Processing method for preventing copy attack, and server and client

US 10,887,343 B2
Filed: 12/20/2019
Issued: 01/05/2021
Est. Priority Date: 05/13/2016
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving, by a server and from a client computing device, service data, wherein the service data comprises a first unique identifier and a first variable identifier stored in a local secure storage of the client computing device;

parsing, by the server, the service data to obtain the first unique identifier and the first variable identifier as parsed data;

determining, by the server, whether the first unique identifier and the first variable identifier in the parsed data are respectively identical to a second unique identifier and a second variable identifier associated with the client computing device and recorded by the server as recorded data, wherein the second unique identifier is generated by the server and uniquely identifies the client computing device, wherein the second variable identifier is a random number updated by the server each time the client computing device is triggered to use a service related to the local secure storage; and

in response to determining that either of the first unique identifier and the first variable identifier in the parsed data is not identical to the second unique identifier and the second variable identifier, respectively;

indicating, by the server, that the local secure storage of the client computing device is under a copy attack, andperforming a predetermined response action;

orin response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;

transmitting, by the server and to the client computing device, a new variable identifier to replace the first variable identifier, wherein the new variable identifier is included within next service data received from the client computing device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Service data is received by a server and from a client computing device, where the service data includes a unique identifier and a variable identifier stored in a local secure storage of the client computing device. The server parses the service data to obtain the unique identifier and the variable identifier as parsed data. The server determines whether the unique identifier and the variable identifier in the parsed data are identical to a unique identifier and a variable identifier associated with the client computing device and recorded by the server as recorded data. If the result of the determination is not identical, the server indicates that the local secure storage of the client computing device is under a copy attack, and performing a predetermined response action. If the result of the determination is identical, the server transmits a new variable identifier to the client computing device.

5 Citations

20 Claims

1. A computer-implemented method, comprising:
- receiving, by a server and from a client computing device, service data, wherein the service data comprises a first unique identifier and a first variable identifier stored in a local secure storage of the client computing device;
  
  parsing, by the server, the service data to obtain the first unique identifier and the first variable identifier as parsed data;
  
  determining, by the server, whether the first unique identifier and the first variable identifier in the parsed data are respectively identical to a second unique identifier and a second variable identifier associated with the client computing device and recorded by the server as recorded data, wherein the second unique identifier is generated by the server and uniquely identifies the client computing device, wherein the second variable identifier is a random number updated by the server each time the client computing device is triggered to use a service related to the local secure storage; and
  
  in response to determining that either of the first unique identifier and the first variable identifier in the parsed data is not identical to the second unique identifier and the second variable identifier, respectively;
  
  indicating, by the server, that the local secure storage of the client computing device is under a copy attack, andperforming a predetermined response action;
  
  orin response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
  
  transmitting, by the server and to the client computing device, a new variable identifier to replace the first variable identifier, wherein the new variable identifier is included within next service data received from the client computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, further comprising:
    - in response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
      
      receiving, by the client computing device, the new variable identifier transmitted by the server; and
      
      updating, by the client computing device, the local secure storage of the client computing device with the new variable identifier.
  - 3. The computer-implemented method of claim 1, wherein the predetermined response action comprises:
    - transmitting, by the server and to the client computing device, a message that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      sending, to the client computing device, a redistributed unique identifier and a redistributed variable identifier.
  - 4. The computer-implemented method of claim 1, wherein variable identifiers are generated through successive integer accumulation.
  - 5. The computer-implemented method of claim 1, wherein the first unique identifier and the first variable identifier are transmitted to the client computing device that is not under the copy attack, wherein to exchange of the first unique identifier and the first variable identifier between the client computing device that is not under the copy attack and the server is encrypted by asymmetric encryption or symmetric encryption.
  - 6. The computer-implemented method of claim 1, further comprising:
    - when the local secure storage of the client computing device is initialized, storing, by the client computing device and as the service data, a unique identifier and a variable identifier that are transmitted by the server and received by the client computing device; and
      
      transmitting, by the client computing device, the service data to the server.
  - 7. The computer-implemented method of claim 1, further comprising:
    - performing, by the client computing device, an identity authentication based on a message, received from the server, that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      initializing, by the client computing device, the local secure storage based on a redistributed unique identifier and a redistributed variable identifier transmitted to the client computing device by the server.

8. A non-transitory, computer-readable medium storing one or more instructions executable by a computer system to perform operations comprising:
- receiving, by a server and from a client computing device, service data, wherein the service data comprises a first unique identifier and a first variable identifier stored in a local secure storage of the client computing device;
  
  parsing, by the server, the service data to obtain the first unique identifier and the first variable identifier as parsed data;
  
  determining, by the server, whether the first unique identifier and the first variable identifier in the parsed data are respectively identical to a second unique identifier and a second variable identifier associated with the client computing device and recorded by the server as recorded data, wherein the second unique identifier is generated by the server and uniquely identifies the client computing device, wherein the second variable identifier is a random number updated by the server each time the client computing device is triggered to use a service related to the local secure storage; and
  
  in response to determining that either of the first unique identifier and the first variable identifier in the parsed data is not identical to the second unique identifier and the second variable identifier, respectively;
  
  indicating, by the server, that the local secure storage of the client computing device is under a copy attack, andperforming a predetermined response action;
  
  orin response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
  
  transmitting, by the server and to the client computing device, a new variable identifier to replace the first variable identifier, wherein the new variable identifier is included within next service data received from the client computing device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory, computer-readable medium of claim 8, further comprising:
    - in response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
      
