WO2009038657A3 - Method and apparatus for preventing phishing attacks - Google Patents

Method and apparatus for preventing phishing attacks Download PDF

Info

Publication number
WO2009038657A3
WO2009038657A3 PCT/US2008/010573 US2008010573W WO2009038657A3 WO 2009038657 A3 WO2009038657 A3 WO 2009038657A3 US 2008010573 W US2008010573 W US 2008010573W WO 2009038657 A3 WO2009038657 A3 WO 2009038657A3
Authority
WO
WIPO (PCT)
Prior art keywords
user
message
personal attribute
dynamic personal
remote server
Prior art date
Application number
PCT/US2008/010573
Other languages
French (fr)
Other versions
WO2009038657A2 (en
Inventor
Paulo A Santos
Maarten Wegdam
Original Assignee
Lucent Technologies Inc
Paulo A Santos
Maarten Wegdam
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc, Paulo A Santos, Maarten Wegdam filed Critical Lucent Technologies Inc
Priority to KR1020107006161A priority Critical patent/KR101148627B1/en
Priority to JP2010525807A priority patent/JP2010539618A/en
Priority to CN200880107742.7A priority patent/CN101919219B/en
Publication of WO2009038657A2 publication Critical patent/WO2009038657A2/en
Publication of WO2009038657A3 publication Critical patent/WO2009038657A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing

Abstract

The invention includes a method and apparatus for preventing phishing attacks. A first method, for informing a user that a remote server is valid, includes receiving a request for information available from the remote server where the request includes an identifier (408), obtaining a dynamic personal attribute associated with the user using the identifier (412), and propagating the dynamic personal attribute toward the user (414), wherein the dynamic personal attribute is adapted for use by the user in validating the remote server (420). The remote server may be a web server, an authentication server, or any other remote device with which the user may desire to authenticate. A second method, for informing a user that a received message is associated with a valid website, includes obtaining a dynamic personal attribute associated with a user, generating a message for the user where the message is adapted to enable the user to request a website and includes the dynamic personal attribute associated with the user (604), and propagating the message toward the user (606). The received message may be any type of message, such as an email message, an instant message, a text message, and the like.
PCT/US2008/010573 2007-09-19 2008-09-10 Method and apparatus for preventing phishing attacks WO2009038657A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
KR1020107006161A KR101148627B1 (en) 2007-09-19 2008-09-10 Method and apparatus for preventing phishing attacks
JP2010525807A JP2010539618A (en) 2007-09-19 2008-09-10 Method and apparatus for preventing phishing attacks
CN200880107742.7A CN101919219B (en) 2007-09-19 2008-09-10 Method and apparatus for preventing phishing attacks

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US11/857,675 US8122251B2 (en) 2007-09-19 2007-09-19 Method and apparatus for preventing phishing attacks
US11/857,675 2007-09-19

Publications (2)

Publication Number Publication Date
WO2009038657A2 WO2009038657A2 (en) 2009-03-26
WO2009038657A3 true WO2009038657A3 (en) 2009-05-07

Family

ID=40380126

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2008/010573 WO2009038657A2 (en) 2007-09-19 2008-09-10 Method and apparatus for preventing phishing attacks

Country Status (5)

Country Link
US (1) US8122251B2 (en)
JP (2) JP2010539618A (en)
KR (1) KR101148627B1 (en)
CN (1) CN101919219B (en)
WO (1) WO2009038657A2 (en)

