Unlock instant, AI-driven research and patent intelligence for your innovation.

Phishing Attack Defense Method and Authorization Server

An authorization server and phishing attack technology, which is applied in the field of authorization server, can solve the problems of difficult identification of precise phishing attacks, leakage of user information, and difficulty in distinguishing between true and false, so as to reduce the security risk of OAuth authorization being stolen and reduce security risks Effect

Active Publication Date: 2021-04-27
CHINA TELECOM CORP LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] At present, there is a precision phishing attack that is very difficult to identify
If the user receives an email indicating that the account is abnormal and needs to reconfirm the login, since it is a counterfeit OAuth interface, the certificate is also in the green security state, so it is difficult to distinguish between true and false
In this way, the user's authorization code information will be stolen by the attacker, resulting in the leakage of user information.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Phishing Attack Defense Method and Authorization Server
  • Phishing Attack Defense Method and Authorization Server
  • Phishing Attack Defense Method and Authorization Server

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0043] This embodiment provides an identity authentication mechanism for client authentication applications, and prompts the client identity to the user to provide support for the user to decide whether to authorize, thereby preventing some phishing attacks using OAuth authentication and reducing the security risk of OAuth authorization being stolen.

[0044] figure 1 It is a schematic flowchart of an embodiment of the method for defending against phishing attacks using open authorization OAuth authentication based on identity prompts in the present invention.

[0045] Such as figure 1 As shown, the method of the present embodiment includes:

[0046] Step 110: the user accesses the client through a user agent (such as a browser), and the client directs the user to the authorization server of the service provider to apply for authentication.

[0047] Wherein, the authentication application of the client includes the following parameters, for example:

[0048] response_type: ...

Embodiment 2

[0062] This embodiment provides a short message verification mechanism to prevent phishing attacks due to counterfeiting of users and reduce the security risk of OAuth authorization being stolen.

[0063] figure 2 It is a schematic flowchart of an embodiment of a phishing attack defense method using open authorization OAuth authentication implemented based on a short message verification mechanism in the present invention.

[0064] Such as figure 2 As shown, the method of the present embodiment includes:

[0065] Step 210: The user accesses the client through a user agent (such as a browser), and the client directs the user to the authorization server of the service provider to apply for authentication. Refer to step 110 for details.

[0066] Step 220: If the user authorizes the client, go to step 230.

[0067] Step 230: The authorization server obtains the mobile phone number of the user, generates a verification code via SMS, and sends it to the mobile phone of the use...

Embodiment 3

[0070] This embodiment combines the client identity verification and prompt mechanism with the SMS verification mechanism to prevent phishing attacks using OAuth authentication and reduce the security risk of OAuth authorization being stolen.

[0071] image 3 It is a schematic flowchart of an embodiment of a method for defending against phishing attacks using open authorization OAuth authentication based on double authentication in the present invention.

[0072] Such as image 3 As shown, the method of the present embodiment includes:

[0073] Step 310: the user accesses the client through a user agent (such as a browser), and the client directs the user to the authorization server of the service provider to apply for authentication. Refer to step 110 for details.

[0074] Step 320: The authorization server verifies the identity of the client according to the redirection URI of the client, and prompts the user through the user agent for the identity of the client, and the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a phishing attack defense method and an authorization server using OAuth authentication, and relates to the field of network security. The defense method includes: the authorization server responds to the client's guidance operation to the user, and verifies the client's identity according to the redirection uniform resource identifier URI in the client authentication application; the authorization server prompts the client's identity to the user, so that the user The content of the prompt determines whether to authorize the client. Therefore, it provides support for users to decide whether to authorize, defends against some phishing attacks using OAuth authentication, and reduces the security risk of OAuth authorization being stolen.

Description

technical field [0001] The invention relates to the field of network security, in particular to a phishing attack defense method and an authorization server utilizing open authorization (OAuth, OpenAuthorization) authentication. Background technique [0002] OAuth is a widely used open standard. The third-party application can access the user's information stored in the service provider under the premise of the user's authorization, and this authorization will not touch the user's account information, such as user name and password. [0003] Phishing is the criminal fraudulent process of obtaining sensitive personal information such as usernames, passwords, and credit card details by masquerading as a reputable legal entity. [0004] There is currently a precision phishing attack that is very difficult to identify. If the user receives an email indicating that the account is abnormal and needs to re-confirm the login, since the OAuth interface is counterfeit and the certif...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06
CPCH04L63/0807H04L63/0876H04L63/1483H04L63/18
Inventor 周能侯艳芳
Owner CHINA TELECOM CORP LTD