US20130254530A1 - System and method for identifying security breach attempt of a website - Google Patents
System and method for identifying security breach attempt of a website Download PDFInfo
- Publication number
- US20130254530A1 US20130254530A1 US13/895,384 US201313895384A US2013254530A1 US 20130254530 A1 US20130254530 A1 US 20130254530A1 US 201313895384 A US201313895384 A US 201313895384A US 2013254530 A1 US2013254530 A1 US 2013254530A1
- Authority
- US
- United States
- Prior art keywords
- website
- software module
- server
- user
- browser
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Definitions
- This invention generally relates to website security. More specifically, this invention relates to a system and method for identifying security breach attempts of a website.
- keylogger itself is neutral, and the word describes the program's function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes.
- Legitimate programs may have a keylogging function which can be used to call certain program functions using “hotkeys,” or to toggle between keyboard layouts (e.g. Keyboard Ninja).
- hotkeys e.g. Keyboard Ninja
- the ethical boundary, however, between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.
- Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
- Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public.
- Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
- a website security system for detecting security breach attempts associated with Trojan applications residing on a client computer, comprised of one or more of the following components:
- a website security system for detecting security breach attempts associated with a phishing scheme, comprised of one or more of the following components:
- the website security system for detecting security breach attempts associated with a phishing scheme, may further comprise a file, such as an image file, stored on a server associated with the website, which file may not be part of the code that is sent to a browser when it navigates to the website.
- the anti-phishing software module may be further adapted to locate said file every time it is instanced and to determine that it has been instanced on a server, not associated with said website, when it cannot locate the file.
- a website security system for detecting security breach attempts associated with a man in the browser scheme, comprised of one or more of the following components:
- a website security system for detecting security breach attempts associated with a pharming scheme, comprised of one or more of the following components:
- FIG. 1 shows a flowchart including exemplary steps of operation of an anti-trojan software module, in accordance with some embodiments of the present invention.
- FIG. 2 shows a flowchart including exemplary steps of operation of an anti-phishing software module, in accordance with some embodiments of the present invention.
- FIGS. 3 + 3 A show flowcharts including exemplary steps of operation of an anti-pharming software module, in accordance with some embodiments of the present invention.
- FIG. 4 shows a flowchart including exemplary steps of operation of an anti-mib software module, in accordance with some embodiments of the present invention.
- server may refer to a single server or to a functionally associated cluster of servers.
- Embodiments of the present invention may include apparatuses for performing the operations herein.
- This apparatus may be specially constructed for the desired purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer.
- a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, magnetic-optical disks, read-only memories (ROMs), random access memories (RAMS) electrically programmable read-only memories (EPROMs), electrically erasable and programmable read only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions, and capable of being coupled to a computer system bus.
- IP networking is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined.
- TCP Transmission Control Protocol
- IP Internet Protocol
- the Internet Protocol suite can be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted.
- the TCP/IP reference model consists of four layers.
- the IP suite uses encapsulation to provide abstraction of protocols and services. Generally a protocol at a higher level uses a protocol at a lower level to help accomplish its aims.
- the Internet protocol stack has never been altered, by the IETF, from the four layers defined in RFC 1122. The IETF makes no effort to follow the seven-layer OSI model and does not refer to it in standards-track protocol specifications and other architectural documents.
- the present invention is a method and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.
- a commercial website for example a banking website
- identity theft identity theft
- website duplication mirroring/Phishing
- MITB man in the browser
- MITM man in the middle attacks and so on.
- an anti-trojan software module functionally associated with the website, such as embedded in a website's code, and adapted to detect when a computer of a user of the website is infected with a key logger or other Trojan application.
- an anti-phishing software module may be embedded in the code of the website and may be adapted to transmit to a server associated with the website and/or a server associated with the entity responsible for the anti-phishing software module a warning message when the code of the website has been copied and/or instanced on a server other than the website's server, usually residing in a domain other than the native domain of the website, i.e. a phishing attempt.
- an anti-pharming software module may be embedded in the website's code, which anti-pharming software module may be adapted to detect, report and/or prevent an attempt to intercept data (i.e. pharming) transferred from a user to the website, including authentication data.
- an anti-trojan software module functionally associated with the website is adapted to detect when a computer of a user of the website is infected with a key logger or other Trojan application
- the anti-trojan software module may compare one or more parameters of communications between the user's computer to the website (e.g. the size of the communication, the number of user inputs included in the communication, the content of the communication, etc.) against expected parameters of a communication of the type in question.
- the anti-trojan software module may be pre-programmed with or receive from the website data indicating the expected parameters of the different communications that may be received by the website.
- the anti-trojan software module may, for example, check responses that are to be sent from a user's computer to the website server. If the responses' format, size, number of user inputs or other parameter is different from the ordinary size, format, number of user inputs or other parameter of such a type of response, a key logger or other Trojan application may be operative on the user's computer and may be attempting to record the user's credentials on the website or otherwise breach the system's security. Similarly, the anti-trojan software module may compare the contents of a specific communication (such as the contents of a specific page of the website) with the expected contents of the type of communication in question, the number of user inputs included in the communication and/or any other parameters of the communication.
- a specific communication such as the contents of a specific page of the website
- the anti-trojan software module may terminate the communication session between the user's and the site and may further temporarily block the specific user from accessing the system utilizing the credentials that may have been compromised. Additionally, the anti-trojan software module may issue a warning to the user, the site operator and/or the anti-trojan software module provider. Furthermore, the anti-trojan software module may provide the user with remediation instructions for removing the key logger or other Trojan application from his/her computer and may further provide the user with instructions for reinstating his/her access to the system.
- an anti-phishing software module functionally associated with a commercial website, such as embedded in a website's code, adapted to identify attempts to copy the website on a different server in order to masquerade as the legitimate website (a “Phishing” attempt).
- the anti-phishing software module may be encrypted into the website's code.
- the anti-phishing software module may simultaneously and/or separately perform multiple actions designed to identify Phishing attempts including; (i) verifying, every time the web page is loaded, a software element secretly embedded in the website's code or on an associated server, (ii) scanning similar domain names to search for possible imitations, (iii) monitoring new domain name registrations and/or changes of domain name ownership to search for possible imitations, (iv) searching throughout the internet for unique text patterns and graphics associated with the legitimate website, and/or (v) scanning emails to search for possible attempts to masquerade as the commercial entity being protected.
- the anti-phishing software module may be adapted to transmit to a server associated with the website and/or with the entity responsible for the anti-phishing software module a warning message when the code of the website has been copied and/or instanced on another server.
- the anti-phishing software module may be integral with one or more codes and/or modules of the website, such as a Javascript, a flash player application or any other application written in any other language.
- the anti-phishing software module may, while running on the server and/or the browser, be adapted to check one or more parameters associated with its computational environment in order to determine whether it is communicating with the authentic/genuine website server or another server, unassociated with the authentic/genuine website—likely to be operated someone engaged in a phishing scheme.
- the anti-phishing software module may attempt to locate one or more specific files, which files may be secretly stored on the authentic/genuine website server, may not be part of the code that is sent to a browser when it navigates to the authentic/genuine website, and may thus be considered secret.
- the secret file(s) may be in the form of an image or digital certificate.
- the genuine website may have a very small picture (up to one pixel in size) secretly embedded in a server associated with the website, which picture is not part of the code that is sent to a browser when it navigates to the authentic/genuine website. Therefore, when the website is copied the secret picture will not appear in the copy.
- the anti-phishing software module may, in this example, be programmed to attempt to locate the secret picture every time the website is uploaded and in the event that the picture cannot be located, presumably because the website is an illegitimate copy and therefore is being uploaded on a different server that does not contain the secret picture, send an alert along with the “fake” website's URL and/or the “different” server's IP address to a server associated with the genuine website and/or a server associated with the entity responsible for the anti-phishing software module.
- the anti-phishing software module may search the internet for websites containing unique text patterns and graphics associated with the legitimate website, such as the commercial entity's logo, marketing slogans, name, commonly used fonts and phrases and so on.
- the anti-phishing software module may target websites with domain names similar to the genuine website's domain name and/or monitor new domain name registrations and/or changes of domain name ownership, for more frequent and thorough inspection. All suspicious findings discovered by the anti-phishing software module during searches may be reported to an investigative body, a server associated with the website and/or a server associated with the entity responsible for the anti-phishing software module.
- the report may prioritize the findings based on the amount of similarity found to the genuine website in each specific instance. For example, a website containing the genuine websites name, logo and the term “username” may be reported with higher importance than a website that only contains the genuine website's name.
- the anti-phishing software module may regularly scan emails to search for possible attempts to masquerade as the commercial entity being protected.
- the anti-phishing software module and/or the anti-trojan software module may be adapted to remain dormant much of the time and to wakeup intermittently. Whereas according to other embodiments of the present invention, the anti-phishing software module and/or the anti-trojan software module may be active substantially continuously.
- the anti-phishing software module, the anti-pharming software module and/or the anti-trojan software module may also report any findings of suspicious activity to an investigative body and may include in the reports information that may assist the investigative body in locating and taking action against the offending party.
- the anti-phishing software module, the anti-pharming software module and/or the anti-trojan software module may be further adapted to take automatic action to prevent or halt security breach attempts when specific threats are detected.
- an anti-pharming software module may be functionally associated with a website's code, such as embedded in a website's code.
- the anti-pharming software module when instanced in a web browser, may be adapted to detect, report and/or prevent an attempt to intercept data transferred from a user to the website, including authentication data.
- a given anti-pharming software module may include, be pre-programmed with and/or otherwise have access to one or more parameters (e.g. domain name, IP address, etc) of the website with which the module is associated.
- the given module may check and/or compare one or more parameters of the website with which the user's browser is communicating against the one or more parameters of the website with which the module is associated.
- the module may thus determine whether the user's browser is communicating with the intended website, or whether the browser's communication is being redirected, intercepted or relayed, without the user's knowledge, to pass through a second website, presumably being operated by a third party (e.g. hostile entity), before being transmitted to the genuine website.
- a third party e.g. hostile entity
- the anti-pharming software module may check, for example, that the domain name which appears in the user's browser is identical to the genuine website's domain name and/or that the IP address associated by the user's browser with the domain name is the genuine website's IP address.
- the anti-pharming software module may also verify that the protocol being used for communication is a Hypertext Transfer Protocol Secure (HTTPS).
- HTTPS Hypertext Transfer Protocol Secure
- the anti-pharming software module may further verify the authenticity of the digital certificate being presented to the user's browser by the website with which it is communicating.
- the anti-pharming software module may further examine the content of the digital certificate to verify that it is actually the genuine website's certificate.
- the anti-pharming software module in the event that it detects any discrepancy in the parameters it has checked and/or compared, may be adapted to; (i) terminate the communication; (ii) report the event along with any information relating to the second website, such as the domain name, IP address, etc, to the user, website operator and/or supplier of the anti-pharming software module; an or (in) block the specific user from accessing the system utilizing the credentials that may have been compromised.
- a anti-mib (i.e. man in the browser) software module May be functionally associated with a website's code, such as embedded in a website's code.
- the anti-mib module may request or otherwise receive an encryption key (e.g. a public encryption key) from a source associated with the website.
