Secure payment protection procedure and corresponding electronic device
Patent Information
- Authority / Receiving Office
- DE · DE
- Patent Type
- Patents
- Current Assignee / Owner
- LENOVO (BEIJING) LTD
- Filing Date
- 2017-06-14
- Publication Date
- 2026-06-11
Smart Images
Figure 00000000_0000_ABST
Abstract
Description
TECHNICAL AREA
[0001] The present disclosure relates generally to the field of secure payment transactions and in particular to a secure payment protection procedure and a corresponding electronic device. BACKGROUND
[0002] Currently, more and more people are using electronic devices, such as mobile phones running the Android operating system, to make payments. For example, people use WeChat Pay™, Alipay™, and other methods to make payments. Conventional payment methods offer users convenience but also pose a security risk. To ensure mobile phone security, a conventional solution requires the user to install a security application and uses this application to perform regular antivirus scans. However, in conventional technology, a security application installed on an electronic device like a mobile phone is often unable to monitor the device's security status in real time, making it difficult to monitor the device's security during a payment transaction.This means that conventional methods cannot guarantee the security of the mobile phone during a payment process.
[0003] US patent 2017 / 0 032 136 A1 discloses an automatic search query completion in a multi-tenant architecture. US patent 2017 / 0 032 362 A1 discloses a method for registering a payment card in a mobile wallet app, which includes receiving a request from a user on a mobile device to register a financial account in a mobile wallet application installed on the mobile device, sending a registration request to a wallet server, wherein the registration request contains an identification string uniquely associated with the mobile device, receiving a payment token associated with the financial account from the wallet server, and notifying the user that the financial account has been registered in the mobile wallet application after receiving the payment token. SUMMARY
[0004] The object of the present invention is to improve the protection of an electronic device in a payment state against malicious attacks.
[0005] This problem is solved by the subject matter of main claim 1 and dependent claims 8 and 9, which define the present invention.
[0006] Preferred embodiments of the present invention are the subject of the dependent claims.
[0007] One aspect of the disclosure provides a secure payment protection method according to claim 1.
[0008] Another aspect of the disclosure provides an electronic device according to claim 8.
[0009] Other aspects of the present disclosure can be understood by a person skilled in the art in light of the description, claims and drawings of the present disclosure. BRIEF DESCRIPTION OF THE DRAWINGS
[0010] The drawings described below show only some embodiments of the present disclosure and it is possible for a person skilled in the art to derive other drawings from these drawings without creative effort. Fig. Figure 1 shows a flowchart of an example of a secure payment protection procedure that is consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 2 shows a flowchart of another example of a secure payment protection procedure, consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 3 shows a flowchart of another example of a secure payment protection procedure, consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 4 shows a flowchart of another example of a secure payment protection procedure, which is consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 5 shows a structural diagram of an example of an electronic device that is consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 6 shows a structural diagram of another example of an electronic device that is consistent with the various disclosed embodiments of the present disclosure; Fig. Figure 7 shows a structural diagram of a processing module consistent with the various disclosed embodiments of the present disclosure; and Fig. Figure 8 shows a block diagram of an electronic device consistent with the various disclosed embodiments of the present disclosure. DETAILED DESCRIPTION
[0011] Embodiments consistent with the disclosure are described below with reference to the drawings. Where possible, the same reference numerals in all drawings refer to the same or similar parts. The described embodiments represent a subset, not all, of the embodiments disclosed herein. Based on the disclosed embodiments, other embodiments can be readily understood by a person skilled in the art without creative effort and fall within the scope of protection of this disclosure.
[0012] Implementations of the present disclosure provide a secure payment protection method. The disclosed method can be executed on an electronic device, such as a personal computer (PC), a laptop computer, a tablet computer, or a mobile phone. Fig. Figure 1 presents a flowchart of an example of a secure payment protection procedure 100 that is consistent with disclosure. As in Fig. As shown in Figure 1, the electronic device in S101 monitors an operating state of the electronic device. In S102, if it is determined that the electronic device is in a payment state, the electronic device will detect and determine whether it is in a secure environment. In this disclosure, "the electronic device is in a payment state" refers to a situation in which a user is using the electronic device to make a payment.
