WO2016082678A1 - Procédé et dispositif pour surveiller un détournement d'affichage - Google Patents

Procédé et dispositif pour surveiller un détournement d'affichage Download PDF

Info

Publication number
WO2016082678A1
WO2016082678A1 PCT/CN2015/094316 CN2015094316W WO2016082678A1 WO 2016082678 A1 WO2016082678 A1 WO 2016082678A1 CN 2015094316 W CN2015094316 W CN 2015094316W WO 2016082678 A1 WO2016082678 A1 WO 2016082678A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
image
currently displayed
text content
display
Prior art date
Application number
PCT/CN2015/094316
Other languages
English (en)
Chinese (zh)
Inventor
林钧燧
Original Assignee
阿里巴巴集团控股有限公司
林钧燧
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 林钧燧 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016082678A1 publication Critical patent/WO2016082678A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements

Definitions

  • the present application relates to the field of computer technology, and in particular, to a method and apparatus for monitoring display hijacking.
  • a common attack method is to display a hijacking type attack.
  • display hijacking is that the attacking party misleads the user by modifying the display information to the user, so that the user or other person suffers losses during the business.
  • user A transfers money to user B
  • the attacker transfers money to user C during the transaction process.
  • the system displays the transaction information
  • the attacker displays the display information displayed by the user through the injection, layer overlay, and the like. To user B, it is not noticeable.
  • the user confirms the information and enters the required verification (such as entering a password) to complete the transaction, the user will suffer losses.
  • a user initiates a transaction request to a server through a terminal or a client, such as an Automated Teller Machine (ATM) or a Point of Sales (POS), it is usually required to complete the final transaction.
  • ATM Automated Teller Machine
  • POS Point of Sales
  • the user confirms the transaction information at the terminal, and the user can reject the transaction if the information is found to be incorrect, and in this case, the attacker can tamper with the transaction information that needs to be confirmed by the user during the communication process (for example, by means of a man-in-the-middle attack, injection, etc.,
  • the transaction confirmation message sent by the server or tampering with the displayed information when the terminal displays the information (for example, modifying the display information by means of program dynamic injection, layer overlay, etc.) to achieve hijacking display and defrauding the user for confirmation.
  • Undoubtedly, malicious display hijacking will bring great security risks to the Internet system. How to effectively monitor or identify display hijacking is an urgent technical problem.
  • the embodiment of the present application provides a method and apparatus for monitoring display hijacking to solve the problem in the prior art that a user suffers a loss in a transaction due to the hijacking of the displayed information.
  • obtaining information currently displayed specifically including:
  • obtaining information currently displayed specifically including:
  • the text content of the currently displayed information is obtained from the information image, and specifically includes:
  • the text content of the currently displayed information is obtained from the information image by means of graphic transformation.
  • receiving the information sent by the server and displaying the information includes:
  • the received information is displayed when the verification is passed.
  • the application also provides a device for monitoring display hijacking, including:
  • a receiving module configured to receive information sent by the server
  • a display module for displaying the received information
  • the checking module is configured to check whether the information currently displayed by the display module is the same as the information received by the receiving module.
  • the inspection module is provided with a text checking unit for acquiring text content in the currently displayed information, and determining whether the text content is identical to the text content of the information received by the receiving module.
  • the inspection module is provided with an image checking unit for capturing an image in the currently displayed information, and determining whether the text content contained in the image is identical to the text content of the information received by the receiving module.
  • the image checking unit includes a graphic conversion module for acquiring text content from the currently displayed image.
  • the receiving module is further configured to receive a signature sent by the server for the sent information.
  • the device further includes:
  • a verification module is configured to verify whether the signature is consistent with a signature sent by the server.
  • the method and device for monitoring display hijacking described in the present application use screen checking to compare the currently displayed information content with the information content sent by the server, thereby judging whether the information has been tampered with during the display process, and can be timely and effectively Monitor the occurrence of hijackings and improve the security of the system.
