[go: up one dir, main page]

TWI852549B - System and method for rapid identification of website security - Google Patents

System and method for rapid identification of website security Download PDF

Info

Publication number
TWI852549B
TWI852549B TW112117609A TW112117609A TWI852549B TW I852549 B TWI852549 B TW I852549B TW 112117609 A TW112117609 A TW 112117609A TW 112117609 A TW112117609 A TW 112117609A TW I852549 B TWI852549 B TW I852549B
Authority
TW
Taiwan
Prior art keywords
website
certificate
security
ssl
client device
Prior art date
Application number
TW112117609A
Other languages
Chinese (zh)
Other versions
TW202445394A (en
Inventor
張淑蕙
何柏霖
周彥廷
周智勇
Original Assignee
合作金庫商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 合作金庫商業銀行股份有限公司 filed Critical 合作金庫商業銀行股份有限公司
Priority to TW112117609A priority Critical patent/TWI852549B/en
Application granted granted Critical
Publication of TWI852549B publication Critical patent/TWI852549B/en
Publication of TW202445394A publication Critical patent/TW202445394A/en

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system for rapidly identifying website security includes a client device coupled to a bank server for downloading a website security identification application, wherein the website security identification application is configured to: retrieve a website URL and a relevant certificate of the website information; confirm whether the relevant certificate information includes a secure communication layer (SSL) certificate; and confirm whether the SSL certificate is valid.

Description

快速識別網站安全的系統及方法System and method for quickly identifying website security

本發明是有關於一種快速識別網站安全系統及其方法。The present invention relates to a system and method for quickly identifying website security.

現行的網路交易安全問題不盡相同,大部分的網路安全事件大都發生在電子交易的糾紛,或是帳號被盜用的問題。首先就是誘使客戶相信,他們的電腦或帳戶出了問題,或是參加抽獎、中獎,需要到偽裝的網站上填寫資料,而客戶不易判斷真偽,導致真的銀行網頁客戶不信賴或誤信假的網站,易造成實際業務無法進行宣傳。Current online transaction security issues are not the same. Most online security incidents occur in electronic transaction disputes or account theft. The first is to induce customers to believe that there is a problem with their computer or account, or that they need to fill in information on a fake website to participate in a lottery or win a prize. However, it is difficult for customers to judge the authenticity, resulting in customers not trusting the real bank website or mistaking it for a fake website, which can easily cause the actual business to be unable to be promoted.

因此,開發一種安全網站的識別工具,實是本領域人士所思量的。Therefore, developing a tool to identify secure websites is something that people in this field have been considering.

本案的一實施態樣係提供一種快速識別網站安全的系統,其包括一客戶端裝置耦接一銀行端伺服器,用以下載一網站安全識別應用程式,其中客戶端裝置用以執行網站安全識別應用程式以:擷取一網站之網址及網站之相關憑證資訊;確認相關憑證資訊是否包含安全通訊端層(SSL)憑證;以及確認SSL憑證是否在有效期間。One implementation of the present invention provides a system for quickly identifying website security, which includes a client device coupled to a bank server for downloading a website security identification application, wherein the client device is used to execute the website security identification application to: capture the URL of a website and the website's related certificate information; confirm whether the related certificate information includes a secure communication terminal layer (SSL) certificate; and confirm whether the SSL certificate is within the validity period.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以確認SSL憑證之核發的對象是否正確。In some embodiments, the client device is also used to execute a website security identification application to confirm whether the SSL certificate is issued to the correct person.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以確認SSL憑證之發行者是否為臺灣網路認證股份有限公司。In some embodiments, the client device is further used to execute a website security identification application to confirm whether the issuer of the SSL certificate is Taiwan Network Certification Corporation.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以確認SSL憑證之發行者是否為中華電信股份有限公司。In some embodiments, the client device is further configured to execute a website security identification application to confirm whether the issuer of the SSL certificate is Chunghwa Telecom Corporation Limited.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以確認網站之網址是否在特定安全名單內。In some embodiments, the client device is further configured to execute a website security identification application to confirm whether the website's URL is in a specific security list.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以當網站之網址在特定安全名單內時,標示網站為安全網站。In some embodiments, the client device is further configured to execute a website security identification application to mark a website as a safe website when the website's URL is in a specific security list.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以當網站之相關憑證資訊不包含SSL憑證時,標示網站為不安全網站。In some embodiments, the client device is further configured to execute a website security identification application to mark a website as an unsecure website when the website's related certificate information does not include an SSL certificate.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以當網站之相關憑證資訊包含SSL憑證但SSL憑證已不在有效期間內時,標示網站為不安全網站。In some embodiments, the client device is further used to execute a website security identification application to mark a website as an unsafe website when the relevant certificate information of the website includes an SSL certificate but the SSL certificate is no longer valid.

在一些實施例中,客戶端裝置還用以執行網站安全識別應用程式以當網站之相關憑證資訊包含SSL憑證且SSL憑證在有效期間內時,標示網站為安全網站。In some embodiments, the client device is further used to execute a website security identification application to mark a website as a secure website when the relevant certificate information of the website includes an SSL certificate and the SSL certificate is within a validity period.

本案的另一實施態樣係提供一種快速識別網站安全的方法,其包括使用一客戶端裝置耦接一銀行端伺服器,用以下載一網站安全識別應用程式,其中客戶端裝置用以執行網站安全識別應用程式以:擷取一網站之網址及網站之相關憑證資訊;確認相關憑證資訊是否包含安全通訊端層(SSL)憑證;以及確認SSL憑證是否在有效期間。Another embodiment of the present invention provides a method for quickly identifying website security, which includes using a client device to couple to a bank server to download a website security identification application, wherein the client device is used to execute the website security identification application to: capture the URL of a website and the website's related certificate information; confirm whether the related certificate information includes a secure communication terminal layer (SSL) certificate; and confirm whether the SSL certificate is within the validity period.

因此,依據本案之技術內容,快速識別網站安全系統及其方法提供網站安全識別應用程式供下載並運作於其資訊裝置上,由金融產業鏈對其自家旗下關聯網站及重要的金融網站提供上網安全的保證,使客戶能更信賴網站安全識別應用程式所認證的安全網站。Therefore, according to the technical content of this case, the website security system and method for rapid identification provide a website security identification application for downloading and running on its information device, and the financial industry chain provides Internet security guarantees for its own affiliated websites and important financial websites, so that customers can have more trust in the secure websites certified by the website security identification application.

以下將以圖式及詳細敘述清楚說明本案之精神,任何所屬技術領域中具有通常知識者在瞭解本案之實施例後,當可由本案所教示之技術,加以改變及修飾,其並不脫離本案之精神與範圍。The following will clearly illustrate the spirit of the present invention with diagrams and detailed descriptions. After understanding the embodiments of the present invention, any person with ordinary knowledge in the relevant technical field can make changes and modifications based on the techniques taught by the present invention without departing from the spirit and scope of the present invention.

本文之用語只為描述特定實施例,而無意為本案之限制。單數形式如「一」、「這」、「此」、「本」以及「該」,如本文所用,同樣也包含複數形式。The terms used herein are only for describing specific embodiments and are not intended to be limiting of the present invention. Singular forms such as "a", "this", "here", "this" and "the" as used herein also include plural forms.

關於本文中所使用之『耦接』或『連接』,均可指二或多個元件或裝置相互直接作實體接觸,或是相互間接作實體接觸,亦可指二或多個元件或裝置相互操作或動作。As used herein, “coupled” or “connected” may refer to direct or indirect physical contact between two or more elements or devices, or mutual operation or action between two or more elements or devices.

關於本文中所使用之『包含』、『包括』、『具有』、『含有』等等,均為開放性的用語,即意指包含但不限於。The words "include", "including", "have", "contain", etc. used in this article are open terms, meaning including but not limited to.

關於本文中所使用之『及/或』,係包括所述事物的任一或全部組合。As used herein, "and/or" includes any or all combinations of the items described.

關於本文中所使用之用詞(terms),除有特別註明外,通常具有每個用詞使用在此領域中、在本案之內容中與特殊內容中的平常意義。某些用以描述本案之用詞將於下或在此說明書的別處討論,以提供本領域技術人員在有關本案之描述上額外的引導。The terms used in this document generally have the ordinary meanings of each term used in this field, in the context of this case and in the specific context, unless otherwise specified. Certain terms used to describe this case will be discussed below or elsewhere in this specification to provide additional guidance to those skilled in the art in describing this case.

