of the payment type client, updating, and the like.
  • step S102 further acquires the feature information of the payment type client.
  • the feature information here is the unique identity information of the payment client, and may include a name, an icon, a package name, a signature, a version information, a message digest algorithm (MD5), and a SHA1 (Secure Hash Algorithm). , file size, file modification time, file creation time, and more.
  • MD5 message digest algorithm
  • SHA1 Secure Hash Algorithm
  • the acquired feature information is a name (or package name) and an icon.
  • the name and icon of the payment terminal client of the mobile terminal capable of safely completing the payment operation are preset, and the mobile terminal payment client capable of safely completing the payment operation can be regarded as a genuine payment client or an official payment class.
  • the name index may be pre-established, and the icon corresponding to the obtained name in the white list is searched by the name index, and then the similarity between the obtained icon and the icon found in the white list is calculated. Then, according to the size of the similarity, it is determined whether the payment client is a malicious client.
  • the similarity is greater than or equal to a preset threshold (eg, 99.5%), it may be determined that the payment client is a non-malicious client; if the similarity is less than a preset threshold, the payment client may be determined to be a malicious client or Unknown client. Further, if the number of icons in the preset white list includes at least one, the similarity between the acquired icon and the at least one icon found in the white list may be calculated.
  • a preset threshold eg, 99.5%
  • the payment client may be determined to be a non-malicious client; if at least one of the preset whitelists The similarity between each icon in the icon and the obtained icon is less than the preset threshold, and Determine the payment class client as a malicious client or an unknown client.
  • the preset white list includes 10 icons, and the similarity between the obtained icon and one of the icons is calculated. If the similarity is greater than or equal to a preset threshold (such as 99.5%), it can be determined that the payment client is non-malicious. The client; otherwise, it continues to calculate the similarity between the acquired icon and the next icon.
  • the calculation of the similarity can adopt various methods such as a calculation pixel method or a gray scale matching method. For example, regarding the method of calculating pixels, first, the acquired icons are scaled to the same size as the icons in the preset white list, and then the pixels corresponding to the positions of the two icons are compared, and the similarities are calculated according to the number of the same pixels. degree.
  • a fake client pretending to be a genuine payment client fakes the name of the genuine payment client and highly simulates the icon of the genuine payment client, making it difficult for the user to distinguish, resulting in the user using the payment client. Leaking private information, causing serious economic losses.
  • the technical means can effectively identify the fake client masquerading as a genuine payment client, and then process it, improve the security of the payment client on the mobile terminal, and provide a safe and clean mobile payment environment for the user.
  • the acquired feature information is the name (or package name) and signature.
  • the name and signature of the payment terminal client of the mobile terminal that can securely complete the payment operation are preset in the whitelist.
  • the name index may be pre-established, and the signature corresponding to the obtained name in the whitelist is found by the name index, and the obtained signature is obtained.
  • the same as the signature found in the whitelist it can be determined that the payment client is a non-malicious client; if the obtained signature is different from the signature found in the whitelist, it can be determined that the payment client is a malicious client or Unknown client.
  • the technical means can effectively identify the payment client that has been packaged with the Trojan and the virus program twice. Then, it is processed to improve the security of the payment client on the mobile terminal, and to enhance the protection against malicious attacks such as viruses and Trojans, thereby avoiding theft, misappropriation, such as user privacy, traffic, and call charges.
  • the acquired feature information may also be a package name, MD5, and SHA1.
  • the package name, MD5, and SHA1 of the payment terminal of the mobile terminal that can securely complete the payment operation are preset, and the package name index can be pre-established, and the obtained package name is found in the white list through the package name index. MD5 and SHA1.
  • MD5 and SHA1 are the same as the MD5 and SHA1 found in the whitelist to determine whether the payment client is a malicious client. That is, if the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is the same as the SHA1 found in the whitelist, it is determined that the payment client is a non-malicious client.
  • the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client. If the obtained MD5 is different from the MD5 found in the whitelist, and the obtained SHA1 is the same as the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client. If the obtained MD5 is different from the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client.
  • the technical means can effectively identify a counterfeit client masquerading as a genuine payment client or a payment client that has been packaged with a Trojan horse and a virus program twice, and process it to improve the payment client on the mobile terminal.
  • the security of the end enhances the protection against malicious attacks such as viruses and Trojans.
  • the acquired feature information may also be any combination of one or two or more pieces of information of the foregoing feature information, and is used to identify a fake client that is pretending to be a genuine payment client or to be packaged a Trojan or a virus twice.
  • Program The payment class client is not listed here.
  • the white list mentioned in step S104 may be located at the local end (ie, the mobile terminal), or may be located at the cloud server. If the whitelist is located in the cloud server, the following technical means may be adopted: sending a query requesting the client to be a malicious client to the cloud server, wherein the query request carries the feature information of the payment client, and then the cloud server The feature information of the payment client is matched with the feature information in the whitelist to obtain a matching result, and then the matching result returned by the cloud server is received.
  • setting the whitelist to the cloud server can alleviate the processing pressure of the mobile terminal, save resources of the mobile terminal, and can also update the whitelist of the cloud server in time, without updating at the mobile terminal, and avoiding lag of the feature information. Improve the ability to handle malicious clients.
  • the payment client may be determined to be malicious according to the similarity between the icon of the payment client and the icon in the preset icon library.
  • the client is also a non-malicious client, enabling more accurate judgment. It can be performed on mobile terminals and cloud servers, and is now described in detail.
  • the icon of the payment client is obtained.
  • the payment client is an unknown client, and then the similarity between the obtained icon and the icon in the preset icon library is calculated, and the similarity in the icon library is greater than or equal to a preset threshold. Icon.
  • the known payment client corresponding to the determined icon is queried. If the known payment type client is a non-malicious client, the payment client is determined to be a non-malicious client; if the known payment client is a malicious client, the payment client is determined to be a malicious client. end. Therefore, a more accurate judgment can be achieved based on the icon similarity.
  • the calculated similarity and the queried known payment class client may be sent to the cloud server for further judgment.
  • an icon of the payment client is obtained.
  • the payment client is an unknown client, and then sends a query requesting whether the payment client is a malicious client to the cloud server, where the query request carries an icon of the payment client, and then Receive the query results returned by the cloud server.
  • the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment.
  • the cloud server queries the payment client as a malicious client, the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
  • the icon of the payment type client mentioned above may be a shortcut icon of the payment type client, or may be an icon of the payment type client obtained from the application list. If the two icon feature values are the same, one of the icons may be selected to calculate the similarity with the icon in the preset icon library; if the two icon feature values are different, the two icons and the pre-calculation may be separately calculated. The similarity of the icons in the icon gallery.
  • the step S108 further processes the payment client according to the determination result. For example, if the judgment result is a non-malicious client of the payment client, the user may be reminded that the payment client is a genuine payment client, or the current payment is made. Environmental safety, and more. If the judgment result is a malicious client or an unknown client of the payment client, the user may be reminded that the payment client is a fake payment client, and it is recommended to install a genuine payment client, or the current payment environment is dangerous, and the like. Further, the processing command from the user may also be received, wherein the processing command is determined by the user according to the determination result, and then the payment type client is processed according to the processing command.
  • FIG. 2 shows a flow chart of a method for protecting mobile payment security on the cloud server side according to an embodiment of the present invention. As shown in FIG. 2, the method includes at least the following steps S202 to S210.
  • Step S202 Receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client.
  • Step S204 Calculate the similarity between the icon of the payment client and the icon in the preset icon library, and determine an icon in the icon library that has a similarity greater than or equal to a preset threshold.
  • Step S206 Query the known payment type client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment type client.
  • Step S208 Determine whether the known payment client is a malicious client, and obtain a judgment result.
  • Step S210 The judgment result is used as a result of the inquiry of whether the payment client is a malicious client, and is sent to the mobile terminal.
  • step S210 if the payment client is a non-malicious client, the result of the query is that the payment client is a non-malicious client; if the payment client is known as a malicious client, the query result is a payment class. The client is a malicious client.
  • the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded and moved)
  • the whitelist library on the terminal is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment.
  • the cloud server queries the payment client as a malicious client, the query result may also carry information such as an installation package or a download address of the payment client that can securely perform the payment operation. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
  • FIG. 3 illustrates another flow chart of a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention.
  • the similarity of the icon is used to effectively identify the counterfeit client that fakes the name of the genuine payment client and highly simulates the icon of the genuine payment client, and processes it in time.
  • the method includes the following steps S302 to S316.
  • Step S302 When the event of starting the payment client of the mobile terminal is detected, the name and icon of the payment client are obtained.
  • Step S304 Find, by using a pre-established name index, an icon corresponding to the obtained name in the white list.
  • Step S306 Calculate the similarity between the obtained icon and the icon found in the white list.
  • Step S308 determining whether the similarity calculated in step S306 is greater than or equal to a preset threshold, and if yes, proceeding to step S310; otherwise, proceeding to step S312.
  • Step S310 Determine that the payment client is a non-malicious client, and continue to step S314.
  • Step S312 Determine that the payment client is a malicious client or an unknown client, and continue to step S316.
  • step S306 to step S312 if there are 10 icons found in the white list, first calculate the similarity between the obtained icon and one of the icons, and if the similarity is greater than or equal to a preset threshold (such as 99.5%), it may be determined.
  • the payment client is a non-malicious client; otherwise, it continues to calculate the similarity between the acquired icon and the next icon. If the similarity between the obtained icon and the 10 icons in the preset whitelist is less than a preset threshold, it may be determined that the payment client is a malicious client or an unknown client.
  • Step S314 No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
  • Step S316 deleting the payment type client, and reminding the user to install the genuine payment type client.
  • the fake client pretending to be a genuine payment client counterfeits the name of the genuine payment client, and highly simulates the icon of the genuine payment client, so that the user is difficult to distinguish, and the user uses the payment client.
  • the technical means can effectively identify the fake client masquerading as a genuine payment client, and then process it, improve the security of the payment client on the mobile terminal, and provide a safe and clean mobile payment environment for the user.
  • FIG. 4 shows a third flow chart of a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention.
  • the payment information client whose name is unchanged, the signature is changed, and the Trojan horse and the virus program are packaged twice is effectively identified by using the signature information, and is processed in time.
  • the method includes the following steps S402 to S414.
  • Step S402 When the event of installing the mobile terminal payment class client is monitored, the name and signature of the payment class client are obtained.
  • Step S404 Search for a signature corresponding to the obtained name in the whitelist by using a pre-established name index.
  • Step S406 determining whether the acquired signature is the same as the signature found in the whitelist, and if yes, proceeding to step S408; otherwise, proceeding to step S410.
  • Step S408 Determine that the payment client is a non-malicious client, and continue to step S412.
  • Step S410 Determine that the payment client is a malicious client or an unknown client, and continue to step S414.
  • Step S412 No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
  • Step S414 deleting the payment type client, and reminding the user to install the genuine payment type client.
  • the technical means can be used to effectively identify the Trojan horse and the virus program.
  • the payment client is processed to improve the security of the payment client on the mobile terminal, and the protection against malicious attacks such as viruses and Trojans is enhanced, thereby preventing theft, misappropriation and the like of user privacy, traffic, and call charges.
  • FIG. 5 illustrates a flow chart of a method of securing mobile payment security in conjunction with a mobile terminal and a cloud server, in accordance with one embodiment of the present invention. As shown in FIG. 5, the method includes the following steps S502 to S518.
  • Step S502 When the event of starting the payment client of the mobile terminal is detected, the package name, MD5, and SHA1 of the payment client are obtained.
  • Step S504 Send a query requesting whether the payment type client is a malicious client to the cloud server, where the query request carries the package name, MD5, and SHA1 of the payment client.
  • Step S506 The cloud server receives, from the mobile terminal, a query request for querying whether the payment terminal client of the mobile terminal is a malicious client, and the query request carries the package name, MD5, and SHA1 of the payment client.
  • Step S508 The cloud server searches for the MD5 and SHA1 corresponding to the obtained package name in the whitelist by using the pre-established package name index.
  • step S510 the cloud server determines whether the acquired MD5 and SHA1 are the same as the MD5 and SHA1 found in the whitelist. If the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 and the SHA1 found in the whitelist are obtained, If yes, proceed to step S512; if the acquired MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, proceed to step S514; if the acquired MD5 and white The MD5s found in the list are different, and the obtained SHA1 is the same as the SHA1 found in the whitelist. Then, the process proceeds to step S514; if the obtained MD5 is different from the MD5 found in the whitelist, and the acquired SHA1 and white are obtained. If the SHA1 found in the list is also different, step S514 is continued.
  • step S512 the payment client is determined to be a non-malicious client, and sent to the mobile terminal, and the process proceeds to step S516.
  • Step S514 Determine that the payment client is a malicious client or an unknown client, and send the message to the mobile terminal, and continue to step S518.
  • Step S516 No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
  • the mobile terminal and the cloud server are combined, and the feature information is used to flexibly and effectively identify a fake client that is pretending to be a genuine payment client or a payment client that is packaged with a Trojan or a virus program twice, and It is processed in a timely manner.
  • FIG. 6 illustrates another flow chart of a method of securing mobile payment security in conjunction with a mobile terminal and a cloud server, in accordance with one embodiment of the present invention.
  • the payment client is a malicious client or an unknown client
  • the similarity between the icon of the payment client and the icon in the preset icon library may be used. Further judgment.
  • the method includes the following steps S602 to S614.
  • Step S602 The mobile terminal acquires an icon of the payment type client.
  • Step S604 Send a query requesting whether the payment type client is a malicious client's query request to the cloud server, where the query request carries an icon of the payment type client.
  • Step S606 Receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client.
  • Step S608 The cloud server calculates the similarity between the icon of the payment class client and the icon in the preset icon library, and determines an icon in the icon library that has a similarity greater than or equal to a preset threshold.
  • Step S610 The cloud server queries the known payment client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment client.
  • Step S612 Determine whether the known payment client is a malicious client, and obtain a judgment result.
  • Step S614 The judgment result is used as a result of the inquiry of whether the payment client is a malicious client, and is sent to the mobile terminal.
  • the result of the query is that the payment client is a non-malicious client; if the payment client is known as a malicious client, the query result is a payment class.
  • the client is a malicious client.
  • the process is not processed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed. If the payment client is a malicious client, the payment client is deleted, and the user is prompted to install a genuine payment client.
  • the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment.
  • the cloud server queries the payment client as a malicious client, the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
  • the embodiment of the present invention further provides a mobile payment security protection device to implement the above mobile payment security protection method.
  • FIG. 7 is a schematic structural diagram of a mobile payment security protection apparatus on a mobile terminal side according to an embodiment of the present invention.
  • the apparatus at least includes: an obtaining module 710, a matching module 720, a first determining module 730, and a processing module 740.
  • the obtaining module 710 is configured to: when the triggering event of the payment terminal of the mobile terminal is monitored, obtain the feature information of the payment class client, where the feature information refers to the unique identity information of the payment class client;
  • the matching module 720 is coupled to the acquiring module 710, and configured to match the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes a mobile terminal capable of performing payment operation securely. Characteristic information of the payment class client;
  • the first determining module 730 is coupled to the matching module 720, and configured to determine, according to the matching result, whether the payment client is a malicious client;
  • the processing module 740 is coupled to the first determining module 730 and configured to process the payment client according to the determination result.
  • the feature information may include at least one of the following: name, icon, package name, signature, version information, message digest algorithm MD5, secure hash algorithm SHA1, file size, file Modify time, file creation time.
  • the first determining module 730 may be further configured to: if the acquired feature information exists in the whitelist, determine that the payment client is a non-malicious client; if the acquired feature information does not exist in the white In the list, determine that the payment class client is a malicious client or an unknown client.
  • the device shown in FIG. 7 may further include a second determining module 750, coupled to the first determining module 730, configured to: obtain an icon of a payment client, where the payment client is An unknown client; calculating the similarity between the acquired icon and the icon in the preset icon library; determining an icon in the icon library with a similarity greater than or equal to a preset threshold; according to the icon in the preset icon library and the known payment
  • the known payment client is a malicious client, and the payment client is determined to be a malicious client.
  • the second determining module 750 may be further configured to: obtain an icon of the payment type client, where the payment type client is an unknown client; and send a query requesting whether the payment type client is a malicious client. To the cloud server, wherein the query request carries an icon of the payment type client; and receives the query result returned by the cloud server.
  • the acquired icon includes a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  • the second determining module 750 is further configured to: zoom the acquired icon and the icon in the preset icon library to the same size; by comparing the zoomed acquired icon with the preset The icon in the icon library corresponds to the pixel of the position, and the similarity is obtained.
  • the triggering event of the payment class client includes at least one of the following:
  • FIG. 8 shows a schematic structural diagram of a cloud server according to an embodiment of the present invention.
  • the cloud server includes at least a request receiving module 810, a computing module 820, a query module 830, a third determining module 840, and a sending module 850.
  • the request receiving module 810 is configured to receive, from the mobile terminal, a query request for querying whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client;
  • the computing module 820 is coupled to the request receiving module 810, configured to calculate a similarity between the icon of the payment client and the icon in the preset icon library, and determine an icon in the icon library that has a similarity greater than or equal to a preset threshold;
  • the query module 830 is coupled to the computing module 820, and configured to query the known payment client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment client;
  • the third determining module 840 is coupled to the query module 830, and configured to determine whether the known payment client is a malicious client, and obtain a determination result;
  • the sending module 850 is coupled to the third determining module 840, and configured to use the result of the determination as a result of the query of the payment client as a malicious client, and send the result to the mobile terminal.
  • the sending module 850 may be further configured to: if the payment client is known as a non-malicious client, the query result is that the payment client is a non-malicious client; if the payment client is known For a malicious client, the result of the query is that the payment client is a malicious client.
  • the icon of the payment class client includes a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  • the information carried in the query result includes at least one of the following:
  • An installation package for a payment client that can securely perform payment class operations
  • the embodiment of the present invention can achieve the following beneficial effects:
  • the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client.
  • the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice.
  • the mobile terminal and the cloud server may determine whether the payment client is a malicious client or a non-malicious client according to the similarity between the icon of the payment client and the icon in the preset icon library, so as to achieve more accurate implementation.
  • Judge. If the payment type client is determined to be a malicious client according to the feature information in the white list, and the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment.
  • the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
  • a secure payment method and apparatus for a mobile terminal are also provided.
  • FIG. 9 is a flowchart showing the processing of a secure payment method of a mobile terminal according to an embodiment of the present invention. Referring to FIG. 9, the flow includes at least steps S902 to S906.
  • the identity identification information of the payment type client is acquired.
  • the identity information of the payment client may be any information that can identify the identity of the payment client, for example, the package name information of the payment client, the version information of the payment client, and/or the payment client.
  • the payment type client is a payment type software installed on the mobile terminal.
  • step S904 is performed to determine whether the security of the payment client is verified according to the identity information of the payment client, and after the security of the payment client is verified, the payment class is used.
  • the client performs a payment operation (ie, step S906).
  • the embodiment of the present invention when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information.
  • the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used.
  • the embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation.
  • the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
  • the embodiment of the present invention it is determined whether the security of the payment client is verified by obtaining the identity information of the payment client.
  • the embodiment of the present invention may also preferably detect the running environment of the payment client and/or the payment client according to a preset rule when the payment client is downloaded and/or the payment client is started.
  • the network used when detecting the running or downloading environment of the payment client, when the user downloads the payment client or starts the payment client, the network used (such as wireless network wifi) may be a public place network, security. Lower.
  • the criminals can easily tamper with the local domain name system (DNS), resulting in the downloaded payment client.
  • DNS domain name system
  • the end is a phishing payment client (such as a payment client masquerading as a common payment client to illegally obtain user information), or when the payment client is started, since the local DNS has been illegally tampered with, the user actually inputs the information.
  • the interface may be an interface that steals user information after the local DNS has been tampered with.
  • the embodiment of the present invention preferably detects the security of the network used. If the network is detected as a network with security risks, the user is prompted to use the current network to download or run the payment client. If the user chooses to continue using the current network or determines the security of the network after detecting, it is detected whether the local DNS has been changed. If it is determined that the local DNS has been changed, the user is prompted, the local DNS is changed, and the user is asked whether to change the local DNS to a secure DNS.
  • the secure DNS may be a server that has been authenticated by security, and may be a plurality of domain name resolution servers having the qualification of a telecom operator.
  • the domain name of the online shopping website, the domain name of the game website, and the domain name of the social network website are selected from the domain names with a large number of user visits (such as a user access volume exceeding 400 million).
  • Ask the user whether to change the local DNS to a secure DNS according to the user's input selection command or according to any reception
  • the changed DNS is changed to a secure DNS. If the user chooses not to change the DNS or determines that the local DNS has not been changed, the next operation is performed.
  • the embodiment of the present invention preferably performs a virus scanning operation on the payment client. For example, call the setPreInstallListener( ) interface of the QihooAppManager class to register the listener.
  • the embodiment of the present invention does not directly perform the corresponding operation, but first performs a virus scan on the payment client. Then call the resumeOrAbortInstall() interface to decide whether to continue downloading or installing or continuing to run the payment class client.
  • the embodiment of the present invention may perform a virus scanning operation on the payment client according to the virus database local to the mobile terminal, and may perform virus scanning on the payment client according to the virus database of the cloud server.
  • the operation may also be based on a local virus database combined with a virus database of the cloud server to perform a more comprehensive virus scanning operation on the payment client.
  • the payment client After detecting the running environment of the payment client and/or the payment client, if the payment client fails the detection, the payment client is determined to be a payment-type client whose security is not verified. For the payment type client that is detected, such as the payment type client whose local DNS is not changed and the virus is not present in the payment type client, obtain the identity information of the payment type client, and determine the payment according to the identity information of the payment type client. Whether the class client security is verified.
  • a predefined security identification library may be set in the mobile terminal local and/or cloud server.
  • the pre-defined security identification library stores identity information of the payment client. That is, the predefined security identification library is a database in which the identity identification information of the payment type client is stored. Therefore, the security identification library is simply referred to as a database below.
  • the identity identification information of the payment type client stored in the database is classified according to the determination of the security of the known payment type client.
  • the database stores a whitelist of payment-type clients (ie, a list of security-certified payment-type clients), and a blacklist of payment-type clients (ie, a list of payment-type clients whose security is not verified).
  • the identity information of each payment class client is stored in the whitelist and the blacklist of the database.
  • the payment client A exists in the white list, and the identification information of the payment client A is also stored in the white list.
  • the identity information of the payment client may include one or a combination of the following: a package name of the payment client, a version number, and a developer signature.
  • the identity information of the payment client may further include the feature data of the payment client.
  • the embodiment of the present invention can perform security verification on the payment client with unknown security.
  • the feature data of the payment client includes the identity information of the payment client described above, and may also include a feature of a component broadcast receiver of the payment client, a feature of the service of the payment client, and payment. The characteristics of the component activity of the class client, the instruction or string in the executable file, and the message digest algorithm (MD5 value) of each file in the installation package directory of the payment client.
  • the executable file includes a Dex type file (including a classes.dex file, a file with a .jar extension, and a file in a Dex format), and/or an ELF type file.
  • a Dex type file including a classes.dex file, a file with a .jar extension, and a file in a Dex format
  • the embodiment of the present invention when the security verification of the payment client is performed by using the database, due to the mobile terminal The local space resources are limited. Therefore, the identity information and/or feature data of the payment client stored in the database in the cloud server is more comprehensive. Therefore, preferably, the embodiment of the present invention sends the identity information of the payment client to the cloud server for security verification.
  • the cloud server matches the identity information of the received payment type client in the database storing the identity information of the payment type client through the security verification, and returns a matching result. According to the matching result, the embodiment of the present invention can determine whether the payment type client is a payment type client whose security is verified.
  • the matching result is that the identity information in the database can match the identity information of the payment client, it is determined that the security of the payment client is verified, and if the matching result is the identity information of the received payment client If it is not able to match any of the identity information stored in the database, it is determined that the payment class client security has not passed the verification.
  • the database may also store the identity information of the payment type client whose security is not verified, and the data characteristics of the known malicious payment type client, when verifying the security of the payment type client, The identity information of the payment type client may be matched with the identity information of the payment type client in the database that is not verified by the security. If it is matched, it is determined that the payment type client fails the security verification, and if it does not match Then, according to the data characteristics of the known malicious payment client, whether the fullness of the payment client can be further verified can be verified.
  • the Trojan horse program, the secondary packaging of the software, and the like are more and more advanced, and only the identity information of the payment client that is not verified according to the known security and the data of the known malicious payment client are known.
  • the feature cannot guarantee that the fake payment client or phishing payment software can be fully detected, and the security client that can pass the verification can determine its security through manual inquiry and other ways. It is added to the database for the user to verify the security of the payment client when downloading or installing or using the payment client. Therefore, in the embodiment of the present invention, the identity information of the payment client is matched with the identity information of the payment client authenticated in the database, and the security of the payment client is verified according to the matching result.
  • the processing operation option in the embodiment of the present invention is displayed in the form of a button, that is, each processing operation option displayed is a corresponding processing button, and when the user triggers the processing operation option, the user can be received at the corresponding processing button.
  • Input instructions If the trigger instruction input by the user according to the prompt message is received at the processing button, the corresponding processing is performed on the payment client according to the trigger instruction.
  • the processing button that is displayed when the security of the payment client is not verified may be any button that can trigger the processing of the payment client, which is not limited by the embodiment of the present invention.
  • the processing button may be a termination button, may be an uninstall button, may be a genuine button installed, or may continue to use a button.
  • the running process of the payment client is terminated, and if the trigger command of the user is received at the uninstall button, the payment client is uninstalled, and if the user is received at the genuine button
  • the triggering instruction, uninstalling the payment type client, and installing the genuine payment type client corresponding to the payment type client if the user receives the trigger instruction at the button, the operation state of the payment type client is maintained.
  • the prompt message when it is determined that the security of the payment client fails to pass the verification, can be displayed, and various buttons for different processing of the payment client are performed, and the user is received at each button.
  • the triggering instruction performs corresponding processing on the payment client, and the payment client is processed according to the user's selection to ensure that the payment client is performing the wrong uninstallation when the user is prompted to pay the security of the client. Such operations cause user inconvenience.
  • the payment client belongs to an uninstallable application, and the identifier is uninstallable; if the payment client is detected to include an advertisement, The pop-up window, the charge, and the like, classify the payment client according to different contents included in the payment client, and identify that it is uninstallable; if the payment client is detected, the payment client can be determined as the mobile terminal In its own application, the unloading payment client may affect the normal use of the mobile terminal, and then classify and identify the payment client as non-uninstallable; if the payment client is detected, it can determine that the payment client is The mobile terminal's own application, and the offloading payment client does not have a serious impact on the normal use of the mobile terminal, but may cause loss of functionality in the mobile terminal, and the payment class client is classified and identified as a cautious uninstall.
  • the embodiment of the present invention determines that the security of the payment type client fails the verification.
  • the payment client A may be a newly developed payment client, and the user who starts the payment client A is the first user of the payment client A, and the database does not store the payment.
  • the version information of the client A but the user can determine that the payment client A does not have a security risk, and the user can ensure that the payment operation is continued by the payment client A by triggering the continue use button described above.
  • the verification process of the security of the payment client can be applied to the verification process of any software security, and the embodiment of the present invention does not limited.
  • a preferred embodiment is provided to introduce a secure payment method of the mobile terminal provided by the embodiment of the present invention. It should be noted that, in order to simplify the present preferred embodiment, in this example, the payment client A is installed in the mobile phone.
  • FIG. 10 is a flow chart showing the processing of a secure payment method of a mobile terminal in accordance with a preferred embodiment of the present invention. Referring to FIG. 10, the flow includes at least steps S1002 to S1026. It should be noted that, in FIG. 10, the payment client A is simply referred to as a payment client.
  • Step S1002 detecting a local DNS.
  • the payment type client A when it is detected that the payment type client A is started, it is preferable to detect the network used by the startup payment type client A.
  • the network When it is detected that the network is a public network, it is determined that the security of the public network is low, and the local DNS is detected.
  • step S1004 it is determined whether the local DNS is changed. If it is not changed, step S1012 is directly performed. If the determination is changed, step S1006 is performed.
  • Step S1006 When it is determined according to step S1004 that the local DNS is changed, the user is prompted to change the local DNS, and the use of the payment client A may have a security risk. For example, displaying a prompt on the phone’s screen Message. In addition, when the prompt message is displayed, it is also possible to display a processing button on the screen, such as displaying a "modify local DNS" button and/or a "keep local DNS unchanged” button.
  • Step S1008 Determine whether to modify the local DNS according to an instruction input by the user. If yes, go to step S1010, if no, go to step S1012.
  • a prompt message may be displayed on the screen of the mobile phone, and preferably, a processing button may also be displayed.
  • a trigger command input by the user according to the prompt message is received at the processed processing button. For example, when the user inputs a trigger instruction at the "modify local DNS" button, it is determined to modify the local DNS. When the user inputs a trigger instruction at the "keep local DNS unchanged” button, it is determined that the local DNS remains unchanged, and is not correct. It is modified.
  • Step S1010 Modify the local DNS as a secure DNS.
  • the secure DNS may be a server that has been authenticated by security, and may be a plurality of domain name resolution servers having the qualification of a telecom operator. For example, the domain name of the online shopping website, the domain name of the game website, and the domain name of the social website are selected from the domain names with a large number of user visits.
  • Step S1012 performing a virus scanning operation.
  • a virus scanning operation is performed on the payment client A.
  • Step S1014 Determine whether a virus exists in the payment client A. If yes, go to step S1024 directly, and if no, go to step S1016.
  • Step S1016 When it is determined according to step S1014 that there is no virus in the payment client A, the payment client A obtains the identity identification information of the payment client A by detecting.
  • the identity information of the payment client A may be the package name information of the payment client A, the version information of the payment client A, and the signature information of the payment client A.
  • Step S1018 Send the acquired identity information of the payment client A to the cloud server.
  • the cloud server matches the identity information of the payment client A in the database and returns a matching result.
  • the database stores the identity information of the payment-type client that is authenticated by security.
  • step S1020 it is determined whether the security of the payment client A is verified according to the matching result. If yes, step S1022 is performed, and if no, step S1024 is performed.
  • step S1022 if the matching result is that the identity information in the database can match the identity information of the payment client A, it is determined that the security of the payment client A is verified, and step S1022 is performed; if the matching result is a payment client If the identity information of the terminal A is not matched with any of the identity information stored in the database, it is determined that the security of the payment client A does not pass the verification, and step S1024 is performed.
  • Step S1022 After the security of the payment client A is verified, the operation of the payment client A is maintained.
  • Step S1024 After determining that the security of the payment client A has not passed the verification, a prompt message and a processing button are displayed.
  • the processing button that is displayed when the security of the payment client A is not verified may be any button that can trigger the processing of the payment client A, which is not limited by the embodiment of the present invention.
  • the processing button may be a termination software button, an uninstall button, a genuine button, or a button.
  • Step S1026 Perform corresponding processing according to the trigger instruction of the user.
  • receiving a trigger instruction input by the user at a different processing button performs a corresponding processing on the payment class client A. For example, if the trigger command of the user is received at the termination button, the running process of the payment type client is terminated, and if the trigger instruction of the user is received at the uninstall button, the payment type client is uninstalled, and if the user is received at the installation genuine button Trigger the command, uninstall the payment client, and install the genuine payment client corresponding to the payment client. If the user receives the trigger command while continuing to use the button, the operation state of the payment client is maintained.
  • the prompt message can be displayed, and various buttons for different processing of the payment client are received, and the payment class is received by receiving the trigger instruction of the user at each button.
  • the client performs the corresponding processing, and the payment client is processed according to the user's choice to ensure that the user is in danger of paying the security of the client, thereby avoiding the user's inconvenience caused by performing the wrong uninstallation on the payment client. .
  • the embodiment of the present invention provides a secure payment device for a mobile terminal to implement a secure payment method for the mobile terminal.
  • FIG. 11 is a block diagram showing the structure of a secure payment device of a mobile terminal according to an embodiment of the present invention.
  • the secure payment device of the mobile terminal according to the embodiment of the present invention includes at least a monitoring module 1110, an obtaining module 1120, a determining module 1130, and a processing module 1140.
  • the monitoring module 1110 is configured to monitor a payment type client installed on the mobile terminal to start.
  • the obtaining module 1120 is coupled to the monitoring module 1110 and configured to obtain the identity information of the payment client.
  • the identity information includes at least one of the following: a package name information of the payment client, a version information of the payment client, and a payment class.
  • the signature information of the client is included in the identity information.
  • the determining module 1130 is coupled to the obtaining module 1120 and configured to determine whether the security of the payment client is verified according to the identity information of the payment client.
  • the processing module 1140 is coupled to the determining module 1130, and configured to perform a payment operation by using the payment class client if it is determined that the payment type client security is verified.
  • FIG. 12 is a block diagram showing the structure of a secure payment device of a mobile terminal according to a preferred embodiment of the present invention.
  • the secure payment device of the mobile terminal in this example further includes:
  • the sending module 1150 is configured to send the identity information of the payment client to the cloud server, where the cloud server matches the identity information of the payment client in the database, where the database stores the security client that has passed the security verification. Identification information;
  • the determining module 1130 is further configured to determine whether the security of the payment class client passes the verification according to the matching result returned by the cloud server.
  • the determining module 1130 is further configured to:
  • the matching result is that the identity information exists in the database and the identity information of the payment class client Matching, it is determined that the security of the payment client is verified;
  • the matching result is that the identity information of the payment client is not able to match any of the identity information stored in the database, it is determined that the payment client security has not passed the verification.
  • the secure payment device of the mobile terminal further includes:
  • the detecting module 1160 is configured to: when the payment client is started, detect the running environment of the payment client and/or the payment client according to a preset rule;
  • the obtaining module 1120 is further configured to filter out the payment type client that passes the detection;
  • the determining module 1130 is further configured to:
  • the payment type client that fails the detection is a payment type client whose security has not passed the verification.
  • processing module 1140 is further configured to:
  • the determining module 1130 determines that the payment type client security fails the verification, the prompt message and the processing operation option are displayed, so that the user processes the payment processing client according to the prompt message triggering the corresponding processing operation option, wherein the processing operation option includes at least the following One: terminate, uninstall, install genuine, continue to use;
  • the payment class client performs corresponding processing according to the processing operation option triggered by the user.
  • the detecting module 1160 performs a detecting operation on the operating environment of the payment client and/or the payment client according to the preset rule, including at least one of the following:
  • the detection module 1160 is further configured to:
  • the determining module 1130 is further configured to:
  • the detection module 1160 detects that the local DNS is modified and/or there is a virus in the payment client, it is determined that the payment client has not passed the detection.
  • the embodiment of the present invention can achieve the following beneficial effects:
  • the embodiment of the present invention when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information.
  • the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used.
  • the embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation.
  • the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. It should be understood by those skilled in the art that a microprocessor or a digital signal processor (DSP) can be used in practice to implement a mobile payment security protection device and a cloud server according to an embodiment of the present invention, and a security detection of a mobile terminal input window. Some or all of the functionality of some or all of the components.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • Figure 13 illustrates a computing device that can implement a method of transferring data between intelligent terminals.
  • the computing device conventionally includes a processor 1310 and a computer program product or computer readable medium in the form of a memory 1320.
  • the memory 1320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM.
  • Memory 1320 has a storage space 1330 for program code 1331 for performing any of the method steps described above.
  • the storage space 1330 for program code may include respective program codes 1331 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • the fixed storage unit may have a storage segment, a storage space, and the like that are similarly arranged to the storage 1320 in the computing device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 1331', ie, code that can be read by a processor, such as, for example, 1310, which when executed by a computing device causes the computing device to perform each of the methods described above step.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A mobile payment security protection method, apparatus and cloud server, and a mobile terminal secure payment method and apparatus. The mobile payment security protection method comprises: when a triggering event of a mobile terminal payment client is detected, acquiring the feature information of the payment client, wherein said feature information refers to unique ID information of the payment client (S102); implementing matching of the acquired feature information and feature information in a preset white list to obtain matching results, wherein said white list comprises feature information of mobile terminal payment clients which can securely complete payment operations (S104); on the basis of the matching results, determining whether the payment client is a malicious client (S106); and, on the basis of the determining results, processing the payment client (S108). The security of payment clients on a mobile terminal can be improved, enhancing protection against malicious attacks such as viruses and Trojans, and thereby providing a secure, clean mobile payment environment for the user.

Description

移动支付安全的保护方法、装置及云服务器Mobile payment security protection method, device and cloud server 技术领域Technical field
本发明涉及移动终端技术领域,特别是一种移动支付安全的保护方法、装置及云服务器,以及一种移动终端的安全支付方法及装置。The present invention relates to the field of mobile terminal technologies, and in particular, to a mobile payment security protection method, device and cloud server, and a secure payment method and device for a mobile terminal.
背景技术Background technique
移动支付,是指允许用户使用其移动终端(如手机等)对所消费的商品或服务进行账务支付的一种服务方式。用户通过移动终端、互联网或者近距离传感直接或间接向银行金融机构发送支付指令产生货币支付与资金转移行为,从而实现移动支付功能。随着移动电子商务迅速发展,第三方支付、银行等争相推出移动支付客户端,购物、理财、生活服务等交易类客户端也在不断出现,大大丰富了移动支付的市场应用环境。Mobile payment refers to a service method that allows users to use their mobile terminals (such as mobile phones) to pay for goods or services they consume. The user sends a payment instruction directly or indirectly to the banking financial institution through the mobile terminal, the Internet or proximity sensing to generate a money payment and a fund transfer behavior, thereby realizing the mobile payment function. With the rapid development of mobile e-commerce, third-party payment, banking and other companies are rushing to launch mobile payment clients. Shopping clients such as shopping, wealth management and life services are also emerging, which greatly enriches the market application environment of mobile payment.
移动支付的安全性是影响支付业务发展的关键因素。移动支付的安全性涉及用户信息的保密、用户资金和支付信息的安全等问题,其面临的安全风险主要来自于两个方面:网络和系统的安全性、以及移动终端的安全性。The security of mobile payments is a key factor affecting the development of payment services. The security of mobile payment involves the confidentiality of user information, the security of user funds and payment information, and the security risks it faces mainly come from two aspects: network and system security, and the security of mobile terminals.
在移动终端方面,一些假冒的客户端伪装成正版支付类客户端,或者一些木马、病毒程序被二次打包至支付类客户端,导致目前移动终端上的支付类客户端安全性较低,对于病毒、木马等恶意攻击防护性差,进而使得用户隐私、流量、话费等被窃取盗用,给用户造成严重的损失。In terms of mobile terminals, some fake clients masquerade as genuine payment-type clients, or some Trojans and virus programs are packaged twice into payment-type clients, resulting in lower security of payment-type clients on mobile terminals. Viruses, Trojans and other malicious attacks are poorly protected, which in turn makes users' privacy, traffic, and phone bills stolen and misappropriated, causing serious losses to users.
发明内容Summary of the invention
鉴于上述问题,提出了本发明以便提供一种克服上述问题或者至少部分地解决上述问题的移动支付安全的保护方法、装置及云服务器,以及移动终端的安全支付方法及装置。In view of the above problems, the present invention has been made in order to provide a mobile payment security protection method, apparatus, and cloud server that overcome the above problems or at least partially solve the above problems, and a secure payment method and apparatus for the mobile terminal.
根据本发明的一方面,提供了一种移动支付安全的保护方法,包括:监测到移动终端支付类客户端的触发事件时,获取所述支付类客户端的特征信息,其中,所述特征信息指所述支付类客户端的唯一身份标识信息;将获取的所述特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,所述白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息;根据所述匹配结果判断所述支付类客户端是否为恶意客户端;根据判断结果对所述支付类客户端进行处理。According to an aspect of the present invention, a method for protecting mobile payment security is provided, including: acquiring feature information of a payment type client when monitoring a trigger event of a mobile terminal payment type client, wherein the feature information refers to The unique identification information of the payment type client is matched with the feature information in the preset white list to obtain a matching result, wherein the white list includes a mobile that can safely complete the payment type operation The feature information of the terminal payment type client; determining, according to the matching result, whether the payment type client is a malicious client; and processing the payment client according to the determination result.
根据本发明的另一方面,提供了一种移动支付安全的保护方法,包括:接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,所述查询请求携带有所述支付类客户端的图标;计算所述支付类客户端的图标与预置的图标库中的图标的相似度,确定所述图标库中、所述相似度大于或等于预设阈值的图标;根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;判断所述已知支付类客户端是否为恶意客 户端,得到判断结果;将所述判断结果作为所述支付类客户端是否为恶意客户端的查询结果,并发送至所述移动终端。According to another aspect of the present invention, a method for protecting mobile payment security is provided, comprising: receiving, from a mobile terminal, a query request for querying whether a payment terminal client of a mobile terminal is a malicious client, wherein the query request carries An icon of the payment-type client; calculating a similarity between the icon of the payment-type client and the icon in the preset icon library, and determining an icon in the icon library that the similarity is greater than or equal to a preset threshold; Presetting the mapping relationship between the icon in the icon library and the known payment client, querying the known payment client corresponding to the determined icon; determining whether the known payment client is a malicious client The terminal obtains the result of the judgment; and the result of the judgment is used as a result of the query of the payment client as a malicious client, and is sent to the mobile terminal.
根据本发明的另一方面,还提供了一种移动支付安全的保护装置,包括:According to another aspect of the present invention, there is also provided a mobile payment security protection device, comprising:
获取模块,配置为监测到移动终端支付类客户端的触发事件时,获取所述支付类客户端的特征信息,其中,所述特征信息指所述支付类客户端的唯一身份标识信息;The acquiring module is configured to acquire the feature information of the payment class client when the trigger event of the payment terminal of the mobile terminal is monitored, where the feature information refers to the unique identity information of the payment class client;
匹配模块,配置为将获取的所述特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,所述白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息;The matching module is configured to match the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes a mobile terminal payment client capable of performing a payment type operation securely. Characteristic information
第一判断模块,配置为根据所述匹配结果判断所述支付类客户端是否为恶意客户端;The first determining module is configured to determine, according to the matching result, whether the payment client is a malicious client;
处理模块,配置为根据判断结果对所述支付类客户端进行处理。The processing module is configured to process the payment client according to the determination result.
根据本发明的另一方面,还提供了一种云服务器,包括:According to another aspect of the present invention, a cloud server is further provided, including:
请求接收模块,配置为接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,所述查询请求携带有所述支付类客户端的图标;The request receiving module is configured to receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client;
计算模块,配置为计算所述支付类客户端的图标与预置的图标库中的图标的相似度,确定所述图标库中、所述相似度大于或等于预设阈值的图标;a calculation module, configured to calculate an similarity between an icon of the payment client and an icon in the preset icon library, and determine an icon in the icon library that the similarity is greater than or equal to a preset threshold;
查询模块,配置为根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;The query module is configured to query, according to a preset mapping relationship between the icon in the icon library and a known payment client, a known payment client corresponding to the determined icon;
第三判断模块,配置为判断所述已知支付类客户端是否为恶意客户端,得到判断结果;The third determining module is configured to determine whether the known payment client is a malicious client, and obtain a determination result;
发送模块,配置为将所述判断结果作为所述支付类客户端是否为恶意客户端的查询结果,并发送至所述移动终端。The sending module is configured to use the judgment result as a query result of whether the payment client is a malicious client, and send the result to the mobile terminal.
本发明的有益效果为:The beneficial effects of the invention are:
本发明实施例中,在监测到移动终端支付类客户端的触发事件时,获取支付类客户端的特征信息,并将获取的特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果。随后,根据匹配结果判断支付类客户端是否为恶意客户端,进而根据判断结果对支付类客户端进行处理。由于特征信息为支付类客户端的唯一身份标识信息,伪装成支付类客户端的假冒客户端仅仅是界面相似,但是身份标识不能复制,而二次打包木马、病毒程序的支付类客户端,因客户端本身的信息发生改变,身份标识也必然相应改变,与原支付类客户端的唯一身份标识信息不同,因而利用特征信息可以灵活、有效地识别出伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序的支付类客户端。在鉴别特征信息之后,能够确认当前所使用的支付类客户端是否为恶意客户端并根据判断结果对其进行及时处理。若确定恶意客户端,可以停止支付类操作,还可以举报投诉,尽量减少用户的损失。因此,采用本发明实施例提供的技术方案,能够提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性,从而为用户提供一个安全、干净的移动支付环境。 In the embodiment of the present invention, when the trigger event of the payment client of the mobile terminal is detected, the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client. Therefore, the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice. A payment class client packaged with Trojans and virus programs. After the feature information is authenticated, it can be confirmed whether the currently used payment client is a malicious client and timely processed according to the judgment result. If you identify a malicious client, you can stop the payment class operation, and you can also report the complaint and minimize the user's loss. Therefore, the technical solution provided by the embodiment of the present invention can improve the security of the payment client on the mobile terminal, enhance the protection against malicious attacks such as viruses and Trojans, and provide a safe and clean mobile payment environment for the user.
根据本发明的又一方面,提供了一种移动终端的安全支付方法,包括:监测到安装于移动终端的支付类客户端启动时,获取所述支付类客户端的身份标识信息,其中,所述身份标识信息包括下列至少之一:所述支付类客户端的包名信息、所述支付类客户端的版本信息、所述支付类客户端的签名信息;根据所述支付类客户端的身份标识信息确定所述支付类客户端安全性是否通过验证;若是,利用所述支付类客户端执行支付操作。According to still another aspect of the present invention, a secure payment method for a mobile terminal is provided, which includes: monitoring, when a payment-type client installed in a mobile terminal starts, acquiring identity identification information of the payment-type client, wherein The identity information includes at least one of the following: a package name information of the payment type client, version information of the payment type client, signature information of the payment type client, and determining the identifier according to the identity information of the payment type client. Whether the security of the payment type client is verified; if so, the payment operation is performed by the payment type client.
根据本发明的又一方面,还提供了一种移动终端的安全支付装置,应用于移动终端,包括:监测模块,配置为监测安装于移动终端的支付类客户端启动;获取模块,配置为获取通过检测的所述支付类客户端的身份标识信息,其中,所述身份标识信息包括下列至少之一:所述支付类客户端的包名信息、所述支付类客户端的版本信息、所述支付类客户端的签名信息;确定模块,配置为根据所述支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证;处理模块,配置为若确定所述支付类客户端安全性通过验证,利用所述支付类客户端执行支付操作。According to still another aspect of the present invention, a secure payment device for a mobile terminal is provided, which is applied to a mobile terminal, and includes: a monitoring module configured to monitor a payment type client installed on the mobile terminal to be activated; and an acquisition module configured to acquire The identification information of the payment-type client is detected, wherein the identity identification information includes at least one of the following: a package name information of the payment-type client, version information of the payment-type client, and the payment-type client And the determining module is configured to determine whether the security of the payment client is verified according to the identity information of the payment client, and the processing module is configured to: if it is determined that the security of the payment client is verified, use the The payment type client performs a payment operation.
本发明的有益效果为:The beneficial effects of the invention are:
依据本发明实施例,能够在监测到支付类客户端启动时,获取通过检测的支付类客户端的身份标识信息,并根据获取到的身份标识信息确定支付类客户端的安全性是否通过验证。现有技术中,用户无法判断使用的支付类客户端的安全性是否通过验证,因此,无法保证使用支付类客户端时隐私信息不被泄露以及财产不受到损失。而本发明实施例能够在监测到支付类客户端启动时,获取支付类客户端的身份标识信息,并根据获取到的支付类客户端的身份标识信息对支付类客户端进行安全性验证,当确定支付类客户端通过安全性验证之后,利用支付类客户端执行支付操作。因此,依据本发明实施例能够解决现有技术中不能够对支付类客户端进行安全性验证的问题,达到了避免用户使用盗取用户隐私信息的虚假支付类客户端的有益效果,进而能够合理有效避免用户隐私信息的泄露,以及保护用户财产的安全。According to the embodiment of the present invention, when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information. In the prior art, the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used. The embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation. Therefore, according to the embodiment of the present invention, the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
根据本发明的再一方面,提供了一种计算机程序,其包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行根据上文所述任一个的移动支付安全的保护方法和/或移动终端的安全支付方法。According to still another aspect of the present invention, a computer program is provided, comprising computer readable code, when the computer readable code is run on a computing device, causing the computing device to perform any of the above Mobile payment security protection method and/or secure payment method of mobile terminal.
根据本发明的再一方面,提供了一种计算机可读介质,其中存储了上述的计算机程序。According to still another aspect of the present invention, a computer readable medium storing the above computer program is provided.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and the above-described and other objects, features and advantages of the present invention can be more clearly understood. Specific embodiments of the invention are set forth below.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中: Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的一种流程图;1 is a flow chart showing a method for protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention;
图2示出了根据本发明一个实施例的云服务器侧的移动支付安全的保护方法的流程图;2 is a flow chart showing a method for protecting mobile payment security on the cloud server side according to an embodiment of the present invention;
图3示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的另一种流程图;FIG. 3 is another flow chart showing a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention; FIG.
图4示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的第三种流程图;4 is a third flowchart of a method for protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention;
图5示出了根据本发明一个实施例的结合移动终端和云服务器的移动支付安全的保护方法的一种流程图;FIG. 5 is a flow chart showing a method for protecting mobile payment security in combination with a mobile terminal and a cloud server according to an embodiment of the present invention; FIG.
图6示出了根据本发明一个实施例的结合移动终端和云服务器的移动支付安全的保护方法的另一种流程图;6 shows another flow chart of a method for protecting mobile payment security combining a mobile terminal and a cloud server according to an embodiment of the present invention;
图7示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护装置的结构示意图;FIG. 7 is a schematic structural diagram of a mobile payment security protection apparatus on a mobile terminal side according to an embodiment of the present invention; FIG.
图8示出了根据本发明一个实施例的云服务器的结构示意图;FIG. 8 is a schematic structural diagram of a cloud server according to an embodiment of the present invention; FIG.
图9示出了根据本发明一个实施例的移动终端的安全支付方法的处理流程图;FIG. 9 is a flowchart showing a process of a secure payment method of a mobile terminal according to an embodiment of the present invention; FIG.
图10示出了根据本发明一个优选实施例的移动终端的安全支付方法的处理流程图;FIG. 10 is a flowchart showing a process of a secure payment method of a mobile terminal according to a preferred embodiment of the present invention; FIG.
图11示出了根据本发明一个实施例的移动终端的安全支付装置的结构示意图;FIG. 11 is a schematic structural diagram of a secure payment apparatus of a mobile terminal according to an embodiment of the present invention; FIG.
图12示出了根据本发明一个优选实施例的移动终端的安全支付装置的结构示意图;FIG. 12 is a block diagram showing the structure of a secure payment device of a mobile terminal according to a preferred embodiment of the present invention; FIG.
图13示意性地示出了用于执行根据本发明的移动支付安全的保护方法和/或移动终端的安全支付方法的计算设备的框图;以及Figure 13 is a block diagram schematically showing a computing device for performing a mobile payment security protection method and/or a secure payment method of a mobile terminal according to the present invention;
图14示意性地示出了用于保持或者携带实现根据本发明的移动支付安全的保护方法和/或移动终端的安全支付方法的程序代码的存储单元。Fig. 14 schematically shows a storage unit for holding or carrying a program code for implementing a mobile payment security protection method and/or a secure payment method of a mobile terminal according to the present invention.
具体实施方式detailed description
下面结合附图和具体的实施方式对本发明作进一步的描述。The invention is further described below in conjunction with the drawings and specific embodiments.
首先介绍本发明实施例提供的一种移动支付安全的保护方法、装置及云服务器。First, a method, a device, and a cloud server for protecting a mobile payment security provided by an embodiment of the present invention are introduced.
图1示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的一种流程图。如图1所示,该方法至少包括以下步骤S102至步骤S108。FIG. 1 is a flow chart showing a method of protecting mobile payment security on a mobile terminal side according to an embodiment of the present invention. As shown in FIG. 1, the method includes at least the following steps S102 to S108.
步骤S102、监测到移动终端支付类客户端的触发事件时,获取支付类客户端的特征信息,其中,该特征信息指支付类客户端的唯一身份标识信息。In step S102, when the trigger event of the payment client of the mobile terminal is detected, the feature information of the payment client is obtained, where the feature information refers to the unique identity information of the payment client.
步骤S104、将获取的特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息。Step S104: Matching the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes feature information of the mobile terminal payment client that can securely perform the payment class operation.
步骤S106、根据匹配结果判断支付类客户端是否为恶意客户端。Step S106: Determine, according to the matching result, whether the payment type client is a malicious client.
步骤S108、根据判断结果对支付类客户端进行处理。 Step S108: Processing the payment client according to the determination result.
本发明实施例中,在监测到移动终端支付类客户端的触发事件时,获取支付类客户端的特征信息,并将获取的特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果。随后,根据匹配结果判断支付类客户端是否为恶意客户端,进而根据判断结果对支付类客户端进行处理。由于特征信息为支付类客户端的唯一身份标识信息,伪装成支付类客户端的假冒客户端仅仅是界面相似,但是身份标识不能复制,而二次打包木马、病毒程序的支付类客户端,因客户端本身的信息发生改变,身份标识也必然相应改变,与原支付类客户端的唯一身份标识信息不同,因而利用特征信息可以灵活、有效地识别出伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序的支付类客户端。在鉴别特征信息之后,能够确认当前所使用的支付类客户端是否为恶意客户端并根据判断结果对其进行及时处理。若确定恶意客户端,可以停止支付类操作,还可以举报投诉,尽量减少用户的损失。因此,采用本发明实施例提供的技术方案,能够提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性,从而为用户提供一个安全、干净的移动支付环境。In the embodiment of the present invention, when the trigger event of the payment client of the mobile terminal is detected, the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client. Therefore, the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice. A payment class client packaged with Trojans and virus programs. After the feature information is authenticated, it can be confirmed whether the currently used payment client is a malicious client and timely processed according to the judgment result. If you identify a malicious client, you can stop the payment class operation, and you can also report the complaint and minimize the user's loss. Therefore, the technical solution provided by the embodiment of the present invention can improve the security of the payment client on the mobile terminal, enhance the protection against malicious attacks such as viruses and Trojans, and provide a safe and clean mobile payment environment for the user.
上文步骤S102中,支付类客户端的触发事件可以包括多种事件。例如,安装支付类客户端,如下载完成支付类客户端的安装包,并进行安装。又例如,启动支付类客户端,如启动支付类客户端,进行浏览和支付。还例如,扫描支付类客户端,如通过安全卫士进行扫描支付类客户端。再例如,更新支付类客户端,如下载完成支付类客户端的更新包,并进行更新,等等。在这些事件发生时,均可以采用本发明提供的技术方案判断支付类客户端是否为恶意客户端,进而根据判断结果对支付类客户端进行处理。In step S102 above, the trigger event of the payment class client may include multiple events. For example, install a payment class client, such as downloading the installation package of the payment class client, and install it. For another example, a payment type client is started, such as a payment type client, for browsing and payment. Also for example, scanning a payment-type client, such as scanning a payment-type client through a security guard. For another example, the payment type client is updated, such as downloading the update package of the payment type client, updating, and the like. When these events occur, the technical solution provided by the present invention can be used to determine whether the payment client is a malicious client, and then the payment client is processed according to the judgment result.
当监测到移动终端支付类客户端的触发事件时,步骤S102进一步获取支付类客户端的特征信息。这里的特征信息是支付类客户端的唯一身份标识信息,可以包括名称、图标、包名、签名、版本信息、MD5(Message Digest Algorithm,消息摘要算法)、SHA1(Secure Hash Algorithm,安全哈希算法)、文件大小、文件修改时间、文件创建时间等等。此外,针对不同的特征信息,步骤S104至步骤S106的实现方式也不完全相同,下面对不同的特征信息对应的实现方式进行详细说明。When the trigger event of the mobile terminal payment type client is detected, step S102 further acquires the feature information of the payment type client. The feature information here is the unique identity information of the payment client, and may include a name, an icon, a package name, a signature, a version information, a message digest algorithm (MD5), and a SHA1 (Secure Hash Algorithm). , file size, file modification time, file creation time, and more. In addition, the implementation manners of the step S104 to the step S106 are not completely the same for different feature information. The implementation manners corresponding to different feature information are described in detail below.