  • FIG. 1 is a flow chart of a method for monitoring display hijacking according to the present application
  • FIG. 2 is a structural diagram of an apparatus for monitoring display hijacking according to the present application.
  • 3 is a transaction process for monitoring a method of displaying hijacking using the present application
  • FIG. 4 is a schematic diagram of a method for monitoring display hijacking in a specific transaction application according to the present application.
  • the present application provides a method for monitoring display hijacking, including: receiving information displayed by a server and displaying; obtaining current displayed information; determining whether the currently displayed information is the same as the received information; and if so, Make sure that it has not been hijacked by the display; otherwise, be sure to be hijacked by the show.
  • the specific process is as follows:
  • the process of receiving the information sent by the server and displaying it is that the client receives the information from the server. After receiving the information, the client displays the received information through a screen display technology. Due to the display hijacking, the information displayed is different from the information originally received by the client. Therefore, the application adopts the screen inspection technology, that is, by obtaining the information displayed on the current screen, the information is The information received by the client is compared to see if the two are the same, to determine whether the display is hijacked.
  • the server signs the information sent by the server by using a digital signature manner, and the signature is used by the server.
  • a digest obtained by the algorithm computing the information it sends, and the digest (ie, the signature) is sent from the server to the client along with the information.
  • the client After receiving the information, the client also needs to verify the signature to prevent the information sent by the server from being tampered with during the transmission process. If the client can verify the signature, the information sent by the server is transmitted to the client. Not in the process Tampering, on the contrary, if the verification fails, it indicates that tampering has occurred. At this time, the next step will not be possible to ensure the security of the whole process.
  • the present application further provides a device for monitoring display hijacking.
  • the device includes the following modules: a receiving module 101, a display module 102, and an inspection module 103.
  • the receiving module 101 is configured to receive information sent from a server.
  • the information sent by the server is information signed by the server, and includes the sending information and the signature of the information.
  • the display module 102 is configured to display information received by the receiving module 101.
  • the checking module 103 is configured to check whether the information currently displayed by the display module 102 is the same as the information received by the receiving module 101, thereby determining whether the information displayed by the display module 102 is authentic and has not been tampered with.
  • the check module 103 is provided with a text check unit 1031 and an image check unit 1032.
  • the text check unit 1031 is configured to acquire text content in the currently displayed information, and determine the text content and the information received by the receiving module. Whether the text content is the same; the image checking unit 1032 is configured to acquire an image in the currently displayed information, and determine whether the text content contained in the image is the same as the text content of the information received by the receiving module, in the preferred embodiment.
  • the image checking unit 1032 is provided with a graphic conversion module for converting the content in the image into text content, and the checking process of the checking module 103 is a periodic loop check; the image checking unit 1032 is also available. Grasping the currently displayed information image, obtaining the attribute of the currently displayed image from the information image, and determining whether the attribute is the same as the attribute of the preset trusted image, the attribute including the resolution of the image, At least one of a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image .
  • the device for monitoring display hijacking further includes: a storage module 104, a signature module 105, and a verification module 106.
  • the storage module 104 is configured to store the received information.
  • the signing module 105 is configured to sign the information received by the receiving module 101.
  • the verification module 106 is configured to verify the signature and the service produced by the signature module 105 Whether the signatures issued by the device are consistent;
  • the monitoring display hijacking device described in the present application can timely display the display hijacking by checking the setting of the module, thereby improving the security of the whole process.