Families Citing this family (57)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100293249A1 (en) * 2009-05-15 2010-11-18 Novatel Wireless Method and apparatus for loading landing page
US7891546B1 (en) * 2007-01-11 2011-02-22 Diebold Self-Service Systems , division of Diebold, Incorporated Cash dispensing automated banking machine system and method
US8533821B2 (en) 2007-05-25 2013-09-10 International Business Machines Corporation Detecting and defending against man-in-the-middle attacks
US20100042687A1 (en) * 2008-08-12 2010-02-18 Yahoo! Inc. System and method for combating phishing
US20100269162A1 (en) * 2009-04-15 2010-10-21 Jose Bravo Website authentication
US8452858B2 (en) 2009-05-15 2013-05-28 Novatel Wireless, Inc. Method and apparatus for loading landing page
US8683609B2 (en) 2009-12-04 2014-03-25 International Business Machines Corporation Mobile phone and IP address correlation service
EP2385679B1 (en) * 2010-05-07 2014-08-20 BlackBerry Limited Locally stored phishing countermeasure
JP5197681B2 (en) * 2010-06-15 2013-05-15 ヤフー株式会社 Login seal management system and management server
KR20120000378A (en) * 2010-06-25 2012-01-02 (주)씽크에이티 E-business system using telephone certification
US8832855B1 (en) 2010-09-07 2014-09-09 Symantec Corporation System for the distribution and deployment of applications with provisions for security and policy conformance
US8955152B1 (en) 2010-09-07 2015-02-10 Symantec Corporation Systems and methods to manage an application
US9043863B1 (en) * 2010-09-07 2015-05-26 Symantec Corporation Policy enforcing browser
CN102542672A (en) * 2010-12-13 2012-07-04 周锡卫 System and method for actively preventing information cards from being stolen
CN102096781B (en) * 2011-01-18 2012-11-28 南京邮电大学 Fishing detection method based on webpage relevance
US8838988B2 (en) 2011-04-12 2014-09-16 International Business Machines Corporation Verification of transactional integrity
CN102780686A (en) * 2011-05-13 2012-11-14 中国银联股份有限公司 Credible resource based method and device for protecting bank user information
US20120297469A1 (en) * 2011-05-20 2012-11-22 Microsoft Corporation Security Indicator Using Timing to Establish Authenticity
JP5691853B2 (en) * 2011-06-02 2015-04-01 富士通株式会社 Access monitoring program, information processing apparatus, and access monitoring method
CN102868668A (en) * 2011-07-07 2013-01-09 陈国平 Method for preventing phishing website from stealing sensitive information of user
US9420459B2 (en) * 2011-11-16 2016-08-16 Cellco Partnership Method and system for redirecting a request for IP session from a mobile device
CN104063494B (en) * 2011-12-30 2017-11-14 北京奇虎科技有限公司 Page altering detecting method and black chain data library generating method
US8484741B1 (en) * 2012-01-27 2013-07-09 Chapman Technology Group, Inc. Software service to facilitate organizational testing of employees to determine their potential susceptibility to phishing scams
CN103516693B (en) * 2012-06-28 2017-10-24 中国电信股份有限公司 Differentiate the method and apparatus of fishing website
CA2875823C (en) * 2012-06-29 2021-01-05 Id Dataweb, Inc. System and method for establishing and monetizing trusted identities in cyberspace with personal data service and user console
US8917826B2 (en) 2012-07-31 2014-12-23 International Business Machines Corporation Detecting man-in-the-middle attacks in electronic transactions using prompts
CN103634351B (en) * 2012-08-24 2018-03-16 腾讯科技(深圳)有限公司 Control the method and system of network application operation
CN102867266B (en) * 2012-08-27 2016-03-09 北京联嘉众赢网络技术有限公司 A kind of news valency method and device
US8869274B2 (en) 2012-09-28 2014-10-21 International Business Machines Corporation Identifying whether an application is malicious
US10068083B2 (en) 2012-09-28 2018-09-04 International Business Machines Corporation Secure transport of web form submissions
GB2507315A (en) * 2012-10-25 2014-04-30 Christopher Douglas Blair Authentication of messages using dynamic tokens
US20140172985A1 (en) * 2012-11-14 2014-06-19 Anton G Lysenko Method and system for forming a hierarchically complete, absent of query syntax elements, valid Uniform Resource Locator (URL) link consisting of a domain name followed by server resource path segment containing syntactically complete e-mail address
CN102984162B (en) * 2012-12-05 2016-05-18 北京奇虎科技有限公司 The recognition methods of credible website and gathering system
CN103929406B (en) * 2013-01-15 2017-03-01 中国银联股份有限公司 Pseudo- Web page detection method and system
US9344449B2 (en) 2013-03-11 2016-05-17 Bank Of America Corporation Risk ranking referential links in electronic messages
CN104144146B (en) * 2013-05-10 2017-11-03 中国电信股份有限公司 A kind of method and system of access website
KR101516997B1 (en) * 2013-11-07 2015-05-04 주식회사 엘지유플러스 Method and apparatus for protecting smishing
CN104753883B (en) * 2013-12-30 2017-01-25 腾讯科技(深圳)有限公司 interface display method, device and system
CN105227532B (en) * 2014-06-30 2018-09-18 阿里巴巴集团控股有限公司 A kind of blocking-up method and device of malicious act
US9971878B2 (en) * 2014-08-26 2018-05-15 Symantec Corporation Systems and methods for handling fraudulent uses of brands
US9398047B2 (en) 2014-11-17 2016-07-19 Vade Retro Technology, Inc. Methods and systems for phishing detection
US11023117B2 (en) * 2015-01-07 2021-06-01 Byron Burpulis System and method for monitoring variations in a target web page
US10250594B2 (en) 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10257205B2 (en) 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10164971B2 (en) * 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
EP3365824B1 (en) 2015-10-23 2020-07-15 Oracle International Corporation Password-less authentication for access management
US9961086B2 (en) * 2015-12-18 2018-05-01 Ebay Inc. Dynamic content authentication for secure merchant-customer communications
US20180270215A1 (en) * 2017-03-16 2018-09-20 Ca, Inc. Personal assurance message over sms and email to prevent phishing attacks
US11689925B2 (en) * 2017-09-29 2023-06-27 Plume Design, Inc. Controlled guest access to Wi-Fi networks
US11496902B2 (en) 2017-09-29 2022-11-08 Plume Design, Inc. Access to Wi-Fi networks via two-step and two-party control
US20210105302A1 (en) * 2018-02-09 2021-04-08 Bolster, Inc. Systems And Methods For Determining User Intent At A Website And Responding To The User Intent
US11159566B2 (en) 2018-08-21 2021-10-26 International Business Machines Corporation Countering phishing attacks
RU2705774C1 (en) * 2018-11-15 2019-11-11 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Method and system for detecting devices associated with fraudulent phishing activity
JP2021043675A (en) * 2019-09-10 2021-03-18 富士通株式会社 Control method, control program, information processing device, and information processing system
US11870801B2 (en) * 2021-01-27 2024-01-09 Paypal, Inc. Protecting computer system end-points using activators
US11741213B2 (en) * 2021-06-24 2023-08-29 Bank Of America Corporation Systems for enhanced bilateral machine security

