[go: up one dir, main page]

WO2018153288A1 - Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage - Google Patents

Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage Download PDF

Info

Publication number
WO2018153288A1
WO2018153288A1 PCT/CN2018/076072 CN2018076072W WO2018153288A1 WO 2018153288 A1 WO2018153288 A1 WO 2018153288A1 CN 2018076072 W CN2018076072 W CN 2018076072W WO 2018153288 A1 WO2018153288 A1 WO 2018153288A1
Authority
WO
WIPO (PCT)
Prior art keywords
order
signature
value
tool
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/076072
Other languages
English (en)
Chinese (zh)
Inventor
周菲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tencent Technology Shenzhen Co Ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Publication of WO2018153288A1 publication Critical patent/WO2018153288A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Definitions

  • the embodiments of the present application relate to the field of information security, and in particular, to a method, device, device, and storage medium for transferring values.
  • the payment system When performing a payment operation, usually before the payment is completed, the payment system needs to perform some logic verification on the payment operation, such as mobile phone number verification, verification code verification, and the like.
  • the purpose of the logic check is to confirm whether the payment operation is the user's own operation.
  • the payment system When the payment system performs the payment process, it usually includes multiple interactions between the web page on the terminal and various CGI (Common Gateway Interface) on the server.
  • the CGI includes the identity verification CGI and the payment CGI.
  • the webpage page sends the authentication-related parameters input by the user to the identity verification CGI, and the identity verification CGI verifies the parameters. After the verification succeeds, the identity verification CGI is performed.
  • a confirmation message is returned to the webpage page, and then the webpage page sends the relevant parameters of the payment to the payment CGI, the payment CGI verifies the parameter, the payment operation is completed after the verification is successful, and the payment completed message is returned to the webpage page.
  • proxy tools such as Fiddler
  • the agent tool is usually used by technicians to pay for the development or testing of the scenario.
  • the proxy tool can intercept the identity verification CGI request sent by the webpage page to the server, and then pretend to be The server returns a confirmation message to the web page. In this case, regardless of whether the parameters used for authentication are correct, the webpage page can receive the confirmation message, thereby bypassing the actual authentication process.
  • the proxy tool can The parameters input to the payment CGI are modified so that the payment CGI considers that the previous authentication has been confirmed at the time of verification, so that the web page successfully calls the payment CGI to complete the payment.
  • the payment system may skip some logic verification processes similar to the authentication, and continue to call the payment CGI to complete the payment, thereby causing the ordinary user's account and funds to be unsecured. .
  • the embodiment of the present application provides a method, a device, a device, and a storage medium for a numerical value transfer, which can solve the security problem caused by a malicious user using a proxy tool to skip the logic verification process and continue to call the payment CGI to complete the payment.
  • the technical solution is as follows:
  • a numerical transfer method which is applied to a server, the method comprising:
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • a value transfer method for use in a terminal, the method comprising:
  • the proxy tool is a tool for proxying a resource of the accessed server as a local resource
  • the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • the signature and the order parameter are used to trigger the server to detect whether the signature is correct, and if the signature is correct, if the first predetermined field If the value is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
  • a numerical transfer apparatus comprising:
  • a first detecting module configured to: after receiving an order parameter and a signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each field, the signature being obtained by the order parameter according to a predetermined digital signature rule;
  • a second detecting module configured to: when the first detecting module detects that the signature is correct, detecting whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value, When the value of the first predetermined field is the predetermined value, the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
  • a first sending module configured to send, to the webpage, when the second detecting module detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value The first error code, and prohibiting the execution of the value transfer operation corresponding to the first order.
  • a numerical transfer apparatus comprising:
  • a third detecting module configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
  • An evaluation module configured to: when the third detecting module detects that the device is running the proxy tool, set a value of a first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use a proxy tool;
  • a calculation module configured to calculate a signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • a third sending module configured to send the signature obtained by the calculating module and the order parameter to a server, where the signature and the order parameter are used to trigger the server to detect whether the signature is correct, If the signature is correct, if the value of the first predetermined field is the predetermined value, returning the first error code, and prohibiting the execution of the value transfer operation;
  • a first receiving module configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  • a server including a memory and a processor, the memory storing one or more instructions for executing the one or more instructions to implement the following steps :
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • a terminal comprising: a memory and a processor, the memory storing one or more instructions, and the processor is configured to execute the one or more instructions as follows step:
  • the proxy tool is a tool for proxying a resource of the accessed server as a local resource
  • the value of the first predetermined field is set to a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and other value transfer operation corresponding fields;
  • a computer readable storage medium wherein one or more instructions are stored on the storage medium, and the one or more instructions are executed to implement a server as described above The side value transfer method, and/or the value transfer method on the terminal side as above.
  • the webpage is used to detect whether the terminal uses the proxy tool, the first predetermined field is added to the order parameter sent to the server, and the signature generated by the order parameter is sent to the server, and the server verifies the signature according to the order parameter and the signature, due to the order. After the value of any field in the parameter changes, the generated signature will also change. By verifying the signature, the agent tool can effectively find the modification of the order parameter.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits the continuation.
  • the numerical transfer operation corresponding to the first order is executed, so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • FIG. 1 is a schematic diagram of an implementation environment of a numerical transfer method according to an embodiment of the present application.
  • FIG. 2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application
  • 3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application.
  • FIG. 3B is a flowchart of a method for transferring a value in a payment scenario provided in an embodiment of the present application
  • FIG. 4 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application.
  • Figure 5 is a block diagram showing the structure of a numerical value transfer apparatus provided in an embodiment of the present application.
  • Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of a server provided in an embodiment of the present application.
  • FIG. 8 is a structural block diagram of a terminal provided in an embodiment of the present application.
  • FIG. 1 is a schematic diagram of an implementation environment of a numerical value transfer method according to an embodiment of the present application. As shown in FIG. 1 , the implementation environment includes: a terminal 110, a server 120, and a communication network 130.
  • the terminal 110 has the capability of web browsing.
  • the terminal 110 includes: a desktop computer, a laptop portable computer, a tablet computer, a smart phone, a Point ofsales (POS) terminal, and an MP3 (Moving Picture Experts Group Audio Layer III). ) Player, MP4 player, etc.
  • POS Point ofsales
  • MP3 Motion Picture Experts Group Audio Layer III
  • Server 120 is a platform that provides Internet network services.
  • the server 120 has at least one of a value transfer, a data storage, and a logical check.
  • the server 120 may be a server or a server cluster composed of a plurality of servers. All or part of data between the servers in the server cluster may be shared, and the server 120 may also be a cloud computing service center.
  • the physical implementation manner of the server 120 is not limited in this embodiment of the present application.
  • the terminal 110 and the server 120 are connected by a communication network 130.
  • communication network 130 can be a wired communication network or a wireless communication network.