  • FIG. 3 and FIG. 4 A flow chart during the transaction process, the transaction process includes the following steps:
  • S01 The client accepts the user's transaction request and sends the transaction request to the server.
  • the client may be a multi-modal application, and establishes a communication connection with a remote server through a wired or wireless network, where the client includes but is not limited to: a browser, a personal computer (Personal Computer, PC) applications, mobile applications, which can exist in electronic and electrical equipment such as personal computers, mobile phones, and tablet computers.
  • a browser a personal computer (Personal Computer, PC) applications
  • mobile applications which can exist in electronic and electrical equipment such as personal computers, mobile phones, and tablet computers.
  • the user may initiate a transaction request to the client, and the client transmits to the remote server through the network according to the transaction request of the user, where the transaction request includes the identity tag of the user.
  • S02 The server generates and confirms the transaction confirmation information according to the received request, and sends the signed transaction confirmation information to the client.
  • the server After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and invokes information related to the identity tag in the background database, and the server creates the transaction request record (initiation time, request content, initiation) The location, identity and other information of the client), and then the server generates corresponding transaction confirmation information according to the transaction request of the user, and calls the signature module to sign the transaction confirmation information, and transmits the signature and the transaction confirmation information together through the network.
  • Client After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and invokes information related to the identity tag in the background database, and the server creates the transaction request record (initiation time, request content, initiation) The location, identity and other information of the client), and then the server generates corresponding transaction confirmation information according to the transaction request of the user, and calls the signature module to sign the transaction confirmation information, and transmits the signature and the transaction confirmation information together through the network.
  • Client After receiving the transaction request, the server automatically identifies the identity tag included in the transaction request, and
  • the signature module is encrypted by using a digital signature, and the signature may be in multiple manners, including but not limited to: asymmetric signature (ie, public key cryptography), message digest, and digital signature method on public key cryptography. Many, such as RSA signature, DSA (Digital signature Algorithm) signature, Elliptic Curve Digital Signature Algorithm (ECDSA) and so on.
  • RSA signature ie, public key cryptography
  • DSA Digital signature Algorithm
  • EDSA Elliptic Curve Digital Signature Algorithm
  • the server generates a 128-bit hash value from the generated transaction confirmation information by using a digest algorithm, and then uses the RSA algorithm and itself.
  • the private key encrypts the hash value to produce a digest ciphertext, the server's digital signature; subsequently, the encrypted digital signature is attached to the transaction confirmation message and sent to the client along with the transaction confirmation information. .
  • the encryption algorithm of this embodiment may further include a Data Encryption Standard (DES) and a Triple Data Encryption Standard (Triple Data).
  • Encryption Standard, 3DES International Data Encryption Algorithm
  • IDEA International Data Encryption Algorithm
  • SD5 Secure Hash Algorithm1
  • Sha256 Sha256
  • Sha512 Message Digest Algorithm 5
  • AES Advanced Encryption Standard
  • AES Advanced Encryption Standard
  • This embodiment does not limit this, and may be selected according to a specific application environment. The signature method will not be described here.
  • S03 The client verifies the signature of the transaction confirmation information.
  • the client After receiving the signed transaction confirmation information, the client invokes the built-in verification module to verify the signature of the transaction confirmation information by using the verification module.
  • the RSA signature in step S02 is taken as an example.
  • the terminal After receiving the transaction confirmation information and its signature, the terminal uses the same digest algorithm to calculate a 128-bit hash value, and uses the RSA algorithm and the public key to decrypt the digital signature attached to the confirmation information.
  • the column value is the same as the 128-bit hash value generated when the server-side signature is generated, and the client can confirm that the transaction confirmation information is indeed from the server side and has not been tampered with. It can be seen that the way of signing and verifying the signature can greatly reduce the risk of the transaction confirmation information being hijacked and tampered with during transmission to the client.