[0013] According to the disclosed method, the electronic device can determine whether it is in a payment state by monitoring its operating status. If the electronic device is in a payment state, it can detect and determine whether it is in a secure environment. This means that the electronic device can selectively obtain a security status for the environment when it is in a payment state. Thus, when using a payment application installed on the electronic device, the user can be informed about the security status of the environment in which the electronic device is located. This allows for the implementation of a system to ensure payment security and improves user experience.
[0014] Fig. Figure 2 presents a flowchart of another example of a secure payment protection procedure 200, which is consistent with the disclosure. The procedure 200 can be executed on a suitable electronic device, such as a PC, laptop computer, tablet computer, or mobile phone.
[0015] As in Fig. As shown in Figure 2, the electronic device at S201 monitors the operating state of the electronic device.
[0016] In some embodiments, monitoring the operating state of the electronic device includes monitoring the operation of the applications installed on the electronic device. If the electronic device monitors / detects a newly launched application and determines, through information such as application identification information, that the newly launched application is a payment application, it can be determined that the electronic device is in a payment state.
[0017] In S202, the electronic device detects and determines, when it is determined that the electronic device is in a payment state, whether the electronic device is in a secure environment.
[0018] In some embodiments, determining whether the electronic device is in a secure environment may include detecting and determining whether the electronic device's operating system platform, the payment application corresponding to the payment state, and / or the network to which the electronic device is connected are secure. If one or more of the electronic device's operating system platform, the payment application corresponding to the payment state, and the network to which the electronic device is connected are not secure, it may be determined that the electronic device is in an unsafe environment.
[0019] In some embodiments, if it is detected and determined that the electronic device is in an unsafe environment, the electronic device can issue an informational message indicating that it is in an unsafe environment. For example, a text message on the current display interface of the electronic device can indicate that the device is currently in an unsafe environment, or a risk warning symbol can be displayed at a preset location on the current display interface of the electronic device to inform the user that the electronic device is in an unsafe environment.
[0020] If it is monitored / determined that the electronic device is in a payment state, the electronic device may check any of the security conditions of the electronic device's operating system platform, the payment application (depending on the payment state), and the network to which the electronic device is connected. If any of the checked conditions are determined to be insecure, it may be determined that the electronic device is in an insecure environment.
[0021] In some embodiments, the electronic device can check the security condition of any two: the operating system platform of the electronic device, the payment application (according to the payment status), and the network to which the electronic device is connected. If either of the checked two is determined to be insecure, it can be determined that the electronic device is in an insecure environment. If both of the checked two are determined to be insecure, it can be determined that the electronic device is in an insecure environment, and the risk level may be relatively high.
[0022] In some embodiments, the electronic device can also check the security condition of all three: the electronic device's platform, the payment application (according to the payment status), and the network to which the electronic device is connected. If any one of these is determined to be insecure, it can be determined that the electronic device is in an insecure environment. If any two of these are determined to be insecure, it can be determined that the electronic device is in an insecure environment and the risk level may be relatively high. If all three are determined to be insecure, it can be determined that the electronic device is in an insecure environment and the risk level may be very high.
[0023] In some embodiments, if the security condition of two or three is monitored and determined by the platform of the electronic device, the payment application according to the payment status, and the network to which the electronic device is connected, the electronic device may include a risk level of the insecure environment in the informal notification used to indicate that the electronic device is currently in an insecure environment.
[0024] For example, in a scenario where the security conditions of the electronic device's platform, the payment application (according to the payment status), and the network to which the electronic device is connected are all monitored and determined, if only one of these is identified as insecure, the informational message issued by the electronic device may indicate that the device's environment has a low risk level. If two of these are identified as insecure, the informational message issued by the electronic device may indicate that the device's environment has a medium risk level. If three of these are identified as insecure, the informational message issued by the electronic device may indicate that the device's environment has a high risk level.
[0025] In some implementations, monitoring and determining whether the electronic device's operating system platform is secure may include monitoring and determining whether the electronic device has been rooted. If the electronic device has been rooted, it may be determined that the operating system platform is not secure. For example, if the electronic device has been rooted, it may indicate that a criminal / hacker has gained system administration privileges. This means the hacker can operate any file on the system. In this case, it is likely that the electronic device was controlled by the hacker, who may have access to any information on the electronic device.
[0026] In some embodiments, monitoring and determining whether the payment application is secure according to the payment state may include monitoring and determining whether the payment application's signature information has been forged and / or whether another process has been injected into the payment application. If the payment application's signature information has been forged and / or another process has been injected into the payment application, it may be determined that the electronic device is in an unsafe environment. If the application's signature information has been forged, this may indicate that the payment application was likely forged for an unsafe payment application. If another process has been injected into the application, the injected process may likely be a dangerous data interception process.
[0027] In some embodiments, monitoring and determining whether the network to which the electronic device is connected is secure may involve obtaining a destination network identifier of the network to which the electronic device is currently connected and determining whether the pre-stored secure network identifier includes the destination network identifier. If the pre-stored secure network identifiers do not include the destination network identifier, it may be determined that the network to which the electronic device is connected is insecure. For example, some public networks, such as free networks at train stations, have security risks. In some embodiments, secure networks may be pre-stored. The pre-stored secure networks may include, for example, the user's home network and the company network.If the current network is not a pre-existing secure network, it can be determined that the network to which the electronic device is connected is insecure.
[0028] In S203, the electronic device controls actions in a standard operating menu when the electronic device is in an unsafe environment.
[0029] For illustrative purposes, the term "standard" may be used in this disclosure to indicate that certain settings are determined by the manufacturer or the user. The terms "standard" and "preset" may be used interchangeably to indicate that certain settings exist prior to modification by an action described in an embodiment.
[0030] In various embodiments, the electronic device can control the actions in the standard operating menu when the electronic device is in a safe environment. Control via the actions in the standard operating menu should be subject to the actual applications and should not be limited by the embodiments of this disclosure.
[0031] In some embodiments, controlling actions in the standard operating menu may include, for example, prohibiting silent installations of an application, prohibiting data transfers to a third party unrelated to payment, prohibiting a write operation that writes standards to a standard location, prohibiting a read operation that reads standard data from a second standard location, disabling save and / or error correction operations by a Universal Serial Bus (USB), prohibiting copy operations of standard data, and / or prohibiting access to data by standard information preservation procedures.
[0032] In some implementations, controlling actions in the standard operating menu can be achieved, for example, by prohibiting the interception of standard data, the transmission of standard data, and the temporary storage and transmission of standard data. Since an application installed silently can intercept information such as a user's account number and password, such applications should be prohibited. Furthermore, prohibiting data transmission to a third party unrelated to a payment can prevent the transmission of standard data like account number and password while ensuring the payment process proceeds normally.
[0033] Considering that information such as account number and password can be temporarily stored and transmitted, the account number and / or password can, for example, be written to an SD card or copied to a clipboard before being sent, whereby temporary data storage and data transmission can be monitored. This means that the disclosed method can prohibit write operations that write standard data to a first standard location, prohibit data copying, and prohibit data transmission via standard transmission methods such as Bluetooth.
[0034] Data is often entered by the user, such as an account number and password, which is then recorded from a default location. To prevent data recorded at the default location from being intercepted / read and transmitted by the electronic device, the read operation that retrieves data from the second location can be disabled in some embodiments. Screen recording can be a method for obtaining information. For example, information entered by the user can be obtained by screen recording. To prevent data from being recorded by screen recording or other similar methods, operations for obtaining information through default information retention procedures can be disabled in some embodiments. Furthermore, charging facilities for devices may be provided in some public places, such as train stations, banks, and bus stops.An electronic device can be connected to a charger via a USB port for charging. However, a hacker could potentially obtain information through the USB connection. To prevent this, some designs allow data storage operations and / or bug fixes to be disabled via the USB ports.
