CN115203611A - Method and device for identifying illegal website, electronic equipment and storage medium - Google Patents

Method and device for identifying illegal website, electronic equipment and storage medium Download PDF

Info

Publication number
CN115203611A
CN115203611A CN202210822348.3A CN202210822348A CN115203611A CN 115203611 A CN115203611 A CN 115203611A CN 202210822348 A CN202210822348 A CN 202210822348A CN 115203611 A CN115203611 A CN 115203611A
Authority
CN
China
Prior art keywords
base station
terminal
website
distance value
operator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210822348.3A
Other languages
Chinese (zh)
Inventor
朱海识
张海阔
于爽
丁子钰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202210822348.3A priority Critical patent/CN115203611A/en
Publication of CN115203611A publication Critical patent/CN115203611A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/04Trading; Exchange, e.g. stocks, commodities, derivatives or currency exchange
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/12Detection or prevention of fraud
    • H04W12/121Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
    • H04W12/122Counter-measures against attacks; Protection against rogue devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/37Managing security policies for mobile devices or for controlling mobile applications

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Business, Economics & Management (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Economics (AREA)
  • General Business, Economics & Management (AREA)
  • Technology Law (AREA)
  • Strategic Management (AREA)
  • Marketing (AREA)
  • Development Economics (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention discloses an illegal website identification method and device, electronic equipment and a storage medium, and relates to the field of information security, wherein the identification method comprises the following steps: the method comprises the steps that under the condition that a client inputs account information through a target website, financial website information of account information login financial websites is obtained based on communication connection, under the condition that fund transaction is conducted through the financial websites, a safety authentication request is initiated, terminal information of a terminal sending or receiving a terminal verification code is obtained based on the communication connection, and under the condition that the login operator type is different from the terminal operator type and the coverage range between a base station indicated by login base station identification and a base station indicated by the terminal base station identification is not intersected, the target website is determined to be an illegal website. The invention solves the technical problems that the illegal website needs to be identified by an identification tool and the identification accuracy is low in the related technology.

Description

Method and device for identifying illegal website, electronic equipment and storage medium
Technical Field
The invention relates to the field of information security, in particular to an illegal website identification method and device, electronic equipment and a storage medium.
Background
Currently, illegal personnel often collect customer information through various illegal websites, and criminal activities are performed by using the collected customer information, so that the capital loss of customers is caused. In the related art, often, an illegal website (or an APP) is identified by tools such as enterprise controls, antivirus software, and a browser, and a client is prompted when the client logs in a suspected illegal website.
However, the current identification of illegal websites depends on the operation of clients at the client, and the success rate of judgment depends on the identification models of browsers, antivirus software and other tools, and has the following defects: (1) The identification of the illegal website cannot cover all illegal websites; (2) The existing tools such as browsers, antivirus software and the like are processed by different mechanisms, so that the accuracy rate of identifying illegal websites is low; (3) A client is required to install corresponding tools such as a browser and antivirus software, and if an identification tool is not installed, the tools cannot be identified; (4) For a mobile terminal (such as a mobile phone terminal), an APP (application) has no effective interception path temporarily.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the invention provides an illegal website identification method and device, electronic equipment and a storage medium, which are used for at least solving the technical problems that an identification tool is required to identify an illegal website in the related technology and the identification accuracy is low.
According to an aspect of the embodiments of the present invention, there is provided a method for identifying an illegal website, where a financial institution establishes a communication connection with each operator in advance, the method including: under the condition that a client inputs account information through a target website, acquiring financial website information of account information login financial websites based on the communication connection, wherein the financial websites are websites established by financial institutions, and the financial website information at least comprises: logging in the type of an operator and the identifier of a base station; initiating a security authentication request under the condition that fund transaction is carried out through the financial website, wherein the security authentication request is that terminal verification code authentication is carried out on the financial website; based on the communication connection, acquiring terminal information of a terminal which sends or receives the terminal verification code, wherein the terminal information at least comprises: a terminal operator type, a terminal base station identifier; and under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier does not have intersection, determining that the target website is an illegal website.
Optionally, the step of obtaining the financial website information of the account information logged in the financial website based on the communication connection includes: acquiring the operator type of the financial website access network; and selecting a target operator in an operator set indicated by the operator type to initiate a financial website information acquisition request through the communication connection based on the operator type, wherein the target operator returns the financial website information based on the financial website information acquisition request.
Optionally, after acquiring the terminal information of the terminal that sends or receives the terminal verification code based on the communication connection, the method further includes: under the condition that the login operator type is the same as the terminal operator type, judging whether the login base station identifier is the same as the terminal base station identifier; and under the condition that the login base station identification is the same as the terminal base station identification, determining the target website as the financial website, and executing the fund transaction.
Optionally, in a case that the login operator type is the same as the terminal operator type, after determining whether the login base station identifier is the same as the terminal base station identifier, the method further includes: under the condition that the login base station identification is different from the terminal base station identification, respectively acquiring a first radiation distance value of a first base station indicated by the login base station identification and a second radiation distance value of a second base station indicated by the terminal base station identification based on the communication connection; judging whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value; and under the condition that the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, determining that the target website is an illegal website.