  • the signature verification, information display and confirmation process in the Trusted Execution Environment can achieve the best implementation results. It can be seen that the signature verification method in this embodiment is particularly applicable to a mobile terminal. Since a mobile client often faces a large amount of micropayment, the required security protection strength is not high, and therefore, in a trusted execution environment (TEE, Trusted) Implementation in Execution Environment) is suitable for the security needs of most applications, and can be authorized Secure software applications are safer to execute.
  • TEE Trusted
  • S04 The client displays the transaction confirmation information, and periodically checks in the background whether the displayed transaction confirmation information has been tampered with.
  • the transaction confirmation information will be displayed to the user through the display module, and the user can read and verify the transaction confirmation information.
  • the client displays the displayed transaction through the inspection module built in the background.
  • the confirmation information is periodically checked.
  • the frequency of the inspection can be set according to the application environment. In theory, the higher the inspection frequency, the better, which can prevent the attacker from tampering with the transaction confirmation information during the display process, thus misleading.
  • the user performs a confirmation operation.
  • the check module operates in the background of the client, and the check mode is mainly a screen check, including but not limited to: displaying a text check, displaying an image check, and the like.
  • the check module checks the text content in the displayed confirmation information. Specifically, the checking module can obtain the text content of the currently displayed information, and compare the text content with the original information (ie, the real transaction confirmation information obtained after the client verifies the signature) to determine whether the two are the same. In order to judge whether the display module accurately and truly displays the transaction confirmation information received by the client, if the information found in the inspection process is inconsistent, indicating that the displayed information has been tampered with, the corresponding measures may be taken to remind The user or the direct termination of the transaction continues.
  • the original information ie, the real transaction confirmation information obtained after the client verifies the signature
  • the inspection module is mainly used to check the image displayed on the screen of the client to determine whether there is a problem such as layer coverage. Specifically, the inspection module will capture the information image displayed on the current screen and automatically identify the text content in the information image, for example, using an Optical Character Recognition (OCR) graphic transformation module to key the image. The information is converted into text content, and then the text content is compared with the transaction confirmation information received by the client to determine whether the two are consistent, and it can be determined whether the screen has a layer overlay currently.
  • OCR Optical Character Recognition
  • the method for displaying the image is not limited to the above-mentioned graphic conversion mode, and other methods may be adopted to identify whether layer overlay occurs, for example, capturing the currently displayed information image, and obtaining the currently displayed image from the information image.
  • the properties of the image and determine whether the properties of the currently displayed image are Whether it is the same as the attribute of the preset trusted image, wherein the attribute includes at least one of a resolution of the image, a format of the image, a source of the image, a size of the image, a location where the image is stored, and a creation time of the image.
  • the properties of the preset trusted image can come from the image library approved by the client.
  • the checking module still considers that the screen has been Overlaid by unknown images from third parties.
  • S05 The client receives the operation confirmed by the user and feeds it back to the server.
  • the client After the client verifies the transaction confirmation information, the user will perform the confirmation operation, and the client transmits the instruction for confirming the operation to the server through the network transmission. After receiving the confirmation instruction, the server will automatically follow the transaction request initiated by the user automatically. The next step is processed. For example, in the transfer transaction of the banking system, after the bank server receives the instruction to confirm the transfer transaction, it will automatically transfer the transfer amount from the user account to the transfer account according to the request in the transfer request.
  • S06 The server completes the transaction processing and returns the processing result to the client.
  • the server After completing the transaction processing, the server returns the processing result to the client to inform the user whether the initial transaction request is processed or not.
  • the user performs a purchase operation on the client (such as a browser, a mobile app, etc.), and after selecting the desired item (such as a pencil worth 10 yuan), the client will display some basic information of the order for the user to confirm. For example: order number, order time, order amount, seller account information, etc.
  • the attacker will modify the order information in the background and then transmit it to the server, for example, The price of the modified pencil is 20 yuan, the seller account information is modified, and the modification process is carried out in the background.
  • the order amount seen by the user is still 10 yuan
  • the amount of the transaction order actually received by the server is the modified 20 yuan.
  • the tampering process here occurs on the user side. When the user's computer or mobile phone is attacked, it will be very easy to happen. Due to the user's dispersal, the risk of being tampered with is often difficult. To be controlled)
  • the server will issue a transaction confirmation message to the client according to the order request of the amount of 20 yuan, and the user confirms the transaction and pays, and in order to prevent the user from perceiving that the amount of 20 yuan in the transaction confirmation information does not match the original order amount, the attacker usually When the transaction confirmation message arrives at the client, the client is displayed for hijacking, in an attempt to make the user see the false transaction confirmation information with the amount still 10 yuan, and prompt click confirmation.
  • the method of the present application will be used to monitor the display hijacking in a timely and effective manner.
  • the current display can be found.
  • the amount of 10 yuan viewed by the user does not match the amount of 20 yuan sent by the server, thereby judging that display hijacking has occurred.
  • the user or system can be alerted to automatically close the transaction.
  • the technical solution of the present application is more time-efficient and convenient, without using third-party channels and mobile phones. And other extra tools.
  • the present application compares the information currently displayed on the screen with the information sent by the server through the screen inspection technology to determine whether the display hijacking has occurred on the screen, thereby greatly improving the security of the transaction and protecting the interests of the user.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
  • processors CPUs
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-persistent memory, random access memory (RAM), and/or non-volatile memory in a computer readable medium, such as read only memory (ROM) or flash memory.
  • RAM random access memory
  • ROM read only memory
  • Memory is an example of a computer readable medium.
  • Computer readable media includes both permanent and non-persistent, removable and non-removable media.
  • Information storage can be implemented by any method or technology.
  • the information can be computer readable instructions, data structures, modules of programs, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory. (ROM), electrically erasable programmable read only memory (EEPROM), flash memory or other memory technology, compact disk read only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape storage or other magnetic storage devices or any other non-transportable media can be used to store information that can be accessed by a computing device.
  • computer readable media does not include temporary storage of computer readable media, such as modulated data signals and carrier waves.
  • embodiments of the present application can be provided as a method, system, or computer program product.
  • the present application can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment in combination of software and hardware.
  • the application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Virology (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé et un dispositif pour surveiller un détournement d'un affichage. Le procédé consiste à afficher des informations reçues envoyées par un serveur, et à vérifier les informations actuellement affichées par l'intermédiaire d'une technologie de vérification d'écran, de manière à évaluer si les informations actuellement affichées sont les mêmes que les informations envoyées par le serveur, ce qui permet de comprendre si un affichage est actuellement piraté détourné. Le procédé et le dispositif de l'invention peuvent être largement utilisés pour divers processus de transaction, tels que des transactions d'achat en ligne et de transfert, et peuvent efficacement surveiller l'apparition d'une situation de déroutement d'affichage dans le temps, ce qui permet d'améliorer la sécurité du système.
PCT/CN2015/094316 2014-11-24 2015-11-11 Procédé et dispositif pour surveiller un détournement d'affichage WO2016082678A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410683313.1A CN105701402B (zh) 2014-11-24 2014-11-24 一种监测展示劫持的方法和装置
CN201410683313.1 2014-11-24

Publications (1)

Publication Number Publication Date
WO2016082678A1 true WO2016082678A1 (fr) 2016-06-02

Family

ID=56073578

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/094316 WO2016082678A1 (fr) 2014-11-24 2015-11-11 Procédé et dispositif pour surveiller un détournement d'affichage

Country Status (2)

Country Link
CN (1) CN105701402B (fr)
WO (1) WO2016082678A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109033762A (zh) * 2018-07-05 2018-12-18 南京云信达科技有限公司 一种用于解决复杂检验对象软件授权的方法

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1642113A (zh) * 2004-01-15 2005-07-20 松下电器产业株式会社 内容篡改检测装置
US20090282479A1 (en) * 2008-05-07 2009-11-12 Steve Smith Method and system for misuse detection
CN102129528A (zh) * 2010-01-19 2011-07-20 北京启明星辰信息技术股份有限公司 一种web网页篡改识别方法及系统
CN102436564A (zh) * 2011-12-30 2012-05-02 奇智软件(北京)有限公司 一种识别被篡改网页的方法及装置
CN102779245A (zh) * 2011-05-12 2012-11-14 李朝荣 基于图像处理技术的网页异常检测方法
US20130055386A1 (en) * 2011-08-30 2013-02-28 Electronics And Telecommunications Research Institute Apparatus and method for preventing falsification of client screen
CN103888465A (zh) * 2014-03-28 2014-06-25 新浪网技术(中国)有限公司 一种网页劫持检测方法及装置

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626368A (zh) * 2008-07-11 2010-01-13 中联绿盟信息技术(北京)有限公司 一种防止网页被篡改的设备、方法和系统

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1642113A (zh) * 2004-01-15 2005-07-20 松下电器产业株式会社 内容篡改检测装置
US20090282479A1 (en) * 2008-05-07 2009-11-12 Steve Smith Method and system for misuse detection
CN102129528A (zh) * 2010-01-19 2011-07-20 北京启明星辰信息技术股份有限公司 一种web网页篡改识别方法及系统
CN102779245A (zh) * 2011-05-12 2012-11-14 李朝荣 基于图像处理技术的网页异常检测方法
US20130055386A1 (en) * 2011-08-30 2013-02-28 Electronics And Telecommunications Research Institute Apparatus and method for preventing falsification of client screen
CN102436564A (zh) * 2011-12-30 2012-05-02 奇智软件(北京)有限公司 一种识别被篡改网页的方法及装置
CN103888465A (zh) * 2014-03-28 2014-06-25 新浪网技术(中国)有限公司 一种网页劫持检测方法及装置

Also Published As

Publication number Publication date
CN105701402A (zh) 2016-06-22
CN105701402B (zh) 2018-11-27

Similar Documents

Publication Publication Date Title
US10873573B2 (en) Authenticating a user and registering a wearable device
US11050555B2 (en) Method for remotely acquiring secret key, POS terminal and storage medium
US10021113B2 (en) System and method for an integrity focused authentication service
TWI587167B (zh) Method and apparatus for user authentication
CN106688004B (zh) 一种交易认证方法、装置、移动终端、pos终端及服务器
US9799029B2 (en) Securely receiving data input at a computing device without storing the data locally
WO2015101310A1 (fr) Procédé, dispositif, et système de traitement de service
CA3027741A1 (fr) Systemes de chaines de blocs et procedes d'authentification d'utilisateur
JP2013512503A (ja) 安全なモバイル決済処理
US20080284565A1 (en) Apparatus, System and Methods for Supporting an Authentication Process
CN102801710A (zh) 一种网络交易方法和系统
JP6929883B2 (ja) データ伝送方法、データ送信機、データ受信機、及びシステム
CN112202794A (zh) 交易数据的保护方法、装置、电子设备和介质
US10715497B1 (en) Digital safety box for secure communication between computing devices
US9871890B2 (en) Network authentication method using a card device
US20190043046A1 (en) Payment handling apparatus and method
WO2017076173A1 (fr) Terminal mobile, procédé et appareil de confirmation de transaction associés et carte à puce
WO2016082678A1 (fr) Procédé et dispositif pour surveiller un détournement d'affichage
WO2017129068A1 (fr) Procédé d'exécution d'événements et dispositif et système associés
CN115001828A (zh) 交易数据的安全访问方法、系统、电子设备及介质
JP6337495B2 (ja) 出金又は振込処理方法、出金又は振込処理プログラムおよび出金又は振込処理装置
US20230153788A1 (en) Performing card lifecycle actions for card accounts utilizing encryption and double signature validation
US12032663B2 (en) Cross-session issuance of verifiable credential
US20240121236A1 (en) Passcode authentication using a wallet card
US20220398299A1 (en) Cross-session issuance of verifiable credential

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15862616

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15862616

Country of ref document: EP

Kind code of ref document: A1