  • a web page 111 is run on the browser or application of the terminal 110, and the web page 111 has the ability to provide a numerical transfer operation.
  • the web page 111 can also be referred to as a web client.
  • the numerical transfer refers to the transfer of the resource of the specified value between the first account A and the second account B, such as transferring from the first account A to the second account B.
  • the value transfer includes at least one of payment, recharge, transfer, and repayment.
  • the webpage page 111 is implemented as at least one of a payment page, a recharge page, a transfer page, and a repayment page.
  • the server 120 runs a variety of CGIs (Common Gateway Interfaces). This embodiment uses the identity verification CGI 121 and the payment CGI 122 on the server 120 as an example.
  • the CGI is physically a program running on the server 120.
  • the CGI can be specifically divided into different types of CGIs, such as the identity verification CGI 121 and the payment CGI 122 shown in FIG.
  • the identity verification CGI 121 is a program on the server 120 for implementing the identity verification function
  • the payment CGI 122 is a program on the server 120 for implementing the payment function.
  • the server 120 searches for the corresponding CGI according to the call request, and sends the call request to the found CGI for processing. After processing, the CGI sends the processing result to the server 120.
  • the server 120 returns the processing result to the web page 111.
  • the terminal 110 is an example of a PC (Personal Computer).
  • the value transfer operation involves the user's property security.
  • the server 120 completes the value transfer operation, the user also needs to send an identity verification request to the server 120 through the terminal 110 to ensure that the value transfer operation is performed by the person.
  • the user opens a webpage page 111 on the terminal 110.
  • the webpage 111 After the user fills in the authentication information, the webpage 111 generates an identity verification request according to the parameters in the filled identity verification information, and sends the identity verification request to the server. 120.
  • the server 120 After receiving the identity verification request, the server 120 sends an identity verification request to the identity verification CGI 121, and the identity verification CGI 121 verifies the parameters in the identity verification request.
  • the identity verification CGI 121 feeds back the verification success message to the server 120, and the server 120 returns the verification success message to the webpage page 111.
  • the webpage page 111 is based on the value filled in by the user.
  • the transfer related parameter generates a value transfer request, and the value transfer request is sent to the server 120.
  • the server 120 sends the value transfer request to the payment CGI 122, and the payment CGI 122 checks the value transfer parameter to ensure that the value is transferred.
  • the value transfer operation is performed, and the value is transferred.
  • the payment CGI 122 feeds back the value transfer success message to the server 120, and the server 120 returns a value transfer success message to the web page 111, and the web page 111 displays a notification of successful numerical transfer on the terminal 110.
  • the proxy tool 112 is also run on the terminal 110.
  • the agent tool 112 is a tool that proxyes the resources of the server 120 being accessed as a local resource. When the web page 111 requests the resource, the proxy tool 112 will call the local resource.
  • the agent tool 112 is typically used by technicians in development or testing to simulate different scenarios and save development costs.
  • the common proxy tool 112 has Fiddler, which has at least one of forwarding, proxy, host management, setting breakpoints, CGI scanning, modifying input parameters, modifying return parameters, and simulating network speed.
  • the web page 111 sends an authentication request to the identity verification CGI 121. Since the proxy tool 112 can proxy the resource of the server 120 as a local resource, the authentication request is Instead of being sent to the identity verification CGI 121, the local resource is invoked and the proxy tool 112 pretends that the server 120 returns a verification success message to the web page 111. In this case, regardless of whether the authentication information entered in the web page 111 is correct, the web page 111 can receive the verification success message, thereby bypassing the actual authentication process.
  • the proxy tool 112 can modify the parameters sent to the payment CGI 122 such that upon receipt of the payment request, the payment CGI 122 is
  • the verification result of the parameter confirms that the verification logic (such as identity verification) before this step has been confirmed, so that other verification of the payment logic is continued, and the value transfer is completed.
  • a verification process for whether the terminal 110 is running the agent tool 112 is added to the web page 111 and the payment CGI 122.
  • FIG. 2 is a flow chart of a method for a numerical value transfer method provided in an embodiment of the present application, which is illustrated by the application in the implementation environment shown in FIG. 1.
  • the numerical transfer method may include:
  • Step 201 When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
  • the browser in the terminal (or the built-in browser of the application) runs a web page.
  • This web page can also be referred to as a web client.
  • a proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
  • a web page is a page that needs to detect whether or not to run a proxy tool.
  • the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
  • Step 202 When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, and the first predetermined field is used to indicate whether to use the proxy tool.
  • a first predetermined field is added to the payment request sent by the web page to the payment CGI, and the first predetermined field is used to indicate whether to use the proxy tool.
  • Step 203 The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, and the order parameter includes a first predetermined field and other value transfer operation corresponding fields.
  • the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field is calculated according to a predetermined digital signature rule.
  • the predetermined digital signature rule may be an MD5 signature.
  • the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user.
  • the MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature.
  • the first predetermined field is added to the field of the calculated signature.
  • the webpage may also be digitally signed using 3des.
  • the difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature.
  • the web page is a first predetermined field added after the signature is generated and an MD5 signature generated according to the specified key.
  • Step 204 The webpage page sends the signature and the order parameter of the first order to the server.
  • the order parameters before the signature are also sent to the server, and the payment CGI in the server verifies the signature correctly according to the order parameters and the signature.
  • the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server.
  • the server After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI.
  • the processing result After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
  • step 205 For the specific implementation of the payment request sent by the CGI processing webpage, please refer to step 205 to step 207.
  • Step 205 After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
  • the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
  • Step 206 When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter of the first order, and the value of the first predetermined field is a predetermined value.
  • the first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
  • the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
  • Step 207 When the order parameter of the first order includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer corresponding to the first order. operating.
  • the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order.
  • Step 208 The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
  • the web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
  • the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • interaction between the terminal and the server in this embodiment may be directly understood as the interaction between the web page and the payment CGI.
  • the value transfer method detects whether the terminal uses the proxy tool through the webpage page, adds a first predetermined field to the order parameter sent to the server, and sends the signature generated by the order parameter to the server.
  • the server verifies the signature according to the order parameters and the signature. Since the value of any field in the order parameter changes, the generated signature also changes. By verifying the signature, the proxy tool can effectively find the order parameter. modify.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution.
  • the value transfer operation corresponding to the first order so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • FIG. 3A is a flowchart of a method for a numerical value transfer method provided in another embodiment of the present application, which is exemplified in the implementation environment shown in FIG. 1.
  • the numerical transfer method may include:
  • Step 301 When the terminal opens the webpage page, the webpage page detects whether the terminal is running the proxy tool.
  • a proxy tool is a tool that proxies the resources of a server being accessed as a local resource.
  • a web page is a page that needs to detect whether or not to run a proxy tool.
  • the webpage page is used to provide a value transfer operation, and the webpage page includes at least one of a payment page, a top-up page, a transfer page, and a repayment page.
  • the login page when the login page is opened on the terminal, the login page may also detect whether the terminal is running the proxy tool. That is, the web page may also include a login page.
  • the web page detects whether the terminal is running the proxy tool, and can be implemented in the following manner:
  • the web page detects whether the target agent tool is running in the resource manager of the terminal.
  • the target agent tool is at least one of a list of pre-configured agent tools. There may be a variety of agent tools.
  • the web page pre-configures the names of a series of agent tools into a list of agent tools, and then queries the resource manager according to the list of agent tools to see if the target agent tool on the agent tool list is running.
  • the web page determines that the terminal is running the agent tool.
  • the terminal may run an agent tool or multiple agent tools at the same time.
  • the web page detects that any agent tool in the agent tool list is running, it can confirm that the terminal is running the agent tool.
  • the web page determines that the terminal does not run the agent tool.
  • the terminal is not running the agent tool only when the terminal does not run the agent tool in the list of agent tools.
  • Step 302 When the terminal is running the proxy tool, the webpage page causes the value of the first predetermined field to be a predetermined value, so that the value of the second predetermined field is the name of the proxy tool, and the first predetermined field is used to indicate whether to use the proxy tool, The second predetermined field is used to indicate the name of the agent tool used.
  • a first predetermined field and a second predetermined field are added to the payment request sent by the web page to the payment CGI, respectively, to indicate whether to use the proxy tool and the name of the proxy tool used.
  • the first predetermined field is agent_tool
  • the second predetermined field is an optional field.
  • Step 303 The webpage page calculates the signature of the order parameter of the first order according to a predetermined digital signature rule, where the order parameter includes a first predetermined field, a second predetermined field, and other value transfer operation corresponding fields.
  • the calculation signature is within a predetermined time period prior to the submission of the first order, typically a predetermined time period is shorter. For example, after the user fills in the number of value transfer corresponding to the first order and the information of the transfer account on the webpage page, when the confirmation control on the webpage page is triggered, the webpage page is based on each field corresponding to the information filled in by the user and the first The predetermined field and the second predetermined field are calculated according to a predetermined digital signature rule.
  • the predetermined digital signature rule may be an MD5 signature.
  • the MD5 signature selects some specific parameters from the user's order parameters according to a certain order and adds the key value that is not visible to the external user.
  • the MD5 signature is irreversible, that is, the user cannot calculate the parameters before the signature inversely based on the MD5 signature.
  • the first predetermined field and the second predetermined field are added to the field for calculating the signature (or only the first predetermined field is added).
  • the webpage may also be digitally signed using 3des.
  • the difference between the 3des and the MD5 signature is that the encryption of the 3des is reversible, and the CGI can decrypt the digital signature by the key to obtain the parameters before the signature.
  • the web page is to add the first predetermined field and the second predetermined field after generating the signature and the MD5 signature generated according to the specified key.
  • step 304 the web page sends the signature and order parameters to the payment CGI.
  • the process of sending the signature and order parameters to the payment CGI on the web page is the process of calling the payment CGI.
  • the order parameters before the signature are also sent to the payment CGI, and the payment CGI verifies that the signature is correct according to the order parameters and the signature.
  • the webpage generates a payment request according to the signature and the order parameter, and the webpage sends the payment request to the server.
  • the server After receiving the payment request sent by the webpage, the server sends the payment request to the corresponding payment CGI for processing, and pays the CGI.
  • the processing result After processing the payment request, the processing result is sent to the server, and the server sends the processing result to the webpage page.
  • Step 305 After receiving the order parameter and signature of the first order sent by the webpage page, the payment CGI detects whether the signature is correct according to the order parameter and the signature.
  • the payment CGI needs to verify that the order parameters or signatures have been modified by verifying that the signatures are correct.
  • detecting the correctness of the signature can be achieved by:
  • the payment CGI calculates the verification signature according to the predetermined digital signature rule according to the order parameter.
  • the MD5 signature is irreversible, the payment CGI needs to calculate the signature according to the order parameter according to the same predetermined digital signature rule as the webpage page.
  • the signature is a verification signature, and the signature is determined by comparing the verification signature with the received signature. Whether the order parameters have been modified.
  • Step 306 when determining the signature error, the payment CGI sends a second error code to the webpage page, and prohibits the execution of the numerical transfer operation corresponding to the first order.
  • the payment CGI determines the signature error, it indicates that the payment CGI does not pass the verification of the signature, so the payment CGI sends a second error code error to the webpage page.
  • Step 307 The webpage page receives a second error code sent by the server, and the second error code is used to prompt a signature error and prohibits the execution of the value transfer operation.
  • the webpage pops up a prompt window according to the second error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • step 305 if the signature is correct, the payment CGI needs to proceed to step 308.
  • Step 308 When the signature is correct, the payment CGI detects whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value.
  • the first predetermined field is used to indicate whether to use the proxy tool, and the value of the first predetermined field indicates that the proxy tool is used when the value is a predetermined value.
  • the payment CGI needs to detect whether the first predetermined field agent_tool is included in the order parameter, and whether the value of the first predetermined field is a predetermined value of 1.
  • Step 309 when the order parameter includes the first predetermined field and the value of the first predetermined field is a predetermined value, the payment CGI records the order number of the first order in the database of the server, and marks the first order corresponding to the order number as the target order. .
  • the order number is used to uniquely identify the first order, and the target order is a value transfer order using the agent tool.
  • Step 310 The payment CGI sends the first error code to the webpage page, and prohibits the execution of the value transfer operation corresponding to the first order.
  • the first error code is sent to the webpage page, and the webpage page is prohibited from continuing to perform the numerical transfer operation corresponding to the first order.
  • Step 311 The webpage page receives a first error code sent by the server, where the first error code is used to prompt to prohibit the execution of the value transfer operation.
  • the web page obtains a message prohibiting the execution of the value transfer operation by parsing the first error code.
  • the webpage pops up a prompt window according to the first error code, and the prompt window is used to prompt the user to prohibit the value transfer operation from continuing.
  • the malicious user may submit the same value transfer order again through the webpage page, and it is possible to re-modify the parameters through the proxy tool.
  • the web page pop-up prompt window prompts the user to prohibit the value transfer operation from being performed
  • the malicious user may directly close the prompt window, confirm that the control is triggered again, and the web page sends the value transfer order to the payment CGI again.
  • a malicious user replaces a terminal, reopens the web page, and resubmits the value transfer order that was previously submitted but not completed. In both cases, the order number of the resubmitted value transfer order does not change. For this type of order, the payment CGI is verified by the following steps.
  • Step 312 When submitting the second order, the webpage page sends the signature and order parameters of the second order to the payment CGI, and the order parameter of the second order further includes the order number of the second order.
  • the order number of the second order is used to uniquely identify the second order.
  • the second order is a value transfer order that has been submitted but not completed.
  • Step 313 when receiving the submit request of the second order, the payment CGI queries the database whether the second order belongs to the target order according to the order number of the second order.
