System and method for realizing Phishing identification based on challenge password token

Abstract

The invention discloses a system and a method for realizing Phishing identification based on a challenge password token, which are used in the information technology field to solve the problem of account information being stolen for illegal use. The system comprises: an identification code generating module, which is in a website and is used for generating a set of dynamic identification code according to a website identification code, personal account information inputted by the user and a present time factor when a user carries out account operation; and a challenge password token, which is used for generating a set of dynamic authentication code and carrying out website identity authentication by matching the dynamic identification code with the dynamic authentication code. The system of the invention, through the real-time adding of website identification factor and time factor, generates the dynamic website identification code according to the factors. Then, the challenge password token also generates the dynamic authentication code and carries out the website identity authentication according to the website identification code, so that when the user logins in or carries out account operation, the website identity authentication is enhanced to avoid the user transaction action being tampered with; and association information undergoes diversified expansion to increase security during password authentication.

Description

technical field [0001] The invention relates to the field of information technology, in particular to a system and method for identifying phishing websites based on challenge password tokens. Background technique [0002] With the development of smart card applications, users have higher and higher requirements for smart card application functions. It is hoped that smart cards can provide more and more application functions to meet the safety, convenience and diversification of people during use. need. [0003] However, while the networking of the information application system realizes information sharing and extensive and in-depth application, it also brings about the problem of data security. If there is no sufficient security guarantee, information storage, sharing and transmission on the public communication network may be blocked. Illegal eavesdropping, interception, tampering or destruction, the development of information technology makes information security issues ...

AI Technical Summary

Problems solved by technology

Since the password used by the user is different each time, even if the hacker intercepts the password once, it cannot use this password to impersonate a legitimate user

[0005] Dynamic password authentication has strengthened the security of users' account information access and other operations to a certain extent, but it still cannot guarantee the security in the event of information theft.

For example, some current phishing websites, by introducing users to illegal websites, provide a user interface very similar to regular online banking websites, and induce users to enter their own account information, such as user names, passwords and even bank accounts, without vigilance. Dynamic authentication password, the phishing website immediately logs in to the official online banking website after obtaining the information, and then performs online banking operations, such as transfer or online banking consumption, causing great losses to users

Images