CN109428869B - Phishing attack defense method and authorization server - Google Patents
Phishing attack defense method and authorization server Download PDFInfo
- Publication number
- CN109428869B CN109428869B CN201710769431.8A CN201710769431A CN109428869B CN 109428869 B CN109428869 B CN 109428869B CN 201710769431 A CN201710769431 A CN 201710769431A CN 109428869 B CN109428869 B CN 109428869B
- Authority
- CN
- China
- Prior art keywords
- client
- user
- authorization
- identity
- authorization server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/18—Network architectures or network communication protocols for network security using different networks or channels, e.g. using out of band channels
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
Abstract
The invention discloses a phishing attack defense method and an authorization server by utilizing OAuth authentication, and relates to the field of network security. The defense method comprises the following steps: the authorization server responds to the guiding operation of the client to the user and verifies the identity of the client according to the redirection uniform resource identifier URI in the client authentication application; the authorization server prompts the client terminal identity to the user so that the user can decide whether to give authorization to the client terminal according to the prompt content. Therefore, support is provided for the user to decide whether to authorize, the part of defense utilizes the phishing attack of OAuth authentication, and the security risk that the OAuth authorization is stolen is reduced.
Description
Technical Field
The present invention relates to the field of network security, and in particular, to a phishing attack defense method using Open Authorization (OAuth) authentication and an Authorization server.
Background
OAuth is a widely used open standard. The third-party application can access the information stored by the user at the service provider under the condition of user authorization, and the authorization does not touch user account information such as a user name, a password and the like.
Phishing attacks are a criminal fraud process by masquerading as reputable corporate media to obtain personal sensitive information such as user names, passwords, and credit card details.
At present, an accurate fishing attack is very difficult to identify. If the user receives a prompt account number which is abnormal, the user needs to reconfirm the logged mail, and because the OAuth interface is counterfeited and the certificate is also in a green standard safety state, the user is difficult to distinguish true from false. Therefore, the authorization code information of the user can be stolen by an attacker, and the information of the user is leaked.
Disclosure of Invention
The invention provides a phishing attack defense scheme utilizing OAuth authentication, which can reduce the security risk that OAuth authorization is stolen.
The invention provides a phishing attack defense method utilizing OAuth authentication, which comprises the following steps:
the authorization server responds to the guiding operation of the client to the user and verifies the identity of the client according to the redirection uniform resource identifier URI in the client authentication application;
the authorization server prompts the client terminal identity to the user so that the user can decide whether to give authorization to the client terminal according to the prompt content.
In one embodiment, the verifying, by the authorization server, the client identity according to the redirect uniform resource identifier URI in the client authentication application includes:
and the authorization server compares the redirection URI in the client authentication application with an application list of the authorization server, and determines the identity attribute of the application matched with the redirection URI as the identity of the client after finding the application matched with the redirection URI.
In one embodiment, the defense method further comprises:
the authorization server responds to the operation of the user for authorizing the client, acquires the mobile phone number of the user, generates a short message verification code and sends the short message verification code to the mobile phone of the user; the short message verification code, the client ID and the state random value in the client authentication application are stored in an authorization server in an associated manner;
the authorization server receives a short message verification code submitted by a user, and compares the short message verification code submitted by the user with a short message verification code corresponding to a client ID and a state random value which are stored in a correlated manner;
and the authorization server issues an authorization code to the client under the condition that the comparison result is consistent.
In one embodiment, the defense method further comprises: and the authorization server responds to the token application of the client, checks the redirection URI and the authorization code in the token application, and then sends the token to the client so that the client can access the resource stored in the resource server by the user through the token.
In one embodiment, the authorization server prompts the user for the client identity in an authorization interface.
The invention also provides a phishing attack defense authorization server using OAuth authentication, which comprises:
the identity verification module is used for responding to the guiding operation of the client to the user and verifying the identity of the client according to the redirection uniform resource identifier URI in the client authentication application;
and the identity prompting module is used for prompting the identity of the client to the user so that the user can determine whether to give authorization to the client according to the prompting content.
In one embodiment, the identity verification module is specifically configured to: and comparing the redirection URI in the client authentication application with an application list of the authorization server, and determining the identity attribute of the application matched with the redirection URI as the identity of the client after finding the application matched with the redirection URI.
In one embodiment, the authorization server further comprises:
the short message sending module is used for responding to the operation of the user for giving authorization to the client, acquiring the mobile phone number of the user, generating a short message verification code and sending the short message verification code to the mobile phone of the user; the short message verification code, the client ID and the state random value in the client authentication application are stored in an authorization server in an associated manner;
the short message verification module is used for receiving a short message verification code submitted by a user and comparing the short message verification code submitted by the user with a short message verification code corresponding to a client ID and a state random value which are stored in a correlated mode;
and the authorization code module is used for issuing an authorization code to the client under the condition that the comparison result is consistent.
In one embodiment, the authorization server further comprises: and the token module is used for responding to the token application of the client, checking the redirection URI and the authorization code in the token application, and then sending the token to the client so that the client can access the resource stored in the resource server by using the token.
In an embodiment, the identity prompting module is specifically configured to prompt the identity of the client to the user in an authorization interface.
The present invention also provides a phishing attack defense apparatus using OAuth authentication, comprising:
a memory; and
a processor coupled to the memory, the processor configured to execute the aforementioned phishing attack defense method based on instructions stored in the memory.
The present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the phishing attack defense method described previously.
The invention provides an identity authentication mechanism aiming at the client authentication application, prompts the client identity to the user and provides support for the user to decide whether to authorize or not, thereby defending part of phishing attacks utilizing OAuth authentication and reducing the security risk of stealing OAuth authorization. In addition, by a short message verification mechanism, phishing attacks caused by counterfeiting of the user can be prevented, and the security risk that OAuth authorization is stolen is reduced.
Other features of the present invention and advantages thereof will become apparent from the following detailed description of exemplary embodiments thereof, which proceeds with reference to the accompanying drawings.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
Fig. 1 is a schematic flow chart of an embodiment of a phishing attack defense method implemented based on identity prompting and using open authorization OAuth authentication according to the present invention.
Fig. 2 is a schematic flow chart of an embodiment of a phishing attack defense method implemented by using open authorization OAuth authentication based on a short message verification mechanism according to the present invention.
Fig. 3 is a schematic flow chart of an embodiment of a phishing attack defense method implemented based on dual authentication and using open authorization OAuth authentication according to the present invention.
Fig. 4 is a schematic structural diagram of a phishing attack defense authorization server using open authorization OAuth authentication according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a phishing attack defense authorization server using open authorization OAuth authentication according to still another embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a phishing attack defense apparatus utilizing open authorization OAuth authentication according to an embodiment of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
The invention provides a method for defending phishing attacks utilizing OAuth authentication and reducing the security risk of stealing OAuth authorization.
Example 1
The embodiment provides an identity authentication mechanism aiming at the client authentication application, prompts the client identity to the user and provides support for the user to decide whether to authorize or not, so that part of phishing attack using OAuth authentication is defended, and the security risk that the OAuth authorization is stolen is reduced.
Fig. 1 is a schematic flow chart of an embodiment of a phishing attack defense method implemented based on identity prompting and using open authorization OAuth authentication according to the present invention.
As shown in fig. 1, the method of the present embodiment includes:
step 110: a user accesses a client via a user agent (e.g., a browser), which directs the user to an authorization server of a service provider for authentication.
The authentication application of the client includes the following parameters:
response _ type: which indicates the type of authorization that is to be granted,
client _ id: which represents the ID of the client and indicates the client ID,
redirect _ uri: represents a redirection Uniform Resource Identifier (URI),
scope: which is indicative of the scope of the rights to be granted,
and (5) state: representing the current state of the client, may specify an arbitrary value, also called a state random value,
the authorization server returns this value as is.