首先,获取的特征信息为名称(或者包名)和图标。在白名单中预置了能够安全完成支付类操作的移动终端支付类客户端的名称和图标,这里能够安全完成支付类操作的移动终端支付类客户端可以认为是正版支付类客户端或者官方支付类客户端。可以预先建立名称索引,通过名称索引查找到获取的名称在白名单中对应的图标,进而计算获取的图标与白名单中查找到的图标的相似度。随后,根据相似度的大小判断该支付类客户端是否为恶意客户端。即,如果相似度大于或等于预设阈值(如99.5%),可以确定该支付类客户端为非恶意客户端;如果相似度小于预设阈值,可以确定该支付类客户端为恶意客户端或未知客户端。进一步地,如果预置的白名单中的图标的数目包括至少一个,可以计算获取的图标与白名单中查找到的至少一个图标的相似度。若预置的白名单中的至少一个图标中存在图标与获取的图标的相似度大于或等于预设阈值,可以确定支付类客户端为非恶意客户端;若预置的白名单中的至少一个图标中的每一个图标与获取的图标的相似度均小于预设阈值,可以 确定支付类客户端为恶意客户端或未知客户端。例如,预置的白名单中包括10个图标,计算获取的图标与其中一个图标的相似度,若相似度大于或等于预设阈值(如99.5%),可以确定该支付类客户端为非恶意客户端;反之,则继续计算获取的图标与下一个图标的相似度。若获取的图标与预置的白名单中的10个图标的相似度均小于预设阈值,那么可以确定支付类客户端为恶意客户端或未知客户端。此外,相似度的计算可以采用多种方法,如计算像素方法或者灰度匹配方法等。例如,关于计算像素的方法,首先将获取的图标与预置的白名单中的图标缩放至相同的尺寸,之后通过比较缩放后的两个图标对应位置的像素,根据相同像素的数目计算得到相似度。通常情况下,伪装成正版支付类客户端的假冒客户端假冒了正版支付类客户端的名称,并对正版支付类客户端的图标进行高度仿真,让用户很难分辨,导致用户的使用支付类客户端时泄漏隐私信息,造成严重的经济损失。采用该技术手段能够有效识别出伪装成正版支付类客户端的假冒客户端,进而对其进行处理,提高移动终端上的支付类客户端的安全性,为用户提供一个安全、干净的移动支付环境。First, the acquired feature information is a name (or package name) and an icon. In the white list, the name and icon of the payment terminal client of the mobile terminal capable of safely completing the payment operation are preset, and the mobile terminal payment client capable of safely completing the payment operation can be regarded as a genuine payment client or an official payment class. Client. The name index may be pre-established, and the icon corresponding to the obtained name in the white list is searched by the name index, and then the similarity between the obtained icon and the icon found in the white list is calculated. Then, according to the size of the similarity, it is determined whether the payment client is a malicious client. That is, if the similarity is greater than or equal to a preset threshold (eg, 99.5%), it may be determined that the payment client is a non-malicious client; if the similarity is less than a preset threshold, the payment client may be determined to be a malicious client or Unknown client. Further, if the number of icons in the preset white list includes at least one, the similarity between the acquired icon and the at least one icon found in the white list may be calculated. If the similarity between the icon and the acquired icon in the at least one icon of the preset whitelist is greater than or equal to the preset threshold, the payment client may be determined to be a non-malicious client; if at least one of the preset whitelists The similarity between each icon in the icon and the obtained icon is less than the preset threshold, and Determine the payment class client as a malicious client or an unknown client. For example, the preset white list includes 10 icons, and the similarity between the obtained icon and one of the icons is calculated. If the similarity is greater than or equal to a preset threshold (such as 99.5%), it can be determined that the payment client is non-malicious. The client; otherwise, it continues to calculate the similarity between the acquired icon and the next icon. If the similarity between the obtained icon and the 10 icons in the preset whitelist is less than a preset threshold, it may be determined that the payment client is a malicious client or an unknown client. In addition, the calculation of the similarity can adopt various methods such as a calculation pixel method or a gray scale matching method. For example, regarding the method of calculating pixels, first, the acquired icons are scaled to the same size as the icons in the preset white list, and then the pixels corresponding to the positions of the two icons are compared, and the similarities are calculated according to the number of the same pixels. degree. Under normal circumstances, a fake client pretending to be a genuine payment client fakes the name of the genuine payment client and highly simulates the icon of the genuine payment client, making it difficult for the user to distinguish, resulting in the user using the payment client. Leaking private information, causing serious economic losses. The technical means can effectively identify the fake client masquerading as a genuine payment client, and then process it, improve the security of the payment client on the mobile terminal, and provide a safe and clean mobile payment environment for the user.
其次,获取的特征信息为名称(或者包名)和签名。在白名单中预置了能够安全完成支付类操作的移动终端支付类客户端的名称和签名,可以预先建立名称索引,通过名称索引查找到获取的名称在白名单中对应的签名,若获取的签名与白名单中查找到的签名相同,可以确定该支付类客户端为非恶意客户端;若获取的签名与白名单中查找到的签名不相同,可以确定该支付类客户端为恶意客户端或未知客户端。由于被二次打包了木马、病毒程序的支付类客户端的名称一般不变,但是签名发生了变化,因而采用该技术手段可以有效识别出被二次打包了木马、病毒程序的支付类客户端,进而对其进行处理,提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性,从而避免用户隐私、流量、话费等被窃取盗用。Second, the acquired feature information is the name (or package name) and signature. The name and signature of the payment terminal client of the mobile terminal that can securely complete the payment operation are preset in the whitelist. The name index may be pre-established, and the signature corresponding to the obtained name in the whitelist is found by the name index, and the obtained signature is obtained. The same as the signature found in the whitelist, it can be determined that the payment client is a non-malicious client; if the obtained signature is different from the signature found in the whitelist, it can be determined that the payment client is a malicious client or Unknown client. Since the name of the payment client that has been packaged by the Trojan and the virus program is generally unchanged, but the signature has changed, the technical means can effectively identify the payment client that has been packaged with the Trojan and the virus program twice. Then, it is processed to improve the security of the payment client on the mobile terminal, and to enhance the protection against malicious attacks such as viruses and Trojans, thereby avoiding theft, misappropriation, such as user privacy, traffic, and call charges.
再者,获取的特征信息还可以是包名、MD5和SHA1。在白名单中预置了能够安全完成支付类操作的移动终端支付类客户端的包名、MD5和SHA1,可以预先建立包名索引,通过包名索引查找到获取的包名在白名单中对应的MD5和SHA1。随后,通过判断获取的MD5和SHA1与白名单中查找到的MD5和SHA1是否相同来判断该支付类客户端是否为恶意客户端。即,若获取的MD5与白名单中查找到的MD5相同、且获取的SHA1与白名单中查找到的SHA1也相同,那么确定该支付类客户端为非恶意客户端。若获取的MD5与白名单中查找到的MD5相同、且获取的SHA1与白名单中查找到的SHA1不相同,那么确定该支付类客户端为恶意客户端或未知客户端。若获取的MD5与白名单中查找到的MD5不相同、且获取的SHA1与白名单中查找到的SHA1相同,那么确定该支付类客户端为恶意客户端或未知客户端。若获取的MD5与白名单中查找到的MD5不相同、且获取的SHA1与白名单中查找到的SHA1也不相同,那么确定该支付类客户端为恶意客户端或未知客户端。采用该技术手段能够有效地识别出伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序的支付类客户端,并对其进行处理,从而提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性。需要说明的是,获取的特征信息还可以是上述特征信息的一个、两个或者多个信息的任意组合,用于识别伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序 的支付类客户端,此处不再一一列举。Furthermore, the acquired feature information may also be a package name, MD5, and SHA1. In the whitelist, the package name, MD5, and SHA1 of the payment terminal of the mobile terminal that can securely complete the payment operation are preset, and the package name index can be pre-established, and the obtained package name is found in the white list through the package name index. MD5 and SHA1. Then, it is determined whether the obtained MD5 and SHA1 are the same as the MD5 and SHA1 found in the whitelist to determine whether the payment client is a malicious client. That is, if the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is the same as the SHA1 found in the whitelist, it is determined that the payment client is a non-malicious client. If the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client. If the obtained MD5 is different from the MD5 found in the whitelist, and the obtained SHA1 is the same as the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client. If the obtained MD5 is different from the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, it is determined that the payment client is a malicious client or an unknown client. The technical means can effectively identify a counterfeit client masquerading as a genuine payment client or a payment client that has been packaged with a Trojan horse and a virus program twice, and process it to improve the payment client on the mobile terminal. The security of the end enhances the protection against malicious attacks such as viruses and Trojans. It should be noted that the acquired feature information may also be any combination of one or two or more pieces of information of the foregoing feature information, and is used to identify a fake client that is pretending to be a genuine payment client or to be packaged a Trojan or a virus twice. Program The payment class client is not listed here.
此外,步骤S104中提及的白名单可以位于本端(即移动终端),也可以位于云服务器。若白名单位于云服务器时,步骤S104可以采用如下技术手段:发送查询支付类客户端是否为恶意客户端的查询请求至云服务器,其中,查询请求携带有支付类客户端的特征信息,进而由云服务器将支付类客户端的特征信息与白名单中的特征信息进行匹配,得到匹配结果,之后接收云服务器返回的匹配结果。这里,将白名单设置于云服务器可以减轻移动终端的处理压力、节约移动终端的资源,并且还可以及时对云服务器的白名单进行更新,无需在移动终端处进行更新,避免特征信息的滞后,提高对恶意客户端处理的能力。In addition, the white list mentioned in step S104 may be located at the local end (ie, the mobile terminal), or may be located at the cloud server. If the whitelist is located in the cloud server, the following technical means may be adopted: sending a query requesting the client to be a malicious client to the cloud server, wherein the query request carries the feature information of the payment client, and then the cloud server The feature information of the payment client is matched with the feature information in the whitelist to obtain a matching result, and then the matching result returned by the cloud server is received. Here, setting the whitelist to the cloud server can alleviate the processing pressure of the mobile terminal, save resources of the mobile terminal, and can also update the whitelist of the cloud server in time, without updating at the mobile terminal, and avoiding lag of the feature information. Improve the ability to handle malicious clients.
进一步地,若上述步骤S106确定了支付类客户端为恶意客户端或未知客户端,还可以根据支付类客户端的图标与预置的图标库中的图标的相似度,判断支付类客户端是恶意客户端还是非恶意客户端,实现更加准确地进行判断。可以在移动终端和云服务器进行,现进行详细说明。Further, if the foregoing step S106 determines that the payment client is a malicious client or an unknown client, the payment client may be determined to be malicious according to the similarity between the icon of the payment client and the icon in the preset icon library. The client is also a non-malicious client, enabling more accurate judgment. It can be performed on mobile terminals and cloud servers, and is now described in detail.
关于移动终端侧的方案。首先获取支付类客户端的图标,该支付类客户端为未知客户端,接着计算获取的图标与预置的图标库中的图标的相似度,并确定图标库中、相似度大于或等于预设阈值的图标。随后,根据预设的图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端。若查询到的已知支付类客户端为非恶意客户端,确定支付类客户端为非恶意客户端;若查询到的已知支付类客户端为恶意客户端,确定支付类客户端为恶意客户端。因此,基于图标相似度可以实现更加准确的判断。此外,还可以将计算的相似度以及查询到的已知支付类客户端发送至云服务器进行进一步判断。Regarding the scheme on the mobile terminal side. First, the icon of the payment client is obtained. The payment client is an unknown client, and then the similarity between the obtained icon and the icon in the preset icon library is calculated, and the similarity in the icon library is greater than or equal to a preset threshold. Icon. Then, according to the mapping relationship between the icon in the preset icon library and the known payment client, the known payment client corresponding to the determined icon is queried. If the known payment type client is a non-malicious client, the payment client is determined to be a non-malicious client; if the known payment client is a malicious client, the payment client is determined to be a malicious client. end. Therefore, a more accurate judgment can be achieved based on the icon similarity. In addition, the calculated similarity and the queried known payment class client may be sent to the cloud server for further judgment.
关于云服务器侧的方案。考虑移动终端处理能力、资源存储等限制,可以在云服务器侧进一步进行判断或验证。首先,获取支付类客户端的图标,该支付类客户端为未知客户端,接着发送查询支付类客户端是否为恶意客户端的查询请求至云服务器,其中,查询请求携带有支付类客户端的图标,之后接收云服务器返回的查询结果。若根据白名单中的特征信息判断支付类客户端为恶意客户端,而云服务器判断支付类客户端为非恶意客户端(可能的原因是该支付类客户端进行了升级,而移动终端上的白名单库没有及时进行更新),即存在误报情况,云服务器可以向移动终端发送误报信息,及时进行纠正,提高判断的准确性。此外,若在云服务器查询到支付类客户端为恶意客户端,此时,云服务器还可以向移动终端发送支付类客户端的能够安全完成支付类操作的安装包或下载地址等。进一步地,云服务器对预置的图标库进行实时更新,从而更加提高判断的准确性。About the cloud server side solution. Considering the limitations of the mobile terminal processing capability, resource storage, etc., it can be further judged or verified on the cloud server side. First, an icon of the payment client is obtained. The payment client is an unknown client, and then sends a query requesting whether the payment client is a malicious client to the cloud server, where the query request carries an icon of the payment client, and then Receive the query results returned by the cloud server. If the payment type client is determined to be a malicious client according to the feature information in the white list, and the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment. In addition, if the cloud server queries the payment client as a malicious client, the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
需要说明的是,上文提及的支付类客户端的图标可以是支付类客户端的快捷方式图标,也可以是从应用列表中获取的支付类客户端的图标。若这两种图标特征值相同,则可以选择其中一种图标,计算其与预置的图标库中的图标的相似度;若这两种图标特征值不同,则可以分别计算两种图标与预置的图标库中的图标的相似度。It should be noted that the icon of the payment type client mentioned above may be a shortcut icon of the payment type client, or may be an icon of the payment type client obtained from the application list. If the two icon feature values are the same, one of the icons may be selected to calculate the similarity with the icon in the preset icon library; if the two icon feature values are different, the two icons and the pre-calculation may be separately calculated. The similarity of the icons in the icon gallery.
在步骤S106根据匹配结果判断支付类客户端是否为恶意客户端之后,步骤S108进一步根据判断结果对支付类客户端进行处理。例如,若判断结果为支付类客户端非恶意客户端,可以提醒用户该支付类客户端为正版支付类客户端,或者当前支付 环境安全,等等。若判断结果为支付类客户端恶意客户端或未知客户端,可以提醒用户该支付类客户端为假冒支付类客户端,建议安装正版支付类客户端,或者当前支付环境危险,等等。进一步地,还可以接收来自用户的处理命令,其中,处理命令由用户根据判断结果确定,之后根据处理命令对支付类客户端进行处理。After determining, according to the matching result, whether the payment client is a malicious client, the step S108 further processes the payment client according to the determination result. For example, if the judgment result is a non-malicious client of the payment client, the user may be reminded that the payment client is a genuine payment client, or the current payment is made. Environmental safety, and more. If the judgment result is a malicious client or an unknown client of the payment client, the user may be reminded that the payment client is a fake payment client, and it is recommended to install a genuine payment client, or the current payment environment is dangerous, and the like. Further, the processing command from the user may also be received, wherein the processing command is determined by the user according to the determination result, and then the payment type client is processed according to the processing command.
相应的,图2示出了根据本发明一个实施例的云服务器侧的移动支付安全的保护方法的流程图。如图2所示,该方法至少包括以下步骤S202至步骤S210。Correspondingly, FIG. 2 shows a flow chart of a method for protecting mobile payment security on the cloud server side according to an embodiment of the present invention. As shown in FIG. 2, the method includes at least the following steps S202 to S210.
步骤S202、接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,该查询请求携带有支付类客户端的图标。Step S202: Receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client.
步骤S204、计算支付类客户端的图标与预置的图标库中的图标的相似度,确定图标库中、相似度大于或等于预设阈值的图标。Step S204: Calculate the similarity between the icon of the payment client and the icon in the preset icon library, and determine an icon in the icon library that has a similarity greater than or equal to a preset threshold.
步骤S206、根据预设的图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端。Step S206: Query the known payment type client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment type client.
步骤S208、判断已知支付类客户端是否为恶意客户端,得到判断结果。Step S208: Determine whether the known payment client is a malicious client, and obtain a judgment result.
步骤S210、将判断结果作为支付类客户端是否为恶意客户端的查询结果,并发送至移动终端。Step S210: The judgment result is used as a result of the inquiry of whether the payment client is a malicious client, and is sent to the mobile terminal.
上述步骤S210中,若已知支付类客户端为非恶意客户端,则查询结果为支付类客户端为非恶意客户端;若已知支付类客户端为恶意客户端,则查询结果为支付类客户端为恶意客户端。In the above step S210, if the payment client is a non-malicious client, the result of the query is that the payment client is a non-malicious client; if the payment client is known as a malicious client, the query result is a payment class. The client is a malicious client.
进一步地,若根据白名单中的特征信息判断支付类客户端为恶意客户端,而云服务器判断支付类客户端为非恶意客户端(可能的原因是该支付类客户端进行了升级,而移动终端上的白名单库没有及时进行更新),即存在误报情况,云服务器可以向移动终端发送误报信息,及时进行纠正,提高判断的准确性。此外,若在云服务器查询到支付类客户端为恶意客户端,此时,查询结果中还可以携带支付类客户端的能够安全完成支付类操作的安装包或下载地址等信息。进一步地,云服务器对预置的图标库进行实时更新,从而更加提高判断的准确性。Further, if the payment client is determined to be a malicious client according to the feature information in the whitelist, and the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded and moved) The whitelist library on the terminal is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment. In addition, if the cloud server queries the payment client as a malicious client, the query result may also carry information such as an installation package or a download address of the payment client that can securely perform the payment operation. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
以上介绍了图1和图2所示的实施例中各环节的多种实现方式,下面通过具体的优选实施例对本发明实施例提供的移动支付安全的保护方法做进一步说明。The various implementations of the various steps in the embodiments shown in FIG. 1 and FIG. 2 are described above. The mobile payment security protection method provided by the embodiment of the present invention is further described below through a specific preferred embodiment.
实施例一Embodiment 1
图3示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的另一种流程图。该实施例中,利用图标的相似度对假冒了正版支付类客户端的名称、并对正版支付类客户端的图标进行高度仿真的假冒客户端进行有效识别,并对其进行及时处理。如图3所示,该方法包括以下步骤S302至步骤S316。FIG. 3 illustrates another flow chart of a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention. In this embodiment, the similarity of the icon is used to effectively identify the counterfeit client that fakes the name of the genuine payment client and highly simulates the icon of the genuine payment client, and processes it in time. As shown in FIG. 3, the method includes the following steps S302 to S316.
步骤S302、监测到启动移动终端支付类客户端的事件时,获取支付类客户端的名称和图标。Step S302: When the event of starting the payment client of the mobile terminal is detected, the name and icon of the payment client are obtained.
步骤S304、通过预先建立的名称索引查找到获取的名称在白名单中对应的图标。Step S304: Find, by using a pre-established name index, an icon corresponding to the obtained name in the white list.
步骤S306、计算获取的图标与白名单中查找到的图标的相似度。Step S306: Calculate the similarity between the obtained icon and the icon found in the white list.
步骤S308、判断步骤S306计算的相似度是否大于或等于预设阈值,若是,则继续执行步骤S310;否则,继续执行步骤S312。 Step S308, determining whether the similarity calculated in step S306 is greater than or equal to a preset threshold, and if yes, proceeding to step S310; otherwise, proceeding to step S312.
步骤S310、确定该支付类客户端为非恶意客户端,继续执行步骤S314。Step S310: Determine that the payment client is a non-malicious client, and continue to step S314.
步骤S312、确定该支付类客户端为恶意客户端或未知客户端,继续执行步骤S316。Step S312: Determine that the payment client is a malicious client or an unknown client, and continue to step S316.
步骤S306至步骤S312中,若白名单中查找到的图标有10个,那么首先计算获取的图标与其中一个图标的相似度,若相似度大于或等于预设阈值(如99.5%),可以确定该支付类客户端为非恶意客户端;反之,则继续计算获取的图标与下一个图标的相似度。若获取的图标与预置的白名单中的10个图标的相似度均小于预设阈值,那么可以确定支付类客户端为恶意客户端或未知客户端。In step S306 to step S312, if there are 10 icons found in the white list, first calculate the similarity between the obtained icon and one of the icons, and if the similarity is greater than or equal to a preset threshold (such as 99.5%), it may be determined. The payment client is a non-malicious client; otherwise, it continues to calculate the similarity between the acquired icon and the next icon. If the similarity between the obtained icon and the 10 icons in the preset whitelist is less than a preset threshold, it may be determined that the payment client is a malicious client or an unknown client.
步骤S314、不进行处理,并提醒用户该支付类客户端为正版支付类客户端,可以进行支付操作。Step S314: No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
步骤S316、删除该支付类客户端,并提醒用户安装正版支付类客户端。Step S316, deleting the payment type client, and reminding the user to install the genuine payment type client.
实施例一中,伪装成正版支付类客户端的假冒客户端假冒了正版支付类客户端的名称,并对正版支付类客户端的图标进行高度仿真,让用户很难分辨,导致用户的使用支付类客户端时泄漏隐私信息,造成严重的经济损失。采用该技术手段能够有效识别出伪装成正版支付类客户端的假冒客户端,进而对其进行处理,提高移动终端上的支付类客户端的安全性,为用户提供一个安全、干净的移动支付环境。In the first embodiment, the fake client pretending to be a genuine payment client counterfeits the name of the genuine payment client, and highly simulates the icon of the genuine payment client, so that the user is difficult to distinguish, and the user uses the payment client. When leaking private information, it causes serious economic losses. The technical means can effectively identify the fake client masquerading as a genuine payment client, and then process it, improve the security of the payment client on the mobile terminal, and provide a safe and clean mobile payment environment for the user.
实施例二Embodiment 2
图4示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护方法的第三种流程图。该实施例中,利用签名信息对名称不变、签名变化的且被二次打包了木马、病毒程序的支付类客户端进行有效识别,并对其进行及时处理。如图4所示,该方法包括以下步骤S402至步骤S414。FIG. 4 shows a third flow chart of a method for protecting mobile payment security on the mobile terminal side according to an embodiment of the present invention. In this embodiment, the payment information client whose name is unchanged, the signature is changed, and the Trojan horse and the virus program are packaged twice is effectively identified by using the signature information, and is processed in time. As shown in FIG. 4, the method includes the following steps S402 to S414.
步骤S402、监测到安装移动终端支付类客户端的事件时,获取支付类客户端的名称和签名。Step S402: When the event of installing the mobile terminal payment class client is monitored, the name and signature of the payment class client are obtained.
步骤S404、通过预先建立的名称索引查找到获取的名称在白名单中对应的签名。Step S404: Search for a signature corresponding to the obtained name in the whitelist by using a pre-established name index.
步骤S406、判断获取的签名与白名单中查找到的签名是否相同,若是,则继续执行步骤S408;否则,继续执行步骤S410。Step S406, determining whether the acquired signature is the same as the signature found in the whitelist, and if yes, proceeding to step S408; otherwise, proceeding to step S410.
步骤S408、确定该支付类客户端为非恶意客户端,继续执行步骤S412。Step S408: Determine that the payment client is a non-malicious client, and continue to step S412.
步骤S410、确定该支付类客户端为恶意客户端或未知客户端,继续执行步骤S414。Step S410: Determine that the payment client is a malicious client or an unknown client, and continue to step S414.
步骤S412、不进行处理,并提醒用户该支付类客户端为正版支付类客户端,可以进行支付操作。Step S412: No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
步骤S414、删除该支付类客户端,并提醒用户安装正版支付类客户端。Step S414, deleting the payment type client, and reminding the user to install the genuine payment type client.
实施例二中,由于被二次打包了木马、病毒程序的支付类客户端的名称一般不变,但是签名发生了变化,因而采用该技术手段可以有效识别出被二次打包了木马、病毒程序的支付类客户端,进而对其进行处理,提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性,从而避免用户隐私、流量、话费等被窃取盗用。In the second embodiment, since the name of the payment client that has been packaged by the Trojan and the virus program is generally unchanged, but the signature has changed, the technical means can be used to effectively identify the Trojan horse and the virus program. The payment client is processed to improve the security of the payment client on the mobile terminal, and the protection against malicious attacks such as viruses and Trojans is enhanced, thereby preventing theft, misappropriation and the like of user privacy, traffic, and call charges.
实施例三 Embodiment 3
图5示出了根据本发明一个实施例的结合移动终端和云服务器的移动支付安全的保护方法的一种流程图。如5所示,该方法包括以下步骤S502至步骤S518。FIG. 5 illustrates a flow chart of a method of securing mobile payment security in conjunction with a mobile terminal and a cloud server, in accordance with one embodiment of the present invention. As shown in FIG. 5, the method includes the following steps S502 to S518.
步骤S502、监测到启动移动终端支付类客户端的事件时,获取支付类客户端的包名、MD5和SHA1。Step S502: When the event of starting the payment client of the mobile terminal is detected, the package name, MD5, and SHA1 of the payment client are obtained.
步骤S504、发送查询支付类客户端是否为恶意客户端的查询请求至云服务器,其中,查询请求携带有支付类客户端的包名、MD5和SHA1。Step S504: Send a query requesting whether the payment type client is a malicious client to the cloud server, where the query request carries the package name, MD5, and SHA1 of the payment client.
步骤S506、云服务器接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,该查询请求携带有支付类客户端的包名、MD5和SHA1。Step S506: The cloud server receives, from the mobile terminal, a query request for querying whether the payment terminal client of the mobile terminal is a malicious client, and the query request carries the package name, MD5, and SHA1 of the payment client.
步骤S508、云服务器通过预先建立的包名索引查找到获取的包名在白名单中对应的MD5和SHA1。Step S508: The cloud server searches for the MD5 and SHA1 corresponding to the obtained package name in the whitelist by using the pre-established package name index.
步骤S510、云服务器判断获取的MD5和SHA1与白名单中查找到的MD5和SHA1是否相同,若获取的MD5与白名单中查找到的MD5相同、且获取的SHA1与白名单中查找到的SHA1也相同,则继续执行步骤S512;若获取的MD5与白名单中查找到的MD5相同、且获取的SHA1与白名单中查找到的SHA1不相同,则继续执行步骤S514;若获取的MD5与白名单中查找到的MD5不相同、且获取的SHA1与白名单中查找到的SHA1相同,则继续执行步骤S514;若获取的MD5与白名单中查找到的MD5不相同、且获取的SHA1与白名单中查找到的SHA1也不相同,则继续执行步骤S514。In step S510, the cloud server determines whether the acquired MD5 and SHA1 are the same as the MD5 and SHA1 found in the whitelist. If the obtained MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 and the SHA1 found in the whitelist are obtained, If yes, proceed to step S512; if the acquired MD5 is the same as the MD5 found in the whitelist, and the obtained SHA1 is different from the SHA1 found in the whitelist, proceed to step S514; if the acquired MD5 and white The MD5s found in the list are different, and the obtained SHA1 is the same as the SHA1 found in the whitelist. Then, the process proceeds to step S514; if the obtained MD5 is different from the MD5 found in the whitelist, and the acquired SHA1 and white are obtained. If the SHA1 found in the list is also different, step S514 is continued.
步骤S512、确定该支付类客户端为非恶意客户端,并发送至移动终端,继续执行步骤S516。In step S512, the payment client is determined to be a non-malicious client, and sent to the mobile terminal, and the process proceeds to step S516.
步骤S514、确定该支付类客户端为恶意客户端或未知客户端,并发送至移动终端,继续执行步骤S518。Step S514: Determine that the payment client is a malicious client or an unknown client, and send the message to the mobile terminal, and continue to step S518.
步骤S516、不进行处理,并提醒用户该支付类客户端为正版支付类客户端,可以进行支付操作。Step S516: No processing is performed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed.
步骤S518、删除该支付类客户端,并提醒用户安装正版支付类客户端。Step S518, deleting the payment type client, and reminding the user to install the genuine payment type client.
实施例三中,结合移动终端和云服务器,并利用特征信息灵活、有效地识别出伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序的支付类客户端,并对其进行及时处理。In the third embodiment, the mobile terminal and the cloud server are combined, and the feature information is used to flexibly and effectively identify a fake client that is pretending to be a genuine payment client or a payment client that is packaged with a Trojan or a virus program twice, and It is processed in a timely manner.
实施例四Embodiment 4
图6示出了根据本发明一个实施例的结合移动终端和云服务器的移动支付安全的保护方法的另一种流程图。该实施例中,若上文实施例一至实施例三确定支付类客户端为恶意客户端或未知客户端,此时,可以基于支付类客户端的图标与预置的图标库中的图标的相似度进一步判断。如6所示,该方法包括以下步骤S602至步骤S614。FIG. 6 illustrates another flow chart of a method of securing mobile payment security in conjunction with a mobile terminal and a cloud server, in accordance with one embodiment of the present invention. In this embodiment, if the payment client is a malicious client or an unknown client, the similarity between the icon of the payment client and the icon in the preset icon library may be used. Further judgment. As shown in 6, the method includes the following steps S602 to S614.
步骤S602、移动终端获取支付类客户端的图标。Step S602: The mobile terminal acquires an icon of the payment type client.
步骤S604、发送查询支付类客户端是否为恶意客户端的查询请求至云服务器,其中,查询请求携带有支付类客户端的图标。Step S604: Send a query requesting whether the payment type client is a malicious client's query request to the cloud server, where the query request carries an icon of the payment type client.
步骤S606、接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,查询请求携带有支付类客户端的图标。 Step S606: Receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client.
步骤S608、云服务器计算支付类客户端的图标与预置的图标库中的图标的相似度,确定图标库中、相似度大于或等于预设阈值的图标。Step S608: The cloud server calculates the similarity between the icon of the payment class client and the icon in the preset icon library, and determines an icon in the icon library that has a similarity greater than or equal to a preset threshold.
步骤S610、云服务器根据预设的图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端。Step S610: The cloud server queries the known payment client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment client.
步骤S612、判断已知支付类客户端是否为恶意客户端,得到判断结果。Step S612: Determine whether the known payment client is a malicious client, and obtain a judgment result.
步骤S614、将判断结果作为支付类客户端是否为恶意客户端的查询结果,并发送至移动终端。Step S614: The judgment result is used as a result of the inquiry of whether the payment client is a malicious client, and is sent to the mobile terminal.
在该步骤中,若已知支付类客户端为非恶意客户端,则查询结果为支付类客户端为非恶意客户端;若已知支付类客户端为恶意客户端,则查询结果为支付类客户端为恶意客户端。进一步地,若支付类客户端为非恶意客户端,则不进行处理,并提醒用户该支付类客户端为正版支付类客户端,可以进行支付操作。若支付类客户端为恶意客户端,则删除该支付类客户端,并提醒用户安装正版支付类客户端。In this step, if the payment client is known as a non-malicious client, the result of the query is that the payment client is a non-malicious client; if the payment client is known as a malicious client, the query result is a payment class. The client is a malicious client. Further, if the payment client is a non-malicious client, the process is not processed, and the user is reminded that the payment client is a genuine payment client, and the payment operation can be performed. If the payment client is a malicious client, the payment client is deleted, and the user is prompted to install a genuine payment client.
若根据白名单中的特征信息判断支付类客户端为恶意客户端,而云服务器判断支付类客户端为非恶意客户端(可能的原因是该支付类客户端进行了升级,而移动终端上的白名单库没有及时进行更新),即存在误报情况,云服务器可以向移动终端发送误报信息,及时进行纠正,提高判断的准确性。此外,若在云服务器查询到支付类客户端为恶意客户端,此时,云服务器还可以向移动终端发送支付类客户端的能够安全完成支付类操作的安装包或下载地址等。进一步地,云服务器对预置的图标库进行实时更新,从而更加提高判断的准确性。If the payment type client is determined to be a malicious client according to the feature information in the white list, and the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment. In addition, if the cloud server queries the payment client as a malicious client, the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
需要说明的是,实际应用中,上述所有可选实施方式可以采用结合的方式任意组合,形成本发明的可选实施例,在此不再一一赘述。It should be noted that, in an actual application, all the foregoing optional embodiments may be combined in any combination to form an optional embodiment of the present invention, and details are not described herein again.
基于同一发明构思,本发明实施例还提供了一种移动支付安全的保护装置,以实现上述移动支付安全的保护方法。Based on the same inventive concept, the embodiment of the present invention further provides a mobile payment security protection device to implement the above mobile payment security protection method.
图7示出了根据本发明一个实施例的移动终端侧的移动支付安全的保护装置的结构示意图。参见图7,该装置至少包括:获取模块710、匹配模块720、第一判断模块730以及处理模块740。FIG. 7 is a schematic structural diagram of a mobile payment security protection apparatus on a mobile terminal side according to an embodiment of the present invention. Referring to FIG. 7, the apparatus at least includes: an obtaining module 710, a matching module 720, a first determining module 730, and a processing module 740.
现介绍本发明实施例的移动支付安全的保护装置的各组成或器件的功能以及各部分间的连接关系:The functions of the components or devices of the mobile payment security protection device and the connection relationship between the components of the mobile payment security protection device of the embodiment of the present invention are now introduced:
获取模块710,配置为监测到移动终端支付类客户端的触发事件时,获取支付类客户端的特征信息,其中,特征信息指支付类客户端的唯一身份标识信息;The obtaining module 710 is configured to: when the triggering event of the payment terminal of the mobile terminal is monitored, obtain the feature information of the payment class client, where the feature information refers to the unique identity information of the payment class client;
匹配模块720,与获取模块710相耦合,配置为将获取的特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息;The matching module 720 is coupled to the acquiring module 710, and configured to match the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes a mobile terminal capable of performing payment operation securely. Characteristic information of the payment class client;
第一判断模块730,与匹配模块720相耦合,配置为根据匹配结果判断支付类客户端是否为恶意客户端;The first determining module 730 is coupled to the matching module 720, and configured to determine, according to the matching result, whether the payment client is a malicious client;
处理模块740,与第一判断模块730相耦合,配置为根据判断结果对支付类客户端进行处理。The processing module 740 is coupled to the first determining module 730 and configured to process the payment client according to the determination result.
在本发明的一个实施例中,特征信息可以包括以下至少之一:名称、图标、包名、签名、版本信息、消息摘要算法MD5、安全哈希算法SHA1、文件大小、文件 修改时间、文件创建时间。In an embodiment of the present invention, the feature information may include at least one of the following: name, icon, package name, signature, version information, message digest algorithm MD5, secure hash algorithm SHA1, file size, file Modify time, file creation time.
在本发明的一个实施例中,第一判断模块730还可以配置为:若获取的特征信息存在于白名单中,确定支付类客户端为非恶意客户端;若获取的特征信息未存在于白名单中,确定支付类客户端为恶意客户端或未知客户端。In an embodiment of the present invention, the first determining module 730 may be further configured to: if the acquired feature information exists in the whitelist, determine that the payment client is a non-malicious client; if the acquired feature information does not exist in the white In the list, determine that the payment class client is a malicious client or an unknown client.
在本发明的一个实施例中,上述图7展示的装置还可以包括第二判断模块750,与第一判断模块730相耦合,配置为:获取支付类客户端的图标,其中,支付类客户端为未知客户端;计算获取的图标与预置的图标库中的图标的相似度;确定图标库中、相似度大于或等于预设阈值的图标;根据预设的图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;若查询到的已知支付类客户端为非恶意客户端,确定支付类客户端为非恶意客户端;若查询到的已知支付类客户端为恶意客户端,确定支付类客户端为恶意客户端。In an embodiment of the present invention, the device shown in FIG. 7 may further include a second determining module 750, coupled to the first determining module 730, configured to: obtain an icon of a payment client, where the payment client is An unknown client; calculating the similarity between the acquired icon and the icon in the preset icon library; determining an icon in the icon library with a similarity greater than or equal to a preset threshold; according to the icon in the preset icon library and the known payment The mapping relationship between the class clients, the known payment type client corresponding to the icon determined by the query; if the known payment type client is a non-malicious client, the payment client is determined to be a non-malicious client; The known payment client is a malicious client, and the payment client is determined to be a malicious client.
在本发明的一个实施例中,第二判断模块750还可以配置为:获取支付类客户端的图标,其中,支付类客户端为未知客户端;发送查询支付类客户端是否为恶意客户端的查询请求至云服务器,其中,查询请求携带有支付类客户端的图标;接收云服务器返回的查询结果。In an embodiment of the present invention, the second determining module 750 may be further configured to: obtain an icon of the payment type client, where the payment type client is an unknown client; and send a query requesting whether the payment type client is a malicious client. To the cloud server, wherein the query request carries an icon of the payment type client; and receives the query result returned by the cloud server.
在本发明的一个实施例中,获取的图标包括支付类客户端的快捷方式图标和/或从应用列表中获取的支付类客户端的图标。In one embodiment of the invention, the acquired icon includes a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
在本发明的一个实施例中,第二判断模块750还可以配置为:将获取的图标与预置的图标库中的图标缩放至相同的尺寸;通过比较缩放后的获取的图标与预置的图标库中的图标对应位置的像素,得到相似度。In an embodiment of the present invention, the second determining module 750 is further configured to: zoom the acquired icon and the icon in the preset icon library to the same size; by comparing the zoomed acquired icon with the preset The icon in the icon library corresponds to the pixel of the position, and the similarity is obtained.
在本发明的一个实施例中,支付类客户端的触发事件包括下列至少之一:In an embodiment of the invention, the triggering event of the payment class client includes at least one of the following:
安装支付类客户端;Install a payment class client;
启动支付类客户端;Start the payment class client;
扫描支付类客户端;Scan the payment class client;
更新支付类客户端。Update the payment class client.
相应的,图8示出了根据本发明一个实施例的云服务器的结构示意图。参见图8,该云服务器至少包括:请求接收模块810、计算模块820、查询模块830、第三判断模块840、以及发送模块850。Correspondingly, FIG. 8 shows a schematic structural diagram of a cloud server according to an embodiment of the present invention. Referring to FIG. 8 , the cloud server includes at least a request receiving module 810, a computing module 820, a query module 830, a third determining module 840, and a sending module 850.
现介绍本发明实施例的云服务器的各组成或器件的功能以及各部分间的连接关系:The functions of the components or devices of the cloud server and the connection relationship between the components of the cloud server according to the embodiment of the present invention are introduced:
请求接收模块810,配置为接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,查询请求携带有支付类客户端的图标;The request receiving module 810 is configured to receive, from the mobile terminal, a query request for querying whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client;
计算模块820,与请求接收模块810相耦合,配置为计算支付类客户端的图标与预置的图标库中的图标的相似度,确定图标库中、相似度大于或等于预设阈值的图标;The computing module 820 is coupled to the request receiving module 810, configured to calculate a similarity between the icon of the payment client and the icon in the preset icon library, and determine an icon in the icon library that has a similarity greater than or equal to a preset threshold;
查询模块830,与计算模块820相耦合,配置为根据预设的图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;The query module 830 is coupled to the computing module 820, and configured to query the known payment client corresponding to the determined icon according to the mapping relationship between the icon in the preset icon library and the known payment client;
第三判断模块840,与查询模块830相耦合,配置为判断已知支付类客户端是否为恶意客户端,得到判断结果; The third determining module 840 is coupled to the query module 830, and configured to determine whether the known payment client is a malicious client, and obtain a determination result;
发送模块850,与第三判断模块840相耦合,配置为将判断结果作为支付类客户端是否为恶意客户端的查询结果,并发送至移动终端。The sending module 850 is coupled to the third determining module 840, and configured to use the result of the determination as a result of the query of the payment client as a malicious client, and send the result to the mobile terminal.
在本发明的一个实施例中,发送模块850还可以配置为:若已知支付类客户端为非恶意客户端,查询结果为支付类客户端为非恶意客户端;若已知支付类客户端为恶意客户端,查询结果为支付类客户端为恶意客户端。In an embodiment of the present invention, the sending module 850 may be further configured to: if the payment client is known as a non-malicious client, the query result is that the payment client is a non-malicious client; if the payment client is known For a malicious client, the result of the query is that the payment client is a malicious client.
在本发明的一个实施例中,支付类客户端的图标包括支付类客户端的快捷方式图标和/或从应用列表中获取的支付类客户端的图标。In one embodiment of the invention, the icon of the payment class client includes a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
在本发明的一个实施例中,查询结果中携带的信息包括下列至少之一:In an embodiment of the present invention, the information carried in the query result includes at least one of the following:
支付类客户端的能够安全完成支付类操作的安装包;An installation package for a payment client that can securely perform payment class operations;
支付类客户端的能够安全完成支付类操作的下载地址。The download address of the payment client that can securely complete the payment class operation.
根据上述任意一个优选实施例或多个优选实施例的组合,本发明实施例能够达到如下有益效果:According to any one of the preferred embodiments or the combination of the preferred embodiments, the embodiment of the present invention can achieve the following beneficial effects:
本发明实施例中,在监测到移动终端支付类客户端的触发事件时,获取支付类客户端的特征信息,并将获取的特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果。随后,根据匹配结果判断支付类客户端是否为恶意客户端,进而根据判断结果对支付类客户端进行处理。由于特征信息为支付类客户端的唯一身份标识信息,伪装成支付类客户端的假冒客户端仅仅是界面相似,但是身份标识不能复制,而二次打包木马、病毒程序的支付类客户端,因客户端本身的信息发生改变,身份标识也必然相应改变,与原支付类客户端的唯一身份标识信息不同,因而利用特征信息可以灵活、有效地识别出伪装成正版支付类客户端的假冒客户端或者被二次打包了木马、病毒程序的支付类客户端。在鉴别特征信息之后,能够确认当前所使用的支付类客户端是否为恶意客户端并根据判断结果对其进行及时处理。若确定恶意客户端,可以停止支付类操作,还可以举报投诉,尽量减少用户的损失。因此,采用本发明实施例提供的技术方案,能够提高移动终端上的支付类客户端的安全性,增强对于病毒、木马等恶意攻击的防护性,从而为用户提供一个安全、干净的移动支付环境。In the embodiment of the present invention, when the trigger event of the payment client of the mobile terminal is detected, the feature information of the payment client is obtained, and the acquired feature information is matched with the feature information in the preset whitelist to obtain a matching result. Then, according to the matching result, it is determined whether the payment client is a malicious client, and then the payment client is processed according to the judgment result. Since the feature information is the unique identity information of the payment client, the fake client masquerading as the payment client is only similar in interface, but the identity cannot be copied, and the payment client of the second packaged Trojan and virus program is due to the client. The information itself changes, and the identity identifier must change accordingly. It is different from the unique identity information of the original payment client. Therefore, the feature information can be used to flexibly and effectively identify the fake client that is disguised as a genuine payment client or twice. A payment class client packaged with Trojans and virus programs. After the feature information is authenticated, it can be confirmed whether the currently used payment client is a malicious client and timely processed according to the judgment result. If you identify a malicious client, you can stop the payment class operation, and you can also report the complaint and minimize the user's loss. Therefore, the technical solution provided by the embodiment of the present invention can improve the security of the payment client on the mobile terminal, enhance the protection against malicious attacks such as viruses and Trojans, and provide a safe and clean mobile payment environment for the user.
进一步地,还可以在移动终端和云服务器根据支付类客户端的图标与预置的图标库中的图标的相似度,判断支付类客户端是恶意客户端还是非恶意客户端,实现更加准确地进行判断。若根据白名单中的特征信息判断支付类客户端为恶意客户端,而云服务器判断支付类客户端为非恶意客户端(可能的原因是该支付类客户端进行了升级,而移动终端上的白名单库没有及时进行更新),即存在误报情况,云服务器可以向移动终端发送误报信息,及时进行纠正,提高判断的准确性。此外,若在云服务器查询到支付类客户端为恶意客户端,此时,云服务器还可以向移动终端发送支付类客户端的能够安全完成支付类操作的安装包或下载地址等。进一步地,云服务器对预置的图标库进行实时更新,从而更加提高判断的准确性。Further, the mobile terminal and the cloud server may determine whether the payment client is a malicious client or a non-malicious client according to the similarity between the icon of the payment client and the icon in the preset icon library, so as to achieve more accurate implementation. Judge. If the payment type client is determined to be a malicious client according to the feature information in the white list, and the cloud server determines that the payment client is a non-malicious client (the possible reason is that the payment client is upgraded, and the mobile terminal is The whitelist library is not updated in time), that is, there is a false positive situation, and the cloud server can send the false alarm information to the mobile terminal, correct it in time, and improve the accuracy of the judgment. In addition, if the cloud server queries the payment client as a malicious client, the cloud server may also send an installation package or a download address of the payment client that can securely complete the payment operation to the mobile terminal. Further, the cloud server updates the preset icon library in real time, thereby further improving the accuracy of the judgment.
进一步地,根据本发明实施例,还提供一种移动终端的安全支付方法及装置。Further, according to an embodiment of the present invention, a secure payment method and apparatus for a mobile terminal are also provided.
本发明实施例提供了一种移动终端的安全支付方法,应用于移动终端。图9示出了根据本发明一个实施例的移动终端的安全支付方法的处理流程图。参见图9,该流程至少包括步骤S902至步骤S906。 The embodiment of the invention provides a secure payment method for a mobile terminal, which is applied to a mobile terminal. FIG. 9 is a flowchart showing the processing of a secure payment method of a mobile terminal according to an embodiment of the present invention. Referring to FIG. 9, the flow includes at least steps S902 to S906.
