323results about How to "Prevent malicious attacks" patented technology

The present invention relates to a system and a method for preventing an attack of a malicious program spread using a web technology comprising a malicious code distribution site detection server comprising a malicious code distribution site detector for detecting a malicious code distribution site, and a prevention message transmitter for transmitting a prevention message to a routing configuration server, wherein the prevention message includes an IP address of the malicious code distribution site detected by the malicious code distribution site detector; a plurality of routers including a virtual IP address; and the routing configuration server for advertising the IP address of the malicious code distribution site such that a routing path of a packet having the IP address of the malicious code distribution site as a target address or an starting address is guided to the virtual IP address according to an reception of the prevention message to block a connection to the malicious code distribution site.

The invention provides a chip of a consumable container, which comprises a storage module, a control module, an interface module and a data safety module. The storage module is used for storing initial data, printing data, control data and key data; the interface module is used for realizing data communication between the storage module and the control module; the data safety module is respectively connected with the interface module and the control module, and is used for identifying a type and a content of data communicated between a printer and the chip, encrypting matched data in a selected safe mode and decrypting the data; the control module is connected with the storage module and is used for controlling data communication between the chip and the printer and the access operation of the data of the storage module and external data and sending a corresponding control command to the chip according to a safety module processing result so as to realize data communication; and the same keys are stored in the printer and the chip. The invention also provides a data communication method for the chip, the consumable container with the chip structure, and imaging equipment with the consumable container. The safety of the communication data of the chip can be protected.

The invention discloses a method for implementation of a picture verification code. The method includes: acquiring current verification code parameters including user setup parameters and random parameters; determining the length and content of a character string of the verification code according to the random parameters, and acquiring a corresponding shape numerical matrix of each character in the character string of the verification code from a designated font object library according to font object library route parameters in the user setup parameters; converting each shape numerical matrix into a character picture of a corresponding character shape, and subjecting all character pictures to character special effect processing according to part of the verification code parameters to generate an initial verification code picture; filling the background of the initial verification code picture with a randomly selected background color; and subjecting the initial verification code picture with the background filled to anti-decoding processing according to difficulty parameters in the user setup parameters and picture special effect processing parameters in the random parameters, and then performing color change processing to generate a final verification code picture. The invention further discloses a device for implementation of the picture verification code.

The invention discloses a hostile attack preventing method and a network system. The method comprises the steps that a second server receives first data sent by client sides, wherein the first data are connection request data from all the client sides; the second server obtains a filter rule, wherein the filter rule comprises a request address list and a parameter rule; the second server filters the first data through the filter rule, and the first data meeting the filter rule are sent to a first server. The network system comprises at least one client side, the first server and the second server. For illegal requests with request parameter filtering not meeting the rule, error information is directly returned at the second server, the information does not directly enter the first server for parameter legalization verification, the load pressure of the first server can be reduced, and some hostile attacks are prevented.

The invention relates to the field of radio frequency secure communication and provides a radio frequency device, a radio frequency card reader corresponding to the radio frequency device, and a communication system and a radio frequency secure communication method which use the radio frequency device and the radio frequency card reader. The radio frequency device comprises a radio frequency receiving and transmitting module, a radio frequency antenna and a magnetic induction and receiving module; and the radio frequency card reader comprises a radio frequency receiving and transmitting module, a radio frequency antenna and a magnetic transmitting module. Two communication channels, namely a first low-speed unidirectional communication channel with a stable and controllable distance and asecond high-speed communication channel, with different characteristics are available between the radio frequency device and the radio frequency card reader, wherein the first communication channel is formed by communicating with a magnetic field and is used for transmitting a small data volume of information for identity authentication so as to prevent malicious interference and attack; the second communication channel is formed by using the radio frequency receiving and transmitting module and is used for finishing the identity authentication and a main transaction process; and through the system and the communication method, near field secure communication with a controllable distance can be realized better.

