WO2016188402A1 - Network anti-phishing apparatus, method and system - Google Patents

Network anti-phishing apparatus, method and system Download PDF

Info

Publication number
WO2016188402A1
WO2016188402A1 PCT/CN2016/083135 CN2016083135W WO2016188402A1 WO 2016188402 A1 WO2016188402 A1 WO 2016188402A1 CN 2016083135 W CN2016083135 W CN 2016083135W WO 2016188402 A1 WO2016188402 A1 WO 2016188402A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
data
means
identification
device
random number
Prior art date
Application number
PCT/CN2016/083135
Other languages
French (fr)
Chinese (zh)
Inventor
邵通
Original Assignee
邵通
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATIONS NETWORKS
    • H04W12/00Security arrangements, e.g. access security or fraud detection; Authentication, e.g. verifying user identity or authorisation; Protecting privacy or anonymity
    • H04W12/08Access security

Abstract

The present invention is to provide a network anti-phishing apparatus, method and system, which can be used in the fields such as login to a network server, login to a game, banking payment and anti-phishing networks. When a computer terminal is used, a payment account (user name) can be hidden by using a token hiding technology. The method can be used in network payment, and the problem of user identifier protection in banking, game and other services can be solved simply and securely by combining with a good password protocol.

Description

A network of anti-phishing apparatus, a method and system FIELD

The present invention is in the field of information security. The present invention relates to a one-way function to prevent phishing identification data hiding apparatus, methods and systems. In particular, relates to a one-way function to protect the user identification data, user identification data hiding means preventing fishing methods and systems.

Background technique

Ordinary website login using the browser, usually on an HTML page website, the user enters a user name (PAN) and password (PIN). It is understood that the plaintext data transfer extremely unsafe. To solve this problem, the general way the SSL protocol and browser plug-ins.

However, these methods have various drawbacks, first with the SSL protocol, the site uses HTTPS page, you can solve the core encrypted login data (identification data) encryption issue of PAN and PIN. But there are several problems, one of which is when the user enters phishing sites, and phishing sites have legitimate credentials, apparently fishing, namely fishing site is illegally obtain the user's PAN and PIN; the second is the user enters the phishing site, the site provides HTTP page and provide login, hidden or disguised as ordinary web information transmission, so that the user can not determine or carelessness will be the key to phishing sites to obtain information of the PAN and PIN. Plug-certification program, there is a question whether the plug Trojan plug, but also ordinary users easily install software fishing areas.

Therefore, in order to enhance the protection of existing browser user key data of PAN and PIN, you need to send an encrypted form only PAN and PIN is not used in the form of a web form. In the SSL protocol, use the ideas and technology of PKI. But the Web site certificate management, distribution is a systematic project, is more complex.

To this end, we propose the use of hidden token technology to solve the problem browser phishing. Of course, the program can also address other similar fishing problem. COOKIE protection of such sites after login.

In this document, the need to use cryptographic techniques to illustrate a variety of technical solutions. H denotes a hash function or other one-way function, to be used to make a data encryption identifier.

SUMMARY

Most users "unconscious" in the hope of building security not to disclose the PIN code or authentication data on. With a PIN code to protect the safety of the general public has become a "safe habits." From a security point of view, in order to protect the user's PIN code. In fact, the user name (PAN) also should protect core data. We can put (user name PAN, PIN) as the core of a unified data a user login identification data.

Essence of the invention is to use a cryptographic function according to the user identification data and a random number, generates the authentication data and the identification mark search data hiding composition token. With hidden tokens to hide the real identity of the user. In essence using websites device and platform devices are common user identification data (and other data), as the key has been assigned. This eliminates the need to key distribution system, encryption and authentication. Of course, you can use PKI technology to hide user identification data, so no need to assign key, but still need certified public key (PKI is a complex system), or likely to suffer from a "phishing."

A system according to one aspect of the invention, anti-phishing A network, comprising: a platform means, based on the identification data, generating a token hidden; site means, based on the obtained identification data confirm hide the token to determine whether further operation; platform means means connected to the website via a network; internet site means for obtaining a network address of the device; means for obtaining platform (input) the identification data, such as PAN, and (or) the PIN; internet device based on the identification data obtained, calculated using the one-way function to retrieve the identification data; the internet device identification data and a random number, a password authentication function calculated identification data; internet identification means retrieves the identification data and hidden authentication data composed of a token transmitted to the device according to the network address of the website; hidden sites retrieved based on the identification of the token data, find the relevant user identification data item, based on the identification and authentication data of random numbers and hidden tokens to confirm the identification data, and decide whether further action.

Further, the random number in the platform means may be time data, or the frequency of data or a random number generated by a temporary, or location information, or the authentication data, or the received random number and combinations of the above.

Here, the platform device may be a browser application device that page. Here further action may be operating after the registration confirmation. After the operation may be other authentication.

According to another aspect of the invention, anti-phishing A network apparatus, comprising: means, a random number means, the device identification data, means for calculating communication; means for obtaining a network phishing website address; identification data obtaining means (input) identified data, such as the PAN, and (or) the PIN; one-way function calculating means retrieves the identification data obtained in accordance with the identification data calculation; obtaining a random number from the random number means, the random number and the identification data, computing the cryptographic function using the calculated device identification authentication data ; identification data retrieving and identifying the token authentication data composed of hiding, and the result is transmitted to the site via the communication device and a network address.

Further, the random number generating means may be a means of time, means for storing the number of times may be used, and may be a true random number generator, or geographic location information apparatus, or device authentication data, or a communication device receives the random the number and combination of the above.

Here anti-phishing network device may be a browser.

According to another aspect of the present invention, a method for anti-phishing network, comprising the step of :( A) means for obtaining internet website means a network address; (Step B) means for obtaining platform (input) the identification data; (Step C) The platform means identification data obtained, calculated using the one-way function to retrieve the identification data; (step D) according to the random number and internet device identification data, the authentication data is calculated using the cryptographic function identifier; (step E) internet search data and identification means identifying the authentication token data hiding composition, according to the network address, the device transmits to the site; (step F) according to the site to retrieve data identifying apparatus to hide the token to find the relevant user identification data item, and in accordance with the identification data and hidden authentication nonce token, confirm identification data, and decide whether further action.

Further, the random number in step D may be a time data, or the frequency of data or a random number generated by a temporary, or location information, or the authentication data, or the received random number and combinations of the above.

Also, the user identification data with a symmetric encryption key generating step for step D keyed cryptographic function, an encryption identification or authentication data (and) authentication data.

You may also have means to share data with internet site means for generating the identification data retrieval.

You can also have the device according to the current application platform devices, access to log on to the network address.

Further, it may also be any combination of all of the above methods

Here further action may be operating after the registration confirmation. After the operation may be other authentication.

BRIEF DESCRIPTION

The following figures depict the present invention by referring to, wherein

1,2,3 preventing a schematic diagram of the network system and the method of fishing FIG 1 shows a preferred embodiment;

4 a schematic view of a network device according to the anti-phishing FIG 2 shows a preferred embodiment;

detailed description

In the described embodiment of the present invention, we always use the F represents the account (the PAN, identification data, user name, etc.), H representative of one-way function (e.g. SM3), PIN representative of personal identification number (authentication data), representative of the DES symmetric encryption algorithm (e.g., SM4).

[Example 1]

The method of Example A network associated anti-phishing and system of the present embodiment shown in Fig. The system device 1 by the website, the network 2, the platform unit 3, 4 which application device. Wherein the internet site and the apparatus 1 via the network 2 connecting means 3; 4 application device 3 is connected to the platform means. Common understanding, the site is the site device, the device is the computer platform and browser application device is to be interpreted HTML web browser executed.

3 wherein the platform means comprises: F, PIN and a one-way function H; means a site comprising: a user table (F, H (F), PIN) and the one-way function H. Where F-based account (PAN).

Table 1 Safety device user to establish the steps of:

1, visit the website at any computer terminal security apparatus;

2, enter the user name and the PIN F;

3, the establishment of a website the user entry means: (F, H (F), PIN).

Landing steps are:

1, the platform device 3 according to the network address of the current application device 4, to obtain the currently logged-site device 1;

2, the user selects the internet device registration function, input 3 (obtained) F and the PIN;

3, the platform unit 3 has a random number R, F and obtain the PIN, calculating H (F) to retrieve the identification data;

4, the platform unit 3 calculates (H (F || R || PIN), R) identifies the authentication data;

5, the platform unit 3 via the network 2, according to the network address obtained in Step 1, transmitting the identification data and retrieve data identifying the authentication token to the web site consisting Hide apparatus 1;

6, hidden sites apparatus 1 receives the token (H (F), H (F || R || PIN), R), according to H (F), the user lookup table to give (F1, H (F), PIN1) ; The R, F1 and PIN1, calculating H (F1 || R || PIN1); if H (F1 || R || PIN1) = H (F || R || PIN), and F1 = F show PIN1 = PIN. Determined to be a legitimate user, allowing for further work, such as landing.

Step 1 If the device is browser from the platform, it is clear the browser can open multiple web pages. Step two in the platform and enter your user name and PIN code associated with the site requires a login. The browser can not know which page the user in the end want to log the corresponding website, it is necessary to select or login to get the current website address, select the site in general the current page. Obviously if the operating system as the platform device, then the application is the application device, the substantive requirements of this patent application to log data is input in the operating system, instead of entering in the application. So that it can prevent phishing applications. That we trust the operating system does not trust the application. In the browser point of view, we trust the security of the browser, do not trust the security of the page.

Step 3 The random number R may be generated by site apparatus 1, the transfer means to the platform 3, so that replay attacks can be prevented. Platform means may also be generated by a number of 3 time-based, such as (random number + time) as R, can also prevent replay attacks. Geographic location information may also be a platform device 3.

This embodiment of the input user name and password on the platform means, by calculating a one-way function, to implement hidden user name identification data.

Clearly, the role of H (F) is used to find the site means a data item corresponding to F, so called identification data retrieval, and the role of H (F || R || PIN) is 1 to confirm the identification device user site data F, and F is the consistency in the user device, so called certification identification data, he also authenticates the PIN is correct. Identify and retrieve data to identify hidden authentication data composed of tokens. If the random number R generated by the user device, obviously must be transmitted to the safety device identification R certification; HIDE time token further comprises a random number R.

Currently an attack phishing sites landing site. Since the device before you go to the website platform device, if no public key distribution and secret sharing data, then the user name and password can only be transferred to plain text only or equivalent safety device. In this way, when the platform means being diverted to phishing sites, then your user name and password sent to phishing sites.

Now the way to deal with phishing sites, one of which is the platform devices are issued by the site device via secure means to use the device, which can be considered to be key agreement between them, and interactive data encryption, such as the mobile phone APP. The second is to use the SSL protocol, web signature verification device using HTTPS, platform device to prevent phishing sites.

The first solution, is the essence of each site must distribute the user device. Then the distribution process to ensure safety is a big problem. The nature of the second solution is certified signature of correctness, but also a set of PKI, for there is no signature of the site can not be distinguished legitimacy. At the same time PKI signature on a number of operations in the market, mutual authentication is a difficult task. The Example 1, shows that as long as we abide by the same standard data formats, and uses the same one-way function, then we can achieve a unified login security.

The browser can be seen as the platform device, which is the way anti-phishing website browsers, devices and systems. Because when we enter the phishing sites, phishing sites can be (H (F), H (F || R || PIN), R), but he did not have F (target fishing), it is not possible to determine F; he did PIN ( Fishing goals), can not be determined PIN. The only attack is to find such PIN1 and F1 (H (F1) = H (F), H (F1 || R || PIN1) = H (F || R || PIN). First find such a collision is difficult, and because of the characteristics of one-way function, even if such a collision is found, you can not get F1 = F, PIN1 = PIN conclusions.

Here the site device may be a website, platform device may be a browser, mail client, etc. need to sign the application site.

[Example 2] salt and symmetric encryption algorithm

The method of Example A network associated anti-phishing and system of the present embodiment shown in Fig. The system device 1 by the website, the network 2, the platform unit 3, 4 which application device. Wherein the internet site and the apparatus 1 via the network 2 connecting means 3; 4 application device 3 is connected to the platform means. Common understanding, the site is the site device, the device is the computer platform and browser application device is to be interpreted HTML web browser executed.

It means 3 comprises a platform: F, PIN, a one-way function H and the symmetric encryption algorithm DES. 1 site apparatus comprising: a user table (F, H0 (F), H (PIN || SZ)), one-way function H, the value of SZ salt and the DES symmetric ciphers; wherein F is a user name (PAN), SZ salt . Here H0 (F) represented by H (F) of the first half byte (e.g. SM3 front 128), H1 (F) represents half bytes H (F) (e.g., 128 after the SM3).

Table 1 Safety device user to establish the steps of:

1, visit the website at any computer terminal security apparatus;

2, F and enter the PIN registration user name, device 1 has a salt value website SZ and H;

3, the establishment of a website the user entry means: (F, H0 (F), H (PIN || SZ)).

Landing steps are:

1, the platform device 3 according to the network address of the current application device 4, to obtain the currently logged-site device 1;

2, the user selects the internet device registration function, input 3 (obtained) F and the PIN;

3, the platform unit 3 has a random number R, F and obtain the PIN, computing H0 of (F) to retrieve the identification data;

4, the platform means 3 calculates DES H1 (F) (F⊕R⊕PIN) , R) identifies the authentication data;

5, the platform unit 3 via the network 2, according to the network address obtained in Step 1, transmitting the identification data and retrieve data identifying the authentication token to the web site consisting Hide apparatus 1;

6, hidden sites apparatus 1 receives the token (H0 (F), DES H1 (F) (F⊕R⊕PIN), R), H0 (F), the user lookup table to give (F1, H0 (F) according to, H (PIN1 || SZ)); and assuming that the R F = F1, PIN1 = DES H1 (F) (DES H1 (F) (F⊕R⊕PIN1)) ⊕R⊕F, with a salt value SZ, calculating H (PIN1 || SZ); if H (PIN1 || SZ) = H (PIN || SZ), indicates that F1 = F; also showed PIN1 = PIN. It is determined to be a legitimate user, allowing for further work, such as landing.

Step 3 The random number R may be generated by site apparatus 1, the transfer means to the platform 3, so that replay attacks can be prevented. Platform means may also be generated by a number of 3 time-based, such as (random number + time) as R, can also prevent replay attacks. Geographic location information may also be a platform device 3. Random number R may also comprise platform means 3 geographic location information.

Here retrieve data to identify the first half of H (F), the latter part of the DES key. Obviously the latter half of the front half portion can not be obtained. But when there is F, it is easy to get the two parts.

The Example 1, shows that as long as we abide by the same standard data formats, and uses the same one-way function, then we can achieve a unified login and prevent phishing phishing sites.

The core symmetric encryption algorithm using the encryption and decryption key is how to get the core of the present patent application is not working key distribution. Therefore, it can only be achieved using websites device and device platform jointly owned username F, PIN and R. Embodiments of the H1 (F), i.e. the H (F) of the half. In fact, also possible to use a portion of H (F || R) is achieved, as long as the device can find sites items from H 0 (F), and can be obtained according to the data item to the correct key. Since the site means to protect PIN, and use salt to prevent attacks; and the salt value different sites of different devices, nor will the user device public. The data can not be used in a PIN to generate a key, then the site is satisfied with the following salt protect user data PIN code embodiment.

Here the site device may be a website, platform device may be a browser, mail client, etc. need to sign the application site.

Examples 1 and 2 use the H (F) as the identification data retrieval, H-way function is disclosed in this algorithm, the attacker can be obtained cracks exhaustive F H (F). Therefore, in order to increase the difficulty of cracking, may be used instead of F || PIN generation identification data retrieved F., So that the difficulty of guessing greatly improved. In order to improve the difficulty of guessing, you can use a Web site with a user shared secret data S, using the F || PIN || S to produce identification to retrieve data. || symbols represent data before and after connection to a data, i.e., string concatenation.

[Example 3] Retrieving Data Binding PIN

The method of Example A network associated anti-phishing and system of the present embodiment shown in Fig. The system device 1 by the website, the network 2, the platform unit 3, 4 which application device. Wherein the internet site and the apparatus 1 via the network 2 connecting means 3; 4 application device 3 is connected to the platform means. Common understanding, the site is the site device, the device is the computer platform and browser application device is to be interpreted HTML web browser executed.

It means 3 comprises a platform: F, PIN, a one-way function H and the symmetric encryption algorithm DES. 1 site apparatus comprising: a user table (F, H0 (F || PIN), H (PIN || SZ)), one-way function H and the DES symmetric cryptographic algorithm; wherein F is a user name (PAN), SZ salt. Here H0 (F) represented by H (F) of the first half byte (e.g. SM3 front 128), H1 (F) represents half bytes H (F) (e.g., 128 after the SM3).

Table 1 Safety device user to establish the steps of:

1, visit the website at any computer terminal security apparatus;

2, F and enter the PIN registration user name, a site with a salt value SZ apparatus;

3, the establishment of a website the user entry means: (F, H0 (F || PIN), H (PIN || SZ)).

Landing steps are:

1, the platform device 3 according to the network address of the current application device 4, to obtain the currently logged-site device 1;

2, the user selects the internet device registration function, input 3 (obtained) F and the PIN;

3, the platform unit 3 has a random number R, F and obtain the PIN, retrieving identification data calculating H0 (F || PIN);

4, the platform unit 3 calculates (DES H1 (F) (F || PIN⊕R), R) identifies the authentication data;

5, the platform unit 3 via the network 2, according to the network address obtained in Step 1, transmitting the identification data and retrieve data identifying the authentication token to the web site consisting Hide apparatus 1;

6, the device 1 receives the site (H0 (F || PIN), DES H1 (F) (F || PIN⊕R), R), H0 (F || PIN), according to the lookup table to obtain the user (F1, H0 (F || PIN), H ( PIN1 || SZ)); has R, assuming F1 = F, then the DES H1 (F) (DES H1 ( F) (F || PIN⊕R)) to be separated PIN, the device 1 has a salt value website SZ, calculating H (PIN || SZ); if H (PIN || SZ) = H (PIN1 || SZ), indicates that F1 = F; also showed PIN1 = PIN. It is determined to be a legitimate user, allowing for further work, such as landing.

Step 3 The random number R may be generated by site apparatus 1, the transfer means to the platform 3, so that replay attacks can be prevented. Platform means may also be generated by a number of time-based, such as (random number + time) as R, can also prevent replay attacks. Geographic location information may also be a platform device 3.

Here retrieve data to identify the first half of H (F), the latter part of the DES key. Obviously the latter half of the front half portion can not be obtained. But when there is F, it is easy to get the two parts. In fact, also possible to use a portion of H (F || R) is achieved, as long as the key means and the internet site can synchronize the device.

The Example 1, shows that as long as we abide by the same standard data formats, and using the same one-way function, using the same symmetric encryption algorithm using synchronized key algorithm, then we can achieve a unified login and prevent phishing sites fishing.

As can be seen from the present embodiment, identification data may be retrieved is not a one-way function of all of the data generated. Which may be used as the identification part of the data retrieval. Which part of the site as long as the device can use the same device and platform. From the present embodiment can also be seen, may be constructed using symmetric encryption keys part-way function result of identification data, to ensure that the site of the application device has a user name, authentication can securely transfer data (such as a PIN).

This example also illustrates an embodiment of an identity authentication use data and the identification data, generating a common identifier to retrieve the data.

Here the site device may be a website, platform device may be a browser, mail client, etc. need to sign the application site.

[Example 4]

As shown in figures 2 a fourth embodiment of the present invention, the embodiment of a device associated with the apparatus of the present embodiment phishing network shown in FIG. Means 11 by the computing device, the random number means 12, a data identification means 13, communication means 14.

Internet device 1 by obtaining the network address; internet device 1 obtained from the identification data means 13 (input) the identification data, such as PAN, and (or) the PIN, the platform device 1 obtains the random number R from the random number means 12 is supplied to computing means 11; calculating means 11 calculates (H (F), H (F || R), R) hidden token, where H (F) is retrieved identification data; (H (F || R), R) that identifies the authentication data, and the results sent to the site via the communication device 14 and the network address.

Internet apparatus 1 obtains a network address, the input may be apparent. Of course, if the device is a platform browser, you can also automatically select the network address of the current page. (H (F || R), R) with one-way function calculating identification authentication data, according to Example 3, may be calculated using a known symmetric cipher function, the other needs to be changed accordingly.

Random number means 12 produce random number R, is generated each time in order to make (H (F), H (F || R), R) are inconsistent. If the attacker is calculated by connecting a user device (H (F), H (F || R), R) F. To guess, since R is a random number to the time, in order to facilitate the examination time can be hidden identifier generated, increased security, preventing playback (H (F), H (F || R), R) attack. That means the random number, may generate a fixed number (secure), time (simple random, safer), true random number time + (most secure). Obviously also be transmitted from the external device over the user received random number R, the random number R is preferably an external time + + true random number. Obviously, the user can also add the geographic location information apparatus 1, so that on the user device 1 needs to be increased further means for obtaining geographic location.

In the prior art, the user typically declare a user name (PAN), and then submit the appropriate authentication data. For the server, first find the corresponding data item information in the customer database with a user name (PAN), and then use the authentication data received authentication data with the data item, for authentication. But, in fact master server user name (PAN) and customer master username (PAN), itself also can be used as a secret. In this way, the user name (PAN) as the key is consistent with conventional technology certified on both sides, that there are many traditional authentication server and the client to master the same user name (PAN) authentication technology. But this raises the question, is the client-server can not know, how to choose a user name (PAN) to the customer's user name (PAN) conformance certification. Of course, it can be used for all user names (PAN), to match certification. This is clearly poor efficiency. So we choose, with one-way function to encrypt the user name (PAN), achieved confirm the user name (PAN) consistency of work.

Compared with the traditional dynamic token technology, the same factors that can be used time and times and the challenge random numbers, the consistency of authentication. However, the present invention is not conventional user name for the user's stated, there is no concept of the key. So there is no key distribution. In this way, the user name hidden (PAN) technology is not limited to any particular site. Just add the site name into the calculation of one-way function, users can achieve multiple sites name (PAN) of hidden input on condition that certified sites consistent with the client user name (PAN).

The method of the above described embodiments of the present invention. However, the present invention is not fully qualified for network logons, applications can also COOKIE obviously, there are other applications simply need to hide the identity authentication. While the invention has been described in the above embodiment, but it will be understood that the above description of embodiments is illustrative and not restrictive, the skilled in the art will appreciate, without departing defined by the appended claims the spirit and scope of the present invention, various modifications may be made, improvements, modifications and substitutions.

Claims (10)

  1. A network anti-phishing system, which includes:
    Platform means in accordance with the identification data, generating a token hiding;
    Site means to confirm the identification data based on the obtained hide the token to determine whether further operation;
    Means connected to the internet site via a network device;
    Platform means for obtaining the network address of the website means; means for obtaining platform (input) the identification data; internet identification means based on the obtained data, calculated using the one-way function to retrieve the identification data; internet device identification data and a random number, a password function is calculated identification authentication data; internet identification means retrieves the identification data and hidden authentication data composed of a token transmitted to the device according to the network address of the website; website based on the search means identifies the hidden data token, to find the relevant user identification data item, and the random number and Hide identification token authentication data, identification data is confirmed, and decide whether further action.
  2. The system according to claim 1, characterized in that the platform means the random number may be a time data, or the frequency of data or a random number generated by a temporary, or location information, or the authentication data, or the received random number and above combination.
  3. A network anti-phishing apparatus, comprising:
    Computing means, the random number means, the data identification means, communication means;
    Means for obtaining a network anti-phishing website address; identification data obtaining means (input) the identification data; calculating a one-way function means to obtain the identification data is calculated according to the identifier retrieving data; obtaining a random number from the random number means, data based on random numbers and symbols, calculating means calculate the identification data using a password authentication function; identification mark search data and hidden authentication data composed of a token, and transmits the result to the site via the communication device and a network address.
  4. The apparatus according to claim 3, wherein the random number generating means may be a means of time, means for storing the number of times may be used, and may be a true random number generator, or geographic location information apparatus, or device authentication data, or communication means for receiving a random number and combination of the above.
  5. A network anti-phishing method, comprising:
    A, a network device platform device obtains the website address;
    B, the platform means is obtained (input) the identification data;
    C, internet data obtained based on the identification device, calculated using the one-way function to retrieve the identification data;
    D, internet device identification data and the random number, a password authentication function calculated identification data;
    E, internet search data and identification means identifying the authentication token data hiding composition, according to the network address, the device transmits to the site;
    F, the device according to the site to retrieve data to identify hidden tokens to find relevant user identification data item, based on the identification and authentication data of random numbers and hidden tokens to confirm the identification data, and decide whether further action.
  6. The method according to claim 5, characterized in that the random number in step D may be a time data, or the frequency of data or a random number generated by a temporary, or location information, or the authentication data, or the received random number and combination of the above.
  7. The method according to claim 5, characterized in that the user identification data generation step as well as symmetric encryption key, a key for cryptographic functions Step D, encrypted identification or authentication data (and) authentication data.
  8. The method according to claim 5, characterized in that the device also share data and internet site means for generating the identification data retrieval.
  9. The method according to claim 5, characterized in that the device also according to the current internet application device, to obtain the network address of the log.
  10. The method according to claim to 9, characterized by being any combination of them.
PCT/CN2016/083135 2015-05-25 2016-05-24 Network anti-phishing apparatus, method and system WO2016188402A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510268747 2015-05-25
CN201510268747.X 2015-05-25

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201680029862 CN107615704A (en) 2015-05-25 2016-05-24 Network anti-phishing apparatus, method and system

Publications (1)

Publication Number Publication Date
WO2016188402A1 true true WO2016188402A1 (en) 2016-12-01

Family

ID=57392518

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/CN2016/083135 WO2016188402A1 (en) 2015-05-25 2016-05-24 Network anti-phishing apparatus, method and system
PCT/CN2016/083130 WO2016188401A1 (en) 2015-05-25 2016-05-24 Apparatus, method and system for hiding user identifier data

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/083130 WO2016188401A1 (en) 2015-05-25 2016-05-24 Apparatus, method and system for hiding user identifier data

Country Status (2)

Country Link
CN (2) CN107615704A (en)
WO (2) WO2016188402A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132192A1 (en) * 2003-12-11 2005-06-16 International Business Machines Corporation Efficient method for providing secure remote access
CN102624740A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Data interaction method, client and server

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070005989A1 (en) * 2003-03-21 2007-01-04 Conrado Claudine V User identity privacy in authorization certificates
CN102075937B (en) * 2011-01-06 2013-04-03 西安电子科技大学 Method for realizing mobile node identity anonymity during mobile internet protocol (IP) registration
CN102136079B (en) * 2011-03-07 2014-08-20 中兴通讯股份有限公司 Dynamic authentication method between reader and tag card and implementing device thereof
JP5275432B2 (en) * 2011-11-11 2013-08-28 株式会社東芝 Storage media, host device, memory device, and the system
CN103595710B (en) * 2013-10-25 2016-11-23 北京交通大学 An integrated network identifier connection identifier generation method

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050132192A1 (en) * 2003-12-11 2005-06-16 International Business Machines Corporation Efficient method for providing secure remote access
CN102624740A (en) * 2012-03-30 2012-08-01 奇智软件(北京)有限公司 Data interaction method, client and server

Also Published As

Publication number Publication date Type
CN107615797A (en) 2018-01-19 application
WO2016188401A1 (en) 2016-12-01 application
CN107615704A (en) 2018-01-19 application

Similar Documents

Publication Publication Date Title
Sood et al. A secure dynamic identity based authentication protocol for multi-server architecture
US7913084B2 (en) Policy driven, credential delegation for single sign on and secure access to network resources
US8539569B2 (en) Systems and methods for facilitating user authentication over a network
Tsai Efficient multi-server authentication scheme based on one-way hash function without verification table
US20070033642A1 (en) Protecting one-time-passwords against man-in-the-middle attacks
US20030081774A1 (en) Method and apparatus for dynamic generation of symmetric encryption keys and exchange of dynamic symmetric key infrastructure
US20040064706A1 (en) System and method for controlling access to multiple public networks and for controlling access to multiple private networks
US20080077791A1 (en) System and method for secured network access
US20090210712A1 (en) Method for server-side detection of man-in-the-middle attacks
Yeh et al. A secure one-time password authentication scheme using smart cards
US20120297187A1 (en) Trusted Mobile Device Based Security
Mishra et al. A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems
US20120284506A1 (en) Methods and apparatus for preventing crimeware attacks
US20100217975A1 (en) Method and system for secure online transactions with message-level validation
US20080240447A1 (en) System and method for user authentication with exposed and hidden keys
US20110093710A1 (en) Low-latency peer session establishment
US20090307486A1 (en) System and method for secured network access utilizing a client .net software component
US20080077796A1 (en) System and method for facilitating secure online transactions
US20060143695A1 (en) Anonymous Spoof resistant authentication and enrollment methods
US20140101444A1 (en) Apparatus and method for transmitting data, and recording medium storing program for executing method of the same in computer
US20090025080A1 (en) System and method for authenticating a client to a server via an ipsec vpn and facilitating a secure migration to ssl vpn remote access
Xue et al. A lightweight dynamic pseudonym identity based authentication and key agreement protocol without verification tables for multi-server architecture
Hwang et al. Improvement on Peyravian-Zunic's password authentication schemes
US20120260330A1 (en) User authentication for intermediate representational state transfer (rest) client via certificate authority
US20110231650A1 (en) Use and generation of a session key in a secure socket layer connection

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16799290

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase in:

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16799290

Country of ref document: EP

Kind code of ref document: A1