[go: up one dir, main page]

WO2013018940A1 - Procédé de détection et de prévention de transactions illégales dans un commerce électronique et système associé - Google Patents

Procédé de détection et de prévention de transactions illégales dans un commerce électronique et système associé Download PDF

Info

Publication number
WO2013018940A1
WO2013018940A1 PCT/KR2011/005613 KR2011005613W WO2013018940A1 WO 2013018940 A1 WO2013018940 A1 WO 2013018940A1 KR 2011005613 W KR2011005613 W KR 2011005613W WO 2013018940 A1 WO2013018940 A1 WO 2013018940A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
user terminal
server
illegal
commerce
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/KR2011/005613
Other languages
English (en)
Korean (ko)
Inventor
정철우
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hi Tek Polymers Inc
Original Assignee
Interez Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Interez Inc filed Critical Interez Inc
Priority to CN2011800012817A priority Critical patent/CN103080961A/zh
Publication of WO2013018940A1 publication Critical patent/WO2013018940A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals

Definitions

  • the present invention relates to a method and system that can detect and block illegal transactions on electronic commerce in real time.
  • the present invention is to provide a method and system that can detect and block illegal transactions in real time in order to provide a secure electronic commerce service to a user using an electronic commerce or a company that provides an electronic commerce service.
  • the present invention can minimize the waiting time by determining whether to block using the NAT IP address of the user terminal so as not to affect the bypass connection of the proxy server or VPN of the user terminal.
  • the present invention has an advantage that the user terminal can determine whether to block before receiving a specific service through the actual e-commerce web server to prevent the damage of the user in advance.
  • a method for blocking illegal transactions in an e-commerce illegal transaction blocking system including an e-commerce web server and an illegal transaction prevention server is provided.
  • a user terminal accesses the e-commerce web server Receiving and installing an information gathering agent; (b) driving the information collection agent as the user terminal executes a dedicated application for using a service provided by the e-commerce web server, and the illegal transaction prevention server through a first communication channel through the information collection agent; Accessing to obtain at least one of authorized access information and policy information; (c) determining, by the user terminal, whether to block a service through the e-commerce web server by transmitting a blocking event according to the obtained policy information to the dedicated application; (d) transmitting, by the information collecting agent driven to the user terminal, collection information about the user terminal and the authorized access information to the e-commerce web server through a second communication channel; And (e) transmitting, by the e-commerce web server, the log history, the collection information, and the authorized access information according to the access of the access of the
  • the first communication channel is a socket secure communication channel
  • the second communication channel is a packet communication channel
  • the public access information is a NAT IP address.
  • the information collecting agent may include a signature method driven after installation with the consent of the user terminal user and a non-signature method driven without the user consent process.
  • the signature method may be a script command programmed to drive a signature method plug-in of any one of an ActiveX method, an NPAPI method, and a Java Applet method.
  • the information collecting agent checks the communication state of the illegal transaction prevention server through the first communication channel by calling socket connect. Further, if the communication state is a communication state, the authorized access information and policy information may be obtained.
  • the information collecting agent may transmit H DATA or V DATA to the illegal transaction prevention server as a server delivery packet through the first communication channel, and obtain public access information from the illegal transaction prevention server in response thereto.
  • the information collection agent may transmit the transmission packet to the illegal transaction prevention server through a real Ethernet rather than a VPN virtual Ethernet.
  • an electronic commerce illegal transaction blocking system that can block illegal transactions of a user terminal including an e-commerce web server and an illegal transaction prevention server.
  • a dedicated application or a web browser installed to use a service provided by the e-commerce web server may be used by a user.
  • driving the information collecting agent and transmits the transmission packet to the illegal transaction prevention server through the first communication channel through the information collecting agent to obtain the authorized access information and policy information, according to the policy information
  • a user terminal controlling to deliver a blocking event to the dedicated application; And extracting the authorized access information of the user terminal in response to receiving the transmission packet of the information collecting agent driven on the user terminal, and comparing the authorized access information with policy data stored in a database.
  • an illegal transaction prevention server for generating policy information according to whether a service is blocked and delivering the information to the information collection agent through the first communication channel, wherein the dedicated application is a service provided by the e-commerce web server according to the blocking event.
  • An illegal e-commerce blocking system can be provided, characterized by determining whether to block use.
  • the information collecting agent may transmit the authorized access information obtained through the first communication channel and the collection information collected about the user terminal to the e-commerce web server through a second communication channel.
  • illegal transactions are performed in real time to provide safe e-commerce services to users who use e-commerce or companies that provide e-commerce services. Can be detected and blocked.
  • the present invention can minimize the waiting time by determining whether to block using the NAT IP address of the user terminal so as not to affect the bypass connection of the proxy server or VPN of the user terminal.
  • the present invention has an advantage that the user terminal can determine whether to block before receiving a specific service through the actual e-commerce web server to prevent the damage of the user in advance.
  • FIG. 1 is a block diagram schematically illustrating a system capable of detecting and blocking illegal transactions of electronic commerce according to a first embodiment of the present invention
  • FIG. 2 is a diagram illustrating the types of information classified according to types and collection methods of collected information according to an embodiment of the present invention.
  • 3 is a view for a technical description of how to obtain the original public IP when using the VPN of the collected information according to an embodiment of the present invention.
  • FIG. 4 is a detailed table showing a policy pattern, an application method, and an action method for illegal transactions in a real-time detection / blocking technology according to an embodiment of the present invention.
  • Figure 5 is an illustration for explaining the application method and screen for the customer specific security services "e-commerce dedicated PC designated service” and "overseas IP blocking service” that can be additionally obtained by the present invention.
  • FIG. 6 is a flowchart illustrating a detailed description of an application procedure and an actual system for FIG. 5.
  • FIG. 7 is a diagram illustrating an example of a system configuration for providing a service of FIG. 5.
  • FIG. 7 is a diagram illustrating an example of a system configuration for providing a service of FIG. 5.
  • FIG. 8 is a block diagram schematically illustrating a system capable of detecting and blocking illegal transactions in electronic commerce according to a second embodiment of the present invention.
  • first and second may be used to describe various components, but the components should not be limited by the terms. The terms are used only for the purpose of distinguishing one component from another.
  • FIG. 1 is a block diagram schematically illustrating a system capable of detecting and blocking illegal transactions of an electronic commerce according to a first embodiment of the present invention
  • FIG. 2 is a diagram illustrating types and types of information collected according to an embodiment of the present invention.
  • FIG. 3 is a diagram illustrating classification of types of information according to a collection method
  • FIG. 3 is a view for technical description of a method of obtaining an original public IP when a VPN is used among collection information according to an embodiment of the present invention
  • FIG. FIG. 5 is a diagram illustrating a detailed table of a policy pattern, an application method, and a countermeasure method for illegal transactions in a real-time detection / blocking technology according to an embodiment of FIG. 5, and FIG.
  • FIG. 5 is a customer individual security service additionally obtained by the present invention.
  • FIG. 6 is a diagram illustrating an application method and a screen for “e-commerce dedicated PC designated service” and “overseas IP blocking service”.
  • FIG. 6 is a view illustrating an application procedure for FIG.
  • FIG. 7 is a flowchart illustrating a detailed description of a system that is actually implemented, and
  • FIG. 7 is a diagram illustrating an example of a system configuration for providing a service of FIG. 5.
  • a system capable of detecting and blocking illegal transactions of e-commerce may be referred to as a user terminal ( 100), the e-commerce web server 200 and the illegal transaction prevention server 300 is configured to include.
  • the user terminal 100 is connected to the e-commerce web server 200 through a communication network to receive a variety of services provided by the e-commerce web server 200.
  • the user terminal 100 downloads and installs at least one application installation file for collecting a plurality of information from the e-commerce web server 200 in order to receive the service provided by the e-commerce web server 200. Can be.
  • an application downloaded and installed by the user terminal 100 to collect information through the e-commerce web server 200 will be described as an information collection agent.
  • the user terminal 100 may separately download at least one dedicated application for use of various services provided by the e-commerce web server 200 and install it on the user terminal 100.
  • the dedicated application may be a home trading system (HTS) for stock trading.
  • the dedicated application may be applied in the same manner in addition to the separate application installed for using a specific service provided by the e-commerce web server 200.
  • the information collection agent may be installed in the user terminal 100 in a signature manner or may be installed in a non-signature manner.
  • a plurality of information collection agents may be installed in the user terminal 100 in a signature manner and a non-signature manner at the same time.
  • the signature type information collecting agent refers to an agent installed and driven on the user terminal 100 with the consent of the user when the information collecting agent is installed in the user terminal 100.
  • the signature gathering agent may be implemented with JAVA / FLEX and JAVA Applet.
  • non-signature information collection agent refers to an agent that can be run immediately without the user's consent or separate installation process.
  • Flash MMS, RTSP, simple JAVA Applet, white-night, Ajax, etc. Can be implemented.
  • the information collection agent is provided on the user terminal 100 provided through the e-commerce web server, but will be described on the user terminal 100, in addition to being controlled by the illegal transaction prevention server 300 on the user terminal 100 Of course, it can be installed in.
  • the user terminal 100 may be installed through the e-commerce web server 200.
  • the information collection agent collects information collected through a plurality of collection channels (hereinafter referred to as "terminal collection information" for convenience of understanding and explanation) to the e-commerce web server 200 and to prevent illegal transactions.
  • Each server 300 may transmit.
  • the information collection agent may be connected to the e-commerce web server 200 through the first channel to transmit collected information to the e-commerce web server 200 or receive various services from the e-commerce web server 200.
  • the first channel may be a packet communication channel.
  • the information collection agent may form a secure communication with the illegal transaction prevention server 300 through the second channel, and transmit the access information of the corresponding user terminal 100 through the second channel.
  • the second channel may be a socket communication channel.
  • the information collecting agent includes a terminal information collecting module 131, an encryption module 135, and a transmission control module 137.
  • the terminal information collection module 131 performs a function of collecting various information about the user terminal 100.
  • Information collected through the terminal information collection module 131 is illustrated in FIG. 2. That is, the terminal information collection module 131 may include various pieces of information (eg, access information (e-commerce web server access date and time, e-commerce web server) necessary for determining whether the user terminal 100 is illegally accessed or illegally traded. Connection IP Address, VPN Client IP Address, VPN Gateway IP Address, Proxy IP Address, Public IP Address, etc., Ethernet Information, MAC Information, Hardware Information, Terminal Information (e.g. Phone Number, IMSI, IMEI, USIM Information, etc.) Of course, the information collected by the terminal information collection module 131 may further include other information in addition to the information shown in FIG.
  • the encryption module 135 encrypts the collection information collected by the terminal information collection module 131 according to a predetermined method.
  • the encryption module 135 may include the Rivest Shamir Adleman (RSA), Seed, and Data Encryption Standard (3DES).
  • the transmission control module 137 controls to transmit the encrypted collection information to the illegal transaction prevention server 300 through the first channel and the second channel.
  • the transmission control module 137 checks the communication state of the illegal transaction prevention server 300 through the first communication path of the first channel, and if the communication state is a communicable state (ie, “alive”), encrypts it.
  • the collected information may be controlled to be transmitted to the illegal transaction prevention server 300 collectively through the first communication path.
  • the transmission control module 137 transmits the collected information encrypted through the second channel to the e-commerce web server. After the transmission to the 200, it may be controlled to transmit to the illegal transaction prevention server 300 through the e-commerce web server 200.
  • the second channel is a packet communication path for connection between a web browser or a specific application (app) installed on the user terminal 100 and the e-commerce web server 200, and communication is always possible, but the first channel is a user terminal ( Communication may not be possible depending on the network environment (for example, firewall setting, etc.) to which 100) belongs.
  • the reason why the encrypted collection information is first transmitted through the first channel is as follows.
  • the original public IP address may be determined due to the characteristics of the socket communication.
  • the data transmitted to the e-commerce web server 200 through the second channel is reduced, and as a result, the load of the e-commerce web server 200 may be reduced.
  • An e-commerce web server 200 includes an infrastructure such as a web service unit 210, a web server / WAS / DBMS, etc. that provides an information page for providing and modifying main information such as login and account transfer.
  • the server framework 220 performing the providing function and the collected information in the e-commerce server dedicated or web server 200 (hereinafter referred to as the e-commerce web server) for the security policy according to an embodiment of the present invention in real time Collection processing and blocking information receiving unit 250 for interlocking and processing is included.
  • the collection processing and blocking information receiving unit 250 is a collection processing command unit 251 consisting of a command set file for controlling the information collection agent in the user terminal 100, the real-time multi-channel collection information transmission and reception unit 340
  • the detection block policy and key storage unit 253 performs a function of synchronizing and storing the policy data managed in the own policy DB.
  • Illegal transaction prevention server 300 includes a real-time multi-channel collection information transmission and reception unit 340 and a real-time collection information analysis and policy detection / blocking unit (collection information analysis and blocking unit 350).
  • the collected information analysis and blocking unit 350 includes means for storing the collected information in a log and policy database and comparing the policy data with the policy data of the database to determine whether to block.
  • the real-time multi-channel collection information transmitting and receiving unit 340 performs a function of receiving processing so as not to lose a lot of information from the A Channel 190 and the collection processing and blocking information receiving unit 250.
  • the real-time collection information analysis and policy detection / blocking unit 350 receives the information from a plurality of real-time multi-channel collection information transmission and reception unit 340 to perform the function of collecting and collecting the integrated information real-time collecting unit 351, User terminal policy decision and execution unit 352 that analyzes the detected information to determine whether to detect or block, a real-time log and policy database 353 that stores collected information and policy-related information, and the administrator collects the information. And an administrator User I / F 354 that can monitor the analysis results.
  • the information collected from the real-time multichannel collection information transmission / reception unit 340 is immediately transmitted to the real-time collection information analysis and policy detection / blocking unit 350 to store the collection information in which integrity is maintained, and simultaneously perform necessary policy application processing.
  • the content determined by the policy is transmitted to the e-commerce web server 200 so that the detection / blocking process can be processed in real time when a transaction is attempted by the user terminal.
  • E-commerce illegal transaction blocking method and system is a form that can be configured as a system independent from the existing e-commerce web server, so that any load that may occur during information storage and policy processing that occurs in real time It is clear that the invention is satisfactory for both existing service users and service providers because it has little effect on the existing e-commerce web server (ie, the additional load on the existing e-commerce web server is minimized).
  • the user terminal 100 is a web browser for web access 110 or a dedicated terminal installation program for the purpose of electronic commerce ( 120) (eg, HTS, Home Trading System) or both to access the e-commerce web server 200.
  • the response web page of the e-commerce web server 200 includes a script (JavaScript) file and a command corresponding to the collection processing command unit 251.
  • the browser 110 executes this command to install the agent. It collects information and transmits collected information.
  • the command script also contains a variety of important information, such as the Class ID, which is a unique number that refers to the Agent component, the path of the Agent installation file, the version of the Agent, and the first collection address, which is the address of the server to which to collect the collected information.
  • the Class ID which is a unique number that refers to the Agent component
  • the path of the Agent installation file the version of the Agent
  • the first collection address which is the address of the server to which to collect the collected information.
  • second collection address information which is an address of a server to be resent when a primary communication fails.
  • the Agent checks the Agent installed in the user terminal 100 by using the Agent Ready command. If the version is lower than the version specified by the command even if the Agent is not installed or installed, the new Agent is downloaded and installed to collect the information gathering agent. Make it ready for use. (It is classified as either signed or non-signed agent based on whether the user asks for the user's consent at the time of installation.)
  • the browser executes a subsequent script command to give this agent a run command.
  • the terminal information transmission control unit 137 starts the transmission of the collected information. At this time, the type of information collected is shown in FIG. 2.
  • the user terminal 100 is connected to the e-commerce web server 200 for the purpose of e-commerce (for example, login, payment, account transfer, bulletin board, recertification screen, etc.)
  • the web server 200 is in the form of a web service server, a screen is provided from the web service unit 210 and a command script is provided from the collection processing command unit 251 at the same time, and the corresponding commands in the user terminal 100 are configured.
  • the information gathering agent is installed and running.
  • the collection processing command unit 251 is composed of a script file and instructions to be executed in the access web browser 110 in the user terminal 100.
  • the collection / blocking information transmitting / receiving unit 252 immediately transmits the real-time multichannel collection information transmitting / receiving unit 340 with respect to the collection information transmitted through the B channel 191 to the collecting paths 193 and 194. send.
  • the detection blocking policy and the KEY storage unit 253 includes a real-time policy pattern registration DB and the terminal integrated information storage unit 353, real-time collection information analysis and policy detection / blocking unit 350 Provided by the real-time policy pattern registration DB and the terminal integrated information storage unit 353 in order to provide a seamless e-commerce service with no obstacles (in order to provide a seamless e-commerce service without failure) in case the network to the equipment or the corresponding HW server fails. Synchronize one or more policy patterns of the critical policy database (see FIG. 4) with the change.
  • the real-time collection information analysis and policy detection / blocking unit 350 can provide a real-time blocking services illegal transactions.
  • the ID of the user who applied for the service and the domestic IP band information are stored in the real-time policy pattern registration DB and the terminal integrated information storage unit 353 and updated from time to time.
  • the blocking policy and KEY storage unit 253 By always synchronizing to the blocking policy and KEY storage unit 253, even if a failure occurs in the real-time collection information analysis and policy detection / blocking unit 350, it is possible to determine whether to block alone in the collection / blocking information transmission and reception unit 252. .
  • the real-time multi-channel collection information transmitting and receiving unit 340 is configured to decode in real time all the collection information transmitted in the two channels and three communication paths from the user terminal 100, the decoded information
  • the real-time collection information analysis and policy detection / blocking unit 350 is transmitted there is configured to be integrated into one collection information (Record).
  • the real-time multi-channel collection information transmission and reception unit 340 and the real-time collection information analysis and policy detection / blocking unit 350 in case the amount of information collected per second is gradually increased or exploded
  • Each module can be separated and operated in a separate H / W server, and the integrated information real-time collecting unit as a module having a Queue function to double or triple the real-time multi-channel collection information transmission / reception unit 340 ( 351).
  • the integrated information real-time collector 351 uses a queue having a FIFO (First-In-First-Out) data structure so that multiple real-time multichannel collection information transceivers 340 simultaneously transmit information without confusion. Receive and in turn allow subsequent processing.
  • FIFO First-In-First-Out
  • the receiving / processing side can be processed without losing information or even losing some information.
  • the user terminal policy determination and execution unit 352 is divided into a real time policy determination unit and a real time detection / blocking policy execution unit, and comparatively analyzes the first collected information as shown in FIG. 4 according to the real time policy pattern registration DB 353.
  • the real-time policy decision unit module is configured to judge.
  • the corresponding event log is stored in the DB by the real-time detection / blocking policy execution unit, and when the policy is set to automatic blocking, the collection / blocking information transmission / reception unit 252 is used.
  • the web service unit 210 was immediately blocked in real time, and if the policy is set to automatic detection, it is configured to notify the administrator by SMS, email, management system screen, etc. through the system administrator user interface (343, 354). It was.
  • the A channel 190 waited for information about the public IP due to the possibility of IP detour of the user terminal 100, and the A channel 190 has an unstable transmission speed depending on the state of the network to which the user terminal 100 belongs. There was a problem that sometimes takes time or communication itself is impossible.
  • the information collecting agent confirms in advance that the user terminal 100 does not use an IP bypassing technique such as a proxy or a VPN (to check whether the proxy is used, check the OS registry and determine whether to use the VPN).
  • an IP bypassing technique such as a proxy or a VPN
  • the description of the PC communication adapter device includes a specific string such as TAP, VPN, LZIP, SOCKv5, etc.
  • Priority information necessary for blocking or not eg public IP, user ID, MAC address, etc.
  • the real-time collection information analysis and policy detection / blocking unit 350 waits for integration with the remaining information (No. 1 (192) or No. 3 (194)) It is configured to be able to quickly determine whether to block or not by analyzing alone.
  • this invention allows 99.5% of transactions to be immediately blocked in real time without being affected by unstable A channel 190.
  • the terminal information transmission control unit 137 sends the collected information to the server through the No.1 collection path 192 of the A channel 190 and the No.2 collection path 193 of the B channel 191 to asynchronous communication.
  • the communication latency is eliminated.
  • the synchronous communication method is a method of waiting without performing any work until the completion of a communication request.
  • the synchronous communication method is easy to implement, but it takes a lot of time because the communication proceeds in sequence in a situation where various communication is performed in parallel.