[0035] If the electronic device is in the payment environment, the aforementioned prohibitions can be deactivated.
[0036] In various configurations, the user can also modify certain settings in the electronic device, allowing for flexible customization of actions within the operating menu. For example, the user can choose to disable or prohibit specific operations / actions. The electronic device can, for instance, perform one or more of the aforementioned operations to prevent potentially unsafe activities and data transmissions between the device and a third party. The user can also enable one or more of the aforementioned operations if they are confident that the enabled operations are safe.
[0037] In certain configurations, the user can also modify specific settings in the electronic device so that controlling the action in an operating menu can only be enabled manually. This allows the user to have complete control over the electronic device when a specific action needs to be monitored under potentially unsafe conditions. After modifying the settings in the electronic device, the user can, for example, disable the aforementioned automatic control of actions in the operating menu. Before making a payment using a payment application, the user can enable desired actions to ensure a secure transaction environment.If the user is convinced that the environment is secure, the user can also choose not to perform any of the preceding actions, so that the payment can be made without using extra resources in the electronic device, and the payment process cannot be disrupted.
[0038] According to the secure payment protection procedure, which is consistent with the disclosure, the electronic device can determine whether it is in a payment state by monitoring its operational status. If it is determined that the electronic device is in a payment state, it can detect and determine whether the electronic device is in a secure environment. If it is determined that it is in an unsafe environment, the electronic device can control the actions in the standard operating menu to eliminate any means a hacker could use to obtain critical data used for the payment state. Payment security can thus be ensured.This means that a method consistent with the embodiments of the present disclosure can selectively maintain the security condition of the environment when the electronic device is in a payment state and can prevent the hacker from obtaining important data used for the payment state. Payments can become more secure and user experience can be improved.
[0039] Fig. Figure 3 presents a flowchart of another example of a secure payment protection procedure 300 that is consistent with the disclosure. The procedure 300 can be executed on a suitable electronic device such as a PC, laptop computer, tablet computer, or mobile phone.
[0040] As in Fig. As shown in Figure 3, the electronic device at S301 monitors the operating state of the electronic device.
[0041] When S302 detects that the electronic device is in a payment state, it monitors and determines whether the electronic device is in a secure environment.
[0042] Monitoring and determining whether the electronic device is in a secure environment when the electronic device detects that it is in a payment state is carried out similarly to the embodiments described above, which is why a detailed description thereof is omitted.
[0043] If S303 detects that the electronic device is in an unsafe environment, and if the electronic device detects that a trigger command to input initial information is being received, the electronic device will input the initial information according to a standard information input procedure.
[0044] The information input procedure can comprise a first input procedure and a second input procedure. The first input procedure and the second input procedure can be different from each other.
[0045] If it is detected that the electronic device is in a secure environment, and if the electronic device detects that it is receiving a trigger command to enter the first piece of information, the electronic device can also enter the first piece of information according to the standard information entry procedure. In some embodiments, the first piece of information may be the user's account number and / or password to log in to the payment application.
[0046] In some embodiments, the input of the first piece of information according to the standard information input procedure can be implemented in various ways. In one example, the electronic device can first receive a portion of the first piece of information from the pre-stored first piece of information and input this portion as the first piece of information. The electronic device can then input the remaining portion of the first piece of information to be entered by the user. In another example, the electronic device can first receive a portion of the first piece of information entered by the user and then retrieve the remaining portion of the first piece of information from the pre-stored first piece of information. The electronic device can then input both the first piece of information received from the user and the pre-stored first piece of information.
[0047] In some embodiments, the first input method may involve the user entering part of the password into the password input box, and the second input method may involve the electronic device entering another part of the password into the password input box, or vice versa.
[0048] For example, when the user enters the password, the electronic device can first automatically enter part of the password into the password entry box and then receive the remaining part of the password from the user typing it in. Alternatively, the electronic device can first receive part of the password entered by the user and then automatically enter the remaining part of the password into the password entry box.
[0049] Assuming the password is 123acgdf68, in one example the electronic device can enter 123ac into the password input box, and the user can then type gdf68 into the password input box. In another example, the user can type 123ac into the password input box, and the electronic device can then automatically enter gdf68 into the password input box. In yet another example, the electronic device can first enter 123 into the password input box, the user can then type acgd into the password input box, and the electronic device can then enter f68 into the password input box.
[0050] In various embodiments, the user and the electronic device can each enter part of the first piece of information more than once. This means that the first input method and the second input method can be used more than once to enter the first piece of information. The specific number of inputs and the order in which the user and the electronic device enter part of the first piece of information can be determined according to different designs and current applications and should not be limited by the embodiment of the present disclosure.
[0051] In conventional technology, passwords are often manually typed by the user. If the manually typed information is intercepted, the complete password can be obtained. In accordance with embodiments of the present disclosure, two different information input methods can be used to enter important data, such as a password for the payment process, making it more difficult for a hacker to obtain the information. For example, a hacker can intercept the part or parts of the password typed by the user but cannot obtain the part or parts of the password automatically entered by the electronic device.
[0052] The secure payment protection procedure provided by this disclosure can selectively maintain the environment's security status when the electronic device is in a payment state. If it is determined that the device is in an unsafe environment, it can use two different input methods to enter information. Thus, in one aspect, the disclosed secure payment protection procedure can detect the environment's security status when the electronic device is in a payment state, allowing the user to maintain the device's current security status. In another aspect, the use of two different information input methods makes it more difficult for a hacker to obtain the information. Accordingly, user experience can be improved.
[0053] Fig. Section 4 provides a flowchart of another example of a secure payment protection procedure 400 that complies with the disclosure. The 400 procedure can be used on suitable electronic devices such as a PC, laptop computer, tablet computer, or mobile phone.
[0054] In S401, the electronic device monitors the operating status of the electronic device.
[0055] When S402 determines that the electronic device is in a payment state, the electronic device detects and determines whether it is in a secure environment.
[0056] If the electronic device is located in an unsafe environment according to S403, the electronic device controls actions using a preset or standard operating menu.
[0057] When the electronic device detects at S404 that a trigger command to input initial information is being received, the electronic device enters the initial information according to a standard information input procedure.
[0058] The information input procedure can comprise a first input procedure and a second input procedure. The first input procedure and the second input procedure can differ from each other.
[0059] Details regarding the use of process S402-S404 can be found in the description of the similar process in the embodiments described above and are not repeated here.
[0060] If it is detected that the electronic device is in a safe environment, the electronic device can control the actions in the standard operating menu and / or enter the initial information according to the standard information entry procedure.
[0061] The secure payment protection procedure provided by this disclosure can selectively maintain the environment's security status when the electronic device is in a payment state. If the electronic device is determined to be in an unsafe environment, it can utilize two different input methods for entering information. Thus, in one aspect, the disclosed secure payment protection procedure can utilize the environment's security check when the electronic device is in a payment state, allowing the user to maintain the device's current security status. In another aspect, by controlling the actions in the standard operating menu, potential avenues a hacker could use to obtain critical data used for the payment state can be eliminated. Payment security can be ensured.Another aspect is the use of two different input methods for entering information. This makes it more difficult for a hacker to obtain the information, and user experience can be improved.
[0062] In accordance with the disclosed secure payment protection procedure, the present disclosure also provides an electronic device. Fig. Figure 5 shows a structure diagram of an example of the electronic device 500. The electronic device 500 comprises a monitoring module 501 and a processing module 502.
[0063] The monitoring module 501 can monitor the operating status of the electronic device 500.
[0064] The processing module 502 can detect that the electronic device 500 is in a payment state and determine whether the electronic device 500 is in a secure environment.
[0065] In conventional technology, the security application installed on the electronic device is unable to monitor the device's security status in real time, causing difficulties in determining the device's security status when it is in a payment state. The present disclosure provides an electronic device that can determine whether the device is in a payment state by monitoring its operating state. If the device is in a payment state, the electronic device can detect and determine whether it is in a secure environment. This means that, according to the present disclosure, the electronic device can selectively obtain the environment's security status when the device is in a payment state.Thus, when a user employs a payment application, they can be informed about the security conditions of the environment in which their electronic device is located. This allows for proper arrangements to be made to ensure payment security and improves the user experience.
[0066] In some embodiments, the disclosed electronic device may further include a control module. Fig. Figure 6 shows a block diagram of an example of the electronic device 600, including a monitoring module 601, a processing module 602, and a control module 603. The monitoring module 601 and the processing module 602 can be similar to or identical to the monitoring module 501 and the processing module 502 of the electronic device 500 described in Figure 6. Fig. 5 is shown.
[0067] The 603 control module can control actions in a standard operating menu.
[0068] Furthermore, the control module can prohibit the silent installation of an application, prohibit data transfer to a third party independent of payment, prohibit a write operation that writes standard data to a first standard location, prohibit a read operation that reads standard data from a second standard location, prohibit save operations and / or program error correction via a Universal Serial Bus (USB), prohibit copy operations of standard data and / or prohibit access to data by information retrieval procedures.
[0069] Fig. Figure 7 provides a block diagram of a Processing Module 700. Processing Module 700 can be an example of Processing Module 501 or Processing Module 601, which were described above. As in Fig. As shown in Figure 7, the processing module 700 comprises a first processing sub-module 701, a second processing sub-module 702, and a third processing sub-module 703. In some embodiments, the processing module 700 also comprises a detection sub-module 704. In some other embodiments, the processing module 700 may comprise not all, but one or some of the sub-modules described above.
[0070] The first processing sub-module 701 can monitor and determine whether the operating system platform of the electronic device is secure.
[0071] The second processing sub-module 702 can monitor and determine whether the payment application is secure according to the payment state in which the electronic device is located.
[0072] The third processing sub-module 703 can monitor and determine whether the network to which the electronic device is connected is secure.
[0073] Determination submodule 704 can determine that the electronic device is in an unsafe environment if one or more of the operating system platform, the payment application and the network to which the electronic device is connected are identified as unsafe.
[0074] Furthermore, the first processing sub-module 701 can monitor and determine whether the electronic device has been rooted, and can determine that the operating system platform is unreliable if the electronic device has been rooted.
[0075] Furthermore, the second sub-processing module 702 can monitor and determine whether the payment application's signature information has been forged and / or whether another process has been injected into the payment application. If the payment application's signature information has been forged and / or another process has been injected into the payment application, the second sub-processing module 702 can determine that the electronic device is in an unsafe environment.
[0076] Furthermore, the third processing submodule 703 can obtain a destination network identifier of the network to which the electronic device is currently connected and determine whether any pre-stored secure network identifiers include the destination network identifier. If the pre-stored secure network identifiers do not include the destination network identifier, the third processing submodule 703 can determine that the network to which the electronic device is connected is not secure.
[0077] Referring again to Fig. 6, in some embodiments the electronic device 600 further comprises an input module 604.
[0078] The input module 604 can, upon detecting that a trigger command for initial information input is being received, input the initial information according to a standard information input procedure. The standard information input procedure can include a first input procedure and a second input procedure. The first and second input procedures can be different from each other.
[0079] Furthermore, the input module 604 can receive part of the initial information from the pre-stored initial information, input this part, and then receive the remaining part of the initial information to be entered by the user. Alternatively, the input module 604 can first receive part of the initial information to be entered by the user, then retrieve the remaining part of the initial information from the pre-stored initial information, and then input the initial information obtained from the user and the pre-stored initial information.
[0080] Fig. Figure 8 presents a block diagram of an electronic device 800 that conforms to the embodiments of the present disclosure. The components that are shown in Fig. As shown in Figure 8, the functions of the various modules in the electronic device 800 can be performed.
[0081] The electronic device 800 can comprise any suitably configured computer system. As in Fig. As shown in Figure 8, the electronic device 800 comprises a processor 802, a random access memory (RAM) 804, a read-only memory (ROM) 806, a memory 808, a display 810, an input / output interface 812, a database 814, and a communication interface 816. Other components may be added, and certain devices may be removed, without departing from the principles of the disclosed embodiments.
[0082] The 802 processor can comprise any suitable type of general-purpose microprocessor, digital signal processor, or microcontroller, and applications of application-specific integrated circuits (ASICs). The 802 processor can execute sequences of computer program instructions to perform various processes associated with the 800 electronic device, such as one of the secure payment protection procedures described above. The computer program instructions can be stored in a memory of the 800 electronic device, the memory comprising one or more of the 804 RAM, the 806 ROM, and the 808 memory. For example, the 802 processor can load the computer program instructions for execution from the 806 ROM or from the 808 memory into the 804 RAM.The 808 memory can be any suitable mass storage device provided to hold any type of information that the 808 processor needs to execute its processes. For example, the 808 memory can include one or more hard disk devices, optical disk devices, flash disks, or other storage devices to provide storage space.
[0083] The display 810 can provide information to the user or users of the electronic device 800. The display 810 can include any suitable type of computer display device or electronic device display (e.g., CRT- or LCD-based devices). The input / output interface 812 can be provided for users to input information into the electronic device 800 or for users to receive information from the electronic device 800. For example, the input / output interface 812 can include a suitable input device, such as a keyboard, mouse, electronic tablet, voice command device, touchscreen, or any other optical or wireless input device. Furthermore, the input / output interface 812 can receive from other external devices and / or send information to other external devices.
[0084] Furthermore, the database 814 can be any type of commercial or custom database and can also include analysis tools for analyzing the information in the database. The communication interface 816 can provide communication links so that the electronic device 800 can be accessed from remote systems and / or communicated with other systems via computer networks or other communication networks using various communication protocols, such as transmit control protocols / Internet protocols (TCP / IP), the Hypertext Transfer Protocol (HTTP), etc.
[0085] In one embodiment, the input / output interface 812 of the electronic device 800 can include or be connected to a touchpad / screen. The processor 802 can execute programs for periodically sampling the operating state of the electronic device 800 so that a trigger command for entering initial information or a password indicating that the user will make a payment via an application can be detected in a timely manner. In response to the detection of the trigger command, the processor 802 can determine that the electronic device is in a payment state and, by checking the security conditions of the operating system platform of the electronic device 800, the payment application according to the payment state, and the network to which the electronic device 800 is connected, can determine whether the electronic device is in a secure environment.The safety conditions of these elements can be checked by scanning the operating state of the electronic device 800. The processor 802 can receive data relating to the safety conditions and can determine whether the electronic device 800 is in an unsafe environment, and can control or prohibit certain actions in the standard operating menu.
[0086] Embodiments of the present disclosure are described in an advanced manner, each focusing on differences from the other embodiments, and similar parts between the different embodiments may be omitted from the description of some embodiments.
[0087] In the embodiments provided by this disclosure, it should be understood that the disclosed methods and devices may be implemented in other ways. For example, the embodiments of the device described above are merely illustrative. The scope of units / modules is only a logical functional area, and there are other ways to divide the units and modules into actual embodiments. For example, several units and components may be combined or integrated into another system, or some features may be omitted or not implemented. Furthermore, the coupling, direct coupling, or communication links shown or discussed may be indirect coupling or a communication link through some communication interfaces, through devices and / or units.The coupling, direct coupling, or communication link can be implemented electrically, mechanically, or in other suitable forms.
[0088] The units / modules / components described as separate may or may not exist physically separately. The units / modules / components shown as a unit may or may not be physical units; that is, they may be located in one place or may be distributed across a plurality of network elements. Some or all of the elements may be selected according to current needs to achieve the object of this disclosure. Additionally, in one embodiment of this disclosure, the functional units may be integrated into a processing unit, exist independently of one another, or two or more units may be integrated into a single unit.