Step 120: and the authorization server verifies the identity of the client according to the redirection URI in the client authentication application.
One exemplary way for the authorization server to verify the identity of the client is as follows: and the authorization server compares the client redirection URI (redirect _ URI) with the application list of the authorization server, determines the identity attribute of the application matched with the redirection URI (redirect _ URI) after finding the application matched with the redirection URI (redirect _ URI), and takes the identity attribute as the identity of the client. The identity of the client may pertain to, for example, but is not limited to, an official application or a third party application, or to an authenticated application or an unauthenticated application, etc. The identity of the client may represent the trustworthiness of the client. Generally, official applications are more trusted than third party applications, and authenticated applications are more trusted than unauthenticated applications.
In order to improve the comparison efficiency, the regular expression can be used for describing the application records in the redirection URI and the application list, then, the client redirection URI is compared with the application list of the authorization server side, and the application matched with the redirection URI is searched.
Step 130: the authorization server prompts the client terminal identity to the user so that the user can decide whether to give authorization to the client terminal according to the prompt content.
The authorization server can prompt the client identity on an authorization interface, and the user determines whether to give authorization to the client according to prompt content on the authorization interface. And after the user agrees to give authorization to the client, the authorization server sends an authorization code to the client.
For example, the user may be given authorization for an official application or an authenticated application or an application that the user confirms is to use by himself. The user may be unauthorized for third-party applications that are unknown to the user, or third-party applications that are not used by the user, or unauthenticated applications.
Therefore, support is provided for the user to decide whether to authorize, the part of defense utilizes the phishing attack of OAuth authentication, and the security risk that the OAuth authorization is stolen is reduced.
Example 2
The embodiment provides a short message verification mechanism, prevents phishing attacks caused by counterfeiting of the user, and reduces the security risk of the OAuth authorization being stolen.
Fig. 2 is a schematic flow chart of an embodiment of a phishing attack defense method implemented by using open authorization OAuth authentication based on a short message verification mechanism according to the present invention.
As shown in fig. 2, the method of the present embodiment includes:
step 210: a user accesses a client via a user agent (e.g., a browser), which directs the user to an authorization server of a service provider for authentication. Refer specifically to step 110.
Step 220: if the user gives authorization to the client, step 230 is performed.
Step 230: the authorization server obtains the mobile phone number of the user, generates a short message verification code and sends the short message verification code to the mobile phone of the user. The short message verification code, the client ID (client _ ID) and the state random value (state) are stored in the authorization server in a correlation manner. The user submits the short message verification code on the mobile phone to an authorization server, the authorization server compares the short message verification code submitted by the user with the short message verification code corresponding to the client ID (client _ ID) and the state random value (state) which are stored in a correlated manner, if the short message verification code and the client ID are inconsistent, the user authentication fails, the process is finished, the user is possibly counterfeited, and the authentication fails because an illegal user cannot obtain the effective short message verification code; if the two are consistent, the user authentication is passed, the authorization server gives authorization to the client and issues an authorization code to the client.
Therefore, phishing attacks caused by the fact that the user is counterfeited are prevented, and the security risk that OAuth authorization is stolen is reduced.
Example 3
The embodiment combines the client identity verification and prompt mechanism with the short message verification mechanism, prevents phishing attack by using OAuth authentication, and reduces the security risk of the OAuth authorization being stolen.
Fig. 3 is a schematic flow chart of an embodiment of a phishing attack defense method implemented based on dual authentication and using open authorization OAuth authentication according to the present invention.
As shown in fig. 3, the method of the present embodiment includes:
step 310: a user accesses a client via a user agent (e.g., a browser), which directs the user to an authorization server of a service provider for authentication. Refer specifically to step 110.
Step 320: and the authorization server verifies the identity of the client according to the client redirection URI, prompts the identity of the client to the user through the user agent, and the user determines whether to give authorization to the client according to the prompting content. With particular reference to steps 120 and 130.
If the user does not authorize the client, the client authentication is not passed, and the process is ended; if the user gives authorization to the client, step 330 is entered for further authentication.
Step 330: if the user gives authorization to the client, the authorization server acquires the mobile phone number of the user, generates a short message verification code and sends the short message verification code to the mobile phone of the user. The short message verification code, the client ID (client _ ID) and the state random value (state) are stored in the authorization server in a correlation manner. The user submits the short message verification code on the mobile phone to an authorization server, the authorization server compares the short message verification code submitted by the user with the short message verification code corresponding to the client ID (client _ ID) and the state random value (state) which are stored in a correlated manner, if the short message verification code and the client ID are inconsistent, the user authentication fails, the process is finished, the user is possibly counterfeited, and the authentication fails because an illegal user cannot obtain the effective short message verification code; if the two are consistent, the user authentication is passed, and the authorization server gives authorization to the client, and step 340 is executed.
Step 340: if the authorization server gives authorization to the client, the authorization server directs the user to a redirect URI (redirect _ URI) through which the client authentication passes, and attaches an authorization code to send the client.
Step 350: the client applies for a token from the authorization server using the client ID (client _ ID), redirect URI (redirect _ URI) and authorization code.
Step 360: and after the authorization server checks that the redirect URI (redirect _ URI) and the authorization code are correct, the authorization server sends a token to the client.
Step 370: the client accesses the resource server of the service provider by using the token, thereby acquiring the resources stored in the resource server by the user.
The steps 350 to 370 may also be performed after the client side obtains the authorization code in embodiments 1 and 2, which is not described herein again.
Therefore, by double authentication, the phishing attack by using OAuth authentication can be prevented better, and the security risk that OAuth authorization is stolen is reduced.
Example 4
The present embodiment provides a phishing attack defense authorization server 400 using open authorization OAuth authentication, and referring to fig. 4, the authorization server 400 includes:
the identity verification module 410 is used for responding to the guiding operation of the client to the user and verifying the identity of the client according to the redirection uniform resource identifier URI in the client authentication application;
and the identity prompting module 420 is used for prompting the identity of the client to the user so that the user can decide whether to give authorization to the client according to the prompting content.
In an embodiment, the identity verification module 410 is specifically configured to: and comparing the redirection URI in the client authentication application with an application list of the authorization server, and determining the identity attribute of the application matched with the redirection URI as the identity of the client after finding the application matched with the redirection URI.
In an embodiment, the identity prompting module 420 is specifically configured to prompt the client identity to the user in an authorization interface.
Referring to fig. 5, the authorization server 500 further includes:
the short message sending module 530 is used for responding to the operation of the user for giving the authorization to the client, acquiring the mobile phone number of the user, generating a short message verification code and sending the short message verification code to the mobile phone of the user; the short message verification code, the client ID and the state random value in the client authentication application are stored in an authorization server in an associated manner;
the short message verification module 540 is configured to receive a short message verification code submitted by a user, and compare the short message verification code submitted by the user with a short message verification code corresponding to a client ID and a state random value stored in association with the short message verification code;
and an authorization code module 550, configured to issue an authorization code to the client when the comparison result is consistent.
Referring to fig. 5, the authorization server 500 further includes: and the token module 560 is configured to, in response to a token application of the client, check the redirect URI and the authorization code in the token application, and then send the token to the client, so that the client accesses the resource stored in the resource server by using the token.
Therefore, the phishing attack using OAuth authentication is prevented, and the security risk that OAuth authorization is stolen is reduced.
Example 5
The present embodiment provides a phishing attack defense apparatus 600 using open authorization OAuth authentication, and referring to fig. 6, the apparatus 600 of the embodiment includes: a memory 610 and a processor 620 coupled to the memory 610, the processor 620 being configured to execute a phishing attack defense method with open authorization OAuth authentication in any of the aforementioned embodiments based on instructions stored in the memory 610.
The apparatus 600 may also include an input-output interface 630, a network interface 640, a storage interface 650, and the like. These interfaces 630, 640, 650 and the connections between the memory 610 and the processor 620 may be, for example, via a bus 660. The input/output interface 630 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, and a touch screen. The network interface 640 provides a connection interface for various networking devices. The storage interface 650 provides a connection interface for external storage devices such as an SD card and a usb disk.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
Claims (10)
1. A phishing attack defense method utilizing open authorization OAuth authentication is characterized by comprising the following steps:
the authorization server responds to the guiding operation of the client to the user, and verifies the identity of the client according to the redirection uniform resource identifier URI in the client authentication application, and the verification of the identity of the client by the authorization server according to the redirection uniform resource identifier URI in the client authentication application comprises the following steps: the authorization server compares the redirection URI in the client authentication application with an application list of the authorization server, and after finding the application matched with the redirection URI, the identity attribute of the application matched with the redirection URI is determined as the identity of the client, and the identity of the client represents the credibility of the client;
the authorization server prompts the client terminal identity to the user so that the user can decide whether to give authorization to the client terminal according to the prompt content.
2. The method of claim 1, further comprising:
the authorization server responds to the operation of the user for authorizing the client, acquires the mobile phone number of the user, generates a short message verification code and sends the short message verification code to the mobile phone of the user; the short message verification code, the client ID and the state random value in the client authentication application are stored in an authorization server in an associated manner;
the authorization server receives a short message verification code submitted by a user, and compares the short message verification code submitted by the user with a short message verification code corresponding to a client ID and a state random value which are stored in a correlated manner;
and the authorization server issues an authorization code to the client under the condition that the comparison result is consistent.
3. The method of claim 2, further comprising:
and the authorization server responds to the token application of the client, checks the redirection URI and the authorization code in the token application, and then sends the token to the client so that the client can access the resource stored in the resource server by the user through the token.
4. The method of claim 1, wherein the authorization server prompts the user for the client identity in an authorization interface.
5. A phishing attack defense authorization server using open authorization OAuth authentication, comprising:
the identity verification module is used for responding to the guiding operation of the client to the user and verifying the identity of the client according to the redirection uniform resource identifier URI in the client authentication application, and comprises the following steps: comparing the redirection URI in the client authentication application with an application list of an authorization server, and determining the identity attribute of the application matched with the redirection URI as the identity of the client after finding the application matched with the redirection URI, wherein the identity of the client represents the credibility of the client;
and the identity prompting module is used for prompting the identity of the client to the user so that the user can determine whether to give authorization to the client according to the prompting content.
6. The authorization server of claim 5, further comprising:
the short message sending module is used for responding to the operation of the user for giving authorization to the client, acquiring the mobile phone number of the user, generating a short message verification code and sending the short message verification code to the mobile phone of the user; the short message verification code, the client ID and the state random value in the client authentication application are stored in an authorization server in an associated manner;
the short message verification module is used for receiving a short message verification code submitted by a user and comparing the short message verification code submitted by the user with a short message verification code corresponding to a client ID and a state random value which are stored in a correlated mode;
and the authorization code module is used for issuing an authorization code to the client under the condition that the comparison result is consistent.
7. The authorization server of claim 6, further comprising:
and the token module is used for responding to the token application of the client, checking the redirection URI and the authorization code in the token application, and then sending the token to the client so that the client can access the resource stored in the resource server by using the token.
8. The authorization server of claim 5, wherein the identity prompt module is specifically configured to prompt the client identity to the user in an authorization interface.
9. A phishing attack defense apparatus using open authorization OAuth authentication, comprising:
a memory; and
a processor coupled to the memory, the processor configured to execute the phishing attack defense method of any one of claims 1-4 based on instructions stored in the memory.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the phishing attack defense method according to any one of claims 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710769431.8A CN109428869B (en) | 2017-08-31 | 2017-08-31 | Phishing attack defense method and authorization server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710769431.8A CN109428869B (en) | 2017-08-31 | 2017-08-31 | Phishing attack defense method and authorization server |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109428869A CN109428869A (en) | 2019-03-05 |
| CN109428869B true CN109428869B (en) | 2021-04-27 |
Family
ID=65505220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710769431.8A Active CN109428869B (en) | 2017-08-31 | 2017-08-31 | Phishing attack defense method and authorization server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109428869B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112260983B (en) * | 2020-07-01 | 2023-04-18 | 北京沃东天骏信息技术有限公司 | Identity authentication method, device, equipment and computer readable storage medium |
| CN114079569A (en) * | 2020-07-31 | 2022-02-22 | 中移(苏州)软件技术有限公司 | Open authorization method and device, equipment and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103283204A (en) * | 2010-11-24 | 2013-09-04 | 西班牙电信公司 | Method for authorizing access to protected content |
| CN104539589A (en) * | 2014-12-10 | 2015-04-22 | 华为软件技术有限公司 | Authorization method, server and client |
| CN106341234A (en) * | 2015-07-17 | 2017-01-18 | 华为技术有限公司 | Authorization method and device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10404699B2 (en) * | 2014-02-18 | 2019-09-03 | Oracle International Corporation | Facilitating third parties to perform batch processing of requests requiring authorization from resource owners for repeat access to resources |
-
2017
- 2017-08-31 CN CN201710769431.8A patent/CN109428869B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103283204A (en) * | 2010-11-24 | 2013-09-04 | 西班牙电信公司 | Method for authorizing access to protected content |
| CN104539589A (en) * | 2014-12-10 | 2015-04-22 | 华为软件技术有限公司 | Authorization method, server and client |
| CN106341234A (en) * | 2015-07-17 | 2017-01-18 | 华为技术有限公司 | Authorization method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109428869A (en) | 2019-03-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20190281028A1 (en) | System and method for decentralized authentication using a distributed transaction-based state machine | |
| CN107135073B (en) | Interface calling method and device | |
| US9641521B2 (en) | Systems and methods for network connected authentication | |
| JP4861417B2 (en) | Extended one-time password method and apparatus | |
| US9053318B2 (en) | Anti-cloning system and method | |
| US10530763B2 (en) | Late binding authentication | |
| US20220394026A1 (en) | Network identity protection method and device, and electronic equipment and storage medium | |
| US10445487B2 (en) | Methods and apparatus for authentication of joint account login | |
| CN108259406B (en) | Method and system for verifying SSL certificate | |
| WO2016188335A1 (en) | Access control method, apparatus and system for user data | |
| KR20150033053A (en) | User authentication method and apparatus | |
| CN112688773A (en) | Token generation and verification method and device | |
| WO2017084569A1 (en) | Method for acquiring login credential in smart terminal, smart terminal, and operating systems | |
| US20220150707A1 (en) | Authentication method and terminal device | |
| US10834074B2 (en) | Phishing attack prevention for OAuth applications | |
| CN107453871B (en) | Password generation method, password verification method, payment method and payment device | |
| CN113726774A (en) | Client login authentication method, system and computer equipment | |
| CN109428869B (en) | Phishing attack defense method and authorization server | |
| US20230198751A1 (en) | Authentication and validation procedure for improved security in communications systems | |
| KR20210116407A (en) | Cross authentication method and system between online service server and client | |
| KR101879843B1 (en) | Authentication mehtod and system using ip address and short message service | |
| US10354243B2 (en) | Authentication method and a server | |
| KR102284876B1 (en) | System and method for federated authentication based on biometrics | |
| CN108965335B (en) | Method for preventing malicious access to login interface, electronic device and computer medium | |
| KR102016976B1 (en) | Unified login method and system based on single sign on service |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |