Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Apparatus and Methord to Protect Authentication Info from Authendication Phishing

IP.com Disclosure Number: IPCOM000223668D
Publication Date: 2012-Nov-22
Document File: 3 page(s) / 64K

Publishing Venue

The IP.com Prior Art Database

Abstract

Currently, authentication services(such as, OpenID, OAuth) play more and more important position in internet, and it seems that in the near future, people can login to any internet site with only one pair of username and password. In this way, end user enjoys convenient and good user experience. But on the other hand phishing site against OpenID, OAuth authentication will be more harmful. This invention provides a solution to protect user's authentication info form phishing, especially authendication is through third-part authentication services. There are 3 components in the invention, a monitor, a protector and a reproter. Monitor can discover any authentication information input. Protector validates the authentication information receiver, and prevents the send to a illegal receiver. Reporter can prompt user for further actions.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 3

Apparatus and Methord to Protect Authentication Info from Authendication Phishing

Today, public site is more and more depends on 3rd-part authentication services to authenticate user. And the phishing site against 3rd part authentication services are


1. take much loss, because the authentication info shared in many sites


2. hard to discover for the end user, because 3rd-part authentication services need redirect to finish the authentication.

This is a example about a OpenID phishing. Malicious relying party may forward the end-user to a bogus identity provider authentication page which ask the end-user input their credentials. On completion of this, the malicious party (who in this case also control the bogus authentication page) could then have access to the end-user's account with the identity provider, and as such then use that end-user's OpenID to log into other services.

This invention present a apparatus and method to prevent the user password from leaking out by phishing site, which pretend to be a valid3rd part authentication service (OpenID, OAuth) provider.

When a authentication service asks for user's name and/or password, the system will identify whether the service provider is valid. If it is a valid one, the invention will do nothing, and user can login. And if it is not a valid one, the invention will block the access, and warning the user and may report the phishing site to a central registry.

Phishing OpenID service which steals user OpenID username and password, need...