WO2005091107A1 - Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant - Google Patents
Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant Download PDFInfo
- Publication number
- WO2005091107A1 WO2005091107A1 PCT/GB2005/000978 GB2005000978W WO2005091107A1 WO 2005091107 A1 WO2005091107 A1 WO 2005091107A1 GB 2005000978 W GB2005000978 W GB 2005000978W WO 2005091107 A1 WO2005091107 A1 WO 2005091107A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- resource locator
- security
- internet
- security information
- information
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- This invention relates to a security component for use with an Internet browser application.
- the World Wide Web is frequently used not only for informational purposes but also for commercial transactions, for example Internet shopping.
- various forms of computer crime such as theft of credit card details from e-commerce web sites, and fake or fraudulent e-mails and web sites are also becoming more widespread.
- the fraudster constructs an HTML e-mail message with forged e-mail headers indicating that the e-mail has come from the bank, and asks for the recipient to confirm their bank account username and password.
- the mail usually includes a link to a web server which opens a new window with the bank's own web site (not a copy, but the actual site), and asks for the account details in a separate window, hosted on the attacker's server.
- Phishing web sites hosted at reasonably reputable hosting companies will usually be taken down quickly once complaints arrive. Therefore, the attacker's server will often be hosted at a company which is paid to ignore complaints about the fraud; some unscrupulous hosting companies in certain countries are known to sell "bullet proof hosting" as a service, meaning that they will endeavour to keep the site running despite requests to close it down from outside of their own jurisdiction.
- the attacker's server may also be hosted on a computer that the attacker has broken into, without the owner's knowledge.
- URL encoded usernames have never been widely used, with web sites typically using authentication details such as usernames and passwords and/or cookies to administer user sessions and state, and "@" in URLs has almost exclusively been used for tricks, jokes, and fraud attempts.
- TM Microsoft's Internet Explorer
- the '%01' characters exploits the bug in Microsoft's Internet Explorer web browser, thereby obscuring the appearance of the URL.
- the encoded characters make it difficult for recipients to spot the "@" sign that gives away the concealed URL of the target web page.
- the URL the user sees displayed in the browser window will be "http://ibank.barclays.co.uk”
- the real URL of the web page being viewed is actually "http://www.newyersm.com:80/1 ogon.OO.php”.
- Internet browser applications typically display an indication of whether a web page being accessed is "secure", that is to say, whether communication between the browser and the web server is encrypted.
- the browser window of Microsoft's Internet Explorer comprises a status bar which, amongst other things, displays a lock symbol when an SSL web site is being accessed.
- this information only indicates that the communication between the browser and the server is protected. Furthermore this information can easily be missed or ignored by the user, who may not be aware of its significance.
- a user is particularly likely to fail to notice the absence of the lock symbol when visiting what appears to be a very familiar web site.
- a fake web site is implemented as an SSL site, the lock symbol would be displayed, reassuring the user into believing that the site is safe.
- the authentic web site of the financial institution is displayed, with a pop-up window requesting the relevant information.
- a security component for use with an Internet browser application which displays Internet resources in response to resource locators specifying the Internet resources, the security component being adapted to operate alongside the Internet browser application at a user terminal; the security component comprising: means for storing a plurality of resource locator patterns, each resource locator pattern matching one or more resource locators relating to Internet resources known or believed to be associated with security risks; means for receiving a resource locator from the browser application; means for comparing the received resource locator to the stored resource locator patterns; and means for providing a security alert if the received resource locator matches one of the stored resource locator patterns.
- the Internet browser application may, for example, be a web browser for browsing the World Wide Web.
- the term "Internet resources" preferably includes any type of resource available on the Internet, including web pages (for example in HTML format), and other document and media files, such as audio and video data files.
- Resource locators may, for example, be in the form of Uniform Resource Locators (URL). Resource locators may also be in the form of encoded representations of URLs. For example, part or all of the URL may be encoded as a check sum or hash code.
- the resource locators are preferably character strings and the resource locator patterns are preferably character patterns. Character patterns preferably specify characters or character sequences, and a character pattern is preferably considered to match resource locators which include those characters or character sequences.
- the security component is preferably adapted to process a pattern comprising one or more wildcards or placeholders.
- a wildcard or placeholder may, for example, be used to match a pattern to a resource locator which includes an arbitrary character or character sequence in place of the wildcard or placeholder. This can allow for greater flexibility in specifying resource locators to which access is to be restricted, and can also allow resource locators containing unusual or suspicious characters to be identified, leading to improved security.
- the component preferably further comprises means for transmitting a representation of the resource locator to a security information server, and means for receiving security information relating to the resource locator from the security information server. This can provide a more flexible way of obtaining security information relating to a resource locator.
- the representation of the resource locator may simply be the resource locator itself, or may be an encoding of the resource locator, comprising, for example, a check sum or hash code of some or all of the resource locator.
- the security information may suitably comprise a risk rating and/or IP registration information. In this way, suspicious resources can be more easily identified.
- the alerting means may be adapted to prevent the Internet browser application from displaying the Internet resource specified by the resource locator.
- a security component for use with an Internet browser application which displays Internet resources in response to resource locators specifying the Internet resources; the security component comprising means for receiving a resource locator from the browser application; means for transmitting a representation of the resource locator to a remote server; means for receiving IP registration information relating to the resource locator from the remote server; and means for displaying the IP registration information.
- a security information server comprising: a database of security information relating to Internet locations; means for receiving a security information request comprising a representation of a resource locator from a user terminal; means for retrieving security information relating to the resource locator from the database; and means for transmitting the security information to the user terminal.
- Internet location preferably refers to an Internet domain, sub-domain or host, to an IP address, to an Internet page or Internet site, or to any other suitable Internet information source unit.