步骤S902中,当监测到安装于移动终端的支付类客户端启动时,获取支付类客户端的身份标识信息。本发明实施例中,支付类客户端的身份标识信息可以是任意能够对支付类客户端进行身份确认的信息,例如,支付类客户端的包名信息、支付类客户端的版本信息和/或支付类客户端的签名信息。其中,所述支付类客户端为安装在移动终端的支付类软件。In step S902, when it is detected that the payment type client installed in the mobile terminal is started, the identity identification information of the payment type client is acquired. In the embodiment of the present invention, the identity information of the payment client may be any information that can identify the identity of the payment client, for example, the package name information of the payment client, the version information of the payment client, and/or the payment client. The signature information of the end. The payment type client is a payment type software installed on the mobile terminal.
获取到支付类客户端的身份标识信息之后,执行步骤S904,根据支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证,并在确定支付类客户端安全性通过验证之后,利用支付类客户端执行支付操作(即步骤S906)。After obtaining the identity information of the payment client, step S904 is performed to determine whether the security of the payment client is verified according to the identity information of the payment client, and after the security of the payment client is verified, the payment class is used. The client performs a payment operation (ie, step S906).
依据本发明实施例,能够在监测到支付类客户端启动时,获取通过检测的支付类客户端的身份标识信息,并根据获取到的身份标识信息确定支付类客户端的安全性是否通过验证。现有技术中,用户无法判断使用的支付类客户端的安全性是否通过验证,因此,无法保证使用支付类客户端时隐私信息不被泄露以及财产不受到损失。而本发明实施例能够在监测到支付类客户端启动时,获取支付类客户端的身份标识信息,并根据获取到的支付类客户端的身份标识信息对支付类客户端进行安全性验证,当确定支付类客户端通过安全性验证之后,利用支付类客户端执行支付操作。因此,依据本发明实施例能够解决现有技术中不能够对支付类客户端进行安全性验证的问题,达到了避免用户使用盗取用户隐私信息的虚假支付类客户端的有益效果,进而能够合理有效避免用户隐私信息的泄露,以及保护用户财产的安全。According to the embodiment of the present invention, when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information. In the prior art, the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used. The embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation. Therefore, according to the embodiment of the present invention, the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
上文提及,本发明实施例中,通过获取到支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证。另外,本发明实施例还可以优选在对支付类客户端进行下载和/或支付类客户端启动时,根据预设规则对支付类客户端和/或支付类客户端的运行环境进行检测。As mentioned above, in the embodiment of the present invention, it is determined whether the security of the payment client is verified by obtaining the identity information of the payment client. In addition, the embodiment of the present invention may also preferably detect the running environment of the payment client and/or the payment client according to a preset rule when the payment client is downloaded and/or the payment client is started.
具体地,在对支付类客户端的运行或者下载环境进行检测时,由于用户下载支付类客户端或者启动支付类客户端时,使用的网络(如无线网络wifi)可能为公共场所的网络,安全性较低。并且,在使用如公共场所的网络等安全性较低的网络下载或者运行支付类客户端时,不法分子容易对本地域名系统(Domain Name System,以下简称DNS)进行篡改,导致下载的支付类客户端为钓鱼支付类客户端(如伪装为常用支付类客户端以非法获取用户信息的支付类客户端),或者导致启动支付类客户端时,由于本地DNS已被非法篡改,用户实际输入信息的界面可能是本地DNS遭到篡改之后窃取用户信息的界面。Specifically, when detecting the running or downloading environment of the payment client, when the user downloads the payment client or starts the payment client, the network used (such as wireless network wifi) may be a public place network, security. Lower. Moreover, when downloading or running a payment client using a less secure network such as a public place network, the criminals can easily tamper with the local domain name system (DNS), resulting in the downloaded payment client. The end is a phishing payment client (such as a payment client masquerading as a common payment client to illegally obtain user information), or when the payment client is started, since the local DNS has been illegally tampered with, the user actually inputs the information. The interface may be an interface that steals user information after the local DNS has been tampered with.
因此,在对支付类客户端的运行或者下载环境进行检测时,本发明实施例优选检测使用的网络的安全性。若检测到网络为存在安全性隐患的网络,则提示用户使用当前网络下载或者运行支付类客户端存在风险。若用户选择继续使用当前网络或者确定网络的安全性通过检测之后,检测本地DNS是否被改动。若确定本地DNS被改动,则提示用户,本地DNS被改动,并询问用户是否将本地DNS改为安全的DNS。其中,安全的DNS可以是已经经过安全认证的服务器,可以是选择多个具有电信运营商资质的域名解析服务器。如从用户访问量巨大(如用户访问量超过4亿)的域名中选取的网购类网站域名、游戏类网站域名、社交类网站域名等。询问用户是否将本地DNS改为安全DNS之后,若根据用户输入的选择指令或根据任意接收 到的用户的触发操作确定对DNS进行修改,则将被改动的DNS改为安全的DNS。若用户选择不对DNS进行改动或者确定本地DNS未被改动,则执行下一操作。Therefore, in detecting the operation or download environment of the payment client, the embodiment of the present invention preferably detects the security of the network used. If the network is detected as a network with security risks, the user is prompted to use the current network to download or run the payment client. If the user chooses to continue using the current network or determines the security of the network after detecting, it is detected whether the local DNS has been changed. If it is determined that the local DNS has been changed, the user is prompted, the local DNS is changed, and the user is asked whether to change the local DNS to a secure DNS. The secure DNS may be a server that has been authenticated by security, and may be a plurality of domain name resolution servers having the qualification of a telecom operator. For example, the domain name of the online shopping website, the domain name of the game website, and the domain name of the social network website are selected from the domain names with a large number of user visits (such as a user access volume exceeding 400 million). Ask the user whether to change the local DNS to a secure DNS, according to the user's input selection command or according to any reception When the triggered operation of the user determines to modify the DNS, the changed DNS is changed to a secure DNS. If the user chooses not to change the DNS or determines that the local DNS has not been changed, the next operation is performed.
上文介绍了本发明实施例中对支付类客户端的运行或者下载环境进行检测的过程,而在对支付类客户端进行检测时,本发明实施例优选对支付类客户端进行病毒扫描操作。例如,调用QihooAppManager类的setPreInstallListener( )接口注册监听器。当通过注册的监听器接收到用户的指令,需要对支付类客户端进行下载或者安装或者运行时,本发明实施例并不直接执行相应的操作,而是首先对支付类客户端进行病毒扫描,然后调用resumeOrAbortInstall( )接口来决定是否继续下载或者安装或者继续运行该支付类客户端。The foregoing describes the process of detecting the running or downloading environment of the payment client in the embodiment of the present invention. When detecting the payment client, the embodiment of the present invention preferably performs a virus scanning operation on the payment client. For example, call the setPreInstallListener( ) interface of the QihooAppManager class to register the listener. When receiving the user's instruction through the registered listener and downloading or installing or running the payment client, the embodiment of the present invention does not directly perform the corresponding operation, but first performs a virus scan on the payment client. Then call the resumeOrAbortInstall() interface to decide whether to continue downloading or installing or continuing to run the payment class client.
另外,在对支付类客户端进行扫描操作时,本发明实施例可以根据移动终端本地的病毒库对支付类客户端进行病毒扫描操作,可以根据云服务器的病毒库对支付类客户端进行病毒扫描操作,还可以优选根据本地的病毒库,结合云服务器的病毒库,对支付类客户端进行更加全面的病毒扫描操作。In addition, when scanning the payment client, the embodiment of the present invention may perform a virus scanning operation on the payment client according to the virus database local to the mobile terminal, and may perform virus scanning on the payment client according to the virus database of the cloud server. The operation may also be based on a local virus database combined with a virus database of the cloud server to perform a more comprehensive virus scanning operation on the payment client.
在对支付类客户端和/或支付类客户端的运行环境进行检测之后,若支付类客户端未通过检测,则确定支付类客户端为安全性未通过验证的支付类客户端。对于通过检测的支付类客户端,如本地DNS未被改动并且支付类客户端中不存在病毒的支付类客户端,获取支付类客户端的身份标识信息,并根据支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证。After detecting the running environment of the payment client and/or the payment client, if the payment client fails the detection, the payment client is determined to be a payment-type client whose security is not verified. For the payment type client that is detected, such as the payment type client whose local DNS is not changed and the virus is not present in the payment type client, obtain the identity information of the payment type client, and determine the payment according to the identity information of the payment type client. Whether the class client security is verified.
优选地,本发明实施例中,可以在移动终端本地和/或云服务器中设置预先定义的安全识别库。其中,该预先定义的安全识别库中存储有支付类客户端的身份标识信息。即预先定义的安全识别库为存储有支付类客户端的身份标识信息的数据库,因此,下文将该安全识别库简称为数据库。另外,本发明实施例中,根据对已知的支付类客户端安全性的确定对存储于数据库的支付类客户端的身份标识信息进行分类。例如,数据库中存储有支付类客户端的白名单(即安全性通过验证的支付类客户端的名单),以及支付类客户端的黑名单(即安全性未通过验证的支付类客户端的名单)。进一步地,在数据库的白名单以及黑名单中存储有各个支付类客户端的身份标识信息。例如,在数据库中,支付类客户端A存在于白名单中,则白名单中还存储有支付类客户端A的身份识别信息。Preferably, in the embodiment of the present invention, a predefined security identification library may be set in the mobile terminal local and/or cloud server. The pre-defined security identification library stores identity information of the payment client. That is, the predefined security identification library is a database in which the identity identification information of the payment type client is stored. Therefore, the security identification library is simply referred to as a database below. In addition, in the embodiment of the present invention, the identity identification information of the payment type client stored in the database is classified according to the determination of the security of the known payment type client. For example, the database stores a whitelist of payment-type clients (ie, a list of security-certified payment-type clients), and a blacklist of payment-type clients (ie, a list of payment-type clients whose security is not verified). Further, the identity information of each payment class client is stored in the whitelist and the blacklist of the database. For example, in the database, the payment client A exists in the white list, and the identification information of the payment client A is also stored in the white list.
本发明实施例中,支付类客户端的身份标识信息可以包括以下中的一种或几种组合:支付类客户端的包名,版本号,开发者签名。另外,支付类客户端的身份标识信息还可以包括支付类客户端的特征数据,根据该特征数据,本发明实施例能够对安全性未知的支付类客户端进行安全性验证。其中,支付类客户端的特征数据包括上文介绍的支付类客户端的身份标识信息,还可以包括支付类客户端的组件广播接收器(receiver)的特征,支付类客户端的服务(service)的特征,支付类客户端的组件活动(activity)的特征,可执行文件中的指令或字符串,支付类客户端的安装包目录下各文件的消息摘要算法第五版(Message Digest Algorithm,以下简称MD5值)。需要说明的是,本发明实施例中,可执行文件包括Dex类型文件(包括classes.dex文件,扩展名为.jar的文件,以及Dex格式的文件),和/或ELF类型文件。In the embodiment of the present invention, the identity information of the payment client may include one or a combination of the following: a package name of the payment client, a version number, and a developer signature. In addition, the identity information of the payment client may further include the feature data of the payment client. According to the feature data, the embodiment of the present invention can perform security verification on the payment client with unknown security. The feature data of the payment client includes the identity information of the payment client described above, and may also include a feature of a component broadcast receiver of the payment client, a feature of the service of the payment client, and payment. The characteristics of the component activity of the class client, the instruction or string in the executable file, and the message digest algorithm (MD5 value) of each file in the installation package directory of the payment client. It should be noted that, in the embodiment of the present invention, the executable file includes a Dex type file (including a classes.dex file, a file with a .jar extension, and a file in a Dex format), and/or an ELF type file.
本发明实施例中,利用数据库对支付类客户端进行安全性验证时,由于移动终 端本地的空间资源有限,因此,云服务器中的数据库中存储的支付类客户端的身份标识信息和/或特征数据更为全面。因此,优选地,本发明实施例将支付类客户端的身份标识信息发送至云服务器进行安全性验证。由云服务器在存储有通过安全性验证的支付类客户端的身份标识信息的数据库中,对接收到的支付类客户端的身份标识信息进行匹配,并返回匹配结果。根据匹配结果,本发明实施例能够确定支付类客户端是否为安全性通过验证的支付类客户端。具体地,若匹配结果为数据库中存在身份标识信息能够与支付类客户端的身份标识信息相匹配,则确定支付类客户端安全性通过验证,若匹配结果为接收到的支付类客户端的身份标识信息未能够与数据库中存储的任一身份标识信息相匹配,则确定支付类客户端安全性未通过验证。In the embodiment of the present invention, when the security verification of the payment client is performed by using the database, due to the mobile terminal The local space resources are limited. Therefore, the identity information and/or feature data of the payment client stored in the database in the cloud server is more comprehensive. Therefore, preferably, the embodiment of the present invention sends the identity information of the payment client to the cloud server for security verification. The cloud server matches the identity information of the received payment type client in the database storing the identity information of the payment type client through the security verification, and returns a matching result. According to the matching result, the embodiment of the present invention can determine whether the payment type client is a payment type client whose security is verified. Specifically, if the matching result is that the identity information in the database can match the identity information of the payment client, it is determined that the security of the payment client is verified, and if the matching result is the identity information of the received payment client If it is not able to match any of the identity information stored in the database, it is determined that the payment class client security has not passed the verification.
另外,由于数据库中还可以存储有安全性未通过验证的支付类客户端的身份标识信息,以及已知的恶意支付类客户端的数据特征,因此,在对支付类客户端的安全性进行验证时,还可以将支付类客户端的身份标识信息与数据库中的安全性未通过验证的支付类客户端的身份标识信息进行匹配,若能够匹配到,则确定支付类客户端未通过安全性验证,若未匹配到,则能够根据已知的恶意支付类客户端的数据特征对支付类客户端的全性能否通过验证做进一步确定。In addition, since the database may also store the identity information of the payment type client whose security is not verified, and the data characteristics of the known malicious payment type client, when verifying the security of the payment type client, The identity information of the payment type client may be matched with the identity information of the payment type client in the database that is not verified by the security. If it is matched, it is determined that the payment type client fails the security verification, and if it does not match Then, according to the data characteristics of the known malicious payment client, whether the fullness of the payment client can be further verified can be verified.
由于实际操作中,木马程序、对软件的二次打包等不法手段越来越先进,仅仅根据已知的安全性未通过验证的支付类客户端的身份标识信息以及已知的恶意支付类客户端的数据特征无法保证能够全面检测出虚假的支付类客户端或者钓鱼类支付软件等恶意软件,而对于安全性能够通过验证的支付类客户端,能够通过人工查询等多种途径确定其安全性,进而将其添加至数据库,以供用户在下载或者安装或者使用该支付类客户端时,对支付类客户端安全性进行验证。因此,本发明实施例中,优选将支付类客户端的身份标识信息与数据库中安全性通过验证的支付类客户端的身份标识信息进行匹配,并根据匹配结果确定支付类客户端安全性是否通过验证。Due to the actual operation, the Trojan horse program, the secondary packaging of the software, and the like are more and more advanced, and only the identity information of the payment client that is not verified according to the known security and the data of the known malicious payment client are known. The feature cannot guarantee that the fake payment client or phishing payment software can be fully detected, and the security client that can pass the verification can determine its security through manual inquiry and other ways. It is added to the database for the user to verify the security of the payment client when downloading or installing or using the payment client. Therefore, in the embodiment of the present invention, the identity information of the payment client is matched with the identity information of the payment client authenticated in the database, and the security of the payment client is verified according to the matching result.
当确定支付类客户端安全性通过验证,则保持支付类客户端的运行状态。若确定支付类客户端安全性未能通过验证,则本显示提示消息以及对应的处理操作选项。优选地,本发明实施例中的处理操作选项以按钮的形式显示,即显示的各个处理操作选项为对应的处理按钮,则用户对处理操作选项的触发时,能够在对应的处理按钮处接收用户的输入指令。若在处理按钮处接收到用户根据提示消息输入的触发指令,则根据触发指令对支付类客户端执行相应处理。When it is determined that the security of the payment type client is verified, the running state of the payment type client is maintained. If it is determined that the security of the payment client fails to pass the verification, the present prompt message and corresponding processing operation options are displayed. Preferably, the processing operation option in the embodiment of the present invention is displayed in the form of a button, that is, each processing operation option displayed is a corresponding processing button, and when the user triggers the processing operation option, the user can be received at the corresponding processing button. Input instructions. If the trigger instruction input by the user according to the prompt message is received at the processing button, the corresponding processing is performed on the payment client according to the trigger instruction.
本发明实施例中,当确定支付类客户端安全性未通过验证时显示的处理按钮可以是任意能够触发对支付类客户端进行处理的按钮,本发明实施例对此并不加以限定。例如,处理按钮可以是终止按钮,可以是卸载按钮,可以是安装正版按钮,还可以是继续使用按钮等。对应的,若在终止按钮处接收到用户的触发指令,终止支付类客户端的运行过程,若在卸载按钮处接收到用户的触发指令,卸载支付类客户端,若在安装正版按钮处接收到用户的触发指令,卸载支付类客户端,并安装与支付类客户端对应的正版支付类客户端,若在继续使用按钮处接收到用户的触发指令,保持支付类客户端的运行状态。In the embodiment of the present invention, the processing button that is displayed when the security of the payment client is not verified may be any button that can trigger the processing of the payment client, which is not limited by the embodiment of the present invention. For example, the processing button may be a termination button, may be an uninstall button, may be a genuine button installed, or may continue to use a button. Correspondingly, if the trigger command of the user is received at the termination button, the running process of the payment client is terminated, and if the trigger command of the user is received at the uninstall button, the payment client is uninstalled, and if the user is received at the genuine button The triggering instruction, uninstalling the payment type client, and installing the genuine payment type client corresponding to the payment type client, if the user receives the trigger instruction at the button, the operation state of the payment type client is maintained.
本发明实施例中,在确定支付类客户端安全性未通过验证时,能够显示提示消息,以及多种对支付类客户端进行不同处理的按钮,并通过在各个按钮处接收用户 的触发指令对支付类客户端执行相应处理,在保证提示用户支付类客户端安全性存在风险的情况下,根据用户的选择对支付类客户端进行处理,避免对支付类客户端执行错误的卸载等操作造成用户的不便。例如,若根据预设规则检测到支付类客户端的安装包中包含恶意病毒,则确定该支付类客户端属于可卸载的应用程序,标识为可卸载;若检测出支付类客户端内包含广告、弹窗、收费等,则根据支付类客户端包含的不同内容将该支付类客户端归类,并标识为可卸载;若对支付类客户端进行检测之后,能够确定支付类客户端为移动终端自身的应用,卸载支付类客户端可能对移动终端的正常使用造成影响,则将支付类客户端归类并标识为不可卸载;若对支付类客户端进行检测之后,能够确定支付类客户端为移动终端自身的应用,并且卸载支付类客户端对移动终端的正常使用没有严重影响,但是可能造成移动终端中功能的损失,则将支付类客户端归类并标识为谨慎卸载。In the embodiment of the present invention, when it is determined that the security of the payment client fails to pass the verification, the prompt message can be displayed, and various buttons for different processing of the payment client are performed, and the user is received at each button. The triggering instruction performs corresponding processing on the payment client, and the payment client is processed according to the user's selection to ensure that the payment client is performing the wrong uninstallation when the user is prompted to pay the security of the client. Such operations cause user inconvenience. For example, if it is detected according to the preset rule that the installation package of the payment client includes a malicious virus, it is determined that the payment client belongs to an uninstallable application, and the identifier is uninstallable; if the payment client is detected to include an advertisement, The pop-up window, the charge, and the like, classify the payment client according to different contents included in the payment client, and identify that it is uninstallable; if the payment client is detected, the payment client can be determined as the mobile terminal In its own application, the unloading payment client may affect the normal use of the mobile terminal, and then classify and identify the payment client as non-uninstallable; if the payment client is detected, it can determine that the payment client is The mobile terminal's own application, and the offloading payment client does not have a serious impact on the normal use of the mobile terminal, but may cause loss of functionality in the mobile terminal, and the payment class client is classified and identified as a cautious uninstall.
再例如,监测到支付类客户端A启动时,根据预设规则对支付类客户端A以及支付类客户端A的运行环境进行检测之后,确定支付类客户端A为通过检测的支付类客户端,但获取支付类客户端A的版本信息发送至云服务器之后,在数据库中不存在与支付类客户端A相匹配的版本信息,则本发明实施例确定支付类客户端的安全性未通过验证。但实际操作中,可能存在该支付类客户端A为新开发的支付类客户端,启动支付类客户端A的用户为支付类客户端A的第一个用户,则数据库中并未存储有支付类客户端A的版本信息,但用户能够确定支付类客户端A并不存在安全隐患,则用户可以通过触发上文介绍的继续使用按钮保证利用支付类客户端A继续执行支付操作。For example, after detecting that the payment client A starts, after detecting the running environment of the payment client A and the payment client A according to the preset rule, determining that the payment client A is the detected payment client After the version information of the payment type client A is sent to the cloud server, and the version information matching the payment type client A does not exist in the database, the embodiment of the present invention determines that the security of the payment type client fails the verification. However, in actual operation, the payment client A may be a newly developed payment client, and the user who starts the payment client A is the first user of the payment client A, and the database does not store the payment. The version information of the client A, but the user can determine that the payment client A does not have a security risk, and the user can ensure that the payment operation is continued by the payment client A by triggering the continue use button described above.
需要说明的是,本发明实施例提供的移动终端的安全支付方法中对支付类客户端安全性的验证过程能够运用到对任意软件安全性的验证过程中,本发明实施例对此并不加以限定。It should be noted that, in the secure payment method of the mobile terminal provided by the embodiment of the present invention, the verification process of the security of the payment client can be applied to the verification process of any software security, and the embodiment of the present invention does not limited.