  • the payment CGI checks whether the second order belongs to the marked target order according to the order number of the second order.
  • Step 314 when the second order belongs to the target order, the payment CGI sends the first error code to the webpage page.
  • the payment CGI directly sends a first error code error to the webpage page.
  • Step 315 the webpage page receives the first error code sent by the payment CGI.
  • the webpage page pops up the corresponding prompt window by parsing the first error code, and is used to prompt the user to prohibit the value transfer operation from continuing.
  • the method further includes step 316.
  • Step 316 when the signature is correct and there is no first predetermined field in the order parameter, or when the signature is correct and the value of the first predetermined field is not a predetermined value, the other verification process of the normal value transfer is continued.
  • the other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether or not the payment authority is available.
  • the web page does not send the first predetermined field and the second predetermined field to the payment CGI, or the web page is sent.
  • the payment CGI supports a configuration switch.
  • the switch When the switch is turned on, the payment CGI needs to detect whether there is a first predetermined field in the order parameter indicating whether the terminal uses the proxy tool.
  • the webpage page on the terminal needs to detect whether the proxy tool is running in the terminal through the resource manager, and then add a first predetermined field in the order parameter, or add a first predetermined field and a second predetermined field.
  • the switch When the switch is turned off, the payment CGI does not detect the first predetermined field in the order parameter, and correspondingly, the web page does not detect whether the proxy tool is running in the terminal.
  • the switch is in the CGI configuration file, and the technician must log in to the server to control the switch. Therefore, the switch is only controlled by a technician, and the ordinary user cannot control the switch.
  • the technician turned off the switch during testing and development because of the need to use the agent tool.
  • the switch is turned on to detect whether the terminal is running the proxy tool in the actual payment environment.
  • the numerical value transfer method provided in this embodiment can also be represented as a flowchart shown in FIG. 3B in the payment scenario.
  • S301 is first executed to open a webpage page; then, S302 is executed, and the webpage page checks the resource manager process of the terminal; then, S303 is executed to determine whether the terminal uses the proxy tool; if the result of the determination in S303 is no, the webpage is executed.
  • S3089 is executed, and the payment CGI returns a second error code; then the webpage page executes S310, and the webpage page displays the first page popup window, the first page A page pop-up window can display prompt text: signature error, unable to continue to pay.
  • S311 is performed, and the payment CGI determines whether the first predetermined field agent_tool is equal to 1; if the determination result of S311 is YES, that is, the agent_tool is equal to 1, executing S312, the payment CGI returns the first error code, The first error code is used to indicate that the numerical value transfer operation is prohibited from being performed; then, in S313, the webpage page displays the second page popup window, and the second page popup window can display the prompt text: prohibiting payment, unable to continue to pay; if the judgment result of S311 If no, execute S314, that is, agent_tool is equal to 0, and pay the CGI to perform other verification of the payment logic.
  • the value transfer method detects whether the terminal uses the proxy tool through the webpage page, adds the first predetermined field and the second predetermined field to the order parameter sent to the server, and generates the order parameter.
  • the signature is sent to the server, and the server verifies the signature according to the order parameter and the signature. Since the value of any field in the order parameter changes, the generated signature also changes, and the signature can be effectively verified by verifying the signature.
  • the tool modifies the order parameters.
  • the server detects that the first predetermined field is included in the order parameter and the value of the first predetermined field is a predetermined value, that is, when the server detects that the terminal performs the numerical transfer operation corresponding to the first order, the terminal uses the proxy tool, and the server prohibits execution.
  • the value transfer operation corresponding to the first order so that the numerical user transfer operation by the proxy tool is prohibited, and the effect of protecting the account and property security of the ordinary user is achieved.
  • the numerical value transfer method provided in this embodiment further prohibits the execution of the value transfer operation by the payment CGI when the signature is incorrect, so that when the order parameter or the signature changes, the numerical transfer operation is prohibited, and the account and property security of the ordinary user are protected. .
  • the value transfer method provided by the embodiment further records the order number of the first order into the database by detecting the first order as the value of the agent tool when the payment CGI detects the order, and marks the first order as the target order. If a second order with the same order number is submitted, the payment CGI can query the database according to the order number and quickly determine that the second order is a value transfer order using the agent tool.
  • the numerical value transfer method provided by the embodiment further performs the execution when the signature verification is correct and the first predetermined field is not included in the order parameter or when the signature verification is correct and the first predetermined field in the order parameter is not a predetermined value.
  • the other verification flow of the numerical transfer operation enables the numerical transfer order request of the terminal that does not use the proxy tool to be executed normally.
  • the value transfer device may include: a first detection module 410, a second detection module 420, and a first transmission module 430.
  • the first detecting module 410 is configured to: after receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, where the order parameter includes a signature a parameter value of each of the preceding fields, the signature being obtained by the order parameter according to a predetermined digital signature rule;
  • the second detecting module 420 is configured to detect, when the first detecting module detects that the signature is correct, whether the first predetermined field is included in the order parameter, and the value of the first predetermined field is a predetermined value.
  • the terminal uses the proxy tool, and the proxy tool refers to a tool that proxyes the resource of the accessed server as a local resource;
  • the first sending module 430 is configured to: when the second detecting module detects that the first predetermined field is included in the order parameter, and the value of the first predetermined field is the predetermined value, to the webpage page Sending the first error code and prohibiting the execution of the value transfer operation corresponding to the first order.
  • the first detecting module 410 includes: a calculating unit, configured to calculate a verification signature according to the predetermined digital signature rule according to the order parameter; and a detecting unit, configured to detect the signature and Whether the verification signature obtained by the calculating unit is consistent; the first determining unit is configured to determine that the signature is correct when the detecting unit detects that the signature is consistent with the verification signature.
  • the apparatus further includes: a second determining unit 442, configured to determine, when the detecting unit detects that the signature is inconsistent with the verification signature,
  • the second sending module 444 is configured to: when the second determining unit determines the signature error, send a second error code to the webpage page, and prohibit performing the numerical transfer corresponding to the first order operating.
  • the device further includes: a marking module 462, configured to record an order number of the first order in a database of the device, and mark the order number corresponding to The first order is a target order, the order number of the first order is used to uniquely identify the first order, the target order is a value transfer order using a proxy tool; and the query module 464 is configured to receive When the second order is submitted, the database is queried according to the order number of the second order whether the second order belongs to the target order marked by the marking module; the first sending module 430 further And when the query module queries that the second order belongs to the target order, sending the first error code to the webpage page.
  • a marking module 462 configured to record an order number of the first order in a database of the device, and mark the order number corresponding to The first order is a target order, the order number of the first order is used to uniquely identify the first order, the target order is a value transfer order using a proxy tool
  • the query module 464 is configured to receive When the second order is submitted, the database is queried according to
  • the apparatus further includes: a verification module 480, configured to: when the first detection module detects that the signature is correct and the second detection module detects that the order parameter is not When the first predetermined field is detected, or when the first detecting module detects that the signature is correct and the second detecting module detects that the value of the first predetermined field is not the predetermined value, continuing to perform normal
  • the other verification process of the value transfer includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  • Figure 6 is a block diagram showing the structure of a numerical value transfer device provided in another embodiment of the present application, which is exemplified in the terminal 110 shown in Figure 1.
  • the value transfer device may include: a third detection module 618, an evaluation module 620, a calculation module 630, a third transmission module 640, and a first receiving module 650.
  • the third detecting module 618 is configured to detect, when the webpage is opened, whether the device is running a proxy tool, where the proxy tool is a tool that proxyes resources of the accessed server as local resources;
  • An evaluation module 620 configured to: when the third detecting module 610 detects that the device is running the proxy tool, set a value of the first predetermined field to a predetermined value, where the first predetermined field is used to indicate whether to use the proxy tool;
  • a calculation module 630 configured to calculate, by using a predetermined digital signature rule, an order parameter of the first order, where the order parameter includes the first predetermined field and another value transfer operation corresponding field;
  • a third sending module 640 configured to send the signature obtained by the calculating module and the order parameter to a server
  • the first receiving module 650 is configured to receive the first error code sent by the server, where the first error code is used to prompt to prohibit execution of the value transfer operation.
  • the evaluation module 620 is further configured to: when the device is running the proxy tool, set a value of the second predetermined field to a name of the proxy tool, the second predetermined The field is an order parameter in the first order.
  • the apparatus further includes:
  • the second receiving module 660 is configured to receive a second error code sent by the server, where the second error code is used to prompt the signature error and prohibit to continue to perform the value transfer operation.
  • the third sending module 640 is configured to send a signature of the second order and an order parameter to the server when the second order is submitted, the order of the second order
  • the parameter further includes an order number of the second order, the order number of the second order is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query the database Whether the second order belongs to the target order, and the target order is a value transfer order using the agent tool;
  • the first receiving module 650 is further configured to receive the first error code sent by the server, where the first error code is sent by the server when querying that the second order belongs to the target order .
  • the third detecting module 618 includes: a detecting unit, configured to detect whether a target agent tool is run in a resource manager of the device, where the target agent tool is a pre-configured agent At least one of the tool list; the third determining unit, configured to: when the detecting unit detects that the target agent tool is run in the resource manager of the device, determine that the device is running the agent tool; And a determining unit, configured to determine that the device does not run the proxy tool when the detecting unit detects that the target agent tool is not running in the resource manager of the device.
  • the numerical value transfer device provided in the above embodiment is only exemplified by the division of the above functional modules when transferring the numerical value. In actual applications, the above functional distribution can be completed by different functional modules as needed. The internal structure of the terminal or server is divided into different functional modules to complete all or part of the functions described above.
  • the numerical value transfer device and the numerical value transfer method are provided in the same embodiment, and the specific implementation process is described in detail in the method embodiment, and details are not described herein again.
  • FIG. 7 is a schematic structural diagram of a server provided in an embodiment of the present application.
  • the server can be the server 120 shown in FIG.
  • the server 600 includes a central processing unit (CPU) 601, a system memory 604 including a random access memory (RAM) 602 and a read only memory (ROM) 603, and a system bus that connects the system memory 604 and the central processing unit 601. 605.
  • the server 600 also includes a basic input/output system (I/O system) 606 that facilitates transfer of information between various devices within the computer, and mass storage for storing the operating system 613, applications 614, and other program modules 615.
  • I/O system basic input/output system
  • the basic input/output system 606 includes a display 608 for displaying information and an input device 609 such as a mouse or keyboard for user input of information.
  • the display 608 and input device 609 are both connected to the central processing unit 601 by an input/output controller 610 that is coupled to the system bus 605.
  • the basic input/output system 606 can also include an input output controller 610 for receiving and processing input from a plurality of other devices, such as a keyboard, mouse, or electronic stylus.
  • input/output controller 610 also provides output to a display screen, printer, or other type of output device.
  • the mass storage device 607 is connected to the central processing unit 601 by a mass storage controller (not shown) connected to the system bus 605.
  • the mass storage device 607 and its associated computer readable medium provide non-volatile storage for the server 600. That is, the mass storage device 607 can include a computer readable medium (not shown) such as a hard disk or a CD-ROM drive.
  • the computer readable medium can include computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
  • Computer storage media include RAM, ROM, EPROM, EEPROM, flash memory or other solid state storage technologies, CD-ROM, DVD or other optical storage, tape cartridges, magnetic tape, magnetic disk storage or other magnetic storage devices.
  • RAM random access memory
  • ROM read only memory
  • EPROM Erasable programmable read-only memory
  • EEPROM electrically erasable programmable read-only memory
  • the server 600 may also be operated by a remote computer connected to the network through a network such as the Internet. That is, the server 600 can be connected to the network 612 through a network interface unit 611 connected to the system bus 605, or can also be connected to other types of networks or remote computer systems (not shown) using the network interface unit 611. .
  • the system memory 604 also includes one or more programs, the one or more programs being stored in the system memory 604, and the central processing unit 601 implementing the server in the method embodiment by executing the one or more programs.
  • Side value transfer method Exemplary:
  • the central processing unit 601 is configured to execute the one or more instructions to implement the following steps:
  • the order parameter After receiving the order parameter and the signature of the first order sent by the webpage page in the terminal, detecting whether the signature is correct according to the order parameter and the signature, the order parameter includes a parameter value of each field before the signature, The signature is obtained by the order parameter according to a predetermined digital signature rule;
  • the terminal uses a proxy tool, which refers to a tool that proxyes the resources of the accessed server as a local resource;
  • the first predetermined field When the first predetermined field is included in the order parameter and the value of the first predetermined field is the predetermined value, sending a first error code to the webpage page, and prohibiting execution of the first order correspondence The value transfer operation.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the second error code is sent to the web page, and the numerical transfer operation corresponding to the first order is prohibited from continuing.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the target order is a value transfer order using a proxy tool
  • the method further includes:
  • the first error code is sent to the webpage page.
  • the central processing unit 601 is further configured to execute the one or more instructions to implement the following steps:
  • the other verification process includes at least one of verifying the commission, verifying whether the payment is successful, and verifying whether the payment authority is available.
  • the terminal 700 is configured to implement the numerical value transfer method provided by the foregoing embodiment.
  • the terminal 700 in this application may include one or more of the following components: a processor for executing computer program instructions to perform various processes and methods for information and storage of program instructions, random access memory (RAM), and read-only Memory (ROM), memory for storing data and information, I/O devices, interfaces, antennas, etc.
  • RAM random access memory
  • ROM read-only Memory
  • the terminal 700 may include an RF (Radio Frequency) circuit 710, a memory 720, an input unit 730, a display unit 740, a sensor 750, an audio circuit 760, a WiFi (Wireless Fidelity) module 770, a processor 780, and a power supply 782. , camera 790 and other components.
  • RF Radio Frequency
  • FIG. 8 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or a combination of certain components, or different component arrangements.
  • the RF circuit 710 can be used for transmitting and receiving information or during a call, and receiving and transmitting the signal. Specifically, after receiving the downlink information of the base station, the processor 780 processes the data. In addition, the uplink data is designed to be sent to the base station.
  • RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, an LNA (Low Noise Amplifier), a duplexer, and the like.
  • RF circuitry 710 can also communicate with the network and other devices via wireless communication. The wireless communication may use any communication standard or protocol, including but not limited to GSM (Global System of Mobile communication), GPRS (General Packet Radio Service), CDMA (Code Division Multiple Access). , Code Division Multiple Access), WCDMA (Wideband Code Division Multiple Access), LTE (Long Term Evolution), e-mail, SMS (Short Messaging Service), and the like.
  • the memory 720 can be used to store software programs and modules, and the processor 780 executes various functional applications and data processing of the terminal 700 by running software programs and modules stored in the memory 720.
  • the memory 720 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to The data created by the use of the terminal 700 (such as audio data, phone book, etc.) and the like.
  • memory 720 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 730 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the terminal 700.
  • the input unit 730 may include a touch panel 731 and other input devices 732.
  • the touch panel 731 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 731 or near the touch panel 731. Operation), and drive the corresponding connecting device according to a preset program.
  • the touch panel 731 can include two parts: a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 780 is provided and can receive commands from the processor 780 and execute them.
  • the touch panel 731 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 730 may also include other input devices 732.
  • other input devices 732 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
  • the display unit 740 can be used to display information input by the user or information provided to the user and various menus of the terminal 700.
  • the display unit 740 can include a display panel 741.
  • the display panel 741 can be configured in the form of an LCD (Liquid Crystal Display), an OLED (Organic Light-Emitting Diode), or the like.
  • the touch panel 731 can cover the display panel 741. When the touch panel 731 detects a touch operation on or near the touch panel 731, it transmits to the processor 780 to determine the type of the touch event, and then the processor 780 according to the touch event. The type provides a corresponding visual output on display panel 741.
  • touch panel 731 and the display panel 741 are used as two independent components to implement the input and input functions of the terminal 700 in FIG. 7, in some embodiments, the touch panel 731 can be integrated with the display panel 741. The input and output functions of the terminal 700 are implemented.
  • Terminal 700 can also include at least one type of sensor 750, such as a gyro sensor, a magnetic induction sensor, a light sensor, a motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 741 according to the brightness of the ambient light, and the proximity sensor may close the display panel 741 when the terminal 700 moves to the ear. / or backlight.
  • the acceleration sensor can detect the magnitude of acceleration in each direction (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity. It can be used to identify the attitude of the terminal (such as horizontal and vertical screen switching, related games).
  • magnetometer attitude calibration magnetometer attitude calibration
  • vibration recognition related functions such as pedometer, tapping
  • other sensors such as barometers, hygrometers, thermometers, infrared sensors, etc., which can also be configured in the terminal 700, are not described here.
  • An audio circuit 760, a speaker 761, and a microphone 762 can provide an audio interface between the user and the terminal 700.
  • the audio circuit 760 can transmit the converted electrical data of the received audio data to the speaker 761 for conversion to the sound signal output by the speaker 761; on the other hand, the microphone 762 converts the collected sound signal into an electrical signal by the audio circuit 760. After receiving, it is converted into audio data, and then processed by the audio data output processor 780, transmitted to the terminal, for example, via the RF circuit 710, or the audio data is output to the memory 720 for further processing.
  • WiFi is a short-range wireless transmission technology
  • the terminal 700 can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 770, which provides wireless broadband Internet access for users.
  • FIG. 8 shows the WiFi module 770, it can be understood that it does not belong to the essential configuration of the terminal 700, and may be omitted as needed within the scope of not changing the essence of the disclosure.
  • Processor 780 is the control center of terminal 700, which connects various portions of the entire terminal using various interfaces and lines, by running or executing software programs and/or modules stored in memory 720, and recalling data stored in memory 720, The various functions and processing data of the terminal 700 are performed to perform overall monitoring of the terminal.
  • the processor 780 may include one or more processing units; preferably, the processor 780 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
  • the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 780.
  • the terminal 700 also includes a power source 782 (such as a battery) for powering various components.
  • a power source 782 (such as a battery) for powering various components.
  • the power source can be logically coupled to the processor 780 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the camera 790 is generally composed of a lens, an image sensor, an interface, a digital signal processor, a CPU, a display screen, and the like.
  • the lens is fixed above the image sensor, and the focus can be changed by manually adjusting the lens;
  • the image sensor is equivalent to the "film" of the conventional camera, and is the heart of the image captured by the camera;
  • the interface is used to connect the camera with the cable and the board to the board.
  • the spring-type connection mode is connected to the terminal board, and the collected image is sent to the memory 720;
  • the digital signal processor processes the acquired image through a mathematical operation, converts the collected analog image into a digital image, and sends the image to the interface Memory 720.
  • the terminal 700 may further include a Bluetooth module or the like, and details are not described herein again.
  • the memory 720 further includes one or more programs, the one or more programs are stored in a memory, and the processor 780 implements the value transfer method on the terminal side in the foregoing method embodiment by executing the one or more programs.
  • the processor 780 is configured to execute the one or more instructions to implement the following steps:
  • the proxy tool is a tool for proxying resources of the accessed server as a local resource; when the terminal is running the proxy tool, making the first
  • the predetermined field value is a predetermined value, the first predetermined field is used to indicate whether to use the proxy tool;
  • the order parameter of the first order is calculated according to a predetermined digital signature rule, and the order parameter includes the first predetermined field and The other value transfer operation corresponding field; sending the signature and the order parameter to the server; receiving the first error code sent by the server, the first error code being used to prompt to prohibit execution of the Numerical transfer operation.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the value of the second predetermined field is the name of the agent tool, and the second predetermined field is an order parameter in the first order.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the second error code is used to prompt the signature error and prohibit to continue performing the value transfer operation.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the order parameter of the second order further includes an order number of the second order, and an order of the second order The number is used to uniquely identify the second order, and the order number of the second order is used to trigger the server to query in the database whether the second order belongs to a target order, and the target order is a value transfer using a proxy tool.
  • receiving the first error code sent by the server where the first error code is sent by the server when querying that the second order belongs to the target order.
  • processor 780 is further configured to execute the one or more instructions to implement the following steps:
  • the target agent tool is at least one of a pre-configured list of agent tools; when the target agent tool is run in a resource manager of the terminal Determining that the terminal is running the proxy tool; when any of the target proxy tools are not running in the resource manager of the terminal, determining that the terminal is not running the proxy tool.
  • the embodiment of the present application further provides a computer readable storage medium, which may be a computer readable storage medium included in the memory in the foregoing embodiment, or may exist separately, not assembled into a terminal or A computer readable storage medium in a server.
  • the computer readable storage medium stores one or more programs that are used by one or more processors to perform the terminal side and/or server side numerical transfer methods described above.
  • a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
  • the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