- the database may be adapted to store a plurality of resource locator patterns, each resource locator pattern matching one or more resource locators relating to Internet resources known or believed to be associated with security risks, the security information server preferably further comprising means for receiving pattern version information from a user terminal specifying the version of a local copy of the resource locator patterns held at the user terminal, and means for transmitting pattern update information to the user terminal in dependence on the version information to update the local copy of the resource locator patterns.
- the security information server preferably further comprising means for receiving pattern version information from a user terminal specifying the version of a local copy of the resource locator patterns held at the user terminal, and means for transmitting pattern update information to the user terminal in dependence on the version information to update the local copy of the resource locator patterns.
- the security information server preferably further comprises means for receiving an indication of a suspected security risk relating to a specified resource locator from a user terminal; and means for adding a resource locator pattern matching the specified resource locator to the stored resource locator patterns.
- the database is preferably adapted to store information relating to suspected security vulnerabilities associated with an Internet location. This can enable a more accurate assessment of the security of an Internet location. For the same reason, the database is preferably adapted to store registration information relating to a plurality of IP addresses, and the retrieving means is adapted to retrieve registration information relating to an IP address associated with the received resource locator representation.
- a method of providing security information to a user accessing via the Internet accounts for holding or managing money or other tokens of value comprising: storing domain names and/or IP address information relating to trusted Internet sites providing access to such accounts; receiving a resource locator specifying an Internet resource requested by the user; determining whether the resource locator relates to a trusted Internet site by comparing a domain name or IP address associated with the resource locator to the stored domain names and/or IP address information; and outputting a corresponding indication to the user if it is determined that the resource locator does relate to a trusted Internet site.
- the invention also provides a plug-in or toolbar for an Internet browser application comprising a security component as described herein and/or adapted to carry out a method as described herein.
- the invention also provides a computer program and a computer program product for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein, and a computer readable medium having stored thereon a program for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein.
- the invention also provides a signal embodying a computer program for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein, a method of transmitting such a signal, and a computer product having an operating system which supports a computer program for carrying out any of the methods described herein and/or for embodying any of the apparatus features described herein.
- the invention extends to methods and/or apparatus substantially as herein described with reference to the accompanying drawings. Any feature in one aspect of the invention may be applied to other aspects of the invention, in any appropriate combination. In particular, method aspects may be applied to apparatus aspects, and vice versa. Furthermore, features implemented in hardware may generally be implemented in software, and vice versa. Any reference to software and hardware features herein should be construed accordingly.
- FIG. 1 gives an overview of the architecture of a security system
- Figure 2 illustrates the security system of Figure 1 in greater detail
- Figure 3 is a simplified representation of the visual appearance of a web browser window using a security toolbar
- Figure 4 is a simplified representation of the visual appearance of the security toolbar of Figure 3
- Figure 5 is a flow diagram illustrating the processing performed by the security toolbar
- Figure 6 is a flow diagram illustrating the processing performed by a security information server.
- the proposed security system takes the form of an extensible and adaptive web based database system. It is intended to defeat a popular form of fraudulent attack on web based banking systems, and also provide significant ancillary benefits in the form of additional security, an Internet-wide community or neighbourhood watch scheme, and considerably enhanced marketing opportunities.
- the security system is illustrated in overview in Figure 1.
- a plurality of user terminals 10 (for example, general purpose personal computers) are connected to a network 16, in the present example the Internet, through which they can access a variety of information.
- An Internet browser application 12 (also referred to simply as a web browser) is provided on each terminal to manage the access to the resources available through the Internet, in particular via the World-Wide Web.
- a security information server 18 is also connected to the Internet.
- the security component 14 interacts with the web browser to provide security information to the user of the browser regarding web sites visited by the user.
- the security component 14 performs a number of checks on any URL (Uniform Resource Locator) entered by the user. Firstly, the component 14 performs local checks to determine whether a URL matches certain criteria. Secondly, the component carries out remote checks by communicating with the security information server 18 via the Internet 16.
- the security information server 18 stores information relating to the security of web sites on the Internet, which can be sent to the security component 14 on request. This information includes a blacklist of URLs or web sites which are known to have security risks associated with them, for example because they are involved in known phishing attacks. A local copy of this blacklist is held by the security component 14.
- the security component 14 can provide security information to security information server 18, in particular by reporting web sites that the user considers to be suspicious. Such user feedback is stored in the database and is then available to other users of the system.
- the security component 14 comprises a toolbar which can be integrated into the web browser application 12.
- Toolbars are software components which provide a grouping of user interface features such as selection boxes, input fields and buttons, along with associated functionality. Toolbars can be provided as add-in components (also called "plug-ins”) to existing software applications to enhance the applications' functionality.
- TM Netscape Navigator
- TM Microsoft Internet Explorer
- toolbars available for Microsoft Internet Explorer (TM) include the Alexa toolbar (developed by Alexa Internet) and the Google toolbar (provided by Google, Inc.).
- the toolbar provides both local and remote checking of URLs requested by the user. Local checking involves determining whether the URL conforms to certain criteria, either by corresponding to a particular character pattern or by appearing in the local copy of the blacklist listing web sites associated with known risks. In particular, the local checks involve detecting suspicious characters or character patterns which might indicate that the URL is associated with some kind of fraud attempt.
- the "@" and "%01" characters discussed above are examples of such characters.
- the toolbar can trap these suspicious URLs, and highlight them as dangerous. It can further report such URLs to a central database managed by the security information server 18, from where they can in turn be reported to the bank and hosting locations as appropriate.
- the local checks further include checking the URL against a locally held blacklist of Internet addresses known or suspected to be associated with security risks such as phishing attacks. Each URL visited by a user is checked against the local copy of this blacklist. If the URL visited is one which has been reported as suspicious by other users, or which has been identified as having a security risk associated with it, it will be found in the blacklist and a suitable warning message is then displayed.
- a single character pattern matching mechanism may be provided to detect both suspicious characters and specific blacklisted URLs.
- the toolbar also communicates with the security information server 18 to obtain additional information about each URL visited by the user (for example, the hosting location of the URL) and to obtain updates to the local copy of the blacklist from a master copy stored in a central database at the server 18.
- the toolbar does not store a local copy of the blacklist. Instead, the toolbar reports each URL requested by a user to the server 18, where it is checked against the blacklist stored in the central database. If the reported URL is one which has been reported as suspicious by other users, this is immediately reported back to the toolbar to enable a warning message to be displayed.
- the toolbar also provides a feedback mechanism with which users can report web sites which are considered suspicious to the security information server. These web sites can then be added to the central copy of the blacklist. Through periodic updates of locally held copies of the blacklist, individual toolbars are then made aware of this new security risk.
- phishing attacks are usually carried out on a large scale (that is, the attackers will typically send many thousands or even millions of e-mails in the expectation that some will reach customers of the bank), means that the chance of a fraudulent web site being reported quickly is increased, which in turn expedites reporting of the fraud attempt to the bank or other organisation, its customers, and hosting locations.
- the system comprises two main components: a security component that resides on each user computer and is active whenever the user is browsing the web using web browsing software (implemented, in the present example, as a toolbar) and a security information server including a database, which must be able to respond quickly to large numbers of requests as each of the system's users moves around the worldwide web.
- a security component that resides on each user computer and is active whenever the user is browsing the web using web browsing software (implemented, in the present example, as a toolbar) and a security information server including a database, which must be able to respond quickly to large numbers of requests as each of the system's users moves around the worldwide web.
- Toolbars are typically implemented using an API (application program interface) made available by the web browser provider, and/or toolbar building toolkits available from third party suppliers.
- the toolbar may, for example, be implemented as a Browser Helper Object.
- the central server (in practice, this can comprise multiple computers, potentially spread over multiple locations; it will be referred to herein simply as the central server, as it is a logical unit of functionality) maintains information on the state of the user community and the system's knowledge about URLs and sites visited by the community. Communication between the toolbar and the central server uses the HTTP protocol, as well as the SSL protocol (which is essentially encrypted HTTP) for any information where the sensitivity merits the computational overhead of the encryption operations.
- user terminal 10 communicates with central server 18 via the Internet 16 in order to obtain security information relating to URLs visited by a user of the user terminal.
- the user terminal 10 comprises a web browser application 12, for example Microsoft Internet Explorer (TM) or Netscape Navigator (TM).
- the toolbar component 14 is associated with web browser 12 and communicates with the web browser to provide security information.
- the toolbar component 14 maintains a pattern store 22, for storing one or more character patterns used to identify suspicious URLs.
- the character patterns may, for example, specify particular characters or character sequences whose appearance in a URL may indicate a security risk.
- the character patterns are used to identify both suspicious characters (such as the "@” and "%01" characters discussed above) and entire URLs to which access is to be restricted.
- each character pattern specifies characters or character sequences, and may include wildcards. This allows greater flexibility in blocking not only specific characters and specific URLs, but also related groups of URLs. For example, a pattern such as "http://www.website.com/*". in which "*" is a wildcard, may be used to effectively block an entire website, since it will match any URL beginning with the text preceding the "*" wildcard. As a further example, in the pattern "http://*.website.com/*", the portion of the URL identifying the sub domain has been replaced by a wildcard.
- a copy of the character patterns is also maintained by the toolbar component 14 and kept up to date by a periodic update procedure.
- a user enters a URL into web browser 12 (for example by keyboard input or by clicking on a link).
- the web browser 12 passes the URL to the toolbar component 14 for checking.
- the toolbar performs both local and remote checks to obtain security information and to determine whether any security risks are associated with the URL entered.
- the toolbar component attempts to match the URL against the character patterns stored locally in pattern store 22. If the URL matches one of the stored patterns, the user is alerted by display of relevant information in the toolbar, and the toolbar instructs the browser 12 not to proceed with loading the web site specified by the URL but to display suitable warning information instead.
- the URL is thereby effectively blocked, though the user is given the opportunity to override the blocking and access the blocked site if required.
- the toolbar sends a token representing the URL via the
- the representation of the URL may simply be the URL string itself. However, for privacy reasons, it may not be desirable to report each URL in full to the security information server 18.
- the toolbar therefore transmits an encoded representation of the URL.
- the encoded representation comprises the protocol, host, domain and, if applicable, port information from the URL in clear text, together with a check sum or hash code of the remainder of the URL.
- the URL "http://www.example.com/users/private” would be transmitted to the security information server as "http://www.example.com” in clear text together with a hash code or check sum of the remainder "/users/private".
- the check sum or hash code may be generated using any suitable algorithm, such as, for example, MD5.
- Security information server 18 looks up the representation of the URL in security information database 20 and returns any relevant security information relating to that URL. This may include information regarding known vulnerabilities, information relating to the hosting location of the URL and/or information regarding a risk level associated with the URL (calculated as described below). This information is displayed by the toolbar 14. Then, if the URL is not to be blocked, the toolbar instructs the web browser 12 to load and display the requested page.
- FIG. 3 illustrates, in a simplified manner, the visual appearance of a web browser using a security toolbar as described herein.
- the web browser executing on the user terminal displays a browser window 40, including common browser interface components such as a menu bar 42, an address bar 44 for entering and displaying URLs, a browsing toolbar 46 containing buttons for standard browsing functions such as back, forward, stop and home, and a page display area 48.
- the user accesses a new web page typically either by entering a URL into address bar 44 or clicking a link in page display area 48 (other ways of selecting web pages may also be provided, for example by way of a "favourites" menu or history list).
- the web browser then fetches the web page corresponding to the URL entered and displays it in display area 48.
- the security toolbar 50 provides functions relating to URL checking and security information display.
- Figure 4 illustrates the appearance of the toolbar in more detail, again in a simplified manner and purely by way of example.
- Toolbar 50 comprises a logo display area 52 for displaying a name, logo or other indication of the toolbar provider. This may, for example, be a financial institution. In the present example, the (fictitious) name "FakeBank" is shown.
- the toolbar further comprises a button 54 for reporting a suspicious web site and a further button 56 for requesting further security information relating to a web site.
- a status display area 58 of the toolbar 50 provides a summary of the security status of the web site currently being accessed, stating whether any known security vulnerabilities are associated with the web site, giving a risk rating calculated for the web site (60), and giving the country (62) and name (64) of the company to which the IP address corresponding to the URL is registered.
- the risk rating may, for example, be displayed in a graphical representation.
- the country may, for example, be indicated by displaying a flag image.
- the toolbar may also provide further functions, for example by way of further buttons or by way of a menu accessible by right-clicking on the toolbar.
- the toolbar receives an event notification from the web browser when the user requests a new URL.
- the toolbar then performs both local and remote checking on the URL, firstly by pattern matching against locally stored character patterns and secondly by obtaining security information from the security information server.
- the security information server Upon receiving the event notification stating that a new URL has been requested, the toolbar attempts to match the URL against patterns of dangerous URLs.
- patterns are supplied to the toolbar by the security information server.
- patterns can be maintained through a general software update mechanism (as described below), or through a separate protocol of request/responses to the security information server.
- this pattern matching is performed locally on the user's computer. This can also reduce vulnerability of the whole system to failure of the security information server (for example as a result of a malicious Denial of Service attack).
- the pattern matching may also be performed centrally at the security information server, or the processing may be split, for example with the toolbar checking only for suspicious characters, and the server checking the URL against a URL blacklist. In that case, it may be sufficient for the toolbar to poll the security information server for updates to the patterns when the web browser application starts up.
- phishing attacks often involve opening the authentic web page of the bank or other organisation in the background, with the fake web page relating to the attack displayed in the style of a pop-up window in front.
- the pop-up window will usually suppress display of the menu bar, address bars and toolbars that are normally displayed in a browser window (as is usually the case for advertising pop-up windows and the like), so that the user cannot see the URL of the page being displayed and is led to assume that it, like the bank's web page behind, is authentic. Naturally, the user would also be unable to see the security toolbar in this case.
- a further feature of the toolbar is therefore that it forces display of at least the address bar and security toolbar in every browser window, including pop-up windows.
- the processing performed by the toolbar is summarised in Figure 5.
- the toolbar receives a URL from the web browser for checking.
- the toolbar compares the URL to the character patterns
- a representation of the URL is then sent to the security information server in step 108.
- This representation includes the protocol, name and port (if any) of the web site referred to by the URL as described above.
- the toolbar also sends version information identifying the version of the local copy of the URL character patterns. This may, for example, identify the date and time at which the local copy of the patterns was last updated.
- the toolbar receives a response from the security information server at step 110 in the form of security information relating to the URL.
- the security information server may also send update information relating to the local copy of the URL character patterns. This may, for example, include any patterns which have changed or have been added to the master copy of the pattern list held at the security information server since the last update, and information identifying any patterns which have been removed from the master copy of the pattern list.
- the toolbar updates its local copy of the patterns accordingly.
- the security information received from the security information server is displayed in the status display area (58) of the toolbar in step 114.
- the alerting of the user and blocking of the web page is achieved by displaying a warning message which has to be acknowledged by the user before the page can be displayed.
- the warning message may, for example, include a statement that the page has been blocked and why, a link via which the user can report that the web page has, in the user's opinion, been incorrectly flagged as dangerous, and a link via which the user can gain access to the blocked page despite the security warning.
- the warning message may, for example, be presented in the page display area 48 of the web browser window 40 in the form of a warning page displayed in place of the actual web page referred to by the URL. If the checks did not indicate that the web page should be blocked, then the web browser downloads and displays the requested page as normal.
- the toolbar may cache the information received in respect of a particular web site for a short period, such as 5, 10 or 15 minutes, though longer periods may also be used (such as half an hour or an hour). In a preferred example, the toolbar caches the information for up to 14 minutes.
- the toolbar also provides the following additional functionality: Version management: On start up the toolbar checks with a software update server to determine whether a new version of the toolbar is available, and offers to download and install the new version if this is the case (the software update server may be incorporated into the security information server or may be separate). Branding: The toolbar can further provide branding and navigational functionality relevant to the toolbar provider.
- the provider of the overall security system and of the toolbar software could licence the toolbar and reporting functionality to organisations such as banks, financial institutions, and e-commerce companies, offering them the ability to brand the toolbar with their own logos, brands and identifying marks, to provide shortcuts to their own services and to bring new information and offers to the attention of its customers via the toolbar.
- licensees would typically pay an annual licence fee for the services provided, for example based on the number of customers of the licensee using the services.
- the toolbar can therefore provide an attractive branding and customer loyalty mechanism for the provider, keeping their logo and services on screen throughout the time the customer spends using the web.
- Licence management For commercial flexibility, the opportunity to grant licences to organisations covering a particular time frame may be desirable. This can be achieved by providing licence management functionality, whereby the toolbar checks with a central server (such as the software update server described above) on start up to determine if a licence period has been exceeded, and disables the toolbar if it has. Tell a friend: The system provider may wish to encourage deployment of the toolbar to proliferate as quickly as possible. In this respect, the toolbar could include "Tell a friend" functionality to enable users to more conveniently recommend its adoption to their friends and colleagues, for example by way of automatic e-mailing to one or more e-mail addresses entered by the user.
