[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2019153857A1 - Asset protection method and apparatus for digital wallet, electronic device, and storage medium - Google Patents

Asset protection method and apparatus for digital wallet, electronic device, and storage medium Download PDF

Info

Publication number
WO2019153857A1
WO2019153857A1 PCT/CN2018/119075 CN2018119075W WO2019153857A1 WO 2019153857 A1 WO2019153857 A1 WO 2019153857A1 CN 2018119075 W CN2018119075 W CN 2018119075W WO 2019153857 A1 WO2019153857 A1 WO 2019153857A1
Authority
WO
WIPO (PCT)
Prior art keywords
security
information
digital wallet
detection
private key
Prior art date
Application number
PCT/CN2018/119075
Other languages
French (fr)
Chinese (zh)
Inventor
张康宗
Original Assignee
北京金山安全软件有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京金山安全软件有限公司 filed Critical 北京金山安全软件有限公司
Publication of WO2019153857A1 publication Critical patent/WO2019153857A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • G06Q20/3223Realising banking transactions through M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3821Electronic credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Definitions

  • the present application relates to the field of digital wallet technology, and in particular, to a digital wallet asset protection method, apparatus, electronic device, and storage medium.
  • the digital wallet is a wallet based on blockchain technology.
  • the solution for digital wallet is to consider the use of digital wallet, for example, how to use digital wallet to better manage digital currency, and there is no solution for digital wallet security protection, so that the assets of digital wallet are facing at any time. The risk of theft is poor.
  • the purpose of the embodiments of the present application is to provide a digital wallet asset protection method, device, electronic device, and storage medium to improve security.
  • the specific technical solutions are as follows:
  • a digital wallet asset protection method comprising:
  • the preset asset protection operation is performed based on the obtained detection result.
  • the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the digital wallet private key
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the method further includes:
  • the detection result is determined as the third detection result
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  • the obtaining process of the user behavior information that affects the private key of the digital wallet includes:
  • the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
  • the selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
  • the step of determining the security setting guiding information according to the user behavior information includes:
  • the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key through a screen capture, and behavior of using only a digital password as an asset payment password. At least one of the information.
  • the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information including:
  • the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
  • the security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
  • the step of obtaining the security setting guiding information based on the security level evaluation result includes:
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • the obtaining process of the security detection information of the electronic device where the digital wallet is located includes:
  • first security detection information of an operating environment of the digital wallet includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
  • the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet
  • the private key of the digital wallet stores at least one of mode detection information.
  • the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the digital wallet's private key include the presence of a virus;
  • the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
  • the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
  • the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network
  • the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
  • the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
  • the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
  • the process of obtaining the asset security detection information of the digital wallet includes:
  • a digital wallet asset protection device comprising:
  • a detecting module configured to perform at least one detecting operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
  • An execution module is configured to perform a preset asset protection operation based on the obtained detection result.
  • the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the digital wallet private key
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the device further includes:
  • a processing module configured to determine, as a first detection result, a detection result corresponding to the user behavior detection operation, and determine a detection result corresponding to the electronic device security detection of the digital wallet as a second detection result, where the digital wallet is The test result corresponding to the asset security test is determined as the third test result;
  • the execution module is specifically configured to:
  • the obtained detection result is: the first detection result, determining security setting guidance information according to the user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
  • the obtained detection result is: the second detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting a prompt for prompting the user to affect the security of the private key Prompt information for processing factors;
  • the third detection result when determining that the target account asset has a security risk according to the asset security detection information, outputting the target account for alerting the target account of the digital wallet Warning information for safety hazards;
  • the obtained detection result is: the first detection result and the second detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
  • the obtained detection result is: the first detection result and the third detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
  • the obtained detection result is: the second detection result and the third detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting is used to prompt the user to Prompt information that affects the security of the private key;
  • the obtained detection result is: the first detection result, the second detection result, and the third detection result, determining safety setting guidance information according to the user behavior information, and outputting for guiding the user to improve the Security setting security information for the security of the private key of the digital wallet;
  • the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  • the device further includes a first obtaining module, where the first obtaining module includes:
  • a display unit configured to display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet private key, and a check box corresponding to each preset user behavior information When a check box corresponding to the preset user behavior information is selected, it indicates that the preset user behavior information is selected;
  • a questionnaire obtaining unit for obtaining a questionnaire result of the preset questionnaire
  • the user behavior information determining unit is configured to determine the selected preset user behavior information in the questionnaire result as user behavior information that affects the private key security of the digital wallet.
  • the execution module includes:
  • a security level evaluation result obtaining unit configured to obtain a security level evaluation result of the user behavior by using a preset security level evaluation standard and the user behavior information
  • the security setting guidance information obtaining unit is configured to obtain security setting guidance information based on the security level evaluation result.
  • the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key through a screen capture, and behavior of using only a digital password as an asset payment password. At least one of the information.
  • the security level assessment result obtaining unit includes:
  • a quantity determining subunit configured to determine the quantity of the user behavior information
  • a quantity range determining subunit configured to determine a quantity range in which the quantity is located in a preset security level evaluation criterion; wherein the preset security level evaluation standard includes: a correspondence between a quantity range and a security level;
  • the security level evaluation result determining sub-unit is configured to determine a security level corresponding to the quantity range in which the quantity is located, as a security level evaluation result of the user behavior.
  • the security setting guide information obtaining unit includes:
  • a determining subunit configured to determine whether the obtained security level evaluation result is low, and if so, triggering the security setting guiding information determining subunit;
  • the security setting guiding information determining subunit is configured to determine security setting guiding information corresponding to the obtained user behavior information
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • the device further includes a second obtaining module, where the second obtaining module includes:
  • a first security detection information obtaining unit configured to obtain first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information of the electronic device where the digital wallet is located, At least one of root root authority detection information and network transmission security detection information;
  • a second security detection information obtaining unit configured to obtain second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, the number At least one of repackaging detection information of the installation package of the wallet and private key storage mode detection information of the digital wallet.
  • the virus detection information obtained by the first security detection information obtaining unit is: when a virus is found, the factor determined by the execution module to affect the security of the private key of the digital wallet includes the presence of a virus;
  • the vulnerability detection information obtained by the first security detection information obtaining unit is: when there is a vulnerability, the factor determined by the execution module affecting the security of the private key of the digital wallet includes a vulnerability;
  • the root root authority detection information obtained by the first security detection information obtaining unit is: when the root root authority is enabled, the security factor determined by the execution module affecting the private key of the digital wallet includes the root root authority being Open
  • factors determined by the execution module affecting the security of the private key of the digital wallet include: being in a non-secure transmission network. ;
  • the factors determined by the execution module affecting the security of the private key of the digital wallet include: the memory is not performed. Read and write protection;
  • a factor determined by the execution module to affect security of the private key of the digital wallet includes: The installation package of the digital wallet is a non-original installation package;
  • the factors determined by the execution module affecting the security of the private key of the digital wallet include: a private key It is stored completely.
  • the device further includes a third obtaining module, where the third obtaining module includes:
  • a determining subunit configured to determine whether a transaction record corresponding to the target account stored by the electronic device where the digital wallet is stored exists when a transaction record for the target account of the digital wallet is generated in the blockchain ledger The detected transaction record, if yes, triggering the first generation unit, and if not, triggering the second generation unit;
  • the first generating unit is configured to generate asset security detection information that determines that the target account does not have a security risk
  • the second generating unit is configured to generate asset security detection information that determines that the target account has a security risk.
  • An electronic device includes a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus;
  • a memory for storing a computer program
  • the processor when executed to execute a computer program stored on the memory, implements the method steps of any of the above.
  • a computer readable storage medium having stored therein a computer program, the computer program being executed by a processor to implement the method steps of any of the above.
  • the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby improving security.
  • FIG. 1 is a schematic flowchart of a digital wallet asset protection method according to an embodiment of the present application
  • FIG. 2 is a schematic structural diagram of a digital wallet security defense system according to an embodiment of the present application.
  • FIG. 3 is a schematic flowchart of a process for obtaining user behavior information that affects private key security of a digital wallet according to an embodiment of the present disclosure
  • FIG. 4 is a schematic flowchart of a process for obtaining asset security detection information of a digital wallet according to an embodiment of the present application
  • FIG. 5 is a schematic structural diagram of a digital wallet asset protection apparatus according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
  • the embodiment of the present application provides a digital wallet asset protection method, apparatus, electronic device, and storage medium.
  • the execution body of the digital wallet asset protection method provided by the embodiment of the present application may be a digital wallet client or an electronic device, and the digital wallet client may also be referred to as a digital wallet.
  • the digital wallet client is installed in an electronic device, including but not limited to a mobile phone and a tablet.
  • a digital wallet asset protection method provided by an embodiment of the present application may include:
  • S101 Perform at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtain a detection result corresponding to the performed detection operation.
  • digital wallet assets are not only related to the digital wallet itself, but also to electronic devices. Whether it is user behavior for electronic devices or user behavior for digital wallets, it may affect digital wallet assets. Therefore, in order to protect the security of digital wallet assets, user behavior detection can be performed.
  • the user behavior for the electronic device may include, but is not limited to, accessing a webpage, opening a mail, or using a communication-type application; user behavior for the digital wallet includes, but is not limited to, a transfer or a digital wallet private key backup.
  • a virus may exist in the electronic device, and the virus may damage the data of the digital wallet installed in the electronic device, thereby causing the digital wallet asset to be insecure.
  • the manner of detecting user behavior may be: digital wallet for user behavior detection, or digital wallet calling other applications for user behavior detection.
  • the security of the electronic device where the digital wallet is located will have an impact on the digital wallet assets. Therefore, in order to protect the security of the digital wallet assets, the electronic device security detection of the digital wallet can be performed.
  • the electronic device security detection of the digital wallet may include, but is not limited to, the following aspects:
  • the first aspect is directed to security detection of the digital wallet operating environment.
  • Security detection for the digital wallet operating environment may include, but is not limited to, virus detection, vulnerability detection, root root authority detection, and network transmission security detection of the electronic device where the digital wallet is located.
  • the virus detection of the electronic device where the digital wallet is located is: detecting whether there is a virus in the electronic device where the digital wallet is located, for example, malware, malicious programs, and the like;
  • the vulnerability detection of the electronic device where the digital wallet is located is: detecting whether there is a vulnerability in the electronic device where the digital wallet is located, wherein the vulnerability is a defect in the hardware, software, protocol implementation or system security policy, so that the attacker can Access or destroy the system without authorization;
  • the root root permission of the electronic device where the digital wallet is located is detected as: detecting whether the electronic device where the digital wallet is located has root root authority, wherein obtaining root authority means that the highest authority of the system has been obtained, and any file in the system can be included (including System files) perform all operations of adding, deleting, changing, and checking;
  • the network transmission security detection of the electronic device where the digital wallet is located is: detecting whether the network used by the electronic device where the digital wallet is located is safe.
  • the second aspect is directed to the security detection of the digital wallet itself.
  • the security detection for the digital wallet itself may include, but is not limited to, read and write permission detection of the memory corresponding to the digital wallet, repacking detection of the installation package of the digital wallet, and detection of the private key storage mode of the digital wallet.
  • the read/write permission of the memory corresponding to the digital wallet is detected as: detecting the read/write status of the memory occupied by the digital wallet, for example, the read/write status is: readable and writable or read-only;
  • the repackaging of the installation package of the digital wallet is: detecting whether the installation package of the digital wallet is a repackaged installation package, that is, detecting whether the installation package of the digital wallet is a non-original installation package;
  • the private key storage mode of the digital wallet is detected as: detecting which storage mode the digital wallet's private key is stored in.
  • the asset security detection for the digital wallet is mainly the detection of whether the assets in the digital wallet are safe, and may include, but is not limited to, whether the assets are stolen and the assets are abnormally traded.
  • the security detection of the three aspects does not necessarily need to be performed simultaneously.
  • the user behavior detection is performed. And performing at least one detecting operation of the electronic device security detection of the digital wallet and performing the asset security detection of the digital wallet, and after performing the at least one detecting operation, obtaining the detection result corresponding to the executed detecting operation.
  • the embodiment of the present application provides a digital wallet security defense system, which may include at least one of the following three modules:
  • a user behavior security module for performing security defenses related to user behavior, including but not limited to performing user behavior detection
  • the electronic device security defense module is configured to perform security defense related to the electronic device where the digital wallet is located, including but not limited to performing security detection of the electronic device where the digital wallet is located;
  • An asset security management module for performing security defenses related to assets of the digital wallet, including but not limited to asset security testing of digital wallets.
  • the digital wallet security defense system may include other modules related to digital wallet security, including any of the above three modules, and is not limited herein.
  • Digital wallet assets can be protected by the above digital wallet security defense system, that is, the protection of user assets.
  • the preset asset protection operation can be performed.
  • S102 may include: outputting safety prompt information to the user based on the obtained detection result.
  • the security alert information may be the following: "security setting guidance information for guiding the user to improve the security of the private key of the digital wallet", and "prompting information for prompting the user to deal with factors affecting the security of the private key. And one or more of “a warning message for alerting a user of the target account of the digital wallet that the target account has a security risk”.
  • security prompt information By outputting security prompt information, guiding the user to perform security settings, or guiding the user to deal with factors affecting the security of the private key, or alerting the user to alert, etc., the security of the solution can be improved.
  • the detection result obtained is also at least one.
  • the detection result corresponding to the user behavior detection operation is taken as the first detection result, and the detection result corresponding to the electronic device security detection of the digital wallet is used as the second detection result, and the asset security detection corresponding to the digital wallet is performed.
  • the test result is used as the third test result.
  • the asset protection operation corresponding to the first detection result is performed when the first detection result is obtained, and the user behavior security module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the first detection result.
  • the asset protection operation corresponding to the second detection result is performed, and the electronic device security defense module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the second detection result.
  • the asset protection operation corresponding to the third detection result is performed, and the asset security management module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the third detection result.
  • each test result corresponds to an asset protection operation and at least one of the obtained detection results, at least one of the asset protection operations performed is performed.
  • asset protection operations may include, but are not limited to, outputting prompt information, outputting boot information, and outputting alert information.
  • the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
  • the detection result corresponding to the foregoing user behavior detection operation may be user behavior information that affects the security of the digital wallet's private key
  • the detection result corresponding to the electronic device security detection of the digital wallet may be the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet may be the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the security of the digital wallet asset is mainly related to the private key of the digital wallet, if the private key of the digital wallet is not secure, the digital wallet asset is not secure. Therefore, in order to protect the security of the digital wallet asset, user behavior detection is performed. Obtaining user behavior information that affects the security of the digital wallet's private key, and the user behavior information that affects the private key of the digital wallet is the detection result corresponding to the user behavior detection operation.
  • the user behavior detection plug-in can be used to detect which operations the user performed, so that all user behavior information of the user operating the electronic device can be obtained. Then, each of the detected user behavior information is matched with the user behavior information stored in the preset behavior information table.
  • the user behavior information stored in the preset behavior information table is: user behavior information that affects the security of the digital wallet private key.
  • the detected user behavior information matches a user behavior information stored in the preset behavior information table, it indicates that the user behavior corresponding to the detected user behavior information threatens the security of the private key.
  • the detected user behavior information may be determined as user behavior information that affects the security of the digital wallet's private key.
  • the user behavior information affecting the security of the private key may also be obtained by presetting the questionnaire.
  • the process of obtaining user behavior information that affects the private key security of the digital wallet may include:
  • S201 Display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected.
  • the digital wallet can present a preset survey to the user.
  • the user can then fill out the preset questionnaire based on the user behavior that has been manipulated.
  • the preset user behavior information recorded in the questionnaire may include: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and using only a numeric password as an asset payment password. At least one of the behavioral information.
  • the preset user behavior information may further include: behavior information for backing up the private key by handwriting, and feedback behavior information of the account password being stolen, etc., of course, is not limited thereto.
  • those skilled in the art can set preset user behavior information according to actual conditions, and will not be described in detail herein.
  • the digital wallet can obtain the questionnaire result of the preset questionnaire.
  • S203 Determine the preset user behavior information selected in the questionnaire result as the user behavior information that affects the security of the digital wallet's private key.
  • the digital wallet can determine the selected preset user behavior information in the questionnaire result as the user behavior information that affects the security of the digital wallet's private key.
  • the obtained detection result is the security detection information, that is, the security detection of the electronic device where the digital wallet is located, and the number is obtained.
  • the security detection information of the electronic device where the wallet is located, and the security detection information of the electronic device where the digital wallet is located is the detection result corresponding to the security detection of the electronic device where the digital wallet is located.
  • the process of obtaining the security detection information of the electronic device where the digital wallet is located may include:
  • the first security detection information includes: at least one of virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection information of the electronic device where the digital wallet is located ;
  • the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, repacking detection information of the installation package of the digital wallet, and private key storage of the digital wallet At least one of the mode detection information.
  • the operating environment of the digital wallet refers to an environment in which the program code corresponding to the digital wallet is run.
  • the security of the digital wallet's operating environment will affect the security of the digital wallet's private key, thereby affecting the digital wallet assets.
  • the criminals can easily find a breakthrough from these security risks to steal the private key, thereby making the security of the private key threatened, further threatening the digital wallet assets. Therefore, in the embodiment of the present application, in order to ensure the security of the private key, that is, to ensure the security of the digital wallet asset, the security detection information of the operating environment of the digital wallet can be obtained.
  • the security detection information of the operating environment of the digital wallet may be detected by using security detection software installed in the electronic device where the digital wallet is located. Then, the digital wallet can request to obtain the security detection information detected by the security detection software, and use the obtained security detection information as the first security detection information.
  • the security detection information of the operating environment of the digital wallet can be directly detected by the security detection plug-in in the digital wallet, and the detected security detection information is used as the first security detection information. It is reasonable.
  • the obtained first security detection information may include at least one of virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection information of the electronic device where the digital wallet is located, and is not limited thereto. .
  • the virus detection information is found to be a virus
  • the vulnerability detection information is a vulnerability
  • the root root authority detection information is the root root authority is turned on
  • the network transmission security detection information is at least one of the non-secure transmission network, the number is indicated. There is a security risk in the running environment of the wallet.
  • the vulnerability includes but is not limited to operating system vulnerabilities and application vulnerabilities of the electronic device.
  • the inventors have also discovered that those skilled in the art often overlook that the digital wallet itself also has an impact on the security of the digital wallet's private key, thereby affecting digital wallet assets.
  • the security package corresponding to the digital wallet is a repackaged installation package, that is, when the original installation package is not, the malicious code for stealing the private key may be written in the installation package. Therefore, in the embodiment of the present application, in order to ensure the security of the private key, that is, to ensure the security of the digital wallet asset, the security detection information of the digital wallet itself may be acquired, and the security detection information of the digital wallet itself is used as the second security detection information.
  • the obtained second security detection information may include: read and write permission detection information of the memory corresponding to the digital wallet, repackaging detection information of the installation package of the digital wallet, and private key storage mode detection information of the digital wallet. At least one of them is of course not limited to this.
  • the memory corresponding to the digital wallet refers to a storage space designated for storing digital wallet related data when the digital wallet is installed. Since the private key of the digital wallet may be stored by the user in the memory corresponding to the digital wallet, when the read/write permission detection information of the memory is readable and writable, it indicates that the private key is stolen and tampered. Danger.
  • the private key storage mode detection information of the digital wallet is a complete storage private key
  • the completely stored private key is more easily stolen by criminals, that is, in the storage mode, the private key also exists. The danger of stealing.
  • the obtained detection result is the asset security detection information, and therefore, the asset security detection of the digital wallet is performed, and the number is obtained.
  • the asset security detection information of the wallet is information indicating whether the target account asset of the digital wallet has a security risk
  • the asset security detection information of the digital wallet is the detection result corresponding to the asset security detection of the digital wallet.
  • the process of obtaining the asset security detection information of the digital wallet may include:
  • Step S301 When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located, and if so, executing Step S302, if no, step S303 is performed.
  • the electronic device can monitor the blockchain ledger in real time, detect whether a new transaction record is generated in the blockchain ledger, and when detecting the generation of a new transaction record, determine whether the new transaction record is a transaction record for the target account, when determining The new transaction record is a transaction record for the target account, that is, when the transaction record of the target account for the digital wallet is detected in the blockchain book, the generated transaction record for the target account is obtained as the current transaction record, that is, The detected transaction record is the current transaction record.
  • the target account is an account that is registered based on the digital wallet.
  • each account corresponds to a private key, which is a unique certificate having the right to allocate assets in the account, each private key corresponding to an account address, and the user who owns the private key can own the account. The right to assign assets in the address.
  • the blockchain account When the account generates an asset transaction, the blockchain account will generate an asset transaction record, that is, the transaction record. At the same time, when the account is logged in, the digital wallet device will also generate and store an asset transaction record in the transaction record.
  • the record includes: the correspondence between the account address of the account and the account address of the destination party corresponding to the asset transaction, and the asset balance of the account.
  • the above blockchain account when Account A generates an asset transaction, that is, when transferring to Account B, the above blockchain account will generate a transaction record, which is the account address of Account A - the account address of Account B, and the account address of Account A.
  • Balance a wherein the account address of the above account A - the account address of the account B represents the correspondence of the account address of the account A - the account address of the account B.
  • the blockchain book also stores the generation time corresponding to each transaction record, and may also store the transaction amount of each transaction record.
  • the above blockchain ledger stores transaction records for asset transactions for all accounts, and all transaction records stored in the blockchain book are disclosed to all accounts mentioned above.
  • the foregoing assets may be: digital currency, for example, bitcoin and Ethernet, and the like.
  • the current transaction record is compared with the transaction record corresponding to the target account stored in the electronic device where the digital wallet is stored, to determine the target account corresponding to the electronic device where the digital wallet is stored. In the transaction record, whether the current transaction record exists, and then the subsequent steps are performed based on the determination result.
  • the latest transaction record corresponding to the target account stored in the electronic device where the digital wallet is stored may be firstly compared based on the chronological reverse order comparison. For comparison, when the determination is different, the comparison is continued until the comparison with each transaction record is completed.
  • the comparison may be a non-first comparison.
  • the current transaction record when the current transaction record is compared with the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be based on the reverse order of time series, only Compare the current transaction record with the transaction record after the transaction record compared to the previous comparison of this comparison.
  • S302 Generate asset security detection information that determines that the target account does not have a security risk.
  • the current transaction record may be determined to be initiated by the user logged in by the electronic device for the target account, and may indicate The target account is secure, and the private key corresponding to the target account is not stolen.
  • asset security detection information that determines that the target account does not have a security risk is generated.
  • S303 Generate asset security detection information that determines that the target account has a security risk.
  • the current transaction record does not exist in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be determined that the current transaction record is not initiated by the user logged in by the electronic device for the target account, It can be indicated that the target account is unsafe, and there is a security risk, for example, the private key corresponding to the target account is stolen.
  • the transaction record is a legitimate transaction by determining whether there is a detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, thereby determining whether the target account has a security risk.
  • the target account has a security risk
  • the asset security detection information that determines that the target account has a security risk is generated.
  • the detection result corresponding to the user behavior detection operation is the user behavior information that affects the security of the digital wallet's private key;
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the digital wallet The detection result corresponding to the asset security detection is the asset security detection information of the digital wallet, and the asset security detection information is based on the information indicating whether the target account asset of the digital wallet has a security risk, and the detection result corresponding to the user behavior detection operation is determined as the first
  • the detection result corresponding to the electronic device security detection of the digital wallet is determined as the second detection result
  • the detection result corresponding to the asset security detection of the digital wallet is determined as the third detection result.
  • performing the preset asset protection operation based on the obtained detection result may include:
  • performing the preset asset protection operation based on the obtained detection result may include:
  • performing the preset asset protection operation based on the obtained detection result may include:
  • the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists
  • performing the preset asset protection operation based on the obtained detection result may include:
  • performing the preset asset protection operation based on the obtained detection result may include:
  • the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists
  • performing the preset asset protection operation based on the obtained detection result may include:
  • the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists
  • performing the preset asset protection operation based on the obtained detection result may include:
  • the user who outputs the target account for alerting the digital wallet has the warning information of the security risk.
  • the foregoing determining the security setting guiding information according to the user behavior information may include:
  • the security setting guidance information is obtained based on the security level evaluation result.
  • using the preset security level evaluation criteria and the user behavior information to obtain the security level assessment result of the user behavior may include:
  • the preset safety level evaluation standard includes: a correspondence between the quantity range and the safety level;
  • the security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
  • the preset security level evaluation standard includes: a correspondence between the quantity range and the security level. After that, the security level corresponding to the quantity range in which the quantity is located can be determined as the security level evaluation result of the user behavior.
  • the user behavior information that obtains the security of the private key of the digital wallet is: when the behavior information of the high-risk webpage is accessed, the behavior information of the email that has opened the virus, and the behavior information of the private key through the screen capture, the obtained information can be determined.
  • the number of user behavior information is 3.
  • the quantity range quantity ⁇ 1 has a corresponding relationship with the high security level; the quantity range 1 ⁇ quantity ⁇ 2 has a corresponding relationship with the medium security level; the quantity range quantity ⁇ 3 and the low security level have Correspondence relationship.
  • the determined low security level corresponding to the quantity range number ⁇ 3 in the determined quantity 3 can be determined as the security level evaluation result of the user behavior, that is, the security level of the user behavior of the user is determined to be low.
  • the total score of the obtained user behavior information may also be determined based on a preset score table.
  • the preset score table records: a correspondence between the user behavior information and the score. Then, the range of scores in which the total score is located in the preset security level evaluation criteria can be determined.
  • the preset security level evaluation standard includes: a correspondence between the score range and the security level. After that, it is reasonable to determine the security level corresponding to the quantity range in which the total score is located as the security level evaluation result of the user behavior.
  • the foregoing obtaining security setting guidance information based on the security level evaluation result may include:
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • preset security setting guidance information may be obtained.
  • the preset security setting guiding information may include: a virus killing reminding information and a distributed storage private key reminding information.
  • the security setting guidance information corresponding to the obtained user behavior information may be determined according to the obtained user behavior information.
  • the determined security setting guiding information may include: virus killing reminding information.
  • the obtained user behavior information includes: performing behavior information of backing up the private key through the screen capture
  • the determined security setting guidance information may include: decentralized storage private key reminding information.
  • the obtained user behavior information includes: using only the digital password as the behavior information of the asset payment password
  • the determined security setting guidance information may include: using the biometric password as the asset payment password reminding information. It can be understood that the security setting guiding information is: prompt information for guiding the user to eliminate the stolen threat of the private key caused by the obtained user behavior information.
  • the decentralized storage of the private key may refer to: dividing the private key into several parts by a preset threshold algorithm, and then performing distributed storage on each part. In this way, it is difficult for the illegal molecule to obtain the complete secret key, and the cost of obtaining the complete secret key by the illegal molecule is increased, so that the security of the secret key can be improved.
  • the security setting guidance information can be obtained: the distributed storage private key reminder Information, or, can obtain security settings guidance information: it is reasonable to distribute the private key to the preset security chip reminder information.
  • the security setting boot information for guiding the user to increase the security of the digital wallet's private key can be output. Since the security setting guidance information is obtained according to the user behavior information, it is realized from the user behavior level: the security defense operation for eliminating the private key theft threat, and can guide the user to perform the security defense operation to improve the digital wallet The security of the private key guarantees the security of the assets in the digital wallet.
  • the digital wallet on the electronic device can obtain user behavior information that affects the security of the private key of the digital wallet. Then, the preset security level evaluation standard and the user behavior information may be used to perform a security level assessment on the user behavior performed by the user of the electronic device, and obtain a security level evaluation result. Thereafter, based on the security level evaluation result, security setting guidance information for the electronic device can be obtained, and the security setting guidance information can be displayed.
  • the security setting guide information is information for guiding the user to improve the security of the digital wallet's private key. Therefore, through the security setting guiding information, the user can learn the security defense operation for eliminating the threat of the private key being stolen, and thereby the security of the digital wallet can be improved by the security defense operation, and the assets in the digital wallet are ensured. Safety.
  • a person skilled in the art may determine, according to the specific requirement, the digital security wallet according to the first security detection information and/or the second security detection information.
  • the security factor of the private key may be determined, according to the specific requirement, the digital security wallet according to the first security detection information and/or the second security detection information.
  • the obtained virus detection information when the obtained virus detection information is: When the virus is found, the determined factors affecting the security of the digital wallet's private key include the presence of the virus.
  • the vulnerability detection information obtained when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability.
  • the root root permission detection information obtained when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is turned on.
  • the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network.
  • the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written.
  • the obtained repackaging detection information is: for the repackaged installation package
  • the determined factors affecting the security of the digital wallet's private key include: the digital wallet installation package is a non-original installation package.
  • the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
  • the determined factors may be utilized to generate the prompt information, and the generated prompt information is output to prompt the user to process the factors affecting the security of the private key.
  • the security of the private key is: when the installation package of the virus and digital wallet is a non-original installation package, generate a prompt message: there is a virus threat, please check the virus; the digital wallet installation package is not the original version Installation package, it is recommended to use the original installation package to install digital wallet.
  • the generated prompt information also includes: There is a vulnerability threat, please fix the vulnerability; it is recommended to turn off the root root privilege; currently it is a non-secure transport network, it is recommended to use a secure transport network; it is recommended to read and write the memory; it is recommended to enable the secure storage mode to decentralize the storage private key.
  • the digital wallet can obtain the security detection information of the operating environment of the digital wallet as the first security detection information, and can also obtain its own security detection information as the second security detection information. Then, factors affecting the security of the private key of the digital wallet may be determined according to the obtained first security detection information and/or second security detection information.
  • the prompt information can be generated by using the determined factors, and the prompt information is output. In this way, the user can know which factors in the electronic device affect the security of the digital wallet's private key through the prompt information, so that these factors can be processed in time to protect the private key and ensure the security of the assets in the digital wallet.
  • the security keyboard is a virtual keyboard that is displayed on the screen of the electronic device and is input by a mouse click to change the position of the input key randomly.
  • the address white list includes a secure transaction address and a contract address.
  • the transaction address and contract address of the transaction do not match the address in the white list of the address, it indicates that the transaction address and the contract address of the transaction are addresses with security threats, and the user may be issued a danger warning to prompt the user to be cautious. Trading, thus ensuring the security of assets in the digital wallet.
  • the target account when the asset security detection information indicating that the target account has a security risk is generated, the target account is insecure, and the private key corresponding to the target account may be stolen, and the target account asset has a security risk, that is, according to the asset.
  • the security monitoring information determines that the target account assets have security risks.
  • the warning information may be output, and the user of the target account is alerted to the security risk of the target account, so that the user performs the corresponding operation of protecting the target account.
  • the foregoing warning information may be outputted in the form of an audible prompt, may be outputted in the form of a screen brightness prompt, may be outputted in the form of a text information prompt, or may be outputted in the form of an interface jump prompt, etc.
  • the embodiment of the present application does not limit the prompting form of the above warning information.
  • the transaction record is a legitimate transaction by comparing the transaction record for the target account in the blockchain account with the transaction record stored by the electronic device where the digital wallet is located, and determining whether the target account is a legitimate transaction. There is a security risk. When there is no detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be determined that the target account has a security risk, and the warning information is output to alert the user account of the target account to exist. Security risks to achieve identification of account security.
  • the asset security detection information that determines that the target account does not have a security risk When the asset security detection information that determines that the target account does not have a security risk is generated, it indicates that the target account is secure, and the private key corresponding to the target account is not stolen. At this time, in order to better improve the user experience, the current transaction record may continue to be output to remind the user that the target account has a transaction so as to be a voucher for the user's asset transaction.
  • the communication identifier of the user bound to the target account may be obtained first, and the current transaction record is output based on the obtained communication identifier.
  • the foregoing communication identifier may be a mailbox number.
  • the electronic device may send the current transaction record to the email address corresponding to the email address in the form of an email; the communication identifier may be a mobile phone number, and at this time, the electronic device may The current transaction record is sent to the mobile phone corresponding to the mobile phone number in the form of a short message, or the current transaction record is sent to the mobile phone corresponding to the mobile phone number in the form of a phone, and the user can answer the call and learn the current transaction. recording.
  • the method may further include:
  • the transaction record corresponding to the obtained target account is outputted, so that the user can view the transaction record corresponding to the target account and perform the transaction.
  • the blockchain book can be monitored in real time, and the cycle can be preset. Whenever a cycle arrives, the transaction record corresponding to the target account is obtained from the blockchain ledger, and the transaction record corresponding to the target account is output. To display to the user, so that the user can view the transaction record corresponding to the target account and check the account. Alternatively, each time a bill obtaining instruction issued by the user is obtained, in response to the bill obtaining instruction, the transaction record corresponding to the target account is obtained from the blockchain ledger, and the transaction record corresponding to the target account is outputted to be displayed to the user. In order for the user to view the transaction record corresponding to the target account and the account.
  • the method may further include:
  • a prompt message is output to prompt the user to change the account.
  • the user may continue to output prompt information to the user to prompt the user. Change your account.
  • the foregoing prompt information may include preset operation information for guiding the user to replace the account, so that the user can create a new account based on the guidance of the electronic device, that is, the preset operation information, that is, create a private key corresponding to the new account.
  • the account is replaced by enabling the user to log in to the new account based on the new private key and transfer the assets of the target account to the new account. To a certain extent, to protect the security of the user's assets.
  • the foregoing warning information may be outputted in the form of a text message prompt.
  • the warning information may be output in the form of a pop-up window, and the pop-up pop-up window includes: the user who alerts the target account that the target account exists.
  • the information about the security risk, or the above warning information is outputted in the form of GCM (Google Cloud Messaging) Push, which is a cloud push message service.
  • GCM Google Cloud Messaging
  • the foregoing output warning information may include:
  • the warning message is output in the form of a pop-up window.
  • the foregoing warning information may be output in various forms.
  • the method may further include:
  • the foregoing steps for outputting the warning information may include:
  • the warning information is output based on the obtained communication identifier of the user.
  • the electronic device may obtain the communication identifier of the user that is bound to the target account in advance.
  • the communication identifier may include a mobile phone number and/or a mailbox number, and the electronic device may be obtained based on the foregoing.
  • the communication identifier is a mailbox number.
  • the electronic device may send the foregoing warning information to the mailbox corresponding to the mailbox number in the form of an email; the communication identifier is a mobile phone number, and at this time, the electronic device may The above warning information is sent to the mobile phone corresponding to the mobile phone number in the form of a short message, or the above warning information is sent to the mobile phone corresponding to the mobile phone number in the form of a telephone, and the user can answer the above-mentioned telephone to learn the warning information.
  • the embodiment of the present application further provides a digital wallet asset protection device.
  • the device may include:
  • the detecting module 501 is configured to perform at least one detecting operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtain a detection result corresponding to the performed detection operation;
  • the executing module 502 is configured to perform a preset asset protection operation based on the obtained detection result.
  • the computer program when executed by the processor, at least one detecting operation of performing user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet is performed, and the detection corresponding to the performed detection operation is obtained. As a result, a preset asset protection operation is performed based on the obtained detection result.
  • the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
  • the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the executing module 502 is specifically configured to: output security prompt information to the user based on the obtained detection result.
  • the device may further include:
  • a processing module configured to determine, as a first detection result, a detection result corresponding to the user behavior detection operation, and determine a detection result corresponding to the electronic device security detection of the digital wallet as a second detection result, where the digital wallet is The test result corresponding to the asset security test is determined as the third test result;
  • the execution module 502 can be specifically configured to:
  • the obtained detection result is: the first detection result, determining security setting guidance information according to the user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
  • the obtained detection result is: the second detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting a prompt for prompting the user to affect the security of the private key Prompt information for processing factors;
  • the third detection result when determining that the target account asset has a security risk according to the asset security detection information, outputting the target account for alerting the target account of the digital wallet Warning information for safety hazards;
  • the obtained detection result is: the first detection result and the second detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
  • the obtained detection result is: the first detection result and the third detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
  • the obtained detection result is: the second detection result and the third detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting is used to prompt the user to Prompt information that affects the security of the private key;
  • the obtained detection result is: the first detection result, the second detection result, and the third detection result, determining safety setting guidance information according to the user behavior information, and outputting for guiding the user to improve the Security setting security information for the security of the private key of the digital wallet;
  • the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  • the device may further include a first obtaining module, where the first obtaining module may include:
  • a display unit configured to display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet private key, and a check box corresponding to each preset user behavior information When a check box corresponding to the preset user behavior information is selected, it indicates that the preset user behavior information is selected;
  • a questionnaire obtaining unit for obtaining a questionnaire result of the preset questionnaire
  • the user behavior information determining unit is configured to determine the selected preset user behavior information in the questionnaire result as user behavior information that affects the private key security of the digital wallet.
  • the executing module 502 may include:
  • a security level evaluation result obtaining unit configured to obtain a security level evaluation result of the user behavior by using a preset security level evaluation standard and the user behavior information
  • the security setting guidance information obtaining unit is configured to obtain security setting guidance information based on the security level evaluation result.
  • the preset user behavior information may include: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and only The digital password is used as at least one of the behavior information of the asset payment password.
  • the security level evaluation result obtaining unit may include:
  • a quantity determining subunit configured to determine the quantity of the user behavior information
  • a quantity range determining subunit configured to determine a quantity range in which the quantity is located in a preset security level evaluation criterion; wherein the preset security level evaluation standard includes: a correspondence between a quantity range and a security level;
  • the security level evaluation result determining sub-unit is configured to determine a security level corresponding to the quantity range in which the quantity is located, as a security level evaluation result of the user behavior.
  • the security setting guiding information obtaining unit may include:
  • a determining subunit configured to determine whether the obtained security level evaluation result is low, and if so, triggering the security setting guiding information determining subunit;
  • the security setting guiding information determining subunit is configured to determine security setting guiding information corresponding to the obtained user behavior information
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • the device may further include a second obtaining module, where the second obtaining module may include:
  • a first security detection information obtaining unit configured to obtain first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information of the electronic device where the digital wallet is located, At least one of root root authority detection information and network transmission security detection information;
  • a second security detection information obtaining unit configured to obtain second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, the number At least one of repackaging detection information of the installation package of the wallet and private key storage mode detection information of the digital wallet.
  • virus detection information obtained by the first security detection information obtaining unit when a virus is found, the security key determined by the execution module affecting the digital wallet is secure.
  • sexual factors include the presence of a virus;
  • the vulnerability detection information obtained by the first security detection information obtaining unit is: when there is a vulnerability, the factor determined by the execution module affecting the security of the private key of the digital wallet includes a vulnerability;
  • the root root authority detection information obtained by the first security detection information obtaining unit is: when the root root authority is enabled, the security factor determined by the execution module affecting the private key of the digital wallet includes the root root authority being Open
  • factors determined by the execution module affecting the security of the private key of the digital wallet include: being in a non-secure transmission network. ;
  • the factors determined by the execution module affecting the security of the private key of the digital wallet include: the memory is not performed. Read and write protection;
  • a factor determined by the execution module to affect security of the private key of the digital wallet includes: The installation package of the digital wallet is a non-original installation package;
  • the factors determined by the execution module affecting the security of the private key of the digital wallet include: a private key It is stored completely.
  • the device may further include a third obtaining module, where the third obtaining module may include:
  • a determining subunit configured to determine whether a transaction record corresponding to the target account stored by the electronic device where the digital wallet is stored exists when a transaction record for the target account of the digital wallet is generated in the blockchain ledger The detected transaction record, if yes, triggering the first generation unit, and if not, triggering the second generation unit;
  • the first generating unit is configured to generate asset security detection information that determines that the target account does not have a security risk
  • the second generating unit is configured to generate asset security detection information that determines that the target account has a security risk.
  • the embodiment of the present application further provides an electronic device, as shown in FIG. 6, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, wherein the processor 601, the communication interface 602, and the memory 603 pass through the communication bus 604.
  • the processor 601 is configured to perform the following method steps when executing the computer program stored on the memory 603:
  • the preset asset protection operation is performed based on the obtained detection result.
  • the electronic device performs at least one detection operation of the user behavior detection, the electronic device security detection of the digital wallet, and the asset security detection of the digital wallet, and obtains the detection result corresponding to the performed detection operation, based on the obtained
  • the detection result is performed by performing a preset asset protection operation.
  • the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
  • the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the method may further include:
  • the detection result is determined as the third detection result
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  • the obtaining process of the user behavior information that affects the security of the private key of the digital wallet may include:
  • the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
  • the selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
  • the step of determining the security setting guide information according to the user behavior information may include:
  • the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has been opened with a virus, behavior information of backing up a private key by screen capture, and only utilizing The digital password is at least one of behavioral information of the asset payment password.
  • the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information may include:
  • the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
  • the security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
  • the step of obtaining the security setting guiding information based on the security level evaluation result may include:
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • the obtaining process of the security detection information of the electronic device where the digital wallet is located may include:
  • first security detection information of an operating environment of the digital wallet includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
  • the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet
  • the private key of the digital wallet stores at least one of mode detection information.
  • the obtained virus detection information when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the private key of the digital wallet include the presence of a virus;
  • the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
  • the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
  • the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network
  • the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
  • the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
  • the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
  • the process of obtaining the asset security detection information of the digital wallet may include:
  • the communication bus mentioned in the above electronic device may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus.
  • PCI Peripheral Component Interconnect
  • EISA Extended Industry Standard Architecture
  • the communication bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in the figure, but it does not mean that there is only one bus or one type of bus.
  • the communication interface is used for communication between the above electronic device and other devices.
  • the memory may include a random access memory (RAM), and may also include a non-volatile memory (NVM), such as at least one disk storage.
  • RAM random access memory
  • NVM non-volatile memory
  • the memory may also be at least one storage device located away from the aforementioned processor.
  • the above processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; or may be a digital signal processing (DSP), dedicated integration.
  • CPU central processing unit
  • NP network processor
  • DSP digital signal processing
  • ASIC Application Specific Integrated Circuit
  • FPGA Field-Programmable Gate Array
  • the embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, and when the computer program is executed by the processor, the following method steps are implemented:
  • the preset asset protection operation is performed based on the obtained detection result.
  • the computer program when executed by the processor, at least one detecting operation of performing user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet is performed, and the detection corresponding to the performed detection operation is obtained. As a result, a preset asset protection operation is performed based on the obtained detection result.
  • the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
  • the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet
  • the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
  • the detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  • the method may further include:
  • the detection result is determined as the third detection result
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the step of performing a preset asset protection operation based on the obtained detection result includes:
  • the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  • the obtaining process of the user behavior information that affects the security of the private key of the digital wallet may include:
  • the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
  • the selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
  • the step of determining the security setting guide information according to the user behavior information may include:
  • the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has been opened with a virus, behavior information of backing up a private key by screen capture, and only utilizing The digital password is at least one of behavioral information of the asset payment password.
  • the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information may include:
  • the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
  • the security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
  • the step of obtaining the security setting guiding information based on the security level evaluation result may include:
  • the determined security setting guiding information includes: a virus killing reminding information
  • the user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior
  • the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  • the obtaining process of the security detection information of the electronic device where the digital wallet is located may include:
  • first security detection information of an operating environment of the digital wallet includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
  • the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet
  • the private key of the digital wallet stores at least one of mode detection information.
  • the obtained virus detection information when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the private key of the digital wallet include the presence of a virus;
  • the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
  • the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
  • the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network
  • the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
  • the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
  • the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
  • the process of obtaining the asset security detection information of the digital wallet may include:
  • the embodiment of the present application also provides an executable program code for being executed to execute any of the above digital wallet asset protection methods.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An asset protection method and apparatus for a digital wallet, an electronic device, and a storage medium. The method comprises: executing at least one detection operation of user behavior detection, safety detection of an electronic device where a digital wallet is located, and asset safety detection of the digital wallet to obtain a detection result corresponding to the executed detection operation (S101); and on the basis of the obtained detection result, executing a preset asset protection operation (S102). By executing at least one safety detection operation, a detection result related to a digital wallet is obtained, and on the basis of the detection result, a preset asset protection operation is executed, thereby achieving the purpose of ensuring asset safety of the digital wallet of a user.

Description

一种数字钱包资产保护方法、装置、电子设备及存储介质Digital wallet asset protection method, device, electronic device and storage medium
本申请要求于2018年2月12日提交中国专利局、申请号为201810146797.4、发明名称为“一种数字钱包资产保护方法、装置、电子设备及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201810146797.4, entitled "Digital Wallet Asset Protection Method, Apparatus, Electronic Equipment and Storage Medium", filed on February 12, 2018, all of which are entitled The content is incorporated herein by reference.
技术领域Technical field
本申请涉及数字钱包技术领域,特别是涉及一种数字钱包资产保护方法、装置、电子设备及存储介质。The present application relates to the field of digital wallet technology, and in particular, to a digital wallet asset protection method, apparatus, electronic device, and storage medium.
背景技术Background technique
随着技术的发展,越来越多的用户使用数字钱包来管理数字货币(例如比特币和莱特币等)。其中,数字钱包是基于区块链技术的钱包。With the development of technology, more and more users use digital wallets to manage digital currencies (such as Bitcoin and Litecoin). Among them, the digital wallet is a wallet based on blockchain technology.
目前,针对数字钱包的方案均是考虑数字钱包的使用性的方案,例如:如何使用数字钱包更好的管理数字货币,还没有针对数字钱包进行安全保护的方案,使得数字钱包的资产随时面临被盗的风险,安全性较差。At present, the solution for digital wallet is to consider the use of digital wallet, for example, how to use digital wallet to better manage digital currency, and there is no solution for digital wallet security protection, so that the assets of digital wallet are facing at any time. The risk of theft is poor.
发明内容Summary of the invention
本申请实施例的目的在于提供一种数字钱包资产保护方法、装置、电子设备及存储介质,以提高安全性。具体技术方案如下:The purpose of the embodiments of the present application is to provide a digital wallet asset protection method, device, electronic device, and storage medium to improve security. The specific technical solutions are as follows:
一种数字钱包资产保护方法,所述方法包括:A digital wallet asset protection method, the method comprising:
执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;Performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
基于所获得的检测结果,执行预设资产保护操作。The preset asset protection operation is performed based on the obtained detection result.
可选的,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;Optionally, the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the digital wallet private key;
所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是 否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
可选的,所述方法还包括:Optionally, the method further includes:
将所述用户行为检测操作对应的检测结果确定为第一检测结果,将所述数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将所述数字钱包的资产安全检测对应的检测结果确定为第三检测结果;Determining, by the first detection result, the detection result corresponding to the user behavior detection operation, determining the detection result corresponding to the electronic device security detection of the digital wallet as the second detection result, and corresponding to the asset security detection of the digital wallet The detection result is determined as the third detection result;
当所获得的检测结果为:所述第一检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当所获得的检测结果为:所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果和所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第一检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出 用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When it is determined that the target account asset has a security risk according to the asset security detection information, outputting a warning message that the target account of the target account for alerting the digital wallet has a security risk;
当所获得的检测结果为:所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果、所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the second detection result, and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
可选的,所述影响数字钱包的私钥安全的用户行为信息的获得过程,包括:Optionally, the obtaining process of the user behavior information that affects the private key of the digital wallet includes:
显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;Displaying a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
获得所述预设调查问卷的问卷调查结果;Obtaining a questionnaire survey result of the preset questionnaire;
将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
可选的,所述根据所述用户行为信息,确定安全设置引导信息的步骤, 包括:Optionally, the step of determining the security setting guiding information according to the user behavior information includes:
利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;Using the preset security level evaluation criteria and the user behavior information to obtain a security level assessment result of the user behavior;
基于所述安全等级评估结果,获得安全设置引导信息。Based on the security level evaluation result, security setting guidance information is obtained.
可选的,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。Optionally, the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key through a screen capture, and behavior of using only a digital password as an asset payment password. At least one of the information.
可选的,所述利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果的步骤,包括:Optionally, the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information, including:
确定所述用户行为信息的数量;Determining the amount of the user behavior information;
确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;Determining, in the predetermined security level evaluation standard, the quantity range in which the quantity is located in the preset security level evaluation standard; the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
可选的,所述基于所述安全等级评估结果,获得安全设置引导信息的步骤,包括:Optionally, the step of obtaining the security setting guiding information based on the security level evaluation result includes:
判断所获得的安全等级评估结果是否为低;Determine whether the obtained safety level assessment result is low;
若是,确定所获得的用户行为信息对应的安全设置引导信息;If yes, determining security setting guidance information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
可选的,所述数字钱包所在电子设备的安全检测信息的获得过程,包括:Optionally, the obtaining process of the security detection information of the electronic device where the digital wallet is located includes:
获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;Obtaining first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。Obtaining the second security detection information of the digital wallet itself, the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet The private key of the digital wallet stores at least one of mode detection information.
可选的,当获得的病毒检测信息为:发现病毒时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;Optionally, when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the digital wallet's private key include the presence of a virus;
当获得的漏洞检测信息为:存在漏洞时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
当获得的根root权限检测信息为:根root权限开启时,所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
当获得的网络传输安全检测信息为:非安全网络时,所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network;
当获得的读写权限检测信息为:可读可写时,所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read and write permission detection information obtained is: readable and writable, the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
当获得的重打包检测信息为:为重打包的安装包时,所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the obtained repackaging detection information is: for the repackaged installation package, the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
当获得的私钥存储模式检测信息为:完整存储私钥时,所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
可选的,所述数字钱包的资产安全检测信息的获得过程,包括:Optionally, the process of obtaining the asset security detection information of the digital wallet includes:
当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录;When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located;
如果是,生成确定目标账户不存在安全隐患的资产安全检测信息;If yes, generate asset security detection information that determines that the target account does not have a security risk;
如果否,生成确定目标账户存在安全隐患的资产安全检测信息。If not, generate asset security detection information that identifies a security risk in the target account.
一种数字钱包资产保护装置,所述装置包括:A digital wallet asset protection device, the device comprising:
检测模块,用于执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;a detecting module, configured to perform at least one detecting operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
执行模块,用于基于所获得的检测结果,执行预设资产保护操作。An execution module is configured to perform a preset asset protection operation based on the obtained detection result.
可选的,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;Optionally, the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the digital wallet private key;
所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
可选的,所述装置还包括:Optionally, the device further includes:
处理模块,用于将所述用户行为检测操作对应的检测结果确定为第一检测结果,将所述数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将所述数字钱包的资产安全检测对应的检测结果确定为第三检测结果;a processing module, configured to determine, as a first detection result, a detection result corresponding to the user behavior detection operation, and determine a detection result corresponding to the electronic device security detection of the digital wallet as a second detection result, where the digital wallet is The test result corresponding to the asset security test is determined as the third test result;
所述执行模块,具体用于:The execution module is specifically configured to:
当所获得的检测结果为:所述第一检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result, determining security setting guidance information according to the user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
当所获得的检测结果为:所述第二检测结果时,根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;When the obtained detection result is: the second detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting a prompt for prompting the user to affect the security of the private key Prompt information for processing factors;
当所获得的检测结果为:所述第三检测结果时,当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When the obtained detection result is: the third detection result, when determining that the target account asset has a security risk according to the asset security detection information, outputting the target account for alerting the target account of the digital wallet Warning information for safety hazards;
当所获得的检测结果为:所述第一检测结果和所述第二检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result and the second detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第一检测结果和所述第三检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述 数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result and the third detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第二检测结果和所述第三检测结果时,根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;When the obtained detection result is: the second detection result and the third detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting is used to prompt the user to Prompt information that affects the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果、所述第二检测结果和所述第三检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result, the second detection result, and the third detection result, determining safety setting guidance information according to the user behavior information, and outputting for guiding the user to improve the Security setting security information for the security of the private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
可选的,所述装置还包括第一获得模块,所述第一获得模块,包括:Optionally, the device further includes a first obtaining module, where the first obtaining module includes:
显示单元,用于显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;a display unit, configured to display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet private key, and a check box corresponding to each preset user behavior information When a check box corresponding to the preset user behavior information is selected, it indicates that the preset user behavior information is selected;
问卷调查结果获得单元,用于获得所述预设调查问卷的问卷调查结果;a questionnaire obtaining unit for obtaining a questionnaire result of the preset questionnaire;
用户行为信息确定单元,用于将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The user behavior information determining unit is configured to determine the selected preset user behavior information in the questionnaire result as user behavior information that affects the private key security of the digital wallet.
可选的,所述执行模块,包括:Optionally, the execution module includes:
安全等级评估结果获得单元,用于利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;a security level evaluation result obtaining unit, configured to obtain a security level evaluation result of the user behavior by using a preset security level evaluation standard and the user behavior information;
安全设置引导信息获得单元,用于基于所述安全等级评估结果,获得安全设置引导信息。The security setting guidance information obtaining unit is configured to obtain security setting guidance information based on the security level evaluation result.
可选的,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。Optionally, the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key through a screen capture, and behavior of using only a digital password as an asset payment password. At least one of the information.
可选的,所述安全等级评估结果获得单元,包括:Optionally, the security level assessment result obtaining unit includes:
数量确定子单元,用于确定所述用户行为信息的数量;a quantity determining subunit, configured to determine the quantity of the user behavior information;
数量范围确定子单元,用于确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;a quantity range determining subunit, configured to determine a quantity range in which the quantity is located in a preset security level evaluation criterion; wherein the preset security level evaluation standard includes: a correspondence between a quantity range and a security level;
安全等级评估结果确定子单元,用于将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level evaluation result determining sub-unit is configured to determine a security level corresponding to the quantity range in which the quantity is located, as a security level evaluation result of the user behavior.
可选的,所述安全设置引导信息获得单元,包括:Optionally, the security setting guide information obtaining unit includes:
判断子单元,用于判断所获得的安全等级评估结果是否为低,如果是,触发安全设置引导信息确定子单元;a determining subunit, configured to determine whether the obtained security level evaluation result is low, and if so, triggering the security setting guiding information determining subunit;
所述安全设置引导信息确定子单元,用于确定所获得的用户行为信息对应的安全设置引导信息;The security setting guiding information determining subunit is configured to determine security setting guiding information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
可选的,所述装置还包括第二获得模块,所述第二获得模块,包括:Optionally, the device further includes a second obtaining module, where the second obtaining module includes:
第一安全检测信息获得单元,用于获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;a first security detection information obtaining unit, configured to obtain first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information of the electronic device where the digital wallet is located, At least one of root root authority detection information and network transmission security detection information;
第二安全检测信息获得单元,用于获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。a second security detection information obtaining unit, configured to obtain second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, the number At least one of repackaging detection information of the installation package of the wallet and private key storage mode detection information of the digital wallet.
可选的,当所述第一安全检测信息获得单元获得的病毒检测信息为:发现病毒时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;Optionally, when the virus detection information obtained by the first security detection information obtaining unit is: when a virus is found, the factor determined by the execution module to affect the security of the private key of the digital wallet includes the presence of a virus;
当所述第一安全检测信息获得单元获得的漏洞检测信息为:存在漏洞时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the vulnerability detection information obtained by the first security detection information obtaining unit is: when there is a vulnerability, the factor determined by the execution module affecting the security of the private key of the digital wallet includes a vulnerability;
当所述第一安全检测信息获得单元获得的根root权限检测信息为:根root权限开启时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root authority detection information obtained by the first security detection information obtaining unit is: when the root root authority is enabled, the security factor determined by the execution module affecting the private key of the digital wallet includes the root root authority being Open
当所述第一安全检测信息获得单元获得的网络传输安全检测信息为:非安全网络时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the network transmission security detection information obtained by the first security detection information obtaining unit is an non-secure network, factors determined by the execution module affecting the security of the private key of the digital wallet include: being in a non-secure transmission network. ;
当所述第二安全检测信息获得单元获得的读写权限检测信息为:可读可写时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read/write right detection information obtained by the second security detection information obtaining unit is: readable and writable, the factors determined by the execution module affecting the security of the private key of the digital wallet include: the memory is not performed. Read and write protection;
当所述第二安全检测信息获得单元获得的重打包检测信息为:为重打包的安装包时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the repackaging detection information obtained by the second security detection information obtaining unit is: a repackaged installation package, a factor determined by the execution module to affect security of the private key of the digital wallet includes: The installation package of the digital wallet is a non-original installation package;
当所述第二安全检测信息获得单元获得的私钥存储模式检测信息为:完整存储私钥时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the private key storage mode detection information obtained by the second security detection information obtaining unit is: when the private key is completely stored, the factors determined by the execution module affecting the security of the private key of the digital wallet include: a private key It is stored completely.
可选的,所述装置还包括第三获得模块,所述第三获得模块,包括:Optionally, the device further includes a third obtaining module, where the third obtaining module includes:
判断子单元,用于当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录,如果是,触发第一生成单元, 如果否,触发第二生成单元;a determining subunit, configured to determine whether a transaction record corresponding to the target account stored by the electronic device where the digital wallet is stored exists when a transaction record for the target account of the digital wallet is generated in the blockchain ledger The detected transaction record, if yes, triggering the first generation unit, and if not, triggering the second generation unit;
所述第一生成单元,用于生成确定目标账户不存在安全隐患的资产安全检测信息;The first generating unit is configured to generate asset security detection information that determines that the target account does not have a security risk;
所述第二生成单元,用于生成确定目标账户存在安全隐患的资产安全检测信息。The second generating unit is configured to generate asset security detection information that determines that the target account has a security risk.
一种电子设备,包括处理器、通信接口、存储器和通信总线,其中,处理器,通信接口,存储器通过通信总线完成相互间的通信;An electronic device includes a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus;
存储器,用于存放计算机程序;a memory for storing a computer program;
处理器,用于执行存储器上所存放的计算机程序时,实现上述任一所述的方法步骤。The processor, when executed to execute a computer program stored on the memory, implements the method steps of any of the above.
一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时实现上述任一所述的方法步骤。A computer readable storage medium having stored therein a computer program, the computer program being executed by a processor to implement the method steps of any of the above.
一种可执行程序代码,所述可执行程序代码用于被运行以执行上述任一所述的方法步骤。An executable program code for being executed to perform the method steps of any of the above.
本申请实施例中,执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果,基于所获得的检测结果,执行预设资产保护操作。本申请中,通过执行至少一个安全检测操作的方式,获得与数字钱包有关的检测结果,并基于检测结果,执行预设资产保护操作,从而提高了安全性。In the embodiment of the present application, performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, obtaining a detection result corresponding to the performed detection operation, based on the obtained detection As a result, a preset asset protection operation is performed. In the present application, by performing at least one security detection operation, the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby improving security.
附图说明DRAWINGS
为了更清楚地说明本申请实施例和现有技术的技术方案,下面对实施例和现有技术中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application and the technical solutions of the prior art, the following description of the embodiments and the drawings used in the prior art will be briefly introduced. Obviously, the drawings in the following description are only Some embodiments of the application may also be used to obtain other figures from those of ordinary skill in the art without departing from the scope of the invention.
创造性劳动的前提下,还可以根据这些附图获得其他的附图。Other drawings can also be obtained from these drawings on the premise of creative labor.
图1为本申请实施例提供的一种数字钱包资产保护方法的流程示意图;1 is a schematic flowchart of a digital wallet asset protection method according to an embodiment of the present application;
图2为本申请实施例提供的一种数字钱包安全防御系统的结构示意图;2 is a schematic structural diagram of a digital wallet security defense system according to an embodiment of the present application;
图3为本申请实施例提供的影响数字钱包的私钥安全的用户行为信息的获得过程的流程示意图;FIG. 3 is a schematic flowchart of a process for obtaining user behavior information that affects private key security of a digital wallet according to an embodiment of the present disclosure;
图4为本申请实施例提供的数字钱包的资产安全检测信息的获得过程的流程示意图;4 is a schematic flowchart of a process for obtaining asset security detection information of a digital wallet according to an embodiment of the present application;
图5为本申请实施例提供的一种数字钱包资产保护装置的结构示意图;FIG. 5 is a schematic structural diagram of a digital wallet asset protection apparatus according to an embodiment of the present disclosure;
图6为本申请实施例提供的一种电子设备的结构示意图。FIG. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
具体实施方式Detailed ways
为使本申请的目的、技术方案、及优点更加清楚明白,以下参照附图并举实施例,对本申请进一步详细说明。显然,所描述的实施例仅仅是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。In order to make the objects, technical solutions, and advantages of the present application more comprehensible, the present application will be further described in detail below with reference to the accompanying drawings. It is apparent that the described embodiments are only a part of the embodiments of the present application, and not all of them. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
为了解决现有技术问题,本申请实施例提供了一种数字钱包资产保护方法、装置、电子设备及存储介质。In order to solve the prior art problem, the embodiment of the present application provides a digital wallet asset protection method, apparatus, electronic device, and storage medium.
下面首先对本申请实施例所提供的一种数字钱包资产保护方法进行介绍。The following describes a digital wallet asset protection method provided by the embodiment of the present application.
需要说明的是,本申请实施例所提供的一种数字钱包资产保护方法的执行主体可以为数字钱包客户端也可以为电子设备,数字钱包客户端也可以称之为数字钱包。其中,数字钱包客户端安装在电子设备中,该电子设备包括但并不局限于手机和平板电脑。It should be noted that the execution body of the digital wallet asset protection method provided by the embodiment of the present application may be a digital wallet client or an electronic device, and the digital wallet client may also be referred to as a digital wallet. The digital wallet client is installed in an electronic device, including but not limited to a mobile phone and a tablet.
如图1所示,本申请实施例提供的一种数字钱包资产保护方法,可以包括:As shown in FIG. 1 , a digital wallet asset protection method provided by an embodiment of the present application may include:
S101:执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果。S101: Perform at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtain a detection result corresponding to the performed detection operation.
由于数字钱包安装于电子设备,因此,数字钱包资产不仅与数字钱包本身有关,还与电子设备息息相关。无论是针对电子设备的用户行为,还是针对数字钱包的用户行为,均可能对数字钱包资产产生影响,因此,为了保障数字钱包资产的安全,可以进行用户行为检测。Since digital wallets are installed on electronic devices, digital wallet assets are not only related to the digital wallet itself, but also to electronic devices. Whether it is user behavior for electronic devices or user behavior for digital wallets, it may affect digital wallet assets. Therefore, in order to protect the security of digital wallet assets, user behavior detection can be performed.
其中,针对电子设备的用户行为可以包括但不限于:访问网页、打开邮件或使用通信类应用程序;针对数字钱包的用户行为包括但不限于:转账或数字钱包私钥备份。The user behavior for the electronic device may include, but is not limited to, accessing a webpage, opening a mail, or using a communication-type application; user behavior for the digital wallet includes, but is not limited to, a transfer or a digital wallet private key backup.
例如:用户使用电子设备访问过高危网页,则电子设备中可能存在病毒,病毒可能会破坏安装于电子设备中的数字钱包的数据,从而导致数字钱包资产不安全。For example, if a user accesses a high-risk webpage using an electronic device, a virus may exist in the electronic device, and the virus may damage the data of the digital wallet installed in the electronic device, thereby causing the digital wallet asset to be insecure.
示例性的,进行用户行为检测的方式可以为:数字钱包进行用户行为检测,或者,数字钱包调用其它的应用程序进行用户行为检测。Exemplarily, the manner of detecting user behavior may be: digital wallet for user behavior detection, or digital wallet calling other applications for user behavior detection.
由上可以看出,数字钱包所在电子设备的安全会对数字钱包资产产生影响,因此,为了保障数字钱包资产的安全,可以进行数字钱包所在电子设备安全检测。It can be seen from the above that the security of the electronic device where the digital wallet is located will have an impact on the digital wallet assets. Therefore, in order to protect the security of the digital wallet assets, the electronic device security detection of the digital wallet can be performed.
数字钱包所在电子设备安全检测可以包括但不限于以下方面:The electronic device security detection of the digital wallet may include, but is not limited to, the following aspects:
第一方面,针对于数字钱包运行环境的安全检测。The first aspect is directed to security detection of the digital wallet operating environment.
针对于数字钱包运行环境的安全检测可以包括但不限于:数字钱包所在电子设备的病毒检测、漏洞检测、根root权限检测和网络传输安全检测。Security detection for the digital wallet operating environment may include, but is not limited to, virus detection, vulnerability detection, root root authority detection, and network transmission security detection of the electronic device where the digital wallet is located.
其中,数字钱包所在电子设备的病毒检测为:检测数字钱包所在电子设备中是否存在病毒,例如:恶意软件、恶意程序等;The virus detection of the electronic device where the digital wallet is located is: detecting whether there is a virus in the electronic device where the digital wallet is located, for example, malware, malicious programs, and the like;
数字钱包所在电子设备的漏洞检测为:检测数字钱包所在电子设备中是否存在漏洞,其中,漏洞是在硬件、软件、协议的具体实现或系统安全策略上村子啊的缺陷,从而使攻击者能够在未授权的情况下访问或破坏系统;The vulnerability detection of the electronic device where the digital wallet is located is: detecting whether there is a vulnerability in the electronic device where the digital wallet is located, wherein the vulnerability is a defect in the hardware, software, protocol implementation or system security policy, so that the attacker can Access or destroy the system without authorization;
数字钱包所在电子设备的根root权限检测为:检测数字钱包所在电子设备是否开启根root权限,其中,获得root权限之后就意味着已经获得了系统的最高权限,可以对系统中的任何文件(包括系统文件)执行所有增、删、改、查的操作;The root root permission of the electronic device where the digital wallet is located is detected as: detecting whether the electronic device where the digital wallet is located has root root authority, wherein obtaining root authority means that the highest authority of the system has been obtained, and any file in the system can be included (including System files) perform all operations of adding, deleting, changing, and checking;
数字钱包所在电子设备的网络传输安全检测为:检测数字钱包所在电子设备所使用的网络是否安全。The network transmission security detection of the electronic device where the digital wallet is located is: detecting whether the network used by the electronic device where the digital wallet is located is safe.
第二方面,针对于数字钱包自身的安全检测。The second aspect is directed to the security detection of the digital wallet itself.
针对于数字钱包自身的安全检测可以包括但不限于:数字钱包所对应的内存的读写权限检测、数字钱包的安装包的重打包检测和数字钱包的私钥存储模式检测。The security detection for the digital wallet itself may include, but is not limited to, read and write permission detection of the memory corresponding to the digital wallet, repacking detection of the installation package of the digital wallet, and detection of the private key storage mode of the digital wallet.
其中,数字钱包所对应的内存的读写权限检测为:检测数字钱包所占用的内存的读写状态,例如:读写状态为:可读可写或者只读;The read/write permission of the memory corresponding to the digital wallet is detected as: detecting the read/write status of the memory occupied by the digital wallet, for example, the read/write status is: readable and writable or read-only;
数字钱包的安装包的重打包检测为:检测数字钱包的安装包是否为重打包的安装包,即检测数字钱包的安装包是否为非原版安装包;The repackaging of the installation package of the digital wallet is: detecting whether the installation package of the digital wallet is a repackaged installation package, that is, detecting whether the installation package of the digital wallet is a non-original installation package;
数字钱包的私钥存储模式检测为:检测数字钱包的私钥是以何种存储模式进行存储的。The private key storage mode of the digital wallet is detected as: detecting which storage mode the digital wallet's private key is stored in.
无论是通过进行用户行为检测来保障数字钱包资产的安全,还是通过进行数字钱包所在电子设备安全检测来保障数字钱包资产的安全,都不是从数字钱包的资产本身进行的安全检测,因此,为了保障数字钱包资产的安全,可以进行数字钱包的资产安全检测。Whether it is to protect the security of digital wallet assets by conducting user behavior detection, or to protect the security of digital wallet assets by performing security detection of electronic devices where the digital wallet is located, it is not a security detection performed by the assets of the digital wallet itself, therefore, in order to protect The security of digital wallet assets enables asset security testing of digital wallets.
其中,针对于数字钱包的资产安全检测主要是数字钱包中的资产是否安全的检测,可以包括但不限于:资产是否被盗检测和资产是否产生异常交易。Among them, the asset security detection for the digital wallet is mainly the detection of whether the assets in the digital wallet are safe, and may include, but is not limited to, whether the assets are stolen and the assets are abnormally traded.
由上述描述可以看出,为了保障数字钱包资产的安全,可以进行三个方面的安全检测,当然,该三个方面的安全检测不一定需要同时进行,在本申请实施例中,执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,在执行至少一个检测操作后,获得所执行的检测操作对应的检测结果。It can be seen from the above description that in order to ensure the security of the digital wallet asset, three aspects of security detection can be performed. Of course, the security detection of the three aspects does not necessarily need to be performed simultaneously. In the embodiment of the present application, the user behavior detection is performed. And performing at least one detecting operation of the electronic device security detection of the digital wallet and performing the asset security detection of the digital wallet, and after performing the at least one detecting operation, obtaining the detection result corresponding to the executed detecting operation.
参见图2,基于该三个方面的安全检测,本申请实施例提出了一种数字钱包安全防御系统,该数字钱包安全防御系统可以包括以下三个模块中的至少一个:Referring to FIG. 2, based on the security detection of the three aspects, the embodiment of the present application provides a digital wallet security defense system, which may include at least one of the following three modules:
用户行为安全模块,用于进行与用户行为有关的安全防御,包括但不限于进行用户行为检测;a user behavior security module for performing security defenses related to user behavior, including but not limited to performing user behavior detection;
电子设备安全防御模块,用于进行与数字钱包所在电子设备有关的安全防御,包括但不限于进行数字钱包所在电子设备安全检测;The electronic device security defense module is configured to perform security defense related to the electronic device where the digital wallet is located, including but not limited to performing security detection of the electronic device where the digital wallet is located;
资产安全管理模块,用于进行与数字钱包的资产有关的安全防御,包括但不限于进行数字钱包的资产安全检测。An asset security management module for performing security defenses related to assets of the digital wallet, including but not limited to asset security testing of digital wallets.
当然,随着科学技术的发展,该数字钱包安全防御系统除了可以包括上 述三个模块中的至少一个,还可以包括其他与数字钱包安全有关的模块,在此不做任何限定。Of course, with the development of science and technology, the digital wallet security defense system may include other modules related to digital wallet security, including any of the above three modules, and is not limited herein.
通过上述数字钱包安全防御系统可以对数字钱包资产进行保护,也就是对用户资产进行保护。Digital wallet assets can be protected by the above digital wallet security defense system, that is, the protection of user assets.
S102:基于所获得的检测结果,执行预设资产保护操作。S102: Perform a preset asset protection operation based on the obtained detection result.
在获得了检测结果后,即可执行预设资产保护操作。After the test results are obtained, the preset asset protection operation can be performed.
作为一种实施方式,S102可以包括:基于所获得的检测结果,输出对用户的安全提示信息。As an implementation manner, S102 may include: outputting safety prompt information to the user based on the obtained detection result.
该安全提示信息可以为下述“用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息”、“用于提示用户对影响私钥的安全性的因素进行处理的提示信息”、“用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息”中任意一种或多种。通过输出安全提示信息,引导用户进行安全性设置、或者引导用户处理影响私钥安全性的因素、或者警示用户提示警惕等等,均可以提高方案的安全性。The security alert information may be the following: "security setting guidance information for guiding the user to improve the security of the private key of the digital wallet", and "prompting information for prompting the user to deal with factors affecting the security of the private key. And one or more of “a warning message for alerting a user of the target account of the digital wallet that the target account has a security risk”. By outputting security prompt information, guiding the user to perform security settings, or guiding the user to deal with factors affecting the security of the private key, or alerting the user to alert, etc., the security of the solution can be improved.
由于执行的检测操作至少为一个,因此,所获得的检测结果也为至少一个。Since at least one detection operation is performed, the detection result obtained is also at least one.
以下为了描述方便,将执行用户行为检测操作对应的检测结果作为第一检测结果,将执行数字钱包所在电子设备安全检测对应的检测结果作为第二检测结果,将执行数字钱包的资产安全检测对应的检测结果作为第三检测结果。For the convenience of description, the detection result corresponding to the user behavior detection operation is taken as the first detection result, and the detection result corresponding to the electronic device security detection of the digital wallet is used as the second detection result, and the asset security detection corresponding to the digital wallet is performed. The test result is used as the third test result.
其中,当获得了第一检测结果时,执行与第一检测结果对应的资产保护操作,数字钱包安全防御系统中的用户行为安全模块用于执行该与第一检测结果对应的资产保护操作。The asset protection operation corresponding to the first detection result is performed when the first detection result is obtained, and the user behavior security module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the first detection result.
当获得了第二检测结果时,执行与第二检测结果对应的资产保护操作,数字钱包安全防御系统中的电子设备安全防御模块用于执行该与第二检测结果对应的资产保护操作。When the second detection result is obtained, the asset protection operation corresponding to the second detection result is performed, and the electronic device security defense module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the second detection result.
当获得了第三检测结果时,执行与第三检测结果对应的资产保护操作, 数字钱包安全防御系统中的资产安全管理模块用于执行该与第三检测结果对应的资产保护操作。When the third detection result is obtained, the asset protection operation corresponding to the third detection result is performed, and the asset security management module in the digital wallet security defense system is configured to perform the asset protection operation corresponding to the third detection result.
由于每个检测结果对应一种资产保护操作,且所获得检测结果至少为一个,因此,所执行的资产保护操作也至少为一种。Since each test result corresponds to an asset protection operation and at least one of the obtained detection results, at least one of the asset protection operations performed is performed.
示例性的,资产保护操作可以包括但不限于:输出提示信息、输出引导信息和输出警示信息。Illustratively, asset protection operations may include, but are not limited to, outputting prompt information, outputting boot information, and outputting alert information.
本申请实施例中,执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果,基于所获得的检测结果,执行预设资产保护操作。本申请中,通过执行至少一个安全检测操作的方式,获得与数字钱包有关的检测结果,并基于检测结果,执行预设资产保护操作,从而达到保证用户数字钱包的资产安全的目的。In the embodiment of the present application, performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, obtaining a detection result corresponding to the performed detection operation, based on the obtained detection As a result, a preset asset protection operation is performed. In the present application, by performing at least one security detection operation, the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
上述用户行为检测操作对应的检测结果可以为影响数字钱包的私钥安全的用户行为信息;The detection result corresponding to the foregoing user behavior detection operation may be user behavior information that affects the security of the digital wallet's private key;
上述数字钱包所在电子设备安全检测对应的检测结果可以为数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet may be the security detection information of the electronic device where the digital wallet is located;
上述数字钱包的资产安全检测对应的检测结果可以为数字钱包的资产安全检测信息,资产安全检测信息为表征数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet may be the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
第一方面,由于数字钱包资产的安全主要与数字钱包的私钥有关,如果数字钱包的私钥不安全,则数字钱包资产不安全,因此,为了保障数字钱包资产的安全,进行用户行为检测,获取影响数字钱包的私钥安全的用户行为信息,该影响数字钱包的私钥安全的用户行为信息即为用户行为检测操作对应的检测结果。In the first aspect, since the security of the digital wallet asset is mainly related to the private key of the digital wallet, if the private key of the digital wallet is not secure, the digital wallet asset is not secure. Therefore, in order to protect the security of the digital wallet asset, user behavior detection is performed. Obtaining user behavior information that affects the security of the digital wallet's private key, and the user behavior information that affects the private key of the digital wallet is the detection result corresponding to the user behavior detection operation.
进行用户行为检测,获取影响数字钱包的私钥安全的用户行为信息的方式有多种:There are several ways to perform user behavior detection to obtain user behavior information that affects the security of the digital wallet's private key:
在一种实现方式中,可以通过用户行为检测插件来检测用户执行了哪些操作,从而可以获得操作该电子设备的用户的所有用户行为信息。然后,利用检测到的每一个用户行为信息与预设行为信息表中存储的用户行为信息进行匹配。其中,该预设行为信息表中存储的用户行为信息为:会对数字钱包的私钥的安全性造成影响的用户行为信息。In one implementation, the user behavior detection plug-in can be used to detect which operations the user performed, so that all user behavior information of the user operating the electronic device can be obtained. Then, each of the detected user behavior information is matched with the user behavior information stored in the preset behavior information table. The user behavior information stored in the preset behavior information table is: user behavior information that affects the security of the digital wallet private key.
当检测得到的一个用户行为信息与预设行为信息表中存储的一个用户行为信息匹配时,则表明该检测到的用户行为信息所对应的用户行为会对私钥的安全性造成威胁。此时,可以将该检测到的用户行为信息确定为影响数字钱包的私钥安全的用户行为信息。When the detected user behavior information matches a user behavior information stored in the preset behavior information table, it indicates that the user behavior corresponding to the detected user behavior information threatens the security of the private key. At this time, the detected user behavior information may be determined as user behavior information that affects the security of the digital wallet's private key.
在另一种实现方式中,还可以通过预设调查问卷来获得影响私钥安全的用户行为信息。参见图3,影响数字钱包的私钥安全的用户行为信息的获得过程可以包括:In another implementation manner, the user behavior information affecting the security of the private key may also be obtained by presetting the questionnaire. Referring to FIG. 3, the process of obtaining user behavior information that affects the private key security of the digital wallet may include:
S201:显示预设调查问卷;其中,预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中。S201: Display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected.
数字钱包可以向用户展示预设调查问卷。然后,用户可以根据操作过的用户行为来填写该预设调查问卷。The digital wallet can present a preset survey to the user. The user can then fill out the preset questionnaire based on the user behavior that has been manipulated.
其中,调查问卷中记录的预设用户行为信息可以包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。当然,该预设用户行为信息还可以包括:通过手写方式备份私钥的行为信息,以及反馈过账号密码被盗取的行为信息等等,当然并不局限于此。并且,本领域技术人员可以根据实际情况来设置预设用户行为信息,在此不做详述。The preset user behavior information recorded in the questionnaire may include: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and using only a numeric password as an asset payment password. At least one of the behavioral information. Certainly, the preset user behavior information may further include: behavior information for backing up the private key by handwriting, and feedback behavior information of the account password being stolen, etc., of course, is not limited thereto. Moreover, those skilled in the art can set preset user behavior information according to actual conditions, and will not be described in detail herein.
其中,当通过截屏或手写方式来备份私钥时,私钥是进行完整存储的,完整存储私钥更容易导致私钥被不法分子所盗取,这两种存储方式也会影响私钥的安全性。When the private key is backed up by screen capture or handwriting, the private key is completely stored. The complete storage of the private key is more likely to cause the private key to be stolen by criminals. These two storage methods also affect the security of the private key. Sex.
S202:获得预设调查问卷的问卷调查结果。S202: Obtain a questionnaire survey result of the preset questionnaire.
用户根据操作过的用户行为来填写该预设调查问卷后,数字钱包可以获得预设调查问卷的问卷调查结果。After the user fills in the preset questionnaire according to the user behavior of the operation, the digital wallet can obtain the questionnaire result of the preset questionnaire.
S203:将问卷调查结果中被选中的预设用户行为信息,确定为影响数字钱包的私钥安全的用户行为信息。S203: Determine the preset user behavior information selected in the questionnaire result as the user behavior information that affects the security of the digital wallet's private key.
数字钱包可以将问卷调查结果中被选中的预设用户行为信息,确定为影响数字钱包的私钥安全的用户行为信息。The digital wallet can determine the selected preset user behavior information in the questionnaire result as the user behavior information that affects the security of the digital wallet's private key.
第二方面,由于进行数字钱包所在电子设备安全检测,是对数字钱包所在电子设备的安全的检测,因此,所获得的检测结果为安全检测信息,即进行数字钱包所在电子设备安全检测,获得数字钱包所在电子设备的安全检测信息,该数字钱包所在电子设备的安全检测信息即为进行数字钱包所在电子设备安全检测对应的检测结果。In the second aspect, since the security detection of the electronic device where the digital wallet is located is the security detection of the electronic device where the digital wallet is located, the obtained detection result is the security detection information, that is, the security detection of the electronic device where the digital wallet is located, and the number is obtained. The security detection information of the electronic device where the wallet is located, and the security detection information of the electronic device where the digital wallet is located is the detection result corresponding to the security detection of the electronic device where the digital wallet is located.
数字钱包所在电子设备的安全检测信息的获得过程,可以包括:The process of obtaining the security detection information of the electronic device where the digital wallet is located may include:
获得数字钱包的运行环境的第一安全检测信息,第一安全检测信息包括:数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;Obtaining the first security detection information of the operating environment of the digital wallet, where the first security detection information includes: at least one of virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection information of the electronic device where the digital wallet is located ;
获得数字钱包自身的第二安全检测信息,第二安全检测信息包括:数字钱包所对应的内存的读写权限检测信息、数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。Obtaining the second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, repacking detection information of the installation package of the digital wallet, and private key storage of the digital wallet At least one of the mode detection information.
其中,数字钱包的运行环境是指:运行数字钱包所对应的程序代码的环境。The operating environment of the digital wallet refers to an environment in which the program code corresponding to the digital wallet is run.
发明人发现,数字钱包的运行环境的安全与否,会对数字钱包的私钥的安全性造成影响,从而对数字钱包资产造成影响。其中,当数字钱包的运行环境存在安全隐患时,不法分子容易从这些安全隐患寻找突破口来盗取私钥,从而使得私钥的安全受到威胁,进一步使得数字钱包资产受到威胁。因而在本申请实施例中,为了保证私钥的安全即保证数字钱包资产的安全,可以获取数字钱包的运行环境的安全检测信息。The inventor found that the security of the digital wallet's operating environment will affect the security of the digital wallet's private key, thereby affecting the digital wallet assets. Among them, when the operating environment of the digital wallet has security risks, the criminals can easily find a breakthrough from these security risks to steal the private key, thereby making the security of the private key threatened, further threatening the digital wallet assets. Therefore, in the embodiment of the present application, in order to ensure the security of the private key, that is, to ensure the security of the digital wallet asset, the security detection information of the operating environment of the digital wallet can be obtained.
具体地,在一种实现方式中,可以先通过数字钱包所在电子设备中安装 的安全检测软件,来检测得到该数字钱包的运行环境的安全检测信息。然后,该数字钱包可以请求获取该安全检测软件所检测到的安全检测信息,并将该获取得到的安全检测信息作为第一安全检测信息。Specifically, in an implementation manner, the security detection information of the operating environment of the digital wallet may be detected by using security detection software installed in the electronic device where the digital wallet is located. Then, the digital wallet can request to obtain the security detection information detected by the security detection software, and use the obtained security detection information as the first security detection information.
在另一种实现方式中,可以直接通过该数字钱包中的安全检测插件,来检测得到该数字钱包的运行环境的安全检测信息,并将检测得到的安全检测信息作为第一安全检测信息,这是合理的。In another implementation manner, the security detection information of the operating environment of the digital wallet can be directly detected by the security detection plug-in in the digital wallet, and the detected security detection information is used as the first security detection information. It is reasonable.
其中,获取得到的第一安全检测信息可以包括:数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根Root权限检测信息和网络传输安全检测信息中的至少一种,当然并不局限于此。The obtained first security detection information may include at least one of virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection information of the electronic device where the digital wallet is located, and is not limited thereto. .
另外,当满足病毒检测信息为存在病毒、漏洞检测信息为存在漏洞、根Root权限检测信息为根Root权限被开启、网络传输安全检测信息为非安全传输网络中的至少一项时,则表明数字钱包的运行环境存在安全隐患。In addition, when the virus detection information is found to be a virus, the vulnerability detection information is a vulnerability, the root root authority detection information is the root root authority is turned on, and the network transmission security detection information is at least one of the non-secure transmission network, the number is indicated. There is a security risk in the running environment of the wallet.
其中,漏洞包括但并不局限于该电子设备的操作系统漏洞和应用程序漏洞。Among them, the vulnerability includes but is not limited to operating system vulnerabilities and application vulnerabilities of the electronic device.
发明人还发现,本领域技术人员常常会忽略数字钱包自身也会对该数字钱包的私钥的安全性造成影响,从而对数字钱包资产造成影响。例如,当该数字钱包所对应的安全包是经过重打包的安装包时,即非原版安装包时,该安装包中可能写入了窃取私钥的恶意代码。因而在本申请实施例中,为了保证私钥的安全即保证数字钱包资产的安全,还可以获取数字钱包自身的安全检测信息,并将该数字钱包自身的安全检测信息作为第二安全检测信息。The inventors have also discovered that those skilled in the art often overlook that the digital wallet itself also has an impact on the security of the digital wallet's private key, thereby affecting digital wallet assets. For example, when the security package corresponding to the digital wallet is a repackaged installation package, that is, when the original installation package is not, the malicious code for stealing the private key may be written in the installation package. Therefore, in the embodiment of the present application, in order to ensure the security of the private key, that is, to ensure the security of the digital wallet asset, the security detection information of the digital wallet itself may be acquired, and the security detection information of the digital wallet itself is used as the second security detection information.
其中,获取得到的第二安全检测信息可以包括:该数字钱包所对应的内存的读写权限检测信息、该数字钱包的安装包的重打包检测信息和该数字钱包的私钥存储模式检测信息中的至少一种,当然并不局限于此。The obtained second security detection information may include: read and write permission detection information of the memory corresponding to the digital wallet, repackaging detection information of the installation package of the digital wallet, and private key storage mode detection information of the digital wallet. At least one of them is of course not limited to this.
该数字钱包所对应的内存是指:在安装该数字钱包时指定的、用于存放数字钱包相关数据的存储空间。由于该数字钱包的私钥可能被用户存储在该数字钱包所对应的内存中,因而当该内存的读写权限检测信息为可读可写时,则表明该私钥存在被盗取和篡改的危险。The memory corresponding to the digital wallet refers to a storage space designated for storing digital wallet related data when the digital wallet is installed. Since the private key of the digital wallet may be stored by the user in the memory corresponding to the digital wallet, when the read/write permission detection information of the memory is readable and writable, it indicates that the private key is stolen and tampered. Danger.
另外,当该数字钱包的私钥存储模式检测信息为完整存储私钥时,完整 存储的私钥更容易被不法分子所盗取,也就是说,在该种存储模式下,私钥也存在被盗取的危险。In addition, when the private key storage mode detection information of the digital wallet is a complete storage private key, the completely stored private key is more easily stolen by criminals, that is, in the storage mode, the private key also exists. The danger of stealing.
第三方面,由于针对于数字钱包的资产安全检测主要是数字钱包中的资产是否安全的检测,因此,所获得的检测结果为资产安全检测信息,因此,进行数字钱包的资产安全检测,获得数字钱包的资产安全检测信息,资产安全检测信息为表征数字钱包的目标账户资产是否存在安全隐患的信息,该数字钱包的资产安全检测信息即为进行数字钱包的资产安全检测对应的检测结果。In the third aspect, since the asset security detection for the digital wallet is mainly the detection of the security of the assets in the digital wallet, the obtained detection result is the asset security detection information, and therefore, the asset security detection of the digital wallet is performed, and the number is obtained. The asset security detection information of the wallet, the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk, and the asset security detection information of the digital wallet is the detection result corresponding to the asset security detection of the digital wallet.
参见图4,数字钱包的资产安全检测信息的获得过程,可以包括:Referring to FIG. 4, the process of obtaining the asset security detection information of the digital wallet may include:
S301:当检测到区块链账本中生成针对数字钱包的目标账户的交易记录时,判断数字钱包所在电子设备所存储的目标账户对应的交易记录中是否存在检测到的交易记录,如果是,执行步骤S302,如果否,执行步骤S303。S301: When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located, and if so, executing Step S302, if no, step S303 is performed.
电子设备可以实时监控区块链账本,检测区块链账本中是否生成新的交易记录,当检测到生成新的交易记录时,确定该新的交易记录是否为针对目标账户的交易记录,当确定该新的交易记录为针对目标账户的交易记录,即检测到区块链账本中生成针对数字钱包的目标账户的交易记录时,获得该生成的针对目标账户的交易记录,作为当前交易记录,即检测到的交易记录为当前交易记录。The electronic device can monitor the blockchain ledger in real time, detect whether a new transaction record is generated in the blockchain ledger, and when detecting the generation of a new transaction record, determine whether the new transaction record is a transaction record for the target account, when determining The new transaction record is a transaction record for the target account, that is, when the transaction record of the target account for the digital wallet is detected in the blockchain book, the generated transaction record for the target account is obtained as the current transaction record, that is, The detected transaction record is the current transaction record.
其中,目标账户为基于数字钱包所登录的账户。The target account is an account that is registered based on the digital wallet.
在一种情况中,每一账户对应一私钥,该私钥为拥有分配该账户中资产的权限的唯一凭证,每一私钥对应一账户地址,拥有该私钥的用户可以拥有对该账户地址中的资产进行分配的权限。In one case, each account corresponds to a private key, which is a unique certificate having the right to allocate assets in the account, each private key corresponding to an account address, and the user who owns the private key can own the account. The right to assign assets in the address.
当该账户产生一笔资产交易时,上述区块链账本会生成一条资产交易记录,即交易记录,同时,登录该账户时数字钱包所在设备也会生成并存储一条资产交易记录,该交易记录中记录有:该账户的账户地址和该资产交易对应的目的方的账户地址的对应关系,以及该账户的资产余额。When the account generates an asset transaction, the blockchain account will generate an asset transaction record, that is, the transaction record. At the same time, when the account is logged in, the digital wallet device will also generate and store an asset transaction record in the transaction record. The record includes: the correspondence between the account address of the account and the account address of the destination party corresponding to the asset transaction, and the asset balance of the account.
例如:当账户A产生一笔资产交易,即向账户B转账时,上述区块链账本会生成一条交易记录,该交易记录为账户A的账户地址-账户B的账户地址,账 户A的账户地址的余额a,其中,上述账户A的账户地址-账户B的账户地址表征账户A的账户地址-账户B的账户地址的对应关系。在一种情况中,上述区块链账本中还存储有每一交易记录对应的生成时间,还可以存储有每一交易记录的交易金额。For example, when Account A generates an asset transaction, that is, when transferring to Account B, the above blockchain account will generate a transaction record, which is the account address of Account A - the account address of Account B, and the account address of Account A. Balance a, wherein the account address of the above account A - the account address of the account B represents the correspondence of the account address of the account A - the account address of the account B. In one case, the blockchain book also stores the generation time corresponding to each transaction record, and may also store the transaction amount of each transaction record.
上述区块链账本中存储有针对所有账户的资产交易的交易记录,并且,该区块链账本所存储的所有交易记录,对上述的所有账户公开。本申请实施例中,上述资产可以为:数字货币,例如:比特币和以太币等等。The above blockchain ledger stores transaction records for asset transactions for all accounts, and all transaction records stored in the blockchain book are disclosed to all accounts mentioned above. In the embodiment of the present application, the foregoing assets may be: digital currency, for example, bitcoin and Ethernet, and the like.
当电子设备获得当前交易记录之后,将该当前交易记录与数字钱包所在电子设备所存储的该目标账户对应的交易记录进行一一比对,以确定数字钱包所在电子设备所存储的该目标账户对应的交易记录中,是否存在该当前交易记录,进而基于确定结果,执行后续步骤。After the electronic device obtains the current transaction record, the current transaction record is compared with the transaction record corresponding to the target account stored in the electronic device where the digital wallet is stored, to determine the target account corresponding to the electronic device where the digital wallet is stored. In the transaction record, whether the current transaction record exists, and then the subsequent steps are performed based on the determination result.
在一种情况中,为了更好的节省比对时间,可以基于时间先后的逆顺序比对,首先将当前交易记录与数字钱包所在电子设备所存储的该目标账户对应的、时间最新的交易记录进行比对,当确定不同,继续比对,直至与每一交易记录比对完成。或者,本次比对可能为非首次比对,此时,将当前交易记录与数字钱包所在电子设备所存储的该目标账户对应的交易记录进行比对时,可以基于时间先后的逆顺序,仅将当前交易记录与本次对比的前一次对比所对比过的交易记录之后的交易记录进行对比。In one case, in order to better save the comparison time, the latest transaction record corresponding to the target account stored in the electronic device where the digital wallet is stored may be firstly compared based on the chronological reverse order comparison. For comparison, when the determination is different, the comparison is continued until the comparison with each transaction record is completed. Alternatively, the comparison may be a non-first comparison. In this case, when the current transaction record is compared with the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be based on the reverse order of time series, only Compare the current transaction record with the transaction record after the transaction record compared to the previous comparison of this comparison.
由此,通过比对的方式,来判断数字钱包所在电子设备所存储的目标账户对应的交易记录中是否存在检测到的交易记录。Therefore, by means of the comparison, it is determined whether there is a detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is stored.
S302:生成确定目标账户不存在安全隐患的资产安全检测信息。S302: Generate asset security detection information that determines that the target account does not have a security risk.
当数字钱包所在电子设备所存储的该目标账户对应的交易记录中,存在该当前交易记录时,可以确定该当前交易记录为基于该电子设备所登录的用户针对该目标账户所发起的,可以表明该目标账户为安全的,该目标账户对应的私钥未被盗用。此时,生成确定目标账户不存在安全隐患的资产安全检测信息。When the current transaction record exists in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located, the current transaction record may be determined to be initiated by the user logged in by the electronic device for the target account, and may indicate The target account is secure, and the private key corresponding to the target account is not stolen. At this time, asset security detection information that determines that the target account does not have a security risk is generated.
S303:生成确定目标账户存在安全隐患的资产安全检测信息。S303: Generate asset security detection information that determines that the target account has a security risk.
当数字钱包所在电子设备所存储的该目标账户对应的交易记录中,不存 在该当前交易记录时,可以确定该当前交易记录不为基于该电子设备所登录的用户针对该目标账户所发起的,可以表明该目标账户为不安全的,其存在安全隐患,例如:该目标账户对应的私钥被盗用。When the current transaction record does not exist in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be determined that the current transaction record is not initiated by the user logged in by the electronic device for the target account, It can be indicated that the target account is unsafe, and there is a security risk, for example, the private key corresponding to the target account is stolen.
由此,可以通过判断数字钱包所在电子设备所存储的目标账户对应的交易记录中是否存在检测到的交易记录的方式,来确定交易记录是否为合法交易,进而确定该目标账户是否存在安全隐患,当数字钱包所在电子设备所存储的目标账户对应的交易记录中不存在检测到的交易记录时,可以确定目标账户存在安全隐患,生成确定目标账户存在安全隐患的资产安全检测信息。Therefore, it can be determined whether the transaction record is a legitimate transaction by determining whether there is a detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, thereby determining whether the target account has a security risk. When there is no detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be determined that the target account has a security risk, and the asset security detection information that determines that the target account has a security risk is generated.
在上述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;上述数字钱包所在电子设备安全检测对应的检测结果为数字钱包所在电子设备的安全检测信息;上述数字钱包的资产安全检测对应的检测结果为数字钱包的资产安全检测信息,资产安全检测信息为表征数字钱包的目标账户资产是否存在安全隐患的信息的基础上,将用户行为检测操作对应的检测结果确定为第一检测结果,将数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将数字钱包的资产安全检测对应的检测结果确定为第三检测结果。The detection result corresponding to the user behavior detection operation is the user behavior information that affects the security of the digital wallet's private key; the detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located; the digital wallet The detection result corresponding to the asset security detection is the asset security detection information of the digital wallet, and the asset security detection information is based on the information indicating whether the target account asset of the digital wallet has a security risk, and the detection result corresponding to the user behavior detection operation is determined as the first As a result of the detection, the detection result corresponding to the electronic device security detection of the digital wallet is determined as the second detection result, and the detection result corresponding to the asset security detection of the digital wallet is determined as the third detection result.
当所获得的检测结果为:第一检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the first detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据用户行为信息,确定安全设置引导信息,输出用于引导用户提高数字钱包的私钥的安全性的安全设置引导信息;Determining security setting guidance information according to user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
当所获得的检测结果为:第二检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the second detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据安全检测信息,确定影响数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:第三检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the third detection result, performing the preset asset protection operation based on the obtained detection result may include:
当根据资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示数字钱包的目标账户的用户目标账户存在安全隐患的警示信息;When it is determined that the target account asset has a security risk according to the asset security detection information, the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists;
当所获得的检测结果为:第一检测结果和第二检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the first detection result and the second detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据用户行为信息,确定安全设置引导信息,输出用于引导用户提高数字钱包的私钥的安全性的安全设置引导信息;Determining security setting guidance information according to user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
根据安全检测信息,确定影响数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:第一检测结果和第三检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the first detection result and the third detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据用户行为信息,确定安全设置引导信息,输出用于引导用户提高数字钱包的私钥的安全性的安全设置引导信息;Determining security setting guidance information according to user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
当根据资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示数字钱包的目标账户的用户目标账户存在安全隐患的警示信息;When it is determined that the target account asset has a security risk according to the asset security detection information, the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists;
当所获得的检测结果为:第二检测结果和第三检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the second detection result and the third detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据安全检测信息,确定影响数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示数字钱包的目标账户的用户目标账户存在安全隐患的警示信息;When it is determined that the target account asset has a security risk according to the asset security detection information, the warning information indicating that the user target account for alerting the target account of the digital wallet has a security risk exists;