L'invention concerne un procédé, un appareil et un dispositif de transfert de valeur numérique, et un support de stockage, se rapportant au domaine de la sécurité des informations. Le procédé comprend les étapes suivantes : après réception d'un paramètre d'ordre et d'une signature d'un premier ordre envoyé par une page Web, détection si la signature est correcte conformément au paramètre d'ordre et à la signature; lorsque la signature est correcte, détection si le paramètre d'ordre contient un premier champ prédéfini et la valeur du premier champ prédéfini est une valeur numérique prédéfinie; lorsque le paramètre de commande contient le premier champ prédéfini et que la valeur du premier champ prédéfini est la valeur numérique prédéfinie, envoi d'un premier code d'erreur à la page Web et interdiction de la poursuite de l'exécution de l'opération de transfert de valeur numérique correspondant au premier ordre. La présente invention peut résoudre le problème, dans un scénario de paiement réel, d'un compte et de fonds d'un utilisateur qui ne sont pas sécurisés lorsqu'un outil proxy est utilisé pour contourner une partie d'une procédure de vérification logique, et un CGI de paiement est programmé en continu pour achever le paiement, ce qui a pour effet que lorsqu'un outil proxy est utilisé dans un scénario de paiement réel, l'exécution d'une opération de paiement est interdite, et la sécurité du compte et des fonds de l'utilisateur est protégée.
PCT/CN2018/076072 2017-02-22 2018-02-09 Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage Ceased WO2018153288A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710097347.6A CN108462580B (zh) 2017-02-22 2017-02-22 数值转移方法及装置
CN201710097347.6 2017-02-22