实施例一Embodiment 1
为将上文各实施例提供的移动终端的安全支付方法阐述得更加清楚明白,现提供一个优选实施例对本发明实施例提供的移动终端的安全支付方法进行介绍。需要说明的是,为将本优选实施例阐述得更加简洁,本例中,设置支付类客户端A安装于手机中。In order to clarify the security payment method of the mobile terminal provided by the foregoing embodiments, a preferred embodiment is provided to introduce a secure payment method of the mobile terminal provided by the embodiment of the present invention. It should be noted that, in order to simplify the present preferred embodiment, in this example, the payment client A is installed in the mobile phone.
图10示出了根据本发明一个优选实施例的移动终端的安全支付方法的处理流程图。参见图10,该流程至少包括步骤S1002至步骤S1026。需要说明的是,在图10中,将支付类客户端A简称为支付类客户端。FIG. 10 is a flow chart showing the processing of a secure payment method of a mobile terminal in accordance with a preferred embodiment of the present invention. Referring to FIG. 10, the flow includes at least steps S1002 to S1026. It should be noted that, in FIG. 10, the payment client A is simply referred to as a payment client.
步骤S1002、检测本地DNS。Step S1002, detecting a local DNS.
具体地,当监测到支付类客户端A启动时,优选对启动支付类客户端A使用的网络进行检测。当检测到网络为公共网络时,确定公共网络的安全性较低,则对本地DNS进行检测。Specifically, when it is detected that the payment type client A is started, it is preferable to detect the network used by the startup payment type client A. When it is detected that the network is a public network, it is determined that the security of the public network is low, and the local DNS is detected.
步骤S1004、确定本地DNS是否被改动,若未被改动,直接执行步骤S1012,若确定被改动,执行步骤S1006。In step S1004, it is determined whether the local DNS is changed. If it is not changed, step S1012 is directly performed. If the determination is changed, step S1006 is performed.
步骤S1006、当根据步骤S1004,确定本地DNS被改动,则提示用户本地DNS被改动,使用支付类客户端A可能存在安全隐患。例如,在手机的屏幕中显示提示 消息。另外,在显示提示消息时,还能够在屏幕中显示处理按钮,如显示“修改本地DNS”按钮和/或“保持本地DNS不变”按钮。Step S1006: When it is determined according to step S1004 that the local DNS is changed, the user is prompted to change the local DNS, and the use of the payment client A may have a security risk. For example, displaying a prompt on the phone’s screen Message. In addition, when the prompt message is displayed, it is also possible to display a processing button on the screen, such as displaying a "modify local DNS" button and/or a "keep local DNS unchanged" button.
步骤S1008、确定根据用户输入的指令是否修改本地DNS。若是,执行步骤S1010,若否,执行步骤S1012。Step S1008: Determine whether to modify the local DNS according to an instruction input by the user. If yes, go to step S1010, if no, go to step S1012.
具体地,步骤S1006中提及,当确定本地DNS被改动,可以在手机的屏幕上显示提示消息,优选地,还可以显示处理按钮。当在显示的处理按钮处接收到用户根据提示消息输入的触发指令。例如,当用户在“修改本地DNS”按钮处输入触发指令时,则确定修改本地DNS,当用户在“保持本地DNS不变”按钮处输入触发指令时,则确定保持本地DNS不变,并不对其进行修改。Specifically, it is mentioned in step S1006 that when it is determined that the local DNS is changed, a prompt message may be displayed on the screen of the mobile phone, and preferably, a processing button may also be displayed. A trigger command input by the user according to the prompt message is received at the processed processing button. For example, when the user inputs a trigger instruction at the "modify local DNS" button, it is determined to modify the local DNS. When the user inputs a trigger instruction at the "keep local DNS unchanged" button, it is determined that the local DNS remains unchanged, and is not correct. It is modified.
步骤S1010、修改本地DNS为安全DNS。Step S1010: Modify the local DNS as a secure DNS.
当根据用户输入的指令确定修改本地DNS时,则将本地DNS修改为安全DNS。其中,安全的DNS可以是已经经过安全认证的服务器,可以是选择多个具有电信运营商资质的域名解析服务器。如从用户访问量巨大的域名中选取的网购类网站域名、游戏类网站域名、社交类网站域名等。When the local DNS is modified according to an instruction input by the user, the local DNS is modified to a secure DNS. The secure DNS may be a server that has been authenticated by security, and may be a plurality of domain name resolution servers having the qualification of a telecom operator. For example, the domain name of the online shopping website, the domain name of the game website, and the domain name of the social website are selected from the domain names with a large number of user visits.
步骤S1012、执行病毒扫描操作。Step S1012, performing a virus scanning operation.
具体地,当确定本地DNS未被改动,或者确定本地DNS被改动之后,根据用户输入的指令保持本地DNS不变,或者确定本地DNS被改动之后,根据用户输入的指令将本地DNS修改为安全DNS,之后,对支付类客户端A执行病毒扫描操作。Specifically, after determining that the local DNS has not been changed, or determining that the local DNS is changed, keeping the local DNS unchanged according to an instruction input by the user, or determining that the local DNS is changed, modifying the local DNS to a secure DNS according to an instruction input by the user. After that, a virus scanning operation is performed on the payment client A.
步骤S1014、确定支付类客户端A中是否存在病毒。若是,直接执行步骤S1024,若否,执行步骤S1016。Step S1014: Determine whether a virus exists in the payment client A. If yes, go to step S1024 directly, and if no, go to step S1016.
步骤S1016、当根据步骤S1014确定支付类客户端A中不存在病毒时,则支付类客户端A通过检测,获取支付类客户端A的身份标识信息。优选地,支付类客户端A的身份标识信息可以是支付类客户端A的包名信息、支付类客户端A的版本信息,以及支付类客户端A的签名信息。Step S1016: When it is determined according to step S1014 that there is no virus in the payment client A, the payment client A obtains the identity identification information of the payment client A by detecting. Preferably, the identity information of the payment client A may be the package name information of the payment client A, the version information of the payment client A, and the signature information of the payment client A.
步骤S1018、发送获取的支付类客户端A的身份标识信息至云服务器。由云服务器在数据库中对支付类客户端A的身份标识信息进行匹配,并返回匹配结果。本例中,数据库中存储有安全性通过验证的支付类客户端的身份标识信息。Step S1018: Send the acquired identity information of the payment client A to the cloud server. The cloud server matches the identity information of the payment client A in the database and returns a matching result. In this example, the database stores the identity information of the payment-type client that is authenticated by security.
步骤S1020、根据匹配结果确定支付类客户端A的安全性是否通过验证,若是,执行步骤S1022,若否,执行步骤S1024。In step S1020, it is determined whether the security of the payment client A is verified according to the matching result. If yes, step S1022 is performed, and if no, step S1024 is performed.
具体地,若匹配结果为数据库中存在身份标识信息能够与支付类客户端A的身份标识信息相匹配,则确定支付类客户端A安全性通过验证,执行步骤S1022;若匹配结果为支付类客户端A的身份标识信息未能够与数据库中存储的任一身份标识信息相匹配,则确定支付类客户端A安全性未通过验证,执行步骤S1024。Specifically, if the matching result is that the identity information in the database can match the identity information of the payment client A, it is determined that the security of the payment client A is verified, and step S1022 is performed; if the matching result is a payment client If the identity information of the terminal A is not matched with any of the identity information stored in the database, it is determined that the security of the payment client A does not pass the verification, and step S1024 is performed.
步骤S1022、确定支付类客户端A安全性通过验证之后,保持支付类客户端A的运行。Step S1022: After the security of the payment client A is verified, the operation of the payment client A is maintained.
步骤S1024、确定支付类客户端A安全性未通过验证之后,显示提示消息及处理按钮。Step S1024: After determining that the security of the payment client A has not passed the verification, a prompt message and a processing button are displayed.
本例中,当确定支付类客户端A安全性未通过验证时显示的处理按钮可以是任意能够触发对支付类客户端A进行处理的按钮,本发明实施例对此并不加以限定。 例如,处理按钮可以是终止软件按钮,可以是卸载按钮,可以是安装正版按钮,还可以是继续使用按钮等。In this example, the processing button that is displayed when the security of the payment client A is not verified may be any button that can trigger the processing of the payment client A, which is not limited by the embodiment of the present invention. For example, the processing button may be a termination software button, an uninstall button, a genuine button, or a button.
步骤S1026、根据用户的触发指令执行相应的处理。Step S1026: Perform corresponding processing according to the trigger instruction of the user.
与步骤S1024中的处理按钮相对应,在不同的处理按钮处接收到用户输入的触发指令则对支付类客户端A执行对应的处理。例如,若在终止按钮处接收到用户的触发指令,终止支付类客户端的运行过程,若在卸载按钮处接收到用户的触发指令,卸载支付类客户端,若在安装正版按钮处接收到用户的触发指令,卸载支付类客户端,并安装与支付类客户端对应的正版支付类客户端,若在继续使用按钮处接收到用户的触发指令,保持支付类客户端的运行状态。Corresponding to the processing button in step S1024, receiving a trigger instruction input by the user at a different processing button performs a corresponding processing on the payment class client A. For example, if the trigger command of the user is received at the termination button, the running process of the payment type client is terminated, and if the trigger instruction of the user is received at the uninstall button, the payment type client is uninstalled, and if the user is received at the installation genuine button Trigger the command, uninstall the payment client, and install the genuine payment client corresponding to the payment client. If the user receives the trigger command while continuing to use the button, the operation state of the payment client is maintained.
本例中,在确定支付类客户端安全性未通过验证时,能够显示提示消息,以及多种对支付类客户端进行不同处理的按钮,并通过在各个按钮处接收用户的触发指令对支付类客户端执行相应处理,在保证提示用户支付类客户端安全性存在风险的情况下,根据用户的选择对支付类客户端进行处理,避免对支付类客户端执行错误的卸载等操作造成用户的不便。In this example, when it is determined that the payment client security has not passed the verification, the prompt message can be displayed, and various buttons for different processing of the payment client are received, and the payment class is received by receiving the trigger instruction of the user at each button. The client performs the corresponding processing, and the payment client is processed according to the user's choice to ensure that the user is in danger of paying the security of the client, thereby avoiding the user's inconvenience caused by performing the wrong uninstallation on the payment client. .
基于上文各优选实施例提供的移动终端的安全支付方法,基于同一发明构思,本发明实施例提供了一种移动终端的安全支付装置,以实现移动终端的安全支付方法。Based on the secure payment method of the mobile terminal provided by the foregoing preferred embodiments, the embodiment of the present invention provides a secure payment device for a mobile terminal to implement a secure payment method for the mobile terminal.
图11示出了根据本发明一个实施例的移动终端的安全支付装置的结构示意图。参见图11,本发明实施例的移动终端的安全支付装置至少包括:监测模块1110、获取模块1120、确定模块1130、以及处理模块1140。FIG. 11 is a block diagram showing the structure of a secure payment device of a mobile terminal according to an embodiment of the present invention. Referring to FIG. 11, the secure payment device of the mobile terminal according to the embodiment of the present invention includes at least a monitoring module 1110, an obtaining module 1120, a determining module 1130, and a processing module 1140.
现介绍本发明实施例的移动终端的安全支付装置的各器件或组成的功能以及各部分间的连接关系:The functions of each device or component of the secure payment device of the mobile terminal of the embodiment of the present invention and the connection relationship between the components are now introduced:
监测模块1110,配置为监测安装于移动终端的支付类客户端启动。The monitoring module 1110 is configured to monitor a payment type client installed on the mobile terminal to start.
获取模块1120,与监测模块1110相耦合,配置为获取支付类客户端的身份标识信息,其中,身份标识信息包括下列至少之一:支付类客户端的包名信息、支付类客户端的版本信息、支付类客户端的签名信息。The obtaining module 1120 is coupled to the monitoring module 1110 and configured to obtain the identity information of the payment client. The identity information includes at least one of the following: a package name information of the payment client, a version information of the payment client, and a payment class. The signature information of the client.
确定模块1130,与获取模块1120相耦合,配置为根据支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证。The determining module 1130 is coupled to the obtaining module 1120 and configured to determine whether the security of the payment client is verified according to the identity information of the payment client.
处理模块1140,与确定模块1130相耦合,配置为若确定支付类客户端安全性通过验证,利用所述支付类客户端执行支付操作。The processing module 1140 is coupled to the determining module 1130, and configured to perform a payment operation by using the payment class client if it is determined that the payment type client security is verified.
图12示出了根据本发明一个优选实施例的移动终端的安全支付装置的结构示意图。参见图12,本例中的移动终端的安全支付装置还包括:FIG. 12 is a block diagram showing the structure of a secure payment device of a mobile terminal according to a preferred embodiment of the present invention. Referring to FIG. 12, the secure payment device of the mobile terminal in this example further includes:
发送模块1150,配置为发送支付类客户端的身份标识信息至云服务器,由云服务器在数据库中对支付类客户端的身份标识信息进行匹配,其中,数据库中存储有安全性通过验证的支付类客户端的身份标识信息;The sending module 1150 is configured to send the identity information of the payment client to the cloud server, where the cloud server matches the identity information of the payment client in the database, where the database stores the security client that has passed the security verification. Identification information;
确定模块1130,还配置为根据云服务器返回的匹配结果确定支付类客户端安全性是否通过验证。The determining module 1130 is further configured to determine whether the security of the payment class client passes the verification according to the matching result returned by the cloud server.
在一个优选的实施例中,确定模块1130还配置为:In a preferred embodiment, the determining module 1130 is further configured to:
若匹配结果为数据库中存在身份标识信息能够与支付类客户端的身份标识信息 相匹配,则确定支付类客户端安全性通过验证;If the matching result is that the identity information exists in the database and the identity information of the payment class client Matching, it is determined that the security of the payment client is verified;
若匹配结果为支付类客户端的身份标识信息未能够与数据库中存储的任一身份标识信息相匹配,则确定支付类客户端安全性未通过验证。If the matching result is that the identity information of the payment client is not able to match any of the identity information stored in the database, it is determined that the payment client security has not passed the verification.
如图12所示,在一个优选的实施例中,移动终端的安全支付装置还包括:As shown in FIG. 12, in a preferred embodiment, the secure payment device of the mobile terminal further includes:
检测模块1160,配置为监测到支付类客户端启动时,根据预设规则对支付类客户端和/或支付类客户端的运行环境进行检测;The detecting module 1160 is configured to: when the payment client is started, detect the running environment of the payment client and/or the payment client according to a preset rule;
获取模块1120,还配置为筛选出通过检测的支付类客户端;以及The obtaining module 1120 is further configured to filter out the payment type client that passes the detection;
获取通过检测的支付类客户端的身份标识信息。Obtain the identity information of the payment type client that passes the detection.
在一个优选的实施例中,确定模块1130还配置为:In a preferred embodiment, the determining module 1130 is further configured to:
据预设规则对支付类客户端和/或支付类客户端的运行环境进行检测之后,确定未通过检测的支付类客户端为安全性未通过验证的支付类客户端。After detecting the running environment of the payment type client and/or the payment type client according to the preset rule, it is determined that the payment type client that fails the detection is a payment type client whose security has not passed the verification.
在一个优选的实施例中,处理模块1140还配置为:In a preferred embodiment, the processing module 1140 is further configured to:
确定模块1130确定支付类客户端安全性未通过验证之后,显示提示消息以及处理操作选项,以供用户根据提示消息触发对应的处理操作选项处理支付类客户端,其中,处理操作选项包括下列至少之一:终止、卸载、安装正版、继续使用;After the determining module 1130 determines that the payment type client security fails the verification, the prompt message and the processing operation option are displayed, so that the user processes the payment processing client according to the prompt message triggering the corresponding processing operation option, wherein the processing operation option includes at least the following One: terminate, uninstall, install genuine, continue to use;
根据用户触发的处理操作选项对支付类客户端执行相应处理。The payment class client performs corresponding processing according to the processing operation option triggered by the user.
在一个优选的实施例中,检测模块1160根据预设规则对支付类客户端和/或支付类客户端的运行环境进行的检测操作,包括下列至少之一:In a preferred embodiment, the detecting module 1160 performs a detecting operation on the operating environment of the payment client and/or the payment client according to the preset rule, including at least one of the following:
检测本地域名系统DNS是否被改动;以及Detecting whether the local domain name system DNS has been altered;
对支付类客户端执行病毒扫描操作。Perform a virus scan operation on the payment client.
在一个优选的实施例中,检测模块1160还配置为:In a preferred embodiment, the detection module 1160 is further configured to:
根据本地病毒库和/或云服务器中的病毒数据库对支付类客户端执行病毒扫描操作。Perform a virus scan operation on the payment class client according to the virus database in the local virus database and/or the cloud server.
在一个优选的实施例中,确定模块1130还配置为:In a preferred embodiment, the determining module 1130 is further configured to:
若检测模块1160检测到本地DNS被改动和/或支付类客户端中存在病毒,则确定支付类客户端未通过检测。If the detection module 1160 detects that the local DNS is modified and/or there is a virus in the payment client, it is determined that the payment client has not passed the detection.
根据上述任意一个优选实施例或多个优选实施例的组合,本发明实施例能够达到如下有益效果:According to any one of the preferred embodiments or the combination of the preferred embodiments, the embodiment of the present invention can achieve the following beneficial effects:
依据本发明实施例,能够在监测到支付类客户端启动时,获取通过检测的支付类客户端的身份标识信息,并根据获取到的身份标识信息确定支付类客户端的安全性是否通过验证。现有技术中,用户无法判断使用的支付类客户端的安全性是否通过验证,因此,无法保证使用支付类客户端时隐私信息不被泄露以及财产不受到损失。而本发明实施例能够在监测到支付类客户端启动时,获取支付类客户端的身份标识信息,并根据获取到的支付类客户端的身份标识信息对支付类客户端进行安全性验证,当确定支付类客户端通过安全性验证之后,利用支付类客户端执行支付操作。因此,依据本发明实施例能够解决现有技术中不能够对支付类客户端进行安全性验证的问题,达到了避免用户使用盗取用户隐私信息的虚假支付类客户端的有益效果,进而能够合理有效避免用户隐私信息的泄露,以及保护用户财产的安全。According to the embodiment of the present invention, when the payment client is started, the identity information of the payment type client that is detected is obtained, and the security of the payment client is verified according to the obtained identity information. In the prior art, the user cannot judge whether the security of the payment type client used is verified. Therefore, the privacy information cannot be leaked and the property is not lost when the payment client is used. The embodiment of the present invention can obtain the identity identification information of the payment client when the payment client is started, and perform security verification on the payment client according to the obtained identity information of the payment client, when determining the payment. After the class client passes the security verification, the payment client is used to perform the payment operation. Therefore, according to the embodiment of the present invention, the problem of not being able to perform security verification on the payment client in the prior art can be solved, and the beneficial effect of avoiding the use of the fake payment client that steals the user's private information is achieved, thereby being reasonable and effective. Avoid the disclosure of user privacy information and protect the security of user property.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的 实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it can be understood that the present invention The embodiments may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的移动支付安全的保护装置及云服务器,以及移动终端输入窗口的安全检测装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. It should be understood by those skilled in the art that a microprocessor or a digital signal processor (DSP) can be used in practice to implement a mobile payment security protection device and a cloud server according to an embodiment of the present invention, and a security detection of a mobile terminal input window. Some or all of the functionality of some or all of the components. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
例如,图13示出了可以实现在智能终端之间传输数据的方法的计算设备。该计算设备传统上包括处理器1310和以存储器1320形式的计算机程序产品或者计算机可读介质。存储器1320可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器1320具有用于执行上述方法中的任何方法步骤的程序代码1331的存储空间1330。例如,用于程序代码的存储空间1330可以包括分别用于实现上面的方法中的各种步骤的各个程序代码1331。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图14所述的便携式或 者固定存储单元。该存储单元可以具有与图13的计算设备中的存储器1320类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括计算机可读代码1331’,即可以由例如诸如1310之类的处理器读取的代码,这些代码当由计算设备运行时,导致该计算设备执行上面所描述的方法中的各个步骤。For example, Figure 13 illustrates a computing device that can implement a method of transferring data between intelligent terminals. The computing device conventionally includes a processor 1310 and a computer program product or computer readable medium in the form of a memory 1320. The memory 1320 may be an electronic memory such as a flash memory, an EEPROM (Electrically Erasable Programmable Read Only Memory), an EPROM, a hard disk, or a ROM. Memory 1320 has a storage space 1330 for program code 1331 for performing any of the method steps described above. For example, the storage space 1330 for program code may include respective program codes 1331 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such computer program products are typically portable or as described with reference to FIG. The fixed storage unit. The storage unit may have a storage segment, a storage space, and the like that are similarly arranged to the storage 1320 in the computing device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 1331', ie, code that can be read by a processor, such as, for example, 1310, which when executed by a computing device causes the computing device to perform each of the methods described above step.
本文中所称的“一个实施例”、“实施例”或者“一个或者多个实施例”意味着,结合实施例描述的特定特征、结构或者特性包括在本发明的至少一个实施例中。此外,请注意,这里“在一个实施例中”的词语例子不一定全指同一个实施例。"an embodiment," or "an embodiment," or "an embodiment," In addition, it is noted that the phrase "in one embodiment" is not necessarily referring to the same embodiment.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
此外,还应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的,而非限制性的,本发明的范围由所附权利要求书限定。 In addition, it should be noted that the language used in the specification has been selected for the purpose of readability and teaching, and is not intended to be construed or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present invention is intended to be illustrative, and not restrictive, and the scope of the invention is defined by the appended claims.