Optionally, after determining whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, the method further includes: initiating a secondary authentication request under the condition that the distance value between the first base station and the second base station is smaller than or equal to the sum of the first radiation distance value and the second radiation distance value, wherein the secondary authentication request comprises at least one of the following: face recognition and fingerprint recognition; and executing the fund transaction under the condition that the secondary authentication request passes.
Optionally, after acquiring the terminal information of the terminal that sends or receives the terminal verification code based on the communication connection, the method further includes: under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier has an intersection, respectively communicating with the login operator and the terminal operator based on the communication connection; acquiring a first physical position and a third radiation distance value of a third base station indicated by a login base station identifier returned by the login operator, and acquiring a second physical position and a fourth radiation distance value of a fourth base station indicated by a terminal base station identifier returned by the terminal operator; based on the first physical position and the second physical position, judging whether a distance value between the third base station and the fourth base station is larger than the sum of the third radiation distance value and the fourth radiation distance value; determining that the target website is an illegal website under the condition that the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value; and initiating a secondary authentication request under the condition that the distance value between the third base station and the fourth base station is less than or equal to the sum of the third radiation distance value and the fourth radiation distance value.
Optionally, after determining that the target website is an illegal website, the method further includes: stopping execution of the funds transaction and initiating an early warning notification.
According to another aspect of the embodiments of the present invention, there is provided an apparatus for identifying an illegal website, in which a financial institution establishes a communication connection with each operator in advance, the apparatus including: the first acquisition unit is used for acquiring financial website information of account information login of a financial website based on the communication connection under the condition that a customer inputs account information through a target website, wherein the financial website is a website established by a financial institution, and the financial website information at least comprises: logging in the type of an operator and the identifier of a base station; the system comprises an initiating unit, a processing unit and a processing unit, wherein the initiating unit is used for initiating a security authentication request under the condition that fund transaction is carried out through the financial website, and the security authentication request is used for carrying out terminal verification code authentication on the financial website; a second obtaining unit, configured to obtain, based on the communication connection, terminal information of a terminal that sends or receives the terminal verification code, where the terminal information at least includes: a terminal operator type, a terminal base station identifier; and the determining unit is used for determining that the target website is an illegal website under the condition that the login operator type is different from the terminal operator type and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier does not have intersection.
Optionally, the first obtaining unit includes: the first acquisition module is used for acquiring the operator type of the financial website access network; and the first initiating module is used for selecting a target operator in an operator set indicated by the operator type to initiate a financial website information acquiring request through the communication connection based on the operator type, wherein the target operator returns the financial website information based on the financial website information acquiring request.
Optionally, the identification apparatus further comprises: a first determining module, configured to determine whether the identity of the logged-in base station is the same as the identity of the terminal base station when the type of the logged-in operator is the same as the type of the terminal operator after acquiring terminal information of a terminal that sends or receives the terminal authentication code based on the communication connection; and the first determining module is used for determining the target website as the financial website and executing the fund transaction under the condition that the login base station identifier is the same as the terminal base station identifier.
Optionally, the identification apparatus further comprises: a second obtaining module, configured to, after determining whether the identity of the logged-in base station is the same as the identity of the terminal base station under the condition that the type of the logged-in operator is the same as the type of the terminal operator, obtain, based on the communication connection, a first radiation distance value of a first base station indicated by the identity of the logged-in base station and a second radiation distance value of a second base station indicated by the identity of the terminal base station, respectively; a second determining module, configured to determine whether a distance value between the first base station and the second base station is greater than a sum of the first radiation distance value and the second radiation distance value; a second determining module, configured to determine that the target website is an illegal website when the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value.
Optionally, the identification apparatus further comprises: a second initiating module, configured to initiate a secondary authentication request when the distance value between the first base station and the second base station is smaller than or equal to the sum of the first radiation distance value and the second radiation distance value after determining whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, where the secondary authentication request includes at least one of: face recognition and fingerprint recognition; and the first execution module is used for executing the fund transaction under the condition that the secondary authentication request passes.
Optionally, the identification apparatus further comprises: a first communication module, configured to, after acquiring terminal information of a terminal that sends or receives the terminal authentication code based on the communication connection, communicate with a login operator and a terminal operator based on the communication connection, respectively, when the login operator type is different from the terminal operator type and a coverage area between a base station indicated by the login base station identifier and a base station indicated by the terminal base station identifier has an intersection; a third obtaining module, configured to obtain a first physical location and a third radiation distance value of a third base station indicated by a logged base station identifier returned by the logged operator, and obtain a second physical location and a fourth radiation distance value of a fourth base station indicated by a terminal base station identifier returned by the terminal operator; a third determining module, configured to determine whether a distance value between the third base station and the fourth base station is greater than a sum of the third radiation distance value and the fourth radiation distance value based on the first physical location and the second physical location; a third determining module, configured to determine that the target website is an illegal website when a distance value between the third base station and the fourth base station is greater than a sum of the third radiation distance value and the fourth radiation distance value; a third initiating module, configured to initiate a secondary authentication request when a distance value between the third base station and the fourth base station is less than or equal to a sum of the third radiation distance value and the fourth radiation distance value.