[0089] The functions may be stored in a computer-readable storage medium if these functions are implemented in the form of functional units of the application and are sold or used as standalone products. Based on this understanding, the technical solution of the present disclosure may be incorporated, either substantially or as a part incorporating prior art, or as part of the technical solution, in the form of an application product stored in the storage medium. The technical solution may include several instructions to enable a computer device (which may be a personal computer, a server, or a network device, etc.) to perform all or part of the steps described in the various embodiments of the present disclosure.The aforementioned storage media can include a plurality of media capable of storing memory programs, such as a USB flash drive, a portable hard drive, a read-only memory (ROM), a random access memory (RAM), a magnetic disk, or an optical disk.
[0090] In the description of the embodiments, the terms “first”, “second”, and the like are used only to distinguish different objects from one another, and it is not intended to suggest or indicate that there are any differences in the functions or in the sequence.
[0091] The preceding description of the disclosed embodiments will enable a person skilled in the art to manufacture or use the device or method in accordance with the present disclosure. Various modifications of these embodiments are obvious to a person skilled in the art without departing from the spirit and scope of the disclosure. Accordingly, the disclosure is not limited to the embodiments shown herein, but corresponds to the broadest scope of protection consistent with the principles disclosed herein.
Claims
[1] Secure payment protection scheme, comprehensive: - Monitoring the operating status of an electronic device; - in response to a determination that the electronic device is in a payment state, determining whether the electronic device is in a secure environment; and - in response to a determination that the electronic device is in an unsafe environment, controlling an action in an operating menu of the electronic device, wherein controlling the action in the operating menu includes performing one or more of the following: - Prohibiting the silent installation of an application; - Prohibiting data transfer to a third party independent of the payment; - Prohibiting a write operation that writes default data to a first default location; - Prohibiting a read operation that reads the default data from a second default location; - Disabling memory operations and error correction via a Universal Serial Bus; - Prohibiting copying operations of standard data; and - Prohibiting access to information through a standard information gathering procedure. [2] Secure payment protection method according to claim 1, wherein includes determining whether the electronic device is in a secure environment: - Determine whether one or more are secure from an operating system platform of the electronic device, from a payment application according to the payment status, and from a network to which the electronic device is connected; and - in response to the determination that one or more of the operating system platform of the electronic device, the payment application according to the payment status and the network to which the electronic device is connected are not secure, determine that the electronic device is in an unsafe environment. [3] Secure payment protection procedure according to claim 2, wherein determining whether the operating system platform of the electronic device is secure: - Determine whether the electronic device has been rooted; and - in response to the finding that the electronic device has been rooted, determine that the operating system platform is insecure. [4] Secure payment protection method according to claim 2, wherein determining whether the payment application is secure according to the payment state includes: - Performing one or more tests to determine whether signature information of the payment application has been forged, and to determine whether another process has been injected into the payment application; and - in response to one or more determination results indicating that the signature information of the payment application has been forged, and determination results indicating that another process has been injected into the payment application, determine that the payment application is insecure. [5] Secure payment protection method according to claim 2, wherein determining whether the network to which the electronic device is connected comprises: - Obtaining a destination network identifier of the network to which the electronic device is connected; - Determine whether prestored secure network identifiers include the target network identifier; and - in response to the determination that the pre-stored secure network identifiers do not include the target network identifier, determine that the network to which the electronic device is connected is insecure. [6] Secure payment protection procedure according to claim 1, further comprising: - Receiving a trigger command to enter information; and - Input of the information according to an information input procedure, wherein the information input procedure comprises a first input procedure and a second input procedure that are different from each other. [7] Secure payment protection procedure according to claim 6, comprising the input of information according to the information input procedure: - Retrieving a portion of the information from the pre-stored information for input into the electronic device using either the first or the second method; and - Receiving another part of the information entered into the electronic device by a user, for input into the electronic device using another of the first and second methods. [8] Electronic device, comprising: - a processor; and - a memory coupled to the processor which stores instructions which, when executed by the processor, cause the processor to perform a method according to any one of claims 1 to 7. [9] Computer-readable storage medium which stores instructions which, when executed by a processor, cause the processor to execute a method according to any one of claims 1 to 7.