HK1191472B - Methods and devices for single sign-on protection for an account - Google Patents
Methods and devices for single sign-on protection for an account Download PDFInfo
- Publication number
- HK1191472B HK1191472B HK14104746.3A HK14104746A HK1191472B HK 1191472 B HK1191472 B HK 1191472B HK 14104746 A HK14104746 A HK 14104746A HK 1191472 B HK1191472 B HK 1191472B
- Authority
- HK
- Hong Kong
- Prior art keywords
- url
- library
- login
- executable file
- established
- Prior art date
Links
Description
Technical Field
The invention relates to the technical field of computer security, in particular to an account single sign-on protection method and device.
Background
In the Single Sign-On technology (Single Sign On), when a user accesses a certain application system for the first time, the user is guided to an authentication system for logging in because the user does not log in; according to the login information provided by the user, the authentication system checks the identity of the login user, and if the identity passes the check, an authentication credential, namely ticket, is returned to the user; when the user accesses other application systems again, the ticket is taken on the tape and used as a certificate of self authentication, and after the other application systems receive the access request of the user, the ticket provided by the user is sent to the authentication system for validation so as to check the validity of the ticket. If validated, the user can access other application systems without logging in again.
The single sign-on account system has client login, such as an instant messaging client QQ, when a user accesses a specific webpage, in order to conveniently and quickly log in, a webpage script can detect the currently logged-in client account, the currently logged-in client account is utilized, one-key quick login is realized without password authentication, and partial or all permissions of the current client account are obtained after login.
With the rapid development of the internet, network personal information, network accounts and virtual property become user private assets, and the private assets can be directly converted into economic benefits. Some lawbreakers have attempted to steal or otherwise use the user's network "private assets" to gain economic benefits, which severely impact the user's network virtual property security.
Based on the characteristics of the single sign-on technology, the rapid single sign-on mode makes malicious attack possible. The malicious program can analyze the rapid login protocol, and under the condition that the user is not aware of the rapid login protocol, the method that the user rapidly logs in through the webpage is simulated, so that the server mistakenly thinks that the user normally logs in, the user information is maliciously acquired, the virtual property of the user is stolen, or some malicious popularization is carried out, and the loss is caused to the user.
Disclosure of Invention
The invention mainly aims to provide an account single sign-on protection method and device, aiming at improving the single sign-on safety of a user account system.
In order to achieve the above object, the present invention provides an account single sign-on protection method, which includes:
when a process is started, acquiring executable file information of the process;
judging whether the executable file of the process is in a pre-established white list library or not according to the executable file information;
when the executable file of the process is not in a pre-established white list library, acquiring a target URL (uniform resource locator) accessed by the process;
and intercepting the process and/or prompting a risk to a user when the target URL belongs to a login URL library which is pre-established in an authentication server.
The invention also provides an account single sign-on protection device, which comprises:
the file information acquisition module is used for acquiring executable file information of the process when the process is started;
the judging module is used for judging whether the executable file of the process is in a pre-established white list library or not according to the executable file information;
the target URL acquisition module is used for acquiring a target URL accessed by the process when the executable file of the process is not in a pre-established white list library;
and the processing module is used for intercepting the process and/or prompting risks to a user when the target URL belongs to a login URL library which is pre-established in an authentication server.
According to the account single sign-on protection method and device, through the pre-established white list library and the URL login library of the authentication server, when a program in the white list library does not access the URL contained in the URL login library of the authentication server, the process is intercepted or risks are prompted to a user, so that the behavior of maliciously simulating single sign-on can be effectively intercepted, personal information, virtual property and the like of the user can be protected, special behaviors of certain novel trojans can be monitored, and system safety is improved.
Drawings
FIG. 1 is a flowchart illustrating a single sign-on account protection method according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart of acquiring a target URL accessed by the process in the first embodiment of the account single sign-on protection method of the present invention;
FIG. 3 is a flowchart illustrating a single sign-on account protection method according to a second embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a first embodiment of an account single sign-on protection device according to the present invention;
fig. 5 is a schematic structural diagram of a target URL obtaining module in the first embodiment of the account single sign-on protection device according to the present invention.