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060200855A1 (en) * 2005-03-07 2006-09-07 Willis Taun E Electronic verification systems
US20070094727A1 (en) * 2005-10-07 2007-04-26 Moneet Singh Anti-phishing system and methods
US20070162961A1 (en) * 2005-02-25 2007-07-12 Kelvin Tarrance Identification authentication methods and systems

Family Cites Families (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6950949B1 (en) * 1999-10-08 2005-09-27 Entrust Limited Method and apparatus for password entry using dynamic interface legitimacy information
JP2001117873A (en) * 1999-10-19 2001-04-27 Hitachi Ltd Method for identifying terminal
JP2002073561A (en) * 2000-09-01 2002-03-12 Toyota Motor Corp Method and system for authenticating user to perform access through communication network and information processing system utilizing the same
JP2002101091A (en) * 2000-09-22 2002-04-05 Hitachi Information Systems Ltd User authentication method and user authentication program
EP2375690B1 (en) * 2002-03-01 2019-08-07 Extreme Networks, Inc. Locating devices in a data network
US7434044B2 (en) * 2003-02-26 2008-10-07 Cisco Technology, Inc. Fast re-authentication with dynamic credentials
US7240192B1 (en) * 2003-03-12 2007-07-03 Microsoft Corporation Combining a browser cache and cookies to improve the security of token-based authentication protocols
US8751801B2 (en) * 2003-05-09 2014-06-10 Emc Corporation System and method for authenticating users using two or more factors
DE10353853A1 (en) * 2003-11-18 2005-06-30 Giesecke & Devrient Gmbh Authorization of a transaction
US20050172229A1 (en) * 2004-01-29 2005-08-04 Arcot Systems, Inc. Browser user-interface security application
US7617532B1 (en) * 2005-01-24 2009-11-10 Symantec Corporation Protection of sensitive data from malicious e-mail
JP4698239B2 (en) * 2005-01-31 2011-06-08 エヌ・ティ・ティ・ソフトウェア株式会社 Web site impersonation detection method and program
JP4718917B2 (en) * 2005-06-30 2011-07-06 株式会社三井住友銀行 Authentication method and system
JP4668734B2 (en) * 2005-08-23 2011-04-13 株式会社野村総合研究所 Authentication apparatus, authentication method, and authentication program
JP4755866B2 (en) * 2005-08-23 2011-08-24 株式会社野村総合研究所 Authentication system, authentication server, authentication method, and authentication program
US7886343B2 (en) * 2006-04-07 2011-02-08 Dell Products L.P. Authentication service for facilitating access to services

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070162961A1 (en) * 2005-02-25 2007-07-12 Kelvin Tarrance Identification authentication methods and systems
US20060200855A1 (en) * 2005-03-07 2006-09-07 Willis Taun E Electronic verification systems
US20070094727A1 (en) * 2005-10-07 2007-04-26 Moneet Singh Anti-phishing system and methods

Also Published As

Publication number Publication date
US20090077637A1 (en) 2009-03-19
CN101919219B (en) 2014-09-10
US8122251B2 (en) 2012-02-21
JP2013211020A (en) 2013-10-10
JP2010539618A (en) 2010-12-16
CN101919219A (en) 2010-12-15
KR101148627B1 (en) 2012-05-23
KR20100049653A (en) 2010-05-12
JP5719871B2 (en) 2015-05-20
WO2009038657A2 (en) 2009-03-26

Similar Documents

Publication Publication Date Title
WO2009038657A3 (en) Method and apparatus for preventing phishing attacks
WO2013003493A3 (en) System and method for protocol fingerprinting and reputation correlation
WO2012082919A3 (en) Method and device for authentication of service requests
WO2010144207A3 (en) Method and apparatus for processing authentication request message in a social network
DE602005021550D1 (en) METHOD AND DEVICE FOR ENABLING ACCESS TO PROTECTED INFORMATION FOR A USER OF AN INTERNET APPLICATION
WO2010060704A3 (en) Method and system for token-based authentication
WO2012069263A3 (en) Method for authorizing access to protected content
WO2005086569A3 (en) System, method and apparatus for electronic authentication
WO2011034619A8 (en) Method of identity authentication and fraudulent phone call verification that utilizes an identification code of a communication device and a dynamic password
WO2006118829A3 (en) Preventing fraudulent internet account access
WO2011006864A3 (en) Method for reading attributes from an id token and one-time pass word generator
ATE531177T1 (en) FRAMEWORK FOR DISTRIBUTING SYMMETRIC KEYS FOR THE INTERNET
CN102546165A (en) Dynamic uniform resource locator (URL) generator, generation method, dynamic-URL-based authentication system and method
WO2009045317A3 (en) Method for authenticating mobile units attached to a femtocell in communication with a secure core network such as an ims
WO2010036354A3 (en) Dynamic service routing
WO2009050583A9 (en) Secure network interactions using desktop agent
WO2009148221A3 (en) Method and device for transmitting and receiving filtered content in accordance with age restrictions
ATE467966T1 (en) VERIFICATION OF MESSAGES FOR TRANSMISSION FROM A SENDER DOMAIN TO A RECEIVER DOMAIN
JP2017527900A5 (en)
WO2010033633A3 (en) Method and system for enabling access to a web service provider through login based badges embedded in a third party site
MX2010003845A (en) Method of establishing protected electronic communication between various electronic devices, especially between electronic devices of electronic service providers and electronic devices of users of electronic service.
GB2503402A (en) Transforming HTTP requests into web services trust messages for security processing
WO2009054165A1 (en) Log-in authentication method, log-in authentication server, and log-in authentication program
TW200721771A (en) Secure data communications in web services
WO2012074275A3 (en) User authentication apparatus for internet security, user authentication method for internet security, and recorded medium recording same

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 200880107742.7

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08831449

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
WWE Wipo information: entry into national phase

Ref document number: 1470/CHENP/2010

Country of ref document: IN

WWE Wipo information: entry into national phase

Ref document number: 2010525807

Country of ref document: JP

ENP Entry into the national phase

Ref document number: 20107006161

Country of ref document: KR

Kind code of ref document: A

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08831449

Country of ref document: EP

Kind code of ref document: A2