CN104182687A - Security detecting method and security detecting device for mobile terminal input window - Google Patents
Security detecting method and security detecting device for mobile terminal input window Download PDFInfo
- Publication number
- CN104182687A CN104182687A CN201410377593.3A CN201410377593A CN104182687A CN 104182687 A CN104182687 A CN 104182687A CN 201410377593 A CN201410377593 A CN 201410377593A CN 104182687 A CN104182687 A CN 104182687A
- Authority
- CN
- China
- Prior art keywords
- window
- characteristic information
- checked
- mobile terminal
- elemental
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The invention provides a security detecting method and a security detecting device for a mobile terminal input window. The security detecting method based on a mobile terminal interface window comprises the following steps: confirming the window to be detected occurring on a display interface of the mobile terminal; extracting feature information of one or more elements of the window to be detected; using a preset feature information base to perform feature matching for the feature information to acquire an element matching result; confirming a security type of the window to be detected according to the element matching result, wherein the feature information base pre-stores the element feature information of a payment window and a software window, and/or the element feature information of the window of a malicious sample, so that the situation that a malicious program can intercept the information of a user through a window masking method is prevented, and the information security of the user can be improved.
Description
Technical field
The present invention relates to internet security field, particularly relate to a kind of safety detection method and safety detection device of mobile terminal input window.
Background technology
Along with the development of network technology and ecommerce, on mobile terminal, carry out net purchase more and more universal with E-Payment, yet the information security of mobile terminal becomes the important obstruction that affects mobile terminal net purchase and pay development by mails.
The information security of mobile terminal relates to the security problems of the maintaining secrecy of user profile, user's fund and payment information, there are at present some malicious application, by stealing terminal data or the page of disguise oneself as regular net purchase client or payment client terminal is gained the mode of user profile by cheating, gain user's bank or payment accounts information by cheating and carry out financial swindling, cause user to suffer a loss.
For above problem, in prior art, there is the multiple scan method for mobile application software, conventional method is to use static state or the behavioral characteristics of mobile application software, mate with preset feature database, differentiate the mobile application software detecting and belong to blacklist or white list, wherein white list refers to the normal use software matrix that entered checking, and blacklist refers to the list of confirming as malicious application.Yet because the pace of change of current mobile application software is very fast; the renewal speed of existing preset feature database can not meet the testing requirement of emerging application program; thereby cause occurring that some cannot differentiate the mobile application of type, thereby can not reach in real time the effectively object of the information security of protection mobile terminal.
Summary of the invention
In view of the above problems, the present invention has been proposed to provide a kind of safety detection device of the mobile terminal input window that overcomes the problems referred to above or address the above problem at least in part and the safety detection method of corresponding mobile terminal input window.Further object of the present invention is will make to determine whether to exist by display window the potential safety hazard of stealing user profile, guarantees user information safety.
Another further object of the present invention is that the various elements that will make full use of display window judge, guarantees the accuracy detecting.
According to one aspect of the present invention, provide a kind of safety detection method based on interface of mobile terminal window.Safety detection method that should be based on interface of mobile terminal window comprises: determine and on mobile terminal display interface, occur window to be checked; Extract the characteristic information of at least one element in window to be checked; Use preset characteristic information storehouse to carry out characteristic matching to characteristic information, obtain Match of elemental composition result; According to Match of elemental composition result, determine the security type of window to be checked, wherein the elemental characteristic information that pays the elemental characteristic information of class software class window and/or the window of malice sample is preserved in characteristic information storehouse in advance.
Alternatively, determine on mobile terminal display interface and occur that window to be checked comprises: the process detecting in mobile terminal changes; Determine that process generates new window on mobile terminal display interface.
Alternatively, use and in preset characteristic information storehouse, characteristic information is carried out to characteristic matching and comprise: characteristic information is carried out to white sample characteristics coupling and/or black sample characteristics coupling.
Alternatively, characteristic information is carried out to white sample characteristics coupling and comprise: extract the payment keyword that the content of text of element in window to be checked comprises, according to paying keyword, determine corresponding payment class software; The characteristic information of the element of window to be checked is compared with the window elements characteristic information of payment class software corresponding in characteristic information storehouse, if comparison result is consistent, determine that window to be checked is security window.
The elemental characteristic information of the payment class software window that alternatively, preserve in advance in characteristic information storehouse comprises: the elemental characteristic information of the login window of payment class software is bound the elemental characteristic information of window, pay the elemental characteristic information of the payment window of class software, pay the account of class software.
Alternatively, characteristic information is carried out to black sample characteristics coupling and comprise: the characteristic information of window to be checked is mated with the elemental characteristic information of the window of malice sample in characteristic information storehouse, if there is coupling, determine that window to be checked is for malice window.
Alternatively, the element of window to be checked comprises following at least one: input frame, title block, label, menu, action button; The characteristic information that extracts at least one element in window to be checked comprises: extract one or more in the content of text, positional information, chained address, element type of element.
Alternatively, preset characteristic information storehouse is preset in safety analysis server, characteristic information is being carried out also comprising before characteristic matching: characteristic information is uploaded to safety analysis server.
Alternatively, in extracting window, before the characteristic information of at least one element, also comprise: the process of generating window is carried out to security sweep, to determine the sample type of process; When process does not belong to any in known safe process or known danger process, carry out the step of extracting the characteristic information of at least one element in window.
Alternatively, after the security type of determining window to be checked, also comprise: the output information corresponding with security type on mobile terminal display interface.
The safety detection device of mobile terminal input window is provided according to a further aspect in the invention.This safety detection device comprises interface monitoring modular, is suitable for determining on mobile terminal display interface generating and occurring window to be checked; Characteristic information extracting module, is suitable for extracting the characteristic information of at least one element in window to be checked; Characteristic matching module, be suitable for using in preset characteristic information storehouse characteristic information is carried out to characteristic matching, obtain the matching result of element, and according to Match of elemental composition result, determine the security type of window to be checked, wherein the elemental characteristic information of the characteristic information of the element that pays class software class window and/or the window of malice sample is preserved in characteristic information storehouse in advance.
Alternatively, interface monitoring modular is also suitable for: the process detecting in mobile terminal changes; Determine that process generates new window on mobile terminal display interface.
Alternatively, characteristic matching module comprises: white sample matches submodule, is suitable for: extract the payment keyword that the content of text of element in window to be checked comprises, according to paying keyword, determine corresponding payment class software; The characteristic information of the element of window to be checked is compared with the window elements characteristic information of payment class software corresponding in characteristic information storehouse, if comparison result is consistent, determine that window to be checked is security window, and/or black sample matches submodule, be suitable for: the characteristic information of window to be checked is mated with the elemental characteristic information of the window of malice sample in characteristic information storehouse, if there is coupling, determine that window to be checked is for malice window.
The elemental characteristic information of the payment class software window that alternatively, preserve in advance in characteristic information storehouse comprises: the elemental characteristic information of the login window of payment class software is bound the elemental characteristic information of window, pay the elemental characteristic information of the payment window of class software, pay the account of class software.
Alternatively, the element of window to be checked comprises following at least one: input frame, title block, label, menu, action button; The characteristic information that extracts at least one element in window to be checked comprises: extract one or more in the content of text, positional information, chained address, element type of element.
Alternatively, characteristic matching module comprises: information is uploaded submodule, is suitable for characteristic information to be uploaded to safety analysis server, and preset characteristic information storehouse is preset in safety analysis server.
Alternatively, the safety detection device of above mobile terminal input window also comprises: process scan module, is suitable for the process of generating window to carry out security sweep, to determine the sample type of process; Characteristic information extracting module is also suitable for: at the scanning result of process scan module, when not belonging to any in known safe process or known danger process in process, carry out the step of extracting the characteristic information of at least one element in window.
Alternatively, the safety detection device of above mobile terminal input window also comprises: safety instruction module, is suitable for the output information corresponding with security type on mobile terminal display interface.
The safety detection method of mobile terminal input window of the present invention utilizes the window to be checked occurring on display interface to carry out the coupling of window elements feature, to differentiate whether the disguise oneself as display window of safety applications software of window to be checked, thereby prevent rogue program by window camouflage method intercepting user profile situation, improved user information safety.
Further, the safety detection method of mobile terminal input window of the present invention, can adopt the mode of white sample characteristics coupling and black sample characteristics coupling to detect, both can determine that window to be checked was security window, also can determine that window to be checked, for malice window, has improved the accuracy of safety detection.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, characteristic information and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
According to the detailed description to the specific embodiment of the invention by reference to the accompanying drawings below, those skilled in the art will understand above-mentioned and other objects, advantage and characteristic information of the present invention more.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 is the schematic block diagram of the safety detection device of mobile terminal input window according to an embodiment of the invention;
Fig. 2 is the applied environment figure of the safety detection device of mobile terminal input window according to an embodiment of the invention;
Fig. 3 is the schematic diagram of the safety detection method based on interface of mobile terminal window according to an embodiment of the invention;
Fig. 4 is a kind of optional process flow diagram of the safety detection method based on interface of mobile terminal window according to an embodiment of the invention; And
Fig. 5 be according to an embodiment of the invention the safety detection method based on interface of mobile terminal window in the schematic diagram of a window to be checked.
Embodiment
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
Fig. 1 is the schematic block diagram of the safety detection device 100 of mobile terminal input window according to an embodiment of the invention.The safety detection device 100 of this mobile terminal input window can comprise in general manner: interface monitoring modular 110, characteristic information extracting module 120, characteristic matching module 130, these parts can carry out flexible configuration according to the function of the safety detection device 100 of mobile terminal input window and environment for use, can be by increasing parts in some preferred embodiments, realize more function and reached different technique effects, for example, can also increase process scan module 140 and safety instruction module 150 are set, in addition, a kind of optional structure of characteristic matching module 130 is for comprising white sample matches submodule 132, black sample matches submodule 134, information is uploaded submodule 136.
In the safety detection device 100 of the mobile terminal input window of the present embodiment, interface monitoring modular 110 can be suitable for determining on mobile terminal display interface and generate and occur window to be checked, and its a kind of optional flow process changes for the process detecting in mobile terminal; Determine that process generates new window on mobile terminal display interface.The process detecting in mobile terminal can be utilized main anti-technology, and injected system process is inner, obtains the situation of process generating window.Preferably, interface monitoring modular 110 can be using the window with input frame as window to be checked.
Characteristic information extracting module 120 is extracted the characteristic information of at least one element in window to be checked, the element of the element window to be checked of general display window comprises following at least one: input frame, title block, label, menu, action button, accordingly, the characteristic information that characteristic information extracting module 120 is extracted can comprise one or more in the content of text, positional information, chained address, element type of above element.
Characteristic matching module 130 can be used in preset characteristic information storehouse characteristic information is carried out to characteristic matching, obtains the matching result of element, and according to Match of elemental composition result, determines the security type of window to be checked.The elemental characteristic information of the characteristic information of the element that pays class software class window and/or the window of malice sample is preserved in above characteristic information storehouse in advance, the elemental characteristic information of the payment class software window that for example preserve in advance in characteristic information storehouse comprises: pay class software login window elemental characteristic information, the elemental characteristic information of account binding window that pays class software, pay the elemental characteristic information of the payment window of class software, using the characteristic information of element that pays class software class window as the coupling foundation of white sample.The elemental characteristic information of window of malice sample can be extracted the feature of element of window of the malice sample reporting as the coupling foundation of black sample.
Particularly, the payment keyword that the content of text that white sample matches submodule 132 can extract element in window to be checked comprises, determines corresponding payment class software according to paying keyword; The characteristic information of the element of window to be checked is compared with the window elements characteristic information of payment class software corresponding in characteristic information storehouse, if comparison result is consistent, determine that window to be checked is security window.For security window, the safety detection device 100 of the mobile terminal input window of the present embodiment can not done any intervention, to carry out normal running by user.
Black sample matches submodule 134 can mate the characteristic information of window to be checked with the elemental characteristic information of the window of malice sample in characteristic information storehouse, if there is coupling, determine that window to be checked is for malice window.For malice window, if inputting the contents such as account information therein, user likely intercepted, cause information leakage, therefore need to be to user report, and take necessary measure.For example by safety instruction module 150, on mobile terminal display interface, export the information corresponding with security type.Further, can also take other modes to carry out safety precaution, for example the input frame of malice window is set to input, to avoid user to input in unwitting situation, only, in the situation that user ignores information, reply the input function of input frame.
Above information matches process can be carried out in end side, also can utilize high in the clouds technology to mate beyond the clouds, for example utilize information to upload submodule 136 characteristic information is uploaded to safety analysis server, utilize the preset characteristic information storehouse being preset in safety analysis server to carry out the process of above information matches.A kind of concrete configuration mode is to distinguish initialized data base for the characteristic matching of window elements, to be applicable to different environments for use in end side and network side.
Process scan module 140 can carry out security sweep to the process of generating window, to determine the sample type of process; Characteristic information extracting module 130 when not belonging to any in known safe process or known danger process in process, is just carried out the step of the characteristic information of at least one element in extraction window at the scanning result of process scan module.That is to say, the mode that first use process detects is screened, and only, when security is can not determine in process detection, carries out in the step of carrying out the characteristic matching of window elements.
Fig. 2 is the applied environment figure of the safety detection device 100 of mobile terminal input window according to an embodiment of the invention, the safety detection device 100 of the mobile terminal input window of the present embodiment can be arranged in all kinds of mobile terminals 10, in smart mobile phone, panel computer, palm PC etc.These mobile terminals 10 can run in the operating systems such as Android, the safety detection device 100 of the mobile terminal input window of the present embodiment utilize to the process master of above operating system anti-determine on mobile terminal display interface there is window to be checked, and use and be preset in the characteristic information storehouse of preserving window elements feature in mobile terminal and carry out characteristic matching.Above characteristic information storehouse is issued by mobile network 20 by safety analysis server 30, in addition, the safety detection device 100 of mobile terminal input window can also be uploaded the characteristic information of the element of the window to be checked extracting by mobile network 20, by safety analysis server 30, be preset in the characteristic information storehouse of preserving window elements feature in mobile terminal and carry out characteristic matching, and matching result is handed down to mobile terminal 10, and malice window is pointed out.
The embodiment of the present invention also provides a kind of safety detection method based on interface of mobile terminal window, safety detection method that should be based on interface of mobile terminal window can be carried out by the safety detection device based on interface of mobile terminal window by any one of above embodiment introduction, to improve the Information Security of mobile terminal.Fig. 3 is the schematic diagram of the safety detection method based on interface of mobile terminal window according to an embodiment of the invention, as shown in the figure, should comprise the following steps by the safety detection method based on interface of mobile terminal window:
Step S302, determines and on mobile terminal display interface, occurs window to be checked;
Step S304, extracts the characteristic information of at least one element in window to be checked;
Step S306, is used preset characteristic information storehouse to carry out characteristic matching to characteristic information, obtains Match of elemental composition result;
Step S308, determines the security type of window to be checked according to Match of elemental composition result.
In above step, step S302 can change definite window to be checked that occurs by detecting process in mobile terminal, and the process in mobile terminal that specifically can detect changes to determine that process generates new window on mobile terminal display interface.Detect process in mobile terminal and can utilize main anti-technology, injected system process is inner, obtains the situation of process generating window.Therefore because the present embodiment technical matters to be solved is to prevent that accounts information or payment information that user inputs from being intercepted, above window to be checked can be specifically in the situation that is password box with the type of the window, particularly this input frame of input frame.Such as the word in the title block of emerging window, include following keyword again: " fast paying ", " Alipay payment ", " micro-letter payment ", " mobile payment ", " Mobile banking " etc., need using this window as window to be checked.
The element of the element window to be checked of general display window comprises following at least one: input frame, title block, label, menu, action button, the characteristic information that step S304 extracts can comprise one or more in the content of text, positional information, chained address, element type of above element.
The elemental characteristic information that pays the elemental characteristic information of class software class window and/or the window of malice sample is preserved in the characteristic information storehouse that step S306 is used in advance, namely both can identify security window also can hazard recognition window, to window to be checked take non-black be that white detection is measured.
