1. Field of Invention
The present invention relates to a field of network security, particularly to a method and a device for an online secure logging-on.
2. Description of Prior Art
With a development of a network, people are more and more dependent on various services based on the network, such as online shopping, online bank, online stock, online game, online friend making, Voice over IP (VoIP) and Instant Messenger (IM) communications etc. in their lives and works. How to protect security of user private information on the services is very important. The user privacy information includes an account, a password, and online registration information (such as a home telephone number, an address and an identification number etc.).
However, there are severe threats on security of the current network. Malicious codes, such as virus, Trojan and worm etc, emerge in endlessly, wherein Trojan has the greatest harm. Trojan has functions of a very strong concealment and a powerful network communications. Trojan is a program running on a computer, which generally consists of two parts, i.e. a client program and a server program. The server program is a program running on a controlled computer, which is generally small and hidden, and exists in a form of virus. When the computer is booted, the program may be enabled automatically. If there is no dedicated software for searching and killing viruses or no careful analysis, the program is hard to be found and killed. The client program is a program installed on a machine used by a controlling partner, which is generally made as a graphical interface. Thus, the machine installing the server program (or, so-called a machine being implanted by Trojan) may be manipulated on the machine installing the client program, e.g. to view a screen of a counterpart, obtain files of the counterpart and stole a password of the counterpart etc. Anyway, Trojan may achieve any of functions which may be implemented by programs, which is a so-called remote control, i.e. to control one machine with another machine.
Currently, there are various solutions for Trojan virus. Each of the solutions has its own advantages and disadvantages, which are analyzed as follows:
1. Use of Antivirus Software
Antivirus software is a method of defending Trojan which is widely used currently. Antivirus software corporations collect various samples of Trojan viruses, extract lo signature from the samples to form a virus database. The antivirus software scans for Trojan virus in a system based on the virus database, and delete the Trojan virus.
Although a technique for antivirus software is relatively mature, signature based scanning is a main technical solution for the technique. There exists some defects. Firstly, updating the virus database is of hysteresis. It takes a period of time during which samples of a Trojan are analyzed and signature are extracted so as to update the virus database, after the Trojan is spread out and captured by the antivirus software corporation. Therefore, it is difficult for the antivirus software to search and kill a new Trojan timely. Secondly, the antivirus software generally can not prevent intrusion of the Trojan effectively, and it is only a measure for remedy ex post facto. Even if the antivirus software may find the Trojan existing in the system and delete it, it may be possible that the Trojan has already stolen information such as an account and a password of a user, and then such a loss which has been caused could not be remedied even if the Trojan is cleared. Finally, current Trojans already have relatively mature approaches, such as packing, modifying signature mutually, polymorphism and variation, etc, to avoid signature scanning from the antivirus software, so that various mainstream antivirus software may not achieve an ideal effect to search and kill the Trojans.
2. Use of Host Intrusion Prevent System (HIPS)
For defects in the signature scanning technique, HIPS begins to catch more and more attentions. HIPS may monitor the operating system in the round, and filter program behaviors in a predetermined rule. All of operations which are not authorized may be intercepted. Contents to be monitored include a file operation, a procedure operation and a registry operation etc, especially some typical behaviors of Trojan viruses such as loading global hook, remote thread rejection, API HOOK and adding an autorun item in the registry etc.
HIPS has a better protection effect, but it also has obvious defects. Firstly, the use lo of HIPS is complex. The difficulty for applying HIPS is how to set the rule. Setting the rule needs the user not only to know the computer system much deeply, but also familiar with features of Trojan, virus etc. If the rule is set unreasonable, it is possible to achieve a non-ideal protection effect or affect a normal running of the system, which limit the application scope of HIPS greatly. Secondly, the performance, stability and compatibility of HIPS are not ideal, since HIPS works in a kernel mode of the system and monitors a great amount of API functions. Thus, a high resource occupancy rate may be caused, the stability of the system may be reduced, and it is possible to have a collision with other software.
3. Use of Dedicated Password Protection Software
The principle of the dedicated password protection software is similar with HIPS, which is to monitor some critical API functions, and protect a designated process. Such a product includes a 360 safe box and an account safe box etc.
This kind of password protection software generally focuses on some specific software, such as on-line bank and on-line game etc. It has greater advantages than HIPS in its stability and easy usage. However, such software may have a defense ability which is not strong enough so as to be passed by easily, since its monitoring is not in the round. For example, 360 safe box has executed Inline Hook on several functions in the core, and the protection will be invalid as long as Trojan loads a driver into the core to recover the Hook.
4. Use of Digital Certificate
The digital certificate is a protection scheme generally used in the current on-line bank. The user applies the bank for a digital certificate, and must submit the digital certificate simultaneously when he logs on his account. The digital certificate may be stored in the hard disk as a file, or in a dedicated hardware.
The digital certificate may guarantee security of the logging-on effectively. However, it is difficult to be spread and used widely, since applying and managing the certificate may be troublesome and costly, which cause a limited occasion to be used.