WO2017190436A1 - Procédé et appareil de traitement de données - Google Patents

Procédé et appareil de traitement de données Download PDF

Info

Publication number
WO2017190436A1
WO2017190436A1 PCT/CN2016/091610 CN2016091610W WO2017190436A1 WO 2017190436 A1 WO2017190436 A1 WO 2017190436A1 CN 2016091610 W CN2016091610 W CN 2016091610W WO 2017190436 A1 WO2017190436 A1 WO 2017190436A1
Authority
WO
WIPO (PCT)
Prior art keywords
short message
information database
keyword
preset
feature
Prior art date
Application number
PCT/CN2016/091610
Other languages
English (en)
Chinese (zh)
Inventor
何祥
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017190436A1 publication Critical patent/WO2017190436A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/80Arrangements enabling lawful interception [LI]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/12Messaging; Mailboxes; Announcements
    • H04W4/14Short messaging services, e.g. short message services [SMS] or unstructured supplementary service data [USSD]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/325Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks
    • G06Q20/3255Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices using wireless networks using mobile network messaging services for payment, e.g. SMS
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/3331Query processing
    • G06F16/334Query execution
    • G06F16/3344Query execution using natural language analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor

Definitions

  • the present application relates to, but is not limited to, information security technologies in the field of communication technologies, and in particular, to a data processing method and apparatus.
  • the verification code has a special status as a kind of auxiliary security means in web security.
  • Verification code in the system SMS application The letter can be easily read, falsified or even silently forwarded by the Trojan installed on the mobile terminal.
  • the Trojan automatically forwards the SMS verification code to the scammer by monitoring the SMS verification code of each payment platform and the bank's debit notification SMS. On the device, and quietly delete the notification message of the bank deduction, causing economic losses to the user.
  • the related technology intercepts the short message, determines whether the intercepted short message is a verification code short message, and stores the verification code short message in the preset database to replace the original process of directly sending and acquiring the obtained short message in the system information database;
  • the related technology provides a payment protection function, which can receive a verification code short message and prompt the user to establish a dedicated inbox for unified management.
  • the related art needs to protect the verification code before the malware.
  • the related technology only sets the application level for intercepting information to be higher than the level of the system information database to ensure The effectiveness of interception is an application-level solution. It is difficult to provide more in-depth monitoring and protection functions from the system level. For example, it is impossible to fundamentally control the reception of verification code SMS, and malicious programs can pass such things as setting higher application levels. Mode monitoring And receiving the verification code short message, causing leakage of important information of the user, thus reducing the security of the user's payment environment.
  • the embodiment of the invention provides a data processing method and device, which can protect the verification code short message from the system layer and improve the security of the user payment environment.
  • a data processing method comprising:
  • the short message is carried in a preset broadcast corresponding to the preset feature for distribution; and the preset broadcast is used to pre-subscribe the preset broadcast.
  • the target application receives the preset broadcast and acquires the short message.
  • the matching the each keyword included in the information database with the short message, and determining whether the feature of the short message is a preset feature includes:
  • the feature of the short message is a preset feature.
  • the method further includes:
  • the operation keyword and the package name information of the target operation are obtained.
  • the target operation is processed in response.
  • the operation keyword and each of the information databases are included The keywords are matched, and if it is determined that one or more keywords matching the operation keyword exist in each keyword included in the information database, the target operation is responded to.
  • the responding to the target operation includes:
  • a security prompt is popped up on the graphical interface of the user equipment; the security prompt is used to request the user to indicate whether the target operation is allowed.
  • the responding to the target operation further includes:
  • a degree of matching of the operation keyword with each keyword included in the information database is determined.
  • the target operation is processed according to a preset operation corresponding to the security level.
  • a data processing apparatus includes: an interception module, a determination module, and a distribution module.
  • the intercepting module is configured to intercept a short message received by the user equipment.
  • the determining module is configured to: match each keyword included in the information database with the short message, and determine whether the feature of the short message is a preset feature.
  • the distribution module is configured to: when the feature of the short message is determined to be the preset feature, the short message is carried in a preset broadcast corresponding to the preset feature for distribution; the preset broadcast is used to make The target application pre-subscribing to the preset broadcast receives the preset broadcast and acquires the short message.
  • the determining module matches each keyword included in the information database with the short message, and determining whether the feature of the short message is a preset feature includes:
  • the device further includes: a detection module.
  • the detecting module is configured to detect a target operation initiated by the third-party application for the information database, and when detecting a target operation initiated by the third-party application for the information database, acquire an operation keyword of the target operation, Package name information.
  • the detecting module is further configured to match the package name information with each keyword included in the information database, and if it is determined that each of the keywords included in the information database has a match with the package name information And one or more keywords, then responding to the target operation; if it is determined that there is no one or more keywords matching the package name information in each keyword included in the information database, then Matching the operation keyword with each keyword included in the information database, and if it is determined that one or more keywords matching the operation keyword exist in each keyword included in the information database, Then, the target operation is processed in response.
  • the detecting, by the detecting module, the response processing of the target operation includes:
  • a security prompt pops up on the graphical interface of the user equipment; the security prompt is set to request the user to indicate whether the target operation is allowed.
  • the detecting, by the detecting module, the processing of the target operation further includes:
  • a degree of matching of the operation keyword with each keyword included in the information database is determined.
  • the target operation is processed according to a preset operation corresponding to the security level.
  • a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the data processing method.
  • the data processing method and device of the embodiment of the present invention intercepts the short message received by the user equipment, and matches each keyword included in the information database with the short message, and when the feature of the short message is determined to be a preset feature, the short message is carried.
  • the distribution is performed in the preset broadcast corresponding to the preset feature. Only the target application subscribed to the preset broadcast can receive the preset broadcast and obtain the short message, and the application that is not subscribed to the preset broadcast cannot receive the preset broadcast, so that Avoid malicious programs/applications against SMS backgrounds Monitoring, to prevent the leakage of important information of the user, to protect the short message from the system layer, so as to improve the security of the user's payment environment.
  • FIG. 1 is an optional schematic flowchart of a data processing method according to an embodiment of the present invention
  • FIG. 2 is another schematic flowchart of a data processing method according to an embodiment of the present invention.
  • FIG. 3 is a schematic diagram of still another optional process of a data processing method according to an embodiment of the present invention.
  • FIG. 4 is still another schematic flowchart of a data processing method according to an embodiment of the present disclosure.
  • FIG. 5 is a schematic structural diagram of an optional data processing apparatus according to an embodiment of the present invention.
  • FIG. 6 is a schematic diagram of another optional structure of a data processing apparatus according to an embodiment of the present invention.
  • FIG. 7 is still another schematic structural diagram of a data processing apparatus according to an embodiment of the present invention.
  • the data processing device intercepts the short message received by the user equipment, matches each keyword included in the information database with the short message, determines whether the feature of the short message is a preset feature, and determines that the feature of the short message is pre- When the feature is set, the short message is carried in the preset broadcast corresponding to the preset feature, and the preset broadcast is used to enable the target application that subscribes to the preset broadcast to receive the preset broadcast and obtain the short message.
  • This embodiment provides a data processing method, which can be applied to a scenario in which it is desired to prevent background monitoring of a malicious program/application against a short message, and prevent leakage of important information of the user to improve the security of the user's payment environment.
  • the execution body of the method may be a data processing device, and the data processing device may be implemented in various manners, such as implementation on a monitoring device, implementation on a mobile terminal, or implementation on a server.
  • FIG. 1 is an optional schematic flowchart of a data processing method according to an embodiment of the present invention; as shown in FIG. 1, the data processing method includes steps 101-103:
  • Step 101 Block the short message received by the user equipment.
  • the user equipment may be a mobile terminal such as a mobile phone, a notebook, a tablet, or even an in-vehicle computer. This embodiment is not limited thereto.
  • the user equipment may be configured to receive a short message, and the short message is characterized in that the short message is classified according to the short message content, and the categories may include: a verification code, a debit notice, a trade secret, a personal information, a merchant push, etc.; the verification code may be The verification code SMS sent by the bank, online mall, group purchase website, ticketing company, etc., the verification code text message is a voucher of the enterprise to the consumer (user), and the identity is verified by the code of the message content; taking the mobile phone as an example, in the mobile internet In the era, everyone is using and registering app apps.
  • SMS verification codes are widely used in user registration, password recovery, login protection, identity authentication, random passwords, and transactions. Confirmation and other application scenarios, the use of SMS verification code greatly reduces the proportion of illegally registered data of merchant users, and also effectively improves the security of user accounts, which is an indispensable part of e-commerce and O2O industry.
  • Step 102 Match each keyword included in the information database with the short message to determine whether the feature of the short message is a preset feature; if the feature of the short message is a preset feature, go to step 103, otherwise the process ends.
  • the information database may include a verification code short message keyword database, a package name information database of the malicious program, and a verification code short message storage database;
  • the verification code SMS keyword database may include any of the following keywords/strings: verification code, check code, payment password, and SMS password.
  • the package name information database of the malicious program may include any of the following information: the package name, class name, and process ID of the malicious program.
  • the verification code SMS storage database is used to store the verification code SMS.
  • the preset feature may include any one or more of the following: a verification code, a debit notice, personal information, and the like.
  • a possible implementation manner of step 102 includes: determining, by each keyword included in the information database, whether there is a keyword matching the short message; if it is determined that each keyword included in the information database has one or more matching the short message The keyword determines the feature of the short message as a preset feature; If there is no one or more keywords matching the short message in each keyword included in the information database, it is determined that the feature of the short message is a common feature, that is, the short message is a normal short message.
  • the implementation manner of whether the keyword matching the short message exists in each keyword included in the foregoing judgment information database may include any one or more of the following:
  • Method 1 Matching the sender information of the short message with each keyword included in the information database, and determining whether the sender information of the short message is included in the information database.
  • Method 2 reading the content of the short message; splitting the content of the short message to obtain a plurality of character strings; sequentially extracting a plurality of characters for judging, determining whether any of the strings includes a preset keyword and a string in the information database , where the string is a continuous number.
  • the short message is non-empty information
  • the unmatched short message is confirmed as a normal short message that does not satisfy the preset feature, and is sent to the system information database, and the matched short message is confirmed as the short message satisfying the preset feature.
  • Step 103 The short message is carried in the preset broadcast corresponding to the preset feature for distribution; the preset broadcast is used to enable the target application that subscribes to the preset broadcast to receive the preset broadcast and obtain the short message.
  • the preset broadcast is different from the existing broadcast message in the related art.
  • the preset broadcast message may adopt an identifier different from the existing broadcast message in the related technology; in each application installed in the user equipment, only the pre-subscription is pre-subscribed.
  • the target application of the broadcast can receive the preset broadcast and obtain the short message, and the application that is not subscribed to the preset broadcast cannot receive the preset broadcast and cannot obtain the short message.
  • the reception of the phone and the reception of the short message all generate a broadcast, therefore, by creating a broadcast message corresponding to the preset broadcast, And distributing the broadcast message. Since only the broadcast receiver that subscribes to the preset broadcast can receive the preset broadcast, the application that is not subscribed to the preset broadcast cannot receive the preset broadcast, thereby avoiding the malicious program/application pair. Background monitoring of SMS.
  • the short message when determining that the feature of the short message is the verification code, the short message is carried in the preset broadcast corresponding to the verification code for distribution; that is, the data processing device will use the modem of the user equipment ( Modem)
  • Modem modem
  • the reported SMS is intercepted and the information database is included.
  • Each keyword is matched with the short message, and when the feature of the short message is determined as the verification code, the verification code is distributed by using the preset broadcast corresponding to the verification code, and only the target application subscribed to the preset broadcast can receive the preset. Broadcasting and obtaining the verification code short message, the application that is not subscribed to the preset broadcast cannot receive the preset broadcast and cannot obtain the verification code short message.
  • each keyword included in the information database is matched with the short message to determine whether the feature of the short message is a preset feature, and when the feature of the short message is determined as a preset feature, the short message is sent.
  • the target application that is pre-subscribed to the preset broadcast can receive the preset broadcast and obtain the short message, and the application that is not subscribed to the preset broadcast cannot receive the preset broadcast. It can avoid the background monitoring of SMS by malicious programs/applications, prevent the leakage of important information of users, and realize the protection of SMS from the system layer. In this way, the security of the payment environment of users can be improved.
  • the embodiment is applicable to the real-time monitoring of each application without the user setting the permission of each application in advance, in particular, preventing the malicious program from querying and forwarding the important short message such as the verification code short message in the background. Operations such as deletion, modification, etc., to prevent leakage of important information of the user to improve the security of the user's payment environment.
  • the data processing device performs real-time monitoring on the user equipment, monitors operations on the information database, and determines whether the third-party application is a malicious program or a suspicious application when detecting a target operation initiated by the third-party application for the information database, if the third-party application For malicious programs or suspicious applications, respond to the target operation.
  • the target operations may include operations such as querying, forwarding, deleting, modifying, and the like.
  • the data processing device matches the package name information with each keyword included in the information database:
  • the operation keyword is matched with each keyword included in the information database: if it is determined that the information database includes When there are one or more keywords in the keyword that match the operation keyword, it is determined that the target operation is a suspicious operation (for example, the operation keyword is sensitive content), and then the target operation is responded to; otherwise, if the information database is determined When at least one keyword matching the operation keyword does not exist in each of the included keywords, the target operation is determined to be a secure operation, and the target operation for the information database initiated by the third-party application is allowed.
  • a feasible implementation manner of responding to the target operation may include:
  • the preset operation corresponding to the security level can be defined as: (1) for the scenario where the security level is serious, the preset operation is not asking the user's opinion, directly Reject the operation; (2) For the scenario where the security level is normal, the preset operation is to prompt or ask the user for an instant or afterwards.
  • Another feasible implementation manner of responding to the target operation may include: popping up a security prompt on the graphical interface of the user equipment; the security prompt is used to request the user to indicate whether the target operation is allowed; receiving feedback information of the user for the security prompt; When the information determines that the target operation is not allowed, the package name of the third-party application is added to the information database.
  • FIG. 2 is a schematic diagram of another optional process of the data processing method in the embodiment of the present invention.
  • the method shown in FIG. 2 supplements the implementation process in which the package name information is not in the information database, and the method includes steps 201-208:
  • Step 201 When detecting a target operation initiated by the third-party application for the information database, obtain an operation keyword and a package name information of the target operation.
  • the operation keyword and the package name information of the target operation are obtained.
  • the keyword can be “verification code”, “check code”, “payment password”, “sms password”, etc.
  • the target operations include commands such as query, forwarding, deletion, and modification.
  • Step 202 Match the package name information with each keyword included in the information database, and determine whether one or more keywords matching the package name information exist in each keyword included in the information database; if each of the information databases includes If there are one or more keywords matching the package name information in the keywords, go to step 204; if there is no one or more keywords matching the package name information in each keyword included in the information database, then Go to step 203.
  • Step 203 Match an operation keyword with each keyword included in the information database, and determine whether one or more keywords matching the operation keyword exist in each keyword included in the information database; if each information database includes If there are one or more keywords matching the operation keyword, then go to step 204; if there is no one or more keywords matching the operation keyword in each keyword included in the information database, then Allow target operations and the process ends.
  • Step 204 A security prompt is popped up on the graphical interface of the user equipment; the security prompt is used to request the user to indicate whether the target operation is allowed.
  • Step 205 Receive feedback information of the user for the security prompt.
  • Step 206 Determine, according to the feedback information, whether the user allows the target operation; if the user allows the target operation, perform step 207; if the user does not allow the target operation, perform step 208.
  • Step 207 the target operation is allowed, and the process ends.
  • Step 208 Add the package name of the third-party application to the information database.
  • the data processing device performs real-time monitoring on the user equipment.
  • the operation keyword and the package name information of the target operation are acquired, and the package name information is obtained.
  • Matching each keyword included in the information database if it is determined that one or more keywords matching the package name information exist in each keyword included in the information database, then responding to the target operation; if determining the information database If one or more keywords matching the package name information do not exist in each of the included keywords, the operation keyword is matched with each keyword included in the information database, if it is determined that each keyword included in the information database is included When one or more keywords match the operation keyword, the target operation is responded to, and the manual management of the third-party software restriction authority is realized, thereby improving the security of the user payment environment.
  • the implementation of the embodiment is based on the foregoing embodiment.
  • the security management method disclosed in this embodiment may include an application layer and a system layer from a software system level, and the implementation method is typically illustrated by using an Android platform as an example.
  • the functions that the application layer is responsible for are: system monitoring sub-module verification code short message broadcast message monitoring/receiving (corresponding to system layer distribution processing); verification code short message prompting and viewing management; protection mode and normal mode switching; data Management functions, including operational management of the keyword and application information database (ie, the information database).
  • the functions that the system layer is responsible for are:
  • Judgment and distribution processing of verification code SMS When receiving a new SMS, according to the previous database (data management sub-module is the judgment module) to determine whether to verify the code SMS, if it is a verification code SMS, the original low-level report SMS The received message is redistributed through the new broadcast, that is, the action parameter different from the original broadcast message is used to create the corresponding broadcast object.
  • the broadcast message belongs to a customized proprietary message, and only the application corresponding to the embodiment of the present invention (hereinafter referred to as MainApp) can monitor and receive, so that the malicious program receives the corresponding short message broadcast message.
  • MainApp the application corresponding to the embodiment of the present invention
  • the system default processing method is used, so that the normal use of the user is not affected.
  • Monitoring and management of forwarding and deletion Dynamically monitoring the operation of sending and deleting SMS messages at the application layer, checking the caller's package name, parameter information and database, and asking for the user if it is a suspicious application.
  • the keyword and application information database of the previous application layer mainly includes: a verification code short message keyword database, a package name information database of a malicious program, and a verification code short message storage database.
  • the embodiment provides a dynamic management method for network-related application software on a mobile terminal, and FIG. 3 shows a process of receiving and receiving a short message verification code, and the data processing provided by this embodiment is provided.
  • the main steps of the method include steps 301-305:
  • Step 301 The application layer starts the application software MainApp corresponding to the invention, and initializes preset parameters through the data management sub-module, for example, a common payment type short message, a keyword of a verification code short message, a package name of a preset Trojan program, and the like.
  • Step 302 The application layer completes initialization, and the user setting enters the protection mode. In addition, it can also be set to start by default (MainApp is self-starting and automatically enters protection mode).
  • Step 303 The user starts to perform a payment operation and receives a short message verification code.
  • Step 304 The system layer receives the short message data transmitted from the wireless side, and determines whether it is a verification code according to the data management submodule (judgement module). If it is a verification code, it is specially processed and then distributed to the application layer.
  • the special processing here as described above, mainly uses the new action parameter to create a distribution broadcast message corresponding to the verification code short message, and uses the broadcast message for distribution, so that only the MainApp corresponding to the application layer in the embodiment of the present invention receives To avoid malicious program background listener reception.
  • Step 305 The application layer, the MainApp receives the verification code, corresponding to the pop-up prompt, and stores it in the previous database.
  • the embodiment of the present invention uses the new action parameter to create a distribution broadcast message corresponding to the verification code short message, and uses the broadcast message to perform the distribution, so that only the MainApp corresponding to the application layer in the embodiment of the present invention is received, and the malicious program background is avoided. Monitor reception.
  • the steps mainly include the following steps. 401-409:
  • Step 401 The application layer starts the MainApp and starts initialization, and includes a data management sub-module to initialize preset parameters, such as a common payment type short message, a keyword of the verification code short message, and a preset Trojan program package name is written into the corresponding database.
  • preset parameters such as a common payment type short message, a keyword of the verification code short message, and a preset Trojan program package name is written into the corresponding database.
  • Step 402 The application layer enters the protection mode (the automatic or manual access protection mode is not limited herein).
  • Step 403 The malicious program sets a specific keyword in the background to query the short message database in an attempt to obtain the verification code related short message data.
  • Step 404 The system layer extracts the package name information of the caller of the query operation, and performs a query operation. Used keywords.
  • Step 405 Determine whether the package name information is in the keyword database. If the package name information is in the keyword database, jump to 407. If the package name information is not in the keyword database, jump 406.
  • Step 406 Before the query operation is performed, the system layer determines whether the keyword of the query is sensitive content through the previous database. If the keyword of the query is sensitive content, a prompt is displayed and the user is inquired.
  • Step 407 At the system layer, a prompt pops up, asking the user whether to reject the suspicious operation.
  • Step 408 If the user clicks the confirmation (ie, rejects the operation), and the package name information of the suspicious program is not in the keyword database, the keyword and application information database is updated, and the package name information of the corresponding malicious program is added.
  • Step 409 End the process and return to the original state.
  • each application is monitored in real time without the user setting the permission of each application in advance, and in particular, the malicious program is prevented from querying, forwarding, deleting, modifying, and the like of the important short message such as the verification code in the background, thereby preventing the user from being important.
  • the leakage of information enables the protection of SMS from the system layer, thus improving the security of the user's payment environment.
  • Scenario 1 The user installs and opens MainApp on the mobile terminal, starts the protection mode, and runs in the background. After opening an online shopping software, after browsing for a while, I chose a certain item that I was looking for and prepared to pay. At the beginning of the payment operation, the online shopping software sends a verification code SMS. At this time, the system layer software corresponding to MainApp will intercept, special processing and pop-up prompt through MainApp. In this scenario, even if the user's terminal is silently installed with a malicious program, such a malware will not receive the special modification due to the distribution mechanism of the received verification code SMS (using the previously mentioned custom proprietary broadcast message). Verification code SMS, this is also the main technical effect of this scene.
  • Scenario 2 On the user's mobile terminal, the malicious program is silently installed in the background (uninformed). There are more online banking, wealth management and other payment text messages on the terminal, as well as some privacy information. The malicious program tries to query the SMS database in the background. At this time, the system layer software corresponding to MainApp monitors such operations, and pops up prompts and asks users according to the previous matching rules (such as package name information and keywords). The technical effect is that the user does not need to set permissions in advance, the intelligence Monitor the operation of the background query verification code SMS of the malicious program to avoid the leakage of relevant important information.
  • Scenario 3 Similar to Scenario 2, on the user's mobile terminal, the malicious program is silently installed in the background (uninformed). The malicious program tries to forward a certain verification code or privacy message in the background. At this time, the system layer software corresponding to MainApp will monitor such operations. When the application information is not in the preset database, it will be based on the previous matching rules (sms content and Send the address) to comprehensively judge, promptly pop up the prompt and ask the user. The user can confirm whether the operation is legal. If it is not legal, the key information of the application (such as the package name) will be added to the keyword and application information database. The technical effect in this scenario is to continuously improve the database in combination with the user's confirmation, and more accurately implement intelligent monitoring and security management functions.
  • the distribution mechanism of the verification code short message is specially modified (using the above-mentioned custom proprietary broadcast message), such malicious program does not receive the verification code short message, and avoids leakage of relevant important information, combined with the user. Confirmation to continuously improve the database, more accurately implement intelligent monitoring, security management functions.
  • FIG. 6 is a schematic diagram of another optional structure of a data processing apparatus according to an embodiment of the present invention.
  • the data processing apparatus provided by this embodiment includes: an intercepting module 601, a determining module 602, and a distributing module 603.
  • the intercepting module 601 is configured to intercept the short message received by the user equipment.
  • the determining module 602 is configured to match each keyword included in the information database with the short message, and determine whether the feature of the short message is a preset feature.
  • the distribution module 603 is configured to: when the feature of the short message is determined to be a preset feature, the short message is carried in the preset broadcast corresponding to the preset feature for distribution; the preset broadcast is used to enable the target application that subscribes to the preset broadcast to receive the preset Set up a broadcast and get a text message.
  • the embodiment of the present invention intercepts the short message received by the user equipment, and matches each keyword included in the information database with the short message.