Methods and apparatus are provided for reliably delivering control messages to a central filter, for example, during a malicious attack, in one or more packet networks without requiring responses or acknowledgements from the central filter to the detector. A detector defends against unwanted traffic by a target victim by determining that unwanted traffic is received by the target victim based on an analysis of packets received from one or more source IP addresses; and transmitting a denunciation message to a central filter associated with a service provider, the denunciation message identifying a source address of at least one source computing device whose transmission of packets to the target victim is to be one or more of limited, dropped or allowed and wherein the denunciation message is transmitted using a Denunciation Protocol that does not require a prompt acknowledgement from the central filter. In addition, the denunciation messages can be sent redundantly to the central filter and are preferably self contained.

The invention provides a method and a system for detecting network security. The method comprises the following steps: carrying out security analysis and evaluation on a website including the leak, which is submitted by a user; determining the type and quantity of the leak according to the analysis and evaluation results; evaluating the website to determine the security level of the website according to the type and quantity of the leak; and repairing the leak according to the type of the leak. According to the method and the system for detecting the network security, the leak of the website and the security level of the website can be effectively analyzed, and the leak can be repaired online, thereby ensuring the security of the network and avoiding the intrusion of a hacker.

The invention discloses a method and device for preventing malicious attacks to an interface service. The method comprises the following steps: performing statistics to obtain the access times of an access end accessing the interface service within preset statistics time; comparing the access times with a preset limit threshold, and judging whether or not the access times exceed the preset limit threshold; and when the access times exceed the preset limit threshold, forbidding the interface service to serve for the access end. Through adoption of the method and device, the problem of failure in providing normal services for a user due to interface service paralysis caused by malicious attacks of malicious programs in a network to the interface service is solved. The beneficial effects of detecting the malicious attacks to the interface service and preventing the malicious programs in the network from making malicious attacks to the interface service are achieved.

The present invention relates to a file transfer method of a wireless network hard disk system. The wireless network hard disk system comprises a mobile terminal and a data memory server to realize communication with the mobile terminal through a mobile communication network. The file transfer method includes procedures below: A control channel is created between the mobile terminal and the data memory server. The mobile terminal sends a username and a password to the data memory sever to log in the data memory server. Moreover, the mobile terminal or the data memory server sends information of a preset file to a target end and then transfers the preset file in a position corresponding to break-point information returned by the target end. Based on the structure and procedures below, the present invention realizes a function of file transfer resuming at break-points, thus saving file download time, reducing occupied network resource and increasing network communication efficiency.

The present invention provides an authentication method, an authentication system, and an authentication device, which is in information security field. The method includes that a service side receives a username and a first value from a client side, searches a seed of a dynamic password token, and generates a first dynamic password according to the first value and the seed, converts the first dynamic password to the first authentication password and the second authentication password, and sends the first authentication password to the user; the dynamic password token generates a second dynamic password and sends the first authentication password to a user; the dynamic password token generates a second dynamic password and converts the second dynamic password to a third authentication password and a fourth authentication password; the user compares the first authentication password and the third authentication password to determine that they are identical, so as to confirm that the user is legal or the transaction is permissible. The invention prevents malicious attack and operation of illegal users, which improves the security of information and property of the users.

The application provides a security management method and system for an application programming interface. On a gateway server side, the method includes the following steps that: service logical interface information submitted by a publisher is received; an interface external access address which is published to the outside is generated according to a preset format on the basis of the IP address of the gateway server and a port number allocated to the publisher, an association relationship between the interface external access address and the service logic interface information is established;an interface call request sent by a subscriber is received; and a request token center authenticates the identity of the subscriber that sends the interface call request, if the identity of the subscriber passes the authentication, the interface call request is forwarded to a corresponding service logical interface according to the association relationship between the interface external access address and the service logical interface information, and the execution result of the service logic interface is returned to the subscriber. With the above technical schemes of the invention adopted, the problem that illegal access to service data through an API cannot be blocked in the prior art can be solved.

A method for communication of MIPv6 mobile nodes, comprising: the mobile node accesses network at access location and obtains care of address, calculating a privacy identifier PID using the care of address etc. the mobile node replaces its home address by the PID, and sends the PID and the care of address together as binding update message to the home agent and correspondent node, the home agent and correspondent node recover the home address for the mobile node using the PID after they have received the binding update message. The method for communication of MIPv6 mobile nodes according to the present invention uses that a configuring replaced identifier replacing the home address is sent, thereby hiding Ipv6 address. By setting PID and its algorithm, we improve the sequence number in the binding update messages enabling the sequence number has randomness, and prevent the intercepting person continue tracking the mobile node through the home address.

The present invention relates to a method and a device for filtering a novel custom Ethernet out-band data packet. The key of the method and the device is that a filter module is additionally arranged between the out-band management interface of the Ethernet switcher and the CPU to extract the keyword of the data packet, to filter the content of the relative data packet, and to operate the discarding or the flow control operation. The method and the device can provide one to seven layers of filtering to the Ethernet out- band data packet, to pre filters the layer 2 or layer 3 or layer 4 data packets used to be processed by the CPU, and the present invention can pre process the special protocol data packets such as an Ethernet broadcast packet, a multicast packet, other Ethernet management protocols, the IP and a high-level IP protocol data packet, an ICMP and an ARP, etc., therefore, the processing efficiency of the CPU is improved, and the overload operation caused by the protocol data packets flooding is avoided, thereby the reliability of the complete Ethernet switcher system is improved.

Described herein is a method and system for prevention of personal computing attacks, such as JavaScript Objection Notation (JSON) attacks. An intermediary device is deployed between a plurality of clients and servers. A firewall executes on the intermediary device. A client sends a request to the server and the server sends a response to the request. The intermediary device intercepts the response and identifies that the response may contain possibly harmful content. The application firewall parses the content of the response and determines whether it contains any harmful content. If it does, the application firewall blocks the response from being sent to its destination. Additionally, the method and system can provide other security checks, such as content hijacking protection and data validation.

The invention discloses a fusion identify protection system and a fusion identify protection method based on cloud computing and aims at realizing effective protection of network identity security through public cloud and private cloud architectures in a cloud computing environment. According to the fusion identify protection system and the fusion identify protection method based on the cloud computing, infinite existing and unknown strong identity authentication methods are fused together by use of a uniform standard interface based on the special distributed cluster management of the cloud computing, an authentication interface with a single portal is provided for a user and the user can select the authentication methods at different security levels according to own instant requirements. Besides, According to the fusion identify protection system and the fusion identify protection method based on the cloud computing, the biological recognition technology and the digital authentication technology are embedded in a security cloud terminal, and therefore, a cloud computing platform and the desk of a user client can be prevented from the invasion of an illegal control machine.

The embodiment of the invention discloses a method and an apparatus for connecting to a Wifi, and an electronic device. The method comprises the following steps: acquiring identifier information of a to-be-connected Wifi; inquiring whether the identifier information is stored in a pre-stored safe Wifi set, if the identifier information is not stored in the safe Wifi set, further performing security detection for the to-be-connected Wifi; and presenting result information of the security detection for users, thereby helping users to determine whether to connect to the to-be-connected Wifi. By application of the method, the apparatus and the electronic device, security of Wifi connection of the users can be improved.

The invention provides a method, a system and equipment for processing a message, wherein, the method includes that: receiving a media access control (MAC) address request message delivered by user equipment, and then querying about whether an ARP item which is identical with the MAC address and the IP address of the user carried by the MAC address request message exists or not, and if not, screening the message delivered by the user. In this way, after determining the user equipment delivering the MAC address request message is a non-authorized user, the method can be used to screen the MAC address request messages delivered by the user equipment to gateway equipment in a given period, preventing the gateway equipment from repeatedly implementing the message processing, enhancing the processing efficiency of the gateway equipment, and also preventing the malicious attacks from the non-authorized users.

The invention provides a mobile phone Bluetooth-based ambient intelligent computer protection device and a mobile phone Bluetooth-based ambient intelligent computer protection method. In the device and the method, a Bluetooth mobile phone serving as a user terminal is wirelessly connected with a Bluetooth interface module, and the Bluetooth interface module is connected with a computer by a serial interface. The computer is started by the hardware certification of mobile phone Bluetooth-Bluetooth interface module and user-system authentication. After the computer is started, a system realizesentire disk transparent encryption and decryption by adopting an encryption and decryption algorithm in an advanced encryption standard (AES)-XTS mode; the locking or unlocking of the system is realized by monitoring user behaviors in real time, so the data in a disk is protected. The device mainly comprises the Bluetooth interface module, a data storage module, a central processing unit (CPU) processing module and an algorithm module.