Optionally, the identification apparatus further comprises: and the fourth initiating module is used for stopping executing the fund transaction and initiating an early warning notice after the target website is determined to be an illegal website.
According to another aspect of the embodiments of the present invention, a computer-readable storage medium is further provided, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the above method for identifying an illegal website.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including one or more processors and a memory, where the memory is used for storing one or more programs, and when the one or more programs are executed by the one or more processors, the one or more processors are enabled to implement the method for identifying an illegal website.
In the disclosure, under the condition that a client inputs account information through a target website, financial website information of account information login financial websites is acquired based on communication connection, under the condition that fund transaction is carried out through the financial websites, a security authentication request is initiated, terminal information of a terminal sending or receiving a terminal verification code is acquired based on communication connection, and the target website is determined to be an illegal website under the conditions that the login operator type is different from the terminal operator type and the coverage range between a base station indicated by a login base station identifier and a base station indicated by a terminal base station identifier does not have intersection. In the application, the financial website information of the current customer logging in the financial website can be obtained through the communication connection established between the financial institution and each operator, the terminal information of the terminal sending or receiving the terminal verification code is sent or received, whether the target website is safe can be determined by comparing the financial website information with the terminal information, so that the safety authentication among enterprises is realized, the client can be effectively prevented from being illegally tampered, meanwhile, the identification of the illegal website is not dependent on tools such as controls and antivirus software, the identification accuracy is improved, and the technical problem that the identification of the illegal website needs to be identified by an identification tool in the related technology and the identification accuracy is low is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a flow chart of an alternative method of identifying illegitimate web sites in accordance with embodiments of the present invention;
FIG. 2 is a schematic diagram of an alternative illegal website identification apparatus according to an embodiment of the present invention;
fig. 3 is a block diagram of a hardware structure of an electronic device (or mobile device) for an illegal website recognition method according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions of the present invention better understood, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that the terms "first," "second," and the like in the description and claims of the present invention and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the invention described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
To facilitate understanding of the invention by those skilled in the art, some terms or nouns referred to in the embodiments of the invention are explained below:
a base station: the mobile device accesses an interface device of the internet.
Illegal website (phishing website): spoofing the user's false web site.
It should be noted that the method and apparatus for identifying an illegal website in the present disclosure can be used in the field of information security to identify an illegal website, and can also be used in any field other than the field of information security to identify an illegal website.
It should be noted that relevant information (including but not limited to user equipment information, user personal information, etc.) and data (including but not limited to data for presentation, analyzed data, etc.) referred to in the present disclosure are information and data that are authorized by the user or sufficiently authorized by various parties. For example, an interface is provided between the system and the relevant user or organization, before obtaining the relevant information, an obtaining request needs to be sent to the user or organization through the interface, and after receiving the consent information fed back by the user or organization, the relevant information is obtained.
The embodiments described below can be applied to various systems/applications/devices for identifying illegal websites. The invention provides a method for identifying illegal websites based on inter-enterprise communication of a communication operator, which can effectively identify whether the websites are illegal by performing inter-enterprise authentication on the communication operator and a financial institution (or other institutions), can effectively avoid illegal tampering of a client, and does not depend on tools such as controls, antivirus software and the like for identification operation.
The present invention will be described in detail with reference to examples.
Example one
In accordance with an embodiment of the present invention, there is provided an embodiment of a method for identifying illegitimate web sites, it being noted that the steps illustrated in the flowchart of the drawings may be performed in a computer system, such as a set of computer-executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than here.
Fig. 1 is a flowchart of an alternative illegal website identification method according to an embodiment of the present invention, and as shown in fig. 1, the method includes the following steps:
step S101, under the condition that a client inputs account information through a target website, acquiring financial website information of account information login financial websites based on communication connection, wherein the financial websites are websites established by financial institutions, and the financial website information at least comprises: login operator type and login base station identification.
Step S102, a security authentication request is initiated under the condition that fund transaction is carried out through a financial website, wherein the security authentication request is that terminal verification code authentication is carried out on the financial website.
Step S103, based on the communication connection, obtaining the terminal information of the terminal which sends or receives the terminal verification code, wherein the terminal information at least comprises: terminal operator type, terminal base station identity.
And step S104, determining the target website as an illegal website under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier is not intersected.
Through the steps, under the condition that a client inputs account information through a target website, financial website information of account information login financial websites is obtained based on communication connection, under the condition that fund transaction is carried out through the financial website, a safety authentication request is initiated, terminal information of a terminal sending or receiving a terminal verification code is obtained based on communication connection, and the target website is determined to be an illegal website under the conditions that the login operator type is different from the terminal operator type and the coverage range between a base station indicated by a login base station identifier and a base station indicated by a terminal base station identifier does not have intersection. In the embodiment of the invention, the financial website information of the current account information of the client logging in the financial website can be obtained through the communication connection established between the financial institution and each operator, the terminal information of the terminal sending or receiving the terminal verification code is sent or received, and whether the target website is safe or not can be determined by comparing the financial website information with the terminal information, so that the safety authentication among enterprises is realized, the client can be effectively prevented from being illegally tampered, meanwhile, the identification of the illegal website does not depend on tools such as controls, antivirus software and the like, the identification accuracy is favorably improved, and the technical problems that the identification tool is required to identify the illegal website in the related technology and the identification accuracy is low are solved.
The current process of stealing customer funds by illegal websites is as follows: (1) Making an illegal website or an illegal application APP (which can be called an illegal end for short) by an illegal person, and disguising the illegal end into a website or an application APP of a financial institution (or other institutions); (2) The illegal person guides the customer to click the illegal end link through a webpage, a short message and the like; (3) After a customer opens an illegal end link, an illegal person guides the customer to input contents such as an account number, a password and the like, customer information is extracted, and the customer thinks that the customer is logged in a financial institution website and is actually an illegal end; (4) The illegal person inputs customer information on a terminal of the illegal person, and actually the illegal person interacts with a financial institution website; (5) The illegal person transfers the client fund to the own account on the terminal of the illegal person, and at the moment, the client is guided to input the terminal verification code by security authentication; (6) The customer inputs the terminal verification code at the illegal terminal, and the illegal person interacts with the financial institution at the terminal of the illegal person through the illegal terminal verification code, so that the fund is transferred.
For the above process of stealing customer funds by an illegal website, the embodiment of the present invention can combine the following steps to describe in detail how to identify the illegal website.
At present, under normal conditions, a server of an illegal person is often registered overseas, and has a huge difference with a geographic position of a client, and meanwhile, the probability that the physical position of a device for the illegal person to log in a financial institution website (or an application APP) is close to the physical position of a client terminal is extremely low, so that the illegal website identification can be performed based on the above conditions.
In the embodiment of the present invention, the financial institution may establish a communication connection with each operator in advance.
Step S101, under the condition that a customer inputs account information through a target website, financial website information of account information login financial websites is obtained based on communication connection, wherein the financial websites are websites established by financial institutions, and the financial website information at least comprises: login operator type and login base station identification.
Optionally, the step of obtaining financial website information of the account information logging in the financial website based on the communication connection includes: acquiring the operator type of a financial website access network; and based on the operator type, selecting a target operator in the operator set indicated by the operator type through communication connection to initiate a financial website information acquisition request, wherein the target operator returns financial website information based on the financial website information acquisition request.
In the embodiment of the invention, after a customer inputs account information through a target website, the customer can log in the financial website through the account information, a financial institution can be connected with an operator through communication connection to record the financial website information of the financial website logged in by the account information of the customer, the financial website information is information such as login operator type and operator specific base station number (namely login base station identification) of communication information provided by the operator, specifically, the operator type of the financial website accessed to a network can be firstly obtained, the target operator in an operator set indicated by the operator type is selected to initiate a financial website information acquisition request through corresponding communication connection based on the operator type, and the financial website information of the financial website logged in the current account information can be returned by the target operator after receiving the financial website information acquisition request.
Step S102, a security authentication request is initiated under the condition that fund transaction is carried out through a financial website, wherein the security authentication request is that terminal verification code authentication is carried out on the financial website.
In the embodiment of the invention, if the financial website performs fund transaction after logging in the customer account through the account information, the financial website initiates a security authentication request, where the security authentication request is to perform terminal verification code authentication on the financial website, for example, the financial website sends a verification code to a terminal number bound to the current customer account, or the terminal bound to the current customer account sends a verification code displayed by the financial website to a specified number, and the like.
Step S103, based on the communication connection, obtaining the terminal information of the terminal which sends or receives the terminal verification code, wherein the terminal information at least comprises: a terminal operator type, a terminal base station identifier.
In the embodiment of the present invention, the financial institution may request the receiving information receipt (i.e. the terminal information of the terminal that sent or received the terminal verification code) from the operator through the downlink (or uplink) information (i.e. the financial website sends information to the bound terminal number or the bound terminal sends the verification code displayed by the financial website to the specified number), which may record the terminal operator type, the terminal base station identifier, etc. based on the communication connection.
Optionally, after acquiring the terminal information of the terminal that sends or receives the terminal verification code based on the communication connection, the method further includes: under the condition that the type of the login operator is the same as that of the terminal operator, judging whether the identity of the login base station is the same as that of the terminal base station; and under the condition that the login base station identification is the same as the terminal base station identification, determining that the target website is a financial website, and executing fund transaction.
In the embodiment of the invention, the operator (terminal operator type) which is possible to receive information by the customer is not consistent with the operator (login operator type) which logs in the financial website, so that whether the login operator type is the same as the terminal operator type can be distinguished, whether the login base station identifier is the same as the terminal base station identifier can be judged under the condition that the login operator type is the same as the terminal operator type, if the base station identifiers are the same, the customer is judged not to log in the non-illegal website to conduct transaction (namely, a target website is determined to be the financial website), the transaction is normal, and the fund transaction can be executed.