Correspondingly, step S306 can comprise that characteristic information is carried out to white sample characteristics coupling and black sample characteristics mates any or whole two kinds in two kinds of matching ways.
The elemental characteristic information of the payment class software window that for example, preserve in advance in characteristic information storehouse comprises following content: the elemental characteristic information of the login window of payment class software is bound the elemental characteristic information of window, pay the elemental characteristic information of the payment window of class software, pay the account of class software.The flow process that step S306 carries out white sample characteristics coupling can be: extract the payment keyword that the content of text of element in window to be checked comprises, according to paying keyword, determine corresponding payment class software; The characteristic information of the element of window to be checked is compared with the window elements characteristic information of payment class software corresponding in characteristic information storehouse, if comparison result is consistent, determine that window to be checked is security window.The title block Chinese word that concrete example is window is " micro-letter payment ", the elemental characteristic of this window is mated with the elemental characteristic of payment interface in micro-letter client, if the match is successful, just can confirm that this window to be checked is micro-letter payment window, otherwise just can think this window to be checked for malice window or need to further detect.
A kind of flow process that step S306 carries out black sample characteristics coupling to characteristic information is to comprise: the characteristic information of window to be checked is mated with the elemental characteristic information of the window of malice sample in characteristic information storehouse, if there is coupling, determine that window to be checked is for malice window.For malice window, after step S308, the information corresponding with security type can also be exported on mobile terminal display interface, with reminding user.In addition, in the situation that there is malice window, can also process malice window, for example, shield window, input frame is put to ash in can not input state etc., prevent that user from operating, if user's prompting message is ignored operation, recover window.
On utilizing mobile terminal, carry out black and white sample characteristics coupling in preset characteristic information storehouse, the safety detection method of the mobile terminal input window of the present embodiment can also be uploaded to characteristic information safety analysis server, and receive the characteristic matching result that safety analysis server issues, thereby utilize the large data of network side to mate, the result obtaining is more accurate.
Before step 304, can also utilize the checking and killing virus system of mobile terminal to detect the sample of process, for example the process of generating window is carried out to security sweep, to determine the sample type of process; When process does not belong to any in known safe process or known danger process, then perform step S304.That is to say, the mode that first use process detects is screened, and only, when security is can not determine in process detection, carries out in the step of carrying out the characteristic matching of window elements.
Fig. 4 is a kind of optional process flow diagram of the safety detection method based on interface of mobile terminal window according to an embodiment of the invention, and this flow process comprises:
Step S402, determines and on mobile terminal display interface, generates new window to be checked
Step S404, is used the anti-software of virus master of mobile terminal to judge whether the process of generating window is known security procedure, if allow window normally to move, performs step if not S406;
Step S406, use the anti-software of virus master of mobile terminal to judge whether the process of generating window is known malicious process, if carry out safety instruction to user, and carry out corresponding safe operation (such as end process, deleted file, put into isolated area etc.), if not, explanation cannot be determined process security, need to carry out subsequent window elemental characteristic coupling;
Step S408, judges whether newly-generated window exists input frame, illustrates that if not this window is only content display window, can not detect;
Step S410, determines that window is window to be checked;
Step S412, extracts the feature of window elements, specifically can comprise following content: content of text separately of the elements such as input frame, title block, label, menu, action button, positional information, chained address, element etc.
Step S414, is used the feature of white sample window element to mate, if the match is successful, if allow window normally to move;
Step S416, is used the feature of black sample window element to mate, if mate unsuccessfully, elemental characteristic can be uploaded to safety analysis server and be further analyzed;
Step S418, prompt window security risk, and window is carried out to safety precaution operation, for example, will shield window, and input frame is put to ash with in can not input state etc., prevent that user from operating, and reveal personal information.In above prompt window, can point out out the potential safety hazard of window, can also provide option of operation to user, such as unloading related application, upload safety detection result, ignore prompting etc., so that user judges voluntarily and carries out corresponding operating.
Carry out the safety detection method based on interface of mobile terminal window of the above embodiment of the present invention, the similar degree at the interface of judgement client, for example, when dialog box ejects, can carry out feature differentiation to the element in dialog box (classification of prompting frame, title block), such as whether title block is pointed out Taobao's Alipay and is logged in, whether hurdle, interface has the prompting frame of certain form, is password box.Again for example after extracting the feature string of element, can identify according to the input frame in interface and word, foundation is similar to decision model, determine whether it is to pay or other financial interfaces (whether be for example similar to the login frame of Taobao, micro-letter, be the interface of micro-letter Alipay binding bank card).
For Android system terminal, Android smart mobile phone for example, the element that extracts window can utilize the language of similar script to carry out, in conjunction with its decision rule, judge, form the decision model of the bullet frame of Android system display interface, with respect to the existing identification to judgement bag name signature, the safety detection method based on interface of mobile terminal window of the present embodiment can make up the deficiency that its renewal speed can not meet the demands.
Fig. 5 be according to an embodiment of the invention the safety detection method based on interface of mobile terminal window in the schematic diagram of a window to be checked, on determining on interface, occur after the window shown in Fig. 5, first the security type that generates the client of this window by main anti-engine judgement is (for example, to bag name, authority information characteristic matching), if this window belongs to white sample, can make this window normally move, if this window belongs to black sample, need reminding user security risk, and corresponding safety practice option is provided, and (for example prompting unloads, the bullet window of this application is tackled etc.), if cannot determine the security type of client, extract title block, the type of label and input frame, there is " please input payment cipher " in the title block in Fig. 5, and in label, also go out amount in cash and bank card information, now need the feature (position of above these elements, chained address, text) mate with the feature of black and white window elements in feature database, if determine that these features are known secure payment windows, allow window normally to move, if determine the characteristic matching of the black sample of these features and the payment window that disguises oneself as, at window, show on interface and point out risk, and before user further operates, input frame is set to input.Thereby prevent that the accounts information that user inputs from being caused loss by intercepting.
Use the safety detection method based on interface of mobile terminal window of the present embodiment to utilize the window to be checked occurring on display interface to carry out the coupling of window elements feature, prevent rogue program by window camouflage method intercepting user profile situation, improved user information safety.
In the instructions that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each characteristic information of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more characteristic information of characteristic information of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all characteristic informations of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such characteristic information and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all characteristic informations in this instructions (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed) disclosed each characteristic information can be by providing identical, be equal to or the alternative features information of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some characteristic information included in other embodiment rather than further feature information, the combination of the characteristic information of different embodiment means within scope of the present invention and forms different embodiment.For example, in claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module moved on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize according to the some or all functions of the some or all parts in the safety detection device based on interface of mobile terminal window of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
So far, those skilled in the art will recognize that, although detailed, illustrate and described a plurality of exemplary embodiment of the present invention herein, but, without departing from the spirit and scope of the present invention, still can directly determine or derive many other modification or the modification that meets the principle of the invention according to content disclosed by the invention.Therefore, scope of the present invention should be understood and regard as and cover all these other modification or modifications.
The embodiment of the present invention also provides mono-kind of the A1. safety detection method based on interface of mobile terminal window, comprising:
Determine and on mobile terminal display interface, occur window to be checked;
Extract the characteristic information of at least one element in described window to be checked;
Use preset characteristic information storehouse to carry out characteristic matching to described characteristic information, obtain Match of elemental composition result;
According to Match of elemental composition result, determine the security type of described window to be checked, the elemental characteristic information that pays the elemental characteristic information of class software class window and/or the window of malice sample is preserved in wherein said characteristic information storehouse in advance.
A2. according to the method described in A1, wherein, determine on mobile terminal display interface and occur that window to be checked comprises:
The process detecting in described mobile terminal changes;
Determine that described process generates new window on mobile terminal display interface.
A3. according to the method described in A1, wherein, use and in preset characteristic information storehouse, described characteristic information carried out to characteristic matching and comprise:
Described characteristic information is carried out to white sample characteristics coupling and/or black sample characteristics coupling.
A4. according to the method described in A3, wherein, described characteristic information is carried out to white sample characteristics coupling and comprises:
Extract the payment keyword that the content of text of element in described window to be checked comprises,
According to described payment keyword, determine corresponding payment class software;
The characteristic information of the element of described window to be checked is compared with the window elements characteristic information of payment class software corresponding described in described characteristic information storehouse, if comparison result is consistent, determine that described window to be checked is security window.
A5. according to the method described in A4, the elemental characteristic information of the described payment class software window that wherein, preserve in advance in described characteristic information storehouse comprises: the account binding elemental characteristic information of window of the elemental characteristic information of the login window of described payment class software, described payment class software is, the elemental characteristic information of the payment window of described payment class software.
A6. according to the method described in A3, wherein, described characteristic information is carried out to black sample characteristics coupling and comprises:
The characteristic information of described window to be checked is mated with the elemental characteristic information of the window of malice sample in described characteristic information storehouse, if there is coupling, determine that described window to be checked is for malice window.
A7. according to the method described in any one in A1 to A6, wherein,
The element of described window to be checked comprises following at least one: input frame, title block, label, menu, action button;
The characteristic information that extracts at least one element in described window to be checked comprises: extract one or more in the content of text, positional information, chained address, element type of described element.
A8. according to the method described in any one in A1 to A7, wherein,
Described preset characteristic information storehouse is preset in safety analysis server,
Described characteristic information is being carried out also comprising before characteristic matching: described characteristic information is uploaded to described safety analysis server.
A9. according to the method described in A1 to A8 any one, wherein, in extracting described window, before the characteristic information of at least one element, also comprise:
To generating the process of described window, carry out security sweep, to determine the sample type of described process;
When described process does not belong to any in known safe process or known danger process, carry out the step of extracting the characteristic information of at least one element in described window.
A10. according to the method described in A1 to A9 any one, wherein, after the security type of determining described window to be checked, also comprise:
The output information corresponding with described security type on described mobile terminal display interface.
The safety detection device that a B11. mobile terminal input window is also provided in the invention process, comprising:
Interface monitoring modular, is suitable for determining on mobile terminal display interface generating and occurring window to be checked;
Characteristic information extracting module, is suitable for extracting the characteristic information of at least one element in described window to be checked;
Characteristic matching module, be suitable for using in preset characteristic information storehouse described characteristic information is carried out to characteristic matching, obtain the matching result of element, and according to Match of elemental composition result, determine that the security type of described window to be checked, wherein said characteristic information storehouse preserve the elemental characteristic information of the characteristic information of the element that pays class software class window and/or the window of malice sample in advance.
B12. according to the device described in B11, wherein, described interface monitoring modular is also suitable for:
The process detecting in described mobile terminal changes;
Determine that described process generates new window on mobile terminal display interface.
B13. according to the device described in B11, wherein, described characteristic matching module comprises:
White sample matches submodule, is suitable for: extract the payment keyword that the content of text of element in described window to be checked comprises, according to described payment keyword, determine corresponding payment class software; The characteristic information of the element of described window to be checked is compared with the window elements characteristic information of payment class software corresponding described in described characteristic information storehouse, if comparison result is consistent, determine that described window to be checked is security window, and/or
Black sample matches submodule, is suitable for: the characteristic information of described window to be checked is mated with the elemental characteristic information of the window of malice sample in described characteristic information storehouse, if there is coupling, determine that described window to be checked is for malice window.
B14. according to the device described in B13, the elemental characteristic information of the described payment class software window that wherein, preserve in advance in described characteristic information storehouse comprises: the account binding elemental characteristic information of window of the elemental characteristic information of the login window of described payment class software, described payment class software is, the elemental characteristic information of the payment window of described payment class software.
B15. according to the device described in any one in B11 to B14, wherein,
The element of described window to be checked comprises following at least one: input frame, title block, label, menu, action button;
The characteristic information that extracts at least one element in described window to be checked comprises: extract one or more in the content of text, positional information, chained address, element type of described element.
B16. according to the device described in any one in B11 to B15, wherein, described characteristic matching module comprises:
Information is uploaded submodule, is suitable for described characteristic information to be uploaded to safety analysis server, and described preset characteristic information storehouse is preset in described safety analysis server.
B17. according to the device described in B11 to B16 any one, wherein, also comprise:
Process scan module, is suitable for carrying out security sweep to generating the process of described window, to determine the sample type of described process;
Described characteristic information extracting module is also suitable for: at the scanning result of described process scan module, when not belonging to any in known safe process or known danger process in described process, carry out the step of extracting the characteristic information of at least one element in described window.
B18. according to the device described in B11 to B17 any one, wherein, also comprise:
Safety instruction module, is suitable for the output information corresponding with described security type on described mobile terminal display interface.
Claims (10)
1. the safety detection method based on interface of mobile terminal window, comprising:
Determine and on mobile terminal display interface, occur window to be checked;
Extract the characteristic information of at least one element in described window to be checked;
Use preset characteristic information storehouse to carry out characteristic matching to described characteristic information, obtain Match of elemental composition result;
According to Match of elemental composition result, determine the security type of described window to be checked, the elemental characteristic information that pays the elemental characteristic information of class software class window and/or the window of malice sample is preserved in wherein said characteristic information storehouse in advance.
2. method according to claim 1, wherein, determine on mobile terminal display interface and occur that window to be checked comprises:
The process detecting in described mobile terminal changes;
Determine that described process generates new window on mobile terminal display interface.
3. method according to claim 1, wherein, use and in preset characteristic information storehouse, described characteristic information is carried out to characteristic matching and comprise:
Described characteristic information is carried out to white sample characteristics coupling and/or black sample characteristics coupling.
4. method according to claim 3, wherein, described characteristic information is carried out to white sample characteristics coupling and comprise:
Extract the payment keyword that the content of text of element in described window to be checked comprises,
According to described payment keyword, determine corresponding payment class software;
The characteristic information of the element of described window to be checked is compared with the window elements characteristic information of payment class software corresponding described in described characteristic information storehouse, if comparison result is consistent, determine that described window to be checked is security window.
5. method according to claim 4, the elemental characteristic information of the described payment class software window that wherein, preserve in advance in described characteristic information storehouse comprises: the account binding elemental characteristic information of window of the elemental characteristic information of the login window of described payment class software, described payment class software is, the elemental characteristic information of the payment window of described payment class software.
6. method according to claim 3, wherein, described characteristic information is carried out to black sample characteristics coupling and comprise:
The characteristic information of described window to be checked is mated with the elemental characteristic information of the window of malice sample in described characteristic information storehouse, if there is coupling, determine that described window to be checked is for malice window.
7. according to the method described in any one in claim 1 to 6, wherein,
The element of described window to be checked comprises following at least one: input frame, title block, label, menu, action button;
The characteristic information that extracts at least one element in described window to be checked comprises: extract one or more in the content of text, positional information, chained address, element type of described element.
8. according to the method described in any one in claim 1 to 7, wherein,
Described preset characteristic information storehouse is preset in safety analysis server,
Described characteristic information is being carried out also comprising before characteristic matching: described characteristic information is uploaded to described safety analysis server.
9. according to the method described in claim 1 to 8 any one, wherein, in extracting described window, before the characteristic information of at least one element, also comprise:
To generating the process of described window, carry out security sweep, to determine the sample type of described process;
When described process does not belong to any in known safe process or known danger process, carry out the step of extracting the characteristic information of at least one element in described window.
10. a safety detection device for mobile terminal input window, comprising:
Interface monitoring modular, is suitable for determining on mobile terminal display interface generating and occurring window to be checked;
Characteristic information extracting module, is suitable for extracting the characteristic information of at least one element in described window to be checked;
Characteristic matching module, be suitable for using in preset characteristic information storehouse described characteristic information is carried out to characteristic matching, obtain the matching result of element, and according to Match of elemental composition result, determine that the security type of described window to be checked, wherein said characteristic information storehouse preserve the elemental characteristic information of the characteristic information of the element that pays class software class window and/or the window of malice sample in advance.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410377593.3A CN104182687B (en) | 2014-08-01 | 2014-08-01 | The safety detection method of mobile terminal input window and safety detection device |
| PCT/CN2015/085802 WO2016015680A1 (en) | 2014-08-01 | 2015-07-31 | Security detection method and security detection apparatus for mobile terminal input window |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410377593.3A CN104182687B (en) | 2014-08-01 | 2014-08-01 | The safety detection method of mobile terminal input window and safety detection device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104182687A true CN104182687A (en) | 2014-12-03 |
| CN104182687B CN104182687B (en) | 2016-10-05 |
Family
ID=51963719
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410377593.3A Active CN104182687B (en) | 2014-08-01 | 2014-08-01 | The safety detection method of mobile terminal input window and safety detection device |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN104182687B (en) |
| WO (1) | WO2016015680A1 (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104881319A (en) * | 2015-05-14 | 2015-09-02 | 北京奇虎科技有限公司 | Method and device for trans-progress data processing |
| WO2016015680A1 (en) * | 2014-08-01 | 2016-02-04 | 北京奇虎科技有限公司 | Security detection method and security detection apparatus for mobile terminal input window |
| CN105930720A (en) * | 2016-05-05 | 2016-09-07 | 北京元心科技有限公司 | Method and system for implementing human-computer interaction with device security |
| CN107153790A (en) * | 2016-03-04 | 2017-09-12 | 北京众思铭信息技术有限公司 | Mobile terminal safety means of defence, device and mobile terminal |
| CN107562474A (en) * | 2017-08-29 | 2018-01-09 | 努比亚技术有限公司 | Interface filter method, terminal and the computer-readable recording medium of a kind of application program |
| CN107810469A (en) * | 2015-07-21 | 2018-03-16 | 三星电子株式会社 | Electronic equipment and the method for controlling the electronic equipment |
| CN108108618A (en) * | 2017-12-28 | 2018-06-01 | 中国信息通信研究院 | The application interface detection method and device of forgery attack |
| CN108133137A (en) * | 2017-12-13 | 2018-06-08 | 北京奇虎科技有限公司 | Interface safety detection method and device in intelligent terminal |
| CN109302338A (en) * | 2018-08-31 | 2019-02-01 | 南昌努比亚技术有限公司 | Intelligent indicating risk method, mobile terminal and computer readable storage medium |
| CN109992472A (en) * | 2019-02-25 | 2019-07-09 | 努比亚技术有限公司 | A kind of interface monitoring method, terminal and computer readable storage medium |
| CN110018957A (en) * | 2019-02-14 | 2019-07-16 | 阿里巴巴集团控股有限公司 | A kind of money damage verification script detection method and device |
| CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN111949356A (en) * | 2020-08-17 | 2020-11-17 | 联想(北京)有限公司 | Popup window processing method and device and electronic equipment |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116051868B (en) * | 2023-03-31 | 2023-06-13 | 山东大学 | Interface element identification method for windows system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102968590A (en) * | 2012-10-23 | 2013-03-13 | 北京奇虎科技有限公司 | Pop window suppression method and system |
| CN103368957A (en) * | 2013-07-04 | 2013-10-23 | 北京奇虎科技有限公司 | Method, system, client and server for processing webpage access behavior |
| US8631330B1 (en) * | 2009-08-16 | 2014-01-14 | Bitdefender IPR Management Ltd. | Security application graphical user interface customization systems and methods |
Family Cites Families (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8468597B1 (en) * | 2008-12-30 | 2013-06-18 | Uab Research Foundation | System and method for identifying a phishing website |
| CN102592067B (en) * | 2011-01-17 | 2014-07-30 | 腾讯科技(深圳)有限公司 | Webpage recognition method, device and system |
| CN103795703A (en) * | 2011-04-18 | 2014-05-14 | 北京奇虎科技有限公司 | Method for ensuring user network security and client |
| CN102622553A (en) * | 2012-04-24 | 2012-08-01 | 腾讯科技(深圳)有限公司 | Method and device for detecting webpage safety |
| CN102737183B (en) * | 2012-06-12 | 2014-08-13 | 腾讯科技(深圳)有限公司 | Method and device for webpage safety access |
| CN103825866B (en) * | 2012-11-19 | 2016-11-09 | 腾讯科技(深圳)有限公司 | A kind of login safety detection method and device |
| CN103390128A (en) * | 2013-08-01 | 2013-11-13 | 贝壳网际(北京)安全技术有限公司 | Page labeling method and device and terminal equipment |
| CN104021339A (en) * | 2014-06-10 | 2014-09-03 | 北京奇虎科技有限公司 | Safety payment method and device for mobile terminal |
| CN104134143B (en) * | 2014-07-15 | 2017-05-03 | 北京奇付通科技有限公司 | Mobile payment security protection method, mobile payment security protection device and cloud server |
| CN104021467A (en) * | 2014-06-12 | 2014-09-03 | 北京奇虎科技有限公司 | Method and device for protecting payment security of mobile terminal and mobile terminal |
| CN104182687B (en) * | 2014-08-01 | 2016-10-05 | 北京奇虎科技有限公司 | The safety detection method of mobile terminal input window and safety detection device |
-
2014
- 2014-08-01 CN CN201410377593.3A patent/CN104182687B/en active Active
-
2015
