Browse Prior Art Database

Security Control In Mobile Messaging Services

IP.com Disclosure Number: IPCOM000239258D
Publication Date: 2014-Oct-23
Document File: 2 page(s) / 58K

Publishing Venue

The IP.com Prior Art Database

Abstract

A method to compare user identity for controlling social network security by making a determination as whether or not a message should be posted immediately, postponed for further verification, or even rejected if the user identity matches an existing identity according to sensitivity of the message, the user's historical records and potential victim user's influence level to minimize the risk and damage.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Security Control In Mobile Messaging Services Problem Areas :

          : Mobile messaging market (21 Billion in USA in 2013, WeChat, LINE, KaKAOTALK etc. Facebook bought WhatsApp for $19 billion) has grown and evolved tremendously and has spread to every part of the world with multiple billions of users. Coincidentally, mobile messaging has become a major target of attacks, causing significant costs and headaches to both vendors and users, and threatening future user adoption. According to the mobile messaging threat report by GSMA (http://www.gsma.com/), major forms of attacks are the uses of malware, spam, malicious or unsolicited messages to solicit confidential information, which are then used for profit purpose.

Problem:

     : It's well known that attackers use randomly-created fake identity or stolen identities to send messages. However, a less-known but more frequent threat is from the attackers who use legitimate identities. This usually involves identity imitation, in which a legitimate identity is created intentionally to be visually similar or identical, to a human or to an existing identity that is targeted. One of the most common techniques used in identity imitation is the use of a variant character that appears visually to be similar or identical to another character , but has a different code point in the character code system. Character variants exist in Asian languages, about 26.77% of commonly used characters have variants in Chinese, for example characters "

                     ". Character variants can also occur in other languages, examples of a pair of variant characters are: number "1" and letter "l", English letter "o" and Greek letter "o".

An identity can be imitated by simply replacing one character with its variant in a user identifier, and the malicious user can then use the imitated identity to pretend to be the person with the real identity to post a message or solicit replies in a mobile messaging service, resulting in potentially damaging the reputation of the victim user (e.g., privileged user, politicians, stars etc.) to sensitive data and money lost.

The current inv...