Optionally, under the condition that the type of the login operator is the same as the type of the terminal operator, after determining whether the identifier of the login base station is the same as the identifier of the terminal base station, the method further includes: under the condition that the login base station identification is different from the terminal base station identification, respectively acquiring a first radiation distance value of a first base station indicated by the login base station identification and a second radiation distance value of a second base station indicated by the terminal base station identification based on communication connection; judging whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value; and under the condition that the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, determining that the target website is an illegal website.
In the embodiment of the present invention, when the login base station identifier is different from the terminal base station identifier, the financial institution may interact with the corresponding operator based on the communication connection to determine whether the distance between the two base stations is greater than the sum of the radiation ranges of the two base stations, specifically, a first radiation distance value of a first base station indicated by the login base station identifier and a second radiation distance value of a second base station indicated by the terminal base station identifier may be obtained first, and then it is determined whether the distance between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, and if so, it is determined that the transaction is abnormal (i.e., it is determined that the target website is an illegal website and is not a financial website).
Optionally, after determining whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, the method further includes: initiating a secondary authentication request under the condition that the distance value between the first base station and the second base station is less than or equal to the sum of the first radiation distance value and the second radiation distance value, wherein the secondary authentication request comprises at least one of the following: face recognition and fingerprint recognition; and in the case that the secondary authentication request passes, executing the fund transaction.
In the embodiment of the present invention, when the distance value between the first base station and the second base station is less than or equal to the sum of the first radiation distance value and the second radiation distance value, it may be determined that the transaction is suspicious, and may initiate a secondary authentication request on the financial website, for example, may perform secondary authentication such as face recognition and fingerprint recognition, and may perform a distinguishing process according to specific situations, where no limitation is made herein, and may continue to perform the fund transaction when the secondary authentication request passes.
Optionally, after acquiring the terminal information of the terminal that sends or receives the terminal verification code based on the communication connection, the method further includes: under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier has intersection, respectively communicating with the login operator and the terminal operator based on communication connection; acquiring a first physical position and a third radiation distance value of a third base station indicated by a login base station identifier returned by a login operator, and acquiring a second physical position and a fourth radiation distance value of a fourth base station indicated by a terminal base station identifier returned by a terminal operator; judging whether the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value or not based on the first physical position and the second physical position; determining the target website as an illegal website under the condition that the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value; and initiating a secondary authentication request under the condition that the distance value between the third base station and the fourth base station is less than or equal to the sum of the third radiation distance value and the fourth radiation distance value.
In the embodiment of the present invention, if the type of the logged operator is different from the type of the terminal operator, but the coverage area between the base station indicated by the logged base station identifier and the base station indicated by the terminal base station identifier intersects, the financial institution may communicate with the logged operator and the terminal operator, respectively, based on the communication connection, to obtain the first physical location and the third radiation distance value of the third base station indicated by the logged base station identifier returned by the logged operator, and obtain the second physical location and the fourth radiation distance value of the fourth base station indicated by the terminal base station identifier returned by the terminal operator, and then determine whether the distance between the two base stations is greater than the sum of the radiation ranges of the two base stations (i.e., determine whether the distance between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value), if so, determine that the transaction is abnormal (i.e., determine that the target website is an illegal website if the distance between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value), and if the distance between the third base station and the fourth base station is greater than the sum of the fourth radiation distance value, determine that the target website is an illegal website, and if the suspicious distance between the suspicious radiation distance between the third base station is less than the fourth base station, and the suspicious distance.
And step S104, determining the target website as an illegal website under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier is not intersected.
In the embodiment of the present invention, if the coverage areas of the base stations indicated by the logged-in operator type and the terminal operator type and different logged-in base station identifiers and the base stations indicated by the terminal base station identifiers do not intersect (for example, the two base stations are located in different countries), it may be determined that the transaction is abnormal, and it is determined that the target website is an illegal website.
Optionally, after determining that the target website is an illegal website, the method further includes: stopping executing the fund transaction and initiating the early warning notice.
In the embodiment of the invention, after the target website is determined to be an illegal website, the execution of fund transaction can be stopped in time, and an early warning notice is sent, for example, after the transaction is judged to be abnormal, a financial institution can freeze the transaction, remind a client to unfreeze on the site of the financial institution through a telephone or a short message, and can adopt the client account number to log in again after a login password is modified after manual authentication of staff and the like, so that the fund loss of the client can be effectively avoided.
In the embodiment of the invention, by adopting the inter-enterprise communication anti-illegal identification method based on the communication operator, whether a website is illegal or not can be judged by a financial institution (or other institutions) and the operator, so that the interference of illegal personnel on data tampering of a client can be effectively avoided, potential illegal risks can be judged by the financial institution through interaction with the operator, the fund loss of a client can be avoided, the image of the financial institution can be improved, and the internet fraud crimes can be effectively struck.