Claims (45)

  1. 一种移动支付安全的保护方法,包括:A method of protecting mobile payment security, comprising:
    监测到移动终端支付类客户端的触发事件时,获取所述支付类客户端的特征信息,其中,所述特征信息指所述支付类客户端的唯一身份标识信息;Obtaining the feature information of the payment class client when the triggering event of the payment terminal of the mobile terminal is detected, where the feature information refers to the unique identity information of the payment class client;
    将获取的所述特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,所述白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息;Matching the obtained feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes feature information of the payment terminal client of the mobile terminal capable of performing the payment type operation securely;
    根据所述匹配结果判断所述支付类客户端是否为恶意客户端;Determining, according to the matching result, whether the payment client is a malicious client;
    根据判断结果对所述支付类客户端进行处理。The payment type client is processed according to the judgment result.
  2. 根据权利要求1所述的方法,其中,所述特征信息包括以下至少之一:名称、图标、包名、签名、版本信息、消息摘要算法MD5、安全哈希算法SHA1、文件大小、文件修改时间、文件创建时间。The method according to claim 1, wherein the feature information comprises at least one of: a name, an icon, a package name, a signature, a version information, a message digest algorithm MD5, a secure hash algorithm SHA1, a file size, and a file modification time. , file creation time.
  3. 根据权利要求1或2所述的方法,其中,根据所述匹配结果判断所述支付类客户端是否为恶意客户端,包括:The method according to claim 1 or 2, wherein determining whether the payment client is a malicious client according to the matching result comprises:
    若获取的所述特征信息存在于所述白名单中,确定所述支付类客户端为非恶意客户端;If the acquired feature information exists in the whitelist, determining that the payment client is a non-malicious client;
    若获取的所述特征信息未存在于所述白名单中,确定所述支付类客户端为恶意客户端或未知客户端。If the acquired feature information does not exist in the whitelist, determine that the payment client is a malicious client or an unknown client.
  4. 根据权利要求3所述的方法,其中,确定所述支付类客户端为恶意客户端或未知客户端之后,还包括:The method of claim 3, wherein after determining that the payment client is a malicious client or an unknown client, the method further comprises:
    获取所述支付类客户端的图标,其中,所述支付类客户端为未知客户端;Obtaining an icon of the payment class client, where the payment class client is an unknown client;
    计算获取的图标与预置的图标库中的图标的相似度;Calculating the similarity between the obtained icon and the icon in the preset icon library;
    确定所述图标库中、所述相似度大于或等于预设阈值的图标;Determining, in the icon library, the icon whose similarity is greater than or equal to a preset threshold;
    根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;Querying a known payment type client corresponding to the determined icon according to a preset mapping relationship between the icon in the icon library and a known payment type client;
    若查询到的所述已知支付类客户端为非恶意客户端,确定所述支付类客户端为非恶意客户端;If the known payment type client is a non-malicious client, determining that the payment client is a non-malicious client;
    若查询到的所述已知支付类客户端为恶意客户端,确定所述支付类客户端为恶意客户端。If the known payment type client is a malicious client, the payment client is determined to be a malicious client.
  5. 根据权利要求3所述的方法,其中,确定所述支付类客户端为恶意客户端或未知客户端之后,还包括:The method of claim 3, wherein after determining that the payment client is a malicious client or an unknown client, the method further comprises:
    获取所述支付类客户端的图标,其中,所述支付类客户端为未知客户端;Obtaining an icon of the payment class client, where the payment class client is an unknown client;
    发送查询所述支付类客户端是否为恶意客户端的查询请求至云服务器,其中,所述查询请求携带有所述支付类客户端的图标;Sending a query requesting whether the payment-type client is a malicious client to the cloud server, where the query request carries an icon of the payment-type client;
    接收所述云服务器返回的查询结果。Receiving the query result returned by the cloud server.
  6. 根据权利要求4或5所述的方法,其中,所述获取的图标包括所述支付类客户端的快捷方式图标和/或从应用列表中获取的所述支付类客户端的图标。 The method according to claim 4 or 5, wherein the acquired icon comprises a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  7. 根据权利要求4至6任一项所述的方法,其中,计算获取的图标与预置的图标库中的图标的相似度,包括:The method according to any one of claims 4 to 6, wherein calculating the similarity between the acquired icon and the icon in the preset icon library comprises:
    将获取的图标与预置的图标库中的图标缩放至相同的尺寸;Scale the acquired icon to the same size as the icon in the preset icon library;
    通过比较缩放后的获取的图标与预置的图标库中的图标对应位置的像素,得到所述相似度。The similarity is obtained by comparing pixels of the position obtained by the scaled acquired icon with the icon in the preset icon library.
  8. 根据权利要求1至7任一项所述的方法,其中,所述支付类客户端的触发事件包括下列至少之一:The method according to any one of claims 1 to 7, wherein the triggering event of the payment class client comprises at least one of the following:
    安装所述支付类客户端;Installing the payment class client;
    启动所述支付类客户端;Starting the payment class client;
    扫描所述支付类客户端;Scanning the payment class client;
    更新所述支付类客户端。Update the payment class client.
  9. 一种移动支付安全的保护方法,包括:A method of protecting mobile payment security, comprising:
    接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,所述查询请求携带有所述支付类客户端的图标;Receiving, by the mobile terminal, a query request for querying whether the payment terminal client of the mobile terminal is a malicious client, wherein the query request carries an icon of the payment client;
    计算所述支付类客户端的图标与预置的图标库中的图标的相似度,确定所述图标库中、所述相似度大于或等于预设阈值的图标;Calculating an similarity between the icon of the payment client and the icon in the preset icon library, and determining an icon in the icon library that the similarity is greater than or equal to a preset threshold;
    根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;Querying a known payment type client corresponding to the determined icon according to a preset mapping relationship between the icon in the icon library and a known payment type client;
    判断所述已知支付类客户端是否为恶意客户端,得到判断结果;Determining whether the known payment client is a malicious client, and obtaining a judgment result;
    将所述判断结果作为所述支付类客户端是否为恶意客户端的查询结果,并发送至所述移动终端。The judgment result is used as a query result of whether the payment client is a malicious client, and is sent to the mobile terminal.
  10. 根据权利要求9所述的方法,其中,将所述判断结果作为所述支付类客户端是否为恶意客户端的查询结果,包括:The method according to claim 9, wherein the result of the determining whether the payment client is a malicious client includes:
    若所述已知支付类客户端为非恶意客户端,所述查询结果为所述支付类客户端为非恶意客户端;If the known payment client is a non-malicious client, the query result is that the payment client is a non-malicious client;
    若所述已知支付类客户端为恶意客户端,所述查询结果为所述支付类客户端为恶意客户端。If the known payment client is a malicious client, the query result is that the payment client is a malicious client.
  11. 根据权利要求9或10所述的方法,其中,所述支付类客户端的图标包括所述支付类客户端的快捷方式图标和/或从应用列表中获取的所述支付类客户端的图标。The method according to claim 9 or 10, wherein the icon of the payment class client comprises a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  12. 根据权利要求9至11任一项所述的方法,其中,所述查询结果中携带的信息包括下列至少之一:The method according to any one of claims 9 to 11, wherein the information carried in the query result comprises at least one of the following:
    所述支付类客户端的能够安全完成支付类操作的安装包;An installation package of the payment client capable of performing a payment type operation securely;
    所述支付类客户端的能够安全完成支付类操作的下载地址。The payment type client can download the download address of the payment type operation securely.
  13. 一种移动终端的安全支付方法,包括:A secure payment method for a mobile terminal, comprising:
    监测到安装于移动终端的支付类客户端启动时,获取所述支付类客户端的身份标识信息,其中,所述身份标识信息包括下列至少之一:所述支付类客户端的包名信息、所述支付类客户端的版本信息、所述支付类客户端的签名信息;Obtaining, when the payment type client installed on the mobile terminal is started, acquiring the identity identification information of the payment type client, where the identity identification information includes at least one of the following: the package name information of the payment type client, the a version information of the payment client, and signature information of the payment client;
    根据所述支付类客户端的身份标识信息确定所述支付类客户端安全性是否通过 验证;Determining whether the security of the payment client is passed according to the identity information of the payment client verification;
    若是,利用所述支付类客户端执行支付操作。If so, the payment operation is performed by the payment type client.
  14. 根据权利要求13所述的方法,其中,根据所述支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证,包括:The method of claim 13, wherein determining whether the security of the payment class client passes the verification according to the identity identification information of the payment class client comprises:
    发送所述支付类客户端的身份标识信息至云服务器,由所述云服务器在数据库中对所述支付类客户端的身份标识信息进行匹配,其中,所述数据库中存储有安全性通过验证的支付类客户端的身份标识信息;Sending the identity information of the payment client to the cloud server, where the cloud server matches the identity information of the payment client in the database, where the database stores the security verified payment class. The identity information of the client;
    根据所述云服务器返回的匹配结果确定所述支付类客户端安全性是否通过验证。Determining whether the payment type client security passes the verification according to the matching result returned by the cloud server.
  15. 根据权利要求14所述的方法,其中,根据所述云服务器返回的匹配结果确定所述支付类客户端安全性是否通过验证,包括:The method of claim 14, wherein determining whether the payment type client security passes the verification according to the matching result returned by the cloud server comprises:
    若所述匹配结果为所述数据库中存在身份标识信息能够与所述支付类客户端的身份标识信息相匹配,则确定所述支付类客户端安全性通过验证;If the matching result is that the identity information in the database can match the identity information of the payment client, determining that the security of the payment client is verified;
    若所述匹配结果为所述支付类客户端的身份标识信息未能够与所述数据库中存储的任一身份标识信息相匹配,则确定所述支付类客户端安全性未通过验证。If the matching result is that the identity information of the payment client is not able to match any of the identity information stored in the database, it is determined that the security of the payment client fails verification.
  16. 根据权利要求13至15任一项所述的方法,其中,监测到支付类客户端启动时,获取所述支付类客户端的身份标识信息,包括:The method according to any one of claims 13 to 15, wherein when the payment client is started, the identity information of the payment client is obtained, including:
    监测到支付类客户端启动时,根据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行检测,筛选出通过检测的所述支付类客户端;When the payment type client is started, the running environment of the payment type client and/or the payment type client is detected according to a preset rule, and the payment type client that passes the detection is selected;
    获取通过检测的所述支付类客户端的身份标识信息。Obtaining identity identification information of the payment type client that is detected.
  17. 根据权利要求16所述的方法,其中,根据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行检测之后,还包括:The method of claim 16, wherein after detecting the operating environment of the payment client and/or the payment client according to a preset rule, the method further includes:
    确定未通过检测的所述支付类客户端为安全性未通过验证的支付类客户端。The payment type client that fails the detection is determined to be a payment type client whose security has not passed the verification.
  18. 根据权利要求15至17任一项所述的方法,其中,确定所述支付类客户端安全性未通过验证之后,还包括:The method according to any one of claims 15 to 17, wherein after determining that the payment type client security fails the verification, the method further comprises:
    显示提示消息,以供用户根据所述提示消息触发对应的处理操作选项处理所述支付类客户端,其中,所述处理操作选项包括下列至少之一:终止、卸载、安装正版、继续使用;Displaying a prompt message for the user to process the payment type client according to the prompt message triggering corresponding processing operation option, where the processing operation option includes at least one of the following: terminating, uninstalling, installing genuine, continuing to use;
    根据所述用户触发的处理操作选项对所述支付类客户端执行相应处理。Performing corresponding processing on the payment class client according to the processing operation option triggered by the user.
  19. 根据权利要求18所述的方法,其中,根据所述触发指令对所述支付类客户端执行相应处理,包括:The method according to claim 18, wherein performing corresponding processing on the payment class client according to the triggering instruction comprises:
    若所述用户触发所述终止操作,终止所述支付类客户端的运行过程;If the user triggers the termination operation, terminating the running process of the payment class client;
    若所述用户触发所述卸载操作,卸载所述支付类客户端;If the user triggers the uninstall operation, uninstalling the payment class client;
    若所述用户触发所述安装正版操作,卸载所述支付类客户端,并安装与所述支付类客户端对应的正版支付类客户端;If the user triggers the installation of the genuine operation, uninstalling the payment client, and installing a genuine payment client corresponding to the payment client;
    若所述用户触发所述继续使用操作,保持所述支付类客户端的运行状态。If the user triggers the continuing use operation, maintaining the running state of the payment class client.
  20. 根据权利要求16至19任一项所述的方法,其中,根据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行的检测操作,包括下列至少之一:The method according to any one of claims 16 to 19, wherein the detecting operation of the payment type client and/or the payment type client operating environment according to a preset rule comprises at least one of the following:
    检测本地域名系统DNS是否被改动;以及 Detecting whether the local domain name system DNS has been altered;
    对所述支付类客户端执行病毒扫描操作。Performing a virus scanning operation on the payment client.
  21. 根据权利要求20所述的方法,其中,对所述支付类客户端执行病毒扫描操作,包括:The method of claim 20, wherein performing a virus scanning operation on the payment class client comprises:
    根据本地病毒库和/或所述云服务器中的病毒数据库对所述支付类客户端执行病毒扫描操作。Performing a virus scanning operation on the payment class client according to a local virus database and/or a virus database in the cloud server.
  22. 根据权利要求20或21所述的方法,其中,若检测到所述本地DNS被改动和/或所述支付类客户端中存在病毒,则确定所述支付类客户端未通过检测。The method according to claim 20 or 21, wherein if it is detected that the local DNS is modified and/or a virus is present in the payment client, it is determined that the payment client has not passed the detection.
  23. 一种移动支付安全的保护装置,包括:A mobile payment security protection device, comprising:
    获取模块,配置为监测到移动终端支付类客户端的触发事件时,获取所述支付类客户端的特征信息,其中,所述特征信息指所述支付类客户端的唯一身份标识信息;The acquiring module is configured to acquire the feature information of the payment class client when the trigger event of the payment terminal of the mobile terminal is monitored, where the feature information refers to the unique identity information of the payment class client;
    匹配模块,配置为将获取的所述特征信息与预置的白名单中的特征信息进行匹配,得到匹配结果,其中,所述白名单中包括能够安全完成支付类操作的移动终端支付类客户端的特征信息;The matching module is configured to match the acquired feature information with the feature information in the preset whitelist to obtain a matching result, where the whitelist includes a mobile terminal payment client capable of performing a payment type operation securely. Characteristic information
    第一判断模块,配置为根据所述匹配结果判断所述支付类客户端是否为恶意客户端;The first determining module is configured to determine, according to the matching result, whether the payment client is a malicious client;
    处理模块,配置为根据判断结果对所述支付类客户端进行处理。The processing module is configured to process the payment client according to the determination result.
  24. 根据权利要求23所述的装置,其中,所述特征信息包括以下至少之一:名称、图标、包名、签名、版本信息、消息摘要算法MD5、安全哈希算法SHA1、文件大小、文件修改时间、文件创建时间。The apparatus according to claim 23, wherein the feature information comprises at least one of: a name, an icon, a package name, a signature, a version information, a message digest algorithm MD5, a secure hash algorithm SHA1, a file size, and a file modification time. , file creation time.
  25. 根据权利要求23或24所述的装置,其中,所述第一判断模块还配置为:The apparatus according to claim 23 or 24, wherein the first determining module is further configured to:
    若获取的所述特征信息存在于所述白名单中,确定所述支付类客户端为非恶意客户端;If the acquired feature information exists in the whitelist, determining that the payment client is a non-malicious client;
    若获取的所述特征信息未存在于所述白名单中,确定所述支付类客户端为恶意客户端或未知客户端。If the acquired feature information does not exist in the whitelist, determine that the payment client is a malicious client or an unknown client.
  26. 根据权利要求25所述的装置,其中,还包括第二判断模块,配置为:The device of claim 25, further comprising a second determining module configured to:
    获取所述支付类客户端的图标,其中,所述支付类客户端为未知客户端;Obtaining an icon of the payment class client, where the payment class client is an unknown client;
    计算获取的图标与预置的图标库中的图标的相似度;Calculating the similarity between the obtained icon and the icon in the preset icon library;
    确定所述图标库中、所述相似度大于或等于预设阈值的图标;Determining, in the icon library, the icon whose similarity is greater than or equal to a preset threshold;
    根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;Querying a known payment type client corresponding to the determined icon according to a preset mapping relationship between the icon in the icon library and a known payment type client;
    若查询到的所述已知支付类客户端为非恶意客户端,确定所述支付类客户端为非恶意客户端;If the known payment type client is a non-malicious client, determining that the payment client is a non-malicious client;
    若查询到的所述已知支付类客户端为恶意客户端,确定所述支付类客户端为恶意客户端。If the known payment type client is a malicious client, the payment client is determined to be a malicious client.
  27. 根据权利要求26所述的装置,其中,所述第二判断模块还配置为:The apparatus of claim 26, wherein the second determining module is further configured to:
    获取所述支付类客户端的图标,其中,所述支付类客户端为未知客户端;Obtaining an icon of the payment class client, where the payment class client is an unknown client;
    发送查询所述支付类客户端是否为恶意客户端的查询请求至云服务器,其中,所述查询请求携带有所述支付类客户端的图标; Sending a query requesting whether the payment-type client is a malicious client to the cloud server, where the query request carries an icon of the payment-type client;
    接收所述云服务器返回的查询结果。Receiving the query result returned by the cloud server.
  28. 根据权利要求26或27所述的装置,其中,所述获取的图标包括所述支付类客户端的快捷方式图标和/或从应用列表中获取的所述支付类客户端的图标。The apparatus according to claim 26 or 27, wherein the acquired icon comprises a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  29. 根据权利要求26至28任一项所述的装置,其中,所述第二判断模块还配置为:The apparatus according to any one of claims 26 to 28, wherein the second determining module is further configured to:
    将获取的图标与预置的图标库中的图标缩放至相同的尺寸;Scale the acquired icon to the same size as the icon in the preset icon library;
    通过比较缩放后的获取的图标与预置的图标库中的图标对应位置的像素,得到所述相似度。The similarity is obtained by comparing pixels of the position obtained by the scaled acquired icon with the icon in the preset icon library.
  30. 根据权利要求23至29任一项所述的装置,其中,所述支付类客户端的触发事件包括下列至少之一:The apparatus according to any one of claims 23 to 29, wherein the triggering event of the payment class client comprises at least one of the following:
    安装所述支付类客户端;Installing the payment class client;
    启动所述支付类客户端;Starting the payment class client;
    扫描所述支付类客户端;Scanning the payment class client;
    更新所述支付类客户端。Update the payment class client.
  31. 一种云服务器,包括:A cloud server that includes:
    请求接收模块,配置为接收来自移动终端的、查询移动终端支付类客户端是否为恶意客户端的查询请求,其中,所述查询请求携带有所述支付类客户端的图标;The request receiving module is configured to receive a query request from the mobile terminal to query whether the payment terminal client of the mobile terminal is a malicious client, where the query request carries an icon of the payment client;
    计算模块,配置为计算所述支付类客户端的图标与预置的图标库中的图标的相似度,确定所述图标库中、所述相似度大于或等于预设阈值的图标;a calculation module, configured to calculate an similarity between an icon of the payment client and an icon in the preset icon library, and determine an icon in the icon library that the similarity is greater than or equal to a preset threshold;
    查询模块,配置为根据预设的所述图标库中的图标与已知支付类客户端间的映射关系,查询确定的图标对应的已知支付类客户端;The query module is configured to query, according to a preset mapping relationship between the icon in the icon library and a known payment client, a known payment client corresponding to the determined icon;
    第三判断模块,配置为判断所述已知支付类客户端是否为恶意客户端,得到判断结果;The third determining module is configured to determine whether the known payment client is a malicious client, and obtain a determination result;
    发送模块,配置为将所述判断结果作为所述支付类客户端是否为恶意客户端的查询结果,并发送至所述移动终端。The sending module is configured to use the judgment result as a query result of whether the payment client is a malicious client, and send the result to the mobile terminal.
  32. 根据权利要求31所述的云服务器,其中,所述发送模块还配置为:The cloud server according to claim 31, wherein the sending module is further configured to:
    若所述已知支付类客户端为非恶意客户端,所述查询结果为所述支付类客户端为非恶意客户端;If the known payment client is a non-malicious client, the query result is that the payment client is a non-malicious client;
    若所述已知支付类客户端为恶意客户端,所述查询结果为所述支付类客户端为恶意客户端。If the known payment client is a malicious client, the query result is that the payment client is a malicious client.
  33. 根据权利要求31或32所述的云服务器,其中,所述支付类客户端的图标包括所述支付类客户端的快捷方式图标和/或从应用列表中获取的所述支付类客户端的图标。The cloud server according to claim 31 or 32, wherein the icon of the payment class client comprises a shortcut icon of the payment class client and/or an icon of the payment class client obtained from the application list.
  34. 根据权利要求31至33任一项所述的云服务器,其中,所述查询结果中携带的信息包括下列至少之一:The cloud server according to any one of claims 31 to 33, wherein the information carried in the query result comprises at least one of the following:
    所述支付类客户端的能够安全完成支付类操作的安装包;An installation package of the payment client capable of performing a payment type operation securely;
    所述支付类客户端的能够安全完成支付类操作的下载地址。The payment type client can download the download address of the payment type operation securely.
  35. 一种移动终端的安全支付装置,包括:A secure payment device for a mobile terminal, comprising:
    监测模块,配置为监测安装于移动终端的支付类客户端启动; a monitoring module configured to monitor a payment type client installed on the mobile terminal to start;
    获取模块,配置为获取所述支付类客户端的身份标识信息,其中,所述身份标识信息包括下列至少之一:所述支付类客户端的包名信息、所述支付类客户端的版本信息、所述支付类客户端的签名信息;An obtaining module, configured to obtain the identity information of the payment client, where the identity information includes at least one of the following: a package name information of the payment client, version information of the payment client, The signature information of the payment client;
    确定模块,配置为根据所述支付类客户端的身份标识信息确定支付类客户端安全性是否通过验证;a determining module, configured to determine, according to the identity information of the payment client, whether the security of the payment client is verified;
    处理模块,配置为若确定所述支付类客户端安全性通过验证,利用所述支付类客户端执行支付操作。The processing module is configured to perform a payment operation by using the payment type client if it is determined that the payment type client security is verified.
  36. 根据权利要求35所述的装置,其中,还包括:The apparatus of claim 35, further comprising:
    发送模块,配置为发送所述支付类客户端的身份标识信息至云服务器,由所述云服务器在数据库中对所述支付类客户端的身份标识信息进行匹配,其中,所述数据库中存储有安全性通过验证的支付类客户端的身份标识信息;a sending module, configured to send the identity information of the payment client to the cloud server, where the cloud server matches the identity information of the payment client in a database, where the database stores security The identity information of the verified payment client;
    所述确定模块,还配置为根据所述云服务器返回的匹配结果确定所述支付类客户端安全性是否通过验证。The determining module is further configured to determine, according to the matching result returned by the cloud server, whether the security of the payment client is verified.
  37. 根据权利要求36所述的装置,其中,所述确定模块还配置为:The apparatus of claim 36, wherein the determining module is further configured to:
    若所述匹配结果为所述数据库中存在身份标识信息能够与所述支付类客户端的身份标识信息相匹配,则确定所述支付类客户端安全性通过验证;If the matching result is that the identity information in the database can match the identity information of the payment client, determining that the security of the payment client is verified;
    若所述匹配结果为所述支付类客户端的身份标识信息未能够与所述数据库中存储的任一身份标识信息相匹配,则确定所述支付类客户端安全性未通过验证。If the matching result is that the identity information of the payment client is not able to match any of the identity information stored in the database, it is determined that the security of the payment client fails verification.
  38. 根据权利要求35至37任一项所述的装置,其中,还包括:The apparatus according to any one of claims 35 to 37, further comprising:
    检测模块,配置为监测到支付类客户端启动时,根据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行检测;The detecting module is configured to detect, when the payment client is started, the operating environment of the payment client and/or the payment client according to a preset rule;
    所述获取模块,还配置为筛选出通过检测的所述支付类客户端;以及The obtaining module is further configured to filter out the payment type client that passes the detection;
    获取通过检测的所述支付类客户端的身份标识信息。Obtaining identity identification information of the payment type client that is detected.
  39. 根据权利要求38所述的装置,其中,所述确定模块还配置为:The apparatus of claim 38, wherein the determining module is further configured to:
    据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行检测之后,确定未通过检测的所述支付类客户端为安全性未通过验证的支付类客户端。After detecting the running environment of the payment type client and/or the payment type client according to a preset rule, the payment type client that fails the detection is determined to be a payment type client whose security has not passed the verification.
  40. 根据权利要求37至39任一项所述的装置,其中,所述处理模块还配置为:The apparatus of any one of claims 37 to 39, wherein the processing module is further configured to:
    所述确定模块确定所述支付类客户端安全性未通过验证之后,显示提示消息以及处理操作选项,以供用户根据所述提示消息触发对应的处理操作选项处理所述支付类客户端,其中,所述处理操作选项包括下列至少之一:终止、卸载、安装正版、继续使用;After the determining module determines that the security of the payment client fails to pass the verification, the prompt message and the processing operation option are displayed, so that the user can process the payment processing client according to the prompt message triggering the corresponding processing operation option, where The processing operation option includes at least one of the following: terminating, uninstalling, installing genuine, continuing to use;
    根据所述用户触发的处理操作选项对所述支付类客户端执行相应处理。Performing corresponding processing on the payment class client according to the processing operation option triggered by the user.
  41. 根据权利要求38至40任一项所述的装置,其中,所述检测模块根据预设规则对所述支付类客户端和/或所述支付类客户端的运行环境进行的检测操作,包括下列至少之一:The apparatus according to any one of claims 38 to 40, wherein the detecting module performs a detecting operation on an operating environment of the payment type client and/or the payment type client according to a preset rule, including at least the following one:
    检测本地域名系统DNS是否被改动;以及Detecting whether the local domain name system DNS has been altered;
    对所述支付类客户端执行病毒扫描操作。Performing a virus scanning operation on the payment client.
  42. 根据权利要求41所述的装置,其中,所述检测模块还配置为:The apparatus of claim 41, wherein the detecting module is further configured to:
    根据本地病毒库和/或所述云服务器中的病毒数据库对所述支付类客户端执行 病毒扫描操作。Performing on the payment class client according to a local virus database and/or a virus database in the cloud server Virus scanning operation.
  43. 根据权利要求41或42所述的装置,其中,所述确定模块还配置为:The apparatus of claim 41 or 42, wherein the determining module is further configured to:
    若所述检测模块检测到所述本地DNS被改动和/或所述支付类客户端中存在病毒,则确定所述支付类客户端未通过检测。If the detecting module detects that the local DNS is modified and/or a virus exists in the payment client, it is determined that the payment client fails to pass the detection.
  44. 一种计算机程序,包括计算机可读代码,当所述计算机可读代码在计算设备上运行时,导致所述计算设备执行根据权利要求1至22任一项所述的方法。A computer program comprising computer readable code that, when executed on a computing device, causes the computing device to perform the method of any one of claims 1-22.
  45. 一种计算机可读介质,其中存储了如权利要求44所述的计算机程序。 A computer readable medium storing the computer program of claim 44.
PCT/CN2015/080901 2014-06-10 2015-06-05 Mobile payment security protection method, apparatus and cloud server WO2015188728A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201410256086.4 2014-06-10
CN201410256086.4A CN104021339A (en) 2014-06-10 2014-06-10 Safety payment method and device for mobile terminal
CN201410336534.1 2014-07-15
CN201410336534.1A CN104134143B (en) 2014-07-15 2014-07-15 Mobile payment security protection method, mobile payment security protection device and cloud server

Publications (1)

Publication Number Publication Date
WO2015188728A1 true WO2015188728A1 (en) 2015-12-17

Family

ID=54832904

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/080901 WO2015188728A1 (en) 2014-06-10 2015-06-05 Mobile payment security protection method, apparatus and cloud server

Country Status (1)

Country Link
WO (1) WO2015188728A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111582886A (en) * 2020-05-07 2020-08-25 支付宝(杭州)信息技术有限公司 False resource transfer identification method, device, equipment and medium
US11023881B2 (en) 2016-04-29 2021-06-01 Huawei Technologies Co., Ltd. Near field communication NFC-based transaction method and device
CN115131922A (en) * 2021-03-25 2022-09-30 深圳怡化电脑股份有限公司 Acceptance terminal equipment and transaction method and transaction device thereof with bank system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103514397A (en) * 2013-09-29 2014-01-15 西安酷派软件科技有限公司 Server, terminal and authority management and permission method
US20140115717A1 (en) * 2008-11-17 2014-04-24 Vance Bjorn Method and Apparatus for an End User Identity Protection Suite
CN104021339A (en) * 2014-06-10 2014-09-03 北京奇虎科技有限公司 Safety payment method and device for mobile terminal
CN104134143A (en) * 2014-07-15 2014-11-05 北京奇虎科技有限公司 Mobile payment security protection method, mobile payment security protection device and cloud server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140115717A1 (en) * 2008-11-17 2014-04-24 Vance Bjorn Method and Apparatus for an End User Identity Protection Suite
CN103514397A (en) * 2013-09-29 2014-01-15 西安酷派软件科技有限公司 Server, terminal and authority management and permission method
CN104021339A (en) * 2014-06-10 2014-09-03 北京奇虎科技有限公司 Safety payment method and device for mobile terminal
CN104134143A (en) * 2014-07-15 2014-11-05 北京奇虎科技有限公司 Mobile payment security protection method, mobile payment security protection device and cloud server

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11023881B2 (en) 2016-04-29 2021-06-01 Huawei Technologies Co., Ltd. Near field communication NFC-based transaction method and device
CN111582886A (en) * 2020-05-07 2020-08-25 支付宝(杭州)信息技术有限公司 False resource transfer identification method, device, equipment and medium
CN115131922A (en) * 2021-03-25 2022-09-30 深圳怡化电脑股份有限公司 Acceptance terminal equipment and transaction method and transaction device thereof with bank system
CN115131922B (en) * 2021-03-25 2024-05-28 深圳怡化电脑股份有限公司 Reception terminal device, transaction method and transaction device for reception terminal device and bank system

Similar Documents

Publication Publication Date Title
CN109492378B (en) Identity verification method based on equipment identification code, server and medium
Chen et al. Uncovering the face of android ransomware: Characterization and real-time detection
WO2015188788A1 (en) Method and apparatus for protecting mobile terminal payment security, and mobile terminal
CN104134143B (en) Mobile payment security protection method, mobile payment security protection device and cloud server
CN109561085B (en) Identity verification method based on equipment identification code, server and medium
US10419222B2 (en) Monitoring for fraudulent or harmful behavior in applications being installed on user devices
US9607147B2 (en) Method and device for detecting software-tampering
WO2015169158A1 (en) Information protection method and system
WO2016034063A1 (en) Method and client for processing malicious short message based on pseudo base station
WO2016015680A1 (en) Security detection method and security detection apparatus for mobile terminal input window
CN104063788B (en) Mobile platform credibility payment system and method
CN106529218B (en) Application verification method and device
WO2013126258A1 (en) Quantifying the risks of applications for mobile devices
CN103632096A (en) Method and device for carrying out safety detection on equipment
CN108763951B (en) Data protection method and device
CN104517054A (en) Method, device, client and server for detecting malicious APK
CN104021339A (en) Safety payment method and device for mobile terminal
US10733594B1 (en) Data security measures for mobile devices
CN1869927B (en) Device controller, method for controlling a device, and program therefor
WO2022073340A1 (en) Mobile terminal application security detection method and system, terminal, and storage medium
WO2020093723A1 (en) Blockchain-based health data verification method and device, and server
WO2020093722A1 (en) Block chain-based prescription data verification method and device, and server
CN106548065B (en) Application program installation detection method and device
US20200327229A1 (en) Method, apparatus, electronic device and storage medium for protecting private key of digital wallet
CN111177727A (en) Vulnerability detection method and device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15806713

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15806713

Country of ref document: EP

Kind code of ref document: A1