- the anti-mib module may use the key for application level encryption of information (e.g. identification and/or authentication information) provided by a user.
- the application may be a website log in application running on the browser and may be functionally associated or integral with the anti-mib module.
- the website may use a private key corresponding to the received (public) key to decrypt the user's information.
- a different encryption key may be provided to the anti-mib module periodically and/or each time it is instanced.
- the different encryption key may be received by the anti-mib software module upon being served to or upon instancement on a client browser.
- the different encryption key may be created by the anti-mib software module upon being served to or upon instancement on a client browser.
- the anti-mib module mitigates the risk of another application running within the browser from intercepting, storing and/or forwarding user information.
Abstract
The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.
Description
- This invention generally relates to website security. More specifically, this invention relates to a system and method for identifying security breach attempts of a website.
- In February 2005, Joe Lopez, a businessman from Florida, filed a suit against Bank of America after unknown hackers stole $90,000 from his Bank of America account. The money had been transferred to Latvia.
- An investigation showed that Mr. Lopez's computer was infected with a malicious program, “Backdoor Coreflood”, which records every keystroke and sends this information to malicious users via the Internet. This is how the hackers got hold of Joe Lopez's user name and password, since Mr. Lopez often used the Internet to manage his Bank of America account. Joe Lopez's losses were caused by a combination of overall carelessness and an ordinary keylogging program.
- The term ‘keylogger’ itself is neutral, and the word describes the program's function. Most sources define a keylogger as a software program designed to secretly monitor and log all keystrokes.
- Legitimate programs may have a keylogging function which can be used to call certain program functions using “hotkeys,” or to toggle between keyboard layouts (e.g. Keyboard Ninja). There is a lot of legitimate software which is designed to allow administrators to track what employees do throughout the day, or to allow users to track the activity of third parties on their computers. The ethical boundary, however, between justified monitoring and espionage is a fine line. Legitimate software is often used deliberately to steal confidential user information such as passwords.
- Moreover, the justifications listed above are more subjective than objective; the situations can all be resolved using other methods. Additionally, any legitimate keylogging program can still be used with malicious or criminal intent. Today, keyloggers are mainly used to steal user data relating to various online payment systems, and virus writers are constantly writing new keylogger Trojans for this very purpose.
- Furthermore, many keyloggers hide themselves in the system (i.e. they have rootkit functionality), which makes them fully-fledged Trojan programs. As such programs are extensively used by cyber criminals, detecting them is a priority for antivirus companies.
- In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT Administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Even when using server authentication, it may require tremendous skill to detect that the website is fake. Phishing is an example of social engineering techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
- According to some embodiments of the present invention, there is provided a website security system, for detecting security breach attempts associated with Trojan applications residing on a client computer, comprised of one or more of the following components:
-
- 1. a code of a website;
- 2. an anti-trojan software module, functionally associated with the code of the website. The anti-trojan software module may be adapted to monitor, when instanced on a client computer, one or more communications between the client computer and the website and to detect differences between one or more parameters of the communications, such as the size of the communication, and the expected parameters of a communication of the type in question. The anti-trojan software module may be further adapted to send a message to a server associated with the website, in the event there is a difference between one or more parameters of a communication and the expected parameters of a communication of the type in question; and
- 3. a server which may be adapted to provide a client computer with the website code and the software module.
- 4. a server associated with the website, which server may be adapted to modify user account permissions in response to receiving a message from the software module, relating to the user account.
- According to some further embodiments of the present invention, there is provided a website security system, for detecting security breach attempts associated with a phishing scheme, comprised of one or more of the following components:
-
- 1. a code of a first website;
- 2. an anti-phishing software module, functionally associated with the code of the first website. The anti-phshing software module may be adapted to detect its own instancement on a server not associated with the first website and, when it detects its own instancement on a server not associated with the first website, may be further adapted to perform one or more of the actions selected from the group of actions consisting of: (a) sending a warning to the first website's proprietor, (b) sending a warning to the supplier of the software module, (c) sending a warning to an investigative body, (d) reporting the IP address of the unassociated server to the first website's proprietor (e) reporting the IP address of the unassociated server to the supplier of the software module, (f) reporting the IP address of the unassociated server to an investigative body, (g) reporting further details relating to the instancement to the supplier of the software module, (h) reporting further details relating to the instancement to the first website's proprietor, and (i) reporting further details relating to the instancement to an investigative body; and
- 3. a server which may be adapted to provide a client computer with the website code and the software module.
- 4. a second software module, functionally associated with said first website and adapted to scan other websites and to report other websites containing graphics or text patterns similar to those contained in the first website. The second software module may be further adapted to target for scanning, websites selected from the group of websites consisting of: (a) websites with new domain names, (b) websites with domain names that have recently changed ownership, and (c) websites with domain names similar to the first website's domain name.
- 5. a third software module, functionally associated with the first website and which third software module may be adapted to scan emails and to report emails masquerading as an email being sent by the proprietor of the first website.
- According to some further embodiments of the present invention, The website security system, for detecting security breach attempts associated with a phishing scheme, may further comprise a file, such as an image file, stored on a server associated with the website, which file may not be part of the code that is sent to a browser when it navigates to the website. Accordingly, the anti-phishing software module may be further adapted to locate said file every time it is instanced and to determine that it has been instanced on a server, not associated with said website, when it cannot locate the file.
- According to yet further embodiments of the present invention, there is provided a website security system, for detecting security breach attempts associated with a man in the browser scheme, comprised of one or more of the following components:
-
- 1. a code of a website;
- 2. an anti-mib software module, functionally associated with the code of the website and adapted to encrypt user information, at the application level, using a changing public encryption key associated with the website. The anti-mib software module may be further adapted to receive a public encryption key upon being served to and/or upon instancement on a client browser. According to yet further embodiments of the present invention, the anti-mib software module may be adapted to create a public encryption key upon being served to a client browser; and
- 3. a server which may be adapted to provide a client computer with the website code and the software module.
- According to some further embodiments of the present invention, there is provided a website security system, for detecting security breach attempts associated with a pharming scheme, comprised of one or more of the following components:
-
- 1. a code of a first website;
- 2. an anti-pharming software module, functionally associated with the code of the first website. The anti-pharming software module may be adapted to, when instanced on a client computer, monitor one or more parameters of a communication link between the client computer and a server of a website with which the user's browser is communicating, and to detect differences between the one or more parameters of the communication link and expected parameters for a link with a server associated with the first website.
- The one or more parameters being monitored by the anti-pharming software module may include: (a) the domain name, (b) the IP address associated by the user's browser with the domain name, (c) the communication protocol, (d) the authenticity of the digital certificate being presented to the user's browser by the server with which it is communicating, and/or (e) the content of the digital certificate being presented to the user's browser by the server with which it is communicating.
- According to further embodiments of the present invention, the anti-pharming software module may be adapted, when it detects differences between said one or more parameters of the communication link and expected parameters for a link with a server associated with the first website, to perform one or more of the following actions: (a) terminate the communication, (b) report the detection to the user, (c) report the detection to the first website operator, (d) report the detection to the supplier of the software module, (e) report the detection to an investigative body, (f) send information relating to the server with which the user's browser is communicating to the user, (g) send information relating to the server with which the user's browser is communicating to the first website operator, (h) send information relating to the server with which the user's browser is communicating to an investigative body, and (i) send information relating to the server with which the user's browser is communicating to the supplier of the software module.
- 3. a server which may be adapted to provide a client computer with the website code and the software module.
- 4. a server associated with the first website which may be adapted to modify user account permissions in response to receiving a message from the software module.
-
FIG. 1 : shows a flowchart including exemplary steps of operation of an anti-trojan software module, in accordance with some embodiments of the present invention. -
FIG. 2 : shows a flowchart including exemplary steps of operation of an anti-phishing software module, in accordance with some embodiments of the present invention. - FIGS. 3+3A: show flowcharts including exemplary steps of operation of an anti-pharming software module, in accordance with some embodiments of the present invention.
-
FIG. 4 : shows a flowchart including exemplary steps of operation of an anti-mib software module, in accordance with some embodiments of the present invention. - In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the invention. However, it will be understood by those skilled in the art that the present invention may be practiced without these specific details. In other instances, well-known methods, procedures, components and circuits have not been described in detail so as not to obscure the present invention.
- Unless specifically stated otherwise, as apparent from the following discussions, it is appreciated that throughout the specification discussions utilizing terms such as “processing”, “computing”, “calculating”, “determining”, or the like, refer to the action and/or processes of a computer or computing system, or similar electronic computing device, that manipulate and/or transform data represented as physical, such as electronic, quantities within the computing system's registers and/or memories into other data similarly represented as physical quantities within the computing system's memories, registers or other such information storage, transmission or display devices. The term server may refer to a single server or to a functionally associated cluster of servers.
- Embodiments of the present invention may include apparatuses for performing the operations herein. This apparatus may be specially constructed for the desired purposes, or it may comprise a general purpose computer selectively activated or reconfigured by a computer program stored in the computer. Such a computer program may be stored in a computer readable storage medium, such as, but is not limited to, any type of disk including floppy disks, optical disks, CD-ROMs, magnetic-optical disks, read-only memories (ROMs), random access memories (RAMS) electrically programmable read-only memories (EPROMs), electrically erasable and programmable read only memories (EEPROMs), magnetic or optical cards, or any other type of media suitable for storing electronic instructions, and capable of being coupled to a computer system bus.
- The processes and displays presented herein are not inherently related to any particular computer or other apparatus. Various general purpose systems may be used with programs in accordance with the teachings herein, or it may prove convenient to construct a more specialized apparatus to perform the desired method. The desired structure for a variety of these systems will appear from the description below. In addition, embodiments of the present invention are not described with reference to any particular programming language. It will be appreciated that a variety of programming languages may be used to implement the teachings of the inventions as described herein.
- Terms in this application relating to distributed data networking, such as send or receive, may be interpreted in reference to Internet protocol suite, which is a set of communications protocols that implement the protocol stack on which the Internet and most commercial networks run. It has also been referred to as the TCP/IP protocol suite, which is named after two of the most important protocols in it: the Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first two networking protocols defined. Today's IP networking represents a synthesis of two developments that began in the 1970s, namely LANs (Local Area Networks) and the Internet, both of which have revolutionized computing.
- The Internet Protocol suite—like many protocol suites—can be viewed as a set of layers. Each layer solves a set of problems involving the transmission of data, and provides a well-defined service to the upper layer protocols based on using services from some lower layers. Upper layers are logically closer to the user and deal with more abstract data, relying on lower layer protocols to translate data into forms that can eventually be physically transmitted. The TCP/IP reference model consists of four layers.
- Layers in the Internet Protocol Suite
- The IP suite uses encapsulation to provide abstraction of protocols and services. Generally a protocol at a higher level uses a protocol at a lower level to help accomplish its aims. The Internet protocol stack has never been altered, by the IETF, from the four layers defined in RFC 1122. The IETF makes no effort to follow the seven-layer OSI model and does not refer to it in standards-track protocol specifications and other architectural documents.
-
4. Application DNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, TELNET, ECHO, RTP, PNRP, rlogin, ENRP Routing protocols like BGP, which for a variety of reasons run over TCP, may also be considered part of the application or network layer. 3.Transport TCP, UDP, DCCP, SCTP, IL, RUDP 2.Internet Routing protocols like OSPF, which run over IP, are also to be considered part of the network layer, as they provide path selection. ICMP and IGMP run over IP and are considered part of the network layer, as they provide control information. IP (IPv4, IPv6) ARP and RARP operate underneath IP but above the link layer so they belong somewhere in between. 1. Network access Ethernet, Wi-Fi, token ring, PPP, SLIP, FDDI, ATM, Frame Relay, SMDS - It should be understood that any topology, technology and/or standard for computer networking (e.g. mesh networks, infiniband connections, RDMA, etc.), known today or to be devised in the future, may be applicable to the present invention.
- The present invention is a method and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on. According to some embodiments of the present invention, there may be provided an anti-trojan software module functionally associated with the website, such as embedded in a website's code, and adapted to detect when a computer of a user of the website is infected with a key logger or other Trojan application. According to further embodiments of the present invention, an anti-phishing software module may be embedded in the code of the website and may be adapted to transmit to a server associated with the website and/or a server associated with the entity responsible for the anti-phishing software module a warning message when the code of the website has been copied and/or instanced on a server other than the website's server, usually residing in a domain other than the native domain of the website, i.e. a phishing attempt. According to yet further embodiments of the present invention, an anti-pharming software module may be embedded in the website's code, which anti-pharming software module may be adapted to detect, report and/or prevent an attempt to intercept data (i.e. pharming) transferred from a user to the website, including authentication data.
- According to some embodiments of the present invention, where an anti-trojan software module functionally associated with the website is adapted to detect when a computer of a user of the website is infected with a key logger or other Trojan application, the anti-trojan software module may compare one or more parameters of communications between the user's computer to the website (e.g. the size of the communication, the number of user inputs included in the communication, the content of the communication, etc.) against expected parameters of a communication of the type in question. The anti-trojan software module may be pre-programmed with or receive from the website data indicating the expected parameters of the different communications that may be received by the website. The anti-trojan software module may, for example, check responses that are to be sent from a user's computer to the website server. If the responses' format, size, number of user inputs or other parameter is different from the ordinary size, format, number of user inputs or other parameter of such a type of response, a key logger or other Trojan application may be operative on the user's computer and may be attempting to record the user's credentials on the website or otherwise breach the system's security. Similarly, the anti-trojan software module may compare the contents of a specific communication (such as the contents of a specific page of the website) with the expected contents of the type of communication in question, the number of user inputs included in the communication and/or any other parameters of the communication. When discrepancies are discovered, the anti-trojan software module may terminate the communication session between the user's and the site and may further temporarily block the specific user from accessing the system utilizing the credentials that may have been compromised. Additionally, the anti-trojan software module may issue a warning to the user, the site operator and/or the anti-trojan software module provider. Furthermore, the anti-trojan software module may provide the user with remediation instructions for removing the key logger or other Trojan application from his/her computer and may further provide the user with instructions for reinstating his/her access to the system.
- According to further embodiments of the present invention, there may be provided an anti-phishing software module functionally associated with a commercial website, such as embedded in a website's code, adapted to identify attempts to copy the website on a different server in order to masquerade as the legitimate website (a “Phishing” attempt). According to some embodiments of the present invention, the anti-phishing software module may be encrypted into the website's code. The anti-phishing software module may simultaneously and/or separately perform multiple actions designed to identify Phishing attempts including; (i) verifying, every time the web page is loaded, a software element secretly embedded in the website's code or on an associated server, (ii) scanning similar domain names to search for possible imitations, (iii) monitoring new domain name registrations and/or changes of domain name ownership to search for possible imitations, (iv) searching throughout the internet for unique text patterns and graphics associated with the legitimate website, and/or (v) scanning emails to search for possible attempts to masquerade as the commercial entity being protected.
- According to some embodiments of the present invention, the anti-phishing software module may be adapted to transmit to a server associated with the website and/or with the entity responsible for the anti-phishing software module a warning message when the code of the website has been copied and/or instanced on another server. The anti-phishing software module may be integral with one or more codes and/or modules of the website, such as a Javascript, a flash player application or any other application written in any other language. According to further embodiments of the present invention, the anti-phishing software module may, while running on the server and/or the browser, be adapted to check one or more parameters associated with its computational environment in order to determine whether it is communicating with the authentic/genuine website server or another server, unassociated with the authentic/genuine website—likely to be operated someone engaged in a phishing scheme. The anti-phishing software module may attempt to locate one or more specific files, which files may be secretly stored on the authentic/genuine website server, may not be part of the code that is sent to a browser when it navigates to the authentic/genuine website, and may thus be considered secret. The secret file(s) may be in the form of an image or digital certificate. For example, the genuine website may have a very small picture (up to one pixel in size) secretly embedded in a server associated with the website, which picture is not part of the code that is sent to a browser when it navigates to the authentic/genuine website. Therefore, when the website is copied the secret picture will not appear in the copy. The anti-phishing software module may, in this example, be programmed to attempt to locate the secret picture every time the website is uploaded and in the event that the picture cannot be located, presumably because the website is an illegitimate copy and therefore is being uploaded on a different server that does not contain the secret picture, send an alert along with the “fake” website's URL and/or the “different” server's IP address to a server associated with the genuine website and/or a server associated with the entity responsible for the anti-phishing software module.
- According to further embodiments of the present invention, the anti-phishing software module may search the internet for websites containing unique text patterns and graphics associated with the legitimate website, such as the commercial entity's logo, marketing slogans, name, commonly used fonts and phrases and so on. The anti-phishing software module may target websites with domain names similar to the genuine website's domain name and/or monitor new domain name registrations and/or changes of domain name ownership, for more frequent and thorough inspection. All suspicious findings discovered by the anti-phishing software module during searches may be reported to an investigative body, a server associated with the website and/or a server associated with the entity responsible for the anti-phishing software module. The report may prioritize the findings based on the amount of similarity found to the genuine website in each specific instance. For example, a website containing the genuine websites name, logo and the term “username” may be reported with higher importance than a website that only contains the genuine website's name.
- According to yet further embodiments of the present invention, the anti-phishing software module may regularly scan emails to search for possible attempts to masquerade as the commercial entity being protected.
- According to some embodiments of the present invention, the anti-phishing software module and/or the anti-trojan software module may be adapted to remain dormant much of the time and to wakeup intermittently. Whereas according to other embodiments of the present invention, the anti-phishing software module and/or the anti-trojan software module may be active substantially continuously.
- According to some further embodiments of the present invention, the anti-phishing software module, the anti-pharming software module and/or the anti-trojan software module may also report any findings of suspicious activity to an investigative body and may include in the reports information that may assist the investigative body in locating and taking action against the offending party. The anti-phishing software module, the anti-pharming software module and/or the anti-trojan software module may be further adapted to take automatic action to prevent or halt security breach attempts when specific threats are detected.
- According to further embodiments of the present invention, an anti-pharming software module may be functionally associated with a website's code, such as embedded in a website's code. The anti-pharming software module, when instanced in a web browser, may be adapted to detect, report and/or prevent an attempt to intercept data transferred from a user to the website, including authentication data. A given anti-pharming software module may include, be pre-programmed with and/or otherwise have access to one or more parameters (e.g. domain name, IP address, etc) of the website with which the module is associated. When the given module is instanced, it may check and/or compare one or more parameters of the website with which the user's browser is communicating against the one or more parameters of the website with which the module is associated. The module may thus determine whether the user's browser is communicating with the intended website, or whether the browser's communication is being redirected, intercepted or relayed, without the user's knowledge, to pass through a second website, presumably being operated by a third party (e.g. hostile entity), before being transmitted to the genuine website.
- The anti-pharming software module may check, for example, that the domain name which appears in the user's browser is identical to the genuine website's domain name and/or that the IP address associated by the user's browser with the domain name is the genuine website's IP address. The anti-pharming software module may also verify that the protocol being used for communication is a Hypertext Transfer Protocol Secure (HTTPS). The anti-pharming software module may further verify the authenticity of the digital certificate being presented to the user's browser by the website with which it is communicating. The anti-pharming software module may further examine the content of the digital certificate to verify that it is actually the genuine website's certificate.
- According to some embodiments of the present invention, the anti-pharming software module, in the event that it detects any discrepancy in the parameters it has checked and/or compared, may be adapted to; (i) terminate the communication; (ii) report the event along with any information relating to the second website, such as the domain name, IP address, etc, to the user, website operator and/or supplier of the anti-pharming software module; an or (in) block the specific user from accessing the system utilizing the credentials that may have been compromised.
- According to yet further embodiments of the present invention, a anti-mib (i.e. man in the browser) software module May be functionally associated with a website's code, such as embedded in a website's code. When instanced in a browser, the anti-mib module may request or otherwise receive an encryption key (e.g. a public encryption key) from a source associated with the website. The anti-mib module may use the key for application level encryption of information (e.g. identification and/or authentication information) provided by a user. The application may be a website log in application running on the browser and may be functionally associated or integral with the anti-mib module. The website may use a private key corresponding to the received (public) key to decrypt the user's information. According to further embodiments of the present invention, a different encryption key may be provided to the anti-mib module periodically and/or each time it is instanced. The different encryption key may be received by the anti-mib software module upon being served to or upon instancement on a client browser. Alternatively, the different encryption key may be created by the anti-mib software module upon being served to or upon instancement on a client browser. According to some embodiments of the present invention, the anti-mib module mitigates the risk of another application running within the browser from intercepting, storing and/or forwarding user information.
- It should be understood by one of skill in the art that some of the functions described as being performed by a specific component of the system may be performed by a different component of the system in other embodiments of this invention.
- The present invention can be practiced by employing conventional tools, methodology and components. Accordingly, the details of such tools, component and methodology are not set forth herein in detail. In the previous descriptions, numerous specific details are set forth, in order to provide a thorough understanding of the present invention. It should be recognized, however, that the present invention might be practiced without resorting to the details specifically set forth.
- Only exemplary embodiments of the present invention and but a few examples of its versatility are shown and described in the present disclosure. It is to be understood that the present invention is capable of use in various other combinations and environments and is capable of changes or modifications within the scope of the inventive concept as expressed herein.
- While certain features of the invention have been illustrated and described herein, many modifications, substitutions, changes, and equivalents will now occur to those skilled in the art. It is, therefore, to be understood that the appended claims are intended to cover all such modifications and changes as fall within the true spirit of the invention.
Claims (3)
1. A website security system for detecting security breach attempts associated with a man in the browser scheme, said system comprising: a code of a website; a software module, functionally associated with said code and adapted to encrypt user information, at the application level, using a changing public encryption key associated with said website; and a server adapted to provide a client computer with said code and said software module.
2. The system according to claim 1 , wherein said software module is further adapted to receive a public encryption key either upon being served to or upon instancement on a client browser.
3. The system according to claim 1 , wherein said software module is further adapted to create a public encryption key upon being served to a client browser.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/895,384 US20130254530A1 (en) | 2009-09-23 | 2013-05-16 | System and method for identifying security breach attempt of a website |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/565,088 US10157280B2 (en) | 2009-09-23 | 2009-09-23 | System and method for identifying security breach attempts of a website |
US13/895,384 US20130254530A1 (en) | 2009-09-23 | 2013-05-16 | System and method for identifying security breach attempt of a website |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/565,088 Division US10157280B2 (en) | 2009-09-23 | 2009-09-23 | System and method for identifying security breach attempts of a website |
Publications (1)
Publication Number | Publication Date |
---|---|
US20130254530A1 true US20130254530A1 (en) | 2013-09-26 |
Family
ID=43757638
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/565,088 Active 2031-08-21 US10157280B2 (en) | 2009-09-23 | 2009-09-23 | System and method for identifying security breach attempts of a website |
US13/895,384 Abandoned US20130254530A1 (en) | 2009-09-23 | 2013-05-16 | System and method for identifying security breach attempt of a website |
US13/895,386 Abandoned US20130254888A1 (en) | 2009-09-23 | 2013-05-16 | System and method for identifying security breach attempt of a website |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/565,088 Active 2031-08-21 US10157280B2 (en) | 2009-09-23 | 2009-09-23 | System and method for identifying security breach attempts of a website |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/895,386 Abandoned US20130254888A1 (en) | 2009-09-23 | 2013-05-16 | System and method for identifying security breach attempt of a website |
Country Status (1)
Country | Link |
---|---|
US (3) | US10157280B2 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9521164B1 (en) * | 2014-01-15 | 2016-12-13 | Frank Angiolelli | Computerized system and method for detecting fraudulent or malicious enterprises |
CN107209830A (en) * | 2014-11-13 | 2017-09-26 | 克丽夫有限公司 | Method for recognizing and resisting network attack |
US10356125B2 (en) | 2017-05-26 | 2019-07-16 | Vade Secure, Inc. | Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks |
US10958682B2 (en) | 2011-09-21 | 2021-03-23 | SunStone Information Defense Inc. | Methods and apparatus for varying soft information related to the display of hard information |
Families Citing this family (43)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8453224B2 (en) * | 2009-10-23 | 2013-05-28 | Novell, Inc. | Single sign-on authentication |
CN103004102B (en) * | 2010-05-13 | 2015-12-09 | 西北大学 | Geo-positioning system and method |
US9710645B2 (en) * | 2010-12-23 | 2017-07-18 | Ebay Inc. | Systems and methods to detect and neutralize malware infected electronic communications |
US8869279B2 (en) | 2011-05-13 | 2014-10-21 | Imperva, Inc. | Detecting web browser based attacks using browser response comparison tests launched from a remote source |
US8621556B1 (en) * | 2011-05-25 | 2013-12-31 | Palo Alto Networks, Inc. | Dynamic resolution of fully qualified domain name (FQDN) address objects in policy definitions |
US20120331551A1 (en) * | 2011-06-24 | 2012-12-27 | Koninklijke Kpn N.V. | Detecting Phishing Attempt from Packets Marked by Network Nodes |
US9361198B1 (en) | 2011-12-14 | 2016-06-07 | Google Inc. | Detecting compromised resources |
US9111090B2 (en) * | 2012-04-02 | 2015-08-18 | Trusteer, Ltd. | Detection of phishing attempts |
US8707454B1 (en) | 2012-07-16 | 2014-04-22 | Wickr Inc. | Multi party messaging |
CN103634127A (en) * | 2012-08-20 | 2014-03-12 | 腾讯科技(深圳)有限公司 | Website hung Trojan early warning method and device |
US8966637B2 (en) | 2013-02-08 | 2015-02-24 | PhishMe, Inc. | Performance benchmarking for simulated phishing attacks |
US9253207B2 (en) | 2013-02-08 | 2016-02-02 | PhishMe, Inc. | Collaborative phishing attack detection |
US9356948B2 (en) | 2013-02-08 | 2016-05-31 | PhishMe, Inc. | Collaborative phishing attack detection |
US9398038B2 (en) | 2013-02-08 | 2016-07-19 | PhishMe, Inc. | Collaborative phishing attack detection |
US20140366156A1 (en) * | 2013-06-09 | 2014-12-11 | Tencent Technology (Shenzhen) Company Limited | Method and device for protecting privacy information with browser |
US20150188932A1 (en) * | 2013-12-31 | 2015-07-02 | Samsung Electronics Co., Ltd. | Apparatus, system, and method for identifying a man-in-the-middle (mitm) connection |
US9262629B2 (en) | 2014-01-21 | 2016-02-16 | PhishMe, Inc. | Methods and systems for preventing malicious use of phishing simulation records |
US9584530B1 (en) | 2014-06-27 | 2017-02-28 | Wickr Inc. | In-band identity verification and man-in-the-middle defense |
US9756058B1 (en) | 2014-09-29 | 2017-09-05 | Amazon Technologies, Inc. | Detecting network attacks based on network requests |
US9426171B1 (en) | 2014-09-29 | 2016-08-23 | Amazon Technologies, Inc. | Detecting network attacks based on network records |
US9654288B1 (en) * | 2014-12-11 | 2017-05-16 | Wickr Inc. | Securing group communications |
US9906539B2 (en) | 2015-04-10 | 2018-02-27 | PhishMe, Inc. | Suspicious message processing and incident response |
US20180294978A1 (en) * | 2015-10-18 | 2018-10-11 | Indiana University Research And Technology Corporation | Systems and methods for identifying certificates |
US9584493B1 (en) | 2015-12-18 | 2017-02-28 | Wickr Inc. | Decentralized authoritative messaging |
US9596079B1 (en) | 2016-04-14 | 2017-03-14 | Wickr Inc. | Secure telecommunications |
US9602477B1 (en) | 2016-04-14 | 2017-03-21 | Wickr Inc. | Secure file transfer |
US10440053B2 (en) | 2016-05-31 | 2019-10-08 | Lookout, Inc. | Methods and systems for detecting and preventing network connection compromise |
CN106127052B (en) * | 2016-06-30 | 2019-05-14 | 北京奇虎科技有限公司 | The recognition methods of rogue program and device |
US10419477B2 (en) * | 2016-11-16 | 2019-09-17 | Zscaler, Inc. | Systems and methods for blocking targeted attacks using domain squatting |
US10218697B2 (en) | 2017-06-09 | 2019-02-26 | Lookout, Inc. | Use of device risk evaluation to manage access to services |
CN107733908B (en) * | 2017-10-26 | 2021-01-29 | 北京知道创宇信息技术股份有限公司 | Data packet processing method and device, network equipment and readable storage medium |
US20200084225A1 (en) * | 2017-12-01 | 2020-03-12 | Trusted Knight Corporation | In-stream malware protection |
US10831892B2 (en) * | 2018-06-07 | 2020-11-10 | Sap Se | Web browser script monitoring |
CN110677374A (en) * | 2018-07-02 | 2020-01-10 | 中国电信股份有限公司 | Method and device for preventing phishing attack and computer readable storage medium |
US11157571B2 (en) | 2018-07-12 | 2021-10-26 | Bank Of America Corporation | External network system for extracting external website data using generated polymorphic data |
CN109450880A (en) * | 2018-10-26 | 2019-03-08 | 平安科技(深圳)有限公司 | Detection method for phishing site, device and computer equipment based on decision tree |
US10511628B1 (en) | 2019-03-07 | 2019-12-17 | Lookout, Inc. | Detecting realtime phishing from a phished client or at a security server |
US10523706B1 (en) * | 2019-03-07 | 2019-12-31 | Lookout, Inc. | Phishing protection using cloning detection |
CN110008688B (en) * | 2019-03-07 | 2020-10-13 | 北京华安普特网络科技有限公司 | Website anti-Trojan detection method |
US11582223B2 (en) | 2021-01-07 | 2023-02-14 | Bank Of America Corporation | Browser extension for validating communications |
US11314841B1 (en) | 2021-01-07 | 2022-04-26 | Bank Of America Corporation | Web browser communication validation extension |
US11570149B2 (en) | 2021-03-30 | 2023-01-31 | Palo Alto Networks, Inc. | Feedback mechanism to enforce a security policy |
CN113691492B (en) * | 2021-06-11 | 2023-04-07 | 杭州安恒信息安全技术有限公司 | Method, system, device and readable storage medium for determining illegal application program |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223287B1 (en) * | 1998-07-24 | 2001-04-24 | International Business Machines Corporation | Method for establishing a secured communication channel over the internet |
US6535912B1 (en) * | 1999-08-31 | 2003-03-18 | Lucent Technologies Inc. | Method for creating and playing back a smart bookmark that automatically retrieves a requested Web page through a plurality of intermediate Web pages |
US20050188051A1 (en) * | 2003-12-19 | 2005-08-25 | Iftah Sneh | System and method for providing offline web application, page, and form access in a networked environment |
US20060005017A1 (en) * | 2004-06-22 | 2006-01-05 | Black Alistair D | Method and apparatus for recognition and real time encryption of sensitive terms in documents |
US20070039050A1 (en) * | 2005-08-15 | 2007-02-15 | Vladimir Aksenov | Web-based data collection using data collection devices |
US20090172396A1 (en) * | 2007-12-31 | 2009-07-02 | Intel Corporation | Secure input |
US20090319769A1 (en) * | 2008-05-21 | 2009-12-24 | Apple Inc. | Discrete key generation method and apparatus |
US7757278B2 (en) * | 2001-01-04 | 2010-07-13 | Safenet, Inc. | Method and apparatus for transparent encryption |
Family Cites Families (276)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US3950735A (en) | 1974-01-04 | 1976-04-13 | Honeywell Information Systems, Inc. | Method and apparatus for dynamically controlling read/write operations in a peripheral subsystem |
US4644532A (en) | 1985-06-10 | 1987-02-17 | International Business Machines Corporation | Automatic update of topology in a hybrid network |
US4897781A (en) | 1987-02-13 | 1990-01-30 | International Business Machines Corporation | System and method for using cached data at a local node after re-opening a file at a remote node in a distributed networking environment |
US4965772A (en) | 1987-06-15 | 1990-10-23 | International Business Machines Corporation | Method and apparatus for communication network alert message construction |
US5053953A (en) | 1990-01-05 | 1991-10-01 | Bull Hn Information Systems Inc. | Apparatus for aligning arithmetic operands during fetch |
US5023826A (en) | 1990-01-11 | 1991-06-11 | Bull Hn Information Systems Inc. | Apparatus for skipping arithmetic calculations involving leading zeros |
WO1991014326A2 (en) | 1990-03-05 | 1991-09-19 | Massachusetts Institute Of Technology | Switching networks with expansive and/or dispersive logical clusters for message routing |
US5327529A (en) | 1990-09-24 | 1994-07-05 | Geoworks | Process of designing user's interfaces for application programs |
US5367642A (en) | 1990-09-28 | 1994-11-22 | Massachusetts Institute Of Technology | System of express channels in an interconnection network that automatically bypasses local channel addressable nodes |
US5299312A (en) | 1990-11-15 | 1994-03-29 | Massachusetts Institute Of Technology | Network fault recovery by controllable switching of subnetworks |
US5367635A (en) | 1991-08-29 | 1994-11-22 | Hewlett-Packard Company | Network management agent with user created objects providing additional functionality |
US5611049A (en) | 1992-06-03 | 1997-03-11 | Pitts; William M. | System for accessing distributed data cache channel at each network node to pass requests and data |
US6026452A (en) | 1997-02-26 | 2000-02-15 | Pitts; William Michael | Network distributed site cache RAM claimed as up/down stream request/reply channel for storing anticipated data and meta data |
US5371852A (en) | 1992-10-14 | 1994-12-06 | International Business Machines Corporation | Method and apparatus for making a cluster of computers appear as a single host on a network |
US5596742A (en) | 1993-04-02 | 1997-01-21 | Massachusetts Institute Of Technology | Virtual interconnections for reconfigurable logic systems |
WO1994025913A2 (en) | 1993-04-30 | 1994-11-10 | Novadigm, Inc. | Method and apparatus for enterprise desktop management |
US5406502A (en) | 1993-06-29 | 1995-04-11 | Elbit Ltd. | System and method for measuring the operation of a device |
WO1995005712A2 (en) | 1993-08-13 | 1995-02-23 | Frank Thomson Leighton | Secret key exchange |
US5519694A (en) | 1994-02-04 | 1996-05-21 | Massachusetts Institute Of Technology | Construction of hierarchical networks through extension |
US5761484A (en) | 1994-04-01 | 1998-06-02 | Massachusetts Institute Of Technology | Virtual interconnections for reconfigurable logic systems |
US5528701A (en) | 1994-09-02 | 1996-06-18 | Panasonic Technologies, Inc. | Trie based method for indexing handwritten databases |
US5517617A (en) | 1994-06-29 | 1996-05-14 | Digital Equipment Corporation | Automatic assignment of addresses in a computer communications network |
US5606665A (en) | 1994-07-01 | 1997-02-25 | Digital Equipment Corporation | Buffer descriptor prefetch in network and I/O design |
US5768423A (en) | 1994-09-02 | 1998-06-16 | Panasonic Technologies Inc. | Trie structure based method and apparatus for indexing and searching handwritten databases with dynamic search sequencing |
US6085234A (en) | 1994-11-28 | 2000-07-04 | Inca Technology, Inc. | Remote file services network-infrastructure cache |
US5936939A (en) | 1995-05-22 | 1999-08-10 | Fore Systems, Inc. | Digital network including early packet discard mechanism with adjustable threshold |
US5774668A (en) | 1995-06-07 | 1998-06-30 | Microsoft Corporation | System for on-line service in which gateway computer uses service map which includes loading condition of servers broadcasted by application servers for load balancing |
US5682382A (en) | 1995-09-05 | 1997-10-28 | Massachusetts Institute Of Technology | Scalable, self-organizing packet radio network having decentralized channel management providing collision-free packet transfer |
US5790554A (en) | 1995-10-04 | 1998-08-04 | Bay Networks, Inc. | Method and apparatus for processing data packets in a network |
US5684800A (en) | 1995-11-15 | 1997-11-04 | Cabletron Systems, Inc. | Method for establishing restricted broadcast groups in a switched network |
US5892932A (en) | 1995-11-21 | 1999-04-06 | Fore Systems, Inc. | Reprogrammable switching apparatus and method |
KR0157152B1 (en) | 1995-12-23 | 1998-11-16 | 양승택 | Apparatus with expansibility for processing atm layer function |
US6128657A (en) | 1996-02-14 | 2000-10-03 | Fujitsu Limited | Load sharing system |
US5949885A (en) | 1996-03-12 | 1999-09-07 | Leighton; F. Thomson | Method for protecting content using watermarking |
US6111876A (en) | 1996-03-12 | 2000-08-29 | Nortel Networks Limited | VLAN frame format |
US5959990A (en) | 1996-03-12 | 1999-09-28 | Bay Networks, Inc. | VLAN frame format |
US5752023A (en) | 1996-04-24 | 1998-05-12 | Massachusetts Institute Of Technology | Networked database system for geographically dispersed global sustainability data |
US6085320A (en) * | 1996-05-15 | 2000-07-04 | Rsa Security Inc. | Client/server protocol for proving authenticity |
US5663018A (en) | 1996-05-28 | 1997-09-02 | Motorola | Pattern writing method during X-ray mask fabrication |
US5913214A (en) | 1996-05-30 | 1999-06-15 | Massachusetts Inst Technology | Data extraction from world wide web pages |
US5802052A (en) | 1996-06-26 | 1998-09-01 | Level One Communication, Inc. | Scalable high performance switch element for a shared memory packet or ATM cell switch fabric |
US5919247A (en) | 1996-07-24 | 1999-07-06 | Marimba, Inc. | Method for the distribution of code and data updates |
US5774660A (en) | 1996-08-05 | 1998-06-30 | Resonate, Inc. | World-wide-web server with delayed resource-binding for resource-based load balancing on a distributed resource multi-node network |
US6182139B1 (en) | 1996-08-05 | 2001-01-30 | Resonate Inc. | Client-side resource-based load-balancing with delayed-resource-binding using TCP state migration to WWW server farm |
US5946690A (en) | 1996-12-17 | 1999-08-31 | Inca Technology, Inc. | NDC consistency reconnect mechanism |
US5941988A (en) | 1997-01-27 | 1999-08-24 | International Business Machines Corporation | Session and transport layer proxies via TCP glue |
US5875296A (en) | 1997-01-28 | 1999-02-23 | International Business Machines Corporation | Distributed file system web server user authentication with cookies |
US5983281A (en) | 1997-04-24 | 1999-11-09 | International Business Machines Corporation | Load balancing in a multiple network environment |
US6006260A (en) | 1997-06-03 | 1999-12-21 | Keynote Systems, Inc. | Method and apparatus for evalutating service to a user over the internet |
US5974460A (en) | 1997-06-16 | 1999-10-26 | International Business Machines Corporation | Apparatus and method for selecting an optimum telecommunications link |
US6263368B1 (en) | 1997-06-19 | 2001-07-17 | Sun Microsystems, Inc. | Network load balancing for multi-computer server by counting message packets to/from multi-computer server |
US6028857A (en) | 1997-07-25 | 2000-02-22 | Massachusetts Institute Of Technology | Self-organizing network |
US6006268A (en) | 1997-07-31 | 1999-12-21 | Cisco Technology, Inc. | Method and apparatus for reducing overhead on a proxied connection |
US6006264A (en) | 1997-08-01 | 1999-12-21 | Arrowpoint Communications, Inc. | Method and system for directing a flow between a client and a server |
US5988847A (en) | 1997-08-22 | 1999-11-23 | Honeywell Inc. | Systems and methods for implementing a dynamic cache in a supervisory control system |
US6051169A (en) | 1997-08-27 | 2000-04-18 | International Business Machines Corporation | Vacuum baking process |
US6078956A (en) | 1997-09-08 | 2000-06-20 | International Business Machines Corporation | World wide web end user response time monitor |
US6128279A (en) | 1997-10-06 | 2000-10-03 | Web Balance, Inc. | System for balancing loads among network servers |
US6092196A (en) | 1997-11-25 | 2000-07-18 | Nortel Networks Limited | HTTP distributed remote user authentication system |
US6601084B1 (en) | 1997-12-19 | 2003-07-29 | Avaya Technology Corp. | Dynamic load balancer for multiple network servers |
US6246684B1 (en) | 1997-12-24 | 2001-06-12 | Nortel Networks Limited | Method and apparatus for re-ordering data packets in a network environment |
US6087196A (en) | 1998-01-30 | 2000-07-11 | The Trustees Of Princeton University | Fabrication of organic semiconductor devices using ink jet printing |
US6484261B1 (en) | 1998-02-17 | 2002-11-19 | Cisco Technology, Inc. | Graphical network security policy management |
EP0948168A1 (en) | 1998-03-31 | 1999-10-06 | TELEFONAKTIEBOLAGET L M ERICSSON (publ) | Method and device for data flow control |
US6170022B1 (en) | 1998-04-03 | 2001-01-02 | International Business Machines Corporation | Method and system for monitoring and controlling data flow in a network congestion state by changing each calculated pause time by a random amount |
US6876654B1 (en) | 1998-04-10 | 2005-04-05 | Intel Corporation | Method and apparatus for multiprotocol switching and routing |
SE512672C2 (en) | 1998-06-12 | 2000-04-17 | Ericsson Telefon Ab L M | Procedure and system for transferring a cookie |
US6178423B1 (en) | 1998-06-23 | 2001-01-23 | Microsoft Corporation | System and method for recycling numerical values in a computer system |
US6253226B1 (en) | 1998-06-24 | 2001-06-26 | Oracle Corporation | Duration-based memory management of complex objects |
US6490624B1 (en) | 1998-07-10 | 2002-12-03 | Entrust, Inc. | Session management in a stateless network system |
US6108703A (en) | 1998-07-14 | 2000-08-22 | Massachusetts Institute Of Technology | Global hosting system |
CA2304041C (en) | 1998-07-17 | 2004-06-01 | F. Thomson Leighton | Method for image processing to facilitate copy protection |
US6289012B1 (en) | 1998-08-03 | 2001-09-11 | Instanton Corporation | High concurrency data download apparatus and method |
US6233612B1 (en) | 1998-08-31 | 2001-05-15 | International Business Machines Corporation | Dynamic network protocol management information base options |
US6327622B1 (en) | 1998-09-03 | 2001-12-04 | Sun Microsystems, Inc. | Load balancing in a network environment |
JP3859369B2 (en) | 1998-09-18 | 2006-12-20 | 株式会社東芝 | Message relay apparatus and method |
US6253230B1 (en) | 1998-09-22 | 2001-06-26 | International Business Machines Corporation | Distributed scalable device for selecting a server from a server cluster and a switched path to the selected server |
US6636503B1 (en) | 1998-10-06 | 2003-10-21 | Siemens Information & Communication Networks, Inc. | Method and system for communicating with a telecommunications switch |
US6691165B1 (en) | 1998-11-10 | 2004-02-10 | Rainfinity, Inc. | Distributed server cluster for controlling network traffic |
US6411986B1 (en) | 1998-11-10 | 2002-06-25 | Netscaler, Inc. | Internet client-server multiplexer |
US6360270B1 (en) | 1998-11-16 | 2002-03-19 | Hewlett-Packard Company | Hybrid and predictive admission control strategies for a server |
US6347339B1 (en) | 1998-12-01 | 2002-02-12 | Cisco Technology, Inc. | Detecting an active network node using a login attempt |
US6396833B1 (en) | 1998-12-02 | 2002-05-28 | Cisco Technology, Inc. | Per user and network routing tables |
US6636894B1 (en) | 1998-12-08 | 2003-10-21 | Nomadix, Inc. | Systems and methods for redirecting users having transparent computer access to a network using a gateway device having redirection capability |
US6510135B1 (en) | 1998-12-18 | 2003-01-21 | Nortel Networks Limited | Flow-level demultiplexing within routers |
US6718390B1 (en) | 1999-01-05 | 2004-04-06 | Cisco Technology, Inc. | Selectively forced redirection of network traffic |
US6721271B1 (en) | 1999-02-04 | 2004-04-13 | Nortel Networks Limited | Rate-controlled multi-class high-capacity packet switch |
US6192051B1 (en) | 1999-02-26 | 2001-02-20 | Redstone Communications, Inc. | Network router search engine using compressed tree forwarding table |
US6430562B1 (en) | 1999-03-01 | 2002-08-06 | Electronic Data Systems Corporation | Integrated resource management system and method |
US6650640B1 (en) | 1999-03-01 | 2003-11-18 | Sun Microsystems, Inc. | Method and apparatus for managing a network flow in a high performance network interface |
US6760775B1 (en) | 1999-03-05 | 2004-07-06 | At&T Corp. | System, method and apparatus for network service load and reliability management |
US7349391B2 (en) | 1999-03-19 | 2008-03-25 | F5 Networks, Inc. | Tunneling between a bus and a network |
US6751663B1 (en) | 1999-03-25 | 2004-06-15 | Nortel Networks Limited | System wide flow aggregation process for aggregating network activity records |
US6519643B1 (en) | 1999-04-29 | 2003-02-11 | Attachmate Corporation | Method and system for a session allocation manager (“SAM”) |
US6529955B1 (en) | 1999-05-06 | 2003-03-04 | Cisco Technology, Inc. | Proxy session count limitation |
US6888836B1 (en) | 1999-05-26 | 2005-05-03 | Hewlett-Packard Development Company, L.P. | Method for allocating web sites on a web hosting cluster |
US6708187B1 (en) | 1999-06-10 | 2004-03-16 | Alcatel | Method for selective LDAP database synchronization |
US6781986B1 (en) | 1999-06-25 | 2004-08-24 | Nortel Networks Limited | Scalable high capacity switch architecture method, apparatus and system |
US6650641B1 (en) | 1999-07-02 | 2003-11-18 | Cisco Technology, Inc. | Network address translation using a forwarding agent |
US6742045B1 (en) | 1999-07-02 | 2004-05-25 | Cisco Technology, Inc. | Handling packet fragments in a distributed network service environment |
US6510458B1 (en) | 1999-07-15 | 2003-01-21 | International Business Machines Corporation | Blocking saves to web browser cache based on content rating |
US6374300B2 (en) | 1999-07-15 | 2002-04-16 | F5 Networks, Inc. | Method and system for storing load balancing information with an HTTP cookie |
US6868082B1 (en) | 1999-08-30 | 2005-03-15 | International Business Machines Corporation | Network processor interface for building scalable switching systems |
US6343324B1 (en) | 1999-09-13 | 2002-01-29 | International Business Machines Corporation | Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices |
WO2001037116A2 (en) | 1999-11-16 | 2001-05-25 | 01, Inc. | Method and system for executing financial transactions via a communication medium |
US6950434B1 (en) | 1999-12-07 | 2005-09-27 | Advanced Micro Devices, Inc. | Arrangement for searching packet policies using multi-key hash searches in a network switch |
US6683873B1 (en) | 1999-12-27 | 2004-01-27 | Cisco Technology, Inc. | Methods and apparatus for redirecting network traffic |
JP3494610B2 (en) | 2000-02-28 | 2004-02-09 | 富士通株式会社 | IP router device with TCP termination function and medium |
US6466937B1 (en) | 2000-03-10 | 2002-10-15 | Aether Systems, Inc. | System, method and apparatus for utilizing transaction databases in a client-server environment |
US7343413B2 (en) | 2000-03-21 | 2008-03-11 | F5 Networks, Inc. | Method and system for optimizing a network by independently scaling control segments and data flow |
US6779039B1 (en) | 2000-03-31 | 2004-08-17 | Avaya Technology Corp. | System and method for routing message traffic using a cluster of routers sharing a single logical IP address distinct from unique IP addresses of the routers |
US6798777B1 (en) | 2000-04-17 | 2004-09-28 | Juniper Networks, Inc. | Filtering and route lookup in a switching device |
US6987763B2 (en) | 2000-05-04 | 2006-01-17 | Comverse Ltd. | Load balancing |
US6434081B1 (en) | 2000-05-12 | 2002-08-13 | Micron Technology, Inc. | Calibration technique for memory devices |
US6957272B2 (en) | 2000-05-24 | 2005-10-18 | Alcatel Internetworking (Pe), Inc. | Stackable lookup engines |
US7089301B1 (en) | 2000-08-11 | 2006-08-08 | Napster, Inc. | System and method for searching peer-to-peer computer networks by selecting a computer based on at least a number of files shared by the computer |
GB2366406A (en) | 2000-09-01 | 2002-03-06 | Ncr Int Inc | Downloading and uploading data in information networks |
US20070192863A1 (en) | 2005-07-01 | 2007-08-16 | Harsh Kapoor | Systems and methods for processing data flows |
US7139792B1 (en) | 2000-09-29 | 2006-11-21 | Intel Corporation | Mechanism for locking client requests to a particular server |
US7007092B2 (en) | 2000-10-05 | 2006-02-28 | Juniper Networks, Inc. | Connection management system and method |
US7801978B1 (en) | 2000-10-18 | 2010-09-21 | Citrix Systems, Inc. | Apparatus, method and computer program product for efficiently pooling connections between clients and servers |
US6975592B1 (en) | 2000-11-22 | 2005-12-13 | Nortel Networks Limited | Configurable rule-engine for layer-7 and traffic characteristic-based classification |
US6928082B2 (en) | 2001-03-28 | 2005-08-09 | Innomedia Pte Ltd | System and method for determining a connectionless communication path for communicating audio data through an address and port translation device |
AU2002307015A1 (en) | 2001-03-27 | 2002-10-08 | Microsoft Corporation | Distributed, scalable cryptographic access control |
US20020161913A1 (en) | 2001-04-30 | 2002-10-31 | Manuel Gonzalez | System and method for performing a download |
US7113993B1 (en) | 2001-06-20 | 2006-09-26 | Microstrategy, Inc. | Technique for handling server session requests in a system having a plurality of servers |
US6654701B2 (en) | 2001-08-30 | 2003-11-25 | Spirent Communications | Method and apparatus for measuring protocol performance in a data communication network |
EP1300991A1 (en) | 2001-10-02 | 2003-04-09 | Lucent Technologies Inc. | A method for filtering redundant data packets |
JP3898498B2 (en) | 2001-12-06 | 2007-03-28 | 富士通株式会社 | Server load balancing system |
US20030145062A1 (en) | 2002-01-14 | 2003-07-31 | Dipanshu Sharma | Data conversion server for voice browsing system |
US7558197B1 (en) | 2002-01-17 | 2009-07-07 | Juniper Networks, Inc. | Dequeuing and congestion control systems and methods |
US8090816B1 (en) * | 2002-02-07 | 2012-01-03 | Mcafee, Inc. | System and method for real-time triggered event upload |
US7321926B1 (en) | 2002-02-11 | 2008-01-22 | Extreme Networks | Method of and system for allocating resources to resource requests |
DE10213165B3 (en) | 2002-03-23 | 2004-01-29 | Daimlerchrysler Ag | Method and device for taking over data |
US7249262B2 (en) | 2002-05-06 | 2007-07-24 | Browserkey, Inc. | Method for restricting access to a web site by remote users |
US7490162B1 (en) | 2002-05-15 | 2009-02-10 | F5 Networks, Inc. | Method and system for forwarding messages received at a traffic manager |
US7490187B2 (en) | 2002-05-15 | 2009-02-10 | Broadcom Corporation | Hypertransport/SPI-4 interface supporting configurable deskewing |
US7430169B2 (en) | 2002-06-03 | 2008-09-30 | International Business Machines Corporation | Retro flow control for arriving traffic in computer networks |
US7331062B2 (en) * | 2002-08-30 | 2008-02-12 | Symantec Corporation | Method, computer software, and system for providing end to end security protection of an online transaction |
CN1729660B (en) | 2002-10-17 | 2011-06-08 | 松下电器产业株式会社 | Packet transmission/reception device |
US7308703B2 (en) | 2002-12-18 | 2007-12-11 | Novell, Inc. | Protection of data accessible by a mobile device |
US7287082B1 (en) | 2003-03-03 | 2007-10-23 | Cisco Technology, Inc. | System using idle connection metric indicating a value based on connection characteristic for performing connection drop sequence |
US20040225877A1 (en) * | 2003-05-09 | 2004-11-11 | Zezhen Huang | Method and system for protecting computer system from malicious software operation |
US7636917B2 (en) | 2003-06-30 | 2009-12-22 | Microsoft Corporation | Network load balancing with host status information |
US7606929B2 (en) | 2003-06-30 | 2009-10-20 | Microsoft Corporation | Network load balancing with connection manipulation |
US7590736B2 (en) | 2003-06-30 | 2009-09-15 | Microsoft Corporation | Flexible network load balancing |
JP4336858B2 (en) | 2003-07-02 | 2009-09-30 | 日本電気株式会社 | Policy processing system, policy processing method, and policy processing program |
US7526541B2 (en) | 2003-07-29 | 2009-04-28 | Enterasys Networks, Inc. | System and method for dynamic network policy management |
KR100497725B1 (en) | 2003-08-22 | 2005-06-23 | 삼성전자주식회사 | Apparatus and method for processing signal for display |
US7644730B2 (en) | 2003-09-23 | 2010-01-12 | Reck Michael E | Method for isolating an appliance in a plumbing system |
US7333999B1 (en) | 2003-10-30 | 2008-02-19 | Arcsight, Inc. | Expression editor |
US20050122977A1 (en) | 2003-12-05 | 2005-06-09 | Microsoft Corporation | Efficient download mechanism for devices with limited local storage |
US20050144441A1 (en) | 2003-12-31 | 2005-06-30 | Priya Govindarajan | Presence validation to assist in protecting against Denial of Service (DOS) attacks |
US7836261B2 (en) | 2004-01-12 | 2010-11-16 | International Business Machines Corporation | Managing caching of data on a client |
JP4706262B2 (en) | 2004-05-21 | 2011-06-22 | 日本電気株式会社 | Access control system, access control method, and access control program |
US9436820B1 (en) * | 2004-08-02 | 2016-09-06 | Cisco Technology, Inc. | Controlling access to resources in a network |
US20090094671A1 (en) * | 2004-08-13 | 2009-04-09 | Sipera Systems, Inc. | System, Method and Apparatus for Providing Security in an IP-Based End User Device |
US7422115B2 (en) | 2004-09-07 | 2008-09-09 | Iconix, Inc. | Techniques for to defeat phishing |
US20060059267A1 (en) | 2004-09-13 | 2006-03-16 | Nokia Corporation | System, method, and device for downloading content using a second transport protocol within a generic content download protocol |
US20060075494A1 (en) * | 2004-10-01 | 2006-04-06 | Bertman Justin R | Method and system for analyzing data for potential malware |
IL165416A0 (en) | 2004-11-28 | 2006-01-15 | Objective data regarding network resources | |
US8117659B2 (en) * | 2005-12-28 | 2012-02-14 | Microsoft Corporation | Malicious code infection cause-and-effect analysis |
US8291065B2 (en) | 2004-12-02 | 2012-10-16 | Microsoft Corporation | Phishing detection, prevention, and notification |
US7500269B2 (en) | 2005-01-07 | 2009-03-03 | Cisco Technology, Inc. | Remote access to local content using transcryption of digital rights management schemes |
US7555484B2 (en) | 2005-01-19 | 2009-06-30 | Microsoft Corporation | Load balancing based on cache content |
US20060171365A1 (en) | 2005-02-02 | 2006-08-03 | Utstarcom, Inc. | Method and apparatus for L2TP dialout and tunnel switching |
US7412618B2 (en) | 2005-02-11 | 2008-08-12 | International Business Machines Corporation | Combined alignment scrambler function for elastic interface |
US7693050B2 (en) | 2005-04-14 | 2010-04-06 | Microsoft Corporation | Stateless, affinity-preserving load balancing |
JP4241660B2 (en) | 2005-04-25 | 2009-03-18 | 株式会社日立製作所 | Load balancer |
US7562304B2 (en) | 2005-05-03 | 2009-07-14 | Mcafee, Inc. | Indicating website reputations during website manipulation of user information |
US20060259967A1 (en) * | 2005-05-13 | 2006-11-16 | Microsoft Corporation | Proactively protecting computers in a networking environment from malware |
US7949766B2 (en) | 2005-06-22 | 2011-05-24 | Cisco Technology, Inc. | Offload stack for network, block and file input and output |
US7681234B2 (en) * | 2005-06-30 | 2010-03-16 | Microsoft Corporation | Preventing phishing attacks |
US8909782B2 (en) | 2005-07-13 | 2014-12-09 | International Business Machines Corporation | Method and system for dynamically rebalancing client sessions within a cluster of servers connected to a network |
US7299309B2 (en) | 2005-07-14 | 2007-11-20 | Vetra Systems Corporation | Method and apparatus for protocol and code converter |
US8239939B2 (en) * | 2005-07-15 | 2012-08-07 | Microsoft Corporation | Browser protection module |
US8112799B1 (en) * | 2005-08-24 | 2012-02-07 | Symantec Corporation | Method, system, and computer program product for avoiding cross-site scripting attacks |
WO2007025279A2 (en) * | 2005-08-25 | 2007-03-01 | Fortify Software, Inc. | Apparatus and method for analyzing and supplementing a program to provide security |
KR100715674B1 (en) | 2005-09-15 | 2007-05-09 | 한국전자통신연구원 | Load balancing method and software steaming system using the same |
KR20070032885A (en) | 2005-09-20 | 2007-03-23 | 엘지전자 주식회사 | Security system and method for ubiquitous networks |
US8121146B2 (en) | 2005-09-21 | 2012-02-21 | Intel Corporation | Method, apparatus and system for maintaining mobility resistant IP tunnels using a mobile router |
US7552199B2 (en) * | 2005-09-22 | 2009-06-23 | International Business Machines Corporation | Method for automatic skill-gap evaluation |
US7712132B1 (en) * | 2005-10-06 | 2010-05-04 | Ogilvie John W | Detecting surreptitious spyware |
US7353332B2 (en) | 2005-10-11 | 2008-04-01 | Integrated Device Technology, Inc. | Switching circuit implementing variable string matching |
US8112789B2 (en) | 2005-10-11 | 2012-02-07 | Citrix Systems, Inc. | Systems and methods for facilitating distributed authentication |
US8079080B2 (en) * | 2005-10-21 | 2011-12-13 | Mathew R. Syrowik | Method, system and computer program product for detecting security threats in a computer network |
US20070208751A1 (en) * | 2005-11-22 | 2007-09-06 | David Cowan | Personalized content control |
US20070124283A1 (en) * | 2005-11-28 | 2007-05-31 | Gotts John W | Search engine with community feedback system |
US20070143851A1 (en) * | 2005-12-21 | 2007-06-21 | Fiberlink | Method and systems for controlling access to computing resources based on known security vulnerabilities |
US20070156592A1 (en) * | 2005-12-22 | 2007-07-05 | Reality Enhancement Pty Ltd | Secure authentication method and system |
US8677499B2 (en) | 2005-12-29 | 2014-03-18 | Nextlabs, Inc. | Enforcing access control policies on servers in an information management system |
US7788730B2 (en) * | 2006-01-17 | 2010-08-31 | International Business Machines Corporation | Secure bytecode instrumentation facility |
US7721333B2 (en) * | 2006-01-18 | 2010-05-18 | Webroot Software, Inc. | Method and system for detecting a keylogger on a computer |
US7757290B2 (en) * | 2006-01-30 | 2010-07-13 | Microsoft Corporation | Bypassing software services to detect malware |
US8151323B2 (en) | 2006-04-12 | 2012-04-03 | Citrix Systems, Inc. | Systems and methods for providing levels of access and action control via an SSL VPN appliance |
US20070255953A1 (en) | 2006-04-28 | 2007-11-01 | Plastyc Inc. | Authentication method and apparatus between an internet site and on-line customers using customer-specific streamed audio or video signals |
WO2007137353A1 (en) * | 2006-05-29 | 2007-12-06 | Symbiotic Technologies Pty Ltd | Communications security system |
US7945563B2 (en) * | 2006-06-16 | 2011-05-17 | Yahoo! Inc. | Search early warning |
KR100780952B1 (en) | 2006-06-27 | 2007-12-03 | 삼성전자주식회사 | Appratus and method for deskew, and data receiving apparatus and method by using them |
US8776166B1 (en) * | 2006-07-17 | 2014-07-08 | Juniper Networks, Inc. | Plug-in based policy evaluation |
US8423762B2 (en) | 2006-07-25 | 2013-04-16 | Northrop Grumman Systems Corporation | Common access card heterogeneous (CACHET) system and method |
US8578481B2 (en) * | 2006-10-16 | 2013-11-05 | Red Hat, Inc. | Method and system for determining a probability of entry of a counterfeit domain in a browser |
US9444839B1 (en) * | 2006-10-17 | 2016-09-13 | Threatmetrix Pty Ltd | Method and system for uniquely identifying a user computer in real time for security violations using a plurality of processing parameters and servers |
US20080148340A1 (en) | 2006-10-31 | 2008-06-19 | Mci, Llc. | Method and system for providing network enforced access control |
CN101453339B (en) | 2006-11-20 | 2011-11-30 | 华为技术有限公司 | System for network fusion policy charging control architecture and processing method |
US9055107B2 (en) | 2006-12-01 | 2015-06-09 | Microsoft Technology Licensing, Llc | Authentication delegation based on re-verification of cryptographic evidence |
US7890692B2 (en) | 2007-08-17 | 2011-02-15 | Pandya Ashish A | FSA context switch architecture for programmable intelligent search memory |
US7752313B2 (en) * | 2007-02-21 | 2010-07-06 | The Go Daddy Group, Inc. | Partner web site to assist in offering applications to a web hosting community |
JP2008205988A (en) | 2007-02-22 | 2008-09-04 | Hitachi Ltd | Data communication system and session management server |
US20080208957A1 (en) * | 2007-02-28 | 2008-08-28 | Microsoft Corporation | Quarantine Over Remote Desktop Protocol |
EP1970835A1 (en) * | 2007-03-15 | 2008-09-17 | Lucent Technologies Inc. | Method and apparatus for secure web browsing |
WO2008114245A2 (en) * | 2007-03-21 | 2008-09-25 | Site Protege Information Security Technologies Ltd | System and method for identification, prevention and management of web-sites defacement attacks |
US8185740B2 (en) | 2007-03-26 | 2012-05-22 | Microsoft Corporation | Consumer computer health validation |
US7827311B2 (en) * | 2007-05-09 | 2010-11-02 | Symantec Corporation | Client side protection against drive-by pharming via referrer checking |
US8205255B2 (en) | 2007-05-14 | 2012-06-19 | Cisco Technology, Inc. | Anti-content spoofing (ACS) |
US7966553B2 (en) * | 2007-06-07 | 2011-06-21 | Microsoft Corporation | Accessible content reputation lookup |
US8181246B2 (en) * | 2007-06-20 | 2012-05-15 | Imperva, Inc. | System and method for preventing web frauds committed using client-scripting attacks |
MX2010001549A (en) * | 2007-08-06 | 2010-09-07 | Bernard De Monseignat | System and method for authentication, data transfer, and protection against phishing. |
US20090064337A1 (en) * | 2007-09-05 | 2009-03-05 | Shih-Wei Chien | Method and apparatus for preventing web page attacks |
HUE044989T2 (en) | 2007-09-07 | 2019-12-30 | Dis Ent Llc | Software based multi-channel polymorphic data obfuscation |
US7916728B1 (en) | 2007-09-28 | 2011-03-29 | F5 Networks, Inc. | Lockless atomic table update |
US20090119769A1 (en) * | 2007-11-05 | 2009-05-07 | Microsoft Corporation | Cross-site scripting filter |
US8677141B2 (en) * | 2007-11-23 | 2014-03-18 | Microsoft Corporation | Enhanced security and performance of web applications |
US20090182818A1 (en) * | 2008-01-11 | 2009-07-16 | Fortinet, Inc. A Delaware Corporation | Heuristic detection of probable misspelled addresses in electronic communications |
US8578482B1 (en) * | 2008-01-11 | 2013-11-05 | Trend Micro Inc. | Cross-site script detection and prevention |
US8601586B1 (en) * | 2008-03-24 | 2013-12-03 | Google Inc. | Method and system for detecting web application vulnerabilities |
US8185956B1 (en) * | 2008-03-31 | 2012-05-22 | Symantec Corporation | Real-time website safety reputation system |
EP2263348B1 (en) | 2008-04-07 | 2018-06-27 | Melih Abdulhayoglu | Method and system for displaying verification information indicators for a non-secure website |
US8316445B2 (en) * | 2008-04-23 | 2012-11-20 | Trusted Knight Corporation | System and method for protecting against malware utilizing key loggers |
US8584233B1 (en) * | 2008-05-05 | 2013-11-12 | Trend Micro Inc. | Providing malware-free web content to end users using dynamic templates |
US8356345B2 (en) * | 2008-06-03 | 2013-01-15 | International Business Machines Corporation | Constructing a secure internet transaction |
US8356352B1 (en) * | 2008-06-16 | 2013-01-15 | Symantec Corporation | Security scanner for user-generated web content |
US8306036B1 (en) | 2008-06-20 | 2012-11-06 | F5 Networks, Inc. | Methods and systems for hierarchical resource allocation through bookmark allocation |
MY154409A (en) * | 2008-07-21 | 2015-06-15 | Secure Corp M Sdn Bhd F | Website content regulation |
US8769681B1 (en) | 2008-08-11 | 2014-07-01 | F5 Networks, Inc. | Methods and system for DMA based distributed denial of service protection |
US20100058479A1 (en) * | 2008-09-03 | 2010-03-04 | Alcatel-Lucent | Method and system for combating malware with keystroke logging functionality |
US8522010B2 (en) | 2008-10-20 | 2013-08-27 | Microsoft Corporation | Providing remote user authentication |
US8347386B2 (en) | 2008-10-21 | 2013-01-01 | Lookout, Inc. | System and method for server-coupled malware prevention |
US20100106767A1 (en) * | 2008-10-24 | 2010-04-29 | Microsoft Corporation | Automatically securing distributed applications |
TWI389536B (en) | 2008-11-07 | 2013-03-11 | Ind Tech Res Inst | Access control system and method based on hierarchical key, and authentication key exchange thereof |
US8447884B1 (en) | 2008-12-01 | 2013-05-21 | F5 Networks, Inc. | Methods for mapping virtual addresses to physical addresses in a network device and systems thereof |
FR2939993B1 (en) | 2008-12-12 | 2010-12-17 | Canon Kk | METHOD FOR TRANSMITTING A MULTI-CHANNEL DATA STREAM ON A MULTI-TRANSPORT TUNNEL, COMPUTER PROGRAM PRODUCT, STORAGE MEDIUM, AND CORRESPONDING TUNNEL HEADS |
US8762517B2 (en) * | 2008-12-30 | 2014-06-24 | Comcast Cable Communications, Llc | System and method for managing a broadband network |
US8103809B1 (en) | 2009-01-16 | 2012-01-24 | F5 Networks, Inc. | Network devices with multiple direct memory access channels and methods thereof |
US8880632B1 (en) | 2009-01-16 | 2014-11-04 | F5 Networks, Inc. | Method and apparatus for performing multiple DMA channel based network quality of service |
US8880696B1 (en) | 2009-01-16 | 2014-11-04 | F5 Networks, Inc. | Methods for sharing bandwidth across a packetized bus and systems thereof |
US8112491B1 (en) | 2009-01-16 | 2012-02-07 | F5 Networks, Inc. | Methods and systems for providing direct DMA |
US20100205215A1 (en) * | 2009-02-11 | 2010-08-12 | Cook Robert W | Systems and methods for enforcing policies to block search engine queries for web-based proxy sites |
CN102341808A (en) | 2009-03-04 | 2012-02-01 | 皇家飞利浦电子股份有限公司 | Specifying an access control policy |
US8910251B2 (en) * | 2009-03-06 | 2014-12-09 | Facebook, Inc. | Using social information for authenticating a user session |
US20100251330A1 (en) | 2009-03-12 | 2010-09-30 | Kroeselberg Dirk | Optimized relaying of secure network entry of small base stations and access points |
US8291497B1 (en) * | 2009-03-20 | 2012-10-16 | Symantec Corporation | Systems and methods for byte-level context diversity-based automatic malware signature generation |
US8788809B2 (en) | 2009-04-27 | 2014-07-22 | Qualcomm Incorporated | Method and apparatus to create a secure web-browsing environment with privilege signing |
US8769695B2 (en) * | 2009-04-30 | 2014-07-01 | Bank Of America Corporation | Phish probability scoring model |
US8026422B2 (en) | 2009-05-04 | 2011-09-27 | Stine Seed Farm, Inc. | Soybean cultivar 84134405 |
US8301837B1 (en) | 2009-05-19 | 2012-10-30 | F5 Networks, Inc. | Methods for providing a response and systems thereof |
US8752180B2 (en) * | 2009-05-26 | 2014-06-10 | Symantec Corporation | Behavioral engine for identifying patterns of confidential data use |
US8438642B2 (en) * | 2009-06-05 | 2013-05-07 | At&T Intellectual Property I, L.P. | Method of detecting potential phishing by analyzing universal resource locators |
US8578026B2 (en) | 2009-06-22 | 2013-11-05 | Citrix Systems, Inc. | Systems and methods for handling limit parameters for a multi-core system |
US8918866B2 (en) * | 2009-06-29 | 2014-12-23 | International Business Machines Corporation | Adaptive rule loading and session control for securing network delivered services |
US9313047B2 (en) | 2009-11-06 | 2016-04-12 | F5 Networks, Inc. | Handling high throughput and low latency network data packets in a traffic management device |
US9634993B2 (en) | 2010-04-01 | 2017-04-25 | Cloudflare, Inc. | Internet-based proxy service to modify internet responses |
US9141625B1 (en) | 2010-06-22 | 2015-09-22 | F5 Networks, Inc. | Methods for preserving flow state during virtual machine migration and devices thereof |
US8347100B1 (en) | 2010-07-14 | 2013-01-01 | F5 Networks, Inc. | Methods for DNSSEC proxying and deployment amelioration and systems thereof |
US9083760B1 (en) | 2010-08-09 | 2015-07-14 | F5 Networks, Inc. | Dynamic cloning and reservation of detached idle connections |
US8886981B1 (en) | 2010-09-15 | 2014-11-11 | F5 Networks, Inc. | Systems and methods for idle driven scheduling |
US9106699B2 (en) | 2010-11-04 | 2015-08-11 | F5 Networks, Inc. | Methods for handling requests between different resource record types and systems thereof |
US20120174196A1 (en) | 2010-12-30 | 2012-07-05 | Suresh Bhogavilli | Active validation for ddos and ssl ddos attacks |
US8695095B2 (en) * | 2011-03-11 | 2014-04-08 | At&T Intellectual Property I, L.P. | Mobile malicious software mitigation |
US9246819B1 (en) | 2011-06-20 | 2016-01-26 | F5 Networks, Inc. | System and method for performing message-based load balancing |
US9843554B2 (en) | 2012-02-15 | 2017-12-12 | F5 Networks, Inc. | Methods for dynamic DNS implementation and systems thereof |
US9231879B1 (en) | 2012-02-20 | 2016-01-05 | F5 Networks, Inc. | Methods for policy-based network traffic queue management and devices thereof |
US9020912B1 (en) | 2012-02-20 | 2015-04-28 | F5 Networks, Inc. | Methods for accessing data in a compressed file system and devices thereof |
US9864606B2 (en) | 2013-09-05 | 2018-01-09 | F5 Networks, Inc. | Methods for configurable hardware logic device reloading and devices thereof |
US9392018B2 (en) | 2013-09-30 | 2016-07-12 | Juniper Networks, Inc | Limiting the efficacy of a denial of service attack by increasing client resource demands |
US9294502B1 (en) | 2013-12-06 | 2016-03-22 | Radware, Ltd. | Method and system for detection of malicious bots |
-
2009
- 2009-09-23 US US12/565,088 patent/US10157280B2/en active Active
-
2013
- 2013-05-16 US US13/895,384 patent/US20130254530A1/en not_active Abandoned
- 2013-05-16 US US13/895,386 patent/US20130254888A1/en not_active Abandoned
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6223287B1 (en) * | 1998-07-24 | 2001-04-24 | International Business Machines Corporation | Method for establishing a secured communication channel over the internet |
US6535912B1 (en) * | 1999-08-31 | 2003-03-18 | Lucent Technologies Inc. | Method for creating and playing back a smart bookmark that automatically retrieves a requested Web page through a plurality of intermediate Web pages |
US7757278B2 (en) * | 2001-01-04 | 2010-07-13 | Safenet, Inc. | Method and apparatus for transparent encryption |
US20050188051A1 (en) * | 2003-12-19 | 2005-08-25 | Iftah Sneh | System and method for providing offline web application, page, and form access in a networked environment |
US20060005017A1 (en) * | 2004-06-22 | 2006-01-05 | Black Alistair D | Method and apparatus for recognition and real time encryption of sensitive terms in documents |
US20070039050A1 (en) * | 2005-08-15 | 2007-02-15 | Vladimir Aksenov | Web-based data collection using data collection devices |
US20090172396A1 (en) * | 2007-12-31 | 2009-07-02 | Intel Corporation | Secure input |
US20090319769A1 (en) * | 2008-05-21 | 2009-12-24 | Apple Inc. | Discrete key generation method and apparatus |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10958682B2 (en) | 2011-09-21 | 2021-03-23 | SunStone Information Defense Inc. | Methods and apparatus for varying soft information related to the display of hard information |
US11283833B2 (en) | 2011-09-21 | 2022-03-22 | SunStone Information Defense Inc. | Methods and apparatus for detecting a presence of a malicious application |
US11943255B2 (en) | 2011-09-21 | 2024-03-26 | SunStone Information Defense, Inc. | Methods and apparatus for detecting a presence of a malicious application |
US9521164B1 (en) * | 2014-01-15 | 2016-12-13 | Frank Angiolelli | Computerized system and method for detecting fraudulent or malicious enterprises |
CN107209830A (en) * | 2014-11-13 | 2017-09-26 | 克丽夫有限公司 | Method for recognizing and resisting network attack |
US10356125B2 (en) | 2017-05-26 | 2019-07-16 | Vade Secure, Inc. | Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks |
US10673896B2 (en) | 2017-05-26 | 2020-06-02 | Vade Secure Inc. | Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks |
Also Published As
Publication number | Publication date |
---|---|
US20130254888A1 (en) | 2013-09-26 |
US10157280B2 (en) | 2018-12-18 |
US20110072262A1 (en) | 2011-03-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10157280B2 (en) | System and method for identifying security breach attempts of a website | |
EP2147390B1 (en) | Detection of adversaries through collection and correlation of assessments | |
EP2156361B1 (en) | Reduction of false positive reputations through collection of overrides from customer deployments | |
Sinha et al. | Information Security threats and attacks with conceivable counteraction | |
US20200137026A1 (en) | Techniques for securely detecting compromises of enterprise end stations utilizing tunnel tokens | |
Giani et al. | Data exfiltration and covert channels | |
Badra et al. | Phishing attacks and solutions | |
Livingood et al. | Recommendations for the Remediation of Bots in ISP Networks | |
US20230336524A1 (en) | In-line detection of algorithmically generated domains | |
US11882112B2 (en) | Information security system and method for phishing threat prevention using tokens | |
US20210314355A1 (en) | Mitigating phishing attempts | |
Hudaib et al. | DNS advanced attacks and analysis | |
Usman Aijaz et al. | Survey on DNS-specific security issues and solution approaches | |
Singh et al. | A survey on phishing and anti-phishing techniques | |
Shah et al. | TCP/IP network protocols—Security threats, flaws and defense methods | |
Daniel et al. | Panoramic view of cloud storage security attacks: an insight and security approaches | |
Narula et al. | Novel Defending and Prevention Technique for Man‐in‐the‐Middle Attacks in Cyber‐Physical Networks | |
Sood et al. | Dynamic identity‐based single password anti‐phishing protocol | |
Orucho et al. | Security threats affecting user-data on transit in mobile banking applications: A review | |
Sood | Phishing Attacks: A Challenge Ahead | |
Ganapathy | Virtual Dispersive Network in the Prevention of Third Party Interception: A Way of Dealing with Cyber Threat | |
Kim et al. | Hash-Based Password Authentication Protocol Against Phishing and Pharming Attacks. | |
Kamal | Analysis of increasing hacking and cracking techniques | |
Sarvepalli | Designing Network Security Labs | |
Disha et al. | Phishing & Anti-Phishing: A Review |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: F5 NETWORKS, INC., WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:VERSAFE LTD.;REEL/FRAME:031661/0526 Effective date: 20131120 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |