CN111385310A - Website background protection method - Google Patents

Website background protection method Download PDF

Info

Publication number
CN111385310A
CN111385310A CN202010217726.6A CN202010217726A CN111385310A CN 111385310 A CN111385310 A CN 111385310A CN 202010217726 A CN202010217726 A CN 202010217726A CN 111385310 A CN111385310 A CN 111385310A
Authority
CN
China
Prior art keywords
mobile phone
background
verification
phone number
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010217726.6A
Other languages
Chinese (zh)
Inventor
邱家海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Local Baoxin Media Technology Co ltd
Original Assignee
Shenzhen Local Baoxin Media Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Local Baoxin Media Technology Co ltd filed Critical Shenzhen Local Baoxin Media Technology Co ltd
Priority to CN202010217726.6A priority Critical patent/CN111385310A/en
Publication of CN111385310A publication Critical patent/CN111385310A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a website background protection method, relating to the technical field of information security; the problem that safety management is complex is solved; the method specifically comprises the following steps: a data storage step; a mobile phone verification webpage is arranged at a website background; after verification, the back-end program stores the mobile phone number encryption string, the timestamp and the Token to the cookies, wherein the Token is obtained by combining the mobile phone number, the timestamp and the key into a character string and then encrypting the character string by the MD 5. According to the invention, through the combination of the NginxWEB server plug-in and the mobile phone verification program, all unverified accesses are directly rejected in the WEB server plug-in, the authenticity of the identity of a registered user is ensured through the mobile phone verification program, the security is ensured by generating the encrypted Token, and the plug-in makes a release or rejection instruction for the user through judging the encrypted Token, so that the security of a website background is protected.