- the security information server 18 manages the security information database 20, which stores various types of security information relating to web sites and web pages, including the master copy of the list of URL character patterns used to identify potentially dangerous URLs, such as URLs which have been previously reported by the system's user community.
- the toolbar 14 maintains its own local copy of this pattern list.
- the security information server 18 also processes security information requests received from toolbars. Each such request includes a representation of the URL for which information is required. This representation typically includes the protocol, name and port (if any) of the web site referred to by the URL.
- the server also performs the step of comparing this URL representation with the URL character patterns.
- the patterns corresponding to URLs may be stored in a representation corresponding to the representation of URLs received from the toolbars, in which case a direct comparison may be performed.
- the database may store reported URLs in clear text, in which case the comparison step may comprise generating the equivalent representation (including the check sum or hash code) of URLs specified in the pattern list and comparing the generated representation to the URL representation received. Normally the results of this comparison will be negative, in which case the browser continues its normal action.
- the security information server 18 uses the received URL representation to retrieve security information relating to the web site in question from the security information database 20, and transmits this security information to the toolbar for display.
- the security information server 50 comprises a button 54 for reporting web sites believed to be in some way suspicious.
- a knowledgeable and experienced user visits a previously unreported URL that he believes to be related to a fraud such as a phishing attack, he can report this using the reporting button on the toolbar.
- the security information server then records this information against the URL and may additionally flag the URL for review, highlight it as a threat to any other community members visiting the URL, or wait for corroborating reports from other members of the community, or review from a system administrator.
- a reported URL can be added as a character pattern to the master copy of the character patterns stored in the security information database, from where it can then be passed to local copies stored by individual toolbar clients using the previously described update process.
- the system operator may of course decide to add a generalised character pattern (e.g. using a wildcard) to capture not only the specific reported URL but also other URLs referring to the same web site.
- the security information database stores information relating to the hosting location of web sites. More specifically, the database stores IP registration information relating to IP addresses, which includes information indicating the company or person to whom a given IP address (or IP address range) is registered. For a given URL, the IP address of the host on which the web page referred to by the URL resides can be determined by DNS server lookup. Registration information relating to that IP address can then be obtained from the security information database.
- the security vulnerability information relating to a given URL could be obtained dynamically by carrying out a vulnerability assessment in response to a request received from a toolbar, for efficiency and performance reasons it is preferable to perform assessments independently of the requests and to store the resulting vulnerability information in the database.
- the security information server could perform vulnerability assessments on a daily basis, assessing any new web sites visited by users during the last day, as well as any existing web sites for which vulnerability information is already stored in the database, but which are due to be re- evaluated.
- the security information server could perform a dynamic vulnerability assessment only on those web sites for which information is not already available in the database.
- the hosting location information, vulnerability information and risk assessment / risk rating information associated with a URL is transmitted to the toolbar where it is displayed.
- the status display area 58 of toolbar 50 displays a risk rating (60) (in this example, a rating of 5 on a scale of 0 to 8, represented graphically) and indicates that no known vulnerabilities are associated with the present web site (61) and that the IP address of the page being viewed is registered to "FakeBank pic.” (64) in Great Britain (62).
- the processing performed by the security information server in response to an information request received from a toolbar is summarised in Figure 6.
- the security information server receives a request containing a representation of a URL to be checked, along with version information identifying the version of the local copy of the URL character patterns held by the toolbar in pattern store 22.
- the server compares the version of the local copy held by the toolbar with the version of the master list stored in security information database 20. If the toolbar is holding an out-of-date copy, updates are sent to bring the client up-to-date at step 206.
- the server performs a DNS lookup to determine the IP address associated with the URL (this being the IP address of the host referred to by the URL). It then retrieves IP registration information relating to the IP address from the database in step 210, in particular the name and country of the company to whom the IP address is registered. The country can, for example, be derived from the dialling code of a company telephone contact number given in the registration information, if the registration information does not itself indicate the country.
- the server retrieves vulnerability information relating to the web site from the database. This may be recorded in the database either against the domain and host name or the IP address of the web site referred to by the URL and looked up accordingly. Additionally, the server constructs the risk rating assessment relating to the web site. This may be calculated dynamically in response to the request or may be obtained from previously calculated risk rating information stored in the database. A response comprising the security information is then transmitted to the toolbar at step 214, where the information is displayed to the user. In alternative embodiments where a copy of the URL character patterns is not held locally at the toolbar, the server also compares the URL representation to the pattern list stored in the database, and transmits an alert in case of a match.
- the security information transmitted at step 214 is only a summary of the information available in the database.
- the security information server may simply indicate whether or how many security vulnerabilities are associated with a given web site, or whether a given web site should be considered a risk.
- the user can request more detailed information, such as the exact types of any vulnerabilities detected, and detailed information concerning the organisation hosting the web site. Due to the limited screen space available to the toolbar, this detailed information may, for example, be displayed in the form of an HTML page in page display area 48 rather than in the toolbar itself.
- the icon may be displayed if either the domain name or the IP address can be matched, or may only be displayed if both domain name and IP address can be matched. If neither the domain name nor the IP address are found in the database (or alternatively only one of them), then the icon is not displayed. If the user believes that he is accessing a banking web site, then the absence of the graphical icon in the toolbar should alert the user to the fact that the web site being accessed is not known to the system and therefore may not be genuine. Alternatively, a negative indication could be displayed.
- the database is populated with details of the domain names and IP address ranges registered to and used by known banks and similar organisations. This information may be obtained directly from the organisations concerned. Since this information may change over time as new domain names and IP addresses are allocated, it is necessary to update the information regularly. To achieve this, the system may regularly look up the IP addresses associated with known domain names and add them to the IP address list if not already there.
- the toolbar provider can thereby obtain valuable information about the behaviour of their customers on the World Wide Web.
- important aspects of the security system described include: • Trapping of suspicious URLs containing characters which have no common purpose other than to deceive. • Convenience of reporting the fraud to the bank and to the hosting location. • Community watch behaviour of the system making warnings about fraudulent URLs immediately available to the rest of the community via display on the toolbar. Supervisor validation or a voting system can be used to reduce and eliminate the impact of false reporting of URLs. • Clear display of sites' hosting location at all times while the user browses the web. • Indication of security vulnerabilities and risk assessments or risk ratings relating to sites visited.
- the security information server could perform all URL checking tasks including the character pattern matching.
- the security information (such as the hosting location and vulnerability information described above) could be provided to the toolbar only on request, possibly under control of the information button on the toolbar.
- a separate software component could also be used which intercepts URL requests output by the browser. This could, for example, work at the operating system level.
- a URL rewriting proxy could also fulfil the functionality of the toolbar, and provide facilities independent of particular operating system and browser software.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/593,153 US20080172382A1 (en) | 2004-03-16 | 2005-03-15 | Security Component for Use With an Internet Browser Application and Method and Apparatus Associated Therewith |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB0405901A GB2412189B (en) | 2004-03-16 | 2004-03-16 | Security component for use with an internet browser application and method and apparatus associated therewith |
GB0405901.0 | 2004-03-16 | ||
GB0416612.0 | 2004-07-26 | ||
GBGB0416612.0A GB0416612D0 (en) | 2004-03-16 | 2004-07-26 | Security component for use with an internet browser application and method and apparatus associated therewith |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005091107A1 true WO2005091107A1 (fr) | 2005-09-29 |
Family
ID=34962963
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2005/000978 WO2005091107A1 (fr) | 2004-03-16 | 2005-03-15 | Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2005091107A1 (fr) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2007072320A2 (fr) * | 2005-12-23 | 2007-06-28 | International Business Machines Corporation | Methode d'evaluation d'une adresse reseau et d'acces a une adresse reseau |
WO2007136665A2 (fr) | 2006-05-19 | 2007-11-29 | Cisco Ironport Systems Llc | Procédé et appareil destinés à contrôler l'accès à des ressources réseau en fonction d'une réputation |
US20080060062A1 (en) * | 2006-08-31 | 2008-03-06 | Robert B Lord | Methods and systems for preventing information theft |
DE102007013339A1 (de) | 2007-03-20 | 2008-09-25 | Giesecke & Devrient Gmbh | Portabler Datenträger als Web-Server |
EP2017758A1 (fr) * | 2007-07-02 | 2009-01-21 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Système et procédé informatiques destinés à la vérification du contenu |
WO2009009859A1 (fr) * | 2007-07-13 | 2009-01-22 | Von Arx Kim G | Système et procédé pour fournir des services en ligne à l'aide de noms de domaine enregistrés et individualisés |
FR2954547A1 (fr) * | 2009-12-21 | 2011-06-24 | Alcatel Lucent | Procede de detection d’un detournement de ressources informatiques |
CN102385583A (zh) * | 2010-08-31 | 2012-03-21 | 腾讯科技(深圳)有限公司 | 一种控制浏览器打开窗口的方法及网页浏览器 |
US8245049B2 (en) | 2004-06-14 | 2012-08-14 | Microsoft Corporation | Method and system for validating access to a group of related elements |
CN102932335A (zh) * | 2012-10-17 | 2013-02-13 | 北京奇虎科技有限公司 | 在浏览器处呈现网站的相关信息的方法和浏览器 |
US8646029B2 (en) | 2011-05-24 | 2014-02-04 | Microsoft Corporation | Security model for a layout engine and scripting engine |
US8839418B2 (en) * | 2006-01-18 | 2014-09-16 | Microsoft Corporation | Finding phishing sites |
GB2517021A (en) * | 2013-05-13 | 2015-02-11 | Appsense Ltd | Context transfer from web page to application |
US9167052B2 (en) | 2013-05-13 | 2015-10-20 | Appsense Limited | Apparatus, systems, and methods for providing policy in network-based applications |
US9342274B2 (en) | 2011-05-19 | 2016-05-17 | Microsoft Technology Licensing, Llc | Dynamic code generation and memory management for component object model data constructs |
US9430452B2 (en) | 2013-06-06 | 2016-08-30 | Microsoft Technology Licensing, Llc | Memory model for a layout engine and scripting engine |
US9479525B2 (en) | 2014-10-23 | 2016-10-25 | International Business Machines Corporation | Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server |
US9912720B2 (en) | 2013-05-13 | 2018-03-06 | Appsense Us Llc | Context aware browser policy |
US10291615B2 (en) | 2013-05-13 | 2019-05-14 | Ivanti Us Llc | Web event framework |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5884033A (en) * | 1996-05-15 | 1999-03-16 | Spyglass, Inc. | Internet filtering system for filtering data transferred over the internet utilizing immediate and deferred filtering actions |
WO2001059594A2 (fr) * | 2000-02-08 | 2001-08-16 | Harris Corporation | Systeme et procede permettant l'evaluation d'une posture de securite d'un reseau appliquant des regles de decision en logique floue orientees but |
US20030014659A1 (en) * | 2001-07-16 | 2003-01-16 | Koninklijke Philips Electronics N.V. | Personalized filter for Web browsing |
US20030033231A1 (en) * | 2001-08-09 | 2003-02-13 | Jonathan Turner | System and methods for providing financial account information over a network |
US20030126267A1 (en) * | 2001-12-27 | 2003-07-03 | Koninklijke Philips Electronics N.V. | Method and apparatus for preventing access to inappropriate content over a network based on audio or visual content |
US20030233581A1 (en) * | 2000-03-03 | 2003-12-18 | Eran Reshef | System for determining web application vulnerabilities |
-
2005
- 2005-03-15 WO PCT/GB2005/000978 patent/WO2005091107A1/fr active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5884033A (en) * | 1996-05-15 | 1999-03-16 | Spyglass, Inc. | Internet filtering system for filtering data transferred over the internet utilizing immediate and deferred filtering actions |
WO2001059594A2 (fr) * | 2000-02-08 | 2001-08-16 | Harris Corporation | Systeme et procede permettant l'evaluation d'une posture de securite d'un reseau appliquant des regles de decision en logique floue orientees but |
US20030233581A1 (en) * | 2000-03-03 | 2003-12-18 | Eran Reshef | System for determining web application vulnerabilities |
US20030014659A1 (en) * | 2001-07-16 | 2003-01-16 | Koninklijke Philips Electronics N.V. | Personalized filter for Web browsing |
US20030033231A1 (en) * | 2001-08-09 | 2003-02-13 | Jonathan Turner | System and methods for providing financial account information over a network |
US20030126267A1 (en) * | 2001-12-27 | 2003-07-03 | Koninklijke Philips Electronics N.V. | Method and apparatus for preventing access to inappropriate content over a network based on audio or visual content |
Cited By (49)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8601278B2 (en) | 2004-06-14 | 2013-12-03 | Microsoft Corporation | Validating access to a group of related elements |
US8245049B2 (en) | 2004-06-14 | 2012-08-14 | Microsoft Corporation | Method and system for validating access to a group of related elements |
JP2009521047A (ja) * | 2005-12-23 | 2009-05-28 | インターナショナル・ビジネス・マシーンズ・コーポレーション | ネットワーク・アドレスを評価し、アクセスするための方法 |
WO2007072320A3 (fr) * | 2005-12-23 | 2007-09-20 | Ibm | Methode d'evaluation d'une adresse reseau et d'acces a une adresse reseau |
US8201259B2 (en) | 2005-12-23 | 2012-06-12 | International Business Machines Corporation | Method for evaluating and accessing a network address |
WO2007072320A2 (fr) * | 2005-12-23 | 2007-06-28 | International Business Machines Corporation | Methode d'evaluation d'une adresse reseau et d'acces a une adresse reseau |
KR100935776B1 (ko) * | 2005-12-23 | 2010-01-06 | 인터내셔널 비지네스 머신즈 코포레이션 | 네트워크 어드레스 평가 방법, 컴퓨터 판독 가능한 기록 매체, 컴퓨터 시스템, 네트워크 어드레스 액세스 방법, 컴퓨터 인프라를 활용하는 방법 및 기업의 네트워크 통신 트래픽의 분석을 수행하는 방법 |
US8839418B2 (en) * | 2006-01-18 | 2014-09-16 | Microsoft Corporation | Finding phishing sites |
EP2033108A2 (fr) * | 2006-05-19 | 2009-03-11 | Cisco Ironport Systems LLC | Procédé et appareil destinés à contrôler l'accès à des ressources réseau en fonction d'une réputation |
EP2033108A4 (fr) * | 2006-05-19 | 2014-07-23 | Cisco Ironport Systems Llc | Procédé et appareil destinés à contrôler l'accès à des ressources réseau en fonction d'une réputation |
WO2007136665A2 (fr) | 2006-05-19 | 2007-11-29 | Cisco Ironport Systems Llc | Procédé et appareil destinés à contrôler l'accès à des ressources réseau en fonction d'une réputation |
US20080060062A1 (en) * | 2006-08-31 | 2008-03-06 | Robert B Lord | Methods and systems for preventing information theft |
US8386913B2 (en) | 2007-03-20 | 2013-02-26 | Giesecke & Devrient Gmbh | Portable data carrier as a web server |
WO2008113599A3 (fr) * | 2007-03-20 | 2009-02-05 | Giesecke & Devrient Gmbh | Supports de données portatifs en tant que serveurs web |
US9137296B2 (en) | 2007-03-20 | 2015-09-15 | Giesecke & Devrient Gmbh | Portable data carrier as a web server |
DE102007013339A1 (de) | 2007-03-20 | 2008-09-25 | Giesecke & Devrient Gmbh | Portabler Datenträger als Web-Server |
EP2017758A1 (fr) * | 2007-07-02 | 2009-01-21 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Système et procédé informatiques destinés à la vérification du contenu |
WO2009009859A1 (fr) * | 2007-07-13 | 2009-01-22 | Von Arx Kim G | Système et procédé pour fournir des services en ligne à l'aide de noms de domaine enregistrés et individualisés |
CN102792306A (zh) * | 2009-12-21 | 2012-11-21 | 阿尔卡特朗讯公司 | 用于检测计算机资源劫持的方法 |
WO2011083226A1 (fr) * | 2009-12-21 | 2011-07-14 | Alcatel Lucent | Procédé de détection d'un détournement de ressources informatiques |
FR2954547A1 (fr) * | 2009-12-21 | 2011-06-24 | Alcatel Lucent | Procede de detection d’un detournement de ressources informatiques |
US9104874B2 (en) | 2009-12-21 | 2015-08-11 | Alcatel Lucent | Method for detecting the hijacking of computer resources |
CN102385583B (zh) * | 2010-08-31 | 2016-01-20 | 腾讯科技(深圳)有限公司 | 一种控制浏览器打开窗口的方法及网页浏览器 |
CN102385583A (zh) * | 2010-08-31 | 2012-03-21 | 腾讯科技(深圳)有限公司 | 一种控制浏览器打开窗口的方法及网页浏览器 |
US10248415B2 (en) | 2011-05-19 | 2019-04-02 | Microsoft Technology Licensing, Llc | Dynamic code generation and memory management for component object model data constructs |
US9342274B2 (en) | 2011-05-19 | 2016-05-17 | Microsoft Technology Licensing, Llc | Dynamic code generation and memory management for component object model data constructs |
US8881101B2 (en) | 2011-05-24 | 2014-11-04 | Microsoft Corporation | Binding between a layout engine and a scripting engine |
US9582479B2 (en) | 2011-05-24 | 2017-02-28 | Microsoft Technology Licensing, Llc | Security model for a layout engine and scripting engine |
US8918759B2 (en) | 2011-05-24 | 2014-12-23 | Microsoft Corporation | Memory model for a layout engine and scripting engine |
US9116867B2 (en) | 2011-05-24 | 2015-08-25 | Microsoft Technology Licensing, Llc | Memory model for a layout engine and scripting engine |
US8904474B2 (en) | 2011-05-24 | 2014-12-02 | Microsoft Corporation | Security model for a layout engine and scripting engine |
US9830306B2 (en) | 2011-05-24 | 2017-11-28 | Microsoft Technology Licensing, Llc | Interface definition language extensions |
US8689182B2 (en) | 2011-05-24 | 2014-04-01 | Microsoft Corporation | Memory model for a layout engine and scripting engine |
US9244896B2 (en) | 2011-05-24 | 2016-01-26 | Microsoft Technology Licensing, Llc | Binding between a layout engine and a scripting engine |
US8646029B2 (en) | 2011-05-24 | 2014-02-04 | Microsoft Corporation | Security model for a layout engine and scripting engine |
US9830305B2 (en) | 2011-05-24 | 2017-11-28 | Microsoft Technology Licensing, Llc | Interface definition language extensions |
CN102932335A (zh) * | 2012-10-17 | 2013-02-13 | 北京奇虎科技有限公司 | 在浏览器处呈现网站的相关信息的方法和浏览器 |
US10291615B2 (en) | 2013-05-13 | 2019-05-14 | Ivanti Us Llc | Web event framework |
US9167052B2 (en) | 2013-05-13 | 2015-10-20 | Appsense Limited | Apparatus, systems, and methods for providing policy in network-based applications |
US9900367B2 (en) | 2013-05-13 | 2018-02-20 | Appsense Us Llc | Context transfer from web page to application |
US9912720B2 (en) | 2013-05-13 | 2018-03-06 | Appsense Us Llc | Context aware browser policy |
GB2517021A (en) * | 2013-05-13 | 2015-02-11 | Appsense Ltd | Context transfer from web page to application |
US10764352B2 (en) | 2013-05-13 | 2020-09-01 | Ivanti Us Llc | Context aware browser policy |
US9430452B2 (en) | 2013-06-06 | 2016-08-30 | Microsoft Technology Licensing, Llc | Memory model for a layout engine and scripting engine |
US10282238B2 (en) | 2013-06-06 | 2019-05-07 | Microsoft Technology Licensing, Llc | Memory model for a layout engine and scripting engine |
US10353751B2 (en) | 2013-06-06 | 2019-07-16 | Microsoft Technology Licensing, Llc | Memory model for a layout engine and scripting engine |
US9832218B2 (en) | 2014-10-23 | 2017-11-28 | International Business Machines Corporation | Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server |
US9479525B2 (en) | 2014-10-23 | 2016-10-25 | International Business Machines Corporation | Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server |
US10382470B2 (en) | 2014-10-23 | 2019-08-13 | International Business Machines Corporation | Interacting with a remote server over a network to determine whether to allow data exchange with a resource at the remote server |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20080172382A1 (en) | Security Component for Use With an Internet Browser Application and Method and Apparatus Associated Therewith | |
WO2005091107A1 (fr) | Composant de securite pour application navigateur sur internet et procede et dispositif s'y rapportant | |
JP6871357B2 (ja) | オンライン詐欺を検出するためのシステムおよび方法 | |
Wu et al. | Effective defense schemes for phishing attacks on mobile computing platforms | |
US8429751B2 (en) | Method and apparatus for phishing and leeching vulnerability detection | |
US8996697B2 (en) | Server authentication | |
US8079087B1 (en) | Universal resource locator verification service with cross-branding detection | |
US7694135B2 (en) | Security systems and services to provide identity and uniform resource identifier verification | |
US7690035B2 (en) | System and method for preventing fraud of certification information, and recording medium storing program for preventing fraud of certification information | |
US8776224B2 (en) | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions | |
US20080086638A1 (en) | Browser reputation indicators with two-way authentication | |
US20130031213A1 (en) | Obtaining and assessing objective data relating to network resources | |
US20140283069A1 (en) | Protecting against the introduction of alien content | |
US20060070126A1 (en) | A system and methods for blocking submission of online forms. | |
JP2008521149A (ja) | オンライン詐欺の可能性に関連するデータを解析するための方法およびシステム | |
WO2006119479A2 (fr) | Determination de reputations de sites web faisant appel a un test automatique | |
WO2007058732A2 (fr) | Systeme et methodes d'authentification b2c (des entreprises aux particuliers) | |
WO2007106826A2 (fr) | Validation de detention de noms de domaine | |
JP2008507005A (ja) | オンライン詐欺解決法 | |
JP2008522291A (ja) | オンライン詐欺の早期の検出およびモニタリング | |
US20210176263A1 (en) | Consumer Threat Intelligence Service | |
GB2456742A (en) | Determining trust levels for data sources | |
Chanti et al. | A literature review on classification of phishing attacks | |
US20210081962A1 (en) | Data analytics tool | |
Malderle et al. | Warning of affected users about an identity leak |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase | ||
WWE | Wipo information: entry into national phase |
Ref document number: 10593153 Country of ref document: US |