      receiving, by the client computing device, the new variable identifier transmitted by the server; and
      
      updating, by the client computing device, the local secure storage of the client computing device with the new variable identifier.
  - 10. The non-transitory, computer-readable medium of claim 8, wherein the predetermined response action comprises:
    - transmitting, by the server and to the client computing device, a message that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      sending, to the client computing device, a redistributed unique identifier and a redistributed variable identifier.
  - 11. The non-transitory, computer-readable medium of claim 8, wherein variable identifiers are generated through successive integer accumulation.
  - 12. The non-transitory, computer-readable medium of claim 8, wherein the first unique identifier and the first variable identifier are transmitted to the client computing device that is not under the copy attack, wherein exchange of the first unique identifier and the first variable identifier between the client computing device that is not under the copy attack and the server is encrypted by asymmetric encryption or symmetric encryption.
  - 13. The non-transitory, computer-readable medium of claim 8, further comprising:
    - when the local secure storage of the client computing device is initialized, storing, by the client computing device and as the service data, a unique identifier and a variable identifier that are transmitted by the server and received by the client computing device; and
      
      transmitting, by the client computing device, the service data to the server.
  - 14. The non-transitory, computer-readable medium of claim 8, further comprising:
    - performing, by the client computing device, an identity authentication based on a message, received from the server, that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      initializing, by the client computing device, the local secure storage based on a redistributed unique identifier and a redistributed variable identifier transmitted to the client computing device by the server.

15. A computer-implemented system, comprising:
- one or more computers; and
  
  one or more computer memory devices interoperably coupled with the one or more computers and having tangible, non-transitory, machine-readable media storing one or more instructions that, when executed by the one or more computers, perform one or more operations comprising;
  
  receiving, by a server and from a client computing device, service data, wherein the service data comprises a first unique identifier and a first variable identifier stored in a local secure storage of the client computing device;
  
  parsing, by the server, the service data to obtain the first unique identifier and the first variable identifier as parsed data;
  
  determining, by the server, whether the first unique identifier and the first variable identifier in the parsed data are respectively identical to a second unique identifier and a second variable identifier associated with the client computing device and recorded by the server as recorded data, wherein the second unique identifier is generated by the server and uniquely identifies the client computing device, wherein the second variable identifier is a random number updated by the server each time the client computing device is triggered to use a service related to the local secure storage; and
  
  in response to determining that either of the first unique identifier and the first variable identifier in the parsed data is not identical to the second unique identifier and the second variable identifier, respectively;
  
  indicating, by the server, that the local secure storage of the client computing device is under a copy attack, andperforming a predetermined response action;
  
  orin response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
  
  transmitting, by the server and to the client computing device, a new variable identifier to replace the first variable identifier, wherein the new variable identifier is included within next service data received from the client computing device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-implemented system of claim 15, further comprising:
    - in response to determining that the first unique identifier and the first variable identifier in the parsed data are identical to the second unique identifier and the second variable identifier, respectively;
      
      receiving, by the client computing device, the new variable identifier transmitted by the server; and
      
      updating, by the client computing device, the local secure storage of the client computing device with the new variable identifier.
  - 17. The computer-implemented system of claim 15, wherein the predetermined response action comprises:
    - transmitting, by the server and to the client computing device, a message that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      sending, to the client computing device, a redistributed unique identifier and a redistributed variable identifier.
  - 18. The computer-implemented system of claim 15, wherein variable identifiers are generated through successive integer accumulation, and wherein the first unique identifier and the first variable identifier are transmitted to the client computing device that is not under the copy attack, wherein exchange of the first unique identifier and the first variable identifier between the client computing device that is not under the copy attack and the server is encrypted by asymmetric encryption or symmetric encryption.
  - 19. The computer-implemented system of claim 15, further comprising:
    - when the local secure storage of the client computing device is initialized, storing, by the client computing device and as the service data, a unique identifier and a variable identifier that are transmitted by the server and received by the client computing device; and
      
      transmitting, by the client computing device, the service data to the server.
  - 20. The computer-implemented system of claim 15, further comprising:
    - performing, by the client computing device, an identity authentication based on a message, received from the server, that an identity authentication needs to be performed by the client computing device with respect to a user corresponding to the service data; and
      
      after the identity authentication succeeds;
      
      initializing, by the client computing device, the local secure storage based on a redistributed unique identifier and a redistributed variable identifier transmitted to the client computing device by the server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Original Assignee
Advanced New Technologies Company Limited (Ant Group Co., Ltd.)
Inventors
Li, Xiaofeng
Primary Examiner(s)
Ullah, Sharif E

Application Number

US16/722,832
Publication Number

US 20200128045A1
Time in Patent Office

382 Days
Field of Search

726 23, 726 2, 726 21, 726 36, 713150, 713163, 713181, 380255, 380264, 380276
US Class Current
CPC Class Codes

G06F 12/1458   by checking the subject acc...

G06F 21/44   Program or device authentic...

G06F 21/55   Detecting local intrusion o...

G06F 2212/1052   Security improvement

G06F 2212/154   Networked environment

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 67/01   Protocols

H04L 9/002   Countermeasures against att...

H04L 9/0891   Revocation or update of sec...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3226   using a predetermined code,...

Processing method for preventing copy attack, and server and client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Processing method for preventing copy attack, and server and client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links