Description

Website background protection method
Technical Field
The invention relates to the technical field of information security, in particular to a website background protection method.
Background
With the popularization of information technology and networks, more and more enterprises and public institutions begin to adopt the form of publicizing websites to publicize enterprises, and more websites in the forms of B2C, C2C and the like begin to popularize with the rise of electronic commerce transaction modes, and the return benefit is quite objective, but at the same time, more and more illegal persons see the benefits, start to steal website programs and data information stored in websites in the modes of various attacks, sneak-in, planting trojan viruses and the like, cause more or less influence on users of various websites, such as that homepages are taken away by black events, staff jump away from development programs, database information and the like, most background programs of the websites verify the user identities by user names and passwords at present, are poor in safety, and do not play a protection role on the background programs, and hackers use URL scanning and password burst guess and solve user names, Social engineering and other means attack the background, and hackers are easy to invade due to the vulnerability of the background application program.
Through retrieval, the chinese patent application No. CN201711333846.7 discloses a data protection system for e-commerce platform website, which includes a data storage unit, a security management unit, an authentication recovery unit, and a background server, where information of a user is stored in real time through a data cache unit, and the security management unit encrypts the stored information, and the user can recover data through the authentication recovery unit when needing to extract and recover data. When the user identity authentication is out of order, the alarm module can send out alarm information to prompt background workers to carry out safety management. The e-commerce platform website data protection system in the patent has the following defects: when the user identity authentication has a problem, the user needs to give an alarm to prompt background workers to carry out safety management, and the method is complex.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a website background protection method.
In order to achieve the purpose, the invention adopts the following technical scheme:
a website background protection method comprises the following steps:
s1: a data storage step;
s2: a mobile phone verification webpage is arranged at a website background;
s3: after the verification is passed, the back-end program stores the mobile phone number encryption string, the timestamp and the Token to the cookies, wherein the Token is obtained by combining the mobile phone number, the timestamp and the secret key into a character string and then encrypting the character string by the MD 5;
s4: the nginxWEB service plug-in program defaults to forbid anyone to access any background file, the plug-in program obtains COOKIES check time stamp and TOKEN, and the user can access the background program or the file only after the check is passed.
Preferably: in the step of storing data in S1, a forced storage policy is adopted according to various items of storage information set by the security management center and the security authentication tool.
Preferably: and the website background in the S2 sets a mobile phone verification webpage for the user to obtain the verification code through the mobile phone number, and then submits the mobile phone number and the verification code to a back-end program for verification.
Preferably: the method for setting the mobile phone verification webpage in the website background in the S2 comprises the following steps:
s11: all users who do not pass the mobile phone authentication can only access the mobile phone authentication page;
s12: and the user accesses the webpage to fill in the mobile phone number, receives the short message verification code and submits the short message verification code to a back-end program.
Preferably: the verification in S3 includes the following steps:
s21: judging whether the verification code is valid or not according to the mobile phone number and the short message verification code submitted by the user;
s22: if the mobile phone number encryption string is correct, the mobile phone number encryption string, the timestamp and the Token are stored in the cookies;
s23: the Token is obtained by combining a mobile phone number, a timestamp and a key into a character string and then encrypting the character string by MD 5;
s24: invalid, and if false, returning to the step S1.
Preferably: the access to the background program or the file can be realized only after the verification in the S4, and the method comprises the following steps:
s31: the nginxweb service plug-in program acquires the mobile phone number encryption string, the timestamp, the Token and the user IP address which are stored in COOKIES in the step S1;
s32: judging whether the IP address is in a white list, if so, entering a background login page and allowing to access a background URL or file;
s33: if the IP address is not in the white list, judging whether the verification timestamp is expired, if so, jumping to the step S1, and refusing to access the URL or the file of the background;
s34: if the timestamp is in the valid period, judging whether Token is correct, if so, jumping to the step S1, and refusing to access the URL or the file of the background; and if the URL is correct, entering a background login page, and allowing to access the URL or the file in the background.
Preferably: the security management center is arranged in the server and comprises the following steps:
s41: the website background program is accessed to a set network in a legal way, so that normal communication with the server is ensured;
s42: the anti-snooping encryption authentication unit sends verification information to a security management center or a security identity verification tool;
s43: if the user using the website daemon can pass the verification, the step S2 can be normally entered, and if the user cannot pass the verification, the next step cannot be entered;
s44: each operation performed by each user leaves the information of the operation of the user in the set network.
The invention has the beneficial effects that: the method comprises the steps that an NginxWEB server plug-in is combined with a mobile phone verification program, all unverified accesses are directly rejected in the WEB server plug-in, the authenticity of the identity of a registered user is ensured through the mobile phone verification program, an encrypted Token is generated, the safety is ensured, the plug-in makes a release or rejection instruction for the user through judging the encrypted Token, and the unverified user is rejected to access, scan, attack and invasion to a background, so that the safety of the website background is protected.
Drawings
FIG. 1 is a schematic view of a user mobile phone authentication procedure of a website background protection method according to the present invention;
fig. 2 is a schematic flow diagram of a nginx plug-in Token verification procedure of the method for website background protection according to the present invention.
Detailed Description
The technical solution of the present patent will be described in further detail with reference to the following embodiments.
Reference will now be made in detail to embodiments of the present patent, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are exemplary only for the purpose of explaining the present patent and are not to be construed as limiting the present patent.
In the description of this patent, it is to be understood that the terms "center," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," and the like are used in the orientations and positional relationships indicated in the drawings for the convenience of describing the patent and for the simplicity of description, and are not intended to indicate or imply that the referenced devices or elements must have a particular orientation, be constructed and operated in a particular orientation, and are not to be considered limiting of the patent.
In the description of this patent, it is noted that unless otherwise specifically stated or limited, the terms "mounted," "connected," and "disposed" are to be construed broadly and can include, for example, fixedly connected, disposed, detachably connected, disposed, or integrally connected and disposed. The specific meaning of the above terms in this patent may be understood by those of ordinary skill in the art as appropriate.
Example 1:
a method for protecting a website in the background, as shown in fig. 1 and fig. 2, includes the following steps:
s1: a data storage step;
s2: a mobile phone verification webpage is arranged at a website background;
s3: after verification, the back-end program stores the mobile phone number encryption string, the timestamp and the Token to the cookies, wherein the Token is obtained by combining the mobile phone number, the timestamp, the key and the like into a character string and then encrypting the character string by the MD 5;
s4: the nginxWEB service plug-in program defaults to forbid anyone to access any background file, the plug-in program obtains COOKIES check time stamp and TOKEN, and the user can access the background program or the file only after the check is passed.
And the website background in the S2 sets a mobile phone verification webpage for the user to obtain the verification code through the mobile phone number, and then submits the mobile phone number and the verification code to a back-end program for verification.
The method for setting the mobile phone verification webpage in the website background in the S2 comprises the following steps:
s11: all users who do not pass the mobile phone authentication can only access the mobile phone authentication page;
s12: and the user accesses the webpage to fill in the mobile phone number, receives the short message verification code and submits the short message verification code to a back-end program.
The verification in S3 includes the following steps:
s21: judging whether the verification code is valid or not according to the mobile phone number and the short message verification code submitted by the user;
s22: if the mobile phone number encryption string is correct, the mobile phone number encryption string, the timestamp and the Token are stored in the cookies;
s23: the Token is obtained by combining a mobile phone number, a timestamp, a key and the like into a character string and then encrypting the character string by MD 5;
s24: invalid, and if false, returning to the step S1.
The access to the background program or the file can be realized only after the verification in the S4, and the method comprises the following steps:
s31: the nginxweb service plug-in program acquires the mobile phone number encryption string, the timestamp, the Token and the user IP address which are stored in COOKIES in the step S1;
s32: judging whether the IP address is in a white list, if so, entering a background login page and allowing to access a background URL or file;
s33: if the IP address is not in the white list, judging whether the verification timestamp is expired, if so, jumping to the step S1, and refusing to access the URL or the file of the background;
s34: if the timestamp is in the valid period, judging whether Token is correct, if so, jumping to the step S1, and refusing to access the URL or the file of the background; and if the URL is correct, entering a background login page, and allowing to access the URL or the file in the background.
When the embodiment is used, through the combination of the NginxWEB server plug-in and the mobile phone verification program, all unverified accesses are directly rejected in the WEB server plug-in, the authenticity of the identity of a registered user is ensured through the mobile phone verification program, the security is ensured by generating the encrypted Token, and the plug-in makes a release or rejection instruction for the user through judging the encrypted Token.
Example 2:
a method for protecting a website in the background, as shown in fig. 1 and fig. 2, includes the following steps:
s1: a data storage step;
s2: a mobile phone verification webpage is arranged at a website background;
s3: after verification, the back-end program stores the mobile phone number encryption string, the timestamp and the Token to the cookies, wherein the Token is obtained by combining the mobile phone number, the timestamp, the key and the like into a character string and then encrypting the character string by the MD 5;
s4: the nginxWEB service plug-in program defaults to forbid anyone to access any background file, the plug-in program obtains COOKIES check time stamp and TOKEN, and the user can access the background program or the file only after the check is passed.
In the step of storing data in S1, a forced storage policy is adopted according to various items of storage information set by the security management center and the security authentication tool.
And the website background in the S2 sets a mobile phone verification webpage for the user to obtain the verification code through the mobile phone number, and then submits the mobile phone number and the verification code to a back-end program for verification.
The method for setting the mobile phone verification webpage in the website background in the S2 comprises the following steps:
s11: all users who do not pass the mobile phone authentication can only access the mobile phone authentication page;
s12: and the user accesses the webpage to fill in the mobile phone number, receives the short message verification code and submits the short message verification code to a back-end program.
The verification in S3 includes the following steps:
s21: judging whether the verification code is valid or not according to the mobile phone number and the short message verification code submitted by the user;
s22: if the mobile phone number encryption string is correct, the mobile phone number encryption string, the timestamp and the Token are stored in the cookies;
s23: the Token is obtained by combining a mobile phone number, a timestamp, a key and the like into a character string and then encrypting the character string by MD 5;
s24: invalid, and if false, returning to the step S1.
The access to the background program or the file can be realized only after the verification in the S4, and the method comprises the following steps:
s31: the nginxweb service plug-in program acquires the mobile phone number encryption string, the timestamp, the Token and the user IP address which are stored in COOKIES in the step S1;
s32: judging whether the IP address is in a white list, if so, entering a background login page and allowing to access a background URL or file;
s33: if the IP address is not in the white list, judging whether the verification timestamp is expired, if so, jumping to the step S1, and refusing to access the URL or the file of the background;
s34: if the timestamp is in the valid period, judging whether Token is correct, if so, jumping to the step S1, and refusing to access the URL or the file of the background; and if the URL is correct, entering a background login page, and allowing to access the URL or the file in the background.
The security management center is arranged in the server and comprises the following steps:
s41: the website background program is accessed to a set network in a legal way, so that normal communication with the server is ensured;
s42: the anti-snooping encryption authentication unit sends verification information to a security management center or a security identity verification tool;
s43: if the user using the website daemon can pass the verification, the step S2 can be normally entered, and if the user cannot pass the verification, the next step cannot be entered;
s44: each operation performed by each user leaves the information of the operation of the user in the set network.
The above description is only for the preferred embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art should be considered to be within the technical scope of the present invention, and the technical solutions and the inventive concepts thereof according to the present invention should be equivalent or changed within the scope of the present invention.

Claims (7)

1. A website background protection method is characterized by comprising the following steps:
s1: a data storage step;
s2: a mobile phone verification webpage is arranged at a website background;
s3: after the verification is passed, the back-end program stores the mobile phone number encryption string, the timestamp and the Token to the cookies, wherein the Token is obtained by combining the mobile phone number, the timestamp and the secret key into a character string and then encrypting the character string by the MD 5;
s4: the nginxWEB service plug-in program defaults to forbid anyone to access any background file, the plug-in program obtains COOKIES check time stamp and TOKEN, and the user can access the background program or the file only after the check is passed.
2. The method for website background protection according to claim 1, wherein the step of storing data in S1 means to adopt a forced storage policy according to various storage information set by a security management center and a security authentication tool.
3. The method for website background protection according to claim 1, wherein in S2, the website background sets a mobile phone verification webpage for the user to obtain the verification code through the mobile phone number, and then submits the mobile phone number and the verification code to the backend program for verification.
4. The method for website background protection according to claim 3, wherein the step of setting a mobile phone verification webpage in the website background in S2 comprises the following steps:
s11: all users who do not pass the mobile phone authentication can only access the mobile phone authentication page;
s12: and the user accesses the webpage to fill in the mobile phone number, receives the short message verification code and submits the short message verification code to a back-end program.
5. The method for background protection of web sites as claimed in claim 1, wherein the verification in S3 includes the following steps:
s21: judging whether the verification code is valid or not according to the mobile phone number and the short message verification code submitted by the user;
s22: if the mobile phone number encryption string is correct, the mobile phone number encryption string, the timestamp and the Token are stored in the cookies;
s23: the Token is obtained by combining a mobile phone number, a timestamp and a key into a character string and then encrypting the character string by MD 5;
s24: invalid, and if false, returning to the step S1.
6. The method for website background protection according to claim 1, wherein the access to the background program or file after verification in S4 includes the following steps:
s31: the nginxweb service plug-in program acquires the mobile phone number encryption string, the timestamp, the Token and the user IP address which are stored in COOKIES in the step S1;
s32: judging whether the IP address is in a white list, if so, entering a background login page and allowing to access a background URL or file;
s33: if the IP address is not in the white list, judging whether the verification timestamp is expired, if so, jumping to the step S1, and refusing to access the URL or the file of the background;
s34: if the timestamp is in the valid period, judging whether Token is correct, if so, jumping to the step S1, and refusing to access the URL or the file of the background; and if the URL is correct, entering a background login page, and allowing to access the URL or the file in the background.
7. The method for website background protection according to claim 2, wherein the security management center is disposed in a server, and comprises the following steps:
s41: the website background program is accessed to a set network in a legal way, so that normal communication with the server is ensured;
s42: the anti-snooping encryption authentication unit sends verification information to a security management center or a security identity verification tool;
s43: if the user using the website daemon can pass the verification, the step S2 can be normally entered, and if the user cannot pass the verification, the next step cannot be entered;
s44: each operation performed by each user leaves the information of the operation of the user in the set network.
CN202010217726.6A 2020-03-25 2020-03-25 Website background protection method Pending CN111385310A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010217726.6A CN111385310A (en) 2020-03-25 2020-03-25 Website background protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010217726.6A CN111385310A (en) 2020-03-25 2020-03-25 Website background protection method

Publications (1)

Publication Number Publication Date
CN111385310A true CN111385310A (en) 2020-07-07

Family

ID=71215594

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010217726.6A Pending CN111385310A (en) 2020-03-25 2020-03-25 Website background protection method

Country Status (1)

Country Link
CN (1) CN111385310A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640525A (en) * 2022-03-21 2022-06-17 北京从云科技有限公司 Method, device and equipment for protecting DDoS attack for WEB service

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7478434B1 (en) * 2000-05-31 2009-01-13 International Business Machines Corporation Authentication and authorization protocol for secure web-based access to a protected resource
CN104883364A (en) * 2015-05-11 2015-09-02 广东小天才科技有限公司 Method and device for judging abnormity of user access server
US9294479B1 (en) * 2010-12-01 2016-03-22 Google Inc. Client-side authentication
CN106302414A (en) * 2016-08-04 2017-01-04 北京百度网讯科技有限公司 The anti-grasping means of web site contents and device
WO2017076214A1 (en) * 2015-11-05 2017-05-11 ***股份有限公司 A sms-based website login method and login system thereof
CN107483563A (en) * 2017-07-31 2017-12-15 九次方大数据信息集团有限公司 The data query method and apparatus and client and server of anti-reptile
CN108268780A (en) * 2016-12-30 2018-07-10 航天信息股份有限公司 A kind of method and device for being used to control system access
CN110691087A (en) * 2019-09-29 2020-01-14 北京搜狐新媒体信息技术有限公司 Access control method, device, server and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7478434B1 (en) * 2000-05-31 2009-01-13 International Business Machines Corporation Authentication and authorization protocol for secure web-based access to a protected resource
US9294479B1 (en) * 2010-12-01 2016-03-22 Google Inc. Client-side authentication
CN104883364A (en) * 2015-05-11 2015-09-02 广东小天才科技有限公司 Method and device for judging abnormity of user access server
WO2017076214A1 (en) * 2015-11-05 2017-05-11 ***股份有限公司 A sms-based website login method and login system thereof
CN106302414A (en) * 2016-08-04 2017-01-04 北京百度网讯科技有限公司 The anti-grasping means of web site contents and device
CN108268780A (en) * 2016-12-30 2018-07-10 航天信息股份有限公司 A kind of method and device for being used to control system access
CN107483563A (en) * 2017-07-31 2017-12-15 九次方大数据信息集团有限公司 The data query method and apparatus and client and server of anti-reptile
CN110691087A (en) * 2019-09-29 2020-01-14 北京搜狐新媒体信息技术有限公司 Access control method, device, server and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
刘世栋等: "基于Plug-in的WWW安全认证***研究", 《***工程与电子技术》 *
熊小军等: "APP后台用户安全登录验证解决方案的研究", 《电子世界》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114640525A (en) * 2022-03-21 2022-06-17 北京从云科技有限公司 Method, device and equipment for protecting DDoS attack for WEB service

Similar Documents

Publication Publication Date Title
Schrittwieser et al. Guess who is texting you? evaluating the security of smartphone messaging applications
US20190149536A1 (en) Secure authentication systems and methods
EP2314046B1 (en) Credential management system and method
US7908645B2 (en) System and method for fraud monitoring, detection, and tiered user authentication
US10484426B2 (en) Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity
EP2775417A1 (en) Computer implemented multi-factor authentication
CN101216867A (en) A logging-on process cipher protection method by means of background synchronization
CN105431843A (en) Network identity authentication using communication device identification code
CN107534668A (en) The method and system of transaction security
Amro Phishing techniques in mobile devices
US20090208020A1 (en) Methods for Protecting from Pharming and Spyware Using an Enhanced Password Manager
CN101667917A (en) Dynamic password input rule
CN101207483A (en) Bidirectional double factor authentication method
CN111385310A (en) Website background protection method
Pampori et al. Securely eradicating cellular dependency for e-banking applications
Manjula et al. Pre-authorization and post-authorization techniques for detecting and preventing the session hijacking
KR101321829B1 (en) Method and system for site visitor authentication
Certic The Future of Mobile Security
KR100566632B1 (en) User authentication apparatus and method using internet domain information
WO2012155818A1 (en) Method and device for protecting user information based on credible resource
TW201112720A (en) Method of communication device recognition code and dynamic code for network identification and telephone fraud certification
TWI609287B (en) Using communication device identification code and network operation password as methods for network authentication
TWI473507B (en) QR code interactive OTP password authentication method
KR20110019684A (en) Apparatus and method for creating otp using authentication method of client mac address
Zin et al. How to make online banking secure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20200707

RJ01 Rejection of invention patent application after publication