請同時參照第1、2圖,第1圖繪示根據本案一些實施例之快速識別網站安全的方法流程圖,第2圖繪示根據本案一些實施例之快速識別網站安全的系統之功能方塊圖。本案之快速識別網站安全之方法及系統主要適用於金融產業鏈於服務其客戶時確保客戶於其旗下關聯網站執行交易或輸入資料等的安全性。這裡的金融產業鏈包含金控業、銀行業、保險業、證券業、期貨業或租賃業等。金控業旗下子公司則包括銀行、壽險、證券、投信、投顧等事業體。Please refer to Figures 1 and 2 at the same time. Figure 1 shows a flow chart of a method for quickly identifying website security according to some embodiments of the present case, and Figure 2 shows a functional block diagram of a system for quickly identifying website security according to some embodiments of the present case. The method and system for quickly identifying website security in the present case are mainly applicable to the financial industry chain to ensure the security of customers performing transactions or inputting data on its affiliated websites when serving their customers. The financial industry chain here includes financial holding industry, banking industry, insurance industry, securities industry, futures industry or leasing industry, etc. Subsidiaries of the financial holding industry include banks, life insurance, securities, investment trusts, investment consulting and other businesses.

金融產業鏈可以於其銀行端伺服器200或其他服務客戶的伺服器上,宣傳其快速識別網站安全的服務,並提供網站安全識別應用程式供下載。金融產業鏈的客戶可透過其客戶端裝置150經網際網路300與銀行端伺服器200建立連結。故,任何客戶端裝置150便可透過網際網路300登入銀行端伺服器200之網站介面平台,以執行網站介面平台之各種服務,包含下載網站安全識別應用程式。在本案的一些實施例中,這些客戶端裝置150分別代表分布於不同位置之可連網裝置。可連網的客戶端裝置150例如為行動電話、筆記型電腦、平板電腦、桌上型電腦、智慧型手機、平板手機或智慧型手錶等。客戶端裝置150亦可稱為資訊裝置(Information Appliance,簡稱IA)。The financial industry chain can promote its service of quickly identifying website security on its bank-side server 200 or other servers serving customers, and provide website security identification applications for download. Customers of the financial industry chain can establish a connection with the bank-side server 200 through the Internet 300 through their client devices 150. Therefore, any client device 150 can log in to the website interface platform of the bank-side server 200 through the Internet 300 to execute various services of the website interface platform, including downloading website security identification applications. In some embodiments of the present case, these client devices 150 represent network-connected devices distributed in different locations. The client device 150 that can connect to the Internet is, for example, a mobile phone, a laptop, a tablet computer, a desktop computer, a smart phone, a tablet phone, or a smart watch, etc. The client device 150 may also be referred to as an information appliance (IA).

網站安全識別應用程式用以執行快速識別網站安全的方法100。在方法100的步驟102中,啟動網站安全識別應用程式以連結欲造訪網站。若是以具攝像頭的客戶端裝置150,在啟動網站安全識別應用程式後,可用攝像頭掃描二維條碼以連結至欲造訪網站的網站伺服器250。The website security identification application is used to execute the method 100 for quickly identifying the website security. In step 102 of the method 100, the website security identification application is started to connect to the website to be visited. If the client device 150 with a camera is used, after starting the website security identification application, the camera can be used to scan the two-dimensional barcode to connect to the website server 250 of the website to be visited.

在方法100的步驟104中,接著獲取網站的網址及相關憑證資訊。這裡的「網址」指的是「真實網址」,並非經縮址處理後的「縮址」。因此,此步驟還包含還原出縮址的真實網址,才能執行後續的查核步驟。這裡的相關憑證資訊指的是與資安相關的憑證,例如SSL憑證及TSL憑證。SSL 的全名是 Secure Sockets Layer,即安全通訊端層,簡而言之,這是一種標準的技術,用於保持網際網路連線安全以及防止在兩個系統之間發送的所有敏感資料被罪犯讀取及修改任何傳輸的資訊,包括潛在的個人詳細資料。兩個系統可以是伺服器與用戶端 (例如購物網站與瀏覽器),或者伺服器至伺服器 (例如,含有個人身份資訊或含有薪資資訊的應用程式)。這樣做是為了確保使用者與網站、或兩個系統之間傳輸的任何資料保持無法被讀取的狀態。此技術可使用加密演算法以混淆輸送中的資料,防止駭客在資料透過連線發送時讀取資料。此資訊可能是任何敏感或個人資訊,包括信用卡號與其他財務資訊、姓名與地址。TSL (Transport Layer Security,傳輸層安全性)是更新、更安全的SSL版本,一般仍將安全性憑證稱為SSL,因為這是較常用的詞彙。HTTPS (Hyper Text Transfer Protocol Secure,超級文字傳輸協議安全)會在網站受到SSL憑證保護時在網址中出現。該憑證的詳細資料包括發行機構與網站擁有人的企業名稱,可以透過按一下瀏覽器列上的鎖定標記進行檢視。In step 104 of method 100, the website's URL and related certificate information are then obtained. The "URL" here refers to the "real URL", not the "reduced URL" after the URL is shortened. Therefore, this step also includes restoring the real URL of the shortened URL before executing the subsequent verification step. The related certificate information here refers to certificates related to information security, such as SSL certificates and TSL certificates. The full name of SSL is Secure Sockets Layer. In short, it is a standard technology used to keep Internet connections secure and prevent all sensitive data sent between two systems from being read by criminals and modifying any transmitted information, including potential personal details. The two systems can be a server and a client (such as a shopping site and a browser), or server to server (for example, an application containing personally identifiable information or containing payroll information). This is done to ensure that any data transmitted between the user and the website, or between the two systems, remains unreadable. This technology uses encryption algorithms to obfuscate the data in transit, preventing hackers from reading the data as it is sent over the connection. This information could be any sensitive or personal information, including credit card numbers and other financial information, names and addresses. TSL (Transport Layer Security) is a newer and more secure version of SSL, and the security certificate is still generally referred to as SSL because this is the more common term. HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is protected by an SSL certificate. The certificate details, including the issuing organization and the website owner's business name, can be viewed by clicking the lock icon on the browser bar.

在方法100的步驟106中,先確認網站的相關憑證資訊是否包含安全通訊端層(SSL)憑證。因為金融網站依法皆需具備此憑證,以確認其來源辨識性。若網站的相關憑證資訊不包含安全通訊端層(SSL)憑證,即在方法100的步驟120中將該網站標示為不安全網站,再進行方法100的步驟122。在本案的一些實施例中,當網站的相關憑證資訊包含安全通訊端層(SSL)憑證時,仍需檢視安全通訊端層(SSL)憑證之核發的對象是否正確。若是某金融產業鏈的旗下關聯網站,憑證之核發對象即為旗下的金控業、銀行業、保險業、證券業、期貨業或租賃業的企業名稱,若核發的對象不符,就可能是冒充網站,可能需在方法100的步驟120中將該網站標示為不安全網站,再進行方法100的步驟122。在本案的一些實施例中,當網站的相關憑證資訊包含安全通訊端層(SSL)憑證時,仍需檢視安全通訊端層(SSL)憑證之發行者。因各國安全通訊端層(SSL)憑證之發行者眾多,在台灣本地的企業,安全通訊端層(SSL)憑證具公信力之發行者包含臺灣網路認證股份有限公司及中華電信股份有限公司。在本案的一些實施例中,對台灣本地的金融產業鏈的旗下關聯網站,當網站的相關憑證資訊包含安全通訊端層(SSL)憑證時,但安全通訊端層(SSL)憑證具公信力之發行者並非臺灣網路認證股份有限公司或中華電信股份有限公司,仍可能需在方法100的步驟120中將該網站標示為不安全網站,再進行方法100的步驟122。In step 106 of method 100, it is first confirmed whether the website's relevant certificate information includes a secure communication terminal layer (SSL) certificate. Because financial websites are required by law to have this certificate to confirm their source identification. If the website's relevant certificate information does not include a secure communication terminal layer (SSL) certificate, the website is marked as an unsafe website in step 120 of method 100, and then step 122 of method 100 is performed. In some embodiments of the present case, when the website's relevant certificate information includes a secure communication terminal layer (SSL) certificate, it is still necessary to check whether the object of the issuance of the secure communication terminal layer (SSL) certificate is correct. If it is a related website of a financial industry chain, the object of the certificate issuance is the name of the company in the financial holding industry, banking industry, insurance industry, securities industry, futures industry or leasing industry. If the object of issuance does not match, it may be a counterfeit website, and it may be necessary to mark the website as an unsafe website in step 120 of method 100, and then proceed to step 122 of method 100. In some embodiments of the present case, when the relevant certificate information of the website includes a secure communication terminal layer (SSL) certificate, it is still necessary to check the issuer of the secure communication terminal layer (SSL) certificate. Since there are many issuers of SSL certificates in various countries, the credible issuers of SSL certificates for local enterprises in Taiwan include Taiwan Network Security Corporation and Chunghwa Telecom Corporation. In some embodiments of the present case, for affiliated websites of the local financial industry chain in Taiwan, when the relevant certificate information of the website includes a SSL certificate, but the credible issuer of the SSL certificate is not Taiwan Network Security Corporation or Chunghwa Telecom Corporation, it may still be necessary to mark the website as an unsafe website in step 120 of method 100, and then proceed to step 122 of method 100.

在方法100的步驟108中,當網站的相關憑證資訊包含安全通訊端層(SSL)憑證時,仍需檢視安全通訊端層(SSL)憑證是否在有效期間內。在本案的一些實施例中,若當網站之相關憑證資訊包含安全通訊端層(SSL)憑證,但安全通訊端層(SSL)憑證已不在有效期間內時,需在方法100的步驟120中將該網站標示為不安全網站,再進行方法100的步驟122。在本案的一些實施例中(例如針對金融產業鏈的自家旗下關聯網站),若當網站之相關憑證資訊包含安全通訊端層(SSL)憑證,且安全通訊端層(SSL)憑證在有效期間內時,可直接執行方法100的步驟110,標示該網站為安全網站。In step 108 of method 100, when the website's related certificate information includes a secure communication terminal layer (SSL) certificate, it is still necessary to check whether the secure communication terminal layer (SSL) certificate is within the validity period. In some embodiments of the present case, if the website's related certificate information includes a secure communication terminal layer (SSL) certificate, but the secure communication terminal layer (SSL) certificate is no longer within the validity period, the website needs to be marked as an unsafe website in step 120 of method 100, and then step 122 of method 100 is performed. In some embodiments of the present case (for example, for affiliated websites of the financial industry chain), if the relevant certificate information of the website includes a secure communication terminal layer (SSL) certificate, and the secure communication terminal layer (SSL) certificate is within the validity period, step 110 of method 100 can be directly executed to mark the website as a secure website.

在方法100的步驟110中,可用預先設定的網站白名單(即安全名單),來檢視造訪網站是否在名單內。在本案的一些實施例中,當網站之網址在特定安全名單內時,可直接執行方法100的步驟110(即跳過步驟106及步驟108),認定該網站為安全網站。在本案的一些實施例中,網站白名單可包含台灣Pay(taiwanpay.com.tw) 、票交所的線上嗶嗶繳嗶嗶繳 (twnch.org.tw) 、銀行公會的全國繳費網e-Bill全國繳費網 (ba.org.tw)、中華民國銀行商業銀行同業公會全國聯合會 (ba.org.tw)、MOICA 內政部憑證管理中心 (nat.gov.tw)、合作金庫機場接送預約平臺 (youfirst.com.tw)、Visa無限卡/Visa禦璽卡尊享禮遇 (freeliving.com.tw)、龍騰出行官網-全球品質生活服務平臺、貴賓出行智慧服務平臺 (dragonpass.com.cn)、mastercard  (johoo777.com)、Priceless Specials…等。在本案的一些實施例中,網站白名單大多為非金融產業鏈的旗下關聯網站。在本案的一些實施例中,網站白名單亦可將金融產業鏈的旗下關聯網站全部表列,當網站之相關憑證資訊包含安全通訊端層(SSL)憑證且安全通訊端層(SSL)憑證在有效期間內時,網站之網址仍需在特定安全名單內時,才直接執行方法100的步驟110,認定該網站為安全網站。若網站之網址不在特定安全名單內時,仍需在方法100的步驟120中將該網站標示為不安全網站,再進行方法100的步驟122。In step 110 of method 100, a pre-set website whitelist (i.e., safe list) may be used to check whether the visited website is in the list. In some embodiments of the present case, when the URL of the website is in a specific safe list, step 110 of method 100 may be directly executed (i.e., step 106 and step 108 are skipped) to identify the website as a safe website. In some embodiments of the present case, the website whitelist may include Taiwan Pay (taiwanpay.com.tw), the National Banking Association's e-Bill National Payment Network (ba.org.tw), the National Federation of Banking and Commercial Banking Associations of the Republic of China (ba.org.tw), the Ministry of the Interior's Certificate Administration Center (nat.gov.tw), the Cooperative Bank Airport Transfer Reservation Platform (youfirst.com.tw), Visa Infinite Card/Visa Xi Card Exclusive Privileges (freeliving.com.tw), Longteng Travel Official Website - Global Quality Life Service Platform, VIP Travel Smart Service Platform (dragonpass.com.cn), mastercard (johoo777.com), Priceless Specials… etc. In some embodiments of the present case, the website whitelist is mostly affiliated websites of non-financial industry chains. In some embodiments of the present case, the website whitelist can also list all affiliated websites of the financial industry chain. When the relevant certificate information of the website includes a secure communication terminal layer (SSL) certificate and the secure communication terminal layer (SSL) certificate is within the validity period, the website's URL still needs to be in the specific security list, and then the step 110 of method 100 is directly executed to identify the website as a secure website. If the website's URL is not in the specific security list, it is still necessary to mark the website as an unsafe website in step 120 of method 100, and then proceed to step 122 of method 100.

在方法100的步驟112中,若符合上述步驟的某些狀況,網站安全識別應用程式即會在其使用者介面上明顯將符合檢視條件的網站標示「安全」或「SAFE」等字樣,讓使用者很容易察覺該網站是安全網站。In step 112 of method 100, if certain conditions of the above steps are met, the website security identification application will clearly mark the website that meets the viewing conditions as "safe" or "SAFE" on its user interface, so that users can easily perceive that the website is a safe website.

在方法100的步驟120中,若符合上述步驟的某些狀況,網站安全識別應用程式即會在其使用者介面上明顯將符合檢視條件的網站標示「不安全」或「WARNING」等字樣,讓使用者很容易察覺該網站是不安全網站。In step 120 of method 100, if certain conditions of the above steps are met, the website security identification application will clearly mark the website that meets the viewing conditions as "unsafe" or "WARNING" on its user interface, so that users can easily detect that the website is an unsafe website.

在方法100的步驟122中,若某網站已被標示為「不安全」或「WARNING」,會接著請資安人員進行調查該網站或檢舉該網站而使其下架的目的。In step 122 of method 100, if a website has been marked as "unsafe" or "WARNING", information security personnel will then be asked to investigate the website or report the website for the purpose of removing it from the shelves.

在本案的一些實施例中,銀行端伺服器200具有處理器單元、通訊單元及儲存單元等,藉以提供網站安全識別應用程式的下載及作為應用程式於客戶端裝置150運作時的後台支援。在本案的一些實施例中,客戶端裝置150具有處理器單元、通訊單元及儲存單元等,藉以執行上述方法100的各步驟。在本案的一些實施例中,方法100的步驟106、步驟108及步驟110可在客戶端裝置150及銀行端伺服器200上同時運作查核。In some embodiments of the present invention, the bank-side server 200 has a processor unit, a communication unit, and a storage unit, etc., to provide downloading of the website security identification application and to serve as background support when the application is running on the client device 150. In some embodiments of the present invention, the client device 150 has a processor unit, a communication unit, and a storage unit, etc., to execute each step of the above method 100. In some embodiments of the present invention, step 106, step 108, and step 110 of the method 100 can be run and checked on the client device 150 and the bank-side server 200 at the same time.

依此,本案之快速識別網站安全系統及其方法提供網站安全識別應用程式供下載並運作於其資訊裝置上,由金融產業鏈對其自家旗下關聯網站及重要的金融網站提供上網安全的保證,使客戶能更信賴網站安全識別應用程式所認證的安全網站。Accordingly, the rapid website security identification system and method of this case provides a website security identification application for downloading and running on its information device, and the financial industry chain provides Internet security guarantees for its own affiliated websites and important financial websites, so that customers can have more trust in the secure websites certified by the website security identification application.

雖然本案以實施例揭露如上,然其並非用以限定本案,任何熟習此技藝者,在不脫離本案之精神和範圍內,當可作各種之更動與潤飾,因此本案之保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention is disclosed as above by way of embodiments, it is not intended to limit the present invention. Anyone skilled in the art can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, the scope of protection of the present invention shall be subject to the scope of the patent application attached hereto.

100:方法100: Method

102:步驟102: Step

104:步驟104: Step

106:步驟106: Step

108:步驟108: Step

110:步驟110: Steps

112:步驟112: Step

120:步驟120: Step

122:步驟122: Step

150:客戶端裝置150: Client device

200:銀行端伺服器200: Bank server

250:網站伺服器250:Web server

300:網際網路300:Internet

此處的附圖被併入說明書中並構成本說明書的一部分,這些附圖示出了符合本發明的實施例,並與說明書一起用於說明本發明實施例的技術方案。 第1圖繪示根據本案一些實施例之快速識別網站安全的方法流程圖。 第2圖繪示根據本案一些實施例之快速識別網站安全的系統之功能方塊圖。 The drawings herein are incorporated into the specification and constitute a part of the specification. These drawings illustrate embodiments consistent with the present invention and are used together with the specification to illustrate the technical solutions of the embodiments of the present invention. Figure 1 shows a flow chart of a method for quickly identifying website security according to some embodiments of the present invention. Figure 2 shows a functional block diagram of a system for quickly identifying website security according to some embodiments of the present invention.

100:方法 100:Methods

102:步驟 102: Steps

104:步驟 104: Steps

106:步驟 106: Steps

108:步驟 108: Steps

110:步驟 110: Steps

112:步驟 112: Steps

120:步驟 120: Steps

122:步驟 122: Steps

Claims (8)

一種快速識別網站安全的系統,包括:一客戶端裝置,耦接一銀行端伺服器,用以下載一網站安全識別應用程式,其中該客戶端裝置用以執行該網站安全識別應用程式以:擷取一網站之網址及該網站之相關憑證資訊;確認該相關憑證資訊是否包含安全通訊端層(SSL)憑證;確認該SSL憑證是否在有效期間;確認該SSL憑證之核發的對象是否正確;以及確認該網站之網址是否在特定安全名單內。 A system for quickly identifying website security includes: a client device coupled to a bank server for downloading a website security identification application, wherein the client device is used to execute the website security identification application to: capture a website URL and related certificate information of the website; confirm whether the related certificate information includes a secure communication terminal layer (SSL) certificate; confirm whether the SSL certificate is valid; confirm whether the object of the issuance of the SSL certificate is correct; and confirm whether the website URL is in a specific security list. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:確認該SSL憑證之發行者是否為臺灣網路認證股份有限公司。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: confirm whether the issuer of the SSL certificate is Taiwan Network Certification Corporation. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:確認該SSL憑證之發行者是否為中華電信股份有限公司。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: confirm whether the issuer of the SSL certificate is Chunghwa Telecom Corporation Limited. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:當該網站之網址在特定安全名單內時,標示該網站為安全網站。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: mark the website as a safe website when the website's URL is in a specific security list. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:當該網站之該相關憑證資訊不包含該SSL憑證時,標示該網站為不安全網站。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: mark the website as an unsafe website when the relevant certificate information of the website does not include the SSL certificate. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:當該網站之該相關憑證資訊包含該SSL憑證但該SSL憑證已不在有效期間內時,標示該網站為不安全網站。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: when the relevant certificate information of the website includes the SSL certificate but the SSL certificate is no longer valid, mark the website as an unsafe website. 如請求項1所述之快速識別網站安全的系統,其中該客戶端裝置還用以執行該網站安全識別應用程式以:當該網站之該相關憑證資訊包含該SSL憑證且該SSL憑證在有效期間內時,標示該網站為安全網站。 A system for quickly identifying website security as described in claim 1, wherein the client device is also used to execute the website security identification application to: mark the website as a secure website when the relevant certificate information of the website includes the SSL certificate and the SSL certificate is within the validity period. 一種快速識別網站安全的方法,包括:由一客戶端裝置耦接一銀行端伺服器,用以下載一網站安全識別應用程式,其中該客戶端裝置用以執行該網站安全識別應用程式以擷取一網站之網址及該網站之相關憑證資訊、確認該相關憑證資訊是否包含安全通訊端層(SSL)憑證、確認該SSL憑證是否在有效期間、確認該SSL憑證之核發的對象是否正確以及確認該網站之網址是否在特定安全名單內。 A method for quickly identifying website security includes: coupling a client device to a bank server to download a website security identification application, wherein the client device is used to execute the website security identification application to capture a website URL and related certificate information of the website, confirm whether the related certificate information includes a secure communication terminal layer (SSL) certificate, confirm whether the SSL certificate is valid, confirm whether the object of the SSL certificate is correct, and confirm whether the website URL is in a specific security list.
TW112117609A 2023-05-11 2023-05-11 System and method for rapid identification of website security TWI852549B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112117609A TWI852549B (en) 2023-05-11 2023-05-11 System and method for rapid identification of website security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112117609A TWI852549B (en) 2023-05-11 2023-05-11 System and method for rapid identification of website security

Publications (2)

Publication Number Publication Date
TWI852549B true TWI852549B (en) 2024-08-11
TW202445394A TW202445394A (en) 2024-11-16

Family

ID=93283981

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112117609A TWI852549B (en) 2023-05-11 2023-05-11 System and method for rapid identification of website security

Country Status (1)

Country Link
TW (1) TWI852549B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI718033B (en) * 2020-03-18 2021-02-01 中華電信股份有限公司 System and method for online certificate status query responder

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI718033B (en) * 2020-03-18 2021-02-01 中華電信股份有限公司 System and method for online certificate status query responder

Also Published As

Publication number Publication date
TW202445394A (en) 2024-11-16

Similar Documents

Publication Publication Date Title
US7548890B2 (en) Systems and methods for identification and authentication of a user
US8661520B2 (en) Systems and methods for identification and authentication of a user
RU2518680C2 (en) Verification of portable consumer devices
CA3067821C (en) Third-party authorization support for interactive computing environment functions
US9060012B2 (en) Methods and apparatus for detecting fraud with time based computer tags
KR100806993B1 (en) Method and apparatus for conducting electronic transactions
CN102713922B (en) The method used for anytime validation of the validation token
CN106688004B (en) Transaction authentication method and device, mobile terminal, POS terminal and server
US20130226813A1 (en) Cyberspace Identification Trust Authority (CITA) System and Method
Yang et al. Security analysis of third-party in-app payment in mobile applications
US20150213451A1 (en) Credit card fraud prevention system and method
CN107637015A (en) Digital identity system
WO2008127431A2 (en) Systems and methods for identification and authentication of a user
RU2427893C2 (en) Method of service server authentication (versions) and method of services payment (versions) in wireless internet
JP2008521086A (en) Apparatus and method for secure credit card processing infrastructure
US12536539B2 (en) Identity verification using a virtual credential
JP2007249805A (en) Electronic authentication method and electronic authentication system
CN112182653A (en) Service processing method, device, equipment and storage medium
CN112970234A (en) Account assertions
CA3047954A1 (en) Method for carrying out a transaction, corresponding terminal, server and computer program
JP2020160652A (en) Cryptocurrency remittance system
TWI852549B (en) System and method for rapid identification of website security
TWI618008B (en) Transaction fee negotiation for currency remittance
KR100960719B1 (en) How to authenticate yourself for enhanced security when joining an Internet service
TWM645365U (en) System for rapid identification of website security