Method and device for preventing transaction detour attacks

A transactional and legal technology, applied in the field of transaction security, can solve problems such as insufficient anti-circumvention verification, and achieve the effects of convenient configuration and maintenance, protection security, and good identification

Inactive Publication Date: 2019-11-12
INDUSTRIAL AND COMMERCIAL BANK OF CHINA
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] This application provides a method and device for preventing transaction bypass attac

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for preventing transaction detour attacks
  • Method and device for preventing transaction detour attacks
  • Method and device for preventing transaction detour attacks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0041] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0042] In the prior art, the method of preventing transaction detours is mainly to record the status of the transaction process in the session and perform pre-verification. However, this method of pre-verification is highly complicated, and requires transaction developers to completely and accurately record the transaction status. And timely update or delete outdated and invalid state, it is easy to miss. Moreover, in this way, the tr...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention provides a method and device for preventing a transaction detour attack, and the method comprises the steps: configuring anti-detour configuration information according to all requests corresponding to a transaction, and the anti-detour configuration information comprises a request recognition mode and a request possibility combination flow; acquiring trail record information of thetransaction in real time; and comparing the trail record information of the transaction with the anti-detour configuration information, and processing according to a comparison result. According to the invention, the defect that the existing transaction security center is insufficient in anti-detour verification is overcome; the detour request can be intercepted and the service is refused, and thedetour attack in the transaction process can be identified and the service is refused to be provided under the conditions of transparent transaction development and low cost, so that the security ofenterprise application is ensured, and the method is more suitable for the current enterprise demand under the increasingly severe security environment.

Description

technical field [0001] The present application belongs to the field of transaction security, and in particular, relates to a method and device for preventing transaction bypass attacks. Background technique [0002] When a client involves multiple interactive requests with the enterprise application server during a transaction, transaction bypass is an attack method often used by attackers. For example, the original transaction process has three requests 1, 2, and 3, but the attacker is During the attack, request 1 can be made first, then request 2 can be bypassed, and simulated request 3 can be sent directly. The following is an illustration of a real case in which a transaction was bypassed in a production environment. In the pre-production customer transfer transaction, it was found that the funds in the card were transferred in two transfers by friends without the knowledge of the customer. After checking the log, it is found that in the normal payment process, the cust...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06Q20/38G06Q20/40
CPCG06Q20/382G06Q20/401G06Q20/407
Inventor 孙彦杰王凯朱道彬张洋
Owner INDUSTRIAL AND COMMERCIAL BANK OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap