[go: up one dir, main page]

CN102811146B - Method and device for detecting message processing environment - Google Patents

Method and device for detecting message processing environment Download PDF

Info

Publication number
CN102811146B
CN102811146B CN201210319748.9A CN201210319748A CN102811146B CN 102811146 B CN102811146 B CN 102811146B CN 201210319748 A CN201210319748 A CN 201210319748A CN 102811146 B CN102811146 B CN 102811146B
Authority
CN
China
Prior art keywords
client
information
module
determining
address
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201210319748.9A
Other languages
Chinese (zh)
Other versions
CN102811146A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN201210319748.9A priority Critical patent/CN102811146B/en
Publication of CN102811146A publication Critical patent/CN102811146A/en
Application granted granted Critical
Publication of CN102811146B publication Critical patent/CN102811146B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a method and a device for detecting a message processing environment. The method comprises the following steps: (1) acquiring the current process information of a client; (2) judging whether the current running process of the client is safe or not according to the current process information, if so, carrying out the step (4); otherwise, carrying out the step (3); (3) determining whether there is potential safety risk in the message processing environment of the client; (4) judging whether the system information of the client stored in the device is the same as the system information received from the client, if so, carrying out the step (5); otherwise, carrying out the step (3); and (5) determining whether there is no safety risk in the message processing environment. According to the method and device for detecting the message processing environment, by judging the system information and the current processing information of the client, whether there is potential safety risk in the message processing environment of the client can be determined, and therefore, the safety of the message processing environment of the client is improved.

Description

一种检测报文处理环境的方法和装置A method and device for detecting message processing environment

技术领域 technical field

本发明涉及信息安全领域,特别是涉及一种检测报文处理环境的方法和装置。The invention relates to the field of information security, in particular to a method and device for detecting message processing environment.

背景技术 Background technique

随着电子商务的普及,网银在日常生活中扮演着越来越重要的角色,各个银行也都逐步开启网络银行系统,网银系统的功能不仅包括账户信息查询、转账付款,还进一步地涉及到贷款、投资等方面的内容。With the popularization of e-commerce, online banking is playing an increasingly important role in daily life. Banks are gradually opening up online banking systems. The functions of online banking systems include not only account information inquiries, transfer payments, but also loan , investment, etc.

在网银系统中,用户的身份认证通常依靠基于RSA公钥密码体制的加密机制、数字签名机制和用户登录密码的多重保证。网银服务器对用户的数字签名和登录密码进行检验,在检验通过后才能确认该用户的身份。用户的唯一身份标识为银行签发的数字证书,用户的登录密码以密文的方式进行传输,确保了身份认证的安全可靠性。In the online banking system, the user's identity authentication usually relies on the encryption mechanism based on the RSA public key cryptosystem, the digital signature mechanism and the multiple guarantees of the user login password. The online banking server checks the user's digital signature and login password, and the user's identity can only be confirmed after passing the check. The unique identity of the user is a digital certificate issued by the bank, and the user's login password is transmitted in cipher text, which ensures the safety and reliability of identity authentication.

发明人在实现本发明的过程中,发现现有技术至少存在以下缺陷:In the process of realizing the present invention, the inventor finds that the prior art has at least the following defects:

当用户所在的客户端感染木马程序时,木马程序运行后,可以截取、监控系统及用户上网时打开的网银密码窗口。当用户在网银程序里输入卡号或密码时,相关信息的编码会被窃取,严重威胁网银系统的安全。When the user's client is infected with a Trojan horse program, after the Trojan horse program runs, it can intercept and monitor the system and the online banking password window opened by the user when surfing the Internet. When the user enters the card number or password in the online banking program, the code of the relevant information will be stolen, seriously threatening the security of the online banking system.

发明内容 Contents of the invention

本发明提供了一种检测报文处理环境的方法和装置,以提高客户端的报文处理环境的安全性。The invention provides a method and device for detecting the message processing environment, so as to improve the security of the message processing environment of the client.

本发明提供了一种检测报文处理环境的方法,包括以下步骤:The invention provides a method for detecting message processing environment, comprising the following steps:

①、获取客户端的当前进程信息;①. Obtain the current process information of the client;

②、根据所述当前进程信息判断所述客户端当前运行的进程是否安全,如果安全,则执行步骤④;否则,执行步骤③;②. According to the current process information, it is judged whether the process currently running on the client is safe, and if it is safe, then execute step ④; otherwise, execute step ③;

③、确定所述客户端的报文处理环境存在安全隐患;③. It is determined that there is a security risk in the message processing environment of the client;

④、判断自身存储的所述客户端的系统信息与从所述客户端接收的系统信息是否相同,如果相同,则执行步骤⑤;否则,执行步骤③;④. Judging whether the system information of the client stored by itself is the same as the system information received from the client, if they are the same, execute step ⑤; otherwise, execute step ③;

⑤、确定所述客户端的报文处理环境不存在安全隐患。⑤. Determine that there is no security risk in the message processing environment of the client.

本发明还提供了一种检测报文处理环境的方法,包括以下步骤:The present invention also provides a method for detecting message processing environment, comprising the following steps:

①、获取客户端的系统信息;①. Obtain the system information of the client;

②、判断自身存储的所述客户端的系统信息与获取的所述客户端的系统信息是否相同,如果相同,则执行步骤④;否则,执行步骤③;②. Judging whether the system information of the client stored by itself is the same as the obtained system information of the client, and if they are the same, execute step ④; otherwise, execute step ③;

③、确定所述客户端的报文处理环境存在安全隐患;③. It is determined that there is a security risk in the message processing environment of the client;

④、根据获取的所述客户端的当前进程信息,判断所述客户端当前运行的进程是否安全,如果安全,则执行步骤⑤;否则,执行步骤③;④. According to the obtained current process information of the client, it is judged whether the process currently running by the client is safe, and if it is safe, then execute step ⑤; otherwise, execute step ③;

⑤、确定所述客户端的报文处理环境不存在安全隐患。⑤. Determine that there is no security risk in the message processing environment of the client.

本发明还提供了一种检测报文处理环境的装置,包括:The present invention also provides a device for detecting message processing environment, including:

存储模块,用于存储客户端的系统信息;The storage module is used to store the system information of the client;

获取模块,用于从所述客户端获取所述客户端的当前进程信息和系统信息;An acquisition module, configured to acquire current process information and system information of the client from the client;

第一判断模块,用于根据所述当前进程信息判断所述客户端当前运行的进程是否安全;A first judging module, configured to judge whether the process currently running on the client is safe according to the current process information;

第二判断模块,用于判断所述存储模块中的所述客户端的系统信息与所述获取模块从所述客户端获取的系统信息是否相同;A second judgment module, configured to judge whether the system information of the client in the storage module is the same as the system information obtained by the acquisition module from the client;

确定模块,用于在所述第一判断模块的判断结果为不安全,和/或,所述第二判断模块的判断结果为不同时,确定所述客户端的报文处理环境存在安全隐患;在所述第一判断模块的判断结果为安全,且所述第二判断模块的判断结果为相同时,确定所述客户端的报文处理环境不存在安全隐患。A determining module, configured to determine that there is a security risk in the message processing environment of the client when the judgment result of the first judgment module is unsafe, and/or, when the judgment result of the second judgment module is different; When the judgment result of the first judgment module is safe, and the judgment result of the second judgment module is the same, it is determined that there is no security risk in the message processing environment of the client.

本发明提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,提高了客户端的报文处理环境的安全性。In the technical solution provided by the present invention, by judging the system information and current process information of the client, it is determined whether there is a potential safety hazard in the message processing environment of the client, thereby improving the security of the message processing environment of the client.

附图说明 Description of drawings

图1为本发明实施例一提供的一种检测报文处理环境的方法流程图;FIG. 1 is a flowchart of a method for detecting a message processing environment provided by Embodiment 1 of the present invention;

图2为本发明实施例二提供的一种检测报文处理环境的方法流程图;FIG. 2 is a flowchart of a method for detecting a message processing environment provided by Embodiment 2 of the present invention;

图3为本发明实施例三提供的一种检测报文处理环境的方法流程图;FIG. 3 is a flowchart of a method for detecting a message processing environment provided by Embodiment 3 of the present invention;

图4为本发明实施例四中的一种检测报文处理环境的装置结构图;FIG. 4 is a structural diagram of a device for detecting a message processing environment in Embodiment 4 of the present invention;

图5为本发明实施例五中的一种检测报文处理环境的装置结构图。FIG. 5 is a structural diagram of a device for detecting a message processing environment in Embodiment 5 of the present invention.

具体实施方式 Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

本发明实施例一提供了一种检测报文处理环境的方法,应用于包括服务器和客户端的网络系统中,客户端存储有从服务器下载的控件;服务器存储有客户端的系统信息,该系统信息可以包括CPU(CentralProcessingUnit,中央处理器)类型、主板型号、操作系统名称、用户名和IP(InternetProtocol,因特网协议)地址中的一种或多种。上述检测报文处理环境的方法,包括以下步骤:Embodiment 1 of the present invention provides a method for detecting a message processing environment, which is applied to a network system including a server and a client. The client stores controls downloaded from the server; the server stores system information of the client, and the system information can be Including one or more of CPU (Central Processing Unit, central processing unit) type, motherboard model, operating system name, user name, and IP (Internet Protocol, Internet Protocol) address. The above method for detecting message processing environment includes the following steps:

步骤101,客户端获取自身的系统信息和当前进程信息,生成包含该系统信息和当前进程信息的数据包,并将该数据包和待处理报文发送给服务器。Step 101, the client obtains its own system information and current process information, generates a data packet containing the system information and current process information, and sends the data packet and the message to be processed to the server.

具体地,客户端可以运行从服务器下载的控件,通过控件收集客户端的系统信息和当前进程信息,其中,系统信息可以包括CPU(CentralProcessingUnit,中央处理器)类型、主板型号、操作系统名称、用户名和IP(InternetProtocol,因特网协议)地址中的一种或多种。Specifically, the client can run the control downloaded from the server, and collect the system information and current process information of the client through the control, wherein the system information can include CPU (Central Processing Unit, central processing unit) type, motherboard model, operating system name, user name and One or more of IP (Internet Protocol, Internet Protocol) addresses.

例如,系统信息可以为Pentium(R)Dual-Core(CPU类型)、P9X79PRO(主板型号)、MicrosoftWindowsXPProfessional(操作系统名称)、user(用户名)和192.0.0.1(IP地址)。For example, the system information can be Pentium(R) Dual-Core (CPU type), P9X79PRO (mainboard model), MicrosoftWindowsXPProfessional (operating system name), user (user name) and 192.0.0.1 (IP address).

步骤102,服务器判断从客户端接收的数据包的源IP地址是否包含在预设的IP地址列表中,如果包含在预设的IP地址列表中,则执行步骤103;否则,执行步骤106。Step 102, the server judges whether the source IP address of the data packet received from the client is included in the preset IP address list, if included in the preset IP address list, then execute step 103; otherwise, execute step 106.

其中,预设的IP地址列表可以为服务器确定安全的IP地址范围,例如,192.0.0.1---192.255.0.1,当服务器从接收到的数据包的源IP地址为192.0.0.5时,服务器可以确定该源IP地址包含在预设的IP地址列表中;当服务器从接收到的数据包的源IP地址为192.255.0.5时,服务器可以确定该源IP地址没有包含在预设的IP地址列表中,客户端的报文处理环境存在安全隐患。Among them, the preset IP address list can determine the safe IP address range for the server, for example, 192.0.0.1---192.255.0.1, when the source IP address of the data packet received by the server is 192.0.0.5, the server can Determine that the source IP address is included in the preset IP address list; when the source IP address of the data packet received by the server is 192.255.0.5, the server can determine that the source IP address is not included in the preset IP address list , there is a security risk in the packet processing environment of the client.

步骤103,服务器判断自身存储的客户端的系统信息与从该客户端接收的数据包所包含的系统信息是否相同,如果相同,则执行步骤104;否则,执行步骤106。In step 103, the server judges whether the system information of the client stored by itself is the same as the system information included in the data packet received from the client, and if they are the same, execute step 104; otherwise, execute step 106.

步骤104,服务器根据从客户端接收的数据包所包含的当前进程信息判断客户端当前运行的进程是否安全,如果安全,则执行步骤105;否则,执行步骤106。In step 104, the server judges whether the current running process of the client is safe according to the current process information contained in the data packet received from the client, and if it is safe, executes step 105; otherwise, executes step 106.

具体地,服务器可以预先设定第一进程列表,该第一进程列表中包含存在安全隐患的进程。服务器接收到来自客户端的数据包后,可以根据数据包所包含的当前进程信息,判断客户端当前运行的进程中是否存在第一进程列表中的进程,如果存在,则确定客户端当前运行的进程不安全;如果不存在,则确定客户端当前运行的进程是安全的。Specifically, the server may preset a first process list, and the first process list includes processes with security risks. After the server receives the data packet from the client, it can judge whether the process in the first process list exists in the process currently running on the client according to the current process information contained in the data packet, and if so, determine the process currently running on the client Unsafe; if absent, it is determined that the client's current running process is safe.

例如,服务器预设设定的第一进程列表包括A进程、B进程、C进程和D进程;当服务器接收到的数据包所包含的当前进程信息为E进程、F进程和G进程时,服务器可以确定客户端当前运行的进程中不存在第一进程列表中的进程,进而确定客户端当前运行的进程是安全的;当服务器接收到的数据包所包含的当前进程信息为D进程、E进程和F进程时,服务器可以确定客户端当前运行的进程中存在第一进程列表中的进程,进而确定客户端当前运行的进程是不安全的。For example, the first process list preset by the server includes process A, process B, process C and process D; when the current process information contained in the data packet received by the server is process E, process F and process G, the server It can be determined that the process in the first process list does not exist in the process currently running on the client, and then determine that the process currently running on the client is safe; when the current process information contained in the data packet received by the server is D process, E process and F process, the server can determine that the process in the first process list exists in the process currently running on the client, and then determine that the process currently running on the client is unsafe.

服务器可以预先设定第二进程列表,该第二进程列表中包含不存在安全隐患的进程。服务器接收到来自客户端的数据包后,可以根据数据包所包含的当前进程信息,判断客户端当前运行的进程中是否存在第二进程列表之外的进程,如果存在,则确定客户端当前运行的进程不安全;如果不存在,则确定客户端当前运行的进程是安全的。The server may preset a second process list, and the second process list includes processes that do not pose security risks. After the server receives the data packet from the client, it can judge whether there is a process other than the second process list in the process currently running on the client according to the current process information contained in the data packet, and if it exists, determine the current running process of the client. The process is not safe; if not present, the process that the client is currently running is determined to be safe.

例如,服务器预设设定的第二进程列表包括a进程、b进程、c进程和d进程;当服务器接收到的数据包所包含的当前进程信息为a进程和c进程时,服务器可以确定客户端当前运行的进程中不存在第二进程列表之外的进程,进而确定客户端当前运行的进程是安全的;当服务器接收到的数据包所包含的当前进程信息为a进程、b进程和e进程时,服务器可以确定客户端当前运行的进程中存在第二进程列表之外的进程,进而确定客户端当前运行的进程是不安全的。For example, the second process list preset by the server includes a process, b process, c process and d process; when the current process information contained in the data packet received by the server is a process and c process, the server can determine that the client There is no process other than the second process list in the process currently running on the client, and then it is determined that the process currently running on the client is safe; when the current process information contained in the data packet received by the server is process a, process b and e process, the server may determine that there is a process outside the second process list in the process currently running on the client, and then determine that the process currently running on the client is unsafe.

步骤105,服务器对来自客户端的待处理报文进行处理。Step 105, the server processes the message to be processed from the client.

具体地,当服务器判断客户端当前运行的进程安全时,服务器可以确定客户端的报文处理环境不存在安全隐患,对接收到的待处理报文进行处理。Specifically, when the server judges that the process currently running by the client is safe, the server can determine that there is no security risk in the message processing environment of the client, and process the received message to be processed.

步骤106,服务器向客户端发送身份验证请求,该身份验证请求中包含一随机字符串。Step 106, the server sends an identity verification request to the client, and the identity verification request includes a random character string.

步骤107,客户端将从服务器接收的随机字符串转发至智能密钥装置。Step 107, the client forwards the random character string received from the server to the smart key device.

步骤108,智能密钥装置使用预设的非对称密钥对中的私钥对随机字符串进行签名,将得到的数字签名和该非对称密钥对所对应的账号信息发送给客户端。Step 108, the smart key device uses the private key in the preset asymmetric key pair to sign the random character string, and sends the obtained digital signature and the account information corresponding to the asymmetric key pair to the client.

步骤109,客户端将接收到的数字签名和账号信息发送给服务器。Step 109, the client sends the received digital signature and account information to the server.

步骤110,服务器根据接收到的账号信息获取对应的非对称密钥对的公钥,使用该公钥对接收到的数字签名进行解密,得到随机字符串。Step 110, the server obtains the public key of the corresponding asymmetric key pair according to the received account information, and uses the public key to decrypt the received digital signature to obtain a random character string.

具体地,服务器可以根据接收到的账号信息查询数据库,从数据库中获取该账号信息对应的非对称密钥对中的公钥。Specifically, the server may query the database according to the received account information, and obtain the public key in the asymmetric key pair corresponding to the account information from the database.

步骤111,服务器判断解密得到的随机字符串与发送给客户端的随机字符串是否相同,如果相同,则执行步骤112;否则,执行步骤113。Step 111 , the server judges whether the decrypted random character string is the same as the random character string sent to the client, and if they are the same, execute step 112 ; otherwise, execute step 113 .

步骤112,服务器向客户端发送验证成功信息,对来自客户端的待处理报文进行处理。Step 112, the server sends verification success information to the client, and processes the message to be processed from the client.

具体地,当服务器解密得到的随机字符串与发送给客户端的随机字符串相同时,服务器可以确定客户端的报文处理环境不存在安全隐患,向客户端发送验证成功信息,对接收到的待处理报文进行处理。Specifically, when the random character string decrypted by the server is the same as the random character string sent to the client, the server can determine that there is no security risk in the message processing environment of the client, send verification success information to the client, and The message is processed.

步骤113,服务器向客户端发送验证失败信息,提示客户端的报文处理环境存在安全隐患。In step 113, the server sends verification failure information to the client, prompting that there is a security risk in the message processing environment of the client.

具体地,当服务器解密得到的随机字符串与发送给客户端的随机字符串不同时,服务器可以确定客户端的报文处理环境存在安全隐患,向客户端发送验证失败信息,提示客户端的报文处理环境存在安全隐患。Specifically, when the random character string decrypted by the server is different from the random character string sent to the client, the server can determine that there is a security risk in the message processing environment of the client, and send a verification failure message to the client, prompting the message processing environment of the client There are security risks.

本发明实施例提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,并在客户端的报文处理环境存在安全隐患时,对客户端进行验证,提高了客户端的报文处理环境的安全性。In the technical solution provided by the embodiment of the present invention, by judging the system information and current process information of the client, it is determined whether there is a security risk in the message processing environment of the client, and when there is a security risk in the message processing environment of the client, the client The terminal is verified, which improves the security of the message processing environment of the client.

本发明实施例一中,服务器先判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同,再根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全;在本发明实施例二中,服务器也可以根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全,再判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同。此外,服务器确定客户端的报文处理环境不存在安全隐患后,可以提示客户端发送待处理报文,接收来自客户端的待处理报文,并对接收到的待处理报文进行处理,具体流程如图2所示,包括以下步骤:In Embodiment 1 of the present invention, the server first judges whether the system information of the client stored by itself is the same as the system information received from the client, and then judges whether the current running process of the client is safe according to the current process information received from the client; In Embodiment 2 of the present invention, the server may also judge whether the process currently running by the client is safe according to the current process information received from the client, and then judge whether the system information of the client stored by itself is the same as the system information received from the client. In addition, after the server determines that there is no security risk in the message processing environment of the client, it can prompt the client to send pending messages, receive pending messages from the client, and process the received pending messages. The specific process is as follows: As shown in Figure 2, it includes the following steps:

步骤201,客户端获取自身的系统信息和当前进程信息,将系统信息和当前进程信息发送给服务器。Step 201, the client obtains its own system information and current process information, and sends the system information and current process information to the server.

具体地,客户端可以运行从服务器下载的控件,通过控件收集客户端的系统信息和当前进程信息,其中,系统信息可以包括CPU(CentralProcessingUnit,中央处理器)类型、主板型号、操作系统名称、用户名和IP(InternetProtocol,因特网协议)地址中的一种或多种。Specifically, the client can run the control downloaded from the server, and collect the system information and current process information of the client through the control, wherein the system information can include CPU (Central Processing Unit, central processing unit) type, motherboard model, operating system name, user name and One or more of IP (Internet Protocol, Internet Protocol) addresses.

步骤202,服务器根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全,如果安全,则执行步骤203;否则,执行步骤205。In step 202, the server judges whether the current running process of the client is safe according to the current process information received from the client, and if it is safe, executes step 203; otherwise, executes step 205.

需要说明的是,本步骤中,服务器根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全的具体操作,可以与本发明实施例一中的步骤104相同。It should be noted that in this step, the specific operation of the server judging whether the process currently running by the client is safe according to the current process information received from the client may be the same as step 104 in Embodiment 1 of the present invention.