In order to make the technical solution of the present invention clearer and clearer, the following detailed description is made with reference to the accompanying drawings.
Detailed Description
The solution of the embodiment of the invention is mainly as follows: through a pre-established white list library and a URL (Uniform Resource Locator) login library of an authentication server, when a program which is not in the white list library accesses the URL contained in the URL login library of the authentication server, the process is intercepted or risks are prompted to a user, so that the single-point login safety of a user account system is protected.
As shown in fig. 1, a first embodiment of the present invention provides an account single sign-on protection method, including:
step S101, when a process is started, acquiring executable file information of the process;
the embodiment injects any initiated account single sign-on process by means of injection to obtain executable file information of the process, wherein the executable file information comprises a name and the like of an executable file of the process.
Step S102, judging whether the executable file of the process is in a pre-established white list library or not according to the executable file information; if yes, go to step S106; if not, the step S103 is executed;
step S103, acquiring a target URL accessed by the process; entering step S104;
step S104, judging whether the target URL belongs to a login URL library which is pre-established in an authentication server; if yes, go to step S105; otherwise, go to step S106;
and step S105, intercepting the process and/or prompting risks to a user.
And step S106, releasing the process.
In the above steps S102 to S106, after acquiring the executable file information of the process, inquiring a pre-established white list library according to the executable file information of the process, judging whether the process is in a pre-established white list or not, if the process is in the white list, the process is released, if the process is not in the white list, a filter layer is added in the process, intercepting an HTTP (Hypertext Transfer Protocol) access request of the process through the filter layer, analyzing the HTTP access request, extracting a URL (uniform resource locator) in the HTTP, obtaining a target URL accessed by the process, inquiring a login URL library of an authentication server according to the target URL, the login URL library of the authentication server stores known automatic login URLs for known account numbers, such as the automatic login URL for Tencent, and is a database of authenticated account login URLs.
If the target URL is a URL request for single sign-on of a certain type of account in a login URL library of the authentication server, carrying out corresponding risk prompt for a user or intercepting the process; if the target URL does not belong to the login URL library of the authentication server, the process is released.
Specifically, as shown in fig. 2, the step S103 may include:
step S1031, adding a filter layer in the process;
the filter layer may be a socket function hook in a user mode, or a network filter driver of a system kernel, and performs a filtering operation on a network access behavior of the process.
Step S1032, intercepting the HTTP access request of the process through the filter layer;
step S1033, analyzing the HTTP access request, extracting the URL in the HTTP protocol from the HTTP access request, and obtaining the target URL accessed by the process.
According to the scheme, the behavior of maliciously simulating single sign-on can be effectively intercepted, personal information, virtual property and the like of a user are protected, special behaviors of certain novel trojans can be monitored, and system safety is improved.
As shown in fig. 3, a second embodiment of the present invention provides an account single sign-on protection method, which further includes, before the step S101, on the basis of the first embodiment:
and step S100, establishing the white list library and a login URL library in the authentication server.
The difference between this embodiment and the first embodiment is that this embodiment further includes a step of establishing the white list library and a login URL library in the authentication server, and the rest is the same as the first embodiment.
According to the embodiment, through the established white list library and the URL login library of the authentication server, when a program which is not in the white list library accesses the URL contained in the URL login library of the authentication server, the process is intercepted or risks are prompted to a user, so that the behavior of maliciously simulating single sign-on can be effectively intercepted, personal information, virtual property and the like of the user can be protected, special behaviors of certain novel trojans can be monitored, and system safety is improved.
As shown in fig. 4, a first embodiment of the present invention provides an account single sign-on protection device, including: a file information obtaining module 401, a judging module 402, a target URL obtaining module 403, and a processing module 404, wherein:
a file information obtaining module 401, configured to obtain executable file information of a process when the process is started;
a judging module 402, configured to judge, according to the executable file information, whether an executable file of the process is in a whitelist library established in advance;
a target URL obtaining module 403, configured to obtain a target URL accessed by the process when the executable file of the process is not in a pre-established whitelist library;
a processing module 404, configured to intercept the process and/or prompt a risk to a user when the target URL belongs to a login URL library pre-established in an authentication server; the system is also used for releasing the process when the executable file of the process is in a pre-established white list library; and when the target URL does not belong to a login URL library which is established in advance in an authentication server, the process is released.
In the embodiment, any initiated account single sign-on process is injected by means of injection, and the file information obtaining module 401 obtains executable file information of the process, where the executable file information includes a name of an executable file of the process, and the like.
After the executable file information of the process is acquired, the determining module 402 queries a pre-established white list library according to the executable file information of the process, determines whether the process is in a pre-established white list, if the process is in the white list, the process is released, if the process is not in the white list, the target URL acquiring module 403 adds a filter layer in the process, intercepts an HTTP access request of the process through the filter layer, analyzes the access HTTP request, extracts a URL in an HTTP protocol, obtains a target URL accessed by the process, and queries a login URL library of an authentication server according to the target URL, wherein the login URL library of the authentication server stores a known name account number automatic login URL, such as an automatic login URL in Tencent, and is a database of authenticated account login URLs.
If the target URL is a URL request for single sign-on of a certain type of account in a login URL library of the authentication server, the processing module 404 performs corresponding risk prompt to the user or intercepts the process; if the target URL does not belong to the login URL library of the authentication server, the process is released.
Specifically, as shown in fig. 5, the target URL obtaining module 403 includes: a joining unit 4031, an intercepting unit 4032, and an analysis acquiring unit 4033, wherein:
an adding unit 4031 for adding a filter layer in the process;
an intercepting unit 4032, configured to intercept an HTTP access request of the process through the filter layer;
an analysis obtaining unit 4033, configured to analyze the HTTP access request, extract a URL in the HTTP protocol from the HTTP access request, and obtain a target URL accessed by the process.
According to the scheme, the behavior of maliciously simulating single sign-on can be effectively intercepted, personal information, virtual property and the like of a user are protected, special behaviors of certain novel trojans can be monitored, and system safety is improved.
A second embodiment of the present invention provides an account single sign-on protection device, which further includes, based on the first embodiment:
and the establishing module is used for establishing the white list library and a login URL library in the authentication server.
The difference between this embodiment and the first embodiment is that this embodiment further includes a step of establishing the white list library and a login URL library in the authentication server, and the rest is the same as the first embodiment.
According to the embodiment, through the established white list library and the URL login library of the authentication server, when a program which is not in the white list library accesses the URL contained in the URL login library of the authentication server, the process is intercepted or risks are prompted to a user, so that the behavior of maliciously simulating single sign-on can be effectively intercepted, personal information, virtual property and the like of the user can be protected, special behaviors of certain novel trojans can be monitored, and system safety is improved.
The above description is only for the preferred embodiment of the present invention and is not intended to limit the scope of the present invention, and all equivalent structures or flow transformations made by the present specification and drawings, or applied directly or indirectly to other related arts, are included in the scope of the present invention.
Claims (6)
1. An account single sign-on protection method is characterized by comprising the following steps:
establishing a white list library and a login Uniform Resource Locator (URL) library in an authentication server, wherein the login URL library is a database of identified account single-point login URLs;
when a process is started, acquiring executable file information of the process, wherein the process is a single sign-on process of any account number injected for starting;
judging whether the executable file of the process is in a pre-established white list library or not according to the executable file information;
when the executable file of the process is not in a pre-established white list library, acquiring a target URL (uniform resource locator) accessed by the process;
intercepting the process and/or prompting a risk to a user when the target URL belongs to a login URL library which is pre-established in an authentication server;
when the target URL does not belong to a login URL library which is pre-established in an authentication server, the process is released;
the step of obtaining the target URL accessed by the process comprises the following steps:
adding a filter layer in the process;
intercepting, by the filter layer, a hypertext transfer protocol (HTTP) access request of the process;
and analyzing the HTTP access request, and extracting the URL in the HTTP protocol from the HTTP access request to obtain the target URL accessed by the process.