The invention is described below in connection with an alternative embodiment.
Example two
The device for identifying an illegal website provided in this embodiment includes a plurality of implementation units, and each implementation unit corresponds to each implementation step in the first embodiment.
Fig. 2 is a schematic diagram of an alternative illegal website identification apparatus according to an embodiment of the present invention, and as shown in fig. 2, the identification apparatus may include: a first obtaining unit 20, an initiating unit 21, a second obtaining unit 22, a determining unit 23, wherein,
a first obtaining unit 20, configured to obtain, based on a communication connection, financial website information of a financial website logged in by account information when a customer inputs account information through a target website, where the financial website is a website established by a financial institution, and the financial website information at least includes: logging in the type of an operator and the identifier of a base station;
an initiating unit 21, configured to initiate a security authentication request when a fund transaction is performed through a financial website, where the security authentication request is to perform terminal verification code authentication on the financial website;
a second obtaining unit 22, configured to obtain, based on the communication connection, terminal information of the terminal that sends or receives the terminal verification code, where the terminal information at least includes: a terminal operator type, a terminal base station identifier;
the determining unit 23 is configured to determine that the target website is an illegal website when the login operator type is different from the terminal operator type and a coverage area between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier does not intersect.
The identification device can acquire financial website information of account information login of a financial website based on communication connection through a first acquisition unit 20 under the condition that a customer inputs account information through a target website, initiate a security authentication request through an initiation unit 21 under the condition that fund transaction is carried out through the financial website, acquire terminal information of a terminal sending or receiving a terminal verification code through a second acquisition unit 22 based on communication connection, and determine that the target website is an illegal website under the conditions that the login operator type is different from the terminal operator type and the coverage range between a base station indicated by login base station identification and a base station indicated by terminal base station identification does not have intersection through a determination unit 23. In the embodiment of the invention, the financial website information of the current account information of the client logging in the financial website can be obtained through the communication connection established between the financial institution and each operator, the terminal information of the terminal sending or receiving the terminal verification code is sent or received, and whether the target website is safe or not can be determined by comparing the financial website information with the terminal information, so that the safety authentication among enterprises is realized, the client can be effectively prevented from being illegally tampered, meanwhile, the illegal website identification does not depend on tools such as controls and antivirus software, the identification accuracy rate is improved, and the technical problems that the illegal website identification needs to be carried out by depending on an identification tool in the related technology and the identification accuracy rate is lower are solved.
Optionally, the first obtaining unit includes: the first acquisition module is used for acquiring the operator type of the financial website access network; the first initiating module is used for selecting a target operator in an operator set indicated by an operator type to initiate a financial website information obtaining request through communication connection based on the operator type, wherein the target operator returns financial website information based on the financial website information obtaining request.
Optionally, the identification apparatus further includes: the first judgment module is used for judging whether the identity of the login base station is the same as the identity of the terminal base station or not under the condition that the type of the login operator is the same as the type of the terminal operator after the terminal information of the terminal which sends or receives the terminal verification code is acquired based on communication connection; and the first determining module is used for determining that the target website is a financial website and executing fund transaction under the condition that the login base station identifier is the same as the terminal base station identifier.
Optionally, the identification apparatus further includes: the second acquisition module is used for respectively acquiring a first radiation distance value of the first base station indicated by the login base station identifier and a second radiation distance value of the second base station indicated by the terminal base station identifier based on communication connection under the condition that the login base station identifier is different from the terminal base station identifier after judging whether the login base station identifier is the same as the terminal base station identifier under the condition that the login operator type is the same as the terminal operator type; the second judging module is used for judging whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value; and the second determining module is used for determining the target website as an illegal website under the condition that the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value.
Optionally, the identification apparatus further includes: a second initiating module, configured to initiate a secondary authentication request when the distance value between the first base station and the second base station is smaller than or equal to the sum of the first radiation distance value and the second radiation distance value after determining whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, where the secondary authentication request includes at least one of: face recognition and fingerprint recognition; and the first execution module is used for executing fund transaction under the condition that the secondary authentication request passes.
Optionally, the identification apparatus further includes: the first communication module is used for respectively communicating with the login operator and the terminal operator based on communication connection under the condition that the login operator type is different from the terminal operator type and the coverage area between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier has intersection after the terminal information of the terminal which sends or receives the terminal verification code is acquired based on communication connection; the third acquisition module is used for acquiring a first physical position and a third radiation distance value of a third base station indicated by a login base station identifier returned by a login operator, and acquiring a second physical position and a fourth radiation distance value of a fourth base station indicated by a terminal base station identifier returned by a terminal operator; the third judging module is used for judging whether the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value or not based on the first physical position and the second physical position; the third determining module is used for determining the target website as an illegal website under the condition that the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value; and the third initiating module is used for initiating a secondary authentication request under the condition that the distance value between the third base station and the fourth base station is smaller than or equal to the sum of the third radiation distance value and the fourth radiation distance value.