步骤203,服务器判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同,如果相同,则执行步骤204;否则,执行步骤205。In step 203, the server judges whether the system information of the client stored by itself is the same as the system information received from the client, and if they are the same, execute step 204; otherwise, execute step 205.

步骤204,服务器提示客户端发送待处理报文,接收来自客户端的待处理报文,并对该待处理报文进行处理。In step 204, the server prompts the client to send the message to be processed, receives the message to be processed from the client, and processes the message to be processed.

当服务器判断客户端当前运行的进程安全时,服务器可以确定客户端的报文处理环境不存在安全隐患,通过向客户端发送提示信息提示客户端发送待处理报文,并对接收到的待处理报文进行处理。When the server judges that the process currently running on the client is safe, the server can determine that there is no security risk in the message processing environment of the client. text is processed.

步骤205,服务器向客户端发送身份验证请求,该身份认证请求中包含一随机字符串。Step 205, the server sends an identity verification request to the client, and the identity verification request includes a random character string.

步骤206,客户端将从服务器接收的随机字符串转发至智能密钥装置。Step 206, the client forwards the random character string received from the server to the smart key device.

步骤207,智能密钥装置使用预设的对称密钥处理随机字符串,得到HMAC(keyed-HashMessageAuthenticationCode,密钥相关的哈希运算消息认证码)信息,将该HMAC信息和该对称密钥对应的账号信息发送给服务器。Step 207, the smart key device uses the preset symmetric key to process the random character string to obtain HMAC (keyed-HashMessageAuthenticationCode, key-related hash operation message authentication code) information, and the HMAC information and the corresponding symmetric key The account information is sent to the server.

步骤208,服务器根据接收到的账号信息获取对应的对称密钥,使用该对称密钥对发送给客户端的随机字符串进行处理,得到HMAC信息。Step 208, the server obtains the corresponding symmetric key according to the received account information, and uses the symmetric key to process the random character string sent to the client to obtain HMAC information.

具体地,服务器可以根据接收到的账号信息查询数据库,从数据库中获取该账号信息对应的对称密钥。Specifically, the server may query the database according to the received account information, and acquire the symmetric key corresponding to the account information from the database.

步骤209,服务器判断处理得到的HMAC信息与从客户端接收的HMAC信息是否相同,如果相同,则执行步骤210;否则,执行步骤211。In step 209, the server judges whether the processed HMAC information is the same as the HMAC information received from the client, and if they are the same, execute step 210; otherwise, execute step 211.

步骤210,服务器向客户端发送验证成功信息,提示客户端发送待处理报文,当接收到来自客户端的待处理报文时,对该待处理报文进行处理。In step 210, the server sends verification success information to the client, prompting the client to send a message to be processed, and when receiving a message to be processed from the client, processes the message to be processed.

具体地,当服务器处理得到的HMAC信息与从客户端接收的HMAC信息相同时,服务器可以确定客户端的报文处理环境不存在安全隐患,通过向客户端发送提示信息提示客户端发送待处理报文,并对接收到的待处理报文进行处理。Specifically, when the HMAC information processed by the server is the same as the HMAC information received from the client, the server can determine that there is no security risk in the packet processing environment of the client, and prompt the client to send a pending packet by sending a prompt message to the client. , and process the received packets to be processed.

步骤211,服务器向客户端发送验证失败信息,提示客户端的报文处理环境存在安全隐患。In step 211, the server sends verification failure information to the client, prompting that there is a security risk in the message processing environment of the client.

具体地,当服务器处理得到的HMAC信息与从客户端接收的HMAC信息不同时,服务器可以确定客户端的报文处理环境存在安全隐患,向客户端发送验证失败信息,提示客户端的报文处理环境存在安全隐患。Specifically, when the HMAC information processed by the server is different from the HMAC information received from the client, the server can determine that there is a security risk in the packet processing environment of the client, and send a verification failure message to the client, prompting that the packet processing environment of the client has Security risks.

本发明实施例提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,提高了客户端的报文处理环境的安全性。In the technical solution provided by the embodiment of the present invention, by judging the system information and current process information of the client, it is determined whether there is a security risk in the message processing environment of the client, which improves the security of the message processing environment of the client.

在本发明实施例一和实施例二中,由服务器判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同,以及根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全;在本发明实施例三中,还可以由智能密钥装置判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同,以及根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全,具体流程如图3所示,包括以下步骤:In Embodiment 1 and Embodiment 2 of the present invention, the server judges whether the system information of the client stored by itself is the same as the system information received from the client, and judges the current process information of the client according to the current process information received from the client. Whether the process is safe; in the third embodiment of the present invention, the smart key device can also judge whether the system information of the client stored by itself is the same as the system information received from the client, and judge according to the current process information received from the client Whether the process currently running on the client is safe, the specific process is shown in Figure 3, including the following steps:

步骤301,客户端获取自身的系统信息和当前进程信息,将系统信息和当前进程信息发送给智能密钥装置。In step 301, the client acquires its own system information and current process information, and sends the system information and current process information to the smart key device.

具体地,客户端可以运行从服务器下载的控件,通过控件收集客户端的系统信息和当前进程信息,其中,系统信息可以包括CPU(CentralProcessingUnit,中央处理器)类型、主板型号、操作系统名称、用户名和IP(InternetProtocol,因特网协议)地址中的一种或多种。Specifically, the client can run the control downloaded from the server, and collect the system information and current process information of the client through the control, wherein the system information can include CPU (Central Processing Unit, central processing unit) type, motherboard model, operating system name, user name and One or more of IP (Internet Protocol, Internet Protocol) addresses.

步骤302,智能密钥装置根据从客户端接收的当前进程信息判断客户端当前运行的进程是否安全,如果安全,则执行步骤303;否则,执行步骤305。Step 302 , the smart key device judges whether the current running process of the client is safe according to the current process information received from the client, and if it is safe, executes step 303 ; otherwise, executes step 305 .

具体地,智能密钥装置可以预置有第一进程列表,或者接收来自服务器的第一进程列表,该第一进程列表中包含存在安全隐患的进程。智能密钥装置接收到来自客户端的数据包后,可以根据数据包所包含的当前进程信息,判断客户端当前运行的进程中是否存在第一进程列表中的进程,如果存在,则确定客户端当前运行的进程不安全;如果不存在,则确定客户端当前运行的进程是安全的。Specifically, the smart key device may be preset with a first process list, or receive the first process list from the server, and the first process list includes processes with security risks. After the smart key device receives the data packet from the client, it can judge whether there is a process in the first process list in the process currently running on the client according to the current process information contained in the data packet, and if it exists, then determine the current process of the client. The running process is not secure; if it does not exist, it is determined that the client is currently running a process that is safe.

例如,智能密钥装置中预置的第一进程列表包括A进程、B进程、C进程和D进程;当智能密钥装置接收到的数据包所包含的当前进程信息为E进程、F进程和G进程时,智能密钥装置可以确定客户端当前运行的进程中不存在第一进程列表中的进程,进而确定客户端当前运行的进程是安全的;当智能密钥装置接收到的数据包所包含的当前进程信息为D进程、E进程和F进程时,智能密钥装置可以确定客户端当前运行的进程中存在第一进程列表中的进程,进而确定客户端当前运行的进程是不安全的。For example, the first process list preset in the smart key device includes A process, B process, C process and D process; when the current process information contained in the data packet received by the smart key device is E process, F process and When the G process, the smart key device can determine that there is no process in the first process list in the process currently running on the client, and then determine that the process currently running on the client is safe; when the data packet received by the smart key device When the current process information included is D process, E process and F process, the smart key device can determine that the process in the first process list exists in the process currently running on the client, and then determine that the process currently running on the client is unsafe .

智能密钥装置可以预置有第二进程列表,或者接收来自服务器的第二进程列表,该第二进程列表中包含不存在安全隐患的进程。智能密钥装置接收到来自客户端的数据包后,可以根据数据包所包含的当前进程信息,判断客户端当前运行的进程中是否存在第二进程列表之外的进程,如果存在,则确定客户端当前运行的进程不安全;如果不存在,则确定客户端当前运行的进程是安全的。The smart key device may be preset with a second process list, or receive the second process list from the server, and the second process list includes processes without security risks. After the smart key device receives the data packet from the client, it can judge whether there is a process other than the second process list in the process currently running on the client according to the current process information contained in the data packet, and if it exists, determine whether the client The currently running process is not safe; if not present, the client's current running process is determined to be safe.

例如,智能密钥装置中预置的第二进程列表包括a进程、b进程、c进程和d进程;当智能密钥装置接收到的数据包所包含的当前进程信息为a进程和c进程时,智能密钥装置可以确定客户端当前运行的进程中不存在第二进程列表之外的进程,进而确定客户端当前运行的进程是安全的;当智能密钥装置接收到的数据包所包含的当前进程信息为a进程、b进程和e进程时,智能密钥装置可以确定客户端当前运行的进程中存在第二进程列表之外的进程,进而确定客户端当前运行的进程是不安全的。For example, the second process list preset in the smart key device includes a process, b process, c process and d process; when the current process information contained in the data packet received by the smart key device is a process and c process , the smart key device can determine that there is no process other than the second process list in the process currently running on the client, and then determine that the process currently running on the client is safe; when the data packet received by the smart key device contains When the current process information is a process, b process and e process, the smart key device can determine that there is a process outside the second process list in the process currently running on the client, and then determine that the process currently running on the client is unsafe.

步骤303,智能密钥装置判断自身存储的客户端的系统信息与从该客户端接收的系统信息是否相同,如果相同,则执行步骤304;否则,执行步骤305。Step 303 , the smart key device judges whether the system information of the client stored by itself is the same as the system information received from the client, and if they are the same, execute step 304 ; otherwise, execute step 305 .

步骤304,智能密钥装置对来自客户端的待处理报文进行处理。Step 304, the smart key device processes the message to be processed from the client.

当智能密钥装置判断客户端当前运行的进程安全时,智能密钥装置可以确定客户端的报文处理环境不存在安全隐患,通过向客户端发送提示信息提示客户端发送待处理报文,并对接收到的待处理报文进行签名处理。When the smart key device judges that the process currently running on the client is safe, the smart key device can determine that there is no security risk in the message processing environment of the client, prompt the client to send the message to be processed by sending a prompt message to the client, and Signature processing is performed on received messages to be processed.

步骤305,智能密钥装置提示客户端的报文处理环境存在安全隐患。In step 305, the smart key device prompts that there is a security risk in the message processing environment of the client.

本发明实施例提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,提高了客户端的报文处理环境的安全性。In the technical solution provided by the embodiment of the present invention, by judging the system information and current process information of the client, it is determined whether there is a security risk in the message processing environment of the client, which improves the security of the message processing environment of the client.

如图4所示,为本发明实施例四中的一种检测报文处理环境的装置结构图,包括:As shown in FIG. 4, it is a structural diagram of a device for detecting a message processing environment in Embodiment 4 of the present invention, including:

存储模块401,用于存储客户端的系统信息。The storage module 401 is configured to store system information of the client.

其中,系统信息包括CPU类型、主板型号、操作系统名称、用户名和IP地址中的一种或多种。Wherein, the system information includes one or more of CPU type, motherboard model, operating system name, user name and IP address.

获取模块402,用于从所述客户端获取所述客户端的当前进程信息和系统信息。The obtaining module 402 is configured to obtain current process information and system information of the client from the client.

第一判断模块403,用于根据所述当前进程信息判断所述客户端当前运行的进程是否安全。The first judging module 403 is configured to judge whether the process currently running on the client is safe according to the current process information.

具体地,第一判断模块403,具体用于根据所述当前进程信息判断所述客户端当前运行的进程中是否存在预设的第一进程列表中的进程,如果存在,则确定所述客户端当前运行的进程不安全;如果不存在,则确定所述客户端当前运行的进程是安全的;Specifically, the first judging module 403 is specifically configured to judge according to the current process information whether there is a process in the preset first process list among the processes currently running on the client, and if so, determine whether the client The process currently running is not safe; if it does not exist, it is determined that the process currently running by the client is safe;

或者,or,

根据所述当前进程信息判断所述客户端当前运行的进程中是否存在预设的第二进程列表之外的进程,如果存在,则确定所述客户端当前运行的进程不安全;如果不存在,则确定所述客户端当前运行的进程是安全的。Judging according to the current process information whether there is a process other than the preset second process list in the process currently running on the client, if it exists, then determining that the process currently running on the client is unsafe; if not, Then it is determined that the process currently running on the client is safe.

第二判断模块404,用于判断存储模块401中的所述客户端的系统信息与所述获取模块402从所述客户端获取的系统信息是否相同。The second judging module 404 is configured to judge whether the system information of the client in the storage module 401 is the same as the system information obtained from the client by the obtaining module 402 .

确定模块405,用于在第一判断模块403的判断结果为不安全,和/或,第二判断模块404的判断结果为不同时,确定所述客户端的报文处理环境存在安全隐患;在第一判断模块403的判断结果为安全,且第二判断模块404的判断结果为相同时,确定所述客户端的报文处理环境不存在安全隐患。The determination module 405 is used to determine that there is a security risk in the message processing environment of the client when the judgment result of the first judgment module 403 is unsafe, and/or, when the judgment result of the second judgment module 404 is different; When the judging result of the first judging module 403 is safe and the judging result of the second judging module 404 is the same, it is determined that there is no security risk in the message processing environment of the client.

其中,获取模块402从客户端获取的客户端的当前进程信息包含在获取模块402从客户端接收的数据包中。Wherein, the current process information of the client obtained by the obtaining module 402 from the client is included in the data packet received by the obtaining module 402 from the client.

相应地,第一判断模块403,具体用于在数据包的源IP地址包含在预设的IP地址列表中时,根据所述当前进程信息判断所述客户端当前运行的进程是否安全。Correspondingly, the first judging module 403 is specifically configured to judge whether the process currently running by the client is safe according to the current process information when the source IP address of the data packet is included in the preset IP address list.

确定模块405,还用于在所述数据包的源IP地址没有包含在预设的IP地址列表中时,确定所述客户端的报文处理环境存在安全隐患。The determination module 405 is further configured to determine that there is a security risk in the packet processing environment of the client when the source IP address of the data packet is not included in the preset IP address list.

上述装置,还包括:The above-mentioned device also includes:

第三判断模块406,用于判断所述数据包的源IP地址是否包含在预设的IP地址列表中。The third judging module 406 is configured to judge whether the source IP address of the data packet is included in the preset IP address list.

第一发送模块407,用于在确定模块405确定所述客户端的报文处理环境存在安全隐患之后,向所述客户端发送包含随机字符串的身份验证请求。The first sending module 407 is configured to send an identity verification request containing a random character string to the client after the determining module 405 determines that there is a security risk in the message processing environment of the client.

第一接收模块408,用于接收来自所述客户端的数字签名和账号信息。The first receiving module 408 is configured to receive the digital signature and account information from the client.

解密模块409,用于根据所述账号信息获取对应的非对称密钥对中的公钥,使用所述公钥对所述数字签名进行解密。The decryption module 409 is configured to obtain the public key in the corresponding asymmetric key pair according to the account information, and use the public key to decrypt the digital signature.

第四判断模块410,用于判断解密模块409解密得到的随机字符串与所述身份验证请求中的随机字符串是否相同。The fourth judging module 410 is configured to judge whether the random character string decrypted by the decryption module 409 is the same as the random character string in the identity verification request.

第二发送模块411,用于在第四判断模块410的判断结果为相同时,向所述客户端发送验证成功信息;在第四判断模块410的判断结果为不同时,向所述客户端发送验证失败信息。The second sending module 411 is configured to send verification success information to the client when the judgment result of the fourth judging module 410 is the same; when the judging result of the fourth judging module 410 is different, send Verification failure message.

本发明实施例提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,并在客户端的报文处理环境存在安全隐患时,对客户端进行验证,提高了客户端的报文处理环境的安全性。In the technical solution provided by the embodiment of the present invention, by judging the system information and current process information of the client, it is determined whether there is a security risk in the message processing environment of the client, and when there is a security risk in the message processing environment of the client, the client The terminal performs verification, which improves the security of the message processing environment of the client.

如图5所示,为本发明实施例五中的一种检测报文处理环境的装置结构图,包括:As shown in FIG. 5, it is a structural diagram of a device for detecting a message processing environment in Embodiment 5 of the present invention, including:

存储模块501,用于存储客户端的系统信息。The storage module 501 is configured to store system information of the client.

其中,系统信息包括CPU类型、主板型号、操作系统名称、用户名和IP地址中的一种或多种。Wherein, the system information includes one or more of CPU type, motherboard model, operating system name, user name and IP address.

获取模块502,用于从所述客户端获取所述客户端的当前进程信息和系统信息。The obtaining module 502 is configured to obtain current process information and system information of the client from the client.

第一判断模块503,用于根据所述当前进程信息判断所述客户端当前运行的进程是否安全。The first judging module 503 is configured to judge whether the process currently running on the client is safe according to the current process information.

具体地,第一判断模块503,具体用于根据所述当前进程信息判断所述客户端当前运行的进程中是否存在预设的第一进程列表中的进程,如果存在,则确定所述客户端当前运行的进程不安全;如果不存在,则确定所述客户端当前运行的进程是安全的;Specifically, the first judging module 503 is specifically configured to judge according to the current process information whether there is a process in the preset first process list among the processes currently running on the client, and if so, determine whether the client The process currently running is not safe; if it does not exist, it is determined that the process currently running by the client is safe;

或者,or,

根据所述当前进程信息判断所述客户端当前运行的进程中是否存在预设的第二进程列表之外的进程,如果存在,则确定所述客户端当前运行的进程不安全;如果不存在,则确定所述客户端当前运行的进程是安全的。Judging according to the current process information whether there is a process other than the preset second process list in the process currently running on the client, if it exists, then determining that the process currently running on the client is unsafe; if not, Then it is determined that the process currently running on the client is safe.

第二判断模块504,用于判断存储模块501中的所述客户端的系统信息与所述获取模块从所述客户端获取的系统信息是否相同。The second judging module 504 is configured to judge whether the system information of the client in the storage module 501 is the same as the system information obtained by the obtaining module from the client.

确定模块505,用于在第一判断模块503的判断结果为不安全,和/或,第二判断模块504的判断结果为不同时,确定所述客户端的报文处理环境存在安全隐患;在第一判断模块503的判断结果为安全,且第二判断模块504的判断结果为相同时,确定所述客户端的报文处理环境不存在安全隐患。The determination module 505 is used to determine that there is a security risk in the message processing environment of the client when the judgment result of the first judgment module 503 is unsafe, and/or, when the judgment result of the second judgment module 504 is different; When the judging result of the first judging module 503 is safe, and the judging result of the second judging module 504 is the same, it is determined that there is no security risk in the message processing environment of the client.

其中,获取模块502从所述客户端获取的所述客户端的系统信息包含在获取模块502从所述客户端接收的数据包中。Wherein, the system information of the client obtained by the obtaining module 502 from the client is included in the data packet received by the obtaining module 502 from the client.

相应地,第二判断模块504,具体用于在所述数据包的源IP地址包含在预设的IP地址列表中时,判断存储模块501中的所述客户端的系统信息与所述获取模块从所述客户端获取的系统信息是否相同。Correspondingly, the second judging module 504 is specifically configured to, when the source IP address of the data packet is included in the preset IP address list, judging whether the system information of the client in the storage module 501 is consistent with the information obtained from the acquiring module. Whether the system information acquired by the client is the same.

确定模块505,还用于在所述数据包的源IP地址没有包含在预设的IP地址列表中时,确定所述客户端的报文处理环境存在安全隐患。The determining module 505 is further configured to determine that there is a security risk in the packet processing environment of the client when the source IP address of the data packet is not included in the preset IP address list.

上述装置,还包括:The above-mentioned device also includes:

第三判断模块506,用于判断所述数据包的源IP地址是否包含在预设的IP地址列表中。The third judging module 506 is configured to judge whether the source IP address of the data packet is included in the preset IP address list.

第三发送模块507,用于在确定模块505确定所述客户端的报文处理环境存在安全隐患之后,向所述客户端发送包含随机字符串的身份验证请求。The third sending module 507 is configured to send an identity verification request containing a random character string to the client after the determining module 505 determines that there is a security risk in the message processing environment of the client.

第二接收模块508,用于接收来自所述客户端的HMAC信息和账号信息。The second receiving module 508 is configured to receive HMAC information and account information from the client.

处理模块509,用于根据所述账号信息获取对应的对称密钥,使用所述对称密钥对所述随机字符串进行处理。The processing module 509 is configured to obtain a corresponding symmetric key according to the account information, and use the symmetric key to process the random character string.

第五判断模块510,用于判断处理模块509处理得到的HMAC信息与第二接收模块508从所述客户端接收的HMAC信息是否相同;A fifth judging module 510, configured to judge whether the HMAC information processed by the processing module 509 is the same as the HMAC information received by the second receiving module 508 from the client;

第四发送模块511,用于在第五判断模块510的判断结果为相同时,向所述客户端发送验证成功信息;在第五判断模块510的判断结果为不同时,向所述客户端发送验证失败信息。The fourth sending module 511 is configured to send verification success information to the client when the judgment result of the fifth judgment module 510 is the same; when the judgment result of the fifth judgment module 510 is different, send the message to the client Verification failure message.

本发明实施例提供的技术方案中,通过对客户端的系统信息和当前进程信息进行判断,确定客户端的报文处理环境是否存在安全隐患,提高了客户端的报文处理环境的安全性。In the technical solution provided by the embodiment of the present invention, by judging the system information and current process information of the client, it is determined whether there is a security risk in the message processing environment of the client, which improves the security of the message processing environment of the client.

结合本文中所公开的实施例描述的方法中的步骤可以直接用硬件、处理器执行的软件模块,或者二者的结合来实施。软件模块可以置于随机存储器(RAM)、内存、只读存储器(ROM)、电可编程ROM、电可擦除可编程ROM、寄存器、硬盘、可移动磁盘、CD-ROM、或技术领域内所公知的任意其它形式的存储介质中。The steps in the methods described in conjunction with the embodiments disclosed herein may be directly implemented by hardware, software modules executed by a processor, or a combination of both. Software modules can be placed in random access memory (RAM), internal memory, read-only memory (ROM), electrically programmable ROM, electrically erasable programmable ROM, registers, hard disk, removable disk, CD-ROM, or any other Any other known storage medium.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (19)

1. A method for detecting a message processing environment, comprising the steps of:
firstly, acquiring current process information of a client;
judging whether the process currently operated by the client is safe or not according to the current process information, and if so, executing a step IV; otherwise, executing step three;
thirdly, determining that potential safety hazards exist in the message processing environment of the client;
judging whether the system information of the client stored by the client is the same as the system information received from the client, if so, executing a fifth step; otherwise, executing step (c), the system information includes one or more of CPU type, mainboard type, operating system name, user name and IP address;
and fifthly, determining that no potential safety hazard exists in the message processing environment of the client.
2. The method of claim 1, wherein the current process information is included in a data packet received from the client;
the step of judging whether the currently running process of the client is safe according to the current process information specifically comprises the following steps:
when the source IP address of the data packet is contained in a preset IP address list, judging whether the process currently operated by the client is safe or not according to the current process information;
before the step of judging whether the currently running process of the client is safe according to the current process information, the method further comprises the following steps:
and judging whether the source IP address of the data packet is contained in a preset IP address list or not.
3. The method of claim 2, further comprising:
and when the source IP address of the data packet is not contained in a preset IP address list, determining that the potential safety hazard exists in the message processing environment of the client.
4. The method of claim 1, wherein after determining that a potential safety hazard exists in a messaging environment of the client, the method further comprises:
sending an identity authentication request containing a random character string to the client, and receiving a digital signature and account information from the client;
acquiring a public key in a corresponding asymmetric key pair according to the account information, and decrypting the digital signature by using the public key;
judging whether the random character string obtained by decryption is the same as the random character string in the identity authentication request, if so, sending authentication success information to the client, and processing the message from the client; otherwise, sending verification failure information to the client.
5. The method of claim 1, wherein after determining that a potential safety hazard exists in a messaging environment of the client, the method further comprises:
sending an authentication request containing a random character string to the client, and receiving HMAC information and account information from the client;
acquiring a corresponding symmetric key according to the account information, processing the random character string by using the symmetric key, judging whether the processed HMAC information is the same as the HMAC information received from the client, if so, sending verification success information to the client, and processing a message from the client; otherwise, sending verification failure information to the client.
6. The method according to claim 1, wherein the determining, according to the current process information, whether the process currently running by the client is safe specifically includes:
judging whether a process in a preset first process list exists in the currently running processes of the client according to the current process information, and if so, determining that the currently running process of the client is unsafe; if not, determining that the process currently operated by the client is safe;
or,
judging whether processes outside a preset second process list exist in the processes currently operated by the client according to the current process information, and if so, determining that the processes currently operated by the client are unsafe; and if not, determining that the process currently run by the client is safe.
7. A method for detecting a message processing environment, comprising the steps of:
firstly, acquiring system information of a client;
judging whether the system information of the client stored by the client is the same as the acquired system information of the client, and if so, executing a step IV; otherwise, executing step (c), the system information includes one or more of CPU type, mainboard type, operating system name, user name and IP address;
thirdly, determining that potential safety hazards exist in the message processing environment of the client;
judging whether the current running process of the client is safe or not according to the obtained current process information of the client, and if so, executing the fifth step; otherwise, executing step three;
and fifthly, determining that no potential safety hazard exists in the message processing environment of the client.
8. The method of claim 7, wherein the obtained system information of the client is included in a data packet received from the client;
the determining whether the system information of the client stored by the client is the same as the acquired system information of the client includes:
when the source IP address of the data packet is contained in a preset IP address list, judging whether the system information of the client stored by the data packet is the same as the acquired system information of the client;
before the determining whether the system information of the client stored by the client is the same as the acquired system information of the client, the method further includes:
and judging whether the source IP address of the data packet is contained in a preset IP address list or not.
9. The method of claim 8, further comprising:
and when the source IP address of the data packet is not contained in a preset IP address list, determining that the potential safety hazard exists in the message processing environment of the client.
10. The method of claim 7, wherein after determining that a potential safety hazard exists in a messaging environment of the client, the method further comprises:
sending an identity authentication request containing a random character string to the client, and receiving a digital signature and account information from the client;
acquiring a public key in a corresponding asymmetric key pair according to the account information, and decrypting the digital signature by using the public key;
judging whether the random character string obtained by decryption is the same as the random character string in the identity authentication request, if so, sending authentication success information to the client, and processing the message from the client; otherwise, sending verification failure information to the client.
11. The method of claim 7, wherein after determining that a potential safety hazard exists in a messaging environment of the client, the method further comprises:
sending an authentication request containing a random character string to the client, and receiving HMAC information and account information from the client;
acquiring a corresponding symmetric key according to the account information, processing the random character string by using the symmetric key, judging whether the processed HMAC information is the same as the HMAC information received from the client, if so, sending verification success information to the client, and processing a message from the client; otherwise, sending verification failure information to the client.
12. The method according to claim 7, wherein the determining whether the currently running process of the client is safe according to the current process information specifically includes:
judging whether a process in a preset first process list exists in the currently running processes of the client according to the current process information, and if so, determining that the currently running process of the client is unsafe; if not, determining that the process currently operated by the client is safe;
or,
judging whether processes outside a preset second process list exist in the processes currently operated by the client according to the current process information, and if so, determining that the processes currently operated by the client are unsafe; and if not, determining that the process currently run by the client is safe.
13. An apparatus for detecting a message processing environment, comprising:
the storage module is used for storing the system information of the client;
the system comprises an acquisition module, a processing module and a processing module, wherein the acquisition module is used for acquiring current process information and system information of the client from the client, and the system information comprises one or more of CPU type, mainboard model, operating system name, user name and IP address;
the first judgment module is used for judging whether the process currently operated by the client is safe or not according to the current process information;
the second judging module is used for judging whether the system information of the client in the storage module is the same as the system information acquired from the client by the acquiring module;
the determining module is used for determining that potential safety hazards exist in the message processing environment of the client when the judgment result of the first judging module is unsafe and/or the judgment result of the second judging module is different; and when the judgment result of the first judgment module is safe and the judgment result of the second judgment module is the same, determining that the message processing environment of the client does not have potential safety hazard.
14. The apparatus of claim 13, wherein the current process information is included in a data packet received by the acquisition module from the client;
the first judging module is specifically configured to, when the source IP address of the data packet is included in a preset IP address list, judge whether the currently running process of the client is safe according to the current process information;
the device, still include:
and the third judging module is used for judging whether the source IP address of the data packet is contained in a preset IP address list or not.
15. The apparatus of claim 13, wherein the system information of the client acquired by the acquisition module from the client is included in a data packet received by the acquisition module from the client;
the second determining module is specifically configured to determine whether the system information of the client in the storage module is the same as the system information acquired by the acquiring module from the client when the source IP address of the data packet is included in a preset IP address list;
the device, still include:
and the third judging module is used for judging whether the source IP address of the data packet is contained in a preset IP address list or not.
16. The apparatus of claim 14 or 15,
the determining module is further configured to determine that a potential safety hazard exists in a message processing environment of the client when the source IP address of the data packet is not included in a preset IP address list.
17. The apparatus of claim 13, further comprising:
the first sending module is used for sending an identity authentication request containing a random character string to the client after the determining module determines that potential safety hazards exist in the message processing environment of the client;
the first receiving module is used for receiving the digital signature and the account information from the client;
the decryption module is used for acquiring a public key in a corresponding asymmetric key pair according to the account information and decrypting the digital signature by using the public key;
a fourth judging module, configured to judge whether the random character string decrypted by the decrypting module is the same as the random character string in the authentication request,
the second sending module is used for sending verification success information to the client when the judgment results of the fourth judging module are the same; and when the judgment results of the fourth judgment module are different, sending verification failure information to the client.
18. The apparatus of claim 13, further comprising:
the third sending module is used for sending an authentication request containing a random character string to the client after the determining module determines that potential safety hazards exist in the message processing environment of the client;
the second receiving module is used for receiving the HMAC information and the account information from the client;
the processing module is used for acquiring a corresponding symmetric key according to the account information and processing the random character string by using the symmetric key;
a fifth judging module, configured to judge whether the HMAC information processed by the processing module is the same as the HMAC information received by the second receiving module from the client;
the fourth sending module is used for sending verification success information to the client when the judgment results of the fifth judging module are the same; and when the judgment results of the fifth judgment module are different, sending verification failure information to the client.
19. The apparatus of claim 13,
the first judging module is specifically configured to judge whether a process in a preset first process list exists in the currently running process of the client according to the current process information, and if so, determine that the currently running process of the client is unsafe; if not, determining that the process currently operated by the client is safe;
or,
judging whether processes outside a preset second process list exist in the processes currently operated by the client according to the current process information, and if so, determining that the processes currently operated by the client are unsafe; and if not, determining that the process currently run by the client is safe.
CN201210319748.9A 2012-08-31 2012-08-31 Method and device for detecting message processing environment Expired - Fee Related CN102811146B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210319748.9A CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210319748.9A CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Publications (2)

Publication Number Publication Date
CN102811146A CN102811146A (en) 2012-12-05
CN102811146B true CN102811146B (en) 2015-03-04

Family

ID=47234733

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210319748.9A Expired - Fee Related CN102811146B (en) 2012-08-31 2012-08-31 Method and device for detecting message processing environment

Country Status (1)

Country Link
CN (1) CN102811146B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104392381A (en) * 2014-10-29 2015-03-04 中国建设银行股份有限公司 Risk monitoring method of transaction data and system thereof
CN105634863B (en) * 2015-12-28 2019-09-17 北京神州绿盟信息安全科技股份有限公司 A kind of method and apparatus of application protocol detection

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101119201A (en) * 2007-05-30 2008-02-06 北京润汇科技有限公司 Method for implementing conversation control and duration collection through DHCP extension
CN101119373A (en) * 2007-09-04 2008-02-06 北京大学 A gateway-level streaming virus scanning method and system thereof
CN101256608A (en) * 2008-03-25 2008-09-03 北京飞天诚信科技有限公司 Safe operation method and system
CN102065063A (en) * 2009-11-13 2011-05-18 富士通株式会社 WEB authentication device, system and method
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 A method and client for ensuring user network security
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform
US20140082149A1 (en) * 2003-07-02 2014-03-20 Amazon.Com, Inc. Predictive prefetching to reduce document generation times

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140082149A1 (en) * 2003-07-02 2014-03-20 Amazon.Com, Inc. Predictive prefetching to reduce document generation times
CN101119201A (en) * 2007-05-30 2008-02-06 北京润汇科技有限公司 Method for implementing conversation control and duration collection through DHCP extension
CN101119373A (en) * 2007-09-04 2008-02-06 北京大学 A gateway-level streaming virus scanning method and system thereof
CN101256608A (en) * 2008-03-25 2008-09-03 北京飞天诚信科技有限公司 Safe operation method and system
CN102065063A (en) * 2009-11-13 2011-05-18 富士通株式会社 WEB authentication device, system and method
CN102164138A (en) * 2011-04-18 2011-08-24 奇智软件(北京)有限公司 A method and client for ensuring user network security
CN102413142A (en) * 2011-11-30 2012-04-11 华中科技大学 Active defense method based on cloud platform

Also Published As

Publication number Publication date
CN102811146A (en) 2012-12-05

Similar Documents

Publication Publication Date Title
CN105376216B (en) A remote access method, proxy server and client
US8677466B1 (en) Verification of digital certificates used for encrypted computer communications
CN109587162B (en) Login verification method, device, terminal, password server and storage medium
US8037306B2 (en) Method for realizing network access authentication
US8869238B2 (en) Authentication using a turing test to block automated attacks
CN106779716B (en) Authentication method, device and system based on block chain account address
JP2015039214A (en) Method and system for protecting against id theft or replication abuse
CN102638468B (en) The method of protection information transmission security, transmitting terminal, receiving terminal and system
US20110265156A1 (en) Portable security device protection against keystroke loggers
CN111130798B (en) Request authentication method and related equipment
US8832813B1 (en) Voice authentication via trusted device
CN107534668A (en) The method and system of transaction security
WO2017000479A1 (en) Identity information authentication method, user terminal, service terminal, authentication server, and service system
US20180262471A1 (en) Identity verification and authentication method and system
CN105024813B (en) A kind of exchange method of server, user equipment and user equipment and server
CN100589390C (en) An authentication method and authentication system
CN101808077B (en) Information security input processing system and method and smart card
CN108702292A (en) Authentication device, control server and application server based on biometric information and its operating method
CN112487380A (en) Data interaction method, device, equipment and medium
US20080022085A1 (en) Server-client computer network system for carrying out cryptographic operations, and method of carrying out cryptographic operations in such a computer network system
CN115529591B (en) Authentication method, device, equipment and storage medium based on token
CN110620763A (en) Mobile identity authentication method and system based on mobile terminal APP
CN106789858A (en) A kind of access control method and device and server
CN105577619B (en) Client login method, client and system
US20090177892A1 (en) Proximity authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP03 Change of name, title or address

Address after: 17th floor, building B, Huizhi building, No.9, Xueqing Road, Haidian District, Beijing 100085

Patentee after: Feitian Technologies Co.,Ltd.

Country or region after: China

Address before: 100085 17th floor, block B, Huizhi building, No.9 Xueqing Road, Haidian District, Beijing

Patentee before: Feitian Technologies Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150304