2. The method of claim 1, wherein the filter layer is a socket function hook in a user mode or a network filter driver of a system kernel.
3. The method of claim 1, further comprising:
and when the executable file of the process is in a pre-established white list library, releasing the process.
4. An account single sign-on protection device, comprising:
the system comprises an establishing module, a data processing module and a data processing module, wherein the establishing module is used for establishing a white list library and a login URL library in an authentication server, and the login URL library is a database of single sign-on URLs of identified accounts;
the file information acquisition module is used for acquiring executable file information of a process when the process is started, wherein the process is a single sign-on process of any account number injected and started;
the judging module is used for judging whether the executable file of the process is in a pre-established white list library or not according to the executable file information;
the target URL acquisition module is used for acquiring a target URL accessed by the process when the executable file of the process is not in a pre-established white list library;
the processing module is used for intercepting the process and/or prompting risks to a user when the target URL belongs to a login URL library which is pre-established in an authentication server; when the target URL does not belong to a login URL library which is pre-established in an authentication server, the process is released;
wherein, the target URL obtaining module comprises:
an adding unit for adding a filter layer in the process;
the intercepting unit is used for intercepting the HTTP access request of the process through the filter layer;
and the analysis acquisition unit is used for analyzing the HTTP access request, extracting the URL in the HTTP protocol from the HTTP access request and obtaining the target URL accessed by the process.
5. The apparatus of claim 4, wherein the filter layer is a socket function hook in user mode or a network filter driver of a system kernel.
6. The apparatus of claim 4, wherein the processing module is further configured to pass through the process when the executable file of the process is in a pre-established whitelist library.
Publications (2)
| Publication Number | Publication Date |
|---|---|
| HK1191472A HK1191472A (en) | 2014-07-25 |
| HK1191472B true HK1191472B (en) | 2019-01-25 |
Family
ID=
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3219068B1 (en) | Method of identifying and counteracting internet attacks | |
| TWI490726B (en) | Method and device for protecting access to multiple applications by using single sign-on | |
| CN106357696B (en) | SQL injection attack detection method and system | |
| JP6624771B2 (en) | Client-based local malware detection method | |
| US9769155B2 (en) | Login method and apparatus, and open platform system | |
| US12432243B2 (en) | Methods of monitoring and protecting access to online services | |
| CN114297708A (en) | Access control method, apparatus, device and storage medium | |
| CN103888480B (en) | Network information security authentication method and cloud device based on cloud monitoring | |
| CN118449719A (en) | Network identity authentication method and system and user agent equipment used by same | |
| US12069067B2 (en) | Methods of monitoring and protecting access to online services | |
| CN106713318B (en) | WEB site safety protection method and system | |
| WO2014153959A1 (en) | Method, related apparatus and system for preventing cross-site request forgery | |
| Mainka et al. | Your software at my service: Security analysis of saas single sign-on solutions in the cloud | |
| US20180302437A1 (en) | Methods of identifying and counteracting internet attacks | |
| CN105429943B (en) | Information processing method and terminal thereof | |
| CN106209907B (en) | Method and device for detecting malicious attack | |
| EP3885947B1 (en) | Method of monitoring and protecting access to an online service | |
| CN107231365B (en) | Evidence obtaining method, server and firewall | |
| CN106789899B (en) | A method and device for sending cross-domain messages based on HTML5 | |
| HK1191472B (en) | Methods and devices for single sign-on protection for an account | |
| HK1191472A (en) | Methods and devices for single sign-on protection for an account | |
| CN113542287A (en) | Network request management method and device | |
| WO2018166365A1 (en) | Method and device for recording website access log | |
| JP2013069016A (en) | Information leakage prevention device and limitation information generation device | |
| WO2014110948A1 (en) | Method, device and system for trojan horse interception |