Recommendation ITU-T X.1282 (11/2023) Security measures for countering password-related online attacks
Summary
History
FOREWORD
Table of Contents
1 Scope
2 References
3 Definitions
4 Abbreviations and acronyms
5 Conventions
6 Overview
6.1 HTTP header enrichment technology
6.2 Security risks
6.3 Security authentication process based on HTTP header enrichment technology
7 Security threats in the authentication process
7.1 Authenticator compromise risks
7.2 Transaction compromise risks
7.3 Verifier impersonation risks
8 Security authentication process via HTTP header enrichment technology
8.1 Authentication process
8.2 User authorization process
8.3 Platform verification process
9 Client security
9.1 APP security
9.2 SDK security
9.2.1 SDK communication request verification
9.2.2 SDK request message encryption protection
9.2.3 HTTPS protocol for SDK interface
9.2.4 Local data storage security
9.2.5 SDK code obfuscation
9.2.6 User privacy data security protection
9.2.7 SDK authorization page
9.3 H5 security
9.3.1 H5 JSSDK code obfuscation
9.3.2 H5 page reference verification
9.3.3 JSSDK communication request verification
9.3.4 HTTPS protocol
9.3.5 Browser fingerprint
9.3.6 JSSDK authorization page
9.3.7 User privacy data security protection
10 Authentication platform security
10.1 Request verification
10.1.1 Client verification
10.1.2 Service provider verification
10.2 Data encryption and decryption security
10.2.1 Client data encryption and decryption security
10.2.2 Service provider data encryption and decryption security
10.3 User data security management
10.4 Business risk control security
10.4.1 Flow control
10.4.2 User-level blacklist management and control
10.4.3 SDK version management security
10.4.4 Application level security control
10.4.5 Authorization credential frequency control security
Bibliography