  • the short message is carried in the preset corresponding to the preset feature.
  • the broadcast is distributed in the broadcast. Only the target application that subscribes to the preset broadcast can receive the preset broadcast and obtain the short message. The application that is not subscribed to the preset broadcast cannot receive the preset broadcast, so that the malicious program/application can be avoided. Background monitoring to prevent important users from The leakage of interest has realized the protection of SMS from the system layer, thus improving the security of the user's payment environment.
  • the determining module 602 matches each keyword included in the information database with the short message, and determining whether the feature of the short message is a preset feature includes: determining each keyword included in the information database. Whether there is a keyword matching the short message; when it is determined that one or more keywords matching the short message exist in each keyword included in the information database, it is determined that the feature of the short message is a preset feature.
  • FIG. 7 is still another optional structural diagram of a data processing apparatus according to an embodiment of the present invention.
  • the apparatus further includes: a detecting module 604.
  • the detecting module 604 is configured to acquire an operation keyword and a package name information of the target operation when detecting a target operation initiated by the third-party application for the information database.
  • the detecting module is further configured to match the package name information with each keyword included in the information database, and if it is determined that one or more keywords matching the package name information exist in each keyword included in the information database, Respond to the target operation.
  • the detecting process by the detecting module 604 to the target operation includes: popping up a security prompt on a graphical interface of the user equipment; the security prompt is used to request the user to indicate whether the target operation is allowed; and receiving feedback from the user on the security prompt Information; when the target operation is not allowed according to the feedback information, the package name of the third-party application is added to the information database.
  • the detecting process by the detecting module 604 to the target operation further includes: determining a matching degree of the operation keyword and each keyword included in the information database; each of the included keywords according to the operation keyword and the information database The matching degree of the keyword determines the security level of the target operation; the target operation is processed according to the preset operation corresponding to the security level.
  • the intercepting module 601, the determining module 602, the distributing module 603, and the detecting module 604 may all be configured by a central processing unit (CPU), a microprocessor (MPU), a digital signal processor (DSP), and a communication number processing device. Or field programmable gate array (FPGA) implementation.
  • CPU central processing unit
  • MPU microprocessor
  • DSP digital signal processor
  • FPGA field programmable gate array
  • This embodiment describes a computer readable medium, which may be a ROM (eg, a read only memory, a FLASH memory, a transfer device, etc.), a magnetic storage medium (eg, a magnetic tape, a disk drive, etc.), an optical storage medium (eg, a CD- ROM, DVD-ROM, paper card, paper tape, etc.) and other well-known types of program memory; computer-readable medium storing computer-executable instructions that, when executed, cause one or more processors to perform operations including the following :
  • the short message is carried in the preset broadcast corresponding to the preset feature for distribution; and the preset broadcast is used to enable the target application that subscribes to the preset broadcast to receive the preset broadcast and obtain the short message. .
  • the intercepting module intercepts the short message received by the user equipment, and the determining module matches each keyword included in the information database with the short message, and when determining that the feature of the short message is a preset feature
  • the distribution module carries the short message in the preset broadcast corresponding to the preset feature for distribution, so that the target application that subscribes to the preset broadcast can receive the preset broadcast and obtain the short message, because the third-party application that does not subscribe to the broadcast cannot Receiving the broadcast, thereby providing more in-depth monitoring and protection functions directly from the system level, and improving the security of the user's payment environment.
  • a computer readable storage medium storing computer executable instructions that, when executed by a processor, implement the data processing method.
  • embodiments of the present invention can be provided as a method, system, or computer program product.
  • embodiments of the invention may take the form of a hardware embodiment, a software embodiment, or a combination of software and hardware.
  • embodiments of the invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage and optical storage, etc.) in which computer usable program code is embodied.
  • Embodiments of the invention are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and flows in the flowcharts and/or block diagrams can be implemented by computer program instructions. Combination of procedures and/or boxes. These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device. Means for implementing the functions specified in one or more of the flow or in a block or blocks of the flow chart.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device such that a series of operational steps are performed on a computer or other programmable device to produce computer-implemented processing for execution on a computer or other programmable device.
  • the instructions provide steps for implementing the functions specified in one or more of the flow or in a block or blocks of a flow diagram.
  • the data processing method and device of the embodiment of the present invention intercepts the short message received by the user equipment, and matches each keyword included in the information database with the short message, and when the feature of the short message is determined to be a preset feature, the short message is carried.
  • the distribution is performed in the preset broadcast corresponding to the preset feature. Only the target application subscribed to the preset broadcast can receive the preset broadcast and obtain the short message, and the application that is not subscribed to the preset broadcast cannot receive the preset broadcast, so that It avoids the background monitoring of SMS by malicious programs/applications, prevents the leakage of important information of users, and realizes the protection of SMS from the system layer. In this way, the security of the payment environment of users can be improved.

Abstract

L'invention concerne un procédé et un appareil de traitement de données. Le procédé comprend les étapes suivantes : intercepter un message court reçu par un équipement utilisateur ; faire correspondre chaque mot-clé compris dans une base de données d'informations avec le message court, de manière à déterminer si une caractéristique du message court est une caractéristique prédéfinie ; et lorsqu'il est déterminé que la caractéristique du message court est la caractéristique prédéfinie, transporter le message court dans une diffusion prédéfinie correspondant à la caractéristique prédéfinie pour la distribution, où la diffusion prédéfinie est utilisée pour permettre à une application cible, celle-ci étant préabonnée à la diffusion prédéfinie, de recevoir la diffusion prédéfinie et d'acquérir le message court.
PCT/CN2016/091610 2016-05-06 2016-07-25 Procédé et appareil de traitement de données WO2017190436A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610297605.0A CN107346487A (zh) 2016-05-06 2016-05-06 数据处理方法及装置
CN201610297605.0 2016-05-06

Publications (1)

Publication Number Publication Date
WO2017190436A1 true WO2017190436A1 (fr) 2017-11-09

Family

ID=60202567

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/091610 WO2017190436A1 (fr) 2016-05-06 2016-07-25 Procédé et appareil de traitement de données

Country Status (2)

Country Link
CN (1) CN107346487A (fr)
WO (1) WO2017190436A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021021435A1 (fr) * 2019-07-29 2021-02-04 Material Security Inc. Service de communication sécurisé pour intercepter des messages suspects et les soumettre à une vérification de canal de retour

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108184025A (zh) * 2018-01-16 2018-06-19 青岛海信移动通信技术股份有限公司 验证码短信的处理方法及装置
CN110392155B (zh) * 2018-04-16 2022-05-24 阿里巴巴集团控股有限公司 通知消息的显示、处理方法、装置及设备
CN113259862B (zh) * 2021-06-23 2021-11-09 易纳购科技(北京)有限公司 短信集中转发系统及方法

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080034286A1 (en) * 2006-07-19 2008-02-07 Verizon Services Organization Inc. Intercepting text strings
CN102209326A (zh) * 2011-05-20 2011-10-05 北京中研瑞丰信息技术研究所(有限合伙) 基于智能手机无线电接口层的恶意行为检测方法及系统
CN103761645A (zh) * 2013-12-31 2014-04-30 瑞达信息安全产业股份有限公司 利用短消息控制移动终端近场支付通道开关的方法及系统
CN104009977A (zh) * 2014-05-09 2014-08-27 北京奇虎科技有限公司 一种信息保护的方法和系统
CN105307137A (zh) * 2015-09-18 2016-02-03 小米科技有限责任公司 短信读取方法及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080034286A1 (en) * 2006-07-19 2008-02-07 Verizon Services Organization Inc. Intercepting text strings
CN102209326A (zh) * 2011-05-20 2011-10-05 北京中研瑞丰信息技术研究所(有限合伙) 基于智能手机无线电接口层的恶意行为检测方法及系统
CN103761645A (zh) * 2013-12-31 2014-04-30 瑞达信息安全产业股份有限公司 利用短消息控制移动终端近场支付通道开关的方法及系统
CN104009977A (zh) * 2014-05-09 2014-08-27 北京奇虎科技有限公司 一种信息保护的方法和系统
CN105307137A (zh) * 2015-09-18 2016-02-03 小米科技有限责任公司 短信读取方法及装置

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2021021435A1 (fr) * 2019-07-29 2021-02-04 Material Security Inc. Service de communication sécurisé pour intercepter des messages suspects et les soumettre à une vérification de canal de retour
US11178178B2 (en) 2019-07-29 2021-11-16 Material Security Inc. Secure communications service for intercepting suspicious messages and performing backchannel verification thereon
US11785019B2 (en) 2019-07-29 2023-10-10 Material Security Inc. Secure communications service for intercepting suspicious messages and performing backchannel verification thereon

Also Published As

Publication number Publication date
CN107346487A (zh) 2017-11-14

Similar Documents

Publication Publication Date Title
US11323260B2 (en) Method and device for identity verification
US10594696B2 (en) Network-based authentication and security services
CN107135073B (zh) 接口调用方法和装置
WO2015169158A1 (fr) Procédé et système de protection d'informations
US9152784B2 (en) Detection and prevention of installation of malicious mobile applications
US20140380478A1 (en) User centric fraud detection
US9769688B2 (en) Device and method for prompting information about Wi-Fi signal
US10607016B2 (en) Decrypting files for data leakage protection in an enterprise network
WO2015188788A1 (fr) Procédé et appareil de protection de sécurité de paiement par terminal mobile, et terminal mobile
WO2015180690A1 (fr) Procédé et dispositif pour lire des informations de vérification
CN106302328B (zh) 敏感用户数据处理系统和方法
US9917817B1 (en) Selective encryption of outgoing data
US20210099431A1 (en) Synthetic identity and network egress for user privacy
WO2015188739A1 (fr) Procédé et appareil de traitement de message
US9965600B2 (en) Increased security using dynamic watermarking
Hamandi et al. Android SMS malware: Vulnerability and mitigation
WO2017190436A1 (fr) Procédé et appareil de traitement de données
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN105631334A (zh) 应用的安全检测处理方法和系统
US10080139B2 (en) Information sending method and apparatus, terminal device, and system
US10826901B2 (en) Systems and method for cross-channel device binding
US11625368B1 (en) Data migration framework
CN104426657A (zh) 一种业务认证方法、系统及服务器
Harris et al. Consumer trust in Google’s top developers’ apps: an exploratory study
US11363020B2 (en) Method, device and storage medium for forwarding messages

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16900958

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16900958

Country of ref document: EP

Kind code of ref document: A1