Publications (1)

Publication Number Publication Date
WO2018153288A1 true WO2018153288A1 (fr) 2018-08-30

Family

ID=63220703

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/076072 Ceased WO2018153288A1 (fr) 2017-02-22 2018-02-09 Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage

Country Status (2)

Country Link
CN (1) CN108462580B (fr)
WO (1) WO2018153288A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110221925A (zh) * 2019-05-13 2019-09-10 平安科技(深圳)有限公司 数据提交请求的处理方法、装置和计算机设备
CN113821398A (zh) * 2021-01-15 2021-12-21 北京沃东天骏信息技术有限公司 数据监控方法、系统及非瞬时性计算机可读存储介质

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110716930A (zh) * 2019-09-02 2020-01-21 深圳壹账通智能科技有限公司 数值转移方法、装置、计算机设备和存储介质
CN111193595B (zh) * 2019-11-28 2023-05-09 腾讯云计算(北京)有限责任公司 电子签名的错误检测方法、装置、设备和存储介质

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117303A1 (en) * 2002-12-16 2004-06-17 Hermogenes Gamboa Apparatus and anonymous payment system (ASAP) for the internet and other networks
CN101378312A (zh) * 2007-08-31 2009-03-04 中国电信股份有限公司 基于宽带网络的安全支付控制系统和方法
CN102073953A (zh) * 2009-11-24 2011-05-25 阿里巴巴集团控股有限公司 一种网上支付方法及系统
CN105955743A (zh) * 2016-04-29 2016-09-21 腾讯科技(深圳)有限公司 资源数值转移请求生成的方法、装置和系统

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101009005B (zh) * 2006-01-24 2013-03-20 中国电信股份有限公司 保障基于互联网的支付安全的方法、系统和平台
WO2013012671A1 (fr) * 2011-07-15 2013-01-24 Mastercard International, Inc. Procédés et systèmes d'assurance de paiements
WO2013138532A1 (fr) * 2012-03-14 2013-09-19 Headwater Partners I Llc Activation d'un dispositif mobile via un réseau d'accès sélectionné de façon dynamique
CN104902481B (zh) * 2015-06-30 2019-05-21 北京奇虎科技有限公司 一种可以免流量的安全接管方法

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040117303A1 (en) * 2002-12-16 2004-06-17 Hermogenes Gamboa Apparatus and anonymous payment system (ASAP) for the internet and other networks
CN101378312A (zh) * 2007-08-31 2009-03-04 中国电信股份有限公司 基于宽带网络的安全支付控制系统和方法
CN102073953A (zh) * 2009-11-24 2011-05-25 阿里巴巴集团控股有限公司 一种网上支付方法及系统
CN105955743A (zh) * 2016-04-29 2016-09-21 腾讯科技(深圳)有限公司 资源数值转移请求生成的方法、装置和系统

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110221925A (zh) * 2019-05-13 2019-09-10 平安科技(深圳)有限公司 数据提交请求的处理方法、装置和计算机设备
CN113821398A (zh) * 2021-01-15 2021-12-21 北京沃东天骏信息技术有限公司 数据监控方法、系统及非瞬时性计算机可读存储介质

Also Published As

Publication number Publication date
CN108462580A (zh) 2018-08-28
CN108462580B (zh) 2020-07-07

Similar Documents

Publication Publication Date Title
US9703971B2 (en) Sensitive operation verification method, terminal device, server, and verification system
CN111066284B (zh) 一种业务证书管理方法、终端及服务器
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
CN113821803B (zh) 安全架构系统、安全管理方法和计算设备
CN111355732B (zh) 链接检测方法、装置、电子设备及存储介质
CN111598573B (zh) 一种设备指纹验证方法及装置
WO2015135381A1 (fr) Dispositif, système et procédé de création de carte de crédit virtuelle
WO2015035936A1 (fr) Procédé d'authentification d'identité, appareil d'authentification d'identité et système d'authentification d'identité
CN111597542B (zh) 验证信息共享方法、装置及电子设备及存储介质
WO2017211205A1 (fr) Procédé et dispositif de mise à jour de liste blanche
EP3176719B1 (fr) Procédés et dispositifs d'acquisition de document d'identification
WO2018153288A1 (fr) Procédé, appareil, dispositif de transfert de valeur numérique et support de stockage
CN113821841B (zh) 资源管理方法、计算装置、计算设备和可读存储介质
WO2018000370A1 (fr) Procédé d'authentification de terminal mobile et terminal mobile
CN107967427A (zh) 监测漏洞攻击的方法、装置及终端设备
CN110474864A (zh) 一种注册、登录移动应用程序的方法及电子设备
WO2015101254A1 (fr) Procédé, appareil et système d'interaction d'informations
CN110727924B (zh) 一种资源分享方法及第一电子设备
CN107229661B (zh) 一种支付方法及装置
CN112418835B (zh) 一种测试网银支付流程的方法和相关装置
CN107995150A (zh) 身份验证方法及装置
CN110856173A (zh) 网络接入方法、装置及电子设备
CN110691095B (zh) 基于数据安全屋的数据处理方法、装置、设备及存储介质
CN117439775A (zh) 虚拟化私有云平台审计监控方法、装置及可读存储介质
CN118035976A (zh) 一种冒用访问凭证的检测方法和相关装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18758058

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18758058

Country of ref document: EP

Kind code of ref document: A1