当所获得的检测结果为:第一检测结果、第二检测结果和第三检测结果时,基于所获得的检测结果,执行预设资产保护操作,可以包括:When the obtained detection result is: the first detection result, the second detection result, and the third detection result, performing the preset asset protection operation based on the obtained detection result may include:
根据用户行为信息,确定安全设置引导信息,输出用于引导用户提高数字钱包的私钥的安全性的安全设置引导信息;Determining security setting guidance information according to user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
根据安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user who outputs the target account for alerting the digital wallet has the warning information of the security risk.
第一方面,上述根据用户行为信息,确定安全设置引导信息,可以包括:In the first aspect, the foregoing determining the security setting guiding information according to the user behavior information may include:
利用预设安全等级评估标准和用户行为信息,获得用户行为的安全等级评估结果;Obtaining the security level assessment result of the user behavior by using the preset security level evaluation criteria and user behavior information;
基于安全等级评估结果,获得安全设置引导信息。The security setting guidance information is obtained based on the security level evaluation result.
在获取到影响数字钱包的私钥安全的用户行为信息之后,在一种实现方式中,利用预设安全等级评估标准和用户行为信息,获得用户行为的安全等级评估结果,可以包括:After obtaining the user behavior information that affects the security of the private key of the digital wallet, in an implementation manner, using the preset security level evaluation criteria and the user behavior information to obtain the security level assessment result of the user behavior may include:
确定用户行为信息的数量;Determine the amount of user behavior information;
确定数量在预设安全等级评估标准中所位于的数量范围;其中,预设安全等级评估标准中包括:数量范围与安全等级的对应关系;Determining the quantity range in which the quantity is in the preset safety level evaluation standard; wherein the preset safety level evaluation standard includes: a correspondence between the quantity range and the safety level;
将数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
确定所获得的用户行为信息的数量。然后,确定数量在预设安全等级评估标准中所位于的数量范围。其中,预设安全等级评估标准中包括:数量范围与安全等级的对应关系。之后,可以将数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。Determine the amount of user behavior information obtained. Then, determine the quantity range in which the quantity is in the preset safety level evaluation criteria. The preset security level evaluation standard includes: a correspondence between the quantity range and the security level. After that, the security level corresponding to the quantity range in which the quantity is located can be determined as the security level evaluation result of the user behavior.
举例而言,获得影响数字钱包的私钥安全的用户行为信息为:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息以及通过截屏备份私钥的行为信息时,可以确定所获得的用户行为信息的数量为3。For example, the user behavior information that obtains the security of the private key of the digital wallet is: when the behavior information of the high-risk webpage is accessed, the behavior information of the email that has opened the virus, and the behavior information of the private key through the screen capture, the obtained information can be determined. The number of user behavior information is 3.
其中,假设在预设安全等级评估标准中,数量范围数量<1与高安全等级具有对应关系;数量范围1≤数量≤2与中等安全等级具有对应关系;数量范围数量≥3与低安全等级具有对应关系。Wherein, it is assumed that in the preset security level evaluation standard, the quantity range quantity <1 has a corresponding relationship with the high security level; the quantity range 1 ≤ quantity ≤ 2 has a corresponding relationship with the medium security level; the quantity range quantity ≥ 3 and the low security level have Correspondence relationship.
这样,可以将确定得到的数量3所位于的数量范围数量≥3对应的低安全等级,确定为用户行为的安全等级评估结果,即确定该用户的用户行为的安全级别低。In this way, the determined low security level corresponding to the quantity range number ≥ 3 in the determined quantity 3 can be determined as the security level evaluation result of the user behavior, that is, the security level of the user behavior of the user is determined to be low.
在另一种实现方式中,还可以基于预设评分表来确定所获得的用户行为信息的总得分。其中,预设评分表中记录有:用户行为信息与得分的对应关系。然后,可以确定总得分在预设安全等级评估标准中所位于的分数范围。在该种实现方式中,预设安全等级评估标准中包括:分数范围与安全等级的对应关系。之后,可以将总得分所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果,这也是合理的。In another implementation, the total score of the obtained user behavior information may also be determined based on a preset score table. The preset score table records: a correspondence between the user behavior information and the score. Then, the range of scores in which the total score is located in the preset security level evaluation criteria can be determined. In this implementation manner, the preset security level evaluation standard includes: a correspondence between the score range and the security level. After that, it is reasonable to determine the security level corresponding to the quantity range in which the total score is located as the security level evaluation result of the user behavior.
上述基于安全等级评估结果,获得安全设置引导信息,可以包括:The foregoing obtaining security setting guidance information based on the security level evaluation result may include:
判断所获得的安全等级评估结果是否为低;Determine whether the obtained safety level assessment result is low;
若是,确定所获得的用户行为信息对应的安全设置引导信息;If yes, determining security setting guidance information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
在得到用户行为的安全等级评估结果之后,可以判断所获得的安全等级评估结果是否为低。若判断为低,则在一种实现方式中,可以获得预设的安全设置引导信息。其中,该预设的安全设置引导信息可以包括:病毒查杀提醒信息和分散存储私钥提醒信息。After obtaining the security level evaluation result of the user behavior, it can be judged whether the obtained security level evaluation result is low. If it is determined to be low, in one implementation, preset security setting guidance information may be obtained. The preset security setting guiding information may include: a virus killing reminding information and a distributed storage private key reminding information.
在另一种实现方式中,可以根据所获得的用户行为信息,来确定所获得的用户行为信息对应的安全设置引导信息。具体地,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息可以包括:病毒查杀提醒信息。当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息可以包括:分散存储私钥提醒信息。当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息可以包括:利用生物特征密码作为资产支付密码提醒信息。可以理解 的是,该安全设置引导信息是:用于指引用户消除所获得的用户行为信息所带来的私钥被盗威胁的提示信息。In another implementation manner, the security setting guidance information corresponding to the obtained user behavior information may be determined according to the obtained user behavior information. Specifically, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information may include: virus killing reminding information. When the obtained user behavior information includes: performing behavior information of backing up the private key through the screen capture, the determined security setting guidance information may include: decentralized storage private key reminding information. When the obtained user behavior information includes: using only the digital password as the behavior information of the asset payment password, the determined security setting guidance information may include: using the biometric password as the asset payment password reminding information. It can be understood that the security setting guiding information is: prompt information for guiding the user to eliminate the stolen threat of the private key caused by the obtained user behavior information.
另外,分散存储私钥可以是指:通过预设门限算法,将私钥分割为几个部分,然后对各个部分进行分散式存储。这样,可以使非法分子难以获得完整的秘钥,并增加了非法分子获得完整秘钥的成本,从而可以提高秘钥的安全性。In addition, the decentralized storage of the private key may refer to: dividing the private key into several parts by a preset threshold algorithm, and then performing distributed storage on each part. In this way, it is difficult for the illegal molecule to obtain the complete secret key, and the cost of obtaining the complete secret key by the illegal molecule is increased, so that the security of the secret key can be improved.
此外,由于目前对私钥进行存储的方式大多为完整存储方式,因而当安全等级评估结果为高或中等时,为了进一步提高私钥的安全性,可以获得安全设置引导信息:分散存储私钥提醒信息,或者,可以获得安全设置引导信息:分散存储私钥至预设个安全的硬件芯片的提醒信息,这也是合理的。In addition, since the current method of storing the private key is mostly a complete storage method, when the security level evaluation result is high or medium, in order to further improve the security of the private key, the security setting guidance information can be obtained: the distributed storage private key reminder Information, or, can obtain security settings guidance information: it is reasonable to distribute the private key to the preset security chip reminder information.
在确定安全设置引导信息后,即可输出用于引导用户提高数字钱包的私钥的安全性的安全设置引导信息。由于安全设置引导信息是根据用户行为信息而得到的,因而实现了从用户行为层面分析得到:用于消除私钥被盗威胁的安全防御操作,并可以引导用户执行该安全防御操作来提高数字钱包的私钥的安全性,保证了数字钱包中资产的安全。After determining the security setting boot information, the security setting boot information for guiding the user to increase the security of the digital wallet's private key can be output. Since the security setting guidance information is obtained according to the user behavior information, it is realized from the user behavior level: the security defense operation for eliminating the private key theft threat, and can guide the user to perform the security defense operation to improve the digital wallet The security of the private key guarantees the security of the assets in the digital wallet.
由此,电子设备上的数字钱包可以获得影响该数字钱包的私钥安全的用户行为信息。然后,可以利用预设安全等级评估标准和该用户行为信息,对该电子设备的用户所执行过的用户行为进行安全等级评估,得到安全等级评估结果。之后,可以根据该安全等级评估结果,获得针对该电子设备的的安全设置引导信息,并对该安全设置引导信息进行显示。其中,由于该安全设置引导信息是用于引导用户提高数字钱包的私钥的安全性的信息。因而,通过该安全设置引导信息,用户可以获知用于消除私钥被盗威胁的安全防御操作,进而可以通过该安全防御操作来提高数字钱包的私钥的安全性,保证了数字钱包中资产的安全。Thus, the digital wallet on the electronic device can obtain user behavior information that affects the security of the private key of the digital wallet. Then, the preset security level evaluation standard and the user behavior information may be used to perform a security level assessment on the user behavior performed by the user of the electronic device, and obtain a security level evaluation result. Thereafter, based on the security level evaluation result, security setting guidance information for the electronic device can be obtained, and the security setting guidance information can be displayed. Wherein, the security setting guide information is information for guiding the user to improve the security of the digital wallet's private key. Therefore, through the security setting guiding information, the user can learn the security defense operation for eliminating the threat of the private key being stolen, and thereby the security of the digital wallet can be improved by the security defense operation, and the assets in the digital wallet are ensured. Safety.
第二方面,在获取得到第一安全检测信息和第二安全检测信息之后,本领域技术人员可以根据具体需求,来根据第一安全检测信息和/或第二安全检测信息,确定影响数字钱包的私钥的安全性的因素。In a second aspect, after obtaining the first security detection information and the second security detection information, a person skilled in the art may determine, according to the specific requirement, the digital security wallet according to the first security detection information and/or the second security detection information. The security factor of the private key.
可以理解的是,对于第一安全检测信息而言,当获得的病毒检测信息为: 发现病毒时,所确定的影响数字钱包的私钥的安全性的因素包括存在病毒。当获得的漏洞检测信息为:存在漏洞时,所确定的影响数字钱包的私钥的安全性的因素包括存在漏洞。当获得的根root权限检测信息为:根root权限开启时,所确定的影响数字钱包的私钥的安全性的因素包括根root权限被开启。当获得的网络传输安全检测信息为:非安全网络时,所确定的影响数字钱包的私钥的安全性的因素包括处于非安全传输网络。It can be understood that, for the first security detection information, when the obtained virus detection information is: When the virus is found, the determined factors affecting the security of the digital wallet's private key include the presence of the virus. When the vulnerability detection information obtained is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability. When the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is turned on. When the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network.
对于第二安全检测信息而言,当获得的读写权限检测信息为:可读可写时,所确定的影响数字钱包的私钥的安全性的因素包括:内存未进行读写保护。当获得的重打包检测信息为:为重打包的安装包时,所确定的影响数字钱包的私钥的安全性的因素包括:数字钱包的安装包为非原版安装包。当获得的私钥存储模式检测信息为:完整存储私钥时,所确定的影响数字钱包的私钥的安全性的因素包括:私钥被完整存储。For the second security detection information, when the read and write permission detection information obtained is: readable and writable, the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written. When the obtained repackaging detection information is: for the repackaged installation package, the determined factors affecting the security of the digital wallet's private key include: the digital wallet installation package is a non-original installation package. When the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
在确定影响私钥的安全性的因素之后,可以利用所确定的因素来生成提示信息,并输出所生成的提示信息,以通过该提示信息来提示用户对影响私钥的安全性的因素进行处理。After determining the factors affecting the security of the private key, the determined factors may be utilized to generate the prompt information, and the generated prompt information is output to prompt the user to process the factors affecting the security of the private key. .
例如,当确定影响私钥的安全性的因素为:存在病毒和数字钱包的安装包为非原版安装包时,生成提示信息:存在病毒威胁,请查杀病毒;数字钱包的安装包为非原版安装包,建议利用原版安装包安装数字钱包。For example, when determining the security of the private key is: when the installation package of the virus and digital wallet is a non-original installation package, generate a prompt message: there is a virus threat, please check the virus; the digital wallet installation package is not the original version Installation package, it is recommended to use the original installation package to install digital wallet.
另外,当确定影响私钥的安全性的因素还包括:漏洞、根Root权限被开启、非安全传输网络、内存未进行读写保护和私钥被完整存储时,生成的提示信息还依次包括:存在漏洞威胁,请修补漏洞;建议关闭根Root权限;当前为非安全传输网络,建议使用安全传输网络;建议对内存进行读写保护;建议启用安全存储模式来分散存储私钥。In addition, when determining the factors affecting the security of the private key, the vulnerability information, the root root permission is turned on, the non-secure transmission network, the memory is not read and written protection, and the private key is completely stored, the generated prompt information also includes: There is a vulnerability threat, please fix the vulnerability; it is recommended to turn off the root root privilege; currently it is a non-secure transport network, it is recommended to use a secure transport network; it is recommended to read and write the memory; it is recommended to enable the secure storage mode to decentralize the storage private key.
由此,数字钱包可以获取该数字钱包的运行环境的安全检测信息来作为第一安全检测信息,还可以获取自身的安全检测信息来作为第二安全检测信息。然后,可以根据获取的第一安全检测信息和/或第二安全检测信息来确定影响数字钱包的私钥安全性的因素。并可以利用确定得到的因素生成提示信息,并输出提示信息。这样,使得用户可以通过提示信息,获知电子设备中哪些因素影响数字钱包的私钥的安全,从而可以及时地对这些因素进行处理 来实现对私钥的保护,保证了数字钱包中资产的安全。Therefore, the digital wallet can obtain the security detection information of the operating environment of the digital wallet as the first security detection information, and can also obtain its own security detection information as the second security detection information. Then, factors affecting the security of the private key of the digital wallet may be determined according to the obtained first security detection information and/or second security detection information. The prompt information can be generated by using the determined factors, and the prompt information is output. In this way, the user can know which factors in the electronic device affect the security of the digital wallet's private key through the prompt information, so that these factors can be processed in time to protect the private key and ensure the security of the assets in the digital wallet.
可以理解的是,为了进一步保证私钥的安全性即保证数字钱包资产的安全性,从而向用户提供一种更安全的数字钱包,在本申请实施例中,还可以检测数字钱包所在电子设备是否安装有安全键盘,若否,提示用户安装安全键盘,在安装安全键盘之后,可以保证私钥在输入的过程中不被盗取,进一步保证了私钥的安全性。It can be understood that, in order to further ensure the security of the private key, that is, to ensure the security of the digital wallet asset, thereby providing the user with a more secure digital wallet, in the embodiment of the present application, it is also possible to detect whether the electronic device where the digital wallet is located is A security keyboard is installed. If not, the user is prompted to install a security keyboard. After the security keyboard is installed, the private key can be ensured that the private key is not stolen during the input process, thereby further ensuring the security of the private key.
其中,安全键盘是一种在电子设备的屏幕上显示的、通过鼠标点击来完成输入的、输入键位置会随机发生变动的虚拟键盘。The security keyboard is a virtual keyboard that is displayed on the screen of the electronic device and is input by a mouse click to change the position of the input key randomly.
另外,为了进一步保证私钥的安全性即保证数字钱包资产的安全性,还可以检测数字钱包是否设置有地址白名单,若否,提示用户设置地址白名单。其中,地址白名单中包括安全的交易地址和合约地址。当进行交易的交易地址和合约地址与地址白名单中的地址不匹配时,则表明该进行交易的交易地址和合约地址为存在安全威胁的地址,此时可以向用户发出危险警告,提示用户谨慎交易,从而可以保证数字钱包中资产的安全。In addition, in order to further ensure the security of the private key, that is, to ensure the security of the digital wallet asset, it is also possible to detect whether the digital wallet is provided with an address whitelist, and if not, prompt the user to set the address whitelist. Among them, the address white list includes a secure transaction address and a contract address. When the transaction address and contract address of the transaction do not match the address in the white list of the address, it indicates that the transaction address and the contract address of the transaction are addresses with security threats, and the user may be issued a danger warning to prompt the user to be cautious. Trading, thus ensuring the security of assets in the digital wallet.
当然,也可以检测数字钱包中是否设置有黑名单,若否,提示用户设置地址黑名单,其中,地址黑名单中包括危险的交易地址和合约地址,这也是合理的。Of course, it is also possible to detect whether a blacklist is set in the digital wallet. If not, the user is prompted to set an address blacklist, wherein the address blacklist includes a dangerous transaction address and a contract address, which is also reasonable.
第三方面,当生成确定目标账户存在安全隐患的资产安全检测信息时,说明该目标账户为不安全的,该目标账户对应的私钥可能被盗用,该目标账户资产存在安全隐患,即根据资产安全监测信息确定目标账户资产存在安全隐患。此时,为了更好的保证数字钱包资产的安全,可以输出警示信息,警示目标账户的用户该目标账户存在安全隐患,以使得用户执行相应的保护上述目标账户的操作。In the third aspect, when the asset security detection information indicating that the target account has a security risk is generated, the target account is insecure, and the private key corresponding to the target account may be stolen, and the target account asset has a security risk, that is, according to the asset. The security monitoring information determines that the target account assets have security risks. At this time, in order to better ensure the security of the digital wallet asset, the warning information may be output, and the user of the target account is alerted to the security risk of the target account, so that the user performs the corresponding operation of protecting the target account.
在一种实现方式中,上述警示信息可以以声音提示的形式输出,可以以屏幕亮度提示的形式输出,可以以文字信息提示的形式输出,还可以以界面跳转提示的形式输出,等等,本申请实施例并不对上述警示信息的提示形式进行限定。In an implementation manner, the foregoing warning information may be outputted in the form of an audible prompt, may be outputted in the form of a screen brightness prompt, may be outputted in the form of a text information prompt, or may be outputted in the form of an interface jump prompt, etc. The embodiment of the present application does not limit the prompting form of the above warning information.
由此,可以通过比对区块链账本中的针对目标账户的交易记录,与数字 钱包所在电子设备存储的针对目标账户的交易记录,来确定交易记录是否为合法交易,进而确定该目标账户是否存在安全隐患,当数字钱包所在电子设备所存储的目标账户对应的交易记录中不存在检测到的交易记录时,可以确定目标账户存在安全隐患,输出警示信息,以警示目标账户的用户目标账户存在安全隐患,实现对账户安全的识别。Thus, it is possible to determine whether the transaction record is a legitimate transaction by comparing the transaction record for the target account in the blockchain account with the transaction record stored by the electronic device where the digital wallet is located, and determining whether the target account is a legitimate transaction. There is a security risk. When there is no detected transaction record in the transaction record corresponding to the target account stored in the electronic device where the digital wallet is located, it may be determined that the target account has a security risk, and the warning information is output to alert the user account of the target account to exist. Security risks to achieve identification of account security.
当生成确定目标账户不存在安全隐患的资产安全检测信息时,说明该目标账户为安全的,该目标账户对应的私钥未被盗用。此时,为了更好的提高用户体验,可以继续输出当前交易记录,以提醒用户该目标账户出现交易,以便可以作为用户的资产交易的凭证。When the asset security detection information that determines that the target account does not have a security risk is generated, it indicates that the target account is secure, and the private key corresponding to the target account is not stolen. At this time, in order to better improve the user experience, the current transaction record may continue to be output to remind the user that the target account has a transaction so as to be a voucher for the user's asset transaction.
在一种情况中,输出当前交易记录时,可以是首先获得与上述目标账户所绑定的用户的通信标识,基于所获得的通信标识输出当前交易记录。具体的,上述通信标识可以为邮箱号码,此时,电子设备可以将上述当前交易记录以邮件的形式发送至上述邮箱号码对应的邮箱;上述通信标识可以为手机号码,此时,电子设备可以将上述当前交易记录以短信的形式发送至上述手机号码对应的手机上,或者,将上述当前交易记录以电话的形式发送至上述手机号码对应的手机上,用户可以接听上述电话,得知上述当前交易记录。In one case, when the current transaction record is output, the communication identifier of the user bound to the target account may be obtained first, and the current transaction record is output based on the obtained communication identifier. Specifically, the foregoing communication identifier may be a mailbox number. In this case, the electronic device may send the current transaction record to the email address corresponding to the email address in the form of an email; the communication identifier may be a mobile phone number, and at this time, the electronic device may The current transaction record is sent to the mobile phone corresponding to the mobile phone number in the form of a short message, or the current transaction record is sent to the mobile phone corresponding to the mobile phone number in the form of a phone, and the user can answer the call and learn the current transaction. recording.
在一种实现方式中,为了更好的提高用户体验,所述方法还可以包括:In an implementation manner, in order to improve the user experience, the method may further include:
周期性或非周期性地从区块链账本中,获得目标账户对应的交易记录;Periodically or aperiodically obtaining a transaction record corresponding to the target account from the blockchain ledger;
输出所获得的目标账户对应的交易记录,以使用户查看该目标账户对应的交易记录并对账。The transaction record corresponding to the obtained target account is outputted, so that the user can view the transaction record corresponding to the target account and perform the transaction.
可以理解的是,可以实时监控上述区块链账本,可以预先设置周期,每当一个周期到来,从区块链账本中,获得目标账户对应的交易记录,并输出上述目标账户对应的交易记录,以展示给用户,以使用户查看该目标账户对应的交易记录并对账。或者,每当获得用户所发出的账单获取指令,响应于上述账单获取指令,从区块链账本中,获得目标账户对应的交易记录,并输出上述目标账户对应的交易记录,以展示给用户,以使用户查看该目标账户对应的交易记录并对账。It can be understood that the blockchain book can be monitored in real time, and the cycle can be preset. Whenever a cycle arrives, the transaction record corresponding to the target account is obtained from the blockchain ledger, and the transaction record corresponding to the target account is output. To display to the user, so that the user can view the transaction record corresponding to the target account and check the account. Alternatively, each time a bill obtaining instruction issued by the user is obtained, in response to the bill obtaining instruction, the transaction record corresponding to the target account is obtained from the blockchain ledger, and the transaction record corresponding to the target account is outputted to be displayed to the user. In order for the user to view the transaction record corresponding to the target account and the account.
在一种实现方式中,在上述输出警示信息的步骤之后,该方法还可以包 括:In an implementation manner, after the step of outputting the alert information, the method may further include:
输出提示信息,以提示用户更换账户。A prompt message is output to prompt the user to change the account.
由此,为了更好的保证数字钱包的资产安全,当确定目标账户存在安全隐患,即该目标账户中的资产存在安全隐患,并输出警示信息后,可以继续向用户输出提示信息,以提示用户更换账户。其中,上述提示信息中可以包含引导用户更换账户的预设操作信息,以使得用户可以基于电子设备的引导,即上述预设操作信息,创建新的账号,即创建新的账号对应的私钥,以使得用户基于新的私钥登录新的账号,并将目标账户的资产转移至该新的账户,实现更换账户。以在一定程度上,保护用户的资产的安全。Therefore, in order to better ensure the security of the digital wallet asset, when it is determined that the target account has a security risk, that is, the asset in the target account has a security risk, and after outputting the warning information, the user may continue to output prompt information to the user to prompt the user. Change your account. The foregoing prompt information may include preset operation information for guiding the user to replace the account, so that the user can create a new account based on the guidance of the electronic device, that is, the preset operation information, that is, create a private key corresponding to the new account. The account is replaced by enabling the user to log in to the new account based on the new private key and transfer the assets of the target account to the new account. To a certain extent, to protect the security of the user's assets.
在一种实现方式中,上述警示信息可以以文字信息提示的形式输出,此时,可以以弹窗的形式输出上述警示信息,所弹出的弹窗中包含:警示目标账户的用户该目标账户存在安全隐患的信息,或者,以GCM(Google Cloud Messaging)Push的形式输出上述警示信息,上述GCM Push为一种云推送消息服务。具体的,上述输出警示信息,可以包括:In an implementation manner, the foregoing warning information may be outputted in the form of a text message prompt. At this time, the warning information may be output in the form of a pop-up window, and the pop-up pop-up window includes: the user who alerts the target account that the target account exists. The information about the security risk, or the above warning information is outputted in the form of GCM (Google Cloud Messaging) Push, which is a cloud push message service. Specifically, the foregoing output warning information may include:
以弹窗的形式,输出警示信息。The warning message is output in the form of a pop-up window.
在一种实现方式中,可以以各种各样的形式输出上述警示信息,为了更好的引起用户的关注,在上述输出警示信息的步骤之前,该方法还可以包括:In an implementation manner, the foregoing warning information may be output in various forms. In order to better attract the user's attention, before the step of outputting the warning information, the method may further include:
获得预先与目标账户绑定的用户的通信标识;Obtaining a communication identifier of a user bound in advance with the target account;
上述输出警示信息的步骤,可以包括:The foregoing steps for outputting the warning information may include:
基于所获得的用户的通信标识,输出警示信息。The warning information is output based on the obtained communication identifier of the user.
本申请实施例中,电子设备可以获得预先与目标账户绑定的用户的通信标识,在一种实现方式中,上述通信标识可以包括手机号码和/或邮箱号码,电子设备可以基于上述所获得的用户的通信标识,输出警示信息。在一种情况中,上述通信标识为邮箱号码,此时,电子设备可以将上述当警示信息以邮件的形式发送至上述邮箱号码对应的邮箱;上述通信标识为手机号码,此时,电子设备可以将上述警示信息以短信的形式发送至上述手机号码对应的手机上,或者,将上述警示信息以电话的形式发送至上述手机号码对应的手 机上,用户可以接听上述电话,得知上述警示信息。In the embodiment of the present application, the electronic device may obtain the communication identifier of the user that is bound to the target account in advance. In an implementation manner, the communication identifier may include a mobile phone number and/or a mailbox number, and the electronic device may be obtained based on the foregoing. The user's communication ID and output warning information. In one case, the communication identifier is a mailbox number. At this time, the electronic device may send the foregoing warning information to the mailbox corresponding to the mailbox number in the form of an email; the communication identifier is a mobile phone number, and at this time, the electronic device may The above warning information is sent to the mobile phone corresponding to the mobile phone number in the form of a short message, or the above warning information is sent to the mobile phone corresponding to the mobile phone number in the form of a telephone, and the user can answer the above-mentioned telephone to learn the warning information.
相应于上述方法实施例,本申请实施例还提供了一种数字钱包资产保护装置,参见图5,该装置可以包括:Corresponding to the above method embodiment, the embodiment of the present application further provides a digital wallet asset protection device. Referring to FIG. 5, the device may include:
检测模块501,用于执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;The detecting module 501 is configured to perform at least one detecting operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtain a detection result corresponding to the performed detection operation;
执行模块502,用于基于所获得的检测结果,执行预设资产保护操作。The executing module 502 is configured to perform a preset asset protection operation based on the obtained detection result.
本申请实施例中,计算机程序被处理器执行时执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果,基于所获得的检测结果,执行预设资产保护操作。本申请中,通过执行至少一个安全检测操作的方式,获得与数字钱包有关的检测结果,并基于检测结果,执行预设资产保护操作,从而达到保证用户数字钱包的资产安全的目的。In the embodiment of the present application, when the computer program is executed by the processor, at least one detecting operation of performing user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet is performed, and the detection corresponding to the performed detection operation is obtained. As a result, a preset asset protection operation is performed based on the obtained detection result. In the present application, by performing at least one security detection operation, the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
在本申请实施例的一种实现方式中,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;In an implementation manner of the embodiment of the present application, the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet;
所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
在本申请实施例的一种实现方式中,执行模块502,具体用于:基于所获得的检测结果,输出对用户的安全提示信息。In an implementation manner of the embodiment of the present application, the executing module 502 is specifically configured to: output security prompt information to the user based on the obtained detection result.
在本申请实施例的一种实现方式中,所述装置还可以包括:In an implementation manner of the embodiment of the present application, the device may further include:
处理模块,用于将所述用户行为检测操作对应的检测结果确定为第一检测结果,将所述数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将所述数字钱包的资产安全检测对应的检测结果确定为第三检测 结果;a processing module, configured to determine, as a first detection result, a detection result corresponding to the user behavior detection operation, and determine a detection result corresponding to the electronic device security detection of the digital wallet as a second detection result, where the digital wallet is The test result corresponding to the asset security test is determined as the third test result;
所述执行模块502,可以具体用于:The execution module 502 can be specifically configured to:
当所获得的检测结果为:所述第一检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result, determining security setting guidance information according to the user behavior information, and outputting security setting guidance information for guiding the user to improve security of the digital wallet private key;
当所获得的检测结果为:所述第二检测结果时,根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;When the obtained detection result is: the second detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting a prompt for prompting the user to affect the security of the private key Prompt information for processing factors;
当所获得的检测结果为:所述第三检测结果时,当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When the obtained detection result is: the third detection result, when determining that the target account asset has a security risk according to the asset security detection information, outputting the target account for alerting the target account of the digital wallet Warning information for safety hazards;
当所获得的检测结果为:所述第一检测结果和所述第二检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result and the second detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第一检测结果和所述第三检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result and the third detection result, determining security setting guidance information according to the user behavior information, and outputting a security for guiding the user to increase the private key of the digital wallet Sexual security settings guidance information;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第二检测结果和所述第三检测结果时,根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;When the obtained detection result is: the second detection result and the third detection result, determining a factor affecting the security of the private key of the digital wallet according to the security detection information, and outputting is used to prompt the user to Prompt information that affects the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示 信息;When it is determined that the target account asset has a security risk according to the asset security detection information, outputting a warning message that the target account of the target account for alerting the digital wallet has a security risk;
当所获得的检测结果为:所述第一检测结果、所述第二检测结果和所述第三检测结果时,根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;When the obtained detection result is: the first detection result, the second detection result, and the third detection result, determining safety setting guidance information according to the user behavior information, and outputting for guiding the user to improve the Security setting security information for the security of the private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
在本申请实施例的一种实现方式中,所述装置还可以包括第一获得模块,所述第一获得模块,可以包括:In an implementation manner of the embodiment of the present application, the device may further include a first obtaining module, where the first obtaining module may include:
显示单元,用于显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;a display unit, configured to display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet private key, and a check box corresponding to each preset user behavior information When a check box corresponding to the preset user behavior information is selected, it indicates that the preset user behavior information is selected;
问卷调查结果获得单元,用于获得所述预设调查问卷的问卷调查结果;a questionnaire obtaining unit for obtaining a questionnaire result of the preset questionnaire;
用户行为信息确定单元,用于将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The user behavior information determining unit is configured to determine the selected preset user behavior information in the questionnaire result as user behavior information that affects the private key security of the digital wallet.
在本申请实施例的一种实现方式中,所述执行模块502,可以包括:In an implementation manner of the embodiment of the present application, the executing module 502 may include:
安全等级评估结果获得单元,用于利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;a security level evaluation result obtaining unit, configured to obtain a security level evaluation result of the user behavior by using a preset security level evaluation standard and the user behavior information;
安全设置引导信息获得单元,用于基于所述安全等级评估结果,获得安全设置引导信息。The security setting guidance information obtaining unit is configured to obtain security setting guidance information based on the security level evaluation result.
在本申请实施例的一种实现方式中,所述预设用户行为信息可以包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。In an implementation manner of the embodiment of the present application, the preset user behavior information may include: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and only The digital password is used as at least one of the behavior information of the asset payment password.
在本申请实施例的一种实现方式中,所述安全等级评估结果获得单元,可以包括:In an implementation manner of the embodiment of the present application, the security level evaluation result obtaining unit may include:
数量确定子单元,用于确定所述用户行为信息的数量;a quantity determining subunit, configured to determine the quantity of the user behavior information;
数量范围确定子单元,用于确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;a quantity range determining subunit, configured to determine a quantity range in which the quantity is located in a preset security level evaluation criterion; wherein the preset security level evaluation standard includes: a correspondence between a quantity range and a security level;
安全等级评估结果确定子单元,用于将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level evaluation result determining sub-unit is configured to determine a security level corresponding to the quantity range in which the quantity is located, as a security level evaluation result of the user behavior.
在本申请实施例的一种实现方式中,所述安全设置引导信息获得单元,可以包括:In an implementation manner of the embodiment of the present application, the security setting guiding information obtaining unit may include:
判断子单元,用于判断所获得的安全等级评估结果是否为低,如果是,触发安全设置引导信息确定子单元;a determining subunit, configured to determine whether the obtained security level evaluation result is low, and if so, triggering the security setting guiding information determining subunit;
所述安全设置引导信息确定子单元,用于确定所获得的用户行为信息对应的安全设置引导信息;The security setting guiding information determining subunit is configured to determine security setting guiding information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
在本申请实施例的一种实现方式中,所述装置还可以包括第二获得模块,所述第二获得模块,可以包括:In an implementation manner of the embodiment of the present application, the device may further include a second obtaining module, where the second obtaining module may include:
第一安全检测信息获得单元,用于获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;a first security detection information obtaining unit, configured to obtain first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information of the electronic device where the digital wallet is located, At least one of root root authority detection information and network transmission security detection information;
第二安全检测信息获得单元,用于获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。a second security detection information obtaining unit, configured to obtain second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, the number At least one of repackaging detection information of the installation package of the wallet and private key storage mode detection information of the digital wallet.
在本申请实施例的一种实现方式中,当所述第一安全检测信息获得单元获得的病毒检测信息为:发现病毒时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;In an implementation manner of the embodiment of the present application, when the virus detection information obtained by the first security detection information obtaining unit is: when a virus is found, the security key determined by the execution module affecting the digital wallet is secure. Sexual factors include the presence of a virus;
当所述第一安全检测信息获得单元获得的漏洞检测信息为:存在漏洞时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the vulnerability detection information obtained by the first security detection information obtaining unit is: when there is a vulnerability, the factor determined by the execution module affecting the security of the private key of the digital wallet includes a vulnerability;
当所述第一安全检测信息获得单元获得的根root权限检测信息为:根root权限开启时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root authority detection information obtained by the first security detection information obtaining unit is: when the root root authority is enabled, the security factor determined by the execution module affecting the private key of the digital wallet includes the root root authority being Open
当所述第一安全检测信息获得单元获得的网络传输安全检测信息为:非安全网络时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the network transmission security detection information obtained by the first security detection information obtaining unit is an non-secure network, factors determined by the execution module affecting the security of the private key of the digital wallet include: being in a non-secure transmission network. ;
当所述第二安全检测信息获得单元获得的读写权限检测信息为:可读可写时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read/write right detection information obtained by the second security detection information obtaining unit is: readable and writable, the factors determined by the execution module affecting the security of the private key of the digital wallet include: the memory is not performed. Read and write protection;
当所述第二安全检测信息获得单元获得的重打包检测信息为:为重打包的安装包时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the repackaging detection information obtained by the second security detection information obtaining unit is: a repackaged installation package, a factor determined by the execution module to affect security of the private key of the digital wallet includes: The installation package of the digital wallet is a non-original installation package;
当所述第二安全检测信息获得单元获得的私钥存储模式检测信息为:完整存储私钥时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the private key storage mode detection information obtained by the second security detection information obtaining unit is: when the private key is completely stored, the factors determined by the execution module affecting the security of the private key of the digital wallet include: a private key It is stored completely.
在本申请实施例的一种实现方式中,所述装置还可以包括第三获得模块,所述第三获得模块,可以包括:In an implementation manner of the embodiment of the present application, the device may further include a third obtaining module, where the third obtaining module may include:
判断子单元,用于当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录,如果是,触发第一生成单元,如果否,触发第二生成单元;a determining subunit, configured to determine whether a transaction record corresponding to the target account stored by the electronic device where the digital wallet is stored exists when a transaction record for the target account of the digital wallet is generated in the blockchain ledger The detected transaction record, if yes, triggering the first generation unit, and if not, triggering the second generation unit;
所述第一生成单元,用于生成确定目标账户不存在安全隐患的资产安全检测信息;The first generating unit is configured to generate asset security detection information that determines that the target account does not have a security risk;
所述第二生成单元,用于生成确定目标账户存在安全隐患的资产安全检测信息。The second generating unit is configured to generate asset security detection information that determines that the target account has a security risk.
本申请实施例还提供了一种电子设备,如图6所示,包括处理器601、通信接口602、存储器603和通信总线604,其中,处理器601,通信接口602,存储器603通过通信总线604完成相互间的通信,The embodiment of the present application further provides an electronic device, as shown in FIG. 6, including a processor 601, a communication interface 602, a memory 603, and a communication bus 604, wherein the processor 601, the communication interface 602, and the memory 603 pass through the communication bus 604. Complete communication with each other,
存储器603,用于存放计算机程序;a memory 603, configured to store a computer program;
处理器601,用于执行存储器603上所存放的计算机程序时,实现如下方法步骤:The processor 601 is configured to perform the following method steps when executing the computer program stored on the memory 603:
执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;Performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
基于所获得的检测结果,执行预设资产保护操作。The preset asset protection operation is performed based on the obtained detection result.
本申请实施例中,电子设备执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果,基于所获得的检测结果,执行预设资产保护操作。本申请中,通过执行至少一个安全检测操作的方式,获得与数字钱包有关的检测结果,并基于检测结果,执行预设资产保护操作,从而达到保证用户数字钱包的资产安全的目的。In the embodiment of the present application, the electronic device performs at least one detection operation of the user behavior detection, the electronic device security detection of the digital wallet, and the asset security detection of the digital wallet, and obtains the detection result corresponding to the performed detection operation, based on the obtained The detection result is performed by performing a preset asset protection operation. In the present application, by performing at least one security detection operation, the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
在本申请实施例的一种实现方式中,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;In an implementation manner of the embodiment of the present application, the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet;
所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
在本申请实施例的一种实现方式中,所述方法还可以包括:In an implementation manner of the embodiment of the present application, the method may further include:
将所述用户行为检测操作对应的检测结果确定为第一检测结果,将所述数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将所述数字钱包的资产安全检测对应的检测结果确定为第三检测结果;Determining, by the first detection result, the detection result corresponding to the user behavior detection operation, determining the detection result corresponding to the electronic device security detection of the digital wallet as the second detection result, and corresponding to the asset security detection of the digital wallet The detection result is determined as the third detection result;
当所获得的检测结果为:所述第一检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当所获得的检测结果为:所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果和所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第一检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果、所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the second detection result, and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
在本申请实施例的一种实现方式中,所述影响数字钱包的私钥安全的用 户行为信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the obtaining process of the user behavior information that affects the security of the private key of the digital wallet may include:
显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;Displaying a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
获得所述预设调查问卷的问卷调查结果;Obtaining a questionnaire survey result of the preset questionnaire;
将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
在本申请实施例的一种实现方式中,所述根据所述用户行为信息,确定安全设置引导信息的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of determining the security setting guide information according to the user behavior information may include:
利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;Using the preset security level evaluation criteria and the user behavior information to obtain a security level assessment result of the user behavior;
基于所述安全等级评估结果,获得安全设置引导信息。Based on the security level evaluation result, security setting guidance information is obtained.
在本申请实施例的一种实现方式中,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。In an implementation manner of the embodiment of the present application, the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has been opened with a virus, behavior information of backing up a private key by screen capture, and only utilizing The digital password is at least one of behavioral information of the asset payment password.
在本申请实施例的一种实现方式中,所述利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information may include:
确定所述用户行为信息的数量;Determining the amount of the user behavior information;
确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;Determining, in the predetermined security level evaluation standard, the quantity range in which the quantity is located in the preset security level evaluation standard; the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
在本申请实施例的一种实现方式中,所述基于所述安全等级评估结果,获得安全设置引导信息的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of obtaining the security setting guiding information based on the security level evaluation result may include:
判断所获得的安全等级评估结果是否为低;Determine whether the obtained safety level assessment result is low;
若是,确定所获得的用户行为信息对应的安全设置引导信息;If yes, determining security setting guidance information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
在本申请实施例的一种实现方式中,所述数字钱包所在电子设备的安全检测信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the obtaining process of the security detection information of the electronic device where the digital wallet is located may include:
获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;Obtaining first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。Obtaining the second security detection information of the digital wallet itself, the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet The private key of the digital wallet stores at least one of mode detection information.
在本申请实施例的一种实现方式中,当获得的病毒检测信息为:发现病毒时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;In an implementation manner of the embodiment of the present application, when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the private key of the digital wallet include the presence of a virus;
当获得的漏洞检测信息为:存在漏洞时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
当获得的根root权限检测信息为:根root权限开启时,所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
当获得的网络传输安全检测信息为:非安全网络时,所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network;
当获得的读写权限检测信息为:可读可写时,所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read and write permission detection information obtained is: readable and writable, the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
当获得的重打包检测信息为:为重打包的安装包时,所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the obtained repackaging detection information is: for the repackaged installation package, the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
当获得的私钥存储模式检测信息为:完整存储私钥时,所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
在本申请实施例的一种实现方式中,所述数字钱包的资产安全检测信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the process of obtaining the asset security detection information of the digital wallet may include:
当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录;When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located;
如果是,生成确定目标账户不存在安全隐患的资产安全检测信息;If yes, generate asset security detection information that determines that the target account does not have a security risk;
如果否,生成确定目标账户存在安全隐患的资产安全检测信息。If not, generate asset security detection information that identifies a security risk in the target account.
上述电子设备提到的通信总线可以是外设部件互连标准(Peripheral Component Interconnect,PCI)总线或扩展工业标准结构(Extended Industry Standard Architecture,EISA)总线等。该通信总线可以分为地址总线、数据总线、控制总线等。为便于表示,图中仅用一条粗线表示,但并不表示仅有一根总线或一种类型的总线。The communication bus mentioned in the above electronic device may be a Peripheral Component Interconnect (PCI) bus or an Extended Industry Standard Architecture (EISA) bus. The communication bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in the figure, but it does not mean that there is only one bus or one type of bus.
通信接口用于上述电子设备与其他设备之间的通信。The communication interface is used for communication between the above electronic device and other devices.
存储器可以包括随机存取存储器(Random Access Memory,RAM),也可以包括非易失性存储器(Non-Volatile Memory,NVM),例如至少一个磁盘存储器。可选的,存储器还可以是至少一个位于远离前述处理器的存储装置。The memory may include a random access memory (RAM), and may also include a non-volatile memory (NVM), such as at least one disk storage. Optionally, the memory may also be at least one storage device located away from the aforementioned processor.
上述的处理器可以是通用处理器,包括中央处理器(Central Processing Unit,CPU)、网络处理器(Network Processor,NP)等;还可以是数字信号处理器(Digital Signal Processing,DSP)、专用集成电路(Application Specific Integrated Circuit,ASIC)、现场可编程门阵列(Field-Programmable Gate Array,FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。The above processor may be a general-purpose processor, including a central processing unit (CPU), a network processor (NP), etc.; or may be a digital signal processing (DSP), dedicated integration. Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware component.
本申请实施例还提供了一种计算机可读存储介质,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时实现如下方法步骤:The embodiment of the present application further provides a computer readable storage medium, where the computer readable storage medium stores a computer program, and when the computer program is executed by the processor, the following method steps are implemented:
执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;Performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
基于所获得的检测结果,执行预设资产保护操作。The preset asset protection operation is performed based on the obtained detection result.
本申请实施例中,计算机程序被处理器执行时执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果,基于所获得的检测结果,执行预设资产保护操作。本申请中,通过执行至少一个安全检测操作的方式,获得与数字钱包有关的检测结果,并基于检测结果,执行预设资产保护操作,从而达到保证用户数字钱包的资产安全的目的。In the embodiment of the present application, when the computer program is executed by the processor, at least one detecting operation of performing user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet is performed, and the detection corresponding to the performed detection operation is obtained. As a result, a preset asset protection operation is performed based on the obtained detection result. In the present application, by performing at least one security detection operation, the detection result related to the digital wallet is obtained, and based on the detection result, the preset asset protection operation is performed, thereby achieving the purpose of ensuring the asset security of the user digital wallet.
在本申请实施例的一种实现方式中,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;In an implementation manner of the embodiment of the present application, the detection result corresponding to the user behavior detection operation is user behavior information that affects the security of the private key of the digital wallet;
所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
在本申请实施例的一种实现方式中,所述方法还可以包括:In an implementation manner of the embodiment of the present application, the method may further include:
将所述用户行为检测操作对应的检测结果确定为第一检测结果,将所述数字钱包所在电子设备安全检测对应的检测结果确定为第二检测结果,将所述数字钱包的资产安全检测对应的检测结果确定为第三检测结果;Determining, by the first detection result, the detection result corresponding to the user behavior detection operation, determining the detection result corresponding to the electronic device security detection of the digital wallet as the second detection result, and corresponding to the asset security detection of the digital wallet The detection result is determined as the third detection result;
当所获得的检测结果为:所述第一检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当所获得的检测结果为:所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果和所述第二检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the second detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当所获得的检测结果为:所述第一检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the second detection result and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息;When determining that the target account asset has a security risk according to the asset security detection information, outputting warning information for the target account of the target account for alerting the digital wallet to have a security risk;
当所获得的检测结果为:所述第一检测结果、所述第二检测结果和所述第三检测结果时,所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:When the obtained detection result is: the first detection result, the second detection result, and the third detection result, the step of performing a preset asset protection operation based on the obtained detection result includes:
根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
在本申请实施例的一种实现方式中,所述影响数字钱包的私钥安全的用户行为信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the obtaining process of the user behavior information that affects the security of the private key of the digital wallet may include:
显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;Displaying a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
获得所述预设调查问卷的问卷调查结果;Obtaining a questionnaire survey result of the preset questionnaire;
将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
在本申请实施例的一种实现方式中,所述根据所述用户行为信息,确定安全设置引导信息的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of determining the security setting guide information according to the user behavior information may include:
利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全 等级评估结果;Using the preset security level evaluation criteria and the user behavior information to obtain a security level assessment result of the user behavior;
基于所述安全等级评估结果,获得安全设置引导信息。Based on the security level evaluation result, security setting guidance information is obtained.
在本申请实施例的一种实现方式中,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。In an implementation manner of the embodiment of the present application, the preset user behavior information includes: behavior information of accessing a high-risk webpage, behavior information of an email that has been opened with a virus, behavior information of backing up a private key by screen capture, and only utilizing The digital password is at least one of behavioral information of the asset payment password.
在本申请实施例的一种实现方式中,所述利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of obtaining a security level assessment result of the user behavior by using the preset security level evaluation criteria and the user behavior information may include:
确定所述用户行为信息的数量;Determining the amount of the user behavior information;
确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;Determining, in the predetermined security level evaluation standard, the quantity range in which the quantity is located in the preset security level evaluation standard; the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
在本申请实施例的一种实现方式中,所述基于所述安全等级评估结果,获得安全设置引导信息的步骤,可以包括:In an implementation manner of the embodiment of the present application, the step of obtaining the security setting guiding information based on the security level evaluation result may include:
判断所获得的安全等级评估结果是否为低;Determine whether the obtained safety level assessment result is low;
若是,确定所获得的用户行为信息对应的安全设置引导信息;If yes, determining security setting guidance information corresponding to the obtained user behavior information;
其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
在本申请实施例的一种实现方式中,所述数字钱包所在电子设备的安全检测信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the obtaining process of the security detection information of the electronic device where the digital wallet is located may include:
获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;Obtaining first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。Obtaining the second security detection information of the digital wallet itself, the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet The private key of the digital wallet stores at least one of mode detection information.
在本申请实施例的一种实现方式中,当获得的病毒检测信息为:发现病毒时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;In an implementation manner of the embodiment of the present application, when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the private key of the digital wallet include the presence of a virus;
当获得的漏洞检测信息为:存在漏洞时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
当获得的根root权限检测信息为:根root权限开启时,所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
当获得的网络传输安全检测信息为:非安全网络时,所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network;
当获得的读写权限检测信息为:可读可写时,所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read and write permission detection information obtained is: readable and writable, the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
当获得的重打包检测信息为:为重打包的安装包时,所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the obtained repackaging detection information is: for the repackaged installation package, the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
当获得的私钥存储模式检测信息为:完整存储私钥时,所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
在本申请实施例的一种实现方式中,所述数字钱包的资产安全检测信息的获得过程,可以包括:In an implementation manner of the embodiment of the present application, the process of obtaining the asset security detection information of the digital wallet may include:
当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录;When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located;
如果是,生成确定目标账户不存在安全隐患的资产安全检测信息;If yes, generate asset security detection information that determines that the target account does not have a security risk;
如果否,生成确定目标账户存在安全隐患的资产安全检测信息。If not, generate asset security detection information that identifies a security risk in the target account.
本申请实施例还提供了一种可执行程序代码,所述可执行程序代码用于被运行以执行上述任一种数字钱包资产保护方法。The embodiment of the present application also provides an executable program code for being executed to execute any of the above digital wallet asset protection methods.
需要说明的是,在本文中,诸如第一和第二等之类的关系术语仅仅用来将一个实体或者操作与另一个实体或操作区分开来,而不一定要求或者暗示这些实体或操作之间存在任何这种实际的关系或者顺序。而且,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、物品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、物品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、物品或者设备中还存在另外的相同要素。It should be noted that, in this context, relational terms such as first and second are used merely to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply such entities or operations. There is any such actual relationship or order between them. Furthermore, the term "comprises" or "comprises" or "comprises" or any other variations thereof is intended to encompass a non-exclusive inclusion, such that a process, method, article, or device that comprises a plurality of elements includes not only those elements but also Other elements, or elements that are inherent to such a process, method, item, or device. An element that is defined by the phrase "comprising a ..." does not exclude the presence of additional equivalent elements in the process, method, item, or device that comprises the element.
本说明书中的各个实施例均采用相关的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于装置实施例、电子设备实施例、上述计算机可读存储介质实施例、以及上述可执行程序代码实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in the present specification are described in a related manner, and the same or similar parts between the various embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the device embodiment, the electronic device embodiment, the above computer readable storage medium embodiment, and the above executable program code embodiment, since it is substantially similar to the method embodiment, the description is relatively simple and relevant. See the partial description of the method embodiment.
以上所述仅为本申请的较佳实施例而已,并非用于限定本申请的保护范围。凡在本申请的精神和原则之内所作的任何修改、等同替换、改进等,均包含在本申请的保护范围内。The above description is only the preferred embodiment of the present application, and is not intended to limit the scope of the present application. Any modifications, equivalent substitutions, improvements, etc. made within the spirit and principles of the present application are included in the scope of the present application.
以上所述仅为本申请的较佳实施例而已,并不用以限制本申请,凡在本申请的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本申请保护的范围之内。The above is only the preferred embodiment of the present application, and is not intended to limit the present application. Any modifications, equivalent substitutions, improvements, etc., which are made within the spirit and principles of the present application, should be included in the present application. Within the scope of protection.

Claims (27)

  1. 一种数字钱包资产保护方法,其特征在于,所述方法包括:A digital wallet asset protection method, characterized in that the method comprises:
    执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;Performing at least one detection operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
    基于所获得的检测结果,执行预设资产保护操作。The preset asset protection operation is performed based on the obtained detection result.
  2. 根据权利要求1所述的方法,其特征在于,所述用户行为检测操作对应的检测结果为影响数字钱包的私钥安全的用户行为信息;The method according to claim 1, wherein the detection result corresponding to the user behavior detecting operation is user behavior information that affects the security of the private key of the digital wallet;
    所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
    所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    若所获得的检测结果为第一检测结果,所述第一检测结果为所述用户行为检测操作对应的检测结果;则所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:If the obtained detection result is the first detection result, the first detection result is the detection result corresponding to the user behavior detection operation; and the step of performing the preset asset protection operation based on the obtained detection result, including :
    根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;Determining, according to the user behavior information, security setting guidance information, and outputting security setting guidance information for guiding a user to improve security of a private key of the digital wallet;
    若所获得的检测结果为第二检测结果,所述第二检测结果为所述数字钱包所在电子设备安全检测对应的检测结果,则所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:If the obtained detection result is the second detection result, and the second detection result is the detection result corresponding to the electronic device security detection of the digital wallet, the performing the preset asset protection operation based on the obtained detection result Steps, including:
    根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;Determining, according to the security detection information, a factor affecting the security of the private key of the digital wallet, and outputting prompt information for prompting the user to process factors affecting the security of the private key;
    若所获得的检测结果为第三检测结果,所述第三检测结果为所述数字钱包的资产安全检测对应的检测结果,则所述基于所获得的检测结果,执行预设资产保护操作的步骤,包括:If the obtained detection result is the third detection result, and the third detection result is the detection result corresponding to the asset security detection of the digital wallet, the step of performing the preset asset protection operation based on the obtained detection result ,include:
    当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。When it is determined that the target account asset has a security risk according to the asset security detection information, the user that is used to alert the target account of the digital wallet outputs the warning information of the security risk.
  4. 根据权利要求2所述的方法,其特征在于,所述影响数字钱包的私钥安全的用户行为信息的获得过程,包括:The method according to claim 2, wherein the obtaining process of the user behavior information that affects the private key of the digital wallet comprises:
    显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;Displaying a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet's private key, and a check box corresponding to each preset user behavior information; When the check box corresponding to the user behavior information is selected, it indicates that the preset user behavior information is selected;
    获得所述预设调查问卷的问卷调查结果;Obtaining a questionnaire survey result of the preset questionnaire;
    将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The selected preset user behavior information in the questionnaire result is determined as user behavior information that affects the security of the digital wallet's private key.
  5. 根据权利要求3所述的方法,其特征在于,所述根据所述用户行为信息,确定安全设置引导信息的步骤,包括:The method according to claim 3, wherein the step of determining security setting guide information according to the user behavior information comprises:
    利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;Using the preset security level evaluation criteria and the user behavior information to obtain a security level assessment result of the user behavior;
    基于所述安全等级评估结果,获得安全设置引导信息。Based on the security level evaluation result, security setting guidance information is obtained.
  6. 根据权利要求5所述的方法,其特征在于,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。The method according to claim 5, wherein the preset user behavior information comprises: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and only The digital password is used as at least one of the behavior information of the asset payment password.
  7. 根据权利要求5所述的方法,其特征在于,所述利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果的步骤,包括:The method according to claim 5, wherein the step of obtaining a security level evaluation result of the user behavior by using the preset security level evaluation criteria and the user behavior information comprises:
    确定所述用户行为信息的数量;Determining the amount of the user behavior information;
    确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;Determining, in the predetermined security level evaluation standard, the quantity range in which the quantity is located in the preset security level evaluation standard; the preset security level evaluation standard includes: a correspondence between the quantity range and the security level;
    将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level corresponding to the quantity range in which the quantity is located is determined as the security level evaluation result of the user behavior.
  8. 根据权利要求6所述的方法,其特征在于,所述基于所述安全等级评估结果,获得安全设置引导信息的步骤,包括:The method according to claim 6, wherein the step of obtaining security setting guidance information based on the security level evaluation result comprises:
    判断所获得的安全等级评估结果是否为低;Determine whether the obtained safety level assessment result is low;
    若是,确定所获得的用户行为信息对应的安全设置引导信息;If yes, determining security setting guidance information corresponding to the obtained user behavior information;
    其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  9. 根据权利要求3所述的方法,其特征在于,所述数字钱包所在电子设备的安全检测信息的获得过程,包括:The method according to claim 3, wherein the obtaining process of the security detection information of the electronic device where the digital wallet is located comprises:
    获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;Obtaining first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information, root root authority detection information, and network transmission security detection of the electronic device where the digital wallet is located At least one of the information;
    获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。Obtaining the second security detection information of the digital wallet itself, the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, and repacking detection information of the installation package of the digital wallet The private key of the digital wallet stores at least one of mode detection information.
  10. 根据权利要求9所述的方法,其特征在于,当获得的病毒检测信息为:发现病毒时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;The method according to claim 9, wherein when the obtained virus detection information is: when the virus is found, the determined factors affecting the security of the private key of the digital wallet include the presence of a virus;
    当获得的漏洞检测信息为:存在漏洞时,所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the obtained vulnerability detection information is: when there is a vulnerability, the determined factors affecting the security of the digital wallet's private key include a vulnerability;
    当获得的根root权限检测信息为:根root权限开启时,所确定的影响所述 数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root permission detection information obtained is: when the root root permission is enabled, the determined factors affecting the security of the digital wallet's private key include that the root root authority is enabled;
    当获得的网络传输安全检测信息为:非安全网络时,所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the obtained network transmission security detection information is: an unsecure network, the determined factors affecting the security of the digital wallet's private key include being in a non-secure transmission network;
    当获得的读写权限检测信息为:可读可写时,所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read and write permission detection information obtained is: readable and writable, the determined factors affecting the security of the digital wallet's private key include: the memory is not read and written;
    当获得的重打包检测信息为:为重打包的安装包时,所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the obtained repackaging detection information is: for the repackaged installation package, the determined factors affecting the security of the digital wallet private key include: the installation package of the digital wallet is a non-original installation package;
    当获得的私钥存储模式检测信息为:完整存储私钥时,所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the obtained private key storage mode detection information is: when the private key is completely stored, the determined factors affecting the security of the digital wallet's private key include: the private key is completely stored.
  11. 根据权利要求2所述的方法,其特征在于,所述数字钱包的资产安全检测信息的获得过程,包括:The method according to claim 2, wherein the obtaining process of the asset security detection information of the digital wallet comprises:
    当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录;When detecting a transaction record for the target account of the digital wallet in the blockchain ledger, determining whether there is a detected transaction record in the transaction record corresponding to the target account stored by the electronic device where the digital wallet is located;
    如果是,生成确定目标账户不存在安全隐患的资产安全检测信息;If yes, generate asset security detection information that determines that the target account does not have a security risk;
    如果否,生成确定目标账户存在安全隐患的资产安全检测信息。If not, generate asset security detection information that identifies a security risk in the target account.
  12. 根据权利要求2所述的方法,其特征在于,所述基于所获得的检测结果,执行预设资产保护操作,包括:The method according to claim 2, wherein the performing the preset asset protection operation based on the obtained detection result comprises:
    基于所获得的检测结果,输出对用户的安全提示信息。Based on the obtained detection result, the safety prompt information to the user is output.
  13. 一种数字钱包资产保护装置,其特征在于,所述装置包括:A digital wallet asset protection device, characterized in that the device comprises:
    检测模块,用于执行用户行为检测、执行数字钱包所在电子设备安全检测和执行数字钱包的资产安全检测中的至少一个检测操作,获得所执行的检测操作对应的检测结果;a detecting module, configured to perform at least one detecting operation of user behavior detection, performing electronic device security detection of the digital wallet, and performing asset security detection of the digital wallet, and obtaining a detection result corresponding to the performed detection operation;
    执行模块,用于基于所获得的检测结果,执行预设资产保护操作。An execution module is configured to perform a preset asset protection operation based on the obtained detection result.
  14. 根据权利要求13所述的装置,其特征在于,所述用户行为检测操作 对应的检测结果为影响数字钱包的私钥安全的用户行为信息;The device according to claim 13, wherein the detection result corresponding to the user behavior detecting operation is user behavior information that affects the security of the private key of the digital wallet;
    所述数字钱包所在电子设备安全检测对应的检测结果为所述数字钱包所在电子设备的安全检测信息;The detection result corresponding to the electronic device security detection of the digital wallet is the security detection information of the electronic device where the digital wallet is located;
    所述数字钱包的资产安全检测对应的检测结果为所述数字钱包的资产安全检测信息,所述资产安全检测信息为表征所述数字钱包的目标账户资产是否存在安全隐患的信息。The detection result corresponding to the asset security detection of the digital wallet is the asset security detection information of the digital wallet, and the asset security detection information is information indicating whether the target account asset of the digital wallet has a security risk.
  15. 根据权利要求14所述的装置,其特征在于,所述执行模块,具体用于:The device according to claim 14, wherein the execution module is specifically configured to:
    若所获得的检测结果为第一检测结果,所述第一检测结果为所述用户行为检测操作对应的检测结果;则根据所述用户行为信息,确定安全设置引导信息,输出用于引导用户提高所述数字钱包的私钥的安全性的安全设置引导信息;If the obtained detection result is the first detection result, the first detection result is a detection result corresponding to the user behavior detection operation; determining safety setting guidance information according to the user behavior information, and outputting is used to guide the user to improve Security setting guidance information of the security of the private key of the digital wallet;
    若所获得的检测结果为第二检测结果,所述第二检测结果为所述数字钱包所在电子设备安全检测对应的检测结果,则根据所述安全检测信息,确定影响所述数字钱包的私钥的安全性的因素,输出用于提示用户对影响私钥的安全性的因素进行处理的提示信息;If the obtained detection result is the second detection result, the second detection result is the detection result corresponding to the electronic device security detection of the digital wallet, and determining the private key affecting the digital wallet according to the security detection information. Security factor, outputting prompt information for prompting the user to deal with factors affecting the security of the private key;
    若所获得的检测结果为第三检测结果,所述第三检测结果为所述数字钱包的资产安全检测对应的检测结果,则当根据所述资产安全检测信息确定目标账户资产存在安全隐患时,输出用于警示所述数字钱包的目标账户的用户所述目标账户存在安全隐患的警示信息。If the obtained detection result is the third detection result, and the third detection result is the detection result corresponding to the asset security detection of the digital wallet, when determining that the target account asset has a security risk according to the asset security detection information, And outputting, for alerting the user of the target account of the digital wallet, that the target account has a security risk warning information.
  16. 根据权利要求14所述的装置,其特征在于,所述装置还包括第一获得模块,所述第一获得模块,包括:The device according to claim 14, wherein the device further comprises a first obtaining module, the first obtaining module comprising:
    显示单元,用于显示预设调查问卷;其中,所述预设调查问卷中记录有:影响数字钱包的私钥安全的预设用户行为信息,以及每个预设用户行为信息对应的勾选框;当一个预设用户行为信息对应的勾选框被选中时,表明该预设用户行为信息被选中;a display unit, configured to display a preset questionnaire; wherein the preset questionnaire records: preset user behavior information that affects the security of the digital wallet private key, and a check box corresponding to each preset user behavior information When a check box corresponding to the preset user behavior information is selected, it indicates that the preset user behavior information is selected;
    问卷调查结果获得单元,用于获得所述预设调查问卷的问卷调查结果;a questionnaire obtaining unit for obtaining a questionnaire result of the preset questionnaire;
    用户行为信息确定单元,用于将所述问卷调查结果中被选中的预设用户行为信息,确定为影响所述数字钱包的私钥安全的用户行为信息。The user behavior information determining unit is configured to determine the selected preset user behavior information in the questionnaire result as user behavior information that affects the private key security of the digital wallet.
  17. 根据权利要求15所述的装置,其特征在于,所述执行模块,包括:The apparatus according to claim 15, wherein the execution module comprises:
    安全等级评估结果获得单元,用于利用预设安全等级评估标准和所述用户行为信息,获得用户行为的安全等级评估结果;a security level evaluation result obtaining unit, configured to obtain a security level evaluation result of the user behavior by using a preset security level evaluation standard and the user behavior information;
    安全设置引导信息获得单元,用于基于所述安全等级评估结果,获得安全设置引导信息。The security setting guidance information obtaining unit is configured to obtain security setting guidance information based on the security level evaluation result.
  18. 根据权利要求17所述的装置,其特征在于,所述预设用户行为信息包括:访问过高危网页的行为信息、打开过携带病毒的邮件的行为信息、通过截屏备份私钥的行为信息和仅利用数字密码作为资产支付密码的行为信息中的至少一项。The device according to claim 17, wherein the preset user behavior information comprises: behavior information of accessing a high-risk webpage, behavior information of an email that has opened a virus, behavior information of backing up a private key by screen capture, and only The digital password is used as at least one of the behavior information of the asset payment password.
  19. 根据权利要求17所述的装置,其特征在于,所述安全等级评估结果获得单元,包括:The device according to claim 17, wherein the security level evaluation result obtaining unit comprises:
    数量确定子单元,用于确定所述用户行为信息的数量;a quantity determining subunit, configured to determine the quantity of the user behavior information;
    数量范围确定子单元,用于确定所述数量在预设安全等级评估标准中所位于的数量范围;其中,所述预设安全等级评估标准中包括:数量范围与安全等级的对应关系;a quantity range determining subunit, configured to determine a quantity range in which the quantity is located in a preset security level evaluation criterion; wherein the preset security level evaluation standard includes: a correspondence between a quantity range and a security level;
    安全等级评估结果确定子单元,用于将所述数量所位于的数量范围对应的安全等级,确定为用户行为的安全等级评估结果。The security level evaluation result determining sub-unit is configured to determine a security level corresponding to the quantity range in which the quantity is located, as a security level evaluation result of the user behavior.
  20. 根据权利要求18所述的装置,其特征在于,所述安全设置引导信息获得单元,包括:The device according to claim 18, wherein the security setting guide information obtaining unit comprises:
    判断子单元,用于判断所获得的安全等级评估结果是否为低,如果是,触发安全设置引导信息确定子单元;a determining subunit, configured to determine whether the obtained security level evaluation result is low, and if so, triggering the security setting guiding information determining subunit;
    所述安全设置引导信息确定子单元,用于确定所获得的用户行为信息对应的安全设置引导信息;The security setting guiding information determining subunit is configured to determine security setting guiding information corresponding to the obtained user behavior information;
    其中,当所获得的用户行为信息包括:访问过高危网页的行为信息,和/ 或,打开过携带病毒的邮件的行为信息时,所确定的安全设置引导信息包括:病毒查杀提醒信息;当所获得的用户行为信息包括:通过截屏备份私钥的行为信息时,所确定的安全设置引导信息包括:分散存储私钥提醒信息;当所获得的用户行为信息包括:仅利用数字密码作为资产支付密码的行为信息时,所确定的安全设置引导信息包括:利用生物特征密码作为资产支付密码提醒信息。Wherein, when the obtained user behavior information includes: behavior information of accessing a high-risk webpage, and/or opening behavior information of a virus-carrying email, the determined security setting guiding information includes: a virus killing reminding information; The user behavior information includes: when the action information of the private key is backed up by the screen capture, the determined security setting guidance information includes: decentralized storage private key reminder information; when the obtained user behavior information includes: using only the digital password as the asset payment password behavior When the information is used, the determined security setting guidance information includes: using the biometric password as the asset payment password reminding information.
  21. 根据权利要求15所述的装置,其特征在于,所述装置还包括第二获得模块,所述第二获得模块,包括:The device according to claim 15, wherein the device further comprises a second obtaining module, the second obtaining module comprising:
    第一安全检测信息获得单元,用于获得所述数字钱包的运行环境的第一安全检测信息,所述第一安全检测信息包括:所述数字钱包所在电子设备的病毒检测信息、漏洞检测信息、根root权限检测信息和网络传输安全检测信息中的至少一种;a first security detection information obtaining unit, configured to obtain first security detection information of an operating environment of the digital wallet, where the first security detection information includes: virus detection information, vulnerability detection information of the electronic device where the digital wallet is located, At least one of root root authority detection information and network transmission security detection information;
    第二安全检测信息获得单元,用于获得所述数字钱包自身的第二安全检测信息,所述第二安全检测信息包括:所述数字钱包所对应的内存的读写权限检测信息、所述数字钱包的安装包的重打包检测信息和所述数字钱包的私钥存储模式检测信息中的至少一种。a second security detection information obtaining unit, configured to obtain second security detection information of the digital wallet itself, where the second security detection information includes: read and write permission detection information of the memory corresponding to the digital wallet, the number At least one of repackaging detection information of the installation package of the wallet and private key storage mode detection information of the digital wallet.
  22. 根据权利要求21所述的装置,其特征在于,当所述第一安全检测信息获得单元获得的病毒检测信息为:发现病毒时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在病毒;The device according to claim 21, wherein the virus detection information obtained by the first security detection information obtaining unit is: when a virus is found, the private key determined by the execution module affecting the digital wallet Security factors include the presence of a virus;
    当所述第一安全检测信息获得单元获得的漏洞检测信息为:存在漏洞时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括存在漏洞;When the vulnerability detection information obtained by the first security detection information obtaining unit is: when there is a vulnerability, the factor determined by the execution module affecting the security of the private key of the digital wallet includes a vulnerability;
    当所述第一安全检测信息获得单元获得的根root权限检测信息为:根root权限开启时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括根root权限被开启;When the root root authority detection information obtained by the first security detection information obtaining unit is: when the root root authority is enabled, the security factor determined by the execution module affecting the private key of the digital wallet includes the root root authority being Open
    当所述第一安全检测信息获得单元获得的网络传输安全检测信息为:非安全网络时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括处于非安全传输网络;When the network transmission security detection information obtained by the first security detection information obtaining unit is an non-secure network, factors determined by the execution module affecting the security of the private key of the digital wallet include: being in a non-secure transmission network. ;
    当所述第二安全检测信息获得单元获得的读写权限检测信息为:可读可写时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:内存未进行读写保护;When the read/write right detection information obtained by the second security detection information obtaining unit is: readable and writable, the factors determined by the execution module affecting the security of the private key of the digital wallet include: the memory is not performed. Read and write protection;
    当所述第二安全检测信息获得单元获得的重打包检测信息为:为重打包的安装包时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:所述数字钱包的安装包为非原版安装包;When the repackaging detection information obtained by the second security detection information obtaining unit is: a repackaged installation package, a factor determined by the execution module to affect security of the private key of the digital wallet includes: The installation package of the digital wallet is a non-original installation package;
    当所述第二安全检测信息获得单元获得的私钥存储模式检测信息为:完整存储私钥时,所述执行模块所确定的影响所述数字钱包的私钥的安全性的因素包括:私钥被完整存储。When the private key storage mode detection information obtained by the second security detection information obtaining unit is: when the private key is completely stored, the factors determined by the execution module affecting the security of the private key of the digital wallet include: a private key It is stored completely.
  23. 根据权利要求14所述的装置,其特征在于,所述装置还包括第三获得模块,所述第三获得模块,包括:The device according to claim 14, wherein the device further comprises a third obtaining module, the third obtaining module comprising:
    判断子单元,用于当检测到区块链账本中生成针对所述数字钱包的目标账户的交易记录时,判断所述数字钱包所在电子设备所存储的所述目标账户对应的交易记录中是否存在检测到的交易记录,如果是,触发第一生成单元,如果否,触发第二生成单元;a determining subunit, configured to determine whether a transaction record corresponding to the target account stored by the electronic device where the digital wallet is stored exists when a transaction record for the target account of the digital wallet is generated in the blockchain ledger The detected transaction record, if yes, triggering the first generation unit, and if not, triggering the second generation unit;
    所述第一生成单元,用于生成确定目标账户不存在安全隐患的资产安全检测信息;The first generating unit is configured to generate asset security detection information that determines that the target account does not have a security risk;
    所述第二生成单元,用于生成确定目标账户存在安全隐患的资产安全检测信息。The second generating unit is configured to generate asset security detection information that determines that the target account has a security risk.
  24. 根据权利要求14所述的装置,其特征在于,所述执行模块,具体用于:The device according to claim 14, wherein the execution module is specifically configured to:
    基于所获得的检测结果,输出对用户的安全提示信息。Based on the obtained detection result, the safety prompt information to the user is output.
  25. 一种电子设备,其特征在于,包括处理器、通信接口、存储器和通信总线,其中,处理器,通信接口,存储器通过通信总线完成相互间的通信;An electronic device, comprising: a processor, a communication interface, a memory, and a communication bus, wherein the processor, the communication interface, and the memory complete communication with each other through the communication bus;
    存储器,用于存放计算机程序;a memory for storing a computer program;
    处理器,用于执行存储器上所存放的计算机程序时,实现权利要求1-12任一所述的方法步骤。The method of any one of claims 1-12, when the processor is configured to execute a computer program stored on the memory.
  26. 一种计算机可读存储介质,其特征在于,所述计算机可读存储介质内存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1-12任一所述的方法步骤。A computer readable storage medium, wherein the computer readable storage medium stores a computer program, the computer program being executed by a processor to implement the method steps of any of claims 1-12.
  27. 一种可执行程序代码,其特征在于,所述可执行程序代码用于被运行以执行权利要求1-12任一所述的方法步骤。An executable program code, characterized in that the executable program code is operative to perform the method steps of any of claims 1-12.
PCT/CN2018/119075 2018-02-12 2018-12-04 Asset protection method and apparatus for digital wallet, electronic device, and storage medium WO2019153857A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810146797.4 2018-02-12
CN201810146797.4A CN108320154A (en) 2018-02-12 2018-02-12 Digital wallet asset protection method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
WO2019153857A1 true WO2019153857A1 (en) 2019-08-15

Family

ID=62903064

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/119075 WO2019153857A1 (en) 2018-02-12 2018-12-04 Asset protection method and apparatus for digital wallet, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN108320154A (en)
WO (1) WO2019153857A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159774A (en) * 2019-12-11 2020-05-15 马上游科技股份有限公司 Decentralized intelligent contract escrow wallet method and system
CN111371739A (en) * 2020-02-14 2020-07-03 重庆邮电大学 Internet of things data access control method based on block chain technology

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108320154A (en) * 2018-02-12 2018-07-24 北京金山安全软件有限公司 Digital wallet asset protection method and device, electronic equipment and storage medium
CN109493024B (en) * 2018-09-29 2021-02-09 杭州复杂美科技有限公司 Digital asset hosting method, apparatus, and storage medium
CN109460982A (en) * 2018-11-09 2019-03-12 中云信安(深圳)科技有限公司 Digital asset wallet anti-dismantling device and method
CN109670799A (en) * 2018-11-12 2019-04-23 江苏南大安高区块链应用技术研究院有限公司 A kind of implementation method and device of secure digital currency hardware wallet
CN109844787A (en) * 2018-11-27 2019-06-04 区链通网络有限公司 A kind of hardware wallet, transaction system and storage medium based on block chain
CN109711834B (en) * 2018-12-27 2020-11-06 江苏恒宝智能系统技术有限公司 Address management method for block chain cold wallet
CN110310104B (en) * 2019-06-06 2022-04-08 武汉卓目科技有限公司 Self-destruction type hardware wallet
CN110310108B (en) * 2019-06-06 2022-04-08 武汉卓目科技有限公司 Novel self-destruction hardware wallet with dismantling machine
CN110414254A (en) * 2019-08-07 2019-11-05 北京艾摩瑞策科技有限公司 The cochain method and device thereof of user's investigation associated data

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150511A (en) * 2013-03-18 2013-06-12 珠海市君天电子科技有限公司 Safety protection system
CN103500305A (en) * 2013-09-04 2014-01-08 中国航天科工集团第二研究院七〇六所 System and method for malicious code analysis based on cloud computing
CN103532927A (en) * 2013-07-30 2014-01-22 北京中科金财科技股份有限公司 Financial cloud safety service platform based on mobile terminal and data protection method
CN108320154A (en) * 2018-02-12 2018-07-24 北京金山安全软件有限公司 Digital wallet asset protection method and device, electronic equipment and storage medium

Family Cites Families (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101131760A (en) * 2006-08-25 2008-02-27 阿里巴巴公司 Method and system for checking account security
CN102790819A (en) * 2011-05-17 2012-11-21 芯讯通无线科技(上海)有限公司 Mobile terminal capable of protecting privacy and method
CN103049695B (en) * 2012-12-11 2015-12-09 北京奇虎科技有限公司 A kind of method for supervising of computer virus and device
CN103020524B (en) * 2012-12-11 2015-08-05 北京奇虎科技有限公司 Computer virus supervisory system
CN104021339A (en) * 2014-06-10 2014-09-03 北京奇虎科技有限公司 Safety payment method and device for mobile terminal
EP2975570A1 (en) * 2014-07-17 2016-01-20 draglet GmbH Method and a device for securing access to wallets containing crypto-currencies
CN105893869A (en) * 2016-03-29 2016-08-24 联想(北京)有限公司 Electronic equipment and control method thereof
CN106548345B (en) * 2016-12-07 2020-08-21 北京信任度科技有限公司 Method and system for realizing block chain private key protection based on key partitioning
CN106530088B (en) * 2016-12-19 2023-11-17 杜伯仁 Method for trading certificate products based on blockchain security nodes
CN107437181A (en) * 2017-07-31 2017-12-05 努比亚技术有限公司 Prevent the method, apparatus and computer-readable recording medium of the stolen brush of account
CN107609848B (en) * 2017-11-06 2021-06-11 北京年管家信息科技有限公司 Intellectual property licensing method and system based on Internet of things

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103150511A (en) * 2013-03-18 2013-06-12 珠海市君天电子科技有限公司 Safety protection system
CN103532927A (en) * 2013-07-30 2014-01-22 北京中科金财科技股份有限公司 Financial cloud safety service platform based on mobile terminal and data protection method
CN103500305A (en) * 2013-09-04 2014-01-08 中国航天科工集团第二研究院七〇六所 System and method for malicious code analysis based on cloud computing
CN108320154A (en) * 2018-02-12 2018-07-24 北京金山安全软件有限公司 Digital wallet asset protection method and device, electronic equipment and storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ANONYMOUS: "SafeWallet (Cheetah Mobile Releases Block Chain safewallet to Overseas Users", SOHU.COM, 1 February 2018 (2018-02-01), XP055630111, Retrieved from the Internet <URL:http://www.sohu.com/a/220240143_430392> *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111159774A (en) * 2019-12-11 2020-05-15 马上游科技股份有限公司 Decentralized intelligent contract escrow wallet method and system
CN111371739A (en) * 2020-02-14 2020-07-03 重庆邮电大学 Internet of things data access control method based on block chain technology

Also Published As

Publication number Publication date
CN108320154A (en) 2018-07-24

Similar Documents

Publication Publication Date Title
WO2019153857A1 (en) Asset protection method and apparatus for digital wallet, electronic device, and storage medium
US11947688B2 (en) Secure computing system
Stolfo et al. Fog computing: Mitigating insider data theft attacks in the cloud
US10162975B2 (en) Secure computing system
US9516056B2 (en) Detecting a malware process
US10250588B1 (en) Systems and methods for determining reputations of digital certificate signers
Kalla et al. Phishing detection implementation using databricks and artificial Intelligence
CN105930726B (en) A kind of processing method and user terminal of malicious operation behavior
US20190379694A1 (en) System and method for detection of malicious interactions in a computer network
US20220270093A1 (en) System and method for detecting intrusions by recognizing unauthorized cryptocurrency transactions at an optimized cost
WO2019153780A1 (en) Method, apparatus, electronic device and storage medium for protecting private key of digital wallet
Mansfield-Devine Android malware and mitigations
US11671422B1 (en) Systems and methods for securing authentication procedures
Sriram et al. A hybrid protocol to secure the cloud from insider threats
CN109145602B (en) Lesso software attack protection method and device
US8973137B1 (en) Systems and methods for detecting illegitimate out-of-band authentication attempts
WO2020000753A1 (en) Device security monitoring method and apparatus
Saračević et al. Some specific examples of attacks on information systems and smart cities applications
WO2019153779A1 (en) Private key protection method and apparatus for digital wallet, electronic device and storage medium
Oseni et al. E-service security: taking proactive measures to guide against theft, case study of developing countries
Kanth et al. A secure framework for mollifying attacks in cloud
US12039072B2 (en) Data protection using encryption and inserted execution code
UK Cyber Security
Minnaar Organised crime and the'new more sophisticated'criminals within the cybercrime environment: how'organised'are they in the traditional sense?
Mirza et al. Security Analysis of Android Hot Cryptocurrency Wallet Applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18905502

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18905502

Country of ref document: EP

Kind code of ref document: A1