Security Control In Mobile Messaging Services
Publication Date: 2014-Oct-23
The IP.com Prior Art Database
A method to compare user identity for controlling social network security by making a determination as whether or not a message should be posted immediately, postponed for further verification, or even rejected if the user identity matches an existing identity according to sensitivity of the message, the user's historical records and potential victim user's influence level to minimize the risk and damage.
Page 01 of 2
Security Control In Mobile Messaging Services Problem Areas :
: Mobile messaging market (21 Billion in USA in 2013, WeChat, LINE, KaKAOTALK etc. Facebook bought WhatsApp for $19 billion) has grown and evolved tremendously and has spread to every part of the world with multiple billions of users. Coincidentally, mobile messaging has become a major target of attacks, causing significant costs and headaches to both vendors and users, and threatening future user adoption. According to the mobile messaging threat report by GSMA (http://www.gsma.com/), major forms of attacks are the uses of malware, spam, malicious or unsolicited messages to solicit confidential information, which are then used for profit purpose.
: It's well known that attackers use randomly-created fake identity or stolen identities to send messages. However, a less-known but more frequent threat is from the attackers who use legitimate identities. This usually involves identity imitation, in which a legitimate identity is created intentionally to be visually similar or identical, to a human or to an existing identity that is targeted. One of the most common techniques used in identity imitation is the use of a variant character that appears visually to be similar or identical to another character , but has a different code point in the character code system. Character variants exist in Asian languages, about 26.77% of commonly used characters have variants in Chinese, for example characters "
". Character variants can also occur in other languages, examples of a pair of variant characters are: number "1" and letter "l", English letter "o" and Greek letter "o".
An identity can be imitated by simply replacing one character with its variant in a user identifier, and the malicious user can then use the imitated identity to pretend to be the person with the real identity to post a message or solicit replies in a mobile messaging service, resulting in potentially damaging the reputation of the victim user (e.g., privileged user, politicians, stars etc.) to sensitive data and money lost.
The current inv...