- 2015-07-31 WO PCT/CN2015/085802 patent/WO2016015680A1/en active Application Filing
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8631330B1 (en) * | 2009-08-16 | 2014-01-14 | Bitdefender IPR Management Ltd. | Security application graphical user interface customization systems and methods |
| CN102968590A (en) * | 2012-10-23 | 2013-03-13 | 北京奇虎科技有限公司 | Pop window suppression method and system |
| CN103368957A (en) * | 2013-07-04 | 2013-10-23 | 北京奇虎科技有限公司 | Method, system, client and server for processing webpage access behavior |
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2016015680A1 (en) * | 2014-08-01 | 2016-02-04 | 北京奇虎科技有限公司 | Security detection method and security detection apparatus for mobile terminal input window |
| CN104881319A (en) * | 2015-05-14 | 2015-09-02 | 北京奇虎科技有限公司 | Method and device for trans-progress data processing |
| CN104881319B (en) * | 2015-05-14 | 2018-07-27 | 北京奇虎科技有限公司 | A kind of data processing method and device of striding course |
| EP3327605A4 (en) * | 2015-07-21 | 2018-06-27 | Samsung Electronics Co., Ltd. | Electronic device and method of controlling same |
| CN107810469B (en) * | 2015-07-21 | 2021-06-01 | 三星电子株式会社 | Electronic device and method of controlling the same |
| US10565368B2 (en) | 2015-07-21 | 2020-02-18 | Samsung Electronics Co., Ltd. | Electronic device and method of controlling same |
| CN107810469A (en) * | 2015-07-21 | 2018-03-16 | 三星电子株式会社 | Electronic equipment and the method for controlling the electronic equipment |
| CN107153790A (en) * | 2016-03-04 | 2017-09-12 | 北京众思铭信息技术有限公司 | Mobile terminal safety means of defence, device and mobile terminal |
| CN105930720A (en) * | 2016-05-05 | 2016-09-07 | 北京元心科技有限公司 | Method and system for implementing human-computer interaction with device security |
| CN107562474A (en) * | 2017-08-29 | 2018-01-09 | 努比亚技术有限公司 | Interface filter method, terminal and the computer-readable recording medium of a kind of application program |
| CN108133137A (en) * | 2017-12-13 | 2018-06-08 | 北京奇虎科技有限公司 | Interface safety detection method and device in intelligent terminal |
| CN108133137B (en) * | 2017-12-13 | 2021-11-23 | 北京奇虎科技有限公司 | Interface security detection method and device in intelligent terminal |
| CN108108618A (en) * | 2017-12-28 | 2018-06-01 | 中国信息通信研究院 | The application interface detection method and device of forgery attack |
| CN108108618B (en) * | 2017-12-28 | 2021-05-25 | 中国信息通信研究院 | Application interface detection method and device for counterfeiting attack |
| CN109302338A (en) * | 2018-08-31 | 2019-02-01 | 南昌努比亚技术有限公司 | Intelligent indicating risk method, mobile terminal and computer readable storage medium |
| CN110018957A (en) * | 2019-02-14 | 2019-07-16 | 阿里巴巴集团控股有限公司 | A kind of money damage verification script detection method and device |
| CN110018957B (en) * | 2019-02-14 | 2024-04-09 | 创新先进技术有限公司 | Method and device for detecting resource loss check script |
| CN109992472A (en) * | 2019-02-25 | 2019-07-09 | 努比亚技术有限公司 | A kind of interface monitoring method, terminal and computer readable storage medium |
| CN110309647A (en) * | 2019-06-28 | 2019-10-08 | 北京金山安全软件有限公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN110309647B (en) * | 2019-06-28 | 2022-02-25 | 北京乐蜜科技有限责任公司 | Processing method and device for application program, electronic equipment and storage medium |
| CN111949356A (en) * | 2020-08-17 | 2020-11-17 | 联想(北京)有限公司 | Popup window processing method and device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2016015680A1 (en) | 2016-02-04 |
| CN104182687B (en) | 2016-10-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104182687A (en) | Security detecting method and security detecting device for mobile terminal input window | |
| CN104517054B (en) | Method, device, client and server for detecting malicious APK | |
| CN104063664B (en) | The safety detection method of software installation bag, client, server and system | |
| EP3373626B1 (en) | Method and device for use in risk management of application information | |
| CN104021467A (en) | Method and device for protecting payment security of mobile terminal and mobile terminal | |
| Mishra et al. | SMS phishing and mitigation approaches | |
| CN103761481A (en) | Method and device for automatically processing malicious code sample | |
| CN106850617B (en) | webshell detection method and device | |
| CN108734012A (en) | Malware recognition methods, device and electronic equipment | |
| CN104158828B (en) | The method and system of suspicious fishing webpage are identified based on cloud content rule base | |
| CN103761478A (en) | Judging method and device of malicious files | |
| CN109271788A (en) | A kind of Android malware detection method based on deep learning | |
| CN110855642B (en) | Application vulnerability detection method and device, electronic equipment and storage medium | |
| CN105354494A (en) | Detection method and apparatus for web page data tampering | |
| CN102467628A (en) | Method for protecting data based on browser kernel intercept technology | |
| WO2020110109A1 (en) | Phishing protection methods and systems | |
| US11809556B2 (en) | System and method for detecting a malicious file | |
| CN104134019A (en) | Script virus detection method and device | |
| Koide et al. | Detecting phishing sites using chatgpt | |
| CN107018152A (en) | Message block method, device and electronic equipment | |
| Mainka et al. | Shadow Attacks: Hiding and Replacing Content in Signed PDFs. | |
| Dubin | Content disarm and reconstruction of rtf files a zero file trust methodology | |
| JP7439916B2 (en) | Learning device, detection device, learning method, detection method, learning program and detection program | |
| CN116932381A (en) | Automatic evaluation method for security risk of applet and related equipment | |
| CN103152356A (en) | Method, server and system for detecting safety of file sample |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220711 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co., Ltd |