  • the asynchronous communication method is a method of performing a subsequent task after a communication request and even before the execution is completed. Although a plurality of tasks can be performed quickly at the same time, the difficulty of implementation is high.
  • information necessary for determining whether to block eg, set policy, country IP band table, blocking flag, etc.
  • main memory main memory
  • the MAC address of the user terminal 100 can be easily modulated, when collecting MAC address information, the MAC address is collected and used to determine the original MAC address information.
  • VPN Virtual Private Network
  • the information collected by the plug-in driving command from the information collection agent is also bypassed through the VPN driver as shown in FIG. 3 (430). Information is sent to 300.
  • the protocol name (PPTP, GRE, L2TP, SSL VPN, etc.) described above in the description of the communication adapter for active connection in the user terminal 100. If any of these are included, it is determined that a VPN bypass connection is possible.
  • the communication channel is changed as follows, and as shown in FIG. 190) by performing the communication once more (430) to obtain the original public IP.
  • the information gathering agent finds the network driver that was originally used before the VPN in addition to the network driver that the user terminal 100 is currently using (i.e., connected to the external VPN gateway), and then uses the GetAdaptersInfo function to configure the IP_ADAPTER_INFO structure.
  • Part 400 is to perform a procedure (see Figure 3) to collect both the public IP address after the VPN bypass and before the bypass.
  • the agent uses a technique of temporarily changing the routing table (list defining network communication paths) of the user terminal 100. This causes the external Internet communication, which previously went out with the VPN driver, to be changed to the original network driver with the socket communication of FIG. 3 (430), and in this real-time multi-channel collection information transmission / reception unit 340 through this path.
  • the collected public IP is the original public IP before bypass.
  • the original public IP can be obtained by the following procedure.
  • the information gathering agent queries the registry containing OS setting information of the user terminal 100 to determine whether the proxy setting is made in the browser. In this case, if the proxy setting is made, the original public IP may be obtained from the real-time multichannel collection information transmission / reception unit 400 using the A channel 190 communication.
  • HKEY_LOCAL_MACHINE ⁇ SYSTEM ⁇ CurrentControlSet ⁇ Control ⁇ Terminal Server ⁇ Wds ⁇ rdpwd ⁇ Tds ⁇ tcp
  • GetTcpTable function You can get status information of this port by using. If this port is open, you can see that you are connected remotely. Refer to the network interface card (NIC) part of the registry to determine whether the MAC has been modified and the original MAC address.
  • NIC network interface card
  • the system supporting real-time detection and blocking of illegal e-commerce transactions according to an embodiment of the present invention described above may be additionally installed and implemented in any structure such as a current web service structure or a client-server structure. .
  • the illegal transaction prevention server 300 obtains terminal specific information and various information about the user from the user terminal 100 and the e-commerce web server 200, respectively, and analyzes the same in the corresponding e-commerce web server 200. It allows you to take steps to detect and block according to the blocking policy you set.
  • an e-commerce service company may enhance an image as a company that can securely trade by providing a security service for e-commerce to individual customers by utilizing a real-time detection and blocking policy based on registered information.
  • Service forms that can be additionally provided to customers using one embodiment of the present invention include the following.
  • the first is “E-Commerce Dedicated PC Designation Service.”
  • the customer himself or herself is one or more of his / her own computer or his / her computer or portable computer.
  • the registered computer is identified by the MAC address, so the ability to obtain the original MAC address before the modulation is a prerequisite.
  • the second is the “Overseas IP Blocking Service”, which is a service that protects users from accessing overseas when they apply for use only in computers in Korea. This allows customers to block the access of foreign hackers.
  • FIG. 7 is a block diagram illustrating an example of a system configuration for providing a service of FIG. 5.
  • the registration / cancellation application step the e-commerce company provides the registration / cancellation screen, and the customer applies for or cancels the service himself and the result of the application / cancellation is stored in the company DB.
  • the transaction execution step the B channel (191) information sent from the user terminal 100 to the e-commerce server is a JSP module (a Java Server Page module that receives and processes information in the form of HTML Form) and the processing program of the company. It is delivered to the collection daemon via.
  • the collection daemon transmits both this information and the A channel 190 information received directly from the user terminal 100 to the analysis daemon, so that the analysis daemon can generate a flag to block.
  • the analysis daemon compares the collected original MAC address with a pre-registered MAC address (in the case of “E-Commerce Dedicated PC Designation Service”), or the collected original public IP is assigned to the domestic IP.
  • Determine flag in case of “Overseas IP Blocking Service” to determine whether to block and set Flag in memory.
  • the blocking flag generated in this way is replicated in real time to the e-commerce web server 200 by the synchronization daemon in the e-commerce web server to maintain the blocking flag information in the memory in the e-commerce web server, and important transactions (login, account transfer, etc.) of the company.
  • the processing program can refer to this flag information and take immediate blocking action if necessary.
  • FIG. 8 is a block diagram schematically illustrating a system capable of detecting and blocking illegal transactions of electronic commerce according to a second embodiment of the present invention.
  • the illegal e-commerce blocking system includes a user terminal 100, an e-commerce web server 200, and an illegal transaction prevention server 300.
  • Access to the prevention server 300 may collect the authorized access information.
  • the public access information is the public IP address of the user terminal 100, and may be obtained by the illegal transaction prevention server 300 regardless of whether the detour connection through the proxy server and the VPN.
  • the information collecting agent may further obtain policy information from the illegal transaction prevention server 300 in addition to the authorized access information. Accordingly, the information collecting agent analyzes the corresponding policy information and delivers a blocking event to a dedicated application (or dedicated software) to block access to the e-commerce web server 200 in advance.
  • the information collecting agent of the user terminal 100 transmits the H data or the V data to the illegal transaction prevention server 300 as a delivery packet to the server through the first communication channel, and the illegal transaction prevention server transmits the delivery packet (
  • the public access information may be transmitted to the information gathering agent in response to the H data or V data).
  • the information collection agent does not transmit the forwarded packet to the illegal transaction prevention server 300 through the VPN virtual Ethernet, but the illegal transaction prevention server 300 through the actual Ethernet. Send packets forwarded to the network. Accordingly, the illegal transaction prevention server 300 may obtain authorized access information of the actual user terminal 100 even if the user terminal 100 uses a VPN.
  • the illegal transaction prevention server 300 further includes an IP module 360 for transmitting authorized access information, as shown in FIG. 8.
  • the IP module 360 receives the H data or the V data from the information collecting agent driven by the user terminal 100, the IP module 360 transmits the public access information (NAT IP address) of the user terminal 100 in response thereto. To perform.
  • NAT IP address public access information
  • the public access information refers to an IP address obtained through socket communication. That is, in general, the IP address obtained through the web communication may be different from the IP address of the actual user terminal 100 according to the proxy server or VPN setting. Accordingly, the information gathering agent according to an embodiment of the present invention is driven when a dedicated application is run for the use of a specific service by the user through the e-commerce web server 200, so that the first communication before the actual service is provided.
  • the information gathering agent may deliver the blocking event to the dedicated application according to the policy information, and the dedicated application may determine whether to block the service according to the input of the blocking event.
  • the user can determine whether to block before receiving the actual important service from the actual e-commerce web server 200, significantly reducing the waiting time, and has the advantage of preventing the user from damage due to illegal transactions in advance. have.
  • the electronic commerce together with the collected information collected for the user terminal 100 including the same. It may be transmitted to the web server 200.
  • the collected information for example, information of the user terminal 100 (CPU, network interface, MAC, IP, Hard Disk, Keyboard, OS information, browser information, security software installation and operation, etc.) and electronic commerce It may be at least one of account information (login ID) obtained through the web server 200, whether the login is successful, or the URL accessed.
  • the information collecting agent of the user terminal 100 may transmit the authorized access information and the collected information obtained through the second communication channel to the e-commerce web server 200.
  • the first communication channel may be a socket communication channel
  • the second communication channel may be a packet communication channel.
  • the first communication channel and the second communication channel can communicate according to asynchronous data communication.
  • the e-commerce web server 200 may transmit the collected information and the authorized access information collected from the user terminal 100 to the illegal transaction prevention server 300, which will later be determined in the policy determination of the user terminal 100. May be used.
  • a method of blocking illegal transactions in an electronic commerce illegal transaction blocking system including an e-commerce web server and an illegal transaction prevention server may be performed through various electronically processed means. It can be implemented in the form of instructions and written to a storage medium.
  • the storage medium may include program instructions, data files, data structures, etc. alone or in combination.
  • the program instructions recorded in the storage medium may be those specially designed and constructed for the present invention, or may be known and available to those skilled in the software art.
  • Examples of storage media include magnetic media such as hard disks, floppy disks and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic-optical media such as floppy disks.
  • hardware devices specifically configured to store and execute program instructions such as magneto-optical media and ROM, RAM, flash memory, and the like.
  • the above-described medium may be a transmission medium such as an optical or metal wire, a waveguide, or the like including a carrier wave for transmitting a signal specifying a program command, a data structure, and the like.
  • Examples of program instructions include not only machine code generated by a compiler, but also devices that process information electronically using an interpreter, for example, high-level language code that can be executed by a computer.
  • the hardware device described above may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Economics (AREA)
  • Development Economics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de prévention de transactions illégales dans un système de commerce électronique illégal pour empêcher des transactions illégales dans un commerce électronique comprenant un serveur Internet de commerce électronique et un serveur de prévention de transactions illégales, lequel procédé comprend les étapes consistant à : commander un agent de collecte d'informations lorsqu'un terminal utilisateur exécute une application dédiée à l'aide d'un service fourni à partir du serveur Internet de commerce électronique; connecter l'agent de collecte d'informations à un serveur de prévention de transactions illégales par l'intermédiaire d'un premier canal de communication pour acquérir des informations de connexion sous licence et/ou des informations de politique, et transférer un évènement de blocage à l'application dédiée selon les informations de politique correspondantes pour déterminer si le service est ou non bloqué à l'aide du serveur Internet de commerce électronique; et transmettre les informations collectées et les informations de connexion dédiées pour le terminal utilisateur par l'intermédiaire d'un second canal de communication au serveur Internet de commerce électronique de façon à transmettre les informations collectées et les informations de connexion dédiées pour le terminal utilisateur.
PCT/KR2011/005613 2011-07-29 2011-07-29 Procédé de détection et de prévention de transactions illégales dans un commerce électronique et système associé Ceased WO2013018940A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011800012817A CN103080961A (zh) 2011-07-29 2011-07-29 电子商务非法交易的探测以及遮断方法和系统

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2011-0075782 2011-07-29
KR1020110075782A KR101288103B1 (ko) 2011-07-29 2011-07-29 전자상거래 불법 거래 탐지 및 차단 방법과 시스템

Publications (1)

Publication Number Publication Date
WO2013018940A1 true WO2013018940A1 (fr) 2013-02-07

Family

ID=47629443

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2011/005613 Ceased WO2013018940A1 (fr) 2011-07-29 2011-07-29 Procédé de détection et de prévention de transactions illégales dans un commerce électronique et système associé

Country Status (3)

Country Link
KR (1) KR101288103B1 (fr)
CN (1) CN103080961A (fr)
WO (1) WO2013018940A1 (fr)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101968904B1 (ko) * 2017-12-26 2019-04-15 아주대학교 산학협력단 금융 네트워크 정보의 역추적 시스템 및 방법

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020096690A (ko) * 2001-06-21 2002-12-31 (주) 필통 원천보안기술을 이용한 소프트웨어나 컨텐츠 또는 정보의불법이용 방지 시스템 및 방법
KR20060069025A (ko) * 2004-12-17 2006-06-21 (주)한국증권선물거래소 금융 상품 불공정 거래 모니터링 시스템 및 그 방법
KR20070026331A (ko) * 2003-11-11 2007-03-08 사이트릭스 게이트웨이즈, 아이엔씨. 패킷이 필터링되어 있는 것 이외의 네트워크 프로토콜레이어에서 가상 사설망을 형성하기 위해 보안 통신 링크를설정하기 위한 시스템, 장치 및 방법
KR20110060847A (ko) * 2009-11-30 2011-06-08 정철우 전자상거래 불법 침입 감시 및 차단 방법과 시스템

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1206595C (zh) * 2001-02-28 2005-06-15 黎明网络有限公司 电子商务信息安全处理系统及其方法
CN100592265C (zh) * 2003-11-11 2010-02-24 塞特里克斯网关公司 路由分组通信量来确保通信安全的方法、系统和计算机系统
CN101483594A (zh) * 2009-02-11 2009-07-15 成都市华为赛门铁克科技有限公司 一种基于虚拟专用网隧道的报文发送方法及客户端

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20020096690A (ko) * 2001-06-21 2002-12-31 (주) 필통 원천보안기술을 이용한 소프트웨어나 컨텐츠 또는 정보의불법이용 방지 시스템 및 방법
KR20070026331A (ko) * 2003-11-11 2007-03-08 사이트릭스 게이트웨이즈, 아이엔씨. 패킷이 필터링되어 있는 것 이외의 네트워크 프로토콜레이어에서 가상 사설망을 형성하기 위해 보안 통신 링크를설정하기 위한 시스템, 장치 및 방법
KR20060069025A (ko) * 2004-12-17 2006-06-21 (주)한국증권선물거래소 금융 상품 불공정 거래 모니터링 시스템 및 그 방법
KR20110060847A (ko) * 2009-11-30 2011-06-08 정철우 전자상거래 불법 침입 감시 및 차단 방법과 시스템

Also Published As

Publication number Publication date
CN103080961A (zh) 2013-05-01
KR20130013877A (ko) 2013-02-06
KR101288103B1 (ko) 2013-08-23

Similar Documents

Publication Publication Date Title
WO2021060853A1 (fr) Système de contrôle d'accès au réseau et procédé associé
US8595835B2 (en) System to enable detecting attacks within encrypted traffic
WO2017171188A1 (fr) Dispositif de sécurité utilisant des informations de transaction recueillies à partir d'un serveur d'application web ou d'un serveur web
WO2015194829A2 (fr) Procédé de détection d'un certain nombre de dispositifs sélectionnés parmi une pluralité de terminaux clients dans un réseau privé à l'aide du même ip public par un serveur web doté d'un nom de domaine non spécifié supplémentaire à partir d'un trafic de demandes d'accès à l'internet du terminal client faisant une demande d'accès à l'internet, et système de détection sélective pour un dispositif dans un état dans lequel un ip public est partagé
CN111314381A (zh) 安全隔离网关
CN111756718B (zh) 终端及访问方法、系统、服务器和计算机可读存储介质
KR101088084B1 (ko) 전자상거래 불법 침입 감시 및 차단 방법과 시스템
WO2021060859A1 (fr) Système d'authentification et de contrôle d'accès au réseau d'un terminal, et procédé associé
WO2015105222A1 (fr) Système de prévention de piratage pour terminal mobile et procédé associé
KR101040543B1 (ko) 에스에스에이취 통신환경의 암호화된 데이터 탐지시스템과 탐지방법
WO2019045367A1 (fr) Procédé de chiffrement et de déchiffrement de données dans un environnement de réseau en nuage
JP3495030B2 (ja) 不正侵入データ対策処理装置、不正侵入データ対策処理方法及び不正侵入データ対策処理システム
WO2018056582A1 (fr) Procédé d'inspection de paquet à l'aide d'une communication ssl
JP7661440B2 (ja) 情報処理装置、情報処理方法および情報処理プログラム
WO2013018940A1 (fr) Procédé de détection et de prévention de transactions illégales dans un commerce électronique et système associé
US20030196082A1 (en) Security management system
WO2016200232A1 (fr) Système et procédé destinés à un serveur à distance en cas de défaillance d'un serveur de rétablissement
WO2015190692A1 (fr) Procédé de blocage d'accès à internet à l'aide d'un programme d'agent
WO2019045424A1 (fr) Procédé de déchiffrement de couche de prise de sécurité destinée à la sécurité
WO2021107493A1 (fr) Système de surveillance d'image ayant une capacité de configuration d'environnement d'utilisation de caméra à sécurité renforcée
WO2021225329A1 (fr) Procédé et système pour détecter la falsification d'une application mobile en utilisant un identifiant d'utilisateur et une collecte de signature
WO2021107492A1 (fr) Système de vidéosurveillance
WO2020005047A1 (fr) Procédé de re-signature numérique pour prendre en charge divers algorithmes de signature numérique dans un appareil de déchiffrement de couche de sockets sécurisée
WO2024185164A1 (fr) Dispositif de traitement d'informations, procédé de traitement d'informations et programme de traitement d'informations
WO2019231057A1 (fr) Système et procédé de détection et de blocage d'une attaque web

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201180001281.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11870251

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC, DATED 27.05.14

122 Ep: pct application non-entry in european phase

Ref document number: 11870251

Country of ref document: EP

Kind code of ref document: A1