Optionally, the identification apparatus further includes: and the fourth initiating module is used for stopping executing fund transaction and initiating an early warning notice after the target website is determined to be an illegal website.
The above-mentioned identification apparatus may further include a processor and a memory, and the above-mentioned first obtaining unit 20, the initiating unit 21, the second obtaining unit 22, the determining unit 23, and the like are all stored in the memory as program units, and the processor executes the above-mentioned program units stored in the memory to implement the corresponding functions.
The processor comprises a kernel, and the kernel calls the corresponding program unit from the memory. The kernel can be set to be one or more than one, and the target website is determined to be an illegal website by adjusting the kernel parameters under the condition that the type of the login operator is different from that of the terminal operator, and the coverage area between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier is not intersected.
The memory may include volatile memory in a computer readable medium, random Access Memory (RAM) and/or nonvolatile memory such as Read Only Memory (ROM) or flash memory (flash RAM), and the memory includes at least one memory chip.
The present application further provides a computer program product adapted to perform a program for initializing the following method steps when executed on a data processing device: the method comprises the steps of acquiring financial website information of account information login financial websites based on communication connection under the condition that a client inputs account information through a target website, initiating a security authentication request under the condition that fund transaction is carried out through the financial website, acquiring terminal information of a terminal sending or receiving a terminal verification code based on the communication connection, and determining the target website to be an illegal website under the conditions that the login operator type is different from the terminal operator type and the coverage range between a base station indicated by a login base station identifier and a base station indicated by a terminal base station identifier is not intersected.
According to another aspect of the embodiments of the present invention, there is also provided a computer-readable storage medium, where the computer-readable storage medium includes a stored computer program, and when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the above method for identifying an illegal website.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device including one or more processors and a memory for storing one or more programs, wherein when the one or more programs are executed by the one or more processors, the one or more processors are caused to implement the above-mentioned method for identifying an illegal website.
Fig. 3 is a block diagram of a hardware configuration of an electronic device (or mobile device) for an illegal website recognition method according to an embodiment of the present invention. As shown in fig. 3, the electronic device may include one or more (shown as 302a, 302b, … …,302 n) processors 302 (the processors 302 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA), and a memory 304 for storing data. Besides, the method can also comprise the following steps: a display, an input/output interface (I/O interface), a Universal Serial Bus (USB) port (which may be included as one of the ports of the I/O interface), a network interface, a keyboard, a power supply, and/or a camera. It will be understood by those skilled in the art that the structure shown in fig. 3 is only an illustration and is not intended to limit the structure of the electronic device. For example, the electronic device may also include more or fewer components than shown in FIG. 3, or have a different configuration than shown in FIG. 3.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present invention, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technical content can be implemented in other manners. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is substantially or partly contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.

Claims (10)

1. A method for identifying illegal websites is characterized in that a financial institution establishes communication connection with each operator in advance, and comprises the following steps:
under the condition that a client inputs account information through a target website, acquiring financial website information of account information login financial websites based on the communication connection, wherein the financial websites are websites established by financial institutions, and the financial website information at least comprises: logging in the type of an operator and the identifier of a base station;
initiating a security authentication request under the condition that fund transaction is carried out through the financial website, wherein the security authentication request is that terminal verification code authentication is carried out on the financial website;
based on the communication connection, acquiring terminal information of a terminal which sends or receives the terminal verification code, wherein the terminal information at least comprises: a terminal operator type, a terminal base station identifier;
and under the condition that the type of the login operator is different from that of the terminal operator and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier does not have intersection, determining that the target website is an illegal website.
2. The identification method according to claim 1, wherein the step of acquiring the financial website information of the account information login financial website based on the communication connection comprises:
acquiring the operator type of the financial website access network;
and selecting a target operator in an operator set indicated by the operator type to initiate a financial website information acquisition request through the communication connection based on the operator type, wherein the target operator returns the financial website information based on the financial website information acquisition request.
3. The identification method according to claim 1, further comprising, after acquiring the terminal information of the terminal that transmitted or received the terminal authentication code based on the communication connection:
under the condition that the login operator type is the same as the terminal operator type, judging whether the login base station identifier is the same as the terminal base station identifier;
and under the condition that the login base station identification is the same as the terminal base station identification, determining that the target website is the financial website, and executing the fund transaction.
4. The identification method according to claim 3, wherein after determining whether the identity of the registered base station is the same as the identity of the terminal operator, the method further comprises:
under the condition that the login base station identification is different from the terminal base station identification, respectively acquiring a first radiation distance value of a first base station indicated by the login base station identification and a second radiation distance value of a second base station indicated by the terminal base station identification based on the communication connection;
judging whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value;
and under the condition that the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value, determining that the target website is an illegal website.
5. The identification method according to claim 4, further comprising, after determining whether the distance value between the first base station and the second base station is greater than the sum of the first radiation distance value and the second radiation distance value:
initiating a secondary authentication request under the condition that the distance value between the first base station and the second base station is smaller than or equal to the sum of the first radiation distance value and the second radiation distance value, wherein the secondary authentication request comprises at least one of the following: face recognition and fingerprint recognition;
and executing the fund transaction under the condition that the secondary authentication request passes.
6. The identification method according to claim 1, further comprising, after acquiring the terminal information of the terminal that transmitted or received the terminal authentication code based on the communication connection:
under the condition that the type of the login operator is different from the type of the terminal operator and the coverage area between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier has an intersection, respectively communicating with the login operator and the terminal operator based on the communication connection;
acquiring a first physical position and a third radiation distance value of a third base station indicated by a login base station identifier returned by the login operator, and acquiring a second physical position and a fourth radiation distance value of a fourth base station indicated by a terminal base station identifier returned by the terminal operator;
determining whether a distance value between the third base station and the fourth base station is greater than a sum of the third radiation distance value and the fourth radiation distance value based on the first physical location and the second physical location;
determining that the target website is an illegal website under the condition that the distance value between the third base station and the fourth base station is greater than the sum of the third radiation distance value and the fourth radiation distance value;
and initiating a secondary authentication request under the condition that the distance value between the third base station and the fourth base station is less than or equal to the sum of the third radiation distance value and the fourth radiation distance value.
7. The method according to claim 1, further comprising, after determining that the target website is an illegal website:
stopping execution of the funds transaction and initiating an early warning notification.
8. An illegal website recognition device, wherein a financial institution establishes a communication connection with each operator in advance, comprising:
the first acquisition unit is used for acquiring financial website information of account information login of a financial website based on the communication connection under the condition that a customer inputs account information through a target website, wherein the financial website is a website established by a financial institution, and the financial website information at least comprises: logging in the type of an operator and the identifier of a base station;
the system comprises an initiating unit, a processing unit and a processing unit, wherein the initiating unit is used for initiating a security authentication request under the condition that fund transaction is carried out through the financial website, and the security authentication request is used for carrying out terminal verification code authentication on the financial website;
a second obtaining unit, configured to obtain, based on the communication connection, terminal information of a terminal that sends or receives the terminal verification code, where the terminal information at least includes: a terminal operator type and a terminal base station identifier;
and the determining unit is used for determining that the target website is an illegal website under the condition that the login operator type is different from the terminal operator type and the coverage range between the base station indicated by the login base station identifier and the base station indicated by the terminal base station identifier does not have intersection.
9. A computer-readable storage medium, comprising a stored computer program, wherein when the computer program runs, the apparatus where the computer-readable storage medium is located is controlled to execute the method for identifying an illegal website according to any one of claims 1 to 7.
10. An electronic device comprising one or more processors and memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to implement the method of identifying illegitimate websites of any one of claims 1 to 7.
CN202210822348.3A 2022-07-13 2022-07-13 Method and device for identifying illegal website, electronic equipment and storage medium Pending CN115203611A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210822348.3A CN115203611A (en) 2022-07-13 2022-07-13 Method and device for identifying illegal website, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210822348.3A CN115203611A (en) 2022-07-13 2022-07-13 Method and device for identifying illegal website, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN115203611A true CN115203611A (en) 2022-10-18

Family

ID=83580551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210822348.3A Pending CN115203611A (en) 2022-07-13 2022-07-13 Method and device for identifying illegal website, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115203611A (en)

Similar Documents

Publication Publication Date Title
CN110300096B (en) Self-checking method, device and equipment based on local certificate and storage medium
EP3432542A1 (en) Method and device for linking to account and providing service process
US11403633B2 (en) Method for sending digital information
EP3885946B1 (en) Method of monitoring and protecting access to an online service
CN113191892A (en) Account risk prevention and control method, device, system and medium based on equipment fingerprint
CN106600279A (en) Safety payment method and system based on fingerprint identification
CN101127645A (en) An integrity check method for remote network service
US11411947B2 (en) Systems and methods for smart contract-based detection of authentication attacks
CN112995227B (en) One-stop information service platform based on three-party credit management
CN107888576B (en) Anti-collision library safety risk control method using big data and equipment fingerprints
EP4068125B1 (en) Method of monitoring and protecting access to an online service
CN115203611A (en) Method and device for identifying illegal website, electronic equipment and storage medium
EP3885945B1 (en) Method of monitoring and protecting access to an online service
CN114707153A (en) Method for classifying security vulnerabilities based on multi-dimensional financial information system
CN113709136A (en) Access request verification method and device
CN107491967B (en) Method and system for inputting password through network payment
CN111324876A (en) Exchange login method and device
EP3885947B1 (en) Method of monitoring and protecting access to an online service
Shin et al. Integrated framework for information security in mobile banking service based on smart phone
Mohammed Application Of Deep Learning In Fraud Detection In Payment Systems
US20210256527A1 (en) Risk payment processing method and apparatus, and device
CN112836213A (en) Anti-brushing method and device based on API (application program interface)
US20150213450A1 (en) Method for detecting potentially fraudulent activity in a remote financial transaction system
CN115695052A (en) Data protection method and device for shared interface
CN111711619A (en) Block chain-based network security connection system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination