US2016171494A1PendingUtilityA1

Software behavior monitoring and verification system

42
Assignee: UNIV TONGJIPriority: Jan 6, 2014Filed: Jun 23, 2014Published: Jun 16, 2016
Est. expiryJan 6, 2034(~7.5 yrs left)· nominal 20-yr term from priority
H04L 63/1425G06Q 20/405G06Q 20/3829H04L 63/1416G06F 21/6218G06Q 20/38215G06Q 20/40G06Q 20/02
42
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

The present invention relates to a software behavior monitoring and verification system, which is composed of three parts including a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system. The software behavior certificate is formed according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform; the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform, and the user client; after receiving data packets of interaction information in the transaction that are respectively submitted by the three-party monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets, and compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors such as disorder and identity spoofing. By using key parameters such as URL exchanged among the three parties, a legal normal interaction process in the transaction of the three parties is defined, and a software behavior certificate is provided.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A software behavior monitoring and verification system, wherein
 the system is composed of three parts comprising a software behavior certificate, a three-party software behavior monitor, and a real-time software behavior verification system, wherein   the software behavior certificate is formed by a professional according to three-party communications data packets in a correct transaction process among a user, an E-Commerce website, and a third-party payment platform to define normal legal interaction behavior of the three parties, and the software behavior certificate is a software behavior model formed corresponding to interaction modes between the E-Commerce website, the third-party payment platform, and a user client;   the three-party software behavior monitor is a data packet monitor installed on the E-Commerce website, the third-party payment platform and the user client, and is used to monitor, in real time, data packets transmitted among the three parties in a complete transaction, and extract and integrate necessary parameter information (comprising a URL address and a parameter) in the data packets, so as to send key information to the real-time software behavior verification system; the three-party software behavior monitor is based on jpcap, and mainly captures HTTP data packets, and extracts URL addresses and parameter information in the data packets, a serial number of the E-Commerce website and a serial number of the third-party payment platform in the three parties of the transaction, and then establishes a socket connection with the real-time software behavior verification system, and sends the key information to the real-time software behavior verification system by using a TCP data packet; and   after receiving data packets of interaction information in the transaction that are respectively submitted by the three-party software behavior monitor, the real-time software behavior verification system extracts and integrates key sequences and information in the data packets; compares a user behavior interaction sequence with the software behavior model in real time according to a global unique order number, and sends an alarm and terminates the transaction in the case of illegal behaviors comprising disorder and identity spoofing.   
     
     
         2 . The software behavior monitoring and verification system as in  claim 1 , wherein software behavior defined in the software behavior certificate has behavior logic, which is reflected in that:
 1) each transition_node in the software behavior certificate is a behavior node; data packets captured by any of the three parties are grouped into two categories: received message and sent message, which respectively correspond to input and output in the transition_node; the received message and the sent message need to meet such a logical sequence that the received message is prior to the sent message; and the captured behavior sequence is compared with the corresponding transition_node, and once the logical sequence is not met, an alarm is sent;   2) the real-time software behavior verification system further compares a current subject of the received message or the sent message with a subject name recorded by an attribute attri in the certificate behavior node (transition_node); and if they are inconsistent, it indicates that an unauthorized user performs an identity spoofing attack, and an alarm is sent immediately;   3) a place_node defines a logical sequence between behavior nodes, the behavior nodes (transition_node) are arranged according to a particular transaction sequence, and once a skip or disorder occurs, it indicates that the legal normal transaction process is broken and an irregular operation occurs, and an alarm is sent immediately.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.