WO2016082678A1 - Method and device for monitoring display hijack - Google Patents

Method and device for monitoring display hijack Download PDF

Info

Publication number
WO2016082678A1
WO2016082678A1 PCT/CN2015/094316 CN2015094316W WO2016082678A1 WO 2016082678 A1 WO2016082678 A1 WO 2016082678A1 CN 2015094316 W CN2015094316 W CN 2015094316W WO 2016082678 A1 WO2016082678 A1 WO 2016082678A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
image
currently displayed
text content
display
Prior art date
Application number
PCT/CN2015/094316
Other languages
French (fr)
Chinese (zh)
Inventor
林钧燧
Original Assignee
阿里巴巴集团控股有限公司
林钧燧
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 林钧燧 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016082678A1 publication Critical patent/WO2016082678A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Definitions

  • the present application relates to the field of computer technology, and in particular, to a method and apparatus for monitoring display hijacking.
  • a common attack method is to display a hijacking type attack.
  • display hijacking is that the attacking party misleads the user by modifying the display information to the user, so that the user or other person suffers losses during the business.
  • user A transfers money to user B
  • the attacker transfers money to user C during the transaction process.
  • the system displays the transaction information
  • the attacker displays the display information displayed by the user through the injection, layer overlay, and the like. To user B, it is not noticeable.
  • the user confirms the information and enters the required verification (such as entering a password) to complete the transaction, the user will suffer losses.
  • a user initiates a transaction request to a server through a terminal or a client, such as an Automated Teller Machine (ATM) or a Point of Sales (POS), it is usually required to complete the final transaction.
  • ATM Automated Teller Machine
  • POS Point of Sales
  • the user confirms the transaction information at the terminal, and the user can reject the transaction if the information is found to be incorrect, and in this case, the attacker can tamper with the transaction information that needs to be confirmed by the user during the communication process (for example, by means of a man-in-the-middle attack, injection, etc.,
  • the transaction confirmation message sent by the server or tampering with the displayed information when the terminal displays the information (for example, modifying the display information by means of program dynamic injection, layer overlay, etc.) to achieve hijacking display and defrauding the user for confirmation.
  • Undoubtedly, malicious display hijacking will bring great security risks to the Internet system. How to effectively monitor or identify display hijacking is an urgent technical problem.
  • the embodiment of the present application provides a method and apparatus for monitoring display hijacking to solve the problem in the prior art that a user suffers a loss in a transaction due to the hijacking of the displayed information.
  • obtaining information currently displayed specifically including:
  • obtaining information currently displayed specifically including:
  • the text content of the currently displayed information is obtained from the information image, and specifically includes:
  • the text content of the currently displayed information is obtained from the information image by means of graphic transformation.
  • receiving the information sent by the server and displaying the information includes:
  • the received information is displayed when the verification is passed.
  • the application also provides a device for monitoring display hijacking, including:
  • a receiving module configured to receive information sent by the server
  • a display module for displaying the received information
  • the checking module is configured to check whether the information currently displayed by the display module is the same as the information received by the receiving module.
  • the inspection module is provided with a text checking unit for acquiring text content in the currently displayed information, and determining whether the text content is identical to the text content of the information received by the receiving module.
  • the inspection module is provided with an image checking unit for capturing an image in the currently displayed information, and determining whether the text content contained in the image is identical to the text content of the information received by the receiving module.
  • the image checking unit includes a graphic conversion module for acquiring text content from the currently displayed image.
  • the receiving module is further configured to receive a signature sent by the server for the sent information.
  • the device further includes:
  • a verification module is configured to verify whether the signature is consistent with a signature sent by the server.
  • the method and device for monitoring display hijacking described in the present application use screen checking to compare the currently displayed information content with the information content sent by the server, thereby judging whether the information has been tampered with during the display process, and can be timely and effectively Monitor the occurrence of hijackings and improve the security of the system.
  • FIG. 1 is a flow chart of a method for monitoring display hijacking according to the present application
  • FIG. 2 is a structural diagram of an apparatus for monitoring display hijacking according to the present application.
  • 3 is a transaction process for monitoring a method of displaying hijacking using the present application
  • FIG. 4 is a schematic diagram of a method for monitoring display hijacking in a specific transaction application according to the present application.
  • the present application provides a method for monitoring display hijacking, including: receiving information displayed by a server and displaying; obtaining current displayed information; determining whether the currently displayed information is the same as the received information; and if so, Make sure that it has not been hijacked by the display; otherwise, be sure to be hijacked by the show.
  • the specific process is as follows:
  • the process of receiving the information sent by the server and displaying it is that the client receives the information from the server. After receiving the information, the client displays the received information through a screen display technology. Due to the display hijacking, the information displayed is different from the information originally received by the client. Therefore, the application adopts the screen inspection technology, that is, by obtaining the information displayed on the current screen, the information is The information received by the client is compared to see if the two are the same, to determine whether the display is hijacked.
  • the server signs the information sent by the server by using a digital signature manner, and the signature is used by the server.
  • a digest obtained by the algorithm computing the information it sends, and the digest (ie, the signature) is sent from the server to the client along with the information.
  • the client After receiving the information, the client also needs to verify the signature to prevent the information sent by the server from being tampered with during the transmission process. If the client can verify the signature, the information sent by the server is transmitted to the client. Not in the process Tampering, on the contrary, if the verification fails, it indicates that tampering has occurred. At this time, the next step will not be possible to ensure the security of the whole process.
  • the present application further provides a device for monitoring display hijacking.
  • the device includes the following modules: a receiving module 101, a display module 102, and an inspection module 103.
  • the receiving module 101 is configured to receive information sent from a server.
  • the information sent by the server is information signed by the server, and includes the sending information and the signature of the information.
  • the display module 102 is configured to display information received by the receiving module 101.
  • the checking module 103 is configured to check whether the information currently displayed by the display module 102 is the same as the information received by the receiving module 101, thereby determining whether the information displayed by the display module 102 is authentic and has not been tampered with.
  • the check module 103 is provided with a text check unit 1031 and an image check unit 1032.
  • the text check unit 1031 is configured to acquire text content in the currently displayed information, and determine the text content and the information received by the receiving module. Whether the text content is the same; the image checking unit 1032 is configured to acquire an image in the currently displayed information, and determine whether the text content contained in the image is the same as the text content of the information received by the receiving module, in the preferred embodiment.
  • the image checking unit 1032 is provided with a graphic conversion module for converting the content in the image into text content, and the checking process of the checking module 103 is a periodic loop check; the image checking unit 1032 is also available. Grasping the currently displayed information image, obtaining the attribute of the currently displayed image from the information image, and determining whether the attribute is the same as the attribute of the preset trusted image, the attribute including the resolution of the image, At least one of a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image .
  • the device for monitoring display hijacking further includes: a storage module 104, a signature module 105, and a verification module 106.
  • the storage module 104 is configured to store the received information.
  • the signing module 105 is configured to sign the information received by the receiving module 101.
  • the verification module 106 is configured to verify the signature and the service produced by the signature module 105 Whether the signatures issued by the device are consistent;
  • the monitoring display hijacking device described in the present application can timely display the display hijacking by checking the setting of the module, thereby improving the security of the whole process.
  • FIG. 3 and FIG. 4 A flow chart during the transaction process, the transaction process includes the following steps:
  • S01 The client accepts the user's transaction request and sends the transaction request to the server.
  • the client may be a multi-modal application, and establishes a communication connection with a remote server through a wired or wireless network, where the client includes but is not limited to: a browser, a personal computer (Personal Computer, PC) applications, mobile applications, which can exist in electronic and electrical equipment such as personal computers, mobile phones, and tablet computers.
  • a browser a personal computer (Personal Computer, PC) applications
  • mobile applications which can exist in electronic and electrical equipment such as personal computers, mobile phones, and tablet computers.
  • the user may initiate a transaction request to the client, and the client transmits to the remote server through the network according to the transaction request of the user, where the transaction request includes the identity tag of the user.
  • S02 The server generates and confirms the transaction confirmation information according to the received request, and sends the signed transaction confirmation information to the client.
  • the server After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and invokes information related to the identity tag in the background database, and the server creates the transaction request record (initiation time, request content, initiation) The location, identity and other information of the client), and then the server generates corresponding transaction confirmation information according to the transaction request of the user, and calls the signature module to sign the transaction confirmation information, and transmits the signature and the transaction confirmation information together through the network.
  • Client After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and invokes information related to the identity tag in the background database, and the server creates the transaction request record (initiation time, request content, initiation) The location, identity and other information of the client), and then the server generates corresponding transaction confirmation information according to the transaction request of the user, and calls the signature module to sign the transaction confirmation information, and transmits the signature and the transaction confirmation information together through the network.
  • Client After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and
  • the signature module is encrypted by using a digital signature, and the signature may be in multiple manners, including but not limited to: asymmetric signature (ie, public key cryptography), message digest, and digital signature method on public key cryptography. Many, such as RSA signature, DSA (Digital signature Algorithm) signature, Elliptic Curve Digital Signature Algorithm (ECDSA) and so on.
  • RSA signature ie, public key cryptography
  • DSA Digital signature Algorithm
  • EDSA Elliptic Curve Digital Signature Algorithm
  • the server generates a 128-bit hash value from the generated transaction confirmation information by using a digest algorithm, and then uses the RSA algorithm and itself.
  • the private key encrypts the hash value to produce a digest ciphertext, the server's digital signature; subsequently, the encrypted digital signature is attached to the transaction confirmation message and sent to the client along with the transaction confirmation information. .
  • the encryption algorithm of this embodiment may further include a Data Encryption Standard (DES) and a Triple Data Encryption Standard (Triple Data).
  • Encryption Standard, 3DES International Data Encryption Algorithm
  • IDEA International Data Encryption Algorithm
  • SD5 Secure Hash Algorithm1
  • Sha256 Sha256
  • Sha512 Message Digest Algorithm 5
  • AES Advanced Encryption Standard
  • AES Advanced Encryption Standard
  • This embodiment does not limit this, and may be selected according to a specific application environment. The signature method will not be described here.
  • S03 The client verifies the signature of the transaction confirmation information.
  • the client After receiving the signed transaction confirmation information, the client invokes the built-in verification module to verify the signature of the transaction confirmation information by using the verification module.
  • the RSA signature in step S02 is taken as an example.
  • the terminal After receiving the transaction confirmation information and its signature, the terminal uses the same digest algorithm to calculate a 128-bit hash value, and uses the RSA algorithm and the public key to decrypt the digital signature attached to the confirmation information.
  • the column value is the same as the 128-bit hash value generated when the server-side signature is generated, and the client can confirm that the transaction confirmation information is indeed from the server side and has not been tampered with. It can be seen that the way of signing and verifying the signature can greatly reduce the risk of the transaction confirmation information being hijacked and tampered with during transmission to the client.
  • the signature verification, information display and confirmation process in the Trusted Execution Environment can achieve the best implementation results. It can be seen that the signature verification method in this embodiment is particularly applicable to a mobile terminal. Since a mobile client often faces a large amount of micropayment, the required security protection strength is not high, and therefore, in a trusted execution environment (TEE, Trusted) Implementation in Execution Environment) is suitable for the security needs of most applications, and can be authorized Secure software applications are safer to execute.
  • TEE Trusted
  • S04 The client displays the transaction confirmation information, and periodically checks in the background whether the displayed transaction confirmation information has been tampered with.
  • the transaction confirmation information will be displayed to the user through the display module, and the user can read and verify the transaction confirmation information.
  • the client displays the displayed transaction through the inspection module built in the background.
  • the confirmation information is periodically checked.
  • the frequency of the inspection can be set according to the application environment. In theory, the higher the inspection frequency, the better, which can prevent the attacker from tampering with the transaction confirmation information during the display process, thus misleading.
  • the user performs a confirmation operation.
  • the check module operates in the background of the client, and the check mode is mainly a screen check, including but not limited to: displaying a text check, displaying an image check, and the like.
  • the check module checks the text content in the displayed confirmation information. Specifically, the checking module can obtain the text content of the currently displayed information, and compare the text content with the original information (ie, the real transaction confirmation information obtained after the client verifies the signature) to determine whether the two are the same. In order to judge whether the display module accurately and truly displays the transaction confirmation information received by the client, if the information found in the inspection process is inconsistent, indicating that the displayed information has been tampered with, the corresponding measures may be taken to remind The user or the direct termination of the transaction continues.
  • the original information ie, the real transaction confirmation information obtained after the client verifies the signature
  • the inspection module is mainly used to check the image displayed on the screen of the client to determine whether there is a problem such as layer coverage. Specifically, the inspection module will capture the information image displayed on the current screen and automatically identify the text content in the information image, for example, using an Optical Character Recognition (OCR) graphic transformation module to key the image. The information is converted into text content, and then the text content is compared with the transaction confirmation information received by the client to determine whether the two are consistent, and it can be determined whether the screen has a layer overlay currently.
  • OCR Optical Character Recognition
  • the method for displaying the image is not limited to the above-mentioned graphic conversion mode, and other methods may be adopted to identify whether layer overlay occurs, for example, capturing the currently displayed information image, and obtaining the currently displayed image from the information image.
  • the properties of the image and determine whether the properties of the currently displayed image are Whether it is the same as the attribute of the preset trusted image, wherein the attribute includes at least one of a resolution of the image, a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image.
  • the properties of the preset trusted image can come from the image library approved by the client.
  • the checking module still considers that the screen has been Overlaid by unknown images from third parties.
  • S05 The client receives the operation confirmed by the user and feeds it back to the server.
  • the client After the client verifies the transaction confirmation information, the user will perform the confirmation operation, and the client transmits the instruction for confirming the operation to the server through the network transmission. After receiving the confirmation instruction, the server will automatically follow the transaction request initiated by the user automatically. The next step is processed. For example, in the transfer transaction of the banking system, after the bank server receives the instruction to confirm the transfer transaction, it will automatically transfer the transfer amount from the user account to the transfer account according to the request in the transfer request.
  • S06 The server completes the transaction processing and returns the processing result to the client.
  • the server After completing the transaction processing, the server returns the processing result to the client to inform the user whether the initial transaction request is processed or not.
  • the user performs a purchase operation on the client (such as a browser, a mobile app, etc.), and after selecting the desired item (such as a pencil worth 10 yuan), the client will display some basic information of the order for the user to confirm. For example: order number, order time, order amount, seller account information, etc.
  • the attacker will modify the order information in the background and then transmit it to the server, for example, The price of the modified pencil is 20 yuan, the seller account information is modified, and the modification process is carried out in the background.
  • the order amount seen by the user is still 10 yuan
  • the amount of the transaction order actually received by the server is the modified 20 yuan.
  • the tampering process here occurs on the user side. When the user's computer or mobile phone is attacked, it will be very easy to happen. Due to the user's dispersal, the risk of being tampered with is often difficult. To be controlled)
  • the server will issue a transaction confirmation message to the client according to the order request of the amount of 20 yuan, and the user confirms the transaction and pays, and in order to prevent the user from perceiving that the amount of 20 yuan in the transaction confirmation information does not match the original order amount, the attacker usually When the transaction confirmation message arrives at the client, the client is displayed for hijacking, in an attempt to make the user see the false transaction confirmation information with the amount still 10 yuan, and prompt click confirmation.
  • the method of the present application will be used to monitor the display hijacking in a timely and effective manner.
  • the current display can be found.
  • the amount of 10 yuan viewed by the user does not match the amount of 20 yuan sent by the server, thereby judging that display hijacking has occurred.
  • the user or system can be alerted to automatically close the transaction.
  • the technical solution of the present application is more time-efficient and convenient, without using third-party channels and mobile phones. And other extra tools.
  • the present application compares the information currently displayed on the screen with the information sent by the server through the screen inspection technology to determine whether the display hijacking has occurred on the screen, thereby greatly improving the security of the transaction and protecting the interests of the user.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device.
  • computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Abstract

Disclosed are a method and device for monitoring a display hijack. The method comprises: displaying received information sent by a server, and checking the currently displayed information through screen checking technology, so as to judge whether the currently displayed information is the same as the information sent by the server, thereby understanding whether a currently display is hijacked. The method and device of the present application can be widely used for various transaction processes, such as online shopping and transfer transactions, and can effectively monitor the occurrence of a display hijack situation in time, thereby improving the system security.

Description

一种监测展示劫持的方法和装置Method and device for monitoring display hijacking 技术领域Technical field
本申请涉及计算机技术领域,尤其涉及一种监测展示劫持的方法和装置。The present application relates to the field of computer technology, and in particular, to a method and apparatus for monitoring display hijacking.
背景技术Background technique
随着计算机技术、互联网技术的快速发展,越来越多人喜欢并习惯了新兴的交易方式,例如:手机支付、网银转账等快捷的交易方式,在给人们生活带来极大便利的同时,也暴露出了大量的信息安全问题,一些非法分子利用计算机技术和互联网技术,在用户毫无察觉的情况下对用户的交易过程进行攻击,使用户遭受巨大的经济利益损失。With the rapid development of computer technology and Internet technology, more and more people like and get used to the emerging trading methods, such as: mobile payment, online banking transfer and other fast trading methods, while bringing great convenience to people's lives, It has also exposed a large number of information security problems. Some illegal elements use computer technology and Internet technology to attack the user's transaction process without the user's awareness, and the user suffers huge economic benefits.
现有技术中,常见的攻击方式为展示劫持类攻击,所谓展示劫持,顾名思义,是攻击方通过修改对用户的展示信息来误导用户,令用户或其他人在业务进行中遭受损失。例如:用户A转账给用户B,攻击者在交易过程中篡改为转账给用户C,系统在显示交易信息时,攻击者通过注入、图层覆盖等方式,使得用户看到的显示信息仍然显示转账给用户B,并无法察觉,此时用户若确认信息并输入所需校验(如输入密码)后完成交易,将蒙受损失。In the prior art, a common attack method is to display a hijacking type attack. The so-called display hijacking, as the name implies, is that the attacking party misleads the user by modifying the display information to the user, so that the user or other person suffers losses during the business. For example, user A transfers money to user B, and the attacker transfers money to user C during the transaction process. When the system displays the transaction information, the attacker displays the display information displayed by the user through the injection, layer overlay, and the like. To user B, it is not noticeable. At this time, if the user confirms the information and enters the required verification (such as entering a password) to complete the transaction, the user will suffer losses.
从技术角度来看,用户通过终端或客户端,如自动柜员机(Automated Teller Machine,ATM)、销售终端(Point of sales,POS)等,向服务器发起交易请求后,在完成最终交易前,通常需要用户在终端确认交易信息,用户如果发现信息不正确则可拒绝交易进行,而这种情况下,攻击者可以通过在通讯过程篡改需用户确认的交易信息(例如通过中间人攻击、注入等方式,修改服务器发送的交易确认信息),或者在终端展示信息时篡改显示的信息(例如通过程序动态注入、图层覆盖等方式来修改展示信息),达到劫持展示,骗取用户确认的目的。毫无疑问,恶意的展示劫持行为会给互联网系统带来极大的安全隐患,如何有效的监测或者说识别展示劫持是一个亟需解决的技术问题。From a technical point of view, after a user initiates a transaction request to a server through a terminal or a client, such as an Automated Teller Machine (ATM) or a Point of Sales (POS), it is usually required to complete the final transaction. The user confirms the transaction information at the terminal, and the user can reject the transaction if the information is found to be incorrect, and in this case, the attacker can tamper with the transaction information that needs to be confirmed by the user during the communication process (for example, by means of a man-in-the-middle attack, injection, etc., The transaction confirmation message sent by the server), or tampering with the displayed information when the terminal displays the information (for example, modifying the display information by means of program dynamic injection, layer overlay, etc.) to achieve hijacking display and defrauding the user for confirmation. Undoubtedly, malicious display hijacking will bring great security risks to the Internet system. How to effectively monitor or identify display hijacking is an urgent technical problem.
发明内容Summary of the invention
本申请实施例提供一种监测展示劫持的方法和装置,用以解决现有技术中用户因展示信息被劫持而在交易中蒙受损失的问题。The embodiment of the present application provides a method and apparatus for monitoring display hijacking to solve the problem in the prior art that a user suffers a loss in a transaction due to the hijacking of the displayed information.
本申请实施例提供的一种监测展示劫持的方法,包括:A method for monitoring display hijacking provided by an embodiment of the present application includes:
接收服务器发送的信息并展示;Receive information sent by the server and display it;
获取当前展示的信息;Get the information of the current display;
判断当前展示的信息与接收到的信息是否相同;Determining whether the currently displayed information is the same as the received information;
若是,则确定未受到展示劫持;If yes, it is determined that it has not been hijacked by the display;
否则,确定受到展示劫持。Otherwise, be sure to be hijacked by the show.
进一步地,获取当前展示的信息,具体包括:Further, obtaining information currently displayed, specifically including:
获取当前展示的信息的文本内容;Get the text content of the currently displayed information;
判断当前展示的信息与接收到的信息是否相同,具体包括:Determine whether the information currently displayed is the same as the information received, including:
判断当前展示的信息的文本内容与接收到的信息的文本内容是否相同。It is judged whether the text content of the currently displayed information is the same as the text content of the received information.
进一步地,获取当前展示的信息,具体包括:Further, obtaining information currently displayed, specifically including:
抓取当前展示的信息图像;Grab the image of the information currently displayed;
从所述信息图像中获取当前展示的信息的文本内容;Obtaining text content of the currently displayed information from the information image;
判断当前展示的信息与接收到的信息是否相同,具体包括:Determine whether the information currently displayed is the same as the information received, including:
判断当前展示的信息的文本内容与接收到的信息的文本内容是否相同。It is judged whether the text content of the currently displayed information is the same as the text content of the received information.
进一步地,从所述信息图像中获取当前展示的信息的文本内容,具体包括:Further, the text content of the currently displayed information is obtained from the information image, and specifically includes:
通过图文转换的方式,从所述信息图像中获取当前展示的信息的文本内容。The text content of the currently displayed information is obtained from the information image by means of graphic transformation.
进一步地,接收服务器发送的信息并展示,具体包括:Further, receiving the information sent by the server and displaying the information includes:
接收服务器发送的信息和签名;Receiving information and signatures sent by the server;
对所述签名进行验证;Verify the signature;
在验证通过时,对接收到的信息进行展示。The received information is displayed when the verification is passed.
本申请还提供一种监测展示劫持的装置,包括:The application also provides a device for monitoring display hijacking, including:
接收模块,用于接收服务器发送的信息; a receiving module, configured to receive information sent by the server;
显示模块,用于展示接收到的信息;及a display module for displaying the received information; and
检查模块,用于检查显示模块当前所展示的信息与接收模块接收到的信息是否相同。The checking module is configured to check whether the information currently displayed by the display module is the same as the information received by the receiving module.
进一步地,所述检查模块内设有文本检查单元,用于获取当前所展示的信息中的文本内容,并判断该文本内容与接收模块接收到的信息的文本内容是否相同。Further, the inspection module is provided with a text checking unit for acquiring text content in the currently displayed information, and determining whether the text content is identical to the text content of the information received by the receiving module.
进一步地,所述检查模块内设有图像检查单元,用于抓取当前所展示的信息中的图像,并判断该图像中含有的文本内容与接收模块接收到的信息的文本内容是否相同。Further, the inspection module is provided with an image checking unit for capturing an image in the currently displayed information, and determining whether the text content contained in the image is identical to the text content of the information received by the receiving module.
进一步地,所述图像检查单元内含图文转换模块,用于从当前所展示的图像中获取文本内容。Further, the image checking unit includes a graphic conversion module for acquiring text content from the currently displayed image.
进一步地,所述接收模块还用于接收自服务器发出的针对所发送信息的签名。Further, the receiving module is further configured to receive a signature sent by the server for the sent information.
进一步地,所述装置还包括:Further, the device further includes:
签名模块,用于对接收模块接收到的信息进行签名;及a signature module for signing information received by the receiving module; and
校验模块,用于校验该签名与所述服务器发出的签名是否一致。A verification module is configured to verify whether the signature is consistent with a signature sent by the server.
本申请所述的监测展示劫持的方法和装置,采用屏幕检查的方式,将当前展示的信息内容与服务器发送的信息内容进行比对,从而判断信息在展示过程中是否被篡改,能及时有效地监测展示劫持情况的发生,进而提高系统的安全性。The method and device for monitoring display hijacking described in the present application use screen checking to compare the currently displayed information content with the information content sent by the server, thereby judging whether the information has been tampered with during the display process, and can be timely and effectively Monitor the occurrence of hijackings and improve the security of the system.
附图说明DRAWINGS
此处所说明的附图用来提供对本申请的进一步理解,构成本申请的一部分,本申请的示意性实施例及其说明用于解释本申请,并不构成对本申请的不当限定。在附图中:The drawings described herein are intended to provide a further understanding of the present application, and are intended to be a part of this application. In the drawing:
图1为本申请所述的一种监测展示劫持的方法的流程图; 1 is a flow chart of a method for monitoring display hijacking according to the present application;
图2为本申请所述的一种监测展示劫持的装置的架构图;2 is a structural diagram of an apparatus for monitoring display hijacking according to the present application;
图3为采用本申请监测展示劫持的方法的交易过程;3 is a transaction process for monitoring a method of displaying hijacking using the present application;
图4为本申请所述监测展示劫持的方法的在具体交易应用中的示意图。4 is a schematic diagram of a method for monitoring display hijacking in a specific transaction application according to the present application.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合本申请具体实施例及相应的附图对本申请技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions of the present application will be clearly and completely described in the following with reference to the specific embodiments of the present application and the corresponding drawings. It is apparent that the described embodiments are only a part of the embodiments of the present application, and not all of them. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
如图1所示,本申请提供一种监测展示劫持的方法,其包括:接收服务器发送的信息并展示;获取当前展示的信息;判断当前展示的信息与接收到的信息是否相同;若是,则确定未受到展示劫持;否则,确定受到展示劫持。在本申请较佳实施例中,其具体过程如下:As shown in FIG. 1 , the present application provides a method for monitoring display hijacking, including: receiving information displayed by a server and displaying; obtaining current displayed information; determining whether the currently displayed information is the same as the received information; and if so, Make sure that it has not been hijacked by the display; otherwise, be sure to be hijacked by the show. In the preferred embodiment of the present application, the specific process is as follows:
所述接收服务器发送的信息并展示的过程,是由客户端接收来自服务器的信息。所述客户端在接收到信息后,通过屏幕展示技术,将接收到的信息进行展示。由于展示的过程中,容易发生展示劫持,导致所展示出的信息与客户端最初接收到的信息不同,因此,本申请采用屏幕检查技术,即通过获取当前屏幕所展示的信息,将该信息与客户端所接收到的信息进行比较,看两者是否相同,以此来判断展示是否被劫持。The process of receiving the information sent by the server and displaying it is that the client receives the information from the server. After receiving the information, the client displays the received information through a screen display technology. Due to the display hijacking, the information displayed is different from the information originally received by the client. Therefore, the application adopts the screen inspection technology, that is, by obtaining the information displayed on the current screen, the information is The information received by the client is compared to see if the two are the same, to determine whether the display is hijacked.
当然,为了更进一步地防止展示劫持的发生,增加信息的保密性,本申请较佳实施例中,所述服务器采用数字签名方式对其所发送的信息进行签名,所述签名为服务器利用某种算法对其所发送信息进行运算而得到的摘要,该摘要(即签名)随同信息一并从服务器发送至客户端中。客户端在收到信息后还需要对所述签名进行校验,以防止服务器发送的信息在传输过程中被篡改,客户端若能校验签名通过,则表明服务器发送的信息在传输至客户端的过程中未被 篡改,相反,若校验未通过,则表明发生了篡改,此时,将无法进行下一步操作,以此来保证整个过程的安全性。Certainly, in order to further prevent the occurrence of the display hijacking and increase the confidentiality of the information, in the preferred embodiment of the present application, the server signs the information sent by the server by using a digital signature manner, and the signature is used by the server. A digest obtained by the algorithm computing the information it sends, and the digest (ie, the signature) is sent from the server to the client along with the information. After receiving the information, the client also needs to verify the signature to prevent the information sent by the server from being tampered with during the transmission process. If the client can verify the signature, the information sent by the server is transmitted to the client. Not in the process Tampering, on the contrary, if the verification fails, it indicates that tampering has occurred. At this time, the next step will not be possible to ensure the security of the whole process.
另外,基于上述方法,本申请还提供了一种监测展示劫持的装置,如图2所示,该装置包括如下模块:接收模块101、显示模块102及检查模块103。In addition, based on the above method, the present application further provides a device for monitoring display hijacking. As shown in FIG. 2, the device includes the following modules: a receiving module 101, a display module 102, and an inspection module 103.
所述接收模块101,用于接收从服务器发送的信息,当然,在较佳实施例中,所述服务器发送的信息为服务器签名后的信息,其同时包含所述发送信息及该信息的签名。The receiving module 101 is configured to receive information sent from a server. Of course, in a preferred embodiment, the information sent by the server is information signed by the server, and includes the sending information and the signature of the information.
所述显示模块102,用于展示所述接收模块101所接收到的信息。The display module 102 is configured to display information received by the receiving module 101.
所述检查模块103,用于检查显示模块102当前所展示的信息与接收模块101接收到的信息是否相同,由此来判断显示模块102所展示的信息是否是真实的、未被篡改过的。所述检查模块103内设有文本检查单元1031及图像检查单元1032,所述文本检查单元1031用于获取当前所展示的信息中的文本内容,并判断该文本内容与接收模块接收到的信息的文本内容是否相同;所述图像检查单元1032用于获取当前所展示的信息中的图像,并判断该图像中含有的文本内容与接收模块接收到的信息的文本内容是否相同,在较佳实施例中,所述图像检查单元1032内设有图文转换模块,用于将图像中的内容转换成文本内容,且检查模块103的检查过程为周期性的循环检查;所述图像检查单元1032还可用于抓取当前所展示的信息图像,从所述信息图像中获取当前所展示的图像的属性,并判断该属性与预设的可信图像的属性是否相同,所述属性包括图像的分辨率、图像的格式、图像的来源、图像的尺寸、图像所存储的位置及图像的创建时间中的至少一种。The checking module 103 is configured to check whether the information currently displayed by the display module 102 is the same as the information received by the receiving module 101, thereby determining whether the information displayed by the display module 102 is authentic and has not been tampered with. The check module 103 is provided with a text check unit 1031 and an image check unit 1032. The text check unit 1031 is configured to acquire text content in the currently displayed information, and determine the text content and the information received by the receiving module. Whether the text content is the same; the image checking unit 1032 is configured to acquire an image in the currently displayed information, and determine whether the text content contained in the image is the same as the text content of the information received by the receiving module, in the preferred embodiment. The image checking unit 1032 is provided with a graphic conversion module for converting the content in the image into text content, and the checking process of the checking module 103 is a periodic loop check; the image checking unit 1032 is also available. Grasping the currently displayed information image, obtaining the attribute of the currently displayed image from the information image, and determining whether the attribute is the same as the attribute of the preset trusted image, the attribute including the resolution of the image, At least one of a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image .
当然,在较佳实施例中,所述监测展示劫持的装置还包括:存储模块104、签名模块105及校验模块106。Of course, in the preferred embodiment, the device for monitoring display hijacking further includes: a storage module 104, a signature module 105, and a verification module 106.
所述存储模块104,用于存储所述接收到的信息。The storage module 104 is configured to store the received information.
所述签名模块105,用于对接收模块101收到的信息进行签名;The signing module 105 is configured to sign the information received by the receiving module 101.
所述校验模块106,用于校验由上述签名模块105生产的签名与所述服务 器发出的签名是否一致;The verification module 106 is configured to verify the signature and the service produced by the signature module 105 Whether the signatures issued by the device are consistent;
可见,本申请所述的监测展示劫持装置,通过检查模块的设置能及时发现展示劫持的情况,从而提高整个过程的安全性。It can be seen that the monitoring display hijacking device described in the present application can timely display the display hijacking by checking the setting of the module, thereby improving the security of the whole process.
为了更加清楚详细的阐明本申请监测展示劫持的方法的原理及功效,以下将结合具体的应用情况来详述,请配合参阅图3及图4,其为本申请监测展示劫持的方法应用于具体交易过程中的流程图,该交易过程包括如下步骤:In order to clarify the principle and function of the method for monitoring and displaying hijacking in this application, the following will be described in detail in conjunction with specific application situations. Please refer to FIG. 3 and FIG. 4 together, which is applied to the monitoring and display method of the present application. A flow chart during the transaction process, the transaction process includes the following steps:
S01:客户端接受用户的交易请求,并将交易请求发送至服务器。S01: The client accepts the user's transaction request and sends the transaction request to the server.
在本申请实施例中,所述客户端可为多种形态的应用,其通过有线、无线网络与远程服务器建立通信连接,所述客户端包含但不限于:浏览器、个人计算机(Personal Computer,PC)应用、手机应用,其可存在于个人计算机、手机、平板电脑等电子、电器设备中。In the embodiment of the present application, the client may be a multi-modal application, and establishes a communication connection with a remote server through a wired or wireless network, where the client includes but is not limited to: a browser, a personal computer (Personal Computer, PC) applications, mobile applications, which can exist in electronic and electrical equipment such as personal computers, mobile phones, and tablet computers.
用户在启动客户端后,可向客户端发起交易请求,客户端根据用户的交易请求,通过网络传输至远程服务器端,所述交易请求中包含有用户的身份标签。After starting the client, the user may initiate a transaction request to the client, and the client transmits to the remote server through the network according to the transaction request of the user, where the transaction request includes the identity tag of the user.
S02:服务器根据接收到的请求,生成交易确认信息并签名,将签名后的交易确认信息发送至客户端。S02: The server generates and confirms the transaction confirmation information according to the received request, and sends the signed transaction confirmation information to the client.
所述服务器端接收到交易请求后,自动识别交易请求中含的身份标签,并调用后台数据库中与该身份标签相关的信息,并由服务器创建此次交易请求记录(发起时间、请求内容、发起客户端的位置、身份等信息),然后由服务器根据用户的交易请求生成对应的交易确认信息,并调用签名模块对前述交易确认信息进行签名,并将该签名和交易确认信息通过网络一并传输回客户端。After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and invokes information related to the identity tag in the background database, and the server creates the transaction request record (initiation time, request content, initiation) The location, identity and other information of the client), and then the server generates corresponding transaction confirmation information according to the transaction request of the user, and calls the signature module to sign the transaction confirmation information, and transmits the signature and the transaction confirmation information together through the network. Client.
所述签名模块采用数字签名的方式加密,所述签名可采用多种方式,包含但不限于:非对称签名(即公钥密码技术)、消息摘要,而公钥密码技术上的数字签名方法有很多,如RSA签名、DSA(Digital signature Algorithm)签名、椭圆曲线数字签名算法(Elliptic Curve Digital Signature Algorithm,ECDSA)等等。以RSA签名为例,在本申请实施例中,所述服务器采用某种摘要算法从生成的交易确认信息中生成一个128位的散列值,然后用RSA算法和自身 的私钥对这个散列值进行加密,产生一个摘要密文,即服务器的数字签名;随后,将这个加密后的数字签名作为交易确认信息的附件,并随着交易确认信息一起发送给客户端。The signature module is encrypted by using a digital signature, and the signature may be in multiple manners, including but not limited to: asymmetric signature (ie, public key cryptography), message digest, and digital signature method on public key cryptography. Many, such as RSA signature, DSA (Digital signature Algorithm) signature, Elliptic Curve Digital Signature Algorithm (ECDSA) and so on. Taking the RSA signature as an example, in the embodiment of the present application, the server generates a 128-bit hash value from the generated transaction confirmation information by using a digest algorithm, and then uses the RSA algorithm and itself. The private key encrypts the hash value to produce a digest ciphertext, the server's digital signature; subsequently, the encrypted digital signature is attached to the transaction confirmation message and sent to the client along with the transaction confirmation information. .
当然,所述签名模块的签名方式/算法都各有不同,除上述列举的RSA算法,本实施例的加密算法还可包括数据加密标准(Data Encryption Standard,DES)、三重数据加密标准(Triple Data Encryption Standard,3DES)、国际数据加密算法(International Data Encryption Algorithm,IDEA)、安全哈希算法1(Secure Hash Algorithm1,Sha1)、Sha256、Sha512、消息摘要算法第5版(Message Digest Algorithm5,MD5)、高级加密标准(Advanced Encryption Standard,AES)等加密算法,当然,也可以是服务器端开发人员自行开发的加密算法,本实施例中对此并不做限定,可视具体的应用环境而选择,其他签名方式在此不再赘述。Certainly, the signature mode/algorithm of the signature module is different. In addition to the RSA algorithm listed above, the encryption algorithm of this embodiment may further include a Data Encryption Standard (DES) and a Triple Data Encryption Standard (Triple Data). Encryption Standard, 3DES), International Data Encryption Algorithm (IDEA), Secure Hash Algorithm1 (Sha1), Sha256, Sha512, Message Digest Algorithm 5 (MD5), An encryption algorithm such as the Advanced Encryption Standard (AES), of course, may also be an encryption algorithm developed by a server-side developer. This embodiment does not limit this, and may be selected according to a specific application environment. The signature method will not be described here.
S03:客户端对交易确认信息的签名进行校验。S03: The client verifies the signature of the transaction confirmation information.
所述客户端接收到签名的交易确认信息后,调用其内设的校验模块,利用校验模块对交易确认信息的签名进行校验,此处仍然以步骤S02中的RSA签名为例,客户端接收到交易确认信息和其签名后,采用相同的摘要算法计算出128位的散列值,并采用RSA算法和公钥对所述确认信息中附加的数字签名进行解密,如果此时得到散列值与服务器端签名时生成的128位散列值相同,那么客户端就能确认所述交易确认信息确实是来自所述服务器端,中途并未被篡改过。可见,签名及校验签名的方式能大大降低交易确认信息在传输至客户端的过程中被劫持、篡改的风险。After receiving the signed transaction confirmation information, the client invokes the built-in verification module to verify the signature of the transaction confirmation information by using the verification module. Here, the RSA signature in step S02 is taken as an example. After receiving the transaction confirmation information and its signature, the terminal uses the same digest algorithm to calculate a 128-bit hash value, and uses the RSA algorithm and the public key to decrypt the digital signature attached to the confirmation information. The column value is the same as the 128-bit hash value generated when the server-side signature is generated, and the client can confirm that the transaction confirmation information is indeed from the server side and has not been tampered with. It can be seen that the way of signing and verifying the signature can greatly reduce the risk of the transaction confirmation information being hijacked and tampered with during transmission to the client.
另外,在可信执行环境(TEE,Trusted Execution Environment)中实现签名校验、信息展示及确认流程能达到最佳实施效果。可见,本实施例中的签名校验方式尤其适用于移动终端,由于移动客户端经常面临大量的小额支付,所需要的安全保护强度并不高,因此,在可信执行环境(TEE,Trusted Execution Environment)中实现比较合适,其能够满足大多数应用的安全需求,可授权 安全的软件应用比较安全的执行环境。In addition, the signature verification, information display and confirmation process in the Trusted Execution Environment (TEE) can achieve the best implementation results. It can be seen that the signature verification method in this embodiment is particularly applicable to a mobile terminal. Since a mobile client often faces a large amount of micropayment, the required security protection strength is not high, and therefore, in a trusted execution environment (TEE, Trusted) Implementation in Execution Environment) is suitable for the security needs of most applications, and can be authorized Secure software applications are safer to execute.
S04:客户端展示交易确认信息,并在后台定期检查所展示的交易确认信息是否被篡改。S04: The client displays the transaction confirmation information, and periodically checks in the background whether the displayed transaction confirmation information has been tampered with.
客户端签名校验通过后,将通过显示模块将交易确认信息展示给用户,用户可对交易确认信息进行阅读并核实,在这期间,客户端通过其后台内设的检查模块对所展示的交易确认信息进行周期性的检查,检查的频率可以根据应用环境具体设定,理论上来说检查频率越高越好,可以更大程度的防止攻击者在展示过程中对交易确认信息实施篡改,从而误导用户进行确认操作。After the client signature verification is passed, the transaction confirmation information will be displayed to the user through the display module, and the user can read and verify the transaction confirmation information. During this period, the client displays the displayed transaction through the inspection module built in the background. The confirmation information is periodically checked. The frequency of the inspection can be set according to the application environment. In theory, the higher the inspection frequency, the better, which can prevent the attacker from tampering with the transaction confirmation information during the display process, thus misleading. The user performs a confirmation operation.
所述检查模块在客户端的后台运作,其检查方式主要为屏幕检查,包含但不限于:展示文本检查、展示图像检查等。The check module operates in the background of the client, and the check mode is mainly a screen check, including but not limited to: displaying a text check, displaying an image check, and the like.
对于展示文本检查方式,所述检查模块会针对所展示的确认信息中的文本内容进行检查。具体的说,检查模块可获取当前展示的信息的文本内容,并将该文本内容与原始的信息(即客户端校验签名后得到的真实的交易确认信息)进行比对,判断两者是否相同,以此来判断显示模块是否准确、真实地展示出了客户端接收到的交易确认信息,若检查过程中发现信息不一致,表明所展示出的信息是被篡改过的,则可采取相应措施提醒用户或直接终止交易继续进行。For the display text check mode, the check module checks the text content in the displayed confirmation information. Specifically, the checking module can obtain the text content of the currently displayed information, and compare the text content with the original information (ie, the real transaction confirmation information obtained after the client verifies the signature) to determine whether the two are the same. In order to judge whether the display module accurately and truly displays the transaction confirmation information received by the client, if the information found in the inspection process is inconsistent, indicating that the displayed information has been tampered with, the corresponding measures may be taken to remind The user or the direct termination of the transaction continues.
对于所述展示图像检查方式,主要是利用检查模块对客户端的屏幕所显示的图像进行检查,以判断是否存在图层覆盖等问题。具体来说,所述检查模块将抓取当前屏幕所显示的信息图像,并自动识别信息图像中的文本内容,例如采用光学字符识别(Optical Character Recognition,OCR)图文转换模块将图像中的关键信息转换成文本内容,再将该文本内容与客户端接收到的交易确认信息进行比对,来判断两者是否一致,即可判断屏幕当前是否发生了图层覆盖。For the display image inspection mode, the inspection module is mainly used to check the image displayed on the screen of the client to determine whether there is a problem such as layer coverage. Specifically, the inspection module will capture the information image displayed on the current screen and automatically identify the text content in the information image, for example, using an Optical Character Recognition (OCR) graphic transformation module to key the image. The information is converted into text content, and then the text content is compared with the transaction confirmation information received by the client to determine whether the two are consistent, and it can be determined whether the screen has a layer overlay currently.
当然,对于展示图像检查方式,不局限于上述图文转换方式,也可以采取其他方式来识别是否发生图层覆盖,例如,抓取当前所展示的信息图像,从该信息图像中获取当前所展示的图像的属性,并判断当前展示的图像的属性是否 与预设的可信图像的属性是否相同,其中,所述属性包括图像的分辨率、图像的格式、图像的来源、图像的尺寸、图像所存储的位置及图像的创建时间中的至少一种。当然,预设的可信图像的属性可来自于客户端所认可的图像库中。也即,根据当前所展示的图像的属性来判断该图像是否来自于客户端所认可的图像库中,一旦发现某些属性不匹配,即使该图像足够以假乱真,所述检查模块依然会认为屏幕已被来自第三方的、未知的图像所述覆盖。Of course, the method for displaying the image is not limited to the above-mentioned graphic conversion mode, and other methods may be adopted to identify whether layer overlay occurs, for example, capturing the currently displayed information image, and obtaining the currently displayed image from the information image. The properties of the image and determine whether the properties of the currently displayed image are Whether it is the same as the attribute of the preset trusted image, wherein the attribute includes at least one of a resolution of the image, a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image. . Of course, the properties of the preset trusted image can come from the image library approved by the client. That is, according to the attributes of the currently displayed image, it is judged whether the image is from the image library recognized by the client, and if some attributes are found to be mismatched, even if the image is sufficiently false, the checking module still considers that the screen has been Overlaid by unknown images from third parties.
S05:客户端接收用户确认的操作,并将其反馈至服务器。S05: The client receives the operation confirmed by the user and feeds it back to the server.
用户在客户端核实交易确认信息后,便会进行确认操作,由客户端通过网络传输将确认操作的指令传送至服务器端,服务器在收到确认的指令后,将按照用户最初发起的交易请求自动进行下一步处理,例如,在银行系统的转账交易中,银行服务器收到确认转账交易的指令后,会自动按转账请求中的要求,将转账金额从用户账户划拨至转入账户。After the client verifies the transaction confirmation information, the user will perform the confirmation operation, and the client transmits the instruction for confirming the operation to the server through the network transmission. After receiving the confirmation instruction, the server will automatically follow the transaction request initiated by the user automatically. The next step is processed. For example, in the transfer transaction of the banking system, after the bank server receives the instruction to confirm the transfer transaction, it will automatically transfer the transfer amount from the user account to the transfer account according to the request in the transfer request.
S06:服务器完成交易处理,返回处理结果至客户端。S06: The server completes the transaction processing and returns the processing result to the client.
服务器在完成交易处理后,将处理结果返回至客户端,以告知用户其最初的交易请求是否处理完成。After completing the transaction processing, the server returns the processing result to the client to inform the user whether the initial transaction request is processed or not.
结合以上步骤S01至S06,下面以网购为例进行说明,旨在说明一旦交易过程被攻击后,本申请是如何发挥作用以防止用户发生损失的。In combination with the above steps S01 to S06, the following description is made by taking online shopping as an example to explain how the present application functions to prevent users from losing once the transaction process is attacked.
网购时,用户在客户端(如浏览器、手机App等)上进行购买操作,选中所需商品后(如价值10元的铅笔),客户端上将展示出订单的一些基本信息供用户确认,例如:订单号、下单时间、订单金额、卖家账户信息等;During online shopping, the user performs a purchase operation on the client (such as a browser, a mobile app, etc.), and after selecting the desired item (such as a pencil worth 10 yuan), the client will display some basic information of the order for the user to confirm. For example: order number, order time, order amount, seller account information, etc.
随后,用户确认无误后就点击下单,客户端将订单信息传回至服务器端,而在传回的过程中,攻击者会在后台将订单信息进行修改后,再传至服务器内,例如,修改铅笔的价格为20元、修改卖家账户信息等,而修改过程是在后台进行的,虽然用户看到的订单金额仍然为10元,但服务器最终实际收到交易订单的金额为修改后的20元。(注:此处的篡改过程发生在用户端,当用户的电脑或手机受攻击后会极易发生,由于用户的分散性,其被篡改的风险往往难 以被控制)Then, after the user confirms that the order is correct, the client clicks the order, and the client transmits the order information back to the server. In the process of returning, the attacker will modify the order information in the background and then transmit it to the server, for example, The price of the modified pencil is 20 yuan, the seller account information is modified, and the modification process is carried out in the background. Although the order amount seen by the user is still 10 yuan, the amount of the transaction order actually received by the server is the modified 20 yuan. (Note: The tampering process here occurs on the user side. When the user's computer or mobile phone is attacked, it will be very easy to happen. Due to the user's dispersal, the risk of being tampered with is often difficult. To be controlled)
随后,由服务器将根据金额20元的订单请求发出交易确认信息至客户端,由用户确认交易并付款,而为了不让用户察觉交易确认信息中20元的金额与原始订单金额不符,攻击者通常会在交易确认信息到达客户端时,对客户端进行展示劫持,企图使用户看到金额仍为10元的虚假交易确认信息,并促使点击确认。Subsequently, the server will issue a transaction confirmation message to the client according to the order request of the amount of 20 yuan, and the user confirms the transaction and pays, and in order to prevent the user from perceiving that the amount of 20 yuan in the transaction confirmation information does not match the original order amount, the attacker usually When the transaction confirmation message arrives at the client, the client is displayed for hijacking, in an attempt to make the user see the false transaction confirmation information with the amount still 10 yuan, and prompt click confirmation.
在这种情况下,利用本申请方法将及时有效的监测出展示劫持的情况,通过将对屏幕所述展示的信息进行检查,并将其与服务器发出的信息比对,即可发现目前展示给用户看的10元金额与服务器发送出的20元金额不符合,由此判断已发生展示劫持。此时,可提醒用户或系统自动关闭交易。相较于通过第三方渠道进行信息确认的方式(例如:利用短信/电话或应用消息推送的方式让用户确认交易),本申请技术方案更具时效性和便捷性,无需利用第三方渠道、手机等额外的工具。In this case, the method of the present application will be used to monitor the display hijacking in a timely and effective manner. By checking the information displayed on the screen and comparing it with the information sent by the server, the current display can be found. The amount of 10 yuan viewed by the user does not match the amount of 20 yuan sent by the server, thereby judging that display hijacking has occurred. At this point, the user or system can be alerted to automatically close the transaction. Compared with the way of confirming information through third-party channels (for example, using SMS/telephone or application message push to let users confirm the transaction), the technical solution of the present application is more time-efficient and convenient, without using third-party channels and mobile phones. And other extra tools.
综上所述,本申请通过屏幕检查技术对屏幕当前展示的信息与服务器发送的信息进行比对,以判断屏幕是否发生了展示劫持,从而大大提高了交易的安全性,保障用户的利益。In summary, the present application compares the information currently displayed on the screen with the information sent by the server through the screen inspection technology to determine whether the display hijacking has occurred on the screen, thereby greatly improving the security of the transaction and protecting the interests of the user.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware. Moreover, the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算 机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (system), and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG. These computer program instructions can be provided to a processor of a general purpose computer, a special purpose computer, an embedded processor or other programmable data processing device to produce a machine such that The instructions executed by the processor of the machine or other programmable data processing device generate means for implementing the functions specified in one or more blocks of the flow or in a block or blocks of the flowchart.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。The computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device. The apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device. The instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory. Memory is an example of a computer readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer readable media includes both permanent and non-persistent, removable and non-removable media. Information storage can be implemented by any method or technology. The information can be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非 排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "including", "comprising" or any other variant thereof are intended to cover non- Exclusive inclusion, such that a process, method, commodity, or device that includes a set of elements includes not only those elements, but also other elements not explicitly listed, or is inherent to such process, method, commodity, or equipment. Elements. An element defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device including the element.
本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present application can be provided as a method, system, or computer program product. Thus, the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware. Moreover, the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。 The above description is only an embodiment of the present application and is not intended to limit the application. Various changes and modifications can be made to the present application by those skilled in the art. Any modifications, equivalents, improvements, etc. made within the spirit and scope of the present application are intended to be included within the scope of the appended claims.

Claims (10)

  1. 一种监测展示劫持的方法,其特征在于:包括:A method of monitoring display hijacking, characterized by:
    接收服务器发送的信息并展示;Receive information sent by the server and display it;
    获取当前展示的信息;Get the information of the current display;
    判断当前展示的信息与接收到的信息是否相同;Determining whether the currently displayed information is the same as the received information;
    若是,则确定未受到展示劫持;If yes, it is determined that it has not been hijacked by the display;
    否则,确定受到展示劫持。Otherwise, be sure to be hijacked by the show.
  2. 如权利要求1所述的方法,其特征在于,获取当前展示的信息,具体包括:The method of claim 1, wherein the obtaining the currently displayed information comprises:
    获取当前展示的信息的文本内容;Get the text content of the currently displayed information;
    判断当前展示的信息与接收到的信息是否相同,具体包括:Determine whether the information currently displayed is the same as the information received, including:
    判断当前展示的信息的文本内容与接收到的信息的文本内容是否相同。It is judged whether the text content of the currently displayed information is the same as the text content of the received information.
  3. 如权利要求1所述的方法,其特征在于,获取当前展示的信息,具体包括:The method of claim 1, wherein the obtaining the currently displayed information comprises:
    抓取当前展示的信息图像;Grab the image of the information currently displayed;
    从所述信息图像中获取当前展示的信息的文本内容;Obtaining text content of the currently displayed information from the information image;
    判断当前展示的信息与接收到的信息是否相同,具体包括:Determine whether the information currently displayed is the same as the information received, including:
    判断当前展示的信息的文本内容与接收到的信息的文本内容是否相同。It is judged whether the text content of the currently displayed information is the same as the text content of the received information.
  4. 如权利要求3所述的方法,其特征在于,从所述信息图像中获取当前展示的信息的文本内容,具体包括:The method of claim 3, wherein the text content of the currently displayed information is obtained from the information image, and specifically includes:
    通过图文转换的方式,从所述信息图像中获取当前展示的信息的文本内容。The text content of the currently displayed information is obtained from the information image by means of graphic transformation.
  5. 如权利要求1所述的方法,其特征在于,获取当前展示的信息,具体包括:The method of claim 1, wherein the obtaining the currently displayed information comprises:
    抓取当前所展示的信息图像;Grab the image of the information currently displayed;
    从所述信息图像中获取当前所展示的图像的属性,其中,所述属性包括图 像的分辨率、图像的格式、图像的来源、图像的尺寸、图像所存储的位置及图像的创建时间中的至少一种;Obtaining an attribute of the currently displayed image from the information image, wherein the attribute includes a map At least one of a resolution of the image, a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image;
    判断当前展示的信息与接收到的信息是否相同,具体包括:Determine whether the information currently displayed is the same as the information received, including:
    判断当前所展示的图像的属性与预设的可信图像的属性是否相同。It is judged whether the attribute of the currently displayed image is the same as the attribute of the preset trusted image.
  6. 如权利要求1~5任一所述的方法,其特征在于,接收服务器发送的信息并展示,具体包括:The method according to any one of claims 1 to 5, wherein receiving the information sent by the server and displaying the information comprises:
    接收服务器发送的信息和签名;Receiving information and signatures sent by the server;
    对所述签名进行验证;Verify the signature;
    在验证通过时,对接收到的信息进行展示。The received information is displayed when the verification is passed.
  7. 一种监测展示劫持的装置,其特征在于:包括:A device for monitoring display hijacking, comprising:
    接收模块,用于接收服务器发送的信息;a receiving module, configured to receive information sent by the server;
    显示模块,用于展示接收到的信息;及a display module for displaying the received information; and
    检查模块,用于检查显示模块当前所展示的信息与接收模块接收到的信息是否相同。The checking module is configured to check whether the information currently displayed by the display module is the same as the information received by the receiving module.
  8. 如权利要求7所述的装置,其特征在于:所述检查模块内设有文本检查单元,用于获取当前所展示的信息中的文本内容,并判断该文本内容与接收模块接收到的信息的文本内容是否相同。The device according to claim 7, wherein the inspection module is provided with a text checking unit for acquiring text content in the currently displayed information, and determining the text content and the information received by the receiving module. Whether the text content is the same.
  9. 如权利要求7所述的装置,其特征在于:所述检查模块内设有图像检查单元,用于抓取当前所展示的信息图像,并判断该图像中含有的文本内容与接收模块接收到的信息的文本内容是否相同。The device according to claim 7, wherein the inspection module is provided with an image checking unit for capturing the currently displayed information image, and determining that the text content contained in the image is received by the receiving module. The text content of the message is the same.
  10. 如权利要求7所述的装置,其特征在于:所述检查模块内设有图像检查单元,用于抓取当前所展示的信息图像,从所述信息图像中获取当前所展示的图像的属性,并判断该属性与预设的可信图像的属性是否相同,所述属性包括图像的分辨率、图像的格式、图像的来源、图像的尺寸、图像所存储的位置及图像的创建时间中的至少一种。 The device according to claim 7, wherein the inspection module is provided with an image checking unit for capturing the currently displayed information image, and acquiring the attribute of the currently displayed image from the information image. And determining whether the attribute is the same as the attribute of the preset trusted image, the attribute including at least the resolution of the image, the format of the image, the source of the image, the size of the image, the location where the image is stored, and the creation time of the image. One.
PCT/CN2015/094316 2014-11-24 2015-11-11 Method and device for monitoring display hijack WO2016082678A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410683313.1A CN105701402B (en) 2014-11-24 2014-11-24 A kind of method and apparatus that monitoring and displaying is kidnapped
CN201410683313.1 2014-11-24

Publications (1)

Publication Number Publication Date
WO2016082678A1 true WO2016082678A1 (en) 2016-06-02

Family

ID=56073578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094316 WO2016082678A1 (en) 2014-11-24 2015-11-11 Method and device for monitoring display hijack

Country Status (2)

Country Link
CN (1) CN105701402B (en)
WO (1) WO2016082678A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033762A (en) * 2018-07-05 2018-12-18 南京云信达科技有限公司 A method of for solving complicated checked object soft ware authorization

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1642113A (en) * 2004-01-15 2005-07-20 松下电器产业株式会社 Content tampering detection apparatus
US20090282479A1 (en) * 2008-05-07 2009-11-12 Steve Smith Method and system for misuse detection
CN102129528A (en) * 2010-01-19 2011-07-20 北京启明星辰信息技术股份有限公司 WEB page tampering identification method and system
CN102436564A (en) * 2011-12-30 2012-05-02 奇智软件(北京)有限公司 Method and device for identifying falsified webpage
CN102779245A (en) * 2011-05-12 2012-11-14 李朝荣 Webpage abnormality detection method based on image processing technology
US20130055386A1 (en) * 2011-08-30 2013-02-28 Electronics And Telecommunications Research Institute Apparatus and method for preventing falsification of client screen
CN103888465A (en) * 2014-03-28 2014-06-25 新浪网技术(中国)有限公司 Method and device for detecting webpage hijacking

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626368A (en) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 Device, method and system for preventing web page from being distorted

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1642113A (en) * 2004-01-15 2005-07-20 松下电器产业株式会社 Content tampering detection apparatus
US20090282479A1 (en) * 2008-05-07 2009-11-12 Steve Smith Method and system for misuse detection
CN102129528A (en) * 2010-01-19 2011-07-20 北京启明星辰信息技术股份有限公司 WEB page tampering identification method and system
CN102779245A (en) * 2011-05-12 2012-11-14 李朝荣 Webpage abnormality detection method based on image processing technology
US20130055386A1 (en) * 2011-08-30 2013-02-28 Electronics And Telecommunications Research Institute Apparatus and method for preventing falsification of client screen
CN102436564A (en) * 2011-12-30 2012-05-02 奇智软件(北京)有限公司 Method and device for identifying falsified webpage
CN103888465A (en) * 2014-03-28 2014-06-25 新浪网技术(中国)有限公司 Method and device for detecting webpage hijacking

Also Published As

Publication number Publication date
CN105701402A (en) 2016-06-22
CN105701402B (en) 2018-11-27

Similar Documents

Publication Publication Date Title
US10873573B2 (en) Authenticating a user and registering a wearable device
US11050555B2 (en) Method for remotely acquiring secret key, POS terminal and storage medium
US10021113B2 (en) System and method for an integrity focused authentication service
TWI587167B (en) Method and apparatus for user authentication
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
US9799029B2 (en) Securely receiving data input at a computing device without storing the data locally
WO2015101310A1 (en) Service processing method, device and system
CA3027741A1 (en) Blockchain systems and methods for user authentication
JP2013512503A (en) Secure mobile payment processing
US20080284565A1 (en) Apparatus, System and Methods for Supporting an Authentication Process
CN102801710A (en) Networked transaction method and system
JP6929883B2 (en) Data transmission methods, data transmitters, data receivers, and systems
US20220398299A1 (en) Cross-session issuance of verifiable credential
US10715497B1 (en) Digital safety box for secure communication between computing devices
US9871890B2 (en) Network authentication method using a card device
US20190043046A1 (en) Payment handling apparatus and method
WO2017076173A1 (en) Mobile terminal, trade confirmation method and apparatus therefor, and smart card
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
WO2016082678A1 (en) Method and device for monitoring display hijack
WO2017129068A1 (en) Event execution method and device and system therefor
JP6337495B2 (en) Withdrawal or transfer processing method, withdrawal or transfer processing program, and withdrawal or transfer processing device
US20230153788A1 (en) Performing card lifecycle actions for card accounts utilizing encryption and double signature validation
US20240121236A1 (en) Passcode authentication using a wallet card
WO2021051525A1 (en) Information processing method and related device
CN115147101A (en) Secure payment method, apparatus, electronic device, medium, and program product

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862616

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862616

Country of ref document: EP

Kind code of ref document: A1