WO2018153288A1 - Numerical value transfer method, apparatus, device and storage medium - Google Patents

Numerical value transfer method, apparatus, device and storage medium Download PDF

Info

Publication number
WO2018153288A1
WO2018153288A1 PCT/CN2018/076072 CN2018076072W WO2018153288A1 WO 2018153288 A1 WO2018153288 A1 WO 2018153288A1 CN 2018076072 W CN2018076072 W CN 2018076072W WO 2018153288 A1 WO2018153288 A1 WO 2018153288A1
Authority
WO
WIPO (PCT)
Prior art keywords
order
signature
value
tool
server
Prior art date
Application number
PCT/CN2018/076072
Other languages
French (fr)
Chinese (zh)
Inventor
周菲
Original Assignee
腾讯科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 腾讯科技(深圳)有限公司 filed Critical 腾讯科技(深圳)有限公司
Publication of WO2018153288A1 publication Critical patent/WO2018153288A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the embodiments of the present application relate to the field of information security, and in particular, to a method, device, device, and storage medium for transferring values.
  • the payment system When performing a payment operation, usually before the payment is completed, the payment system needs to perform some logic verification on the payment operation, such as mobile phone number verification, verification code verification, and the like.
  • the purpose of the logic check is to confirm whether the payment operation is the user's own operation.
  • the payment system When the payment system performs the payment process, it usually includes multiple interactions between the web page on the terminal and various CGI (Common Gateway Interface) on the server.
  • the CGI includes the identity verification CGI and the payment CGI.
  • the webpage page sends the authentication-related parameters input by the user to the identity verification CGI, and the identity verification CGI verifies the parameters. After the verification succeeds, the identity verification CGI is performed.
  • a confirmation message is returned to the webpage page, and then the webpage page sends the relevant parameters of the payment to the payment CGI, the payment CGI verifies the parameter, the payment operation is completed after the verification is successful, and the payment completed message is returned to the webpage page.
  • proxy tools such as Fiddler
  • the agent tool is usually used by technicians to pay for the development or testing of the scenario.
  • the proxy tool can intercept the identity verification CGI request sent by the webpage page to the server, and then pretend to be The server returns a confirmation message to the web page. In this case, regardless of whether the parameters used for authentication are correct, the webpage page can receive the confirmation message, thereby bypassing the actual authentication process.
  • the proxy tool can The parameters input to the payment CGI are modified so that the payment CGI considers that the previous authentication has been confirmed at the time of verification, so that the web page successfully calls the payment CGI to complete the payment.
  • the payment system may skip some logic verification processes similar to the authentication, and continue to call the payment CGI to complete the payment, thereby causing the ordinary user's account and funds to be unsecured. .
  • the embodiment of the present application provides a method, a device, a device, and a storage medium for a numerical value transfer, which can solve the security problem caused by a malicious user using a proxy tool to skip the logic verification process and continue to call the payment CGI to complete the payment.
  • the technical solution is as follows:
  • a numerical transfer method which is applied to a server, the method comprising:
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • a value transfer method for use in a terminal, the method comprising:
  • the proxy tool is a tool for proxying a resource of the accessed server as a local resource
  • the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • the signature and the order parameter are used to trigger the server to detect whether the signature is correct, and if the signature is correct, if the first predetermined field If the value is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
  • a numerical transfer apparatus comprising:
  • a first detecting module configured to: after receiving an order parameter and a signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each field, the signature being obtained by the order parameter according to a predetermined digital signature rule;
  • a second detecting module configured to: when the first detecting module detects that the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, When the value of the first predetermined field is the predetermined value, the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
  • a first sending module configured to send, to the webpage, when the second detecting module detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value The first error code, and prohibiting the execution of the value transfer operation corresponding to the first order.
  • a numerical transfer apparatus comprising:
  • a third detecting module configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
  • An evaluation module configured to: when the third detecting module detects that the device is running the proxy tool, set a value of a first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use a proxy tool;
  • a calculation module configured to calculate a signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • a third sending module configured to send the signature obtained by the calculating module and the order parameter to a server, where the signature and the order parameter are used to trigger the server to detect whether the signature is correct, If the signature is correct, if the value of the first predetermined field is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
  • a first receiving module configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  • a server including a memory and a processor, the memory storing one or more instructions for executing the one or more instructions to implement the following steps :
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • a terminal comprising: a memory and a processor, the memory storing one or more instructions, and the processor is configured to execute the one or more instructions as follows step:
  • the proxy tool is a tool for proxying a resource of the accessed server as a local resource
  • the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • a computer readable storage medium wherein one or more instructions are stored on the storage medium, and the one or more instructions are executed to implement a server as described above The side value transfer method, and/or the value transfer method on the terminal side as above.
  • the webpage is used to detect whether the terminal uses the proxy tool, the first predetermined field is added to the order parameter sent to the server, and the signature generated by the order parameter is sent to the server, and the server verifies the signature according to the order parameter and the signature, due to the order. After the value of any field in the parameter changes, the generated signature will also change. By verifying the signature, the agent tool can effectively find the modification of the order parameter.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits the continuation.
  • the numerical transfer operation corresponding to the first order is executed, so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • FIG. 1 is a schematic diagram of an implementation environment of a numerical transfer method according to an embodiment of the present application.
  • FIG. 2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application
  • 3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application.
  • FIG. 3B is a flowchart of a method for transferring a value in a payment scenario provided in an embodiment of the present application
  • FIG. 4 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application.
  • Figure 5 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application.
  • Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a server provided in an embodiment of the present application.
  • FIG. 8 is a structural block diagram of a terminal provided in an embodiment of the present application.
  • FIG. 1 is a schematic diagram of an implementation environment of a numerical value transfer method according to an embodiment of the present application. As shown in FIG. 1 , the implementation environment includes: a terminal 110, a server 120, and a communication network 130.
  • the terminal 110 has the capability of web browsing.
  • the terminal 110 includes: a desktop computer, a laptop portable computer, a tablet computer, a smart phone, a Point ofsales (POS) terminal, and an MP3 (Moving Picture Experts Group Audio Layer III). ) Player, MP4 player, etc.
  • POS Point ofsales
  • MP3 Motion Picture Experts Group Audio Layer III
  • Server 120 is a platform that provides Internet network services.
  • the server 120 has at least one of a value transfer, a data storage, and a logical check.
  • the server 120 may be a server or a server cluster composed of a plurality of servers. All or part of data between the servers in the server cluster may be shared, and the server 120 may also be a cloud computing service center.
  • the physical implementation manner of the server 120 is not limited in this embodiment of the present application.
  • the terminal 110 and the server 120 are connected by a communication network 130.
  • communication network 130 can be a wired communication network or a wireless communication network.
  • a web page 111 is run on the browser or application of the terminal 110, and the web page 111 has the ability to provide a numerical transfer operation.
  • the web page 111 can also be referred to as a web client.
  • the numerical transfer refers to the transfer of the resource of the specified value between the first account A and the second account B, such as transferring from the first account A to the second account B.
  • the value transfer includes at least one of payment, recharge, transfer, and repayment.
  • the webpage page 111 is implemented as at least one of a payment page, a recharge page, a transfer page, and a repayment page.
  • the server 120 runs a variety of CGIs (Common Gateway Interfaces). This embodiment uses the identity verification CGI 121 and the payment CGI 122 on the server 120 as an example.
  • the CGI is physically a program running on the server 120.
  • the CGI can be specifically divided into different types of CGIs, such as the identity verification CGI 121 and the payment CGI 122 shown in FIG.
  • the identity verification CGI 121 is a program on the server 120 for implementing the identity verification function
  • the payment CGI 122 is a program on the server 120 for implementing the payment function.
  • the server 120 searches for the corresponding CGI according to the call request, and sends the call request to the found CGI for processing. After processing, the CGI sends the processing result to the server 120.
  • the server 120 returns the processing result to the web page 111.
  • the terminal 110 is an example of a PC (Personal Computer).
  • the value transfer operation involves the user's property security.
  • the server 120 completes the value transfer operation, the user also needs to send an identity verification request to the server 120 through the terminal 110 to ensure that the value transfer operation is performed by the person.
  • the user opens a webpage page 111 on the terminal 110.
  • the webpage 111 After the user fills in the authentication information, the webpage 111 generates an identity verification request according to the parameters in the filled identity verification information, and sends the identity verification request to the server. 120.
  • the server 120 After receiving the identity verification request, the server 120 sends an identity verification request to the identity verification CGI 121, and the identity verification CGI 121 verifies the parameters in the identity verification request.
  • the identity verification CGI 121 feeds back the verification success message to the server 120, and the server 120 returns the verification success message to the webpage page 111.
  • the webpage page 111 is based on the value filled in by the user.
  • the transfer related parameter generates a value transfer request, and the value transfer request is sent to the server 120.
  • the server 120 sends the value transfer request to the payment CGI 122, and the payment CGI 122 checks the value transfer parameter to ensure that the value is transferred.
  • the value transfer operation is performed, and the value is transferred.
  • the payment CGI 122 feeds back the value transfer success message to the server 120, and the server 120 returns a value transfer success message to the web page 111, and the web page 111 displays a notification of successful numerical transfer on the terminal 110.
  • the proxy tool 112 is also run on the terminal 110.
  • the agent tool 112 is a tool that proxyes the resources of the server 120 being accessed as a local resource. When the web page 111 requests the resource, the proxy tool 112 will call the local resource.
  • the agent tool 112 is typically used by technicians in development or testing to simulate different scenarios and save development costs.
  • the common proxy tool 112 has Fiddler, which has at least one of forwarding, proxy, host management, setting breakpoints, CGI scanning, modifying input parameters, modifying return parameters, and simulating network speed.
  • the web page 111 sends an authentication request to the identity verification CGI 121. Since the proxy tool 112 can proxy the resource of the server 120 as a local resource, the authentication request is Instead of being sent to the identity verification CGI 121, the local resource is invoked and the proxy tool 112 pretends that the server 120 returns a verification success message to the web page 111. In this case, regardless of whether the authentication information entered in the web page 111 is correct, the web page 111 can receive the verification success message, thereby bypassing the actual authentication process.
  • the proxy tool 112 can modify the parameters sent to the payment CGI 122 such that upon receipt of the payment request, the payment CGI 122 is
  • the verification result of the parameter confirms that the verification logic (such as identity verification) before this step has been confirmed, so that other verification of the payment logic is continued, and the value transfer is completed.
  • a verification process for whether the terminal 110 is running the agent tool 112 is added to the web page 111 and the payment CGI 122.
  • FIG. 2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application, which is illustrated by the application in the implementation environment shown in FIG. 1.
  • the numerical transfer method may include:
  • Step 201 When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
  • the browser in the terminal (or the built-in browser of the application) runs a web page.
  • This web page can also be referred to as a web client.
  • a proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
  • a web page is a page that needs to detect whether or not to run a proxy tool.
  • the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
  • Step 202 When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool.
  • a first predetermined field is added to the payment request sent by the web page to the payment CGI, and the first predetermined field is used to indicate whether to use the proxy tool.
  • Step 203 The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, and the order parameter includes a first predetermined field and other value transfer operation corresponding fields.
  • the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field is calculated according to a predetermined digital signature rule.
  • the predetermined digital signature rule may be an MD5 signature.
  • the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user.
  • the MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature.
  • the first predetermined field is added to the field of the calculated signature.
  • the webpage may also be digitally signed using 3des.
  • the difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature.
  • the web page is a first predetermined field added after the signature is generated and an MD5 signature generated according to the specified key.
  • Step 204 The webpage page sends the signature and the order parameter of the first order to the server.
  • the order parameters before the signature are also sent to the server, and the payment CGI in the server verifies the signature correctly according to the order parameters and the signature.
  • the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server.
  • the server After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI.
  • the processing result After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
  • step 205 For the specific implementation of the payment request sent by the CGI processing webpage, please refer to step 205 to step 207.
  • Step 205 After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
  • the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
  • Step 206 When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter of the first order, and the value of the first predetermined field is a predetermined value.
  • the first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
  • the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
  • Step 207 When the order parameter of the first order includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer corresponding to the first order. operating.
  • the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order.
  • Step 208 The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
  • the web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
  • the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • interaction between the terminal and the server in this embodiment may be directly understood as the interaction between the web page and the payment CGI.
  • the value transfer method detects whether the terminal uses the proxy tool through the webpage page, adds a first predetermined field to the order parameter sent to the server, and sends the signature generated by the order parameter to the server.
  • the server verifies the signature according to the order parameters and the signature. Since the value of any field in the order parameter changes, the generated signature also changes. By verifying the signature, the proxy tool can effectively find the order parameter. modify.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution.
  • the value transfer operation corresponding to the first order so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • FIG. 3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application, which is exemplified in the implementation environment shown in FIG. 1.
  • the numerical transfer method may include:
  • Step 301 When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
  • a proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
  • a web page is a page that needs to detect whether or not to run a proxy tool.
  • the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
  • the login page when the login page is opened on the terminal, the login page may also detect whether the terminal is running the proxy tool. That is, the web page may also include a login page.
  • the web page detects whether the terminal is running the proxy tool, and can be implemented in the following manner:
  • the web page detects whether the target agent tool is running in the resource manager of the terminal.
  • the target agent tool is at least one of a list of pre-configured agent tools. There may be a variety of agent tools.
  • the web page pre-configures the names of a series of agent tools into a list of agent tools, and then queries the resource manager according to the list of agent tools to see if the target agent tool on the agent tool list is running.
  • the web page determines that the terminal is running the agent tool.
  • the terminal may run an agent tool or multiple agent tools at the same time.
  • the web page detects that any agent tool in the agent tool list is running, it can confirm that the terminal is running the agent tool.
  • the web page determines that the terminal does not run the agent tool.
  • the terminal is not running the agent tool only when the terminal does not run the agent tool in the list of agent tools.
  • Step 302 When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, so that the value of the second predetermined field is the name of the proxy tool, and the first predetermined field is used to indicate whether to use the proxy tool, The second predetermined field is used to indicate the name of the agent tool used.
  • a first predetermined field and a second predetermined field are added to the payment request sent by the web page to the payment CGI, respectively, to indicate whether to use the proxy tool and the name of the proxy tool used.
  • the first predetermined field is agent_tool
  • the second predetermined field is an optional field.
  • Step 303 The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes a first predetermined field, a second predetermined field, and other value transfer operation corresponding fields.
  • the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field and the second predetermined field are calculated according to a predetermined digital signature rule.
  • the predetermined digital signature rule may be an MD5 signature.
  • the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user.
  • the MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature.
  • the first predetermined field and the second predetermined field are added to the field for calculating the signature (or only the first predetermined field is added).
  • the webpage may also be digitally signed using 3des.
  • the difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature.
  • the web page is to add the first predetermined field and the second predetermined field after generating the signature and the MD5 signature generated according to the specified key.
  • step 304 the web page sends the signature and order parameters to the payment CGI.
  • the process of sending the signature and order parameters to the payment CGI on the web page is the process of calling the payment CGI.
  • the order parameters before the signature are also sent to the payment CGI, and the payment CGI verifies that the signature is correct according to the order parameters and the signature.
  • the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server.
  • the server After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI.
  • the processing result After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
  • Step 305 After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
  • the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
  • detecting the correctness of the signature can be achieved by:
  • the payment CGI calculates the verification signature according to the predetermined digital signature rule according to the order parameter.
  • the MD5 signature is irreversible, the payment CGI needs to calculate the signature according to the order parameter according to the same predetermined digital signature rule as the webpage page.
  • the signature is a verification signature, and the signature is determined by comparing the verification signature with the received signature. Whether the order parameters have been modified.
  • Step 306 when determining the signature error, the payment CGI sends a second error code to the webpage page, and prohibits the execution of the numerical transfer operation corresponding to the first order.
  • the payment CGI determines the signature error, it indicates that the payment CGI does not pass the verification of the signature, so the payment CGI sends a second error code error to the webpage page.
  • Step 307 The webpage page receives a second error code sent by the server, and the second error code is used to prompt a signature error and prohibits the execution of the value transfer operation.
  • the webpage pops up a prompt window according to the second error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • step 305 if the signature is correct, the payment CGI needs to proceed to step 308.
  • Step 308 When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value.
  • the first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
  • the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
  • Step 309 when the order parameter includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI records the order number of the first order in the database of the server, and marks the first order corresponding to the order number as the target order. .
  • the order number is used to uniquely identify the first order, and the target order is a value transfer order using the agent tool.
  • Step 310 The payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer operation corresponding to the first order.
  • the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order.
  • Step 311 The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
  • the web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
  • the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • the malicious user may submit the same value transfer order again through the webpage page, and it is possible to re-modify the parameters through the proxy tool.
  • the web page pop-up prompt window prompts the user to prohibit the value transfer operation from being performed
  • the malicious user may directly close the prompt window, confirm that the control is triggered again, and the web page sends the value transfer order to the payment CGI again.
  • a malicious user replaces a terminal, reopens the web page, and resubmits the value transfer order that was previously submitted but not completed. In both cases, the order number of the resubmitted value transfer order does not change. For this type of order, the payment CGI is verified by the following steps.
  • Step 312 When submitting the second order, the webpage page sends the signature and order parameters of the second order to the payment CGI, and the order parameter of the second order further includes the order number of the second order.
  • the order number of the second order is used to uniquely identify the second order.
  • the second order is a value transfer order that has been submitted but not completed.
  • Step 313 when receiving the submit request of the second order, the payment CGI queries the database whether the second order belongs to the target order according to the order number of the second order.
  • the payment CGI checks whether the second order belongs to the marked target order according to the order number of the second order.
  • Step 314 when the second order belongs to the target order, the payment CGI sends the first error code to the webpage page.
  • the payment CGI directly sends a first error code error to the webpage page.
  • Step 315 the webpage page receives the first error code sent by the payment CGI.
  • the webpage page pops up the corresponding prompt window by parsing the first error code, and is used to prompt the user to prohibit the value transfer operation from continuing.
  • the method further includes step 316.
  • Step 316 when the signature is correct and there is no first predetermined field in the order parameter, or when the signature is correct and the value of the first predetermined field is not a predetermined value, the other verification process of the normal value transfer is continued.
  • the other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether or not the payment authority is available.
  • the web page does not send the first predetermined field and the second predetermined field to the payment CGI, or the web page is sent.
  • the payment CGI supports a configuration switch.
  • the switch When the switch is turned on, the payment CGI needs to detect whether there is a first predetermined field in the order parameter indicating whether the terminal uses the proxy tool.
  • the webpage page on the terminal needs to detect whether the proxy tool is running in the terminal through the resource manager, and then add a first predetermined field in the order parameter, or add a first predetermined field and a second predetermined field.
  • the switch When the switch is turned off, the payment CGI does not detect the first predetermined field in the order parameter, and correspondingly, the web page does not detect whether the proxy tool is running in the terminal.
  • the switch is in the CGI configuration file, and the technician must log in to the server to control the switch. Therefore, the switch is only controlled by a technician, and the ordinary user cannot control the switch.
  • the technician turned off the switch during testing and development because of the need to use the agent tool.
  • the switch is turned on to detect whether the terminal is running the proxy tool in the actual payment environment.
  • the numerical value transfer method provided in this embodiment can also be represented as a flowchart shown in FIG. 3B in the payment scenario.
  • S301 is first executed to open a webpage page; then, S302 is executed, and the webpage page checks the resource manager process of the terminal; then, S303 is executed to determine whether the terminal uses the proxy tool; if the result of the determination in S303 is no, the webpage is executed.
  • S3089 is executed, and the payment CGI returns a second error code; then the webpage page executes S310, and the webpage page displays the first page popup window, the first page A page pop-up window can display prompt text: signature error, unable to continue to pay.
  • S311 is performed, and the payment CGI determines whether the first predetermined field agent_tool is equal to 1; if the determination result of S311 is YES, that is, the agent_tool is equal to 1, executing S312, the payment CGI returns the first error code, The first error code is used to indicate that the numerical value transfer operation is prohibited from being performed; then, in S313, the webpage page displays the second page popup window, and the second page popup window can display the prompt text: prohibiting payment, unable to continue to pay; if the judgment result of S311 If no, execute S314, that is, agent_tool is equal to 0, and pay the CGI to perform other verification of the payment logic.
  • the value transfer method detects whether the terminal uses the proxy tool through the webpage page, adds the first predetermined field and the second predetermined field to the order parameter sent to the server, and generates the order parameter.
  • the signature is sent to the server, and the server verifies the signature according to the order parameter and the signature. Since the value of any field in the order parameter changes, the generated signature also changes, and the signature can be effectively verified by verifying the signature.
  • the tool modifies the order parameters.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution.
  • the value transfer operation corresponding to the first order so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • the numerical value transfer method provided in this embodiment further prohibits the execution of the value transfer operation by the payment CGI when the signature is incorrect, so that when the order parameter or the signature changes, the numerical transfer operation is prohibited, and the account and property security of the ordinary user are protected. .
  • the value transfer method provided by the embodiment further records the order number of the first order into the database by detecting the first order as the value of the agent tool when the payment CGI detects the order, and marks the first order as the target order. If a second order with the same order number is submitted, the payment CGI can query the database according to the order number and quickly determine that the second order is a value transfer order using the agent tool.
  • the numerical value transfer method provided by the embodiment further performs the execution when the signature verification is correct and the first predetermined field is not included in the order parameter or when the signature verification is correct and the first predetermined field in the order parameter is not a predetermined value.
  • the other verification flow of the numerical transfer operation enables the numerical transfer order request of the terminal that does not use the proxy tool to be executed normally.
  • the value transfer device may include: a first detection module 410, a second detection module 420, and a first transmission module 430.
  • the first detecting module 410 is configured to: after receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each of the preceding fields, the signature being obtained by the order parameter according to a predetermined digital signature rule;
  • the second detecting module 420 is configured to detect, when the first detecting module detects that the signature is correct, whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value.
  • the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
  • the first sending module 430 is configured to: when the second detecting module detects that the first predetermined field is included in the order parameter, and the value of the first predetermined field is the predetermined value, to the webpage page Sending the first error code and prohibiting the execution of the value transfer operation corresponding to the first order.
  • the first detecting module 410 includes: a calculating unit, configured to calculate a verification signature according to the predetermined digital signature rule according to the order parameter; and a detecting unit, configured to detect the signature and Whether the verification signature obtained by the calculating unit is consistent; the first determining unit is configured to determine that the signature is correct when the detecting unit detects that the signature is consistent with the verification signature.
  • the apparatus further includes: a second determining unit 442, configured to determine, when the detecting unit detects that the signature is inconsistent with the verification signature,
  • the second sending module 444 is configured to: when the second determining unit determines the signature error, send a second error code to the webpage page, and prohibit performing the numerical transfer corresponding to the first order operating.
  • the device further includes: a marking module 462, configured to record an order number of the first order in a database of the device, and mark the order number corresponding to The first order is a target order, the order number of the first order is used to uniquely identify the first order, the target order is a value transfer order using a proxy tool; and the query module 464 is configured to receive When the second order is submitted, the database is queried according to the order number of the second order whether the second order belongs to the target order marked by the marking module; the first sending module 430 further And when the query module queries that the second order belongs to the target order, sending the first error code to the webpage page.
  • a marking module 462 configured to record an order number of the first order in a database of the device, and mark the order number corresponding to The first order is a target order, the order number of the first order is used to uniquely identify the first order, the target order is a value transfer order using a proxy tool
  • the query module 464 is configured to receive When the second order is submitted, the database is queried according to
  • the apparatus further includes: a verification module 480, configured to: when the first detection module detects that the signature is correct and the second detection module detects that the order parameter is not When the first predetermined field is detected, or when the first detecting module detects that the signature is correct and the second detecting module detects that the value of the first predetermined field is not the predetermined value, continuing to perform normal
  • the other verification process of the value transfer includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  • Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application, which is exemplified in the terminal 110 shown in Figure 1.
  • the value transfer device may include: a third detection module 618, an evaluation module 620, a calculation module 630, a third transmission module 640, and a first receiving module 650.
  • the third detecting module 618 is configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
  • An evaluation module 620 configured to: when the third detecting module 610 detects that the device is running the proxy tool, set a value of the first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use the proxy tool;
  • a calculation module 630 configured to calculate, by using a predetermined digital signature rule, an order parameter of the first order, where the order parameter includes the first predetermined field and another value transfer operation corresponding field;
  • a third sending module 640 configured to send the signature obtained by the calculating module and the order parameter to a server
  • the first receiving module 650 is configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  • the evaluation module 620 is further configured to: when the device is running the proxy tool, set a value of the second predetermined field to a name of the proxy tool, the second predetermined The field is an order parameter in the first order.
  • the apparatus further includes:
  • the second receiving module 660 is configured to receive a second error code sent by the server, where the second error code is used to prompt the signature error and prohibit to continue to perform the value transfer operation.
  • the third sending module 640 is configured to send a signature of the second order and an order parameter to the server when the second order is submitted, the order of the second order
  • the parameter further includes an order number of the second order, the order number of the second order is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query the database Whether the second order belongs to the target order, and the target order is a value transfer order using the agent tool;
  • the first receiving module 650 is further configured to receive the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order .
  • the third detecting module 618 includes: a detecting unit, configured to detect whether a target agent tool is run in a resource manager of the device, where the target agent tool is a pre-configured agent At least one of the tool list; the third determining unit, configured to: when the detecting unit detects that the target agent tool is run in the resource manager of the device, determine that the device is running the agent tool; And a determining unit, configured to determine that the device does not run the proxy tool when the detecting unit detects that the target agent tool is not running in the resource manager of the device.
  • the numerical value transfer device provided in the above embodiment is only exemplified by the division of the above functional modules when transferring the numerical value. In actual applications, the above functional distribution can be completed by different functional modules as needed. The internal structure of the terminal or server is divided into different functional modules to complete all or part of the functions described above.
  • the numerical value transfer device and the numerical value transfer method are provided in the same embodiment, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
  • FIG. 7 is a schematic structural diagram of a server provided in an embodiment of the present application.
  • the server can be the server 120 shown in FIG.
  • the server 600 includes a central processing unit (CPU) 601, a system memory 604 including a random access memory (RAM) 602 and a read only memory (ROM) 603, and a system bus that connects the system memory 604 and the central processing unit 601. 605.
  • the server 600 also includes a basic input/output system (I/O system) 606 that facilitates transfer of information between various devices within the computer, and mass storage for storing the operating system 613, applications 614, and other program modules 615.
  • I/O system basic input/output system
  • the basic input/output system 606 includes a display 608 for displaying information and an input device 609 such as a mouse or keyboard for user input of information.
  • the display 608 and input device 609 are both connected to the central processing unit 601 by an input/output controller 610 that is coupled to the system bus 605.
  • the basic input/output system 606 can also include an input output controller 610 for receiving and processing input from a plurality of other devices, such as a keyboard, mouse, or electronic stylus.
  • input/output controller 610 also provides output to a display screen, printer, or other type of output device.
  • the mass storage device 607 is connected to the central processing unit 601 by a mass storage controller (not shown) connected to the system bus 605.
  • the mass storage device 607 and its associated computer readable medium provide non-volatile storage for the server 600. That is, the mass storage device 607 can include a computer readable medium (not shown) such as a hard disk or a CD-ROM drive.
  • the computer readable medium can include computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Computer storage media include RAM, ROM, EPROM, EEPROM, flash memory or other solid state storage technologies, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices.
  • RAM random access memory
  • ROM read only memory
  • EPROM Erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the server 600 may also be operated by a remote computer connected to the network through a network such as the Internet. That is, the server 600 can be connected to the network 612 through a network interface unit 611 connected to the system bus 605, or can also be connected to other types of networks or remote computer systems (not shown) using the network interface unit 611. .
  • the system memory 604 also includes one or more programs, the one or more programs being stored in the system memory 604, and the central processing unit 601 implementing the server in the method embodiment by executing the one or more programs.
  • Side value transfer method Exemplary:
  • the central processing unit 601 is configured to execute the one or more instructions to implement the following steps:
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the second error code is sent to the web page, and the numerical transfer operation corresponding to the first order is prohibited from continuing.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the target order is a value transfer order using a proxy tool
  • the method further includes:
  • the first error code is sent to the webpage page.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  • the terminal 700 is configured to implement the numerical value transfer method provided by the foregoing embodiment.
  • the terminal 700 in this application may include one or more of the following components: a processor for executing computer program instructions to perform various processes and methods for information and storage of program instructions, random access memory (RAM), and read-only Memory (ROM), memory for storing data and information, I/O devices, interfaces, antennas, etc.
  • RAM random access memory
  • ROM read-only Memory
  • the terminal 700 may include an RF (Radio Frequency) circuit 710, a memory 720, an input unit 730, a display unit 740, a sensor 750, an audio circuit 760, a WiFi (Wireless Fidelity) module 770, a processor 780, and a power supply 782. , camera 790 and other components.
  • RF Radio Frequency
  • FIG. 8 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • the RF circuit 710 can be used for transmitting and receiving information or during a call, and receiving and transmitting the signal. Specifically, after receiving the downlink information of the base station, the processor 780 processes the data. In addition, the uplink data is designed to be sent to the base station.
  • RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like.
  • RF circuitry 710 can also communicate with the network and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
  • the memory 720 can be used to store software programs and modules, and the processor 780 executes various functional applications and data processing of the terminal 700 by running software programs and modules stored in the memory 720.
  • the memory 720 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the terminal 700 (such as audio data, phone book, etc.) and the like.
  • memory 720 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 730 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the terminal 700.
  • the input unit 730 may include a touch panel 731 and other input devices 732.
  • the touch panel 731 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 731 or near the touch panel 731. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 731 can include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 780 is provided and can receive commands from the processor 780 and execute them.
  • the touch panel 731 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 730 may also include other input devices 732.
  • other input devices 732 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 740 can be used to display information input by the user or information provided to the user and various menus of the terminal 700.
  • the display unit 740 can include a display panel 741.
  • the display panel 741 can be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch panel 731 can cover the display panel 741. When the touch panel 731 detects a touch operation on or near the touch panel 731, it transmits to the processor 780 to determine the type of the touch event, and then the processor 780 according to the touch event. The type provides a corresponding visual output on display panel 741.
  • touch panel 731 and the display panel 741 are used as two independent components to implement the input and input functions of the terminal 700 in FIG. 7, in some embodiments, the touch panel 731 can be integrated with the display panel 741. The input and output functions of the terminal 700 are implemented.
  • Terminal 700 can also include at least one type of sensor 750, such as a gyro sensor, a magnetic induction sensor, a light sensor, a motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 741 according to the brightness of the ambient light, and the proximity sensor may close the display panel 741 when the terminal 700 moves to the ear. / or backlight.
  • the acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the attitude of the terminal (such as horizontal and vertical screen switching, related games).
  • magnetometer attitude calibration magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tapping
  • other sensors such as barometers, hygrometers, thermometers, infrared sensors, etc., which can also be configured in the terminal 700, are not described here.
  • An audio circuit 760, a speaker 761, and a microphone 762 can provide an audio interface between the user and the terminal 700.
  • the audio circuit 760 can transmit the converted electrical data of the received audio data to the speaker 761 for conversion to the sound signal output by the speaker 761; on the other hand, the microphone 762 converts the collected sound signal into an electrical signal by the audio circuit 760. After receiving, it is converted into audio data, and then processed by the audio data output processor 780, transmitted to the terminal, for example, via the RF circuit 710, or the audio data is output to the memory 720 for further processing.
  • WiFi is a short-range wireless transmission technology
  • the terminal 700 can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 770, which provides wireless broadband Internet access for users.
  • FIG. 8 shows the WiFi module 770, it can be understood that it does not belong to the essential configuration of the terminal 700, and may be omitted as needed within the scope of not changing the essence of the disclosure.
  • Processor 780 is the control center of terminal 700, which connects various portions of the entire terminal using various interfaces and lines, by running or executing software programs and/or modules stored in memory 720, and recalling data stored in memory 720, The various functions and processing data of the terminal 700 are performed to perform overall monitoring of the terminal.
  • the processor 780 may include one or more processing units; preferably, the processor 780 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 780.
  • the terminal 700 also includes a power source 782 (such as a battery) for powering various components.
  • a power source 782 (such as a battery) for powering various components.
  • the power source can be logically coupled to the processor 780 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the camera 790 is generally composed of a lens, an image sensor, an interface, a digital signal processor, a CPU, a display screen, and the like.
  • the lens is fixed above the image sensor, and the focus can be changed by manually adjusting the lens;
  • the image sensor is equivalent to the "film" of the conventional camera, and is the heart of the image captured by the camera;
  • the interface is used to connect the camera with the cable and the board to the board.
  • the spring-type connection mode is connected to the terminal board, and the collected image is sent to the memory 720;
  • the digital signal processor processes the acquired image through a mathematical operation, converts the collected analog image into a digital image, and sends the image to the interface Memory 720.
  • the terminal 700 may further include a Bluetooth module or the like, and details are not described herein again.
  • the memory 720 further includes one or more programs, the one or more programs are stored in a memory, and the processor 780 implements the value transfer method on the terminal side in the foregoing method embodiment by executing the one or more programs.
  • the processor 780 is configured to execute the one or more instructions to implement the following steps:
  • the proxy tool is a tool for proxying resources of the accessed server as a local resource; when the terminal is running the proxy tool, making the first
  • the predetermined field value is a predetermined value, the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and The other value transfer operation corresponding field; sending the signature and the order parameter to the server; receiving the first error code sent by the server, the first error code being used to prompt to prohibit execution of the Numerical transfer operation.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the value of the second predetermined field is the name of the agent tool, and the second predetermined field is an order parameter in the first order.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the second error code is used to prompt the signature error and prohibit to continue performing the value transfer operation.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the order parameter of the second order further includes an order number of the second order, and an order of the second order The number is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, and the target order is a value transfer using a proxy tool.
  • receiving the first error code sent by the server where the first error code is sent by the server when querying that the second order belongs to the target order.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the target agent tool is at least one of a pre-configured list of agent tools; when the target agent tool is run in a resource manager of the terminal Determining that the terminal is running the proxy tool; when any of the target proxy tools are not running in the resource manager of the terminal, determining that the terminal is not running the proxy tool.
  • the embodiment of the present application further provides a computer readable storage medium, which may be a computer readable storage medium included in the memory in the foregoing embodiment, or may exist separately, not assembled into a terminal or A computer readable storage medium in a server.
  • the computer readable storage medium stores one or more programs that are used by one or more processors to perform the terminal side and/or server side numerical transfer methods described above.
  • a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.

Abstract

Disclosed are a numerical value transfer method, apparatus and device, and a storage medium, belonging to the field of information security. The method comprises: after receiving an order parameter and a signature of a first order sent by a web page, detecting whether the signature is correct according to the order parameter and the signature; when the signature is correct, detecting whether the order parameter contains a first pre-set field and the value of the first pre-set field is a pre-set numerical value; when the order parameter contains the first pre-set field and the value of the first pre-set field is the pre-set numerical value, sending a first error code to the web page, and prohibiting continued execution of the numerical value transfer operation corresponding to the first order. The present application can solve the problem, in an actual payment scenario, of an account and funds of a user not being secure when a proxy tool is used to skip over a part of a logic check procedure, and a payment CGI is continuously scheduled to complete payment, and has the effect that when a proxy tool is used in an actual payment scenario, the execution of a payment operation is prohibited, and the security of the account and funds of the user is protected.

Description

数值转移方法、装置、设备及存储介质Numerical transfer method, device, device and storage medium
本申请要求于2017年02月22日提交中国国家知识产权局、申请号为201710097347.6、发明名称为“数值转移方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 200910097347.6, the entire disclosure of which is incorporated herein by reference. .
技术领域Technical field
本申请实施例涉及信息安全领域,特别涉及一种数值转移方法、装置、设备及存储介质。The embodiments of the present application relate to the field of information security, and in particular, to a method, device, device, and storage medium for transferring values.
背景技术Background technique
在进行支付操作时,通常在完成支付之前,支付系统需要对支付操作进行一些逻辑校验,比如手机号校验、验证码校验等。其中,逻辑校验的目的是确认支付操作是否为用户本人操作。When performing a payment operation, usually before the payment is completed, the payment system needs to perform some logic verification on the payment operation, such as mobile phone number verification, verification code verification, and the like. The purpose of the logic check is to confirm whether the payment operation is the user's own operation.
支付系统在执行支付流程时,通常包括:终端上的网页页面和服务器上的各种CGI(Common Gateway Interface,通用网关接口)之间的多次交互操作。以CGI包括身份校验CGI和支付CGI为例,网页页面将用户输入的身份验证相关的参数发送至身份校验CGI,身份校验CGI对参数进行校验,校验成功后,身份校验CGI向网页页面返回确认消息,然后网页页面将支付相关的参数发送至支付CGI,支付CGI对参数进行校验,检验成功后完成支付操作,向网页页面返回支付已完成消息。When the payment system performs the payment process, it usually includes multiple interactions between the web page on the terminal and various CGI (Common Gateway Interface) on the server. For example, the CGI includes the identity verification CGI and the payment CGI. The webpage page sends the authentication-related parameters input by the user to the identity verification CGI, and the identity verification CGI verifies the parameters. After the verification succeeds, the identity verification CGI is performed. A confirmation message is returned to the webpage page, and then the webpage page sends the relevant parameters of the payment to the payment CGI, the payment CGI verifies the parameter, the payment operation is completed after the verification is successful, and the payment completed message is returned to the webpage page.
在支付场景的开发或测试中,技术人员经常在终端中使用代理工具(比如Fiddler)通过抓包并修改网页页面的参数或各个CGI的参数来测试不同的支付场景。也就是说,代理工具通常被技术人员用于支付场景的开发或测试。但在实际支付场景中,若恶意用户使用代理工具,则网页页面在向身份校验CGI发送身份验证相关的参数时,代理工具可以截获网页页面发送给服务器的身份校验CGI请求,然后伪装成服务器向网页页面返回确认消息。这种情况下无论用于身份验证的参数是否正确,网页页面都能接收到确认消息,从而绕开了实际的身份验证过程,网页页面在向支付CGI发送支付相关的参数时,代理工具可以将输入给支付CGI的参数进行修改,让支付CGI在校验时认为之前的身份验证已经确认,从而使得网页页面成功调用支付CGI完成支付。In the development or testing of payment scenarios, technicians often use proxy tools (such as Fiddler) in the terminal to test different payment scenarios by capturing and modifying the parameters of the web page or the parameters of each CGI. That is to say, the agent tool is usually used by technicians to pay for the development or testing of the scenario. However, in the actual payment scenario, if the malicious user uses the proxy tool, when the webpage page sends the identity verification related parameter to the identity verification CGI, the proxy tool can intercept the identity verification CGI request sent by the webpage page to the server, and then pretend to be The server returns a confirmation message to the web page. In this case, regardless of whether the parameters used for authentication are correct, the webpage page can receive the confirmation message, thereby bypassing the actual authentication process. When the webpage page sends the payment-related parameters to the payment CGI, the proxy tool can The parameters input to the payment CGI are modified so that the payment CGI considers that the previous authentication has been confirmed at the time of verification, so that the web page successfully calls the payment CGI to complete the payment.
由于恶意用户将代理工具用在实际支付场景中时,支付系统可能会跳过一些类似身份验证的逻辑校验流程,继续调用支付CGI完成支付,从而导致普通用户的账户和资金得不到安全保障。Since the malicious user uses the proxy tool in the actual payment scenario, the payment system may skip some logic verification processes similar to the authentication, and continue to call the payment CGI to complete the payment, thereby causing the ordinary user's account and funds to be unsecured. .
发明内容Summary of the invention
本申请实施例提供了一种数值转移方法、装置、设备及存储介质,可以解决恶意用户使用代理工具跳过逻辑校验流程,继续调用支付CGI完成支付所导致的安全问题。所述技术方案如下:The embodiment of the present application provides a method, a device, a device, and a storage medium for a numerical value transfer, which can solve the security problem caused by a malicious user using a proxy tool to skip the logic verification process and continue to call the payment CGI to complete the payment. The technical solution is as follows:
根据本申请的一个方面,提供了一种数值转移方法,应用于服务器中,所述方法包括:According to an aspect of the present application, a numerical transfer method is provided, which is applied to a server, the method comprising:
在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
在所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;When the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, and the value of the first predetermined field is the predetermined value The terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
当所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
根据本申请的另一方面,提供了一种数值转移方法,应用于终端中,所述方法包括:According to another aspect of the present application, a value transfer method is provided for use in a terminal, the method comprising:
在打开网页页面时,检测所述终端是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;When the web page is opened, detecting whether the terminal is running a proxy tool, and the proxy tool is a tool for proxying a resource of the accessed server as a local resource;
当所述终端正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;When the terminal is running the proxy tool, the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;The order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
将所述签名和所述订单参数发送给服务器,所述签名和所述订单参数用于触发所述服务器检测所述签名是否正确,在所述签名正确的情况下,若所述第一预定字段的值为所述预定数值,则返回第一错误码,并禁止继续执行所述数值转移操作;Sending the signature and the order parameter to the server, the signature and the order parameter are used to trigger the server to detect whether the signature is correct, and if the signature is correct, if the first predetermined field If the value is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。Receiving the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
根据本申请的另一方面,提供了一种数值转移装置,所述装置包括:According to another aspect of the present application, a numerical transfer apparatus is provided, the apparatus comprising:
第一检测模块,用于在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;a first detecting module, configured to: after receiving an order parameter and a signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each field, the signature being obtained by the order parameter according to a predetermined digital signature rule;
第二检测模块,用于在所述第一检测模块检测到所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;a second detecting module, configured to: when the first detecting module detects that the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, When the value of the first predetermined field is the predetermined value, the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
第一发送模块,用于当所述第二检测模块检测到所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。a first sending module, configured to send, to the webpage, when the second detecting module detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value The first error code, and prohibiting the execution of the value transfer operation corresponding to the first order.
根据本申请的另一方面,提供了一种数值转移装置,所述装置包括:According to another aspect of the present application, a numerical transfer apparatus is provided, the apparatus comprising:
第三检测模块,用于在打开网页页面时,检测所述装置是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;a third detecting module, configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
赋值模块,用于当所述第三检测模块检测到所述装置正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;An evaluation module, configured to: when the third detecting module detects that the device is running the proxy tool, set a value of a first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use a proxy tool;
计算模块,用于将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;a calculation module, configured to calculate a signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
第三发送模块,用于将所述计算模块得到的所述签名和所述订单参数发送给服务器,所述签名和所述订单参数用于触发所述服务器检测所述签名是否正确,在所述签名正确的情况下,若所述第一预定字段的值为所述预定数值,则返回第一错误码,并禁止继续执行所述数值转移操作;a third sending module, configured to send the signature obtained by the calculating module and the order parameter to a server, where the signature and the order parameter are used to trigger the server to detect whether the signature is correct, If the signature is correct, if the value of the first predetermined field is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
第一接收模块,用于接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。And a first receiving module, configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
根据本申请的另一方面,提供了一种服务器,所述服务器包括存储器和处理器,所述存储器存储有一个或多个指令,所述处理器用于执行所述一个或多个指令实现如下步骤:In accordance with another aspect of the present application, a server is provided, the server including a memory and a processor, the memory storing one or more instructions for executing the one or more instructions to implement the following steps :
在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
在所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;When the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, and the value of the first predetermined field is the predetermined value The terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
当所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
根据本申请的另一方面,提供了一种终端,所述终端包括:存储器和处理器,所述存储器存储有一个或多个指令,所述处理器用于执行所述一个或多个指令实现如下步骤:According to another aspect of the present application, a terminal is provided, the terminal comprising: a memory and a processor, the memory storing one or more instructions, and the processor is configured to execute the one or more instructions as follows step:
在打开网页页面时,检测所述终端是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;When the web page is opened, detecting whether the terminal is running a proxy tool, and the proxy tool is a tool for proxying a resource of the accessed server as a local resource;
当所述终端正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;When the terminal is running the proxy tool, the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;The order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
将所述签名和所述订单参数发送给所述服务器;Sending the signature and the order parameter to the server;
接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。Receiving the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
根据本申请的另一方面,提供了一种计算机可读存储介质,其特征在于,所述存储介质上存储有一个或多个指令,所述一个或多个指令被执行时用于实现如上服务器侧的数值转移方法,和/或,如上终端侧的数值转移方法。According to another aspect of the present application, a computer readable storage medium is provided, wherein one or more instructions are stored on the storage medium, and the one or more instructions are executed to implement a server as described above The side value transfer method, and/or the value transfer method on the terminal side as above.
本申请实施例提供的技术方案带来的有益效果至少包括:The beneficial effects brought by the technical solutions provided by the embodiments of the present application include at least:
通过网页页面检测终端是否使用代理工具,在发送至服务器的订单参数中增加第一预定字段,并且将订单参数生成的签名发送给服务器,服务器根据订单参数和签名来对签名进行校验,由于订单参数中的任意字段的值发生变化后,生成的签名也会发生变化,通过对签名进行校验能够有效地发现代理工具对订单参数的修改。另外,在服务器检测出订单参数中包含第一预定字段且第一预定字段的值为预定数值时,即服务器检测出执行第一订单对应的数值转移操作时终端使用了代理工具,则服务器禁止继续执行第一订单对应的数值转移操作,从而使得恶意用户通过代理工具进行数值转移操作被禁止,达到了保护普通用户的账户和财产安全的效果。The webpage is used to detect whether the terminal uses the proxy tool, the first predetermined field is added to the order parameter sent to the server, and the signature generated by the order parameter is sent to the server, and the server verifies the signature according to the order parameter and the signature, due to the order. After the value of any field in the parameter changes, the generated signature will also change. By verifying the signature, the agent tool can effectively find the modification of the order parameter. In addition, when the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits the continuation. The numerical transfer operation corresponding to the first order is executed, so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
附图说明DRAWINGS
为了更清楚地说明本申请实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. Other drawings may also be obtained from those of ordinary skill in the art in light of the inventive work.
图1是本申请一个实施例所涉及的数值转移方法的实施环境的示意图;1 is a schematic diagram of an implementation environment of a numerical transfer method according to an embodiment of the present application;
图2是本申请一个实施例中提供的数值转移方法的方法流程图;2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application;
图3A是本申请另一个实施例中提供的数值转移方法的方法流程图;3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application;
图3B是本申请一个实施例中提供的支付场景下的数值转移方法的流程图;FIG. 3B is a flowchart of a method for transferring a value in a payment scenario provided in an embodiment of the present application; FIG.
图4是本申请一个实施例中提供的数值转移装置的结构方框图;4 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application;
图5是本申请一个实施例中提供的数值转移装置的结构方框图;Figure 5 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application;
图6是本申请另一个实施例中提供的数值转移装置的结构方框图;Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application;
图7是本申请一个实施例中提供的服务器的结构示意图;7 is a schematic structural diagram of a server provided in an embodiment of the present application;
图8是本申请一个实施例中提供的终端的结构方框图。FIG. 8 is a structural block diagram of a terminal provided in an embodiment of the present application.
具体实施方式detailed description
为使本申请的目的、技术方案和优点更加清楚,下面将结合附图对本申请实施方式作进一步地详细描述。In order to make the objects, technical solutions and advantages of the present application more clear, the embodiments of the present application will be further described in detail below with reference to the accompanying drawings.
图1是本申请一个实施例所涉及的数值转移方法的实施环境的示意图,如图1所示,该实施环境包括:终端110、服务器120和通信网络130。FIG. 1 is a schematic diagram of an implementation environment of a numerical value transfer method according to an embodiment of the present application. As shown in FIG. 1 , the implementation environment includes: a terminal 110, a server 120, and a communication network 130.
终端110具备网页浏览的能力。可选地,终端110包括:台式计算机、膝上型便携计算机、平板电脑、智能手机、销售点(Pointofsales,POS)终端、MP3(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)播放器、MP4播放器等。The terminal 110 has the capability of web browsing. Optionally, the terminal 110 includes: a desktop computer, a laptop portable computer, a tablet computer, a smart phone, a Point ofsales (POS) terminal, and an MP3 (Moving Picture Experts Group Audio Layer III). ) Player, MP4 player, etc.
服务器120是提供互联网网络服务的平台。服务器120具备数值转移、数据存储和逻 辑校验中的至少一项能力。服务器120可以是一台服务器,或者是由若干服务器组成的服务器集群,服务器集群中的各个服务器之间的全部或部分数据可以共享,服务器120也可以是云计算服务中心。本申请实施例对服务器120的物理实现方式不加以限定。 Server 120 is a platform that provides Internet network services. The server 120 has at least one of a value transfer, a data storage, and a logical check. The server 120 may be a server or a server cluster composed of a plurality of servers. All or part of data between the servers in the server cluster may be shared, and the server 120 may also be a cloud computing service center. The physical implementation manner of the server 120 is not limited in this embodiment of the present application.
终端110与服务器120之间通过通信网络130连接。可选地,通信网络130可以为有线通信网络或无线通信网络。The terminal 110 and the server 120 are connected by a communication network 130. Alternatively, communication network 130 can be a wired communication network or a wireless communication network.
终端110的浏览器或应用程序上运行有网页页面111,网页页面111具备提供数值转移操作的能力。该网页页面111还可称为网页客户端。数值转移是指将指定数值的资源在第一账户A和第二账户B之间的转移,比如从第一账户A转账到第二账户B。在实际应用中,数值转移包括支付、充值、转账、还款中的至少一种。对应的,网页页面111实现为支付页面、充值页面、转账页面、还款页面中的至少一种。A web page 111 is run on the browser or application of the terminal 110, and the web page 111 has the ability to provide a numerical transfer operation. The web page 111 can also be referred to as a web client. The numerical transfer refers to the transfer of the resource of the specified value between the first account A and the second account B, such as transferring from the first account A to the second account B. In practical applications, the value transfer includes at least one of payment, recharge, transfer, and repayment. Correspondingly, the webpage page 111 is implemented as at least one of a payment page, a recharge page, a transfer page, and a repayment page.
服务器120上运行有各种CGI(Common Gateway Interface,通用网关接口),本实施例以服务器120上运行有身份校验CGI 121和支付CGI 122为例。CGI在物理上是一段程序,运行在服务器120上。根据实现的功能不同,CGI可以具体划分为不同类型的CGI,比如图1所示的身份校验CGI 121和支付CGI 122。身份校验CGI 121是服务器120上用于实现身份校验功能的程序,支付CGI 122是服务器120上用于实现支付功能的程序。The server 120 runs a variety of CGIs (Common Gateway Interfaces). This embodiment uses the identity verification CGI 121 and the payment CGI 122 on the server 120 as an example. The CGI is physically a program running on the server 120. Depending on the functions implemented, the CGI can be specifically divided into different types of CGIs, such as the identity verification CGI 121 and the payment CGI 122 shown in FIG. The identity verification CGI 121 is a program on the server 120 for implementing the identity verification function, and the payment CGI 122 is a program on the server 120 for implementing the payment function.
网页页面111向服务器发送某一CGI对应的调用请求时,服务器120根据调用请求查找对应的CGI,将调用请求发送给查找到的CGI进行处理,CGI在处理完后将处理结果发送给服务器120,服务器120将处理结果返回给网页页面111。比如,以终端110为PC(Personal Computer,个人电脑)端进行示例性的说明,用户在PC端进行数值转移操作时,由于数值转移操作涉及用户的财产安全。通常,服务器120在完成数值转移操作之前,用户还需要通过终端110向服务器120发送身份验证请求,以确保数值转移操作是本人进行的。When the web page 111 sends a CGI-specific call request to the server, the server 120 searches for the corresponding CGI according to the call request, and sends the call request to the found CGI for processing. After processing, the CGI sends the processing result to the server 120. The server 120 returns the processing result to the web page 111. For example, the terminal 110 is an example of a PC (Personal Computer). When the user performs a value transfer operation on the PC side, the value transfer operation involves the user's property security. Generally, before the server 120 completes the value transfer operation, the user also needs to send an identity verification request to the server 120 through the terminal 110 to ensure that the value transfer operation is performed by the person.
在正常支付的情况下,用户在终端110上打开网页页面111,网页页面111在用户填写完身份验证信息后,根据填写的身份验证信息中的参数生成身份验证请求,将身份验证请求发送给服务器120,服务器120接收到身份验证请求后,将身份验证请求发送给身份校验CGI 121,身份校验CGI 121通过对身份验证请求中的参数进行校验。当通过检验时,身份校验CGI 121将校验成功消息反馈给服务器120,服务器120将校验成功消息返回给网页页面111,网页页面111在接收到校验成功消息后,根据用户填写的数值转移相关的参数生成数值转移请求,将数值转移请求发送给服务器120,服务器120在接收到数值转移请求后,将数值转移请求发送给支付CGI 122,支付CGI 122对数值转移参数进行校验,确保在数值转移之前的身份验证已通过,另外支付CGI 122对手续费进行校验、对支付权限进行校验、对是否支付进行校验等,在校验完成后,进行数值转移操作,在数值转移操作完成后,支付CGI 122向服务器120反馈数值转移成功消息,服务器120将数值转移成功消息返回给网页页面111,网页页面111在终端110上显示数值转移成功的通知。In the case of a normal payment, the user opens a webpage page 111 on the terminal 110. After the user fills in the authentication information, the webpage 111 generates an identity verification request according to the parameters in the filled identity verification information, and sends the identity verification request to the server. 120. After receiving the identity verification request, the server 120 sends an identity verification request to the identity verification CGI 121, and the identity verification CGI 121 verifies the parameters in the identity verification request. When passing the verification, the identity verification CGI 121 feeds back the verification success message to the server 120, and the server 120 returns the verification success message to the webpage page 111. After receiving the verification success message, the webpage page 111 is based on the value filled in by the user. The transfer related parameter generates a value transfer request, and the value transfer request is sent to the server 120. After receiving the value transfer request, the server 120 sends the value transfer request to the payment CGI 122, and the payment CGI 122 checks the value transfer parameter to ensure that the value is transferred. The authentication before the value transfer has passed, and the payment CGI 122 checks the handling fee, checks the payment authority, checks whether the payment is verified, etc. After the verification is completed, the value transfer operation is performed, and the value is transferred. After the operation is completed, the payment CGI 122 feeds back the value transfer success message to the server 120, and the server 120 returns a value transfer success message to the web page 111, and the web page 111 displays a notification of successful numerical transfer on the terminal 110.
而在非正常支付的情况下(比如恶意用户),终端110上还会运行有代理工具112。代理工具112是将被访问的服务器120的资源代理为本地资源的工具。当网页页面111请求该资源时,代理工具112会调用本地资源。代理工具112通常被技术人员应用在开发或测试中,以模拟不同的场景,节省开发成本。常见的代理工具112有Fiddler,Fiddler具有转发、代理、host管理、设置断点、CGI扫描、修改输入参数、修改返回参数、模拟网速中的至少一项功能。In the case of abnormal payment (such as a malicious user), the proxy tool 112 is also run on the terminal 110. The agent tool 112 is a tool that proxyes the resources of the server 120 being accessed as a local resource. When the web page 111 requests the resource, the proxy tool 112 will call the local resource. The agent tool 112 is typically used by technicians in development or testing to simulate different scenarios and save development costs. The common proxy tool 112 has Fiddler, which has at least one of forwarding, proxy, host management, setting breakpoints, CGI scanning, modifying input parameters, modifying return parameters, and simulating network speed.
在实际支付场景中,若是恶意用户使用代理工具112,则网页页面111在向身份校验CGI 121发送身份验证请求时,由于代理工具112能够将服务器120的资源代理为本地资源,因此身份验证请求并没有发送至身份校验CGI 121中,而是调用本地资源,代理工具112伪装成服务器120向网页页面111返回校验成功消息。这种情况下,无论网页页面111中输入的身份验证信息是否正确,网页页面111都能收到校验成功消息,从而绕开了实际的身份验证过程。当网页页面111向支付CGI 122发送支付请求时,由于代理工具112能够 修改输入参数,因此代理工具112能够将发送给支付CGI 122的参数进行修改,使得支付CGI 122在接收到支付请求时,根据对参数的校验结果确认本步骤前的校验逻辑(如身份验证)均已确认,从而继续进行支付逻辑的其他校验,完成数值转移。In the actual payment scenario, if the malicious user uses the proxy tool 112, the web page 111 sends an authentication request to the identity verification CGI 121. Since the proxy tool 112 can proxy the resource of the server 120 as a local resource, the authentication request is Instead of being sent to the identity verification CGI 121, the local resource is invoked and the proxy tool 112 pretends that the server 120 returns a verification success message to the web page 111. In this case, regardless of whether the authentication information entered in the web page 111 is correct, the web page 111 can receive the verification success message, thereby bypassing the actual authentication process. When the web page 111 sends a payment request to the payment CGI 122, since the proxy tool 112 can modify the input parameters, the proxy tool 112 can modify the parameters sent to the payment CGI 122 such that upon receipt of the payment request, the payment CGI 122 is The verification result of the parameter confirms that the verification logic (such as identity verification) before this step has been confirmed, so that other verification of the payment logic is continued, and the value transfer is completed.
由于在实际支付场景下,运行有代理工具112应当被认为是非正常支付。因此,本申请各个实施例中,在网页页面111和支付CGI 122中增加对终端110是否运行代理工具112的校验过程。Since the agent tool 112 is running under the actual payment scenario, it should be considered an abnormal payment. Accordingly, in various embodiments of the present application, a verification process for whether the terminal 110 is running the agent tool 112 is added to the web page 111 and the payment CGI 122.
图2是本申请一个实施例中提供的数值转移方法的方法流程图,该数值转移方法以应用在图1所示的实施环境中举例说明。如图2所示,该数值转移方法可以包括:2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application, which is illustrated by the application in the implementation environment shown in FIG. 1. As shown in FIG. 2, the numerical transfer method may include:
步骤201,终端在打开网页页面时,网页页面检测终端是否正在运行代理工具。Step 201: When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
终端中的浏览器(或应用程序的内置浏览器)运行有网页页面。该网页页面还可称为网页客户端。The browser in the terminal (or the built-in browser of the application) runs a web page. This web page can also be referred to as a web client.
代理工具是将被访问的服务器的资源代理为本地资源的工具。A proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
网页页面是需要检测是否运行代理工具的页面。可选地,网页页面用于提供数值转移操作,网页页面包括支付页面、充值页面、转账页面、还款页面中的至少一种。A web page is a page that needs to detect whether or not to run a proxy tool. Optionally, the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
步骤202,当终端正在运行代理工具时,网页页面令第一预定字段的值为预定数值,第一预定字段用于指示是否使用代理工具。Step 202: When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool.
在网页页面发送给支付CGI的支付请求中增加第一预定字段,第一预定字段用来表示是否使用代理工具。比如:第一预定字段为agent_tool。若终端中运行Fiddler时,网页页面令agent_tool=1,用于表示有代理工具运行。A first predetermined field is added to the payment request sent by the web page to the payment CGI, and the first predetermined field is used to indicate whether to use the proxy tool. For example, the first predetermined field is agent_tool. If Fiddler is running in the terminal, the web page page causes agent_tool=1 to indicate that there is a proxy tool running.
步骤203,网页页面将第一订单的订单参数按照预定数字签名规则计算得到签名,订单参数包含第一预定字段以及其他的数值转移操作对应字段。Step 203: The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, and the order parameter includes a first predetermined field and other value transfer operation corresponding fields.
可选地,计算签名是在提交第一订单之前的预定时间段内,通常预定时间段较短。比如,用户在网页页面上填写完第一订单对应的数值转移的数量以及转移账户的信息后,当网页页面上的确认控件被触发时,网页页面根据用户填写的信息对应的各个字段以及第一预定字段,根据预定数字签名规则计算得到签名。Optionally, the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field is calculated according to a predetermined digital signature rule.
可选地,预定数字签名规则可以为MD5签名。MD5签名在生成签名时,从用户的订单参数中选取一些特定的参数按照一定的排序并加上外部用户不可见的key值生成。MD5签名是不可逆的,也就是说,用户无法根据MD5签名逆向计算出签名前的参数。网页页面使用MD5签名生成签名前,会在计算签名的字段中加上第一预定字段。Alternatively, the predetermined digital signature rule may be an MD5 signature. When generating the signature, the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user. The MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature. Before the web page generates the signature using the MD5 signature, the first predetermined field is added to the field of the calculated signature.
可选地,网页页面还可以使用3des进行数字签名,3des与MD5签名的区别是3des的加密是可逆的,CGI可以通过密钥解密数字签名得到签名前的参数。对于3des,网页页面是在生成签名后增加第一预定字段以及根据指定key生成的MD5签名。Optionally, the webpage may also be digitally signed using 3des. The difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature. For 3des, the web page is a first predetermined field added after the signature is generated and an MD5 signature generated according to the specified key.
步骤204,网页页面将签名和第一订单的订单参数发送给服务器。Step 204: The webpage page sends the signature and the order parameter of the first order to the server.
由于MD5签名不可逆,因此签名前的订单参数也被发送给服务器,服务器中的支付CGI根据订单参数和签名对签名是否正确进行校验。Since the MD5 signature is irreversible, the order parameters before the signature are also sent to the server, and the payment CGI in the server verifies the signature correctly according to the order parameters and the signature.
在实际应用中,网页页面根据签名和订单参数生成支付请求,网页页面将支付请求发送给服务器,服务器接收到网页页面发送的支付请求后,将支付请求发送给对应的支付CGI进行处理,支付CGI在处理完支付请求后,将处理结果发送给服务器,服务器再把处理结果发送给网页页面。In an actual application, the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server. After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI. After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
对于支付CGI处理网页页面发送的支付请求的具体实现请参见步骤205至步骤207。For the specific implementation of the payment request sent by the CGI processing webpage, please refer to step 205 to step 207.
步骤205,支付CGI在接收到网页页面发送的第一订单的订单参数和签名后,根据订单参数和签名检测该签名是否正确。Step 205: After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
由于订单参数或签名可能被修改,因此支付CGI需要通过校验签名是否正确确定订单参数或签名是否被修改过。Since the order parameters or signatures may be modified, the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
步骤206,在签名正确时,支付CGI检测第一订单的订单参数中是否包含第一预定字段,且第一预定字段的值为预定数值。Step 206: When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter of the first order, and the value of the first predetermined field is a predetermined value.
第一预定字段用于指示是否使用代理工具,第一预定字段的值为预定数值时表示使用代理工具。The first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
对应步骤202,支付CGI需要检测订单参数中是否包含第一预定字段agent_tool,且第一预定字段的值是否为预定数值1。Corresponding to step 202, the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
步骤207,当第一订单的订单参数中包含第一预定字段且第一预定字段的值为预定数值时,支付CGI向网页页面发送第一错误码,并禁止继续执行第一订单对应的数值转移操作。Step 207: When the order parameter of the first order includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer corresponding to the first order. operating.
当终端中有代理工具运行时,网页页面令agent_tool=1,支付CGI接收到的订单参数中包含agent_tool=1,则订单参数中包含第一预定字段agent_tool,且第一预定字段的值为预定数值1。When the agent tool is running in the terminal, the webpage page causes agent_tool=1, and the order parameter included in the payment CGI includes agent_tool=1, the order parameter includes the first predetermined field agent_tool, and the value of the first predetermined field is a predetermined value. 1.
当支付CGI检测到agent_tool=1时,会向网页页面发送第一错误码,告知网页页面禁止继续执行第一订单对应的数值转移操作。在支付场景中,支付CGI发送的第一错误码可以为:retcode=5100211,retmsg=禁止用户继续支付。When the payment CGI detects the agent_tool=1, the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order. In the payment scenario, the first error code sent by the payment CGI may be: retcode=5100211, retmsg= prohibiting the user from continuing to pay.
步骤208,网页页面接收服务器发送的第一错误码,第一错误码用于提示禁止继续执行数值转移操作。Step 208: The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
网页页面通过解析第一错误码获取禁止继续执行数值转移操作的消息。The web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
可选地,网页页面根据第一错误码弹出提示窗口,该提示窗口用于提示用户禁止继续执行数值转移操作。Optionally, the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
需要说明的是,本实施例中终端与服务器的交互可以直接理解为网页页面与支付CGI之间的交互。It should be noted that the interaction between the terminal and the server in this embodiment may be directly understood as the interaction between the web page and the payment CGI.
综上所述,本申请实施例提供的数值转移方法,通过网页页面检测终端是否使用代理工具,在发送至服务器的订单参数中增加第一预定字段,并且将订单参数生成的签名发送给服务器,服务器根据订单参数和签名来对签名进行校验,由于订单参数中的任意字段的值发生变化后,生成的签名也会发生变化,通过对签名进行校验能够有效地发现代理工具对订单参数的修改。另外在服务器检测出订单参数中包含第一预定字段且第一预定字段的值为预定数值时,即服务器检测出执行第一订单对应的数值转移操作时终端使用了代理工具,则服务器禁止继续执行第一订单对应的数值转移操作,从而使得恶意用户通过代理工具进行数值转移操作被禁止,达到了保护普通用户的账户和财产安全的效果。In summary, the value transfer method provided by the embodiment of the present application detects whether the terminal uses the proxy tool through the webpage page, adds a first predetermined field to the order parameter sent to the server, and sends the signature generated by the order parameter to the server. The server verifies the signature according to the order parameters and the signature. Since the value of any field in the order parameter changes, the generated signature also changes. By verifying the signature, the proxy tool can effectively find the order parameter. modify. In addition, when the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution. The value transfer operation corresponding to the first order, so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
图3A是本申请另一个实施例中提供的数值转移方法的方法流程图,该数值转移方法以应用在图1所示的实施环境中举例说明。如图3A所示,该数值转移方法可以包括:FIG. 3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application, which is exemplified in the implementation environment shown in FIG. 1. As shown in FIG. 3A, the numerical transfer method may include:
步骤301,终端在打开网页页面时,网页页面检测终端是否正在运行代理工具。Step 301: When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
代理工具是将被访问的服务器的资源代理为本地资源的工具。A proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
网页页面是需要检测是否运行代理工具的页面。可选地,网页页面用于提供数值转移操作,网页页面包括支付页面、充值页面、转账页面、还款页面中的至少一种。A web page is a page that needs to detect whether or not to run a proxy tool. Optionally, the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
可选地,当终端上打开的是登录页面时,登录页面也可以检测终端是否正在运行代理工具。也即,网页页面也可以包括登录页面。Optionally, when the login page is opened on the terminal, the login page may also detect whether the terminal is running the proxy tool. That is, the web page may also include a login page.
可选地,网页页面检测终端是否正在运行代理工具,可以通过以下方式实现:Optionally, the web page detects whether the terminal is running the proxy tool, and can be implemented in the following manner:
S1,网页页面检测终端的资源管理器中是否运行有目标代理工具。S1. The web page detects whether the target agent tool is running in the resource manager of the terminal.
目标代理工具是预配置的代理工具列表中的至少一个。代理工具可能有很多种,网页页面预先将一系列代理工具的名称配置成一个代理工具列表,然后根据代理工具列表到资源管理器中查询是否有代理工具列表上的目标代理工具正在运行。The target agent tool is at least one of a list of pre-configured agent tools. There may be a variety of agent tools. The web page pre-configures the names of a series of agent tools into a list of agent tools, and then queries the resource manager according to the list of agent tools to see if the target agent tool on the agent tool list is running.
S2,当终端的资源管理器中运行有目标代理工具时,网页页面确定终端正在运行代理工具。S2. When the target agent tool is run in the resource manager of the terminal, the web page determines that the terminal is running the agent tool.
在实际应用中,终端可能运行一个代理工具,也可能同时运行多个代理工具,网页页面在检测到代理工具列表中的任意一个代理工具在运行时,便可以确认终端正在运行代理工具。In practical applications, the terminal may run an agent tool or multiple agent tools at the same time. When the web page detects that any agent tool in the agent tool list is running, it can confirm that the terminal is running the agent tool.
S3,当终端的资源管理器中没有运行任何目标代理工具时,网页页面确定终端没有运 行代理工具。S3. When no target agent tool is running in the resource manager of the terminal, the web page determines that the terminal does not run the agent tool.
在实际应用中,只有在终端没有运行任何代理工具列表中的代理工具时,才能确认终端没有运行代理工具。In practical applications, it can be confirmed that the terminal is not running the agent tool only when the terminal does not run the agent tool in the list of agent tools.
步骤302,当终端正在运行代理工具时,网页页面令第一预定字段的值为预定数值,令第二预定字段的值为代理工具的名称,第一预定字段用于指示是否使用代理工具,第二预定字段用于表示所使用的代理工具的名称。Step 302: When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, so that the value of the second predetermined field is the name of the proxy tool, and the first predetermined field is used to indicate whether to use the proxy tool, The second predetermined field is used to indicate the name of the agent tool used.
在网页页面发送给支付CGI的支付请求中增加第一预定字段和第二预定字段,分别用来表示是否使用代理工具以及所使用的代理工具的名称。比如:第一预定字段为agent_tool,第二预定字段为agent_name。若终端中运行Fiddler时,网页页面令agent_tool=1,用于表示有代理工具运行,令agent_name=Fiddler,用于表示正在运行的代理工具的名称为Fiddler。A first predetermined field and a second predetermined field are added to the payment request sent by the web page to the payment CGI, respectively, to indicate whether to use the proxy tool and the name of the proxy tool used. For example, the first predetermined field is agent_tool, and the second predetermined field is agent_name. If Fiddler is running in the terminal, the web page page causes agent_tool=1 to indicate that there is a proxy tool running, and agent_name=Fiddler is used to indicate that the name of the running proxy tool is Fiddler.
可选地,在网页页面发送给支付CGI的支付请求中只增加第一预定字段,第二预定字段为可选字段。Optionally, only the first predetermined field is added in the payment request sent by the web page to the payment CGI, and the second predetermined field is an optional field.
步骤303,网页页面将第一订单的订单参数按照预定数字签名规则计算得到签名,订单参数包含第一预定字段、第二预定字段以及其他的数值转移操作对应字段。Step 303: The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes a first predetermined field, a second predetermined field, and other value transfer operation corresponding fields.
可选地,计算签名是在提交第一订单之前的预定时间段内,通常预定时间段较短。比如,用户在网页页面上填写完第一订单对应的数值转移的数量以及转移账户的信息后,当网页页面上的确认控件被触发时,网页页面根据用户填写的信息对应的各个字段以及第一预定字段和第二预定字段根据预定数字签名规则计算得到签名。Optionally, the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field and the second predetermined field are calculated according to a predetermined digital signature rule.
可选地,预定数字签名规则可以为MD5签名。MD5签名在生成签名时,从用户的订单参数中选取一些特定的参数按照一定的排序并加上外部用户不可见的key值生成。MD5签名是不可逆的,也就是说,用户无法根据MD5签名逆向计算出签名前的参数。网页页面使用MD5签名生成签名前,会在计算签名的字段中加上第一预定字段和第二预定字段(或者,仅添加第一预定字段)。Alternatively, the predetermined digital signature rule may be an MD5 signature. When generating the signature, the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user. The MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature. Before the web page generates the signature using the MD5 signature, the first predetermined field and the second predetermined field are added to the field for calculating the signature (or only the first predetermined field is added).
可选地,网页页面还可以使用3des进行数字签名,3des与MD5签名的区别是3des的加密是可逆的,CGI可以通过密钥解密数字签名得到签名前的参数。对于3des,网页页面是在生成签名后增加第一预定字段和第二预定字段以及根据指定key生成的MD5签名。Optionally, the webpage may also be digitally signed using 3des. The difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature. For 3des, the web page is to add the first predetermined field and the second predetermined field after generating the signature and the MD5 signature generated according to the specified key.
步骤304,网页页面将签名和订单参数发送给支付CGI。In step 304, the web page sends the signature and order parameters to the payment CGI.
网页页面将签名和订单参数发送给支付CGI的过程即为调用支付CGI的过程。The process of sending the signature and order parameters to the payment CGI on the web page is the process of calling the payment CGI.
由于MD5签名不可逆,因此签名前的订单参数也被发送给支付CGI,支付CGI根据订单参数和签名对签名是否正确进行校验。Since the MD5 signature is irreversible, the order parameters before the signature are also sent to the payment CGI, and the payment CGI verifies that the signature is correct according to the order parameters and the signature.
在实际应用中,网页页面根据签名和订单参数生成支付请求,网页页面将支付请求发送给服务器,服务器接收到网页页面发送的支付请求后,将支付请求发送给对应的支付CGI进行处理,支付CGI在处理完支付请求后,将处理结果发送给服务器,服务器再把处理结果发送给网页页面。In an actual application, the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server. After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI. After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
步骤305,支付CGI在接收到网页页面发送的第一订单的订单参数和签名后,根据订单参数和签名检测该签名是否正确。Step 305: After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
由于订单参数或签名可能被修改,因此支付CGI需要通过校验签名是否正确确定订单参数或签名是否被修改过。Since the order parameters or signatures may be modified, the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
可选地,检测签名是否正确可以通过以下方式实现:Alternatively, detecting the correctness of the signature can be achieved by:
s1,支付CGI根据订单参数按照预定数字签名规则计算出校验签名。S1, the payment CGI calculates the verification signature according to the predetermined digital signature rule according to the order parameter.
由于MD5签名不可逆,支付CGI需要根据订单参数按照与网页页面相同的预定数字签名规则计算出签名,该签名为校验签名,通过将校验签名与接收到的签名进行比对,确定出签名或订单参数是否被修改。Since the MD5 signature is irreversible, the payment CGI needs to calculate the signature according to the order parameter according to the same predetermined digital signature rule as the webpage page. The signature is a verification signature, and the signature is determined by comparing the verification signature with the received signature. Whether the order parameters have been modified.
s2,支付CGI检测签名与校验签名是否一致。S2, whether the payment CGI detection signature is consistent with the verification signature.
s3,当签名与校验签名一致时,支付CGI确定签名正确。S3, when the signature is consistent with the verification signature, the payment CGI determines that the signature is correct.
s4,当签名与校验签名不一致时,支付CGI确定签名错误。S4, when the signature is inconsistent with the verification signature, the payment CGI determines the signature error.
步骤306,在确定签名错误时,支付CGI向网页页面发送第二错误码,并禁止继续执行第一订单对应的数值转移操作。 Step 306, when determining the signature error, the payment CGI sends a second error code to the webpage page, and prohibits the execution of the numerical transfer operation corresponding to the first order.
支付CGI在确定签名错误时,表明支付CGI对签名的校验不通过,因此支付CGI向网页页面发送第二错误码报错。When the payment CGI determines the signature error, it indicates that the payment CGI does not pass the verification of the signature, so the payment CGI sends a second error code error to the webpage page.
在实际支付场景中,第二错误码可以为:retcode=5100200,retmsg=签名错误,禁止用户继续支付。In the actual payment scenario, the second error code may be: retcode=5100200, retmsg=signature error, prohibiting the user from continuing to pay.
步骤307,网页页面接收服务器发送的第二错误码,第二错误码用于提示签名错误并禁止继续执行数值转移操作。Step 307: The webpage page receives a second error code sent by the server, and the second error code is used to prompt a signature error and prohibits the execution of the value transfer operation.
可选地,网页页面根据第二错误码弹出提示窗口,该提示窗口用于提示用户禁止继续执行数值转移操作。Optionally, the webpage pops up a prompt window according to the second error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
作为步骤305的另一个分支,在签名正确的情况下,支付CGI需要继续执行步骤308。As another branch of step 305, if the signature is correct, the payment CGI needs to proceed to step 308.
步骤308,在签名正确时,支付CGI检测订单参数中是否包含第一预定字段,且第一预定字段的值为预定数值。Step 308: When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value.
第一预定字段用于指示是否使用代理工具,第一预定字段的值为预定数值时表示使用代理工具。The first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
对应步骤302,支付CGI需要检测订单参数中是否包含第一预定字段agent_tool,且第一预定字段的值是否为预定数值1。Corresponding to step 302, the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
步骤309,当订单参数中包含第一预定字段且第一预定字段的值为预定数值时,支付CGI在服务器的数据库中记录第一订单的订单号,标记订单号对应的第一订单为目标订单。 Step 309, when the order parameter includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI records the order number of the first order in the database of the server, and marks the first order corresponding to the order number as the target order. .
订单号用于唯一标识第一订单,目标订单为使用代理工具的数值转移订单。The order number is used to uniquely identify the first order, and the target order is a value transfer order using the agent tool.
当终端中有代理工具运行时,网页页面令agent_tool=1,支付CGI接收到的订单参数中包含agent_tool=1,则订单参数中包含第一预定字段agent_tool,且第一预定字段的值为预定数值1。When the agent tool is running in the terminal, the webpage page causes agent_tool=1, and the order parameter included in the payment CGI includes agent_tool=1, the order parameter includes the first predetermined field agent_tool, and the value of the first predetermined field is a predetermined value. 1.
可选地,支付CGI在数据库中将订单号与标记对应存储,标记可以为agent_tool=1。Optionally, the payment CGI stores the order number and the tag in the database, and the tag may be agent_tool=1.
步骤310,支付CGI向网页页面发送第一错误码,并禁止继续执行第一订单对应的数值转移操作。Step 310: The payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer operation corresponding to the first order.
当支付CGI检测到agent_tool=1时,会向网页页面发送第一错误码,告知网页页面禁止继续执行第一订单对应的数值转移操作。在支付场景中,支付CGI发送的第一错误码可以为:retcode=5100211,retmsg=禁止用户继续支付。When the payment CGI detects the agent_tool=1, the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order. In the payment scenario, the first error code sent by the payment CGI may be: retcode=5100211, retmsg= prohibiting the user from continuing to pay.
步骤311,网页页面接收服务器发送的第一错误码,第一错误码用于提示禁止继续执行数值转移操作。Step 311: The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
网页页面通过解析第一错误码获取禁止继续执行数值转移操作的消息。The web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
可选地,网页页面根据第一错误码弹出提示窗口,该提示窗口用于提示用户禁止继续执行数值转移操作。Optionally, the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
在实际实现时,即使网页页面接收到第一错误码之后,恶意用户仍可能通过网页页面再次提交相同的数值转移订单,并且有可能通过代理工具重新修改参数。在一种可能的情况中,当网页页面弹出提示窗口提示用户禁止继续执行数值转移操作时,恶意用户可能直接关闭提示窗口,确认控件再次被触发,网页页面将该数值转移订单再次发送至支付CGI。在另一种可能的情况中,恶意用户更换了一个终端,重新打开网页页面,将之前已提交但未完成支付的数值转移订单重新提交。以上两种情况,重新提交的数值转移订单的订单号不变。对于这类订单,支付CGI通过以下步骤进行校验。In actual implementation, even after the webpage page receives the first error code, the malicious user may submit the same value transfer order again through the webpage page, and it is possible to re-modify the parameters through the proxy tool. In a possible case, when the web page pop-up prompt window prompts the user to prohibit the value transfer operation from being performed, the malicious user may directly close the prompt window, confirm that the control is triggered again, and the web page sends the value transfer order to the payment CGI again. . In another possible scenario, a malicious user replaces a terminal, reopens the web page, and resubmits the value transfer order that was previously submitted but not completed. In both cases, the order number of the resubmitted value transfer order does not change. For this type of order, the payment CGI is verified by the following steps.
步骤312,网页页面在提交第二订单时,将第二订单的签名和订单参数发送给支付CGI,第二订单的订单参数还包括第二订单的订单号。Step 312: When submitting the second order, the webpage page sends the signature and order parameters of the second order to the payment CGI, and the order parameter of the second order further includes the order number of the second order.
第二订单的订单号用于唯一标识第二订单。The order number of the second order is used to uniquely identify the second order.
可选地,第二订单是指已提交过但未完成的数值转移订单。Alternatively, the second order is a value transfer order that has been submitted but not completed.
步骤313,当接收到第二订单的提交请求时,支付CGI根据第二订单的订单号在数据库中查询第二订单是否属于目标订单。Step 313, when receiving the submit request of the second order, the payment CGI queries the database whether the second order belongs to the target order according to the order number of the second order.
第二订单被重新提交后,由于第二订单的订单号与之前被提交时的订单号相同,因此支付CGI根据第二订单的订单号查询第二订单是否属于被标记的目标订单。After the second order is resubmitted, since the order number of the second order is the same as the order number when the previous order was submitted, the payment CGI checks whether the second order belongs to the marked target order according to the order number of the second order.
步骤314,当第二订单属于目标订单时,支付CGI向网页页面发送第一错误码。Step 314, when the second order belongs to the target order, the payment CGI sends the first error code to the webpage page.
由于第二订单属于目标订单,表明第二订单是使用代理工具的数值转移订单,则支付CGI直接向网页页面发送第一错误码报错。Since the second order belongs to the target order, indicating that the second order is a value transfer order using the proxy tool, the payment CGI directly sends a first error code error to the webpage page.
步骤315,网页页面接收支付CGI发送的第一错误码。Step 315, the webpage page receives the first error code sent by the payment CGI.
可选地,网页页面通过解析第一错误码弹出对应的提示窗口,用于提示用户禁止继续执行数值转移操作。Optionally, the webpage page pops up the corresponding prompt window by parsing the first error code, and is used to prompt the user to prohibit the value transfer operation from continuing.
作为步骤308的另一个分支,该方法还包括步骤316。As another branch of step 308, the method further includes step 316.
步骤316,在签名正确且订单参数中没有第一预定字段时,或在签名正确且第一预定字段的值不为预定数值时,继续执行正常的数值转移的其他校验流程。Step 316, when the signature is correct and there is no first predetermined field in the order parameter, or when the signature is correct and the value of the first predetermined field is not a predetermined value, the other verification process of the normal value transfer is continued.
其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。The other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether or not the payment authority is available.
对没有安装代理工具的终端,或安装有代理工具但没有在执行数值转移操作的整个过程中开启代理工具,网页页面不会发送第一预定字段和第二预定字段给支付CGI,或者网页页面发送第一预定字段和第二预定字段,但第一预定字段的值为空或不为预定数值,第二预定字段的值为空。For a terminal that does not have an agent tool installed, or an agent tool installed but does not open the agent tool during the entire process of performing a value transfer operation, the web page does not send the first predetermined field and the second predetermined field to the payment CGI, or the web page is sent. The first predetermined field and the second predetermined field, but the value of the first predetermined field is null or not a predetermined value, and the value of the second predetermined field is null.
可选地,在实际实现时,支付CGI支持配置开关。开关打开时,支付CGI需要对订单参数中是否有用于指示终端是否使用代理工具的第一预定字段进行检测。对应的,终端上的网页页面需要通过资源管理器检测终端中是否运行代理工具,然后在订单参数中增加第一预定字段,或增加第一预定字段和第二预定字段。开关关闭时,支付CGI不检测订单参数中的第一预定字段,对应的,网页页面不检测终端中是否运行代理工具。Optionally, in actual implementation, the payment CGI supports a configuration switch. When the switch is turned on, the payment CGI needs to detect whether there is a first predetermined field in the order parameter indicating whether the terminal uses the proxy tool. Correspondingly, the webpage page on the terminal needs to detect whether the proxy tool is running in the terminal through the resource manager, and then add a first predetermined field in the order parameter, or add a first predetermined field and a second predetermined field. When the switch is turned off, the payment CGI does not detect the first predetermined field in the order parameter, and correspondingly, the web page does not detect whether the proxy tool is running in the terminal.
可选地,该开关在支付CGI的配置文件中,技术人员必须登录服务器后才能进行开关的控制,因此该开关仅由技术人员控制,普通用户不能够控制该开关。技术人员在测试和开发时由于需要使用到代理工具,因此关闭开关。在网页页面正常供用户使用时,开关是打开的,以检测实际支付环境中,终端是否运行代理工具。Optionally, the switch is in the CGI configuration file, and the technician must log in to the server to control the switch. Therefore, the switch is only controlled by a technician, and the ordinary user cannot control the switch. The technician turned off the switch during testing and development because of the need to use the agent tool. When the web page is normally available to the user, the switch is turned on to detect whether the terminal is running the proxy tool in the actual payment environment.
本实施例所提供的数值转移方法在支付场景下还可以表示为图3B所示的流程图。如图3B所示,首先执行S301,打开网页页面;然后执行S302,网页页面检查终端的资源管理器进程;然后执行S303,判断终端是否使用代理工具;若S303判断结果为否,执行S304,网页页面根据第一订单的订单参数计算标签,该标签可以是订单参数的签名,使用该标签调用支付CGI;然后执行S307,支付CGI根据第一订单的订单参数计算和校验该标签是否正确;若S303的判断结果为是,则执行S305,令第一预定字段agent_tool=1,第二预定字段agent_name=***,网页页面根据第一订单的订单参数(含第一预定字段和第二预定字段)计算生成标签,该标签可以是订单参数的签名;然后执行S306,网页页面使用该标签调用支付CGI,在调用过程中向支付CGI发送agent_tool=1,agent_name=***,以及标签;然后执行S307,支付CGI根据第一订单的订单参数(含第一预定字段和第二预定字段)计算和校验该标签;然后执行S308,支付CGI验证标签是否正确;The numerical value transfer method provided in this embodiment can also be represented as a flowchart shown in FIG. 3B in the payment scenario. As shown in FIG. 3B, S301 is first executed to open a webpage page; then, S302 is executed, and the webpage page checks the resource manager process of the terminal; then, S303 is executed to determine whether the terminal uses the proxy tool; if the result of the determination in S303 is no, the webpage is executed. The page calculates a label according to the order parameter of the first order, the label may be a signature of the order parameter, and the payment CGI is invoked by using the label; then, executing S307, the payment CGI calculates and verifies whether the label is correct according to the order parameter of the first order; If the determination result of S303 is yes, then S305 is executed to make the first predetermined field agent_tool=1, the second predetermined field agent_name=***, and the webpage page is based on the order parameter of the first order (including the first predetermined field and the second predetermined field) Calculating a generated tag, which may be a signature of the order parameter; then executing S306, the web page uses the tag to call the payment CGI, and in the calling process, sends the agent_tool=1, agent_name=***, and the tag to the payment CGI; S307, the payment CGI calculates and according to the order parameter of the first order (including the first predetermined field and the second predetermined field) Verify the label; then execute S308 to pay the CGI verification label for correctness;
若S308的判断结果为否,也即第一订单的订单参数的签名有误,则执行S3089,支付CGI返回第二错误码;然后网页页面执行S310,网页页面显示第一页面弹窗,该第一页面弹窗可以显示有提示文字:签名错误,无法继续支付。If the determination result of S308 is no, that is, the signature of the order parameter of the first order is incorrect, then S3089 is executed, and the payment CGI returns a second error code; then the webpage page executes S310, and the webpage page displays the first page popup window, the first page A page pop-up window can display prompt text: signature error, unable to continue to pay.
若S308的判断结果为是,则执行S311,支付CGI判断第一预定字段agent_tool是否等于1;若S311的判断结果为是,也即agent_tool等于1,则执行S312,支付CGI返回第一错误码,第一错误码用于指示禁止继续执行数值转移操作;然后执行S313,网页页面显示第二页面弹窗,第二页面弹窗可以显示有提示文字:禁止支付,无法继续支付;若S311 的判断结果为否,则执行S314,也即agent_tool等于0,支付CGI进行支付逻辑的其他校验。If the result of the determination in S308 is YES, then S311 is performed, and the payment CGI determines whether the first predetermined field agent_tool is equal to 1; if the determination result of S311 is YES, that is, the agent_tool is equal to 1, executing S312, the payment CGI returns the first error code, The first error code is used to indicate that the numerical value transfer operation is prohibited from being performed; then, in S313, the webpage page displays the second page popup window, and the second page popup window can display the prompt text: prohibiting payment, unable to continue to pay; if the judgment result of S311 If no, execute S314, that is, agent_tool is equal to 0, and pay the CGI to perform other verification of the payment logic.
综上所述,本申请实施例提供的数值转移方法,通过网页页面检测终端是否使用代理工具,在发送至服务器的订单参数中增加第一预定字段和第二预定字段,并且将订单参数生成的签名发送给服务器,服务器根据订单参数和签名来对签名进行校验,由于订单参数中的任意字段的值发生变化后,生成的签名也会发生变化,通过对签名进行校验能够有效地发现代理工具对订单参数的修改。另外在服务器检测出订单参数中包含第一预定字段且第一预定字段的值为预定数值时,即服务器检测出执行第一订单对应的数值转移操作时终端使用了代理工具,则服务器禁止继续执行第一订单对应的数值转移操作,从而使得恶意用户通过代理工具进行数值转移操作被禁止,达到了保护普通用户的账户和财产安全的效果。In summary, the value transfer method provided by the embodiment of the present application detects whether the terminal uses the proxy tool through the webpage page, adds the first predetermined field and the second predetermined field to the order parameter sent to the server, and generates the order parameter. The signature is sent to the server, and the server verifies the signature according to the order parameter and the signature. Since the value of any field in the order parameter changes, the generated signature also changes, and the signature can be effectively verified by verifying the signature. The tool modifies the order parameters. In addition, when the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution. The value transfer operation corresponding to the first order, so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
另外,本实施例提供的数值转移方法还通过在签名错误时,支付CGI禁止继续执行数值转移操作,使得在订单参数或签名发生变化时,禁止执行数值转移操作,保护普通用户的账户和财产安全。In addition, the numerical value transfer method provided in this embodiment further prohibits the execution of the value transfer operation by the payment CGI when the signature is incorrect, so that when the order parameter or the signature changes, the numerical transfer operation is prohibited, and the account and property security of the ordinary user are protected. .
另外,本实施例提供的数值转移方法还通过在支付CGI检测到第一订单为使用代理工具的数值转移订单时,将第一订单的订单号记录到数据库中,标记第一订单为目标订单后,若具备相同订单号的第二订单被提交,则支付CGI能够根据订单号查询数据库,快速确定出第二订单为使用代理工具的数值转移订单。In addition, the value transfer method provided by the embodiment further records the order number of the first order into the database by detecting the first order as the value of the agent tool when the payment CGI detects the order, and marks the first order as the target order. If a second order with the same order number is submitted, the payment CGI can query the database according to the order number and quickly determine that the second order is a value transfer order using the agent tool.
另外,本实施例提供的数值转移方法还通过在签名校验正确且订单参数中不含第一预定字段或在签名校验正确且订单参数中的第一预定字段不为预定数值时,继续执行数值转移操作的其他校验流程,使得没有使用代理工具的终端的数值转移订单请求能够被正常执行。In addition, the numerical value transfer method provided by the embodiment further performs the execution when the signature verification is correct and the first predetermined field is not included in the order parameter or when the signature verification is correct and the first predetermined field in the order parameter is not a predetermined value. The other verification flow of the numerical transfer operation enables the numerical transfer order request of the terminal that does not use the proxy tool to be executed normally.
图4是本申请一个实施例中提供的数值转移装置的结构方框图,该数值转移装置以应用在图1所示的服务器120中举例说明。如图4所示,该数值转移装置可以包括:第一检测模块410、第二检测模块420和第一发送模块430。4 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application, which is exemplified in the server 120 shown in FIG. 1. As shown in FIG. 4, the value transfer device may include: a first detection module 410, a second detection module 420, and a first transmission module 430.
第一检测模块410,用于在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;The first detecting module 410 is configured to: after receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each of the preceding fields, the signature being obtained by the order parameter according to a predetermined digital signature rule;
第二检测模块420,用于在所述第一检测模块检测到所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;The second detecting module 420 is configured to detect, when the first detecting module detects that the signature is correct, whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value. When the value of the first predetermined field is the predetermined value, the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
第一发送模块430,用于当所述第二检测模块检测到所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。The first sending module 430 is configured to: when the second detecting module detects that the first predetermined field is included in the order parameter, and the value of the first predetermined field is the predetermined value, to the webpage page Sending the first error code and prohibiting the execution of the value transfer operation corresponding to the first order.
在一个可选的实施例中,所述第一检测模块410,包括:计算单元,用于根据所述订单参数按照预定数字签名规则计算出校验签名;检测单元,用于检测所述签名与所述计算单元得到的所述校验签名是否一致;第一确定单元,用于当所述检测单元检测到所述签名与所述校验签名一致时,确定所述签名正确。In an optional embodiment, the first detecting module 410 includes: a calculating unit, configured to calculate a verification signature according to the predetermined digital signature rule according to the order parameter; and a detecting unit, configured to detect the signature and Whether the verification signature obtained by the calculating unit is consistent; the first determining unit is configured to determine that the signature is correct when the detecting unit detects that the signature is consistent with the verification signature.
在一个可选的实施例中,如图5所示,所述装置还包括:第二确定单元442,用于当所述检测单元检测到所述签名与所述校验签名不一致时,确定所述签名错误;第二发送模块444,用于在所述第二确定单元确定所述签名错误时,向所述网页页面发送第二错误码,并禁止继续执行所述第一订单对应的数值转移操作。In an optional embodiment, as shown in FIG. 5, the apparatus further includes: a second determining unit 442, configured to determine, when the detecting unit detects that the signature is inconsistent with the verification signature, The second sending module 444 is configured to: when the second determining unit determines the signature error, send a second error code to the webpage page, and prohibit performing the numerical transfer corresponding to the first order operating.
在一个可选的实施例中,如图5所示,所述装置还包括:标记模块462,用于在所述装置的数据库中记录所述第一订单的订单号,标记所述订单号对应的所述第一订单为目标订单,所述第一订单的订单号用于唯一标识所述第一订单,所述目标订单为使用代理工具的 数值转移订单;查询模块464,用于当接收到第二订单的提交请求时,根据所述第二订单的订单号在所述数据库中查询所述第二订单是否属于所述标记模块标记的所述目标订单;所述第一发送模块430,还用于当所述查询模块查询到所述第二订单属于所述目标订单时,向所述网页页面发送所述第一错误码。In an optional embodiment, as shown in FIG. 5, the device further includes: a marking module 462, configured to record an order number of the first order in a database of the device, and mark the order number corresponding to The first order is a target order, the order number of the first order is used to uniquely identify the first order, the target order is a value transfer order using a proxy tool; and the query module 464 is configured to receive When the second order is submitted, the database is queried according to the order number of the second order whether the second order belongs to the target order marked by the marking module; the first sending module 430 further And when the query module queries that the second order belongs to the target order, sending the first error code to the webpage page.
在一个可选的实施例中,所述装置还包括:校验模块480,用于在所述第一检测模块检测到所述签名正确且所述第二检测模块检测到所述订单参数中没有所述第一预定字段时,或在所述第一检测模块检测到所述签名正确且所述第二检测模块检测到所述第一预定字段的值不为所述预定数值时,继续执行正常的数值转移的其他校验流程,所述其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。In an optional embodiment, the apparatus further includes: a verification module 480, configured to: when the first detection module detects that the signature is correct and the second detection module detects that the order parameter is not When the first predetermined field is detected, or when the first detecting module detects that the signature is correct and the second detecting module detects that the value of the first predetermined field is not the predetermined value, continuing to perform normal The other verification process of the value transfer includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
图6是本申请另一个实施例中提供的数值转移装置的结构方框图,该数值转移装置以应用在图1所示的终端110中举例说明。如图6所示,该数值转移装置可以包括:第三检测模块618、赋值模块620、计算模块630、第三发送模块640和第一接收模块650。Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application, which is exemplified in the terminal 110 shown in Figure 1. As shown in FIG. 6, the value transfer device may include: a third detection module 618, an evaluation module 620, a calculation module 630, a third transmission module 640, and a first receiving module 650.
第三检测模块618,用于在打开网页页面时,检测所述装置是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;The third detecting module 618 is configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
赋值模块620,用于当所述第三检测模块610检测到所述装置正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;An evaluation module 620, configured to: when the third detecting module 610 detects that the device is running the proxy tool, set a value of the first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use the proxy tool;
计算模块630,用于将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;a calculation module 630, configured to calculate, by using a predetermined digital signature rule, an order parameter of the first order, where the order parameter includes the first predetermined field and another value transfer operation corresponding field;
第三发送模块640,用于将所述计算模块得到的所述签名和所述订单参数发送给服务器;a third sending module 640, configured to send the signature obtained by the calculating module and the order parameter to a server;
第一接收模块650,用于接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。The first receiving module 650 is configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
在一个可选的实施例中,所述赋值模块620,还用于当所述装置正在运行所述代理工具时,令第二预定字段的值为所述代理工具的名称,所述第二预定字段是所述第一订单中的一个订单参数。In an optional embodiment, the evaluation module 620 is further configured to: when the device is running the proxy tool, set a value of the second predetermined field to a name of the proxy tool, the second predetermined The field is an order parameter in the first order.
在一个可选的实施例中,所述装置还包括:In an optional embodiment, the apparatus further includes:
第二接收模块660,用于接收所述服务器发送的第二错误码,所述第二错误码用于提示所述签名错误并禁止继续执行所述数值转移操作。The second receiving module 660 is configured to receive a second error code sent by the server, where the second error code is used to prompt the signature error and prohibit to continue to perform the value transfer operation.
在一个可选的实施例中,所述第三发送模块640,用于在提交第二订单时,将所述第二订单的签名和订单参数发送给所述服务器,所述第二订单的订单参数还包括所述第二订单的订单号,所述第二订单的订单号用于唯一标识所述第二订单,所述第二订单的订单号用于触发所述服务器在数据库中查询所述第二订单是否属于目标订单,所述目标订单为使用代理工具的数值转移订单;In an optional embodiment, the third sending module 640 is configured to send a signature of the second order and an order parameter to the server when the second order is submitted, the order of the second order The parameter further includes an order number of the second order, the order number of the second order is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query the database Whether the second order belongs to the target order, and the target order is a value transfer order using the agent tool;
所述第一接收模块650,还用于接收所述服务器发送的所述第一错误码,所述第一错误码是所述服务器在查询到所述第二订单属于所述目标订单时发送的。The first receiving module 650 is further configured to receive the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order .
在一个可选的实施例中,所述第三检测模块618,包括:检测单元,用于检测所述装置的资源管理器中是否运行有目标代理工具,所述目标代理工具是预配置的代理工具列表中的至少一个;第三确定单元,用于当所述检测单元检测到所述装置的资源管理器中运行有所述目标代理工具时,确定所述装置正在运行所述代理工具;第四确定单元,用于当所述检测单元检测到所述装置的资源管理器中没有运行任何所述目标代理工具时,确定所述装置没有运行所述代理工具。In an optional embodiment, the third detecting module 618 includes: a detecting unit, configured to detect whether a target agent tool is run in a resource manager of the device, where the target agent tool is a pre-configured agent At least one of the tool list; the third determining unit, configured to: when the detecting unit detects that the target agent tool is run in the resource manager of the device, determine that the device is running the agent tool; And a determining unit, configured to determine that the device does not run the proxy tool when the detecting unit detects that the target agent tool is not running in the resource manager of the device.
需要说明的是:上述实施例中提供的数值转移装置在转移数值时,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将终端或服务器的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。另外,上述实施例提供的数值转移装置与数值转移方法实施例属于同一构思,其具体实现过程详见方法实施例,这里不再赘述。It should be noted that the numerical value transfer device provided in the above embodiment is only exemplified by the division of the above functional modules when transferring the numerical value. In actual applications, the above functional distribution can be completed by different functional modules as needed. The internal structure of the terminal or server is divided into different functional modules to complete all or part of the functions described above. In addition, the numerical value transfer device and the numerical value transfer method are provided in the same embodiment, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
图7是本申请一个实施例中提供的服务器的结构示意图。该服务器可以是图1所示的服务器120。具体来讲:服务器600包括中央处理单元(CPU)601、包括随机存取存储器(RAM)602和只读存储器(ROM)603的系统存储器604,以及连接系统存储器604和中央处理单元601的系统总线605。所述服务器600还包括帮助计算机内的各个器件之间传输信息的基本输入/输出系统(I/O系统)606,和用于存储操作系统613、应用程序614和其他程序模块615的大容量存储设备607。FIG. 7 is a schematic structural diagram of a server provided in an embodiment of the present application. The server can be the server 120 shown in FIG. Specifically, the server 600 includes a central processing unit (CPU) 601, a system memory 604 including a random access memory (RAM) 602 and a read only memory (ROM) 603, and a system bus that connects the system memory 604 and the central processing unit 601. 605. The server 600 also includes a basic input/output system (I/O system) 606 that facilitates transfer of information between various devices within the computer, and mass storage for storing the operating system 613, applications 614, and other program modules 615. Device 607.
所述基本输入/输出系统606包括有用于显示信息的显示器608和用于用户输入信息的诸如鼠标、键盘之类的输入设备609。其中所述显示器608和输入设备609都通过连接到系统总线605的输入/输出控制器610连接到中央处理单元601。所述基本输入/输出系统606还可以包括输入输出控制器610以用于接收和处理来自键盘、鼠标、或电子触控笔等多个其他设备的输入。类似地,输入/输出控制器610还提供输出到显示屏、打印机或其他类型的输出设备。The basic input/output system 606 includes a display 608 for displaying information and an input device 609 such as a mouse or keyboard for user input of information. The display 608 and input device 609 are both connected to the central processing unit 601 by an input/output controller 610 that is coupled to the system bus 605. The basic input/output system 606 can also include an input output controller 610 for receiving and processing input from a plurality of other devices, such as a keyboard, mouse, or electronic stylus. Similarly, input/output controller 610 also provides output to a display screen, printer, or other type of output device.
所述大容量存储设备607通过连接到系统总线605的大容量存储控制器(未示出)连接到中央处理单元601。所述大容量存储设备607及其相关联的计算机可读介质为服务器600提供非易失性存储。也就是说,所述大容量存储设备607可以包括诸如硬盘或者CD-ROM驱动器之类的计算机可读介质(未示出)。The mass storage device 607 is connected to the central processing unit 601 by a mass storage controller (not shown) connected to the system bus 605. The mass storage device 607 and its associated computer readable medium provide non-volatile storage for the server 600. That is, the mass storage device 607 can include a computer readable medium (not shown) such as a hard disk or a CD-ROM drive.
不失一般性,所述计算机可读介质可以包括计算机存储介质和通信介质。计算机存储介质包括以用于存储诸如计算机可读指令、数据结构、程序模块或其他数据等信息的任何方法或技术实现的易失性和非易失性、可移动和不可移动介质。计算机存储介质包括RAM、ROM、EPROM、EEPROM、闪存或其他固态存储其技术,CD-ROM、DVD或其他光学存储、磁带盒、磁带、磁盘存储或其他磁性存储设备。当然,本领域技术人员可知所述计算机存储介质不局限于上述几种。上述的系统存储器604和大容量存储设备607可以统称为存储器。Without loss of generality, the computer readable medium can include computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media include RAM, ROM, EPROM, EEPROM, flash memory or other solid state storage technologies, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices. Of course, those skilled in the art will appreciate that the computer storage medium is not limited to the above. The system memory 604 and mass storage device 607 described above may be collectively referred to as a memory.
根据本申请的各种实施例,所述服务器600还可以通过诸如因特网等网络连接到网络上的远程计算机运行。也即服务器600可以通过连接在所述系统总线605上的网络接口单元611连接到网络612,或者说,也可以使用网络接口单元611来连接到其他类型的网络或远程计算机系统(未示出)。According to various embodiments of the present application, the server 600 may also be operated by a remote computer connected to the network through a network such as the Internet. That is, the server 600 can be connected to the network 612 through a network interface unit 611 connected to the system bus 605, or can also be connected to other types of networks or remote computer systems (not shown) using the network interface unit 611. .
所述系统存储器604还包括一个或者一个以上的程序,所述一个或者一个以上程序存储于所述系统存储器604中,中央处理单元601通过执行该一个或一个以上程序来实现上述方法实施例中服务器侧的数值转移方法。示例性的:The system memory 604 also includes one or more programs, the one or more programs being stored in the system memory 604, and the central processing unit 601 implementing the server in the method embodiment by executing the one or more programs. Side value transfer method. Exemplary:
所述中央处理单元601用于执行所述一个或多个指令实现如下步骤:The central processing unit 601 is configured to execute the one or more instructions to implement the following steps:
在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
在所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;When the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, and the value of the first predetermined field is the predetermined value The terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
当所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
在一个可选的实施例中,所述中央处理单元601还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
根据所述订单参数按照预定数字签名规则计算出校验签名;Calculating a verification signature according to the predetermined digital signature rule according to the order parameter;
检测所述签名与所述校验签名是否一致;Detecting whether the signature is consistent with the verification signature;
当所述签名与所述校验签名一致时,确定所述签名正确。When the signature is consistent with the verification signature, it is determined that the signature is correct.
在一个可选的实施例中,所述中央处理单元601还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
当所述签名与所述校验签名不一致时,确定所述签名错误;Determining the signature error when the signature is inconsistent with the verification signature;
在确定所述签名错误时,向所述网页页面发送第二错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the signature error is determined, the second error code is sent to the web page, and the numerical transfer operation corresponding to the first order is prohibited from continuing.
在一个可选的实施例中,所述中央处理单元601还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
在所述服务器的数据库中记录所述第一订单的订单号,标记所述订单号对应的所述第一订单为目标订单,所述第一订单的订单号用于唯一标识所述第一订单,所述目标订单为使用代理工具的数值转移订单;Recording an order number of the first order in a database of the server, marking the first order corresponding to the order number as a target order, and the order number of the first order is used to uniquely identify the first order The target order is a value transfer order using a proxy tool;
所述向所述网页页面发送第一错误码之后,还包括:After the sending the first error code to the webpage page, the method further includes:
当接收到第二订单的提交请求时,根据所述第二订单的订单号在所述数据库中查询所述第二订单是否属于所述目标订单;When receiving the submit request of the second order, querying, in the database, whether the second order belongs to the target order according to the order number of the second order;
当所述第二订单属于所述目标订单时,向所述网页页面发送所述第一错误码。When the second order belongs to the target order, the first error code is sent to the webpage page.
在一个可选的实施例中,所述中央处理单元601还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
在所述签名正确且所述订单参数中没有所述第一预定字段时,或在所述签名正确且所述第一预定字段的值不为所述预定数值时,继续执行正常的数值转移的其他校验流程,所述其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。When the signature is correct and the first predetermined field is absent from the order parameter, or when the signature is correct and the value of the first predetermined field is not the predetermined value, the normal value transfer is continued. The other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
请参见图8所示,其示出了本申请部分实施例中提供的终端的结构方框图。该终端700用于实施上述实施例提供的数值转移方法。本申请中的终端700可以包括一个或多个如下组成部分:用于执行计算机程序指令以完成各种流程和方法的处理器,用于信息和存储程序指令随机接入存储器(RAM)和只读存储器(ROM),用于存储数据和信息的存储器,I/O设备,界面,天线等。具体来讲:Referring to FIG. 8, there is shown a block diagram showing the structure of a terminal provided in some embodiments of the present application. The terminal 700 is configured to implement the numerical value transfer method provided by the foregoing embodiment. The terminal 700 in this application may include one or more of the following components: a processor for executing computer program instructions to perform various processes and methods for information and storage of program instructions, random access memory (RAM), and read-only Memory (ROM), memory for storing data and information, I/O devices, interfaces, antennas, etc. Specifically:
终端700可以包括RF(Radio Frequency,射频)电路710、存储器720、输入单元730、显示单元740、传感器750、音频电路760、WiFi(wireless fidelity,无线保真)模块770、处理器780、电源782、摄像头790等部件。本领域技术人员可以理解,图8中示出的终端结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。The terminal 700 may include an RF (Radio Frequency) circuit 710, a memory 720, an input unit 730, a display unit 740, a sensor 750, an audio circuit 760, a WiFi (Wireless Fidelity) module 770, a processor 780, and a power supply 782. , camera 790 and other components. It will be understood by those skilled in the art that the terminal structure shown in FIG. 8 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
下面结合图8对终端700的各个构成部件进行具体的介绍:The components of the terminal 700 will be specifically described below with reference to FIG. 8:
RF电路710可用于收发信息或通话过程中,信号的接收和发送,特别地,将基站的下行信息接收后,给处理器780处理;另外,将设计上行的数据发送给基站。通常,RF电路包括但不限于天线、至少一个放大器、收发信机、耦合器、LNA(Low Noise Amplifier,低噪声放大器)、双工器等。此外,RF电路710还可以通过无线通信与网络和其他设备通信。所述无线通信可以使用任一通信标准或协议,包括但不限于GSM(Global System of Mobile communication,全球移动通讯系统)、GPRS(General Packet Radio Service,通用分组无线服务)、CDMA(Code Division Multiple Access,码分多址)、WCDMA(Wideband Code Division Multiple Access,宽带码分多址)、LTE(Long Term Evolution,长期演进)、电子邮件、SMS(Short Messaging Service,短消息服务)等。The RF circuit 710 can be used for transmitting and receiving information or during a call, and receiving and transmitting the signal. Specifically, after receiving the downlink information of the base station, the processor 780 processes the data. In addition, the uplink data is designed to be sent to the base station. Generally, RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like. In addition, RF circuitry 710 can also communicate with the network and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
存储器720可用于存储软件程序以及模块,处理器780通过运行存储在存储器720的软件程序以及模块,从而执行终端700的各种功能应用以及数据处理。存储器720可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据终端700的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器720可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 720 can be used to store software programs and modules, and the processor 780 executes various functional applications and data processing of the terminal 700 by running software programs and modules stored in the memory 720. The memory 720 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the terminal 700 (such as audio data, phone book, etc.) and the like. Moreover, memory 720 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
输入单元730可用于接收输入的数字或字符信息,以及产生与终端700的用户设置以 及功能控制有关的键信号输入。具体地,输入单元730可包括触控面板731以及其他输入设备732。触控面板731,也称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板731上或在触控面板731附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触控面板731可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器780,并能接收处理器780发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板731。除了触控面板731,输入单元730还可以包括其他输入设备732。具体地,其他输入设备732可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。The input unit 730 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the terminal 700. Specifically, the input unit 730 may include a touch panel 731 and other input devices 732. The touch panel 731, also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 731 or near the touch panel 731. Operation), and drive the corresponding connecting device according to a preset program. Optionally, the touch panel 731 can include two parts: a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 780 is provided and can receive commands from the processor 780 and execute them. In addition, the touch panel 731 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 731, the input unit 730 may also include other input devices 732. In particular, other input devices 732 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
显示单元740可用于显示由用户输入的信息或提供给用户的信息以及终端700的各种菜单。显示单元740可包括显示面板741,可选的,可以采用LCD(Liquid Crystal Display,液晶显示器)、OLED(Organic Light-Emitting Diode,有机发光二极管)等形式来配置显示面板741。进一步的,触控面板731可覆盖显示面板741,当触控面板731检测到在其上或附近的触摸操作后,传送给处理器780以确定触摸事件的类型,随后处理器780根据触摸事件的类型在显示面板741上提供相应的视觉输出。虽然在图7中,触控面板731与显示面板741是作为两个独立的部件来实现终端700的输入和输入功能,但是在某些实施例中,可以将触控面板731与显示面板741集成而实现终端700的输入和输出功能。The display unit 740 can be used to display information input by the user or information provided to the user and various menus of the terminal 700. The display unit 740 can include a display panel 741. Alternatively, the display panel 741 can be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like. Further, the touch panel 731 can cover the display panel 741. When the touch panel 731 detects a touch operation on or near the touch panel 731, it transmits to the processor 780 to determine the type of the touch event, and then the processor 780 according to the touch event. The type provides a corresponding visual output on display panel 741. Although the touch panel 731 and the display panel 741 are used as two independent components to implement the input and input functions of the terminal 700 in FIG. 7, in some embodiments, the touch panel 731 can be integrated with the display panel 741. The input and output functions of the terminal 700 are implemented.
终端700还可包括至少一种传感器750,比如陀螺仪传感器、磁感应传感器、光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板741的亮度,接近传感器可在终端700移动到耳边时,关闭显示面板741和/或背光。作为运动传感器的一种,加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别终端姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于终端700还可配置的气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。Terminal 700 can also include at least one type of sensor 750, such as a gyro sensor, a magnetic induction sensor, a light sensor, a motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 741 according to the brightness of the ambient light, and the proximity sensor may close the display panel 741 when the terminal 700 moves to the ear. / or backlight. As a kind of motion sensor, the acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the attitude of the terminal (such as horizontal and vertical screen switching, related games). , magnetometer attitude calibration), vibration recognition related functions (such as pedometer, tapping), etc.; other sensors such as barometers, hygrometers, thermometers, infrared sensors, etc., which can also be configured in the terminal 700, are not described here.
音频电路760、扬声器761,传声器762可提供用户与终端700之间的音频接口。音频电路760可将接收到的音频数据转换后的电信号,传输到扬声器761,由扬声器761转换为声音信号输出;另一方面,传声器762将收集的声音信号转换为电信号,由音频电路760接收后转换为音频数据,再将音频数据输出处理器780处理后,经RF电路710以发送给比如另一终端,或者将音频数据输出至存储器720以便进一步处理。An audio circuit 760, a speaker 761, and a microphone 762 can provide an audio interface between the user and the terminal 700. The audio circuit 760 can transmit the converted electrical data of the received audio data to the speaker 761 for conversion to the sound signal output by the speaker 761; on the other hand, the microphone 762 converts the collected sound signal into an electrical signal by the audio circuit 760. After receiving, it is converted into audio data, and then processed by the audio data output processor 780, transmitted to the terminal, for example, via the RF circuit 710, or the audio data is output to the memory 720 for further processing.
WiFi属于短距离无线传输技术,终端700通过WiFi模块770可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图8示出了WiFi模块770,但是可以理解的是,其并不属于终端700的必须构成,完全可以根据需要在不改变公开的本质的范围内而省略。WiFi is a short-range wireless transmission technology, and the terminal 700 can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 770, which provides wireless broadband Internet access for users. Although FIG. 8 shows the WiFi module 770, it can be understood that it does not belong to the essential configuration of the terminal 700, and may be omitted as needed within the scope of not changing the essence of the disclosure.
处理器780是终端700的控制中心,利用各种接口和线路连接整个终端的各个部分,通过运行或执行存储在存储器720内的软件程序和/或模块,以及调用存储在存储器720内的数据,执行终端700的各种功能和处理数据,从而对终端进行整体监控。可选的,处理器780可包括一个或多个处理单元;优选的,处理器780可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器780中。 Processor 780 is the control center of terminal 700, which connects various portions of the entire terminal using various interfaces and lines, by running or executing software programs and/or modules stored in memory 720, and recalling data stored in memory 720, The various functions and processing data of the terminal 700 are performed to perform overall monitoring of the terminal. Optionally, the processor 780 may include one or more processing units; preferably, the processor 780 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like. The modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 780.
终端700还包括给各个部件供电的电源782(比如电池),优选的,电源可以通过电源管理系统与处理器780逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。The terminal 700 also includes a power source 782 (such as a battery) for powering various components. Preferably, the power source can be logically coupled to the processor 780 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
摄像头790一般由镜头、图像传感器、接口、数字信号处理器、CPU、显示屏幕等组成。 其中,镜头固定在图像传感器的上方,可以通过手动调节镜头来改变聚焦;图像传感器相当于传统相机的“胶卷”,是摄像头采集图像的心脏;接口用于把摄像头利用排线、板对板连接器、弹簧式连接方式与终端主板连接,将采集的图像发送给所述存储器720;数字信号处理器通过数学运算对采集的图像进行处理,将采集的模拟图像转换为数字图像并通过接口发送给存储器720。The camera 790 is generally composed of a lens, an image sensor, an interface, a digital signal processor, a CPU, a display screen, and the like. The lens is fixed above the image sensor, and the focus can be changed by manually adjusting the lens; the image sensor is equivalent to the "film" of the conventional camera, and is the heart of the image captured by the camera; the interface is used to connect the camera with the cable and the board to the board. And the spring-type connection mode is connected to the terminal board, and the collected image is sent to the memory 720; the digital signal processor processes the acquired image through a mathematical operation, converts the collected analog image into a digital image, and sends the image to the interface Memory 720.
尽管未示出,终端700还可以包括蓝牙模块等,在此不再赘述。所述存储器720还包括一个或者一个以上的程序,所述一个或者一个以上程序存储于存储器中,处理器780通过执行该一个或一个以上程序来实现上述方法实施例中终端侧的数值转移方法。示意性的:Although not shown, the terminal 700 may further include a Bluetooth module or the like, and details are not described herein again. The memory 720 further includes one or more programs, the one or more programs are stored in a memory, and the processor 780 implements the value transfer method on the terminal side in the foregoing method embodiment by executing the one or more programs. Schematic:
所述处理器780用于执行所述一个或多个指令实现如下步骤:The processor 780 is configured to execute the one or more instructions to implement the following steps:
在打开网页页面时,检测所述终端是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;当所述终端正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;将所述签名和所述订单参数发送给所述服务器;接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。When the webpage page is opened, detecting whether the terminal is running an agent tool, the proxy tool is a tool for proxying resources of the accessed server as a local resource; when the terminal is running the proxy tool, making the first The predetermined field value is a predetermined value, the first predetermined field is used to indicate whether to use the proxy tool; the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and The other value transfer operation corresponding field; sending the signature and the order parameter to the server; receiving the first error code sent by the server, the first error code being used to prompt to prohibit execution of the Numerical transfer operation.
在一个可选的实施例中,所述处理器780还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the processor 780 is further configured to execute the one or more instructions to implement the following steps:
当所述终端正在运行所述代理工具时,令第二预定字段的值为所述代理工具的名称,所述第二预定字段是所述第一订单中的一个订单参数。When the terminal is running the agent tool, the value of the second predetermined field is the name of the agent tool, and the second predetermined field is an order parameter in the first order.
在一个可选的实施例中,所述处理器780还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the processor 780 is further configured to execute the one or more instructions to implement the following steps:
接收所述服务器发送的第二错误码,所述第二错误码用于提示所述签名错误并禁止继续执行所述数值转移操作。Receiving a second error code sent by the server, the second error code is used to prompt the signature error and prohibit to continue performing the value transfer operation.
在一个可选的实施例中,所述处理器780还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the processor 780 is further configured to execute the one or more instructions to implement the following steps:
在提交第二订单时,将所述第二订单的签名和订单参数发送给所述服务器,所述第二订单的订单参数还包括所述第二订单的订单号,所述第二订单的订单号用于唯一标识所述第二订单,所述第二订单的订单号用于触发所述服务器在数据库中查询所述第二订单是否属于目标订单,所述目标订单为使用代理工具的数值转移订单;接收所述服务器发送的所述第一错误码,所述第一错误码是所述服务器在查询到所述第二订单属于所述目标订单时发送的。When submitting the second order, sending the signature and order parameters of the second order to the server, the order parameter of the second order further includes an order number of the second order, and an order of the second order The number is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, and the target order is a value transfer using a proxy tool. And receiving the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order.
在一个可选的实施例中,所述处理器780还用于执行所述一个或多个指令实现如下步骤:In an optional embodiment, the processor 780 is further configured to execute the one or more instructions to implement the following steps:
检测所述终端的资源管理器中是否运行有目标代理工具,所述目标代理工具是预配置的代理工具列表中的至少一个;当所述终端的资源管理器中运行有所述目标代理工具时,确定所述终端正在运行所述代理工具;当所述终端的资源管理器中没有运行任何所述目标代理工具时,确定所述终端没有运行所述代理工具。Detecting whether a target agent tool is run in a resource manager of the terminal, the target agent tool is at least one of a pre-configured list of agent tools; when the target agent tool is run in a resource manager of the terminal Determining that the terminal is running the proxy tool; when any of the target proxy tools are not running in the resource manager of the terminal, determining that the terminal is not running the proxy tool.
本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质可以是上述实施例中的存储器中所包含的计算机可读存储介质;也可以是单独存在,未装配入终端或服务器中的计算机可读存储介质。该计算机可读存储介质存储有一个或者一个以上程序,该一个或者一个以上程序被一个或者一个以上的处理器用来执行上述终端侧和/或服务器侧的数值转移方法。The embodiment of the present application further provides a computer readable storage medium, which may be a computer readable storage medium included in the memory in the foregoing embodiment, or may exist separately, not assembled into a terminal or A computer readable storage medium in a server. The computer readable storage medium stores one or more programs that are used by one or more processors to perform the terminal side and/or server side numerical transfer methods described above.
上述本申请实施例序号仅仅为了描述,不代表实施例的优劣。The serial numbers of the embodiments of the present application are merely for the description, and do not represent the advantages and disadvantages of the embodiments.
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。A person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium. The storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.
以上所述仅为本申请的较佳实施例,并不用以限制本申请,凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above is only the preferred embodiment of the present application, and is not intended to limit the present application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present application are included in the protection of the present application. Within the scope.

Claims (31)

  1. 一种数值转移方法,其特征在于,应用于服务器中,所述方法包括:A numerical value transfer method is applied to a server, the method comprising:
    在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
    在所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;When the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, and the value of the first predetermined field is the predetermined value The terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
    当所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述订单参数和所述签名检测所述签名是否正确,包括:The method according to claim 1, wherein the detecting whether the signature is correct according to the order parameter and the signature comprises:
    根据所述订单参数按照预定数字签名规则计算出校验签名;Calculating a verification signature according to the predetermined digital signature rule according to the order parameter;
    检测所述签名与所述校验签名是否一致;Detecting whether the signature is consistent with the verification signature;
    当所述签名与所述校验签名一致时,确定所述签名正确。When the signature is consistent with the verification signature, it is determined that the signature is correct.
  3. 根据权利要求2所述的方法,其特征在于,在所述根据所述订单参数和所述签名检测所述签名是否正确之后,还包括:The method according to claim 2, further comprising: after detecting whether the signature is correct according to the order parameter and the signature, further comprising:
    当所述签名与所述校验签名不一致时,确定所述签名错误;Determining the signature error when the signature is inconsistent with the verification signature;
    在确定所述签名错误时,向所述网页页面发送第二错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the signature error is determined, the second error code is sent to the web page, and the numerical transfer operation corresponding to the first order is prohibited from continuing.
  4. 根据权利要求1所述的方法,其特征在于,所述向所述网页页面发送第一错误码之前,还包括:The method according to claim 1, wherein before the sending the first error code to the webpage page, the method further comprises:
    在所述服务器的数据库中记录所述第一订单的订单号,标记所述订单号对应的所述第一订单为目标订单,所述第一订单的订单号用于唯一标识所述第一订单,所述目标订单为使用代理工具的数值转移订单;Recording an order number of the first order in a database of the server, marking the first order corresponding to the order number as a target order, and the order number of the first order is used to uniquely identify the first order The target order is a value transfer order using a proxy tool;
    所述向所述网页页面发送第一错误码之后,还包括:After the sending the first error code to the webpage page, the method further includes:
    当接收到第二订单的提交请求时,根据所述第二订单的订单号在所述数据库中查询所述第二订单是否属于所述目标订单;When receiving the submit request of the second order, querying, in the database, whether the second order belongs to the target order according to the order number of the second order;
    当所述第二订单属于所述目标订单时,向所述网页页面发送所述第一错误码。When the second order belongs to the target order, the first error code is sent to the webpage page.
  5. 根据权利要求1至4任一所述的方法,其特征在于,所述方法还包括:The method according to any one of claims 1 to 4, wherein the method further comprises:
    在所述签名正确且所述订单参数中没有所述第一预定字段时,或在所述签名正确且所述第一预定字段的值不为所述预定数值时,继续执行正常的数值转移的其他校验流程,所述其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。When the signature is correct and the first predetermined field is absent from the order parameter, or when the signature is correct and the value of the first predetermined field is not the predetermined value, the normal value transfer is continued. The other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  6. 一种数值转移方法,其特征在于,应用于终端中,所述方法包括:A numerical value transfer method is applied to a terminal, the method comprising:
    在打开网页页面时,检测所述终端是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;When the web page is opened, detecting whether the terminal is running a proxy tool, and the proxy tool is a tool for proxying a resource of the accessed server as a local resource;
    当所述终端正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;When the terminal is running the proxy tool, the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
    将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;The order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
    将所述签名和所述订单参数发送给所述服务器;Sending the signature and the order parameter to the server;
    接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。Receiving the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  7. 根据权利要求6所述的方法,其特征在于,所述方法还包括:The method of claim 6 wherein the method further comprises:
    当所述终端正在运行所述代理工具时,令第二预定字段的值为所述代理工具的名称,所述第二预定字段是所述第一订单中的一个订单参数。When the terminal is running the agent tool, the value of the second predetermined field is the name of the agent tool, and the second predetermined field is an order parameter in the first order.
  8. 根据权利要求6所述的方法,其特征在于,在所述将所述签名和所述订单参数发送给服务器之后,还包括:The method according to claim 6, wherein after the sending the signature and the order parameter to the server, the method further comprises:
    接收所述服务器发送的第二错误码,所述第二错误码用于提示所述签名错误并禁止继续执行所述数值转移操作。Receiving a second error code sent by the server, the second error code is used to prompt the signature error and prohibit to continue performing the value transfer operation.
  9. 根据权利要求6所述的方法,其特征在于,所述接收所述服务器发送的第二错误码之后,还包括:The method according to claim 6, wherein after receiving the second error code sent by the server, the method further comprises:
    在提交第二订单时,将所述第二订单的签名和订单参数发送给所述服务器,所述第二订单的订单参数还包括所述第二订单的订单号,所述第二订单的订单号用于唯一标识所述第二订单,所述第二订单的订单号用于触发所述服务器在数据库中查询所述第二订单是否属于目标订单,所述目标订单为使用代理工具的数值转移订单;When submitting the second order, sending the signature and order parameters of the second order to the server, the order parameter of the second order further includes an order number of the second order, and an order of the second order The number is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, and the target order is a value transfer using a proxy tool. Order
    接收所述服务器发送的所述第一错误码,所述第一错误码是所述服务器在查询到所述第二订单属于所述目标订单时发送的。Receiving the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order.
  10. 根据权利要求6至9任一所述的方法,其特征在于,所述检测终端是否正在运行代理工具,包括:The method according to any one of claims 6 to 9, wherein the detecting whether the terminal is running the agent tool comprises:
    检测所述终端的资源管理器中是否运行有目标代理工具,所述目标代理工具是预配置的代理工具列表中的至少一个;Detecting whether a target agent tool is running in the resource manager of the terminal, where the target agent tool is at least one of a pre-configured list of agent tools;
    当所述终端的资源管理器中运行有所述目标代理工具时,确定所述终端正在运行所述代理工具;Determining that the terminal is running the proxy tool when the target agent tool is run in a resource manager of the terminal;
    当所述终端的资源管理器中没有运行任何所述目标代理工具时,确定所述终端没有运行所述代理工具。When the target agent tool is not running in the resource manager of the terminal, it is determined that the terminal does not run the agent tool.
  11. 一种数值转移装置,其特征在于,所述装置包括:A numerical transfer device, characterized in that the device comprises:
    第一检测模块,用于在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是将所述订单参数按照预定数字签名规则得到的;a first detecting module, configured to: after receiving an order parameter and a signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each field, the signature being obtained by the order parameter according to a predetermined digital signature rule;
    第二检测模块,用于在所述第一检测模块检测到所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;a second detecting module, configured to: when the first detecting module detects that the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, When the value of the first predetermined field is the predetermined value, the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
    第一发送模块,用于当所述第二检测模块检测到所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。a first sending module, configured to send, to the webpage, when the second detecting module detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value The first error code, and prohibiting the execution of the value transfer operation corresponding to the first order.
  12. 根据权利要求11所述的装置,其特征在于,所述第一检测模块,包括:The device according to claim 11, wherein the first detecting module comprises:
    计算单元,用于根据所述订单参数按照预定数字签名规则计算出校验签名;a calculating unit, configured to calculate a verification signature according to the predetermined digital signature rule according to the order parameter;
    检测单元,用于检测所述签名与所述计算单元得到的所述校验签名是否一致;a detecting unit, configured to detect whether the signature is consistent with the verification signature obtained by the computing unit;
    第一确定单元,用于当所述检测单元检测到所述签名与所述校验签名一致时,确定所述签名正确。The first determining unit is configured to determine that the signature is correct when the detecting unit detects that the signature is consistent with the verification signature.
  13. 根据权利要求11所述的装置,其特征在于,所述装置还包括:The device according to claim 11, wherein the device further comprises:
    第二确定单元,用于当所述检测单元检测到所述签名与所述校验签名不一致时,确定所述签名错误;a second determining unit, configured to determine the signature error when the detecting unit detects that the signature is inconsistent with the verification signature;
    第二发送模块,用于在所述第二确定单元确定所述签名错误时,向所述网页页面发送第二错误码,并禁止继续执行所述第一订单对应的数值转移操作。And a second sending module, configured to: when the second determining unit determines the signature error, send a second error code to the webpage page, and prohibit performing the numerical transfer operation corresponding to the first order.
  14. 根据权利要求10所述的装置,其特征在于,所述装置还包括:The device according to claim 10, wherein the device further comprises:
    标记模块,用于在所述装置的数据库中记录所述第一订单的订单号,标记所述订单号对应的所述第一订单为目标订单,所述第一订单的订单号用于唯一标识所述第一订单,所述目 标订单为使用代理工具的数值转移订单;a marking module, configured to record an order number of the first order in a database of the device, mark that the first order corresponding to the order number is a target order, and an order number of the first order is used for unique identification The first order, the target order is a value transfer order using a proxy tool;
    查询模块,用于当接收到第二订单的提交请求时,根据所述第二订单的订单号在所述数据库中查询所述第二订单是否属于所述标记模块标记的所述目标订单;a query module, configured to query, in the database, whether the second order belongs to the target order marked by the marking module according to the order number of the second order when receiving the submit request of the second order;
    所述第一发送模块,还用于当所述查询模块查询到所述第二订单属于所述目标订单时,向所述网页页面发送所述第一错误码。The first sending module is further configured to: when the query module queries that the second order belongs to the target order, send the first error code to the webpage page.
  15. 根据权利要求10至14任一所述的装置,其特征在于,所述装置还包括:The device according to any one of claims 10 to 14, wherein the device further comprises:
    校验模块,用于在所述第一检测模块检测到所述签名正确且所述第二检测模块检测到所述订单参数中没有所述第一预定字段时,或在所述第一检测模块检测到所述签名正确且所述第二检测模块检测到所述第一预定字段的值不为所述预定数值时,继续执行正常的数值转移的其他校验流程,所述其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。a verification module, configured to: when the first detection module detects that the signature is correct, and the second detection module detects that the first predetermined field is not included in the order parameter, or in the first detection module And detecting that the signature is correct and the second detecting module detects that the value of the first predetermined field is not the predetermined value, and continues to perform another verification process of a normal value transfer, where the other verification process includes Verify the commission, verify whether the payment is successful, and verify that at least one of the payment rights is available.
  16. 一种数值转移装置,其特征在于,所述装置包括:A numerical transfer device, characterized in that the device comprises:
    第三检测模块,用于在打开网页页面时,检测所述装置是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;a third detecting module, configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
    赋值模块,用于当所述第三检测模块检测到所述装置正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;An evaluation module, configured to: when the third detecting module detects that the device is running the proxy tool, set a value of a first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use a proxy tool;
    计算模块,用于将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;a calculation module, configured to calculate a signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
    第三发送模块,用于将所述计算模块得到的所述签名和所述订单参数发送给服务器;a third sending module, configured to send the signature obtained by the calculating module and the order parameter to a server;
    第一接收模块,用于接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。And a first receiving module, configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  17. 根据权利要求16所述的装置,其特征在于,所述赋值模块,还用于当所述装置正在运行所述代理工具时,令第二预定字段的值为所述代理工具的名称,所述第二预定字段是所述第一订单中的一个订单参数。The device according to claim 16, wherein the evaluation module is further configured to: when the device is running the proxy tool, cause a value of the second predetermined field to be a name of the proxy tool, The second predetermined field is an order parameter in the first order.
  18. 根据权利要求16所述的装置,其特征在于,所述装置还包括:The device according to claim 16, wherein the device further comprises:
    第二接收模块,用于接收所述服务器发送的第二错误码,所述第二错误码用于提示所述签名错误并禁止继续执行所述数值转移操作。And a second receiving module, configured to receive a second error code sent by the server, where the second error code is used to prompt the signature error and prohibit to continue to perform the value transfer operation.
  19. 根据权利要求16所述的装置,其特征在于,The device of claim 16 wherein:
    所述第三发送模块,用于在提交第二订单时,将所述第二订单的签名和订单参数发送给所述服务器,所述第二订单的订单参数还包括所述第二订单的订单号,所述第二订单的订单号用于唯一标识所述第二订单,所述第二订单的订单号用于触发所述服务器在数据库中查询所述第二订单是否属于目标订单,所述目标订单为使用代理工具的数值转移订单;The third sending module is configured to send a signature of the second order and an order parameter to the server when submitting the second order, where the order parameter of the second order further includes an order of the second order No. The order number of the second order is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, The target order is a value transfer order using the agent tool;
    所述第一接收模块,还用于接收所述服务器发送的所述第一错误码,所述第一错误码是所述服务器在查询到所述第二订单属于所述目标订单时发送的。The first receiving module is further configured to receive the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order.
  20. 根据权利要求16至19任一所述的装置,其特征在于,所述第三检测模块,包括:The device according to any one of claims 16 to 19, wherein the third detecting module comprises:
    检测单元,用于检测所述装置的资源管理器中是否运行有目标代理工具,所述目标代理工具是预配置的代理工具列表中的至少一个;a detecting unit, configured to detect whether a target agent tool is run in a resource manager of the device, where the target agent tool is at least one of a pre-configured list of agent tools;
    第三确定单元,用于当所述检测单元检测到所述装置的资源管理器中运行有所述目标代理工具时,确定所述装置正在运行所述代理工具;a third determining unit, configured to: when the detecting unit detects that the target agent tool is run in a resource manager of the device, determine that the device is running the agent tool;
    第四确定单元,用于当所述检测单元检测到所述装置的资源管理器中没有运行任何所述目标代理工具时,确定所述装置没有运行所述代理工具。And a fourth determining unit, configured to: when the detecting unit detects that the target agent tool is not running in the resource manager of the device, determine that the device does not run the agent tool.
  21. 一种服务器,其特征在于,所述服务器包括系统存储器和中央处理单元,所述系统存储器存储有一个或多个指令,所述中央处理单元用于执行所述一个或多个指令实现如下步骤:A server, characterized in that the server comprises a system memory and a central processing unit, the system memory storing one or more instructions, and the central processing unit for executing the one or more instructions implements the following steps:
    在接收到终端中的网页页面发送的第一订单的订单参数和签名后,根据所述订单参数和所述签名检测所述签名是否正确,所述订单参数包括签名前的各字段的参数值,所述签名是 将所述订单参数按照预定数字签名规则得到的;After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
    在所述签名正确时,检测所述订单参数中是否包含第一预定字段,且所述第一预定字段的值为预定数值,所述第一预定字段的值为所述预定数值时表示所述终端使用代理工具,所述代理工具是指将被访问的服务器的资源代理为本地资源的工具;When the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, and the value of the first predetermined field is the predetermined value The terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
    当所述订单参数中包含所述第一预定字段且所述第一预定字段的值为所述预定数值时,向所述网页页面发送第一错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  22. 根据权利要求21所述的服务器,其特征在于,所述中央处理单元还用于执行所述一个或多个指令实现如下步骤:The server according to claim 21, wherein the central processing unit is further configured to execute the one or more instructions to implement the following steps:
    根据所述订单参数按照预定数字签名规则计算出校验签名;Calculating a verification signature according to the predetermined digital signature rule according to the order parameter;
    检测所述签名与所述校验签名是否一致;Detecting whether the signature is consistent with the verification signature;
    当所述签名与所述校验签名一致时,确定所述签名正确。When the signature is consistent with the verification signature, it is determined that the signature is correct.
  23. 根据权利要求22所述的服务器,其特征在于,所述中央处理单元还用于执行所述一个或多个指令实现如下步骤:The server according to claim 22, wherein the central processing unit is further configured to execute the one or more instructions to implement the following steps:
    当所述签名与所述校验签名不一致时,确定所述签名错误;Determining the signature error when the signature is inconsistent with the verification signature;
    在确定所述签名错误时,向所述网页页面发送第二错误码,并禁止继续执行所述第一订单对应的数值转移操作。When the signature error is determined, the second error code is sent to the web page, and the numerical transfer operation corresponding to the first order is prohibited from continuing.
  24. 根据权利要求21所述的服务器,其特征在于,所述中央处理单元还用于执行所述一个或多个指令实现如下步骤:The server according to claim 21, wherein the central processing unit is further configured to execute the one or more instructions to implement the following steps:
    在所述服务器的数据库中记录所述第一订单的订单号,标记所述订单号对应的所述第一订单为目标订单,所述第一订单的订单号用于唯一标识所述第一订单,所述目标订单为使用代理工具的数值转移订单;Recording an order number of the first order in a database of the server, marking the first order corresponding to the order number as a target order, and the order number of the first order is used to uniquely identify the first order The target order is a value transfer order using a proxy tool;
    所述向所述网页页面发送第一错误码之后,还包括:After the sending the first error code to the webpage page, the method further includes:
    当接收到第二订单的提交请求时,根据所述第二订单的订单号在所述数据库中查询所述第二订单是否属于所述目标订单;When receiving the submit request of the second order, querying, in the database, whether the second order belongs to the target order according to the order number of the second order;
    当所述第二订单属于所述目标订单时,向所述网页页面发送所述第一错误码。When the second order belongs to the target order, the first error code is sent to the webpage page.
  25. 根据权利要求21至24任一所述的服务器,其特征在于,所述中央处理单元还用于执行所述一个或多个指令实现如下步骤:The server according to any one of claims 21 to 24, wherein the central processing unit is further configured to execute the one or more instructions to implement the following steps:
    在所述签名正确且所述订单参数中没有所述第一预定字段时,或在所述签名正确且所述第一预定字段的值不为所述预定数值时,继续执行正常的数值转移的其他校验流程,所述其他校验流程包括校验手续费、校验是否支付成功、校验是否具备支付权限中的至少一种。When the signature is correct and the first predetermined field is absent from the order parameter, or when the signature is correct and the value of the first predetermined field is not the predetermined value, the normal value transfer is continued. The other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  26. 一种终端,其特征在于,所述终端包括:存储器和处理器,所述存储器存储有一个或多个指令,所述处理器用于执行所述一个或多个指令实现如下步骤:A terminal, comprising: a memory and a processor, the memory storing one or more instructions, and the processor is configured to execute the one or more instructions to implement the following steps:
    在打开网页页面时,检测所述终端是否正在运行代理工具,所述代理工具是将被访问的服务器的资源代理为本地资源的工具;When the web page is opened, detecting whether the terminal is running a proxy tool, and the proxy tool is a tool for proxying a resource of the accessed server as a local resource;
    当所述终端正在运行所述代理工具时,令第一预定字段的值为预定数值,所述第一预定字段用于指示是否使用代理工具;When the terminal is running the proxy tool, the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
    将第一订单的订单参数按照预定数字签名规则计算得到签名,所述订单参数包含所述第一预定字段以及其他的数值转移操作对应字段;The order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
    将所述签名和所述订单参数发送给所述服务器;Sending the signature and the order parameter to the server;
    接收所述服务器发送的所述第一错误码,所述第一错误码用于提示禁止继续执行所述数值转移操作。Receiving the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  27. 根据权利要求26所述的终端,其特征在于,所述处理器还用于执行所述一个或多个指令实现如下步骤:The terminal according to claim 26, wherein the processor is further configured to execute the one or more instructions to implement the following steps:
    当所述终端正在运行所述代理工具时,令第二预定字段的值为所述代理工具的名称,所述第二预定字段是所述第一订单中的一个订单参数。When the terminal is running the agent tool, the value of the second predetermined field is the name of the agent tool, and the second predetermined field is an order parameter in the first order.
  28. 根据权利要求26所述的终端,其特征在于,所述处理器还用于执行所述一个或多个 指令实现如下步骤:The terminal according to claim 26, wherein said processor is further configured to execute said one or more instructions to implement the following steps:
    接收所述服务器发送的第二错误码,所述第二错误码用于提示所述签名错误并禁止继续执行所述数值转移操作。Receiving a second error code sent by the server, the second error code is used to prompt the signature error and prohibit to continue performing the value transfer operation.
  29. 根据权利要求26所述的终端,其特征在于,所述处理器还用于执行所述一个或多个指令实现如下步骤:The terminal according to claim 26, wherein the processor is further configured to execute the one or more instructions to implement the following steps:
    在提交第二订单时,将所述第二订单的签名和订单参数发送给所述服务器,所述第二订单的订单参数还包括所述第二订单的订单号,所述第二订单的订单号用于唯一标识所述第二订单,所述第二订单的订单号用于触发所述服务器在数据库中查询所述第二订单是否属于目标订单,所述目标订单为使用代理工具的数值转移订单;When submitting the second order, sending the signature and order parameters of the second order to the server, the order parameter of the second order further includes an order number of the second order, and an order of the second order The number is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, and the target order is a value transfer using a proxy tool. Order
    接收所述服务器发送的所述第一错误码,所述第一错误码是所述服务器在查询到所述第二订单属于所述目标订单时发送的。Receiving the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order.
  30. 根据权利要求26至29任一所述的终端,其特征在于,所述处理器还用于执行所述一个或多个指令实现如下步骤:The terminal according to any one of claims 26 to 29, wherein the processor is further configured to execute the one or more instructions to implement the following steps:
    检测所述终端的资源管理器中是否运行有目标代理工具,所述目标代理工具是预配置的代理工具列表中的至少一个;Detecting whether a target agent tool is running in the resource manager of the terminal, where the target agent tool is at least one of a pre-configured list of agent tools;
    当所述终端的资源管理器中运行有所述目标代理工具时,确定所述终端正在运行所述代理工具;Determining that the terminal is running the proxy tool when the target agent tool is run in a resource manager of the terminal;
    当所述终端的资源管理器中没有运行任何所述目标代理工具时,确定所述终端没有运行所述代理工具。When the target agent tool is not running in the resource manager of the terminal, it is determined that the terminal does not run the agent tool.
  31. 一种计算机可读存储介质,其特征在于,所述存储介质上存储有一个或多个指令,所述一个或多个指令被执行时用于实现如权利要求1至5任一所述的方法,和/或,如权利要求6至10任一所述的方法。A computer readable storage medium, wherein the storage medium stores one or more instructions, and the one or more instructions are used to implement the method of any one of claims 1 to 5 And/or the method of any of claims 6 to 10.
PCT/CN2018/076072 2017-02-22 2018-02-09 Numerical value transfer method, apparatus, device and storage medium WO2018153288A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710097347.6 2017-02-22
CN201710097347.6A CN108462580B (en) 2017-02-22 2017-02-22 Numerical value transferring method and device

Publications (1)

Publication Number Publication Date
WO2018153288A1 true WO2018153288A1 (en) 2018-08-30

Family

ID=63220703

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/076072 WO2018153288A1 (en) 2017-02-22 2018-02-09 Numerical value transfer method, apparatus, device and storage medium

Country Status (2)

Country Link
CN (1) CN108462580B (en)
WO (1) WO2018153288A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110221925A (en) * 2019-05-13 2019-09-10 平安科技(深圳)有限公司 Processing method, device and the computer equipment of data submission request

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111193595B (en) * 2019-11-28 2023-05-09 腾讯云计算(北京)有限责任公司 Error detection method, device, equipment and storage medium for electronic signature

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117303A1 (en) * 2002-12-16 2004-06-17 Hermogenes Gamboa Apparatus and anonymous payment system (ASAP) for the internet and other networks
CN101378312A (en) * 2007-08-31 2009-03-04 中国电信股份有限公司 Safety payment control system and method based on broadband network
CN102073953A (en) * 2009-11-24 2011-05-25 阿里巴巴集团控股有限公司 On-line payment method and system
CN105955743A (en) * 2016-04-29 2016-09-21 腾讯科技(深圳)有限公司 Resource data transfer request generating method, device and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009005B (en) * 2006-01-24 2013-03-20 中国电信股份有限公司 Method, system and platform for securing safety of payment based on internet
SG10201605288SA (en) * 2011-07-15 2016-08-30 Mastercard International Inc Methods and systems for payments assurance
KR102111809B1 (en) * 2012-03-14 2020-05-18 헤드워터 리서치 엘엘씨 Mobile device activation via dynamically selected access network
CN104902481B (en) * 2015-06-30 2019-05-21 北京奇虎科技有限公司 It is a kind of can in case flow safety nozzle method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117303A1 (en) * 2002-12-16 2004-06-17 Hermogenes Gamboa Apparatus and anonymous payment system (ASAP) for the internet and other networks
CN101378312A (en) * 2007-08-31 2009-03-04 中国电信股份有限公司 Safety payment control system and method based on broadband network
CN102073953A (en) * 2009-11-24 2011-05-25 阿里巴巴集团控股有限公司 On-line payment method and system
CN105955743A (en) * 2016-04-29 2016-09-21 腾讯科技(深圳)有限公司 Resource data transfer request generating method, device and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110221925A (en) * 2019-05-13 2019-09-10 平安科技(深圳)有限公司 Processing method, device and the computer equipment of data submission request

Also Published As

Publication number Publication date
CN108462580A (en) 2018-08-28
CN108462580B (en) 2020-07-07

Similar Documents

Publication Publication Date Title
US9703971B2 (en) Sensitive operation verification method, terminal device, server, and verification system
CN107222485B (en) Authorization method and related equipment
CN111066284B (en) Service certificate management method, terminal and server
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
WO2017211205A1 (en) Method and device for updating whitelist
WO2015035936A1 (en) Identity authentication method, identity authentication apparatus, and identity authentication system
AU2018421189A1 (en) Method for quickly opening application or application function, and terminal
WO2021169382A1 (en) Link test method and apparatus, electronic device and storage medium
EP3176719B1 (en) Methods and devices for acquiring certification document
WO2015185018A1 (en) Item transfer apparatus, system and method
WO2018000370A1 (en) Mobile terminal authentication method and mobile terminal
EP3817322A1 (en) Method for upgrading service application range of electronic identity card, and terminal device
CN111597542B (en) Verification information sharing method and device, electronic equipment and storage medium
CN113821803B (en) Security architecture system, security management method and computing device
CN108737638A (en) Application control method, apparatus, mobile terminal and computer-readable medium
WO2018153288A1 (en) Numerical value transfer method, apparatus, device and storage medium
CN114528598A (en) Method and device for determining file integrity of file system and electronic equipment
CN107577933B (en) Application login method and device, computer equipment and computer readable storage medium
WO2015101254A1 (en) Information interaction method, apparatus and system
CN111209031B (en) Data acquisition method, device, terminal equipment and storage medium
EP4187420A1 (en) Resource management method, computing device, computing equipment, and readable storage medium
KR20140094990A (en) Authentication System of the many users using mobile device and method thereof
CN107229661B (en) Payment method and device
CN110856173A (en) Network access method and device and electronic equipment
CN112418835A (en) Method and related device for testing online bank payment process

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18758058

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18758058

Country of ref document: EP

Kind code of ref document: A1