US20080201401A1 - Secure server authentication and browsing - Google Patents
Secure server authentication and browsing Download PDFInfo
- Publication number
- US20080201401A1 US20080201401A1 US12/108,694 US10869408A US2008201401A1 US 20080201401 A1 US20080201401 A1 US 20080201401A1 US 10869408 A US10869408 A US 10869408A US 2008201401 A1 US2008201401 A1 US 2008201401A1
- Authority
- US
- United States
- Prior art keywords
- content
- server
- addresses
- fragment
- provider server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- A—HUMAN NECESSITIES
- A61—MEDICAL OR VETERINARY SCIENCE; HYGIENE
- A61L—METHODS OR APPARATUS FOR STERILISING MATERIALS OR OBJECTS IN GENERAL; DISINFECTION, STERILISATION OR DEODORISATION OF AIR; CHEMICAL ASPECTS OF BANDAGES, DRESSINGS, ABSORBENT PADS OR SURGICAL ARTICLES; MATERIALS FOR BANDAGES, DRESSINGS, ABSORBENT PADS OR SURGICAL ARTICLES
- A61L2/00—Methods or apparatus for disinfecting or sterilising materials or objects other than foodstuffs or contact lenses; Accessories therefor
- A61L2/02—Methods or apparatus for disinfecting or sterilising materials or objects other than foodstuffs or contact lenses; Accessories therefor using physical phenomena
- A61L2/08—Radiation
- A61L2/10—Ultra-violet radiation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/107—Computer-aided management of electronic mailing [e-mailing]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2463/00—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
- H04L2463/102—Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying security measure for e-commerce
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2596—Translation of addresses of the same type other than IP, e.g. translation from MAC to MAC addresses
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4557—Directories for hybrid networks, e.g. including telephone numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10—TECHNICAL SUBJECTS COVERED BY FORMER USPC
- Y10S—TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y10S707/00—Data processing: database and file management or data structures
- Y10S707/99931—Database or file accessing
Definitions
- the present invention relates to a method and system for authenticating servers of content-providers that provide content-data, such as webpage data, to client computers over a communications network, such as the Internet.
- phishing may be initiated from an e-mail supposedly from a bank or other financial or commercial institution, such as an e-trader, sent to an ostensible customer with a link to a website where there is a request to enter personal or bank details, passwords or PIN numbers.
- This website may be an exact copy of a valid site belonging to the correct financial or commercial institution, or may be an entirely valid site of such institution with a fraudulent pop-up window that requests details or uses other means to deceive the customer concerned.
- phishing methods include inserting rogue computer code or object into legitimate pages by methods, which include proxy servers, packet manipulation and installation of software or devices on a client computer. It has also been known for fraudsters to adopt similar URL's (uniform resource locators) to a genuine business to fool people into thinking they are on a legitimate site. For example, the URL Onlinebank.com, with an initial “0” (zero) rather than an initial “0” may be used to deceive people into believing they have reached the site of Onlinebank.com.
- Still further methods include setting up totally fraudulent web sites pretending to be legitimate or non-existent charities or commercial organizations to fool users into donating monies to or purchasing goods from fraudulent organizations, which have not necessarily been reached via invitation from e-mails.
- WO 2004/055632 describes a system in which a complex algorithm is employed to determine whether a particular URL may be trusted or not.
- This analysis may take account of content and layout of a web page, age and size of the website and the number of hyperlinks and scores the web page under each of these headings to give a determination as to whether the web page can likely be trusted or likely not be trusted.
- the URL of the web page is added to a trusted list or a distrusted list maintained by the client computer. Nevertheless, a fraudulent website will often appear as an exact copy of a legitimate site and therefore be added to the list of trusted sites.
- the present invention provides a method of authenticating a content-provider server comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the fragment of IP addresses.
- the fragment is stored on a remote server and obtaining the fragment comprises requesting from the server a copy of the fragment and receiving from the server a copy of the fragment.
- the fragment is stored on the server as a file having a filename that is, unique to the domain name of the content-provider server and requesting a copy of the fragment from the server comprises requesting a file having a filename that is unique to the domain name of the content-provider server.
- the filename of the fragment is unique to both the domain name of the content-provider server and a domain name of the server on which the fragment is stored.
- the filename of the fragment is encrypted using encryption keys derived from the domain name of the content-provider server and the domain name of the server on which the fragment is stored.
- the fragment stores one or more authenticated IP addresses and one or more non-authenticated IP addresses and the method comprises providing an indication that the IP address of the content-provider server is an Authenticated IP address, a non-authenticated IP address, or neither.
- the method comprises: storing a database of authenticated IP addresses and a database of non-authenticated IP addresses; appending the IP addresses of the fragment to at least one of the database of authenticated IP addresses and the database of non-authenticated IP addresses; comparing the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and providing an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- the method comprises: obtaining a list of non-authenticated IP addresses from a remote server; and comparing the IP address of the content-provider server against the IP addresses of the fragment and the list of non-authenticated IP addresses.
- the method comprises: storing a database of authenticated IP addresses and a database of non-authenticated IP addresses; appending the IP addresses of the fragment to at least one of the database of authenticated IP addresses and the database of non-authenticated IP addresses; appending the list of non-authenticated IP addresses to the database of non-authenticated IP addresses; comparing the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and providing an indication that the IP address of the content provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- the content-provider server has a hostname and the method comprises: obtaining first data from the hostname; resolving the IP address of the hostname; obtaining second data from the resolved IP address; comparing the first data and second data; and providing an indication that the first data and second data are identical or non-identical.
- the fragment includes one or more URLs or portions of URLs associated with each IP address stored by the fragment
- the method comprises: comparing at least a portion of the URL of the content-provider server against the URLs or portions of URLs of the fragment that are associated with the IP address of the content-provider server; and providing an indication that the IP address and the portion of the URL of the content-provider server is included in or excluded from the fragment.
- the present invention provides a client computer connectable to a content-provider server over a communications network, wherein the client computer is operable to: determine a domain name of the content-provider server; obtain a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content provider server and storing one or more IP addresses associated with the domain name; compare the IP address of the content-provider server against the IP addresses of the fragment; and provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- the client computer is operable to request data from the content-provider server and to obtain the fragment in response to the request for data from the content-provider server.
- the client computer is operable to: request data from the content-provider server; determine whether data from the content-provider server has previously been requested; and to obtain the fragment if data from the content-provider has not previously been requested.
- the client computer is operable to retrieve the fragment from a server over the communications network, and the fragment is stored on the server as a file having a filename that is unique to the domain name of the content-provider server.
- the fragment is stored on a security server.
- the client computer is operable to determine whether the fragment of IP addresses stored on the server has changed and to retrieve from the server the fragment if it is determined that the fragment has changed.
- the filename of the fragment is unique to both the domain name of the content-provider server and a domain name of the server on which the fragment is stored.
- the filename of the fragment is encrypted using encryption keys derived from the domain name of the content-provider server and the domain name of the server on which the fragment is stored.
- the fragment stores one or more authenticated IP addresses and one or more non-authenticated IP addresses and the client computer is operable to provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- the client computer stores a database of authenticated IP addresses and a database of non-authenticated IP addresses
- the client computer is operable to: append the IP addresses of the fragment to at least one of the database of authenticated IP addresses and database of non-authenticated IP addresses; compare the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- the client computer is connectable to a security server over the communications network, and the client computer is operable to obtain a list of non-authenticated IP addresses from the security server and to the compare the IP address of the content-provider server against the IP addresses of the fragment and the list of non-authenticated IP addresses.
- the client computer stores a database of authenticated IP addresses and a database of non-authenticated IP addresses
- the client “computer is operable to: append the IP addresses of the fragment to at least one of the database of authenticated IP addresses and database of non-authenticated IP addresses; append the list of non-authenticated IP addresses to the database of non-authenticated IP addresses; compare the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- the client computer is operable to: obtain data from the content-provider server that includes a link to a further content-provider server; compare the IP address of the further content-provider server against the IP addresses of the fragment, and provide an indication that the IP address of the further content-provider server is included or excluded from the received database of IP addresses.
- the content-provider server has a hostname and the client computer is operable to: obtain first data from the hostname; resolve the IP address of the hostname; obtain second data from the resolved IP address; compare the first data and second data; and provide an indication that the first data and second data are identical or non-identical.
- the fragment includes one or more URLs or portions of URLs associated with each IP address stored by the fragment
- the client computer is further operable to: compare at least a portion of the URL of the content-provider server against the URLs or portions of URLs of the fragment that are associated with the IP address of the content-provider server; and provide an indication that the IP address and the portion of the URL of the content-provider server is included in or excluded from the fragment.
- the fragment stores IP addresses associated with a URL.
- the client computer is operable to provide a visual indication that the content-provider server is a trusted or non-trusted site.
- the client computer operates a window-based operating system and the client computer is operable to determine whether an active window of the operating system is executing an application capable of requesting data from the content-provider server, and the client computer is operable to compare the IP address of the content-provider server and to provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment if it is determined that an active window is executing an application capable of requesting data from a content-provider server.
- the present invention provides a method of operating a client computer connectable to a content-provider server over a communications network, the method comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- the present invention provides a computer program or suite of computer programs, which may be provided on a computer-readable storage medium, executable by a client computer to perform the above method.
- the present invention provides a security server connectable to a client computer over a communications network, the security server storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name, and the security server is operable to receive a request from the client computer for a fragment, and to deliver the requested fragment to the client computer.
- the security server stores each fragment as a file having a filename that is unique to the domain name to which the fragment corresponds, and the security server is operable to receive a request from the client computer for a fragment having a particular filename, and to deliver the fragment having the particular filename to the client computer.
- the filename of the fragment is unique to both the domain name to which the fragment corresponds and to a domain name of the security server on which the fragment is stored.
- the filename of the fragment is encrypted using encryption keys derived from the domain name to which the fragment corresponds and the domain name of the server on which the fragment is stored.
- the security server is connectable to a content-provider server over the communications network and the security server is operable to: receive one or more IP addresses from the content-provider server; and store the received IP addresses as a fragment, the fragment corresponding to a domain name of the content-provider server.
- the security server stores a database of authenticated IP addresses and a database of non-authenticated IP addresses as a plurality of fragments.
- the security server stores a database of authenticated IP address as a plurality of fragments, each fragment corresponding to a domain name and storing authenticated IP addresses associated with the domain name, and a database of non-authenticated IP addresses, and the security server is operable to: receive a request from the client computer for a fragment of the database of authenticated IP addresses; deliver the requested fragment to the client computer; receive a request from the client computer for the database of non-authenticated IP addresses; and deliver the database of non-authenticated IP addresses to the client computer.
- the security server is operable to receive a request from the client computer that includes information identifying a domain name of a content-provider server, and to deliver to the client computer a fragment corresponding to the identified domain name.
- each fragment stores IP addresses associated with a URL.
- the present invention provides a method of operating a security server connected to a client computer over a communications network, the method comprising: storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name; receiving a request from the client computer for a fragment; and delivering the requested fragment to the client computer.
- the present invention provides a computer program or suite of computer programs, which may be provided on a computer-readable storage medium, executable by a server computer to perform the above method.
- the present invention provides a client computer connectable to a content-provider server and to a security server over a communications network, the security server storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name, and the client computer is operable to: determine the domain name of the content-provider server; obtain from the security server a fragment of the database of IP addresses corresponding to the domain name of the content-provider server; compare the IP address of the content-provider server against the received fragment of IP addresses; and provide an indication that the IP address of the content-provider server is included or excluded from the received fragment of IP addresses.
- window-based operating system as used herein is intended to encompass any operating system that makes use of windows in a graphic display, usually only one such window being active at anyone time, and sometimes only one such window being visible on a graphic display at anyone time.
- window-based operating systems include Microsoft Windows®, the various Macintosh® operating systems, as well as a variety of other window-based operating systems employed by various hand-held computer devices and third and higher generation mobile phones.
- IP address spoofing is a technique that allows a webpage to be sent to the client computer and the IP address has been checked and may be found to be an authenticated IP address, it may still be possible for a fraudulent site to have produced it. This is because it is possible to configure a web server to send information that appears to emanate from a different IP address to the one it actually comes from. However, this possibility can be readily overcome. If the apparently authenticated IP address is sent in substitution for the hostname or domain-name part of the URL, the apparently validated IP address can be authenticated for certain. If the same or similar content-data (e.g. webpage data) is returned then it follows that the content-data has come from a certainly authenticated IP address.
- content-data e.g. webpage data
- FIG. 1 is a schematic representation of a computer network
- FIG. 2 is a schematic diagram of databases stored on a security server embodying the present invention
- FIG. 3 is a schematic diagram of a client computer embodying the present invention.
- FIG. 4 is a logic flow diagram of a method performed by a client computer embodying the present invention.
- FIG. 5 shows part of a computer display illustrating an always-on-top status window
- FIG. 6 shows part of a computer display illustrating part of the taskbar at the bottom of the computer display
- FIG. 7 is a logic flow diagram of a further method performed by a client computer embodying the present invention.
- FIG. 8 is a schematic diagram of an alternative database stored on a security server embodying the present invention.
- FIG. 1 shows the basic arrangement of a network, such as the Internet, in which a client computer 1 is connected to a plurality of content-provider servers 3 and to a security server 4 over a communications network 5 .
- a client computer 1 is connected to a plurality of content-provider servers 3 and to a security server 4 over a communications network 5 .
- Each content-provider server 3 has at least one IP address and stores content-data, such as HTML files, Java applets, sound and image files, etc., for downloading by the client computer 1 .
- the present invention is particularly concerned with content-provider servers 3 that require user authorization from the client computer 1 .
- the content-provider server 3 may be an online bank, and content-data relating to a particular account holder, such as a statement of account, is provided only upon receipt from the client computer of a username and password.
- the content-provider server may be an online shop, whereupon goods may be purchased only upon receipt of the purchaser's credit or debit card details.
- the content-data of a content-provider server 3 is generally accessed by way of a uniform resource locator (URL), e.g. www.onlinebank.com/homellogin.shtml.
- the URL comprises a hostname and a path or filename, which in the present example are www.onlinebank.com. and ‘/homellong.shtml’ respectively.
- the hostname comprises a domain name, such as a fully qualified domain name or a sub-domain.
- URLs and IP addresses are related but are not directly equivalent to each other. Thus, when a web browser requests content-data from the URL www.onlinebank.com/homellogin.shtml.
- a domain name server looks up and converts the hostname part of the URL into an IP address, such as 207.46.250.222 or whatever the appropriate IP address may be.
- IP address such as 207.46.250.222 or whatever the appropriate IP address may be.
- Owing to domain-name aliasing different hostnames may point to the same IP address. For example, www.onlinebank.co.uk or www.onlinebank.net may point to the same IP address as that of www.onlinebank.com.
- stealth redirection means that a user accessing the same URL may be redirected to a different IP address on different occasions, even though the same hostname appears in the URL. Consequently, a user requesting content-data from a content-provider server 3 , e.g. by entering a URL into his web browser, is generally unaware of the actual IP address and thus the actual server 3 providing the content-data.
- the security server 4 stores a database of non-authenticated IP addresses 6 and preferably a database of authenticated IP addresses 7 .
- Each database 6 , 7 comprises a list of IP addresses 8 .
- the databases 6 , 7 may store related information 9 associated with each of the listed IP addresses, such as the date on which the IP address was entered or updated in the database, and the level of threat or authenticity associated with the IP address.
- the IP addresses of a content-provider server 3 that is known to mimic an online bank may have a high threat level, whilst an online shop that does not appear to satisfy certain online security requirements may have a low threat level.
- the related-information 9 associated with a particular IP address may also include details of the authority or subscriber that provided the IP address, as well as a graphical image (e.g. logo or animation) or sound clip associated with the authority or subscriber.
- the related-information 9 may include one or more links associated with a particular IP address.
- each database 6 , 7 might store a set of URL links to websites that are promoted in response to a user accessing a particular content-provider server.
- each database 6 , 7 might store a set of URL links to other content-provider servers (e.g. websites) that provide information about a subscriber, not necessarily provided by the subscriber, such as company profile, consumer information, credit rating, market analysis, share price, etc. Accordingly, a user is presented with one or more secure links to content-provider servers that provide independent information regarding a particular subscriber/content-provider.
- the database of non-authenticated IP addresses 6 lists IP addresses that have been identified as fraudulent or potentially insecure, i.e. the database 6 lists IP addresses of content provider servers 3 that are not to be trusted. It is preferred that non-authenticated IP addresses be provided to the security server 4 by an organization of assured status and integrity, such as a police authority or other government authority responsible for monitoring fraud, a banking authority, or other authoritative body outside of the commercial control of the security provider responsible for the security server 4 .
- a single assured organization is responsible for maintaining the non-authenticated database 6 .
- the assured organization may deliver the entire database 6 , or portions of the database 6 that have changed, to the security server 4 .
- the security server 4 may retrieve the entire database 6 , or portions of the database 6 that have changed, from the assured organization. Delivery or retrieval may occur periodically or whenever a change occurs to the database 6 .
- each assured organization provides a portion of the non-authenticated database 6 stored on the security server 4 .
- Each portion may be delivered to the security server 4 by the assured organization, or the security server 4 may retrieve the portion from the assured organization at periodic intervals.
- the database of authenticated IP addresses 7 lists those IP addresses that have been provided by subscribers to the security server 4 .
- Each subscriber is typically a content-provider that wishes to register its servers on the security server 4 .
- the subscriber may be the company OnlineBank, which provides a list of all its IP addresses.
- Each subscriber provides a portion of the authenticated database 6 , which may be delivered to the security server 4 by the assured organization, or the security server 4 may retrieve the portion from the subscriber at periodic intervals.
- the subscriber may also provide a list of IP addresses that it regards as untrustworthy and should therefore be added to the database of non-authenticated IP addresses 6 .
- maintenance of the database of non-authenticated IP addresses 6 is preferably carried out by assured organizations only.
- the client computer 1 as illustrated in FIG. 3 comprises a processor 10 provided with a window-based operating system, a user-input device 11 (such as a keyboard and/or mouse), a visual display unit (VDU) 12 , a memory 13 and a modem 14 for transferring data across the communications network 5 .
- the client computer 1 may alternatively transfer data across the communications network 5 via a LAN, whereby the client computer 1 includes an ethernet card or similar device (not shown) for transferring data over the LAN, or indeed any other means for transferring data from the client computer 1 across the communications network 5 .
- the client computer 1 preferably includes a web-browser (e.g. as part of the operating system or stored separately in memory 13 ) for receiving content-data from the content-provider servers 3 .
- a web-browser e.g. as part of the operating system or stored separately in memory 13
- any application-software suitable for receiving content-data from a content-provider server 3 e.g. a file-browser or e-mail client operating in http, https, ftp, or similar protocol
- the web-browser or application-software is suitable for receiving user-authorization data from the user-input device 11 and for transferring the user-authorization data to a content-provider server 3 .
- the memory 13 stores a server-authentication application 15 , which is executable by the processor 10 .
- the server-authentication application 15 includes instructions for receiving (e.g. downloading) from the security server 4 the entire non-authenticated database 6 and preferably the entire authenticated database 7 .
- the server-authentication application preferably provides the user with the opportunity to receive new, updated or refreshed databases 6 , 7 from the security server 4 automatically, periodically without intervention of the user of the client computer 1 , or by connection to the security server 4 at specified intervals or at times entirely at the option of the user.
- the received databases are then stored in memory 13 .
- the databases stored on the client computer 1 shall be referred to hereafter as the client-database of non-authenticated IP addresses 16 (or alternatively the non-authenticated client-database) and the client-database of authenticated client database 17 (or alternatively the authenticated client-database).
- the server-authentication application 15 when executed, additionally checks at 20 whether the active window of the windows-based operating system has changed.
- any window-based operating system there will generally be a single active window on the computer's VDU 8 , being the window on which various commands (for example “save”, “print”, etc.) may be initiated by the user-input device 11 .
- Other windows may be open at the same time, whether visible on the VDU 12 or hidden behind other windows.
- the various windows open at anyone time are usually displayed on a task bar or docking bar at an edge (e.g. the bottom) of the graphic display.
- An authentication check is performed whenever the active window changes.
- the server-authentication application 15 checks at 21 whether the new active window is a web-browser or other application capable of transferring data across the communications network 5 . In the most preferred arrangement, if the active window is not a web-browser the server-authentication application may show a message 22 such as “no browser window active”. In particular arrangements, this feature may be absent or may be optionally turned off by a user.
- the server-authentication application 15 checks the authentication of the content-provider server 3 from which the web-browser is requesting data. This is achieved by first converting at 23 the hostname portion of the URL of the content-provider server 3 into an IP address. There are a number of ways in which this can be done and persons skilled in this art will be aware of all of these. In the simplest arrangement, the hostname portion of the URL is converted into an IP address using a DNS server.
- the IP address of the content-provider server 3 is checked 24 against the client-database of non-authenticated IP addresses 16 and the client-database of authenticated IP addresses 17 , if present. If the IP address appears 24 a in the client-database of non-authenticated IP addresses 16 , a warning is provided 25 on the 30 VDU 12 that the user would be wise to ignore any content-data (e.g. webpage data) downloaded from the relevant content-provider server 3 . If the IP address appears 24 b in the client-database of authenticated IP addresses 17 , an indication is provided 26 that it is fine to proceed.
- content-data e.g. webpage data
- the indication may include a visual logo or other indicia of a content-provider such that the user is able to easily and quickly identify that the content-provider server 3 is authentic. If the IP address does not appear in either of the client-databases 16 , 17 , a cautionary warning is preferably provided 27 to the user. Although here shown as visible indications, any of these warnings/indications may alternatively or additionally be given audibly.
- Visible messages may be conveyed in a variety of different ways.
- warnings or cautions are given by means of a status window, such as those shown at 25 , 26 and 27 in FIG. 4 (see also FIG. 6 below), that is always on top of any windows that are open on the VDU 12 .
- this status window should be on top so that its reporting cannot be hidden by another window. It always reports on the active window, pop-up windows, frame sets, frames or other sub-windows. The user cannot interact with a window unless it is active, so that the active window is always the dominant window that is reported, although the system could also display the status of other open windows (see FIG. 5 below) and a history of other opened windows.
- FIG. 5 An example of a more complex on-top status window is illustrated in FIG. 5 , which shows part of a webpage 28 that is the active window, its menu bars 29 being shown at the top of the display.
- Always on-top status window 30 is shown on top of the active window 28 .
- Below its title bar 31 are icons representing those windows that are open, in this example. In other examples (see for example, FIG. 6 discussed below), only the active window may have an icon.
- the larger icon 32 at the left of status box 30 indicating the active window, shows the icon of OnlineBank, a legitimate website.
- three other windows are also open, but are not active. Icons corresponding to these are shown on a smaller size in the right-hand portion of status window 30 .
- one, 33 shows the icon of ShopOnline, a legitimate site.
- one, 34 is suitably depicted in red, this color and the word “warning” indicating that the site corresponding to it appears on the client-database of non-authentic IP addresses 16 .
- Icon 35 indicates that a fourth window which is open but not active does not appear on either of the client-databases of authenticated and non-authenticated IP addresses 16 , 17 , and is suitably shown in yellow, indicating “Proceed with caution”.
- Warning indications may also, or alternatively, be displayed on the task bar or docking bar at the edge (e.g. bottom) of the display screen, as indicated in FIG. 6 .
- the right hand side of a task bar 36 in a Microsoft Windows (RTM) operating system controlled computer has a clock 37 and a number of icons 38 indicating programs that are operating in the background. In some cases these icons will change depending upon the status of the program concerned.
- an icon 39 appears on the right hand side of the task bar and changes its status depending upon whether the active window, being a browser, has an IP address that appears in the client-database of non-authenticated IP addresses 16 , the client-database of authenticated IP addresses 17 (if present), or in neither client-database.
- This change of status can suitably be indicated by changes in color: the icon 39 showing green if the IP address appears in the client-database of authenticated IP addresses 17 , red if the IP address appears in the client-database of non-authenticated IP addresses 16 , and yellow if the IP address appears in neither of the client databases 16 , 17 .
- an audible warning is also given in either of the latter two cases.
- a similar icon 39 is displayed at the left end of the title bar for the on-top status window, as seen in this Figure and also in the messages shown at 25 , 26 and 27 in FIG. 4 , and may also change color in a similar fashion.
- the server-authentication application 15 will help to prevent fraudulent extraction of personal details, such as bank information that can be used illegally. It will be appreciated that the system also gives assurance to a user, when a particular content-provider server 3 is confirmed as having an IP address on the authenticated client-database 16 , the content-data from that server 3 (e.g. webpage data) may be trusted.
- the server-authentication application 15 may optionally be configured so that the user can only proceed after a danger warning has been expressly acknowledged by the user, e.g. by means of an optional warning pop-up window which the user has to acknowledge.
- the server-authentication application 15 determines whether the hostname of the URL of the active window relates to a content-provider server 3 external to a local network, i.e. that the hostname relates to an Internet domain-name and not, for example, to a local hostname. If the application 15 determines that the hostname of the active window relates to a local network, the application 15 preferably provides a ‘Local Network’ indication on the VDU 12 .
- the server-authentication application preferably displays ‘Not Analysed’ on the VDU; an icon or similar graphic, indicating the application that is executing in the active window, may also be displayed. Accordingly, the server-authentication application continually provides a user-indication of the status of the active window.
- the content-data stored on a content-provider server 3 may include a link to content-data stored on another content-provider server having a different IP address.
- webpage data of a first content-provider may include a frame that links to information provided by a second content-provider.
- a typical example of this is in the use of framed advertisements within a webpage.
- a fraudster may use the concept of frames to provide a content-provider server that first links to content-data provided by a legitimate site (e.g. a bank) and also to content-data provided by a fraudulent site.
- the content-data of the fraudulent site may appear as a framed advertisement which surreptitiously monitors all data traffic between the client computer 1 and the legitimate site.
- a user may be presented with a webpage that is obtained from a legitimate site, and therefore looks and behaves as a legitimate webpage, whilst the fraudulent frame within the webpage monitors any user-authorization data entered by the user.
- a fraudulent site may include a frame to a legitimate site to show apparent authenticity, or the fraudulent site may include a frame that mimics legitimate content, e.g. the fraudulent site may include a frame that appear as a complete webpage of a legitimate site, although it is in reality a frame.
- the server-authentication application 15 therefore preferably resolves and checks the IP addresses of all hostnames of content-provider servers from which content-data is retrieved by the client computer 1 .
- the server-authentication application 15 does not only resolve and check the IP address of the hostname of the URL that appears in the active window, but also any hostnames that are embedded within the content-data retrieved from the URL. For example, if the webpage www.onlinebank.com/home.html includes a link to www.onlineshop.com/logo.html then the server-authentication application 15 resolves and checks the IP addresses of both www.onlinebank.com and www.onlineshop.com.
- the server-authentication application 15 may include IP addresses of third-party servers that are regarded by the subscriber as legitimate for the purposes of inclusion within its content-data.
- the server-authentication application 15 then checks the IP address of the main hostname against the list of IP addresses 8 of the authenticated database 17 . If the IP address is found within the database 17 , then any hostnames that are embedded within the content-data retrieved from the main hostname are then resolved and checked against the third-party IP addresses stored in the related-information 9 .
- a content-provider server 3 may store both non-fraudulent and fraudulent content-data.
- a content-provider server 3 may host different websites.
- the content-provider server 3 www.freewebsite.com. may host the website of John, www.freewebsite.com/John/home.html. and the website of Peter, www.freewebsite.com/Peter/home.html. Whilst John provides a legitimate website, the website provided by Peter is a spoof website. Since the hostname of both websites is the same, the resolved IP address of each website will also be the same. Consequently, both websites are treated equally by the server-authentication application 15 .
- the database of non-authenticated IP addresses 6 and the database of authenticated IP addresses 7 preferably store not only IP addresses but also the URL or part of the URL associated with the IP address.
- the database of non-authenticated IP addresses 6 might store the IP address 121.202.327.75 and the path ‘ ⁇ Peter’ and/or the filename ‘ ⁇ Peter ⁇ home.html’, whilst the database of authenticated IP addresses 7 might store 121.202.327.75 and ‘ ⁇ John’ and/or ‘ ⁇ John ⁇ home.html’.
- the server authentication application 15 is then operable to check both the IP address and also at least part of the URL against the corresponding client-databases 16 , 17 . Only if both the IP address and at least part of the URL appear in the client-databases 16 , 17 is a warning 25 or indication 26 provided.
- the database of non-authenticated IP addresses 6 , the client-database of non-authenticated IP addresses 16 , and any fragment 18 may store only the domain name, URL or part of a URL of a particular content-provider server 3 .
- the IP address of the domain is stored in the database 6 , 16 or fragment 18 as a series of asterisks (i.e. ***.***.***.***) or some other artificial IP address (e.g. 999.999.999), which the server authentication application 15 uses to identify a server as having no specific or fixed IP address.
- the website www.falsewebsite.com may change its IP address frequently in order to avoid detection.
- the domain name, URL or part URL of the content-provider server 3 is then compared against each of the entries in the client-database 16 having an artificial IP address. If the domain name, URL or part URL of the content provider server 3 appears in the client database 16 , a suitable warning is provided 25 . Alternatively, the comparison of domain names, URL or part URL may be carried out before the comparison of IP addresses. By storing the domain name, URL or part URL of content provider servers 3 that employ frequently-changing IP addresses, the server authentication application 15 is still able to identify fraudulent content providers.
- the server-authentication application 15 also guards against IP-address spoofing when the IP address, having been checked, may appear on the authenticated client-database 17 or on neither of the authenticated and non-authenticated client-databases 16 , 17 , and yet the content-data (e.g. webpage data) may still emanate from a fraudulent source.
- a sophisticated fraudster can configure a content-provider server 3 to send content-data that appears to emanate from a different IP address to the one it actually does come from.
- the apparently authenticated IP address or the IP address that does not appear on either client-database 16 or 17 is substituted at step 40 for the hostname portion of the URL, and a request for the content-data of the URL is sent.
- content-data e.g. a webpage data
- the server-authentication application 15 ascertains at 23 in the flow diagram of FIG. 4 that the IP address of www.mybank.com is, say, 123.456.789.100
- the server-authentication application 15 sends a request for the content-data of http://123.456.789.100/customer/datalhome.html.
- the implication 42 is that the site is likely to be legitimate and then depending upon whether the IP address appears in the client-database of authenticated IP addresses 17 or does not appear in either client-database 16 , 17 , the “OK to proceed” indication 26 or the “Proceed with caution” indication 27 will be displayed.
- the server-authentication application 15 draws the implication at step 45 that the content-provider server 3 is likely to be illegitimate, notwithstanding that the original apparently derived IP address at step 23 may have indicated an IP address that appeared on the authenticated client-database 17 (or did not appear on either client-database 16 , 17 and so could possibly be legitimate). Accordingly, in event 45 , rather than displaying either the “OK to proceed” indication 26 or the “Proceed with caution” indication 27 , the clear “Warning” indication 25 is displayed.
- the server-authentication server 15 may alert the user to spoofing by displaying the actual hostname or URL, as well as the IP address, of the content-data or content-provider server 3 such that the user can immediately identify whether the actual hostname or URL corresponds to that which appears in the active window.
- the server-authentication application 15 receives (e.g. downloads) from the security server 4 the entire database of non-authenticated IP addresses 6 and also the entire database of authenticated IP addresses 7 .
- the size of the authenticated database 7 will naturally increase. With sufficient numbers of subscribers, the size of the authenticated database 7 may become excessively large such that too much time is spent by the client computer 1 in receiving the database 7 .
- the database of authenticated IP addresses 7 comprises a plurality of fragments 18 , each fragment 18 corresponding to a particular domain 19 and storing IP address 8 associated with the domain 19 .
- Related information 9 such as the date on which the fragment was created, the subscriber that provided the fragment, URL links etc., may again be additionally stored, with each fragment 18 having respective related information 9 .
- the database of non-authenticated IP addresses 6 may also comprise a plurality of fragments 18 , each fragment 18 corresponding to a particular domain 19 and storing IP address 8 .
- each fragment 18 comprises both a list of non-authenticated IP addresses and a list of authenticated IP addresses 8 . Consequently, a content-provider is able to provide a fragment 18 that stipulates which sites (i.e. IP addresses) it considers to be genuine and which sites is considers to be fraudulent.
- the fragment 18 is received (e.g. downloaded) by the server-authentication application 15 , the relevant portions of the fragment (e.g. the lists of non-authenticated and authenticated IP addresses) are extracted and added to the client databases 16 , 17 .
- the server-authentication application 15 includes instructions to determine the hostname of the URL of the active window. The application 15 then compares the hostname against the client-database of authenticated IP addresses 17 . If a fragment corresponding to the hostname is found in the client-database 17 , the IP address of the hostname is resolved and compared against the IP addresses listed for that fragment, in the manner described above.
- the server-authentication application 15 establishes a connection with the security server 4 and compares the hostname of the content-provider server 3 against the server-database fragments. If a fragment 18 corresponding to the hostname is found in the server-database of authenticated IP addresses 7 , the relevant fragment is delivered to the client computer 1 . The IP address of the hostname is then resolved and compared against the IP addresses listed in the fragment, in the manner described above.
- the received fragment is then added to the existing client-database 17 for future use. If no fragment 18 corresponding to the hostname of the content-provider server 3 can be found in the server-database fragments, the server-authentication application 15 provides as an indication (e.g. the “Proceed with caution”) that the authenticity of the content-provider server 3 could not be verified.
- the client computer 1 may alternatively store a database of visited servers in memory 13 .
- the database of visited servers stores a list of hostnames of content-provider servers 3 that have previously been accessed by the client computer 1 , or alternatively a list of domains of content-provider servers 3 that have been accessed.
- the hostname of the URL is then compared against the database of visited servers. If a match is found, the IP address of the hostname is resolve and compared against the IP addresses listed in the clientdatabase 17 in the manner described above. If, however, a match is not found, then the hostname is added to the database of visited servers by the server-authentication application 15 .
- the application 15 then establishes a connection with the security server 4 and compares the hostname against the server-database of authenticated IP addresses 7 . If a fragment 18 corresponding to the hostname is found in the server-database of authenticated IP addresses 7 , the relevant fragment is delivered to the client computer 1 whereupon the received fragment is added to the existing client-database 17 . The IP address of the hostname is then resolved and compared against the IP addresses listed in the client-database 17 in the manner described above.
- the authenticated client-database 17 is stored as fragments 18 , it is possible for the authenticated client-database 17 to become outdated. For example, once the fragment for ‘onlinebank.com’ is added to the client-database 17 , is it possible for the server-authentication application 15 to re-authenticate the site ‘onlinebank.com’ at a later date without having to rely upon the security server 4 . In order to prevent the authenticated client-database 17 from becoming outdated, the server-authentication application 15 may periodically refresh fragments 18 and retrieve once again the fragments 18 from the security server 4 .
- the related-information 9 associated with each fragment may include a creation or expiry date, which is used by the server-authentication application 15 to determine when to refresh the fragment or, alternatively, delete the fragment from the client-database 17 .
- each entry in the database may include a creation or expiry date, which is again used by the server-authentication application 15 to determine when to refresh the entry and corresponding fragment or, alternatively, delete the entry from the database.
- fragments 18 associated with a particular domain may be stored on a content-provider server 3 of a subscriber.
- the fragment for ‘onlinbank.com’ may be stored on a server provided by OnlineBank in addition to or rather than the security server 4 .
- the server-authentication application 15 then receives the relevant fragment from the content-provider server 3 rather than the security server 4 .
- the relevant fragment is received (e.g. downloaded) from the content-provider server 3 in response to the client computer 1 requesting content-data from the content-provider server 3 , e.g. when attempting to view webpage data.
- the database of non-authenticated IP addresses 6 may be additionally or exclusively stored on a server of an assured organization.
- the server-authentication application 15 may present the user with the option of receiving (e.g. downloading) fragments/databases exclusively from the security server 4 or additionally from the server of the relevant content-provider/organization if the fragment/database is unavailable from security server 4 .
- each fragment 18 may comprise a list of non-authenticated IP addresses in addition to a list of authenticated IP addresses 8
- the fragment 18 and therefore the list of non-authenticated IP addresses list is obtained only after receiving (e.g. downloading) the fragment from the content-provider server 3 . It is therefore possible that the client-database of non-authenticated IP addresses 16 will not include information on known fraudulent sites until such time as the content-provider server 3 has been visited and the fragment 18 obtained.
- the server-authentication application 15 preferably also receives from the security server 4 , or other assured organization, the database of non-authenticated IP addresses 6 at regular intervals in addition to any fragments that may have been received.
- the server-authentication application 15 may check regularly for updates that become available. As already noted, the server-authentication application 15 preferably provides the user with the opportunity to receive a new, updated or refreshed database 6 from the security server 4 at periodic intervals.
- the databases 6 , 7 , as well as any fragments 18 are preferably encrypted using a proprietary 256-bit encryption having keys derived from the domain name of the server 3 , 4 storing the database 6 , 7 or fragment 18 and the domain name from which the database 6 , 7 or fragment 18 is received by the server-authentication application 15 . Accordingly, the server authentication application 15 , upon decrypting the received databases 16 , 17 or fragments 18 , is able to determine whether the databases 16 , 17 or fragments were received from the correct source and that the data contained therein is self-consistent. Additionally, in the case of fragments 18 , the server-authentication application 15 is able to determine that the received fragment contains information corresponding to the correct domain.
- the filename of each fragment 18 may also be encrypted.
- the fragment 18 corresponding to the domain 19 onlinebank.com may be stored on the security server 4 or a specific content-provider server 3 as a file called hqofmnn9hc64pxvk.xml, which has no apparent relation to the actual domain name.
- the filename of the fragment 18 is preferably encrypted using a first key based upon the domain 19 to which the fragment 18 relates (e.g. onlinebank.com) and a second key based upon the domain of the security server 4 or the specific content-provider server 3 .
- the filename of the fragment 18 will therefore be different when stored on different servers.
- the server-authentication application 15 In order to retrieve a fragment 18 , the server-authentication application 15 first resolves the fragment filename using the domain 19 to which the fragment 18 relates and the domain of the server 3 , 4 storing the fragment 18 . The server-authentication application 15 then retrieves (e.g. downloads) from the server 3 , 4 a file having the resolved filename. Since the filename of the fragment depends upon the domain of the server storing the fragment, a fragment copied from a first server to a second server (e.g. from the security server 4 to a fraudulent server) will not be found by the server-authentication application 15 .
- a fragment copied from a first server to a second server e.g. from the security server 4 to a fraudulent server
- the server-authentication application 15 may store a history database of recently visited sites, i.e. a list of content-provider servers 3 from which content data has recently been retrieved by the client computer 1 .
- the history database may include a list of all content-provider servers 3 that have been visited in the last month.
- the application 15 may retrieve fragments 18 corresponding to those content-provider servers 3 that are listed in the history database. In this manner, the fragments 18 of content-provider servers 3 that are likely to be revisited are kept up-to-date such that no noticeable delay is observed by the server-authentication application 15 when the content-provider servers 3 are revisited.
- the history database preferably includes information regarding the date and/or time on which the fragment 18 corresponding to a particular content-provider server 3 was last retrieved or updated.
- the server-authentication application 15 then retrieves only those fragments 18 where the authenticity of the fragment 18 has timed-expired.
- the server-authentication application 15 which is the software necessary to configure a client computer 1 to operate in the manner described above and to provide security against phishing over the communications network 5 , may be provided as a single computer program or suite of computer programs, which may be provided on a computer-readable data storage device, such as a floppy disk or a CD/DVD.
- the computer program or suite of computer programs may be made available for download over the communication network 5 from the security server 4 (see FIG. 1 ), or from a trusted content-provider server 3 , such as a bank, licensed to provide the software.
- the user is requested to enter a unique identifier upon installing the software.
- the unique identifier entered by the user is then encrypted, preferably using a key particular to the user's copy of the server authentication software, and stored (e.g. as a file) in the memory 13 of the client computer 1 .
- the server-authentication application 15 when executed, decrypts and displays the unique identifier on the VDU 12 , e.g. on the title bar of the server-authentication application 15 . If the server-authentication software were to be replaced (e.g. by a fraudulent copy), the encryption key would be unknown and accordingly an incorrect unique identifier would be displayed by the application 15 on the VDU. Accordingly, the user is provided with an indication if the server-authentication software has been changed.
- Banks, financial institutions and other e-commerce or similar content-providers which provide services and/or information over the Internet and which rely upon user-authorization data (e.g. personal details of a user) or wish to assure users of the validity of their webpages and any information thereby conveyed may register their IP addresses with the provider of the security server 4 to be included in the database 7 of authenticated IP addresses.
- user-authorization data e.g. personal details of a user
- a database of authenticated IP addresses 17 may be stored, and in that case, the server-authentication application 15 is only able to give assurance that a website may be trusted when its IP address is found in that database (and, if the check against address spoofing feature is included, the address is additionally shown not to have been spoofed).
- a database of non-authenticated IP addresses 16 may be stored, and in that case, the server-authentication application 15 is only able to give a clear danger warning when the IP address of a particular website appears in this database or (if the check against address spoofing feature is also included) if the address is shown to have been spoofed.
- content including but not limited to email messages, instant messages, chat messages, documents, webpages, and link data can be filtered at the server before being communicated to the client computer or before being displayed to an end user on the client computer.
- a server or server component can determine a domain name of the content-provider server (e.g., website, email (sender) server).
- the server or server component can also request data from the content-provider server in order to obtain a fragment of a database of IP addresses.
- the data can include, but is not limited to, at least one fragment of a database of IP addresses.
- the fragment corresponds to the domain name of the content-provider server and one or more IP addresses associated with the domain name.
- the server or server component can compare the IP address of the content-provider server against the IP addresses of the fragment and provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- the server or server component can also determine whether data from the content-provider server has been previously requested. If it has been received within a pre-determined time indicating validity of the data, the server or server component can access one or more of its databases or memory stores to obtain the information. Otherwise, the fragment can be obtained if the request for such data has not already been submitted to the content-provider server.
- the client computer is not tasked with determining whether the content is from an authenticated, non-authenticated, or unknown source, nor is the end user exposed to potentially damaging information (e.g., spam, phishing messages, viruses, etc.). Rather, this determination is made at the server level and by the server, thereby affording additional protection to the client computer as well as to the end user, which in some cases may be desired.
- the end user is not necessarily tasked with choosing whether to view or download content from a server that is not authenticated or that is unknown (neither authenticated nor non-authenticated), as this decision can be burdensome to some users since making a bad decision may have significant impact to the user's computer as well as to the server and other connected client computers.
- the end user can request to be informed when content from a content-provider is blocked.
- the server determines whether the email contains links to a trusted source (e.g., authenticated content-provider server/IP address) or non-trusted source in a manner as described above.
- a trusted source e.g., authenticated content-provider server/IP address
- This evaluation can be performed in part through the use of server-based databases (e.g., server-authenticated databases), independent of client-maintained databases.
- server-authenticated and -non-authenticated databases can be maintained, updated, and employed—at or by the server—to determine whether a content-provider server is authenticated, non-authenticated, or neither without requiring a similar authentication performance by the client computer.
- a server that receives messages sent to user Q can essentially filter such content on a server side before any messages are delivered to the user Q.
- a request via the client computer to access content such as a website or other content on a network (e.g., content-provider server).
- content-provider server e.g., content-provider server
- the request is communicated to the client's server(s) and from there, the server performs the process in which the content-provider server is determined to be authenticated, non-authenticated, or neither.
- the server may have a protocol in place to decide whether to permit access to the content-provider server.
- the server can communicate the result to the client computer and allow the end user to make the decision based on the server's analysis.
- such content and source authentication can be done on the client side but before any content from the content-provider server is displayed on the client computer for user viewing—such as on a visual display unit.
- the client computer or the server may be busy processing other items. Therefore, the authentication process of the content-provider server can switch between the server and the client computer depending on the existing processing loads of the server and client. For example, if the client computer cannot perform the authentication process, it can request or automatically inform the server to perform the process. Likewise, if the server cannot perform the authentication process due to a technical problem or otherwise, the server can signal or instruct the client computer to perform it. This switching of content-provider server authentication can be take place seamlessly and automatically and be completely invisible to the end user.
- identity profiling to produce, amongst other things, targeted advertising is a growing feature of internet usage. Identity profiling is similar to identity theft in the way that it collects personal and possibly confidential information about an individual without their specific consent or permission. It then uses this information to target an individual with relevant e-mails or advertising which supposedly will have a greater influence than general advertising. This can be contrasted with identity theft which uses information about an individual for fraudulent purposes. Identity profiling has moral implications that many are questioning.
- ISPs internet service providers
- search engines could be a search for ‘sports car’.
- sports car’ search input could produce advertisements for car dealers selling sports cars in the sponsored links section of the page.
- Privacy concerns are magnified for users when their complete internet usage is being monitored, not just random searches. Extrapolating the principle on a much larger and more realistic scale of monitoring, users have no knowledge of and do not know how the data will be used, moral or otherwise.
- One solution to this problem is to give the ISPs that are monitoring usage large amounts of additional information such that the ‘real’ profile information of the individual is lost or obscured in the ‘white noise’ which is being generated independently of the individual but by software on the individual's computer.
- a software system tool can generate browser requests to URLs without intervention of a user so as to mimic or appear to be produced by the user.
- a typical user is browsing various web pages, clicking through to interior pages and sitting on some for longer periods of time than others or jumping to sites that are unrelated or at least somewhat related relatively quickly and then sitting on a page for awhile.
- the generated browser requests to URLs can mimic real browsing behavior of a user. This can be accomplished in part by employing a variety of browsing behaviors such as clicking from site to site, staying only on a site briefly and then landing on a site and even clicking through to interior pages and staying on the same site as if the user found something of interest.
- the subject system or method can generate “fake” browser requests.
- the fake or generated browser requests can be made by choosing from various URLs (that do exist) but that when analyzed collectively to determine the user's preferred subjects, topics, favorites, or other real browsing patterns for the user, no such “profile”, browsing pattern, or user preferences can be discerned. Thus, few if any targeted advertisements can be successfully chosen and sent to the user.
- the mimicking of real browser behavior is performed by creating a neutral profile without any indication as to what “profile” the user may subscribe. For example, if a college student's browsing habits could identify them as a student, then this data must be lost or hidden within the generated browsing requests so that no identity profile can be accurately established for the user.
- the subject system or method can effectively “hide” real user data by masking it with a proportionally greater amount of generated browsing data (browsing requests). For instance, the number of generated browsing requests can be based on a factor (e.g., a factor of 10 or some other integer greater than 1) of a relative amount of real data communicated to the server. By doing so, the real user data is essentially lost amongst the generated user data.
- the generated browsing activity can include a multitude of URLs, for instance, that the targeted advertising system cannot understand, or that would essentially make it difficult for the targeted advertising system to determine which targeted advertisements to send to the user.
- URLs for instance, that the targeted advertising system cannot understand, or that would essentially make it difficult for the targeted advertising system to determine which targeted advertisements to send to the user.
- a substantial portion of the user's personal browsing activity is not shared. Even more so, the user is not inundated with either relevant or irrelevant targeted ads.
- server software cannot readily detect the use of such a software system tool, which jams any detection of targeted advertising with sufficient generated fake user data such that the real data generated by the user is only a small percentage of the data collected.
- the browsing system tool can include a plurality of components to facilitate jamming the data collection process performed by targeted advertising systems or methods.
- the software system tool can form a database of websites or URLs that are non-discriminating, generic, non-descript, and/or non-distinct meaning that these websites are geared toward the masses and that knowing that a user has been to one or more of these website does not provide any interesting or helpful information about the user for targeted advertising purposes.
- the system tool can collect URL data in at least one of two ways.
- a browser request generation component can collect URL data for the user by selecting a URL from the white noise database each time the user goes to a different URL. This means that the time the user spends at each URL is copied or mimicked but the actual URL visited by the user is replaced with another specifically or randomly selected URL (from the database).
- the browser request generation component can select URLs from the database and based on a time scheme that is appropriate for the type of user or user profile type.
- an Internet search engine can scan or monitor the Internet for such websites that are appropriate to produce URL data clutter (white noise) to hinder targeted advertising efforts and then add them to or replace older or out of date URL data in the database.
- the tool can be turned off or on as desired by the user.
Abstract
Methods of authenticating a content-provider server by a server are provided. One method comprises determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the fragment of IP addresses.
Description
- This application is a continuation-in-part of U.S. application Ser. No. 11/573,980 entitled SERVER AUTHENTICATION, filed on Feb. 20, 2007, which is the U.S. national phase of international patent application no. PCT/GB2005/003237, which was filed on Aug. 19, 2005, and which claims priority to GB0418613.6, filed 20 Aug. 2004, and GB0510803.0, filed 26 May 2005, the entireties of which are incorporated herein by reference.
- The present invention relates to a method and system for authenticating servers of content-providers that provide content-data, such as webpage data, to client computers over a communications network, such as the Internet.
- As online banking and other transactions of value have increased in popularity over the Internet, users have been fooled or coerced into revealing bank account details, passwords and other personal details to unauthorized people who may use this information dishonestly. This technique, often now referred to as “phishing” may be initiated from an e-mail supposedly from a bank or other financial or commercial institution, such as an e-trader, sent to an ostensible customer with a link to a website where there is a request to enter personal or bank details, passwords or PIN numbers. This website may be an exact copy of a valid site belonging to the correct financial or commercial institution, or may be an entirely valid site of such institution with a fraudulent pop-up window that requests details or uses other means to deceive the customer concerned.
- Other phishing methods include inserting rogue computer code or object into legitimate pages by methods, which include proxy servers, packet manipulation and installation of software or devices on a client computer. It has also been known for fraudsters to adopt similar URL's (uniform resource locators) to a genuine business to fool people into thinking they are on a legitimate site. For example, the URL Onlinebank.com, with an initial “0” (zero) rather than an initial “0” may be used to deceive people into believing they have reached the site of Onlinebank.com.
- Still further methods include setting up totally fraudulent web sites pretending to be legitimate or non-existent charities or commercial organizations to fool users into donating monies to or purchasing goods from fraudulent organizations, which have not necessarily been reached via invitation from e-mails.
- Numerous prior proposals have been made with a view to improving security on the Internet and avoiding or frustrating phishing, but none have been entirely satisfactory.
- For example, WO 2004/055632 describes a system in which a complex algorithm is employed to determine whether a particular URL may be trusted or not. This analysis may take account of content and layout of a web page, age and size of the website and the number of hyperlinks and scores the web page under each of these headings to give a determination as to whether the web page can likely be trusted or likely not be trusted. On the basis of this analysis, the URL of the web page is added to a trusted list or a distrusted list maintained by the client computer. Nevertheless, a fraudulent website will often appear as an exact copy of a legitimate site and therefore be added to the list of trusted sites.
- In a first aspect, the present invention provides a method of authenticating a content-provider server comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the fragment of IP addresses.
- Preferably, the fragment is stored on a remote server and obtaining the fragment comprises requesting from the server a copy of the fragment and receiving from the server a copy of the fragment.
- Advantageously, the fragment is stored on the server as a file having a filename that is, unique to the domain name of the content-provider server and requesting a copy of the fragment from the server comprises requesting a file having a filename that is unique to the domain name of the content-provider server.
- Conveniently, the filename of the fragment is unique to both the domain name of the content-provider server and a domain name of the server on which the fragment is stored. Preferably, the filename of the fragment is encrypted using encryption keys derived from the domain name of the content-provider server and the domain name of the server on which the fragment is stored.
- Advantageously, the fragment stores one or more authenticated IP addresses and one or more non-authenticated IP addresses and the method comprises providing an indication that the IP address of the content-provider server is an Authenticated IP address, a non-authenticated IP address, or neither.
- Conveniently, the method comprises: storing a database of authenticated IP addresses and a database of non-authenticated IP addresses; appending the IP addresses of the fragment to at least one of the database of authenticated IP addresses and the database of non-authenticated IP addresses; comparing the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and providing an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- Preferably, the method comprises: obtaining a list of non-authenticated IP addresses from a remote server; and comparing the IP address of the content-provider server against the IP addresses of the fragment and the list of non-authenticated IP addresses.
- Advantageously, the method comprises: storing a database of authenticated IP addresses and a database of non-authenticated IP addresses; appending the IP addresses of the fragment to at least one of the database of authenticated IP addresses and the database of non-authenticated IP addresses; appending the list of non-authenticated IP addresses to the database of non-authenticated IP addresses; comparing the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and providing an indication that the IP address of the content provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- Conveniently, the content-provider server has a hostname and the method comprises: obtaining first data from the hostname; resolving the IP address of the hostname; obtaining second data from the resolved IP address; comparing the first data and second data; and providing an indication that the first data and second data are identical or non-identical.
- Preferably, the fragment includes one or more URLs or portions of URLs associated with each IP address stored by the fragment, and the method comprises: comparing at least a portion of the URL of the content-provider server against the URLs or portions of URLs of the fragment that are associated with the IP address of the content-provider server; and providing an indication that the IP address and the portion of the URL of the content-provider server is included in or excluded from the fragment.
- In a second aspect, the present invention provides a client computer connectable to a content-provider server over a communications network, wherein the client computer is operable to: determine a domain name of the content-provider server; obtain a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content provider server and storing one or more IP addresses associated with the domain name; compare the IP address of the content-provider server against the IP addresses of the fragment; and provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- Preferably, the client computer is operable to request data from the content-provider server and to obtain the fragment in response to the request for data from the content-provider server.
- Advantageously, the client computer is operable to: request data from the content-provider server; determine whether data from the content-provider server has previously been requested; and to obtain the fragment if data from the content-provider has not previously been requested.
- Conveniently, the client computer is operable to retrieve the fragment from a server over the communications network, and the fragment is stored on the server as a file having a filename that is unique to the domain name of the content-provider server.
- Preferably, the fragment is stored on a security server.
- More preferably, the client computer is operable to determine whether the fragment of IP addresses stored on the server has changed and to retrieve from the server the fragment if it is determined that the fragment has changed.
- Advantageously, the filename of the fragment is unique to both the domain name of the content-provider server and a domain name of the server on which the fragment is stored.
- Conveniently, the filename of the fragment is encrypted using encryption keys derived from the domain name of the content-provider server and the domain name of the server on which the fragment is stored.
- Preferably, the fragment stores one or more authenticated IP addresses and one or more non-authenticated IP addresses and the client computer is operable to provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- Advantageously, the client computer stores a database of authenticated IP addresses and a database of non-authenticated IP addresses, and the client computer is operable to: append the IP addresses of the fragment to at least one of the database of authenticated IP addresses and database of non-authenticated IP addresses; compare the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- Conveniently, the client computer is connectable to a security server over the communications network, and the client computer is operable to obtain a list of non-authenticated IP addresses from the security server and to the compare the IP address of the content-provider server against the IP addresses of the fragment and the list of non-authenticated IP addresses.
- Preferably, the client computer stores a database of authenticated IP addresses and a database of non-authenticated IP addresses, and the client “computer is operable to: append the IP addresses of the fragment to at least one of the database of authenticated IP addresses and database of non-authenticated IP addresses; append the list of non-authenticated IP addresses to the database of non-authenticated IP addresses; compare the IP address of the content-provider server against the database of authenticated IP addresses and the database of non-authenticated IP addresses; and provide an indication that the IP address of the content-provider server is an authenticated IP address, a non-authenticated IP address, or neither.
- Advantageously, the client computer is operable to: obtain data from the content-provider server that includes a link to a further content-provider server; compare the IP address of the further content-provider server against the IP addresses of the fragment, and provide an indication that the IP address of the further content-provider server is included or excluded from the received database of IP addresses.
- Conveniently, the content-provider server has a hostname and the client computer is operable to: obtain first data from the hostname; resolve the IP address of the hostname; obtain second data from the resolved IP address; compare the first data and second data; and provide an indication that the first data and second data are identical or non-identical.
- Preferably, the fragment includes one or more URLs or portions of URLs associated with each IP address stored by the fragment, and the client computer is further operable to: compare at least a portion of the URL of the content-provider server against the URLs or portions of URLs of the fragment that are associated with the IP address of the content-provider server; and provide an indication that the IP address and the portion of the URL of the content-provider server is included in or excluded from the fragment.
- Preferably, the fragment stores IP addresses associated with a URL.
- Advantageously, the client computer is operable to provide a visual indication that the content-provider server is a trusted or non-trusted site.
- Conveniently, the client computer operates a window-based operating system and the client computer is operable to determine whether an active window of the operating system is executing an application capable of requesting data from the content-provider server, and the client computer is operable to compare the IP address of the content-provider server and to provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment if it is determined that an active window is executing an application capable of requesting data from a content-provider server.
- In a third aspect, the present invention provides a method of operating a client computer connectable to a content-provider server over a communications network, the method comprising: determining a domain name of the content-provider server; obtaining a fragment of a database of IP addresses, the fragment corresponding to the domain name of the content-provider server and storing one or more IP addresses associated with the domain name; comparing the IP address of the content-provider server against the IP addresses of the fragment; and providing an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- In a fourth aspect, the present invention provides a computer program or suite of computer programs, which may be provided on a computer-readable storage medium, executable by a client computer to perform the above method.
- In a fifth aspect, the present invention provides a security server connectable to a client computer over a communications network, the security server storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name, and the security server is operable to receive a request from the client computer for a fragment, and to deliver the requested fragment to the client computer.
- Preferably, the security server stores each fragment as a file having a filename that is unique to the domain name to which the fragment corresponds, and the security server is operable to receive a request from the client computer for a fragment having a particular filename, and to deliver the fragment having the particular filename to the client computer.
- Advantageously, the filename of the fragment is unique to both the domain name to which the fragment corresponds and to a domain name of the security server on which the fragment is stored.
- Conveniently, the filename of the fragment is encrypted using encryption keys derived from the domain name to which the fragment corresponds and the domain name of the server on which the fragment is stored.
- Preferably, the security server is connectable to a content-provider server over the communications network and the security server is operable to: receive one or more IP addresses from the content-provider server; and store the received IP addresses as a fragment, the fragment corresponding to a domain name of the content-provider server.
- Advantageously, the security server stores a database of authenticated IP addresses and a database of non-authenticated IP addresses as a plurality of fragments.
- Conveniently, the security server stores a database of authenticated IP address as a plurality of fragments, each fragment corresponding to a domain name and storing authenticated IP addresses associated with the domain name, and a database of non-authenticated IP addresses, and the security server is operable to: receive a request from the client computer for a fragment of the database of authenticated IP addresses; deliver the requested fragment to the client computer; receive a request from the client computer for the database of non-authenticated IP addresses; and deliver the database of non-authenticated IP addresses to the client computer.
- Preferably, the security server is operable to receive a request from the client computer that includes information identifying a domain name of a content-provider server, and to deliver to the client computer a fragment corresponding to the identified domain name.
- Advantageously, each fragment stores IP addresses associated with a URL.
- In a sixth aspect, the present invention provides a method of operating a security server connected to a client computer over a communications network, the method comprising: storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name; receiving a request from the client computer for a fragment; and delivering the requested fragment to the client computer.
- In a seventh aspect, the present invention provides a computer program or suite of computer programs, which may be provided on a computer-readable storage medium, executable by a server computer to perform the above method.
- In an eighth aspect, the present invention provides a client computer connectable to a content-provider server and to a security server over a communications network, the security server storing a database of IP addresses as a plurality of fragments, each fragment corresponding to a domain name and storing IP addresses associated with the domain name, and the client computer is operable to: determine the domain name of the content-provider server; obtain from the security server a fragment of the database of IP addresses corresponding to the domain name of the content-provider server; compare the IP address of the content-provider server against the received fragment of IP addresses; and provide an indication that the IP address of the content-provider server is included or excluded from the received fragment of IP addresses.
- The term ‘window-based operating system’ as used herein is intended to encompass any operating system that makes use of windows in a graphic display, usually only one such window being active at anyone time, and sometimes only one such window being visible on a graphic display at anyone time. Examples of window-based operating systems include Microsoft Windows®, the various Macintosh® operating systems, as well as a variety of other window-based operating systems employed by various hand-held computer devices and third and higher generation mobile phones.
- Highly sophisticated fraudsters have been known to engage in what is known as “IP address spoofing”. In this case, even when a webpage is sent to the client computer and the IP address has been checked and may be found to be an authenticated IP address, it may still be possible for a fraudulent site to have produced it. This is because it is possible to configure a web server to send information that appears to emanate from a different IP address to the one it actually comes from. However, this possibility can be readily overcome. If the apparently authenticated IP address is sent in substitution for the hostname or domain-name part of the URL, the apparently validated IP address can be authenticated for certain. If the same or similar content-data (e.g. webpage data) is returned then it follows that the content-data has come from a certainly authenticated IP address. If no reply is received or a totally different reply, then it can readily be surmised that the original content-data did not originate from the apparently authenticated IP address but from an altogether different fraudulent site. In this case, a danger warning should be given to override any other indication that might otherwise seem appropriate.
- In order that the present invention may be more readily understood, embodiments thereof will now be described, by way of example, with reference to the accompanying drawings in which:
-
FIG. 1 is a schematic representation of a computer network; -
FIG. 2 is a schematic diagram of databases stored on a security server embodying the present invention; -
FIG. 3 is a schematic diagram of a client computer embodying the present invention; -
FIG. 4 is a logic flow diagram of a method performed by a client computer embodying the present invention; -
FIG. 5 shows part of a computer display illustrating an always-on-top status window; -
FIG. 6 shows part of a computer display illustrating part of the taskbar at the bottom of the computer display; -
FIG. 7 is a logic flow diagram of a further method performed by a client computer embodying the present invention; and -
FIG. 8 is a schematic diagram of an alternative database stored on a security server embodying the present invention. -
FIG. 1 shows the basic arrangement of a network, such as the Internet, in which aclient computer 1 is connected to a plurality of content-provider servers 3 and to asecurity server 4 over acommunications network 5. - Each content-
provider server 3 has at least one IP address and stores content-data, such as HTML files, Java applets, sound and image files, etc., for downloading by theclient computer 1. The present invention is particularly concerned with content-provider servers 3 that require user authorization from theclient computer 1. For example, the content-provider server 3 may be an online bank, and content-data relating to a particular account holder, such as a statement of account, is provided only upon receipt from the client computer of a username and password. Alternatively, the content-provider server may be an online shop, whereupon goods may be purchased only upon receipt of the purchaser's credit or debit card details. - The content-data of a content-
provider server 3 is generally accessed by way of a uniform resource locator (URL), e.g. www.onlinebank.com/homellogin.shtml. The URL comprises a hostname and a path or filename, which in the present example are www.onlinebank.com. and ‘/homellong.shtml’ respectively. The hostname comprises a domain name, such as a fully qualified domain name or a sub-domain. URLs and IP addresses are related but are not directly equivalent to each other. Thus, when a web browser requests content-data from the URL www.onlinebank.com/homellogin.shtml. a domain name server (ONS) looks up and converts the hostname part of the URL into an IP address, such as 207.46.250.222 or whatever the appropriate IP address may be. Owing to domain-name aliasing, different hostnames may point to the same IP address. For example, www.onlinebank.co.uk or www.onlinebank.net may point to the same IP address as that of www.onlinebank.com. Moreover, stealth redirection means that a user accessing the same URL may be redirected to a different IP address on different occasions, even though the same hostname appears in the URL. Consequently, a user requesting content-data from a content-provider server 3, e.g. by entering a URL into his web browser, is generally unaware of the actual IP address and thus theactual server 3 providing the content-data. - As shown in
FIG. 2 , thesecurity server 4 stores a database of non-authenticated IP addresses 6 and preferably a database of authenticated IP addresses 7. Eachdatabase databases related information 9 associated with each of the listed IP addresses, such as the date on which the IP address was entered or updated in the database, and the level of threat or authenticity associated with the IP address. For example, the IP addresses of a content-provider server 3 that is known to mimic an online bank may have a high threat level, whilst an online shop that does not appear to satisfy certain online security requirements may have a low threat level. The related-information 9 associated with a particular IP address may also include details of the authority or subscriber that provided the IP address, as well as a graphical image (e.g. logo or animation) or sound clip associated with the authority or subscriber. Furthermore, the related-information 9 may include one or more links associated with a particular IP address. For example, eachdatabase database - The database of non-authenticated IP addresses 6 lists IP addresses that have been identified as fraudulent or potentially insecure, i.e. the
database 6 lists IP addresses ofcontent provider servers 3 that are not to be trusted. It is preferred that non-authenticated IP addresses be provided to thesecurity server 4 by an organization of assured status and integrity, such as a police authority or other government authority responsible for monitoring fraud, a banking authority, or other authoritative body outside of the commercial control of the security provider responsible for thesecurity server 4. - In a particular embodiment, a single assured organization is responsible for maintaining the
non-authenticated database 6. The assured organization may deliver theentire database 6, or portions of thedatabase 6 that have changed, to thesecurity server 4. Alternatively, thesecurity server 4 may retrieve theentire database 6, or portions of thedatabase 6 that have changed, from the assured organization. Delivery or retrieval may occur periodically or whenever a change occurs to thedatabase 6. - In an alternative embodiment, several assured organizations are responsible for maintaining the
non-authenticated database 6. In this instance, each assured organization provides a portion of thenon-authenticated database 6 stored on thesecurity server 4. Each portion may be delivered to thesecurity server 4 by the assured organization, or thesecurity server 4 may retrieve the portion from the assured organization at periodic intervals. - The database of authenticated
IP addresses 7 lists those IP addresses that have been provided by subscribers to thesecurity server 4. Each subscriber is typically a content-provider that wishes to register its servers on thesecurity server 4. For example, the subscriber may be the company OnlineBank, which provides a list of all its IP addresses. Each subscriber provides a portion of the authenticateddatabase 6, which may be delivered to thesecurity server 4 by the assured organization, or thesecurity server 4 may retrieve the portion from the subscriber at periodic intervals. - In a particular embodiment, the subscriber may also provide a list of IP addresses that it regards as untrustworthy and should therefore be added to the database of non-authenticated IP addresses 6. However, maintenance of the database of non-authenticated IP addresses 6 is preferably carried out by assured organizations only.
- The
client computer 1, as illustrated inFIG. 3 comprises aprocessor 10 provided with a window-based operating system, a user-input device 11 (such as a keyboard and/or mouse), a visual display unit (VDU) 12, amemory 13 and amodem 14 for transferring data across thecommunications network 5. Theclient computer 1 may alternatively transfer data across thecommunications network 5 via a LAN, whereby theclient computer 1 includes an ethernet card or similar device (not shown) for transferring data over the LAN, or indeed any other means for transferring data from theclient computer 1 across thecommunications network 5. - The
client computer 1 preferably includes a web-browser (e.g. as part of the operating system or stored separately in memory 13) for receiving content-data from the content-provider servers 3. However, any application-software suitable for receiving content-data from a content-provider server 3 (e.g. a file-browser or e-mail client operating in http, https, ftp, or similar protocol) may equally be used. Preferably, the web-browser or application-software is suitable for receiving user-authorization data from the user-input device 11 and for transferring the user-authorization data to a content-provider server 3. - The
memory 13 stores a server-authentication application 15, which is executable by theprocessor 10. The server-authentication application 15 includes instructions for receiving (e.g. downloading) from thesecurity server 4 the entirenon-authenticated database 6 and preferably the entire authenticateddatabase 7. The server-authentication application preferably provides the user with the opportunity to receive new, updated or refresheddatabases security server 4 automatically, periodically without intervention of the user of theclient computer 1, or by connection to thesecurity server 4 at specified intervals or at times entirely at the option of the user. The received databases are then stored inmemory 13. For the purposes of clarity, the databases stored on theclient computer 1 shall be referred to hereafter as the client-database of non-authenticated IP addresses 16 (or alternatively the non-authenticated client-database) and the client-database of authenticated client database 17 (or alternatively the authenticated client-database). - Referring to
FIG. 4 , the server-authentication application 15, when executed, additionally checks at 20 whether the active window of the windows-based operating system has changed. In any window-based operating system, there will generally be a single active window on the computer'sVDU 8, being the window on which various commands (for example “save”, “print”, etc.) may be initiated by the user-input device 11. Other windows may be open at the same time, whether visible on theVDU 12 or hidden behind other windows. The various windows open at anyone time are usually displayed on a task bar or docking bar at an edge (e.g. the bottom) of the graphic display. An authentication check is performed whenever the active window changes. Thus, in the case of “yes” in the logic flow diagram ofFIG. 4 , indicating that the active window has changed, the server-authentication application 15 checks at 21 whether the new active window is a web-browser or other application capable of transferring data across thecommunications network 5. In the most preferred arrangement, if the active window is not a web-browser the server-authentication application may show amessage 22 such as “no browser window active”. In particular arrangements, this feature may be absent or may be optionally turned off by a user. - However, if the new active window is, indeed, a web-browser or other application capable of transferring data across the
communication network 5, the server-authentication application 15 checks the authentication of the content-provider server 3 from which the web-browser is requesting data. This is achieved by first converting at 23 the hostname portion of the URL of the content-provider server 3 into an IP address. There are a number of ways in which this can be done and persons skilled in this art will be aware of all of these. In the simplest arrangement, the hostname portion of the URL is converted into an IP address using a DNS server. - Once the IP address of the content-
provider server 3 has been obtained, the IP address is checked 24 against the client-database of non-authenticated IP addresses 16 and the client-database of authenticated IP addresses 17, if present. If the IP address appears 24 a in the client-database of non-authenticated IP addresses 16, a warning is provided 25 on the 30VDU 12 that the user would be wise to ignore any content-data (e.g. webpage data) downloaded from the relevant content-provider server 3. If the IP address appears 24 b in the client-database of authenticated IP addresses 17, an indication is provided 26 that it is fine to proceed. The indication may include a visual logo or other indicia of a content-provider such that the user is able to easily and quickly identify that the content-provider server 3 is authentic. If the IP address does not appear in either of the client-databases - Visible messages may be conveyed in a variety of different ways. Preferably warnings or cautions are given by means of a status window, such as those shown at 25, 26 and 27 in
FIG. 4 (see alsoFIG. 6 below), that is always on top of any windows that are open on theVDU 12. It is important that this status window should be on top so that its reporting cannot be hidden by another window. It always reports on the active window, pop-up windows, frame sets, frames or other sub-windows. The user cannot interact with a window unless it is active, so that the active window is always the dominant window that is reported, although the system could also display the status of other open windows (seeFIG. 5 below) and a history of other opened windows. - An example of a more complex on-top status window is illustrated in
FIG. 5 , which shows part of awebpage 28 that is the active window, itsmenu bars 29 being shown at the top of the display. Always on-top status window 30 is shown on top of theactive window 28. Below itstitle bar 31 are icons representing those windows that are open, in this example. In other examples (see for example,FIG. 6 discussed below), only the active window may have an icon. In the case shown inFIG. 5 , thelarger icon 32 at the left ofstatus box 30, indicating the active window, shows the icon of OnlineBank, a legitimate website. In this example three other windows are also open, but are not active. Icons corresponding to these are shown on a smaller size in the right-hand portion ofstatus window 30. Of these, one, 33, shows the icon of ShopOnline, a legitimate site. Of the remaining two window icons, one, 34 is suitably depicted in red, this color and the word “warning” indicating that the site corresponding to it appears on the client-database of non-authentic IP addresses 16.Icon 35 indicates that a fourth window which is open but not active does not appear on either of the client-databases of authenticated and non-authenticated IP addresses 16,17, and is suitably shown in yellow, indicating “Proceed with caution”. - In this example, if the user clicked on to the window corresponding to the red “Warning” indication, this would then become the active window, and the system may then run through the steps of the logic flow diagram of
FIG. 4 . The “Warning” indication will then appear larger on the left of on-top status window 30, where the OnlineBank icon is shown inFIG. 5 , the OnlineBank icon being relegated to one of the smaller icons on the right, if the related OnlineBank window remains open, and an audible warning will also be given. Alternatively, since the window concerned will have been previously checked (hence: its small icon in the right hand part of on-top status window 30 as shown inFIG. 5 ), the server-authentication application 13 may take account of this, and proceed as indicated above, but without first rechecking the reactivated window using the logic flow diagram ofFIG. 4 . - Warning indications may also, or alternatively, be displayed on the task bar or docking bar at the edge (e.g. bottom) of the display screen, as indicated in
FIG. 6 . The right hand side of atask bar 36 in a Microsoft Windows (RTM) operating system controlled computer has aclock 37 and a number oficons 38 indicating programs that are operating in the background. In some cases these icons will change depending upon the status of the program concerned. In the present system, as shown inFIG. 6 , anicon 39 appears on the right hand side of the task bar and changes its status depending upon whether the active window, being a browser, has an IP address that appears in the client-database of non-authenticated IP addresses 16, the client-database of authenticated IP addresses 17 (if present), or in neither client-database. This change of status can suitably be indicated by changes in color: theicon 39 showing green if the IP address appears in the client-database of authenticated IP addresses 17, red if the IP address appears in the client-database of non-authenticated IP addresses 16, and yellow if the IP address appears in neither of theclient databases similar icon 39 is displayed at the left end of the title bar for the on-top status window, as seen in this Figure and also in the messages shown at 25, 26 and 27 inFIG. 4 , and may also change color in a similar fashion. - By these means the user is at all times informed as to the nature of the active window of his browser and unless he chooses to ignore the warnings given, the server-
authentication application 15 will help to prevent fraudulent extraction of personal details, such as bank information that can be used illegally. It will be appreciated that the system also gives assurance to a user, when a particular content-provider server 3 is confirmed as having an IP address on the authenticated client-database 16, the content-data from that server 3 (e.g. webpage data) may be trusted. - The server-
authentication application 15 may optionally be configured so that the user can only proceed after a danger warning has been expressly acknowledged by the user, e.g. by means of an optional warning pop-up window which the user has to acknowledge. - Preferably, the server-
authentication application 15 determines whether the hostname of the URL of the active window relates to a content-provider server 3 external to a local network, i.e. that the hostname relates to an Internet domain-name and not, for example, to a local hostname. If theapplication 15 determines that the hostname of the active window relates to a local network, theapplication 15 preferably provides a ‘Local Network’ indication on theVDU 12. Additionally, if the active window is executing an application that is resident on the client computer or if the application of the active window is accessing content-data resident on theclient computer 1, the server-authentication application preferably displays ‘Not Analysed’ on the VDU; an icon or similar graphic, indicating the application that is executing in the active window, may also be displayed. Accordingly, the server-authentication application continually provides a user-indication of the status of the active window. - The content-data stored on a content-
provider server 3 may include a link to content-data stored on another content-provider server having a different IP address. For example, webpage data of a first content-provider may include a frame that links to information provided by a second content-provider. A typical example of this is in the use of framed advertisements within a webpage. A fraudster may use the concept of frames to provide a content-provider server that first links to content-data provided by a legitimate site (e.g. a bank) and also to content-data provided by a fraudulent site. The content-data of the fraudulent site may appear as a framed advertisement which surreptitiously monitors all data traffic between theclient computer 1 and the legitimate site. Accordingly, a user may be presented with a webpage that is obtained from a legitimate site, and therefore looks and behaves as a legitimate webpage, whilst the fraudulent frame within the webpage monitors any user-authorization data entered by the user. Alternatively, a fraudulent site may include a frame to a legitimate site to show apparent authenticity, or the fraudulent site may include a frame that mimics legitimate content, e.g. the fraudulent site may include a frame that appear as a complete webpage of a legitimate site, although it is in reality a frame. - The server-
authentication application 15 therefore preferably resolves and checks the IP addresses of all hostnames of content-provider servers from which content-data is retrieved by theclient computer 1. In other words, the server-authentication application 15 does not only resolve and check the IP address of the hostname of the URL that appears in the active window, but also any hostnames that are embedded within the content-data retrieved from the URL. For example, if the webpage www.onlinebank.com/home.html includes a link to www.onlineshop.com/logo.html then the server-authentication application 15 resolves and checks the IP addresses of both www.onlinebank.com and www.onlineshop.com. - It is possible that a subscriber may wish to include within its content-data an advertisement from a content-provider that is not a subscriber to the
security server 4. In this instance, the IP address of the subscriber will appear in the authenticateddatabase 7, but the IP address of the advertiser will not. Consequently, when the user visits the legitimate site of the subscriber, a warning is nevertheless provided by the server-authentication application 15. In order to prevent this from occurring, therelated information 9 of the database of authenticatedIP addresses 7 may include IP addresses of third-party servers that are regarded by the subscriber as legitimate for the purposes of inclusion within its content-data. The server-authentication application 15 then checks the IP address of the main hostname against the list ofIP addresses 8 of the authenticateddatabase 17. If the IP address is found within thedatabase 17, then any hostnames that are embedded within the content-data retrieved from the main hostname are then resolved and checked against the third-party IP addresses stored in the related-information 9. - A content-
provider server 3 may store both non-fraudulent and fraudulent content-data. In particular, a content-provider server 3 may host different websites. For example, the content-provider server 3, www.freewebsite.com. may host the website of John, www.freewebsite.com/John/home.html. and the website of Peter, www.freewebsite.com/Peter/home.html. Whilst John provides a legitimate website, the website provided by Peter is a spoof website. Since the hostname of both websites is the same, the resolved IP address of each website will also be the same. Consequently, both websites are treated equally by the server-authentication application 15. The legitimate website provided by John may therefore be reported as a fraudulent site or, alternatively, the spoof site provided by Peter may be reported as a legitimate site. In order to prevent this situation from occurring, the database of non-authenticated IP addresses 6 and the database of authenticatedIP addresses 7 preferably store not only IP addresses but also the URL or part of the URL associated with the IP address. For example, if the IP address of www.freewebsite.com is 121.202.327.75, the database of non-authenticated IP addresses 6 might store the IP address 121.202.327.75 and the path ‘\Peter’ and/or the filename ‘\Peter\home.html’, whilst the database of authenticatedIP addresses 7 might store 121.202.327.75 and ‘\John’ and/or ‘\John\home.html’. Theserver authentication application 15 is then operable to check both the IP address and also at least part of the URL against the corresponding client-databases databases indication 26 provided. - The database of non-authenticated IP addresses 6, the client-database of non-authenticated IP addresses 16, and any
fragment 18 may store only the domain name, URL or part of a URL of a particular content-provider server 3. In this case, the IP address of the domain is stored in thedatabase fragment 18 as a series of asterisks (i.e. ***.***.***.***) or some other artificial IP address (e.g. 999.999.999.999), which theserver authentication application 15 uses to identify a server as having no specific or fixed IP address. For example, the website www.falsewebsite.com may change its IP address frequently in order to avoid detection. If the IP address of a content-provider server 3 is not found in the client-S database of non-authenticated IP addresses 16, the domain name, URL or part URL of the content-provider server 3 is then compared against each of the entries in the client-database 16 having an artificial IP address. If the domain name, URL or part URL of thecontent provider server 3 appears in theclient database 16, a suitable warning is provided 25. Alternatively, the comparison of domain names, URL or part URL may be carried out before the comparison of IP addresses. By storing the domain name, URL or part URL ofcontent provider servers 3 that employ frequently-changing IP addresses, theserver authentication application 15 is still able to identify fraudulent content providers. - In the most preferred arrangement, the server-
authentication application 15 also guards against IP-address spoofing when the IP address, having been checked, may appear on the authenticated client-database 17 or on neither of the authenticated and non-authenticated client-databases provider server 3 to send content-data that appears to emanate from a different IP address to the one it actually does come from. To overcome this, in the most preferred arrangement, when the check carried out at 24 shows either that the IP address of the active window appears on the client database of authenticated IP addresses 17, or that the IP address of the active window does not appear on either of the client-databases FIG. 7 . - The apparently authenticated IP address or the IP address that does not appear on either client-
database step 40 for the hostname portion of the URL, and a request for the content-data of the URL is sent. Thus, for example, if the web-browser receives content-data (e.g. a webpage data) claiming to be from www.mybank.com/customer/data/home.html and the server-authentication application 15 ascertains at 23 in the flow diagram ofFIG. 4 that the IP address of www.mybank.com is, say, 123.456.789.100, then atstep 40 the server-authentication application 15 sends a request for the content-data of http://123.456.789.100/customer/datalhome.html. The same or similar content-data should be returned. If it is, atstep 41, then theimplication 42 is that the site is likely to be legitimate and then depending upon whether the IP address appears in the client-database of authenticated IP addresses 17 or does not appear in either client-database indication 26 or the “Proceed with caution”indication 27 will be displayed. - However, if different content-data is provided (Le. if the webpage appears different) as a result of the resending
request 40 as indicated at 43, or if no reply is provided 44, then the server-authentication application 15 draws the implication atstep 45 that the content-provider server 3 is likely to be illegitimate, notwithstanding that the original apparently derived IP address atstep 23 may have indicated an IP address that appeared on the authenticated client-database 17 (or did not appear on either client-database event 45, rather than displaying either the “OK to proceed”indication 26 or the “Proceed with caution”indication 27, the clear “Warning”indication 25 is displayed. - Additionally, or alternatively, the server-
authentication server 15 may alert the user to spoofing by displaying the actual hostname or URL, as well as the IP address, of the content-data or content-provider server 3 such that the user can immediately identify whether the actual hostname or URL corresponds to that which appears in the active window. - In the above-described embodiment, the server-
authentication application 15 receives (e.g. downloads) from thesecurity server 4 the entire database of non-authenticated IP addresses 6 and also the entire database of authenticated IP addresses 7. As the number of subscribers to the service provided by thesecurity server 4 increases, the size of the authenticateddatabase 7 will naturally increase. With sufficient numbers of subscribers, the size of the authenticateddatabase 7 may become excessively large such that too much time is spent by theclient computer 1 in receiving thedatabase 7. Moreover, it is unlikely that a user will download content-data from each and every one of the subscribers having IP addresses stored in thedatabase 7. - Accordingly, in an alternative embodiment as illustrated in
FIG. 8 , the database of authenticatedIP addresses 7 comprises a plurality offragments 18, eachfragment 18 corresponding to aparticular domain 19 and storingIP address 8 associated with thedomain 19.Related information 9, such as the date on which the fragment was created, the subscriber that provided the fragment, URL links etc., may again be additionally stored, with eachfragment 18 having respectiverelated information 9. - The database of non-authenticated IP addresses 6, like that of the authenticated
database 7, may also comprise a plurality offragments 18, eachfragment 18 corresponding to aparticular domain 19 and storingIP address 8. Preferably, eachfragment 18 comprises both a list of non-authenticated IP addresses and a list of authenticated IP addresses 8. Consequently, a content-provider is able to provide afragment 18 that stipulates which sites (i.e. IP addresses) it considers to be genuine and which sites is considers to be fraudulent. When thefragment 18 is received (e.g. downloaded) by the server-authentication application 15, the relevant portions of the fragment (e.g. the lists of non-authenticated and authenticated IP addresses) are extracted and added to theclient databases - In this alternative embodiment, the server-
authentication application 15 includes instructions to determine the hostname of the URL of the active window. Theapplication 15 then compares the hostname against the client-database of authenticated IP addresses 17. If a fragment corresponding to the hostname is found in the client-database 17, the IP address of the hostname is resolved and compared against the IP addresses listed for that fragment, in the manner described above. - If, however, no
fragment 18 corresponding to the hostname can be found in the client-database of authenticated IP addresses 17 (e.g. if no fragments having the same domain as that of the hostname are found), then preferably a similar search is made of the server database of authenticated IP addresses 7. In particular, the server-authentication application 15 establishes a connection with thesecurity server 4 and compares the hostname of the content-provider server 3 against the server-database fragments. If afragment 18 corresponding to the hostname is found in the server-database of authenticatedIP addresses 7, the relevant fragment is delivered to theclient computer 1. The IP address of the hostname is then resolved and compared against the IP addresses listed in the fragment, in the manner described above. The received fragment is then added to the existing client-database 17 for future use. If nofragment 18 corresponding to the hostname of the content-provider server 3 can be found in the server-database fragments, the server-authentication application 15 provides as an indication (e.g. the “Proceed with caution”) that the authenticity of the content-provider server 3 could not be verified. - Rather than comparing the hostname of the active window URL against fragments of the client-
database 17, theclient computer 1 may alternatively store a database of visited servers inmemory 13. The database of visited servers stores a list of hostnames of content-provider servers 3 that have previously been accessed by theclient computer 1, or alternatively a list of domains of content-provider servers 3 that have been accessed. The hostname of the URL is then compared against the database of visited servers. If a match is found, the IP address of the hostname is resolve and compared against the IP addresses listed in theclientdatabase 17 in the manner described above. If, however, a match is not found, then the hostname is added to the database of visited servers by the server-authentication application 15. Theapplication 15 then establishes a connection with thesecurity server 4 and compares the hostname against the server-database of authenticated IP addresses 7. If afragment 18 corresponding to the hostname is found in the server-database of authenticatedIP addresses 7, the relevant fragment is delivered to theclient computer 1 whereupon the received fragment is added to the existing client-database 17. The IP address of the hostname is then resolved and compared against the IP addresses listed in the client-database 17 in the manner described above. - Where the client-database of authenticated IP addresses 17 is stored as
fragments 18, it is possible for the authenticated client-database 17 to become outdated. For example, once the fragment for ‘onlinebank.com’ is added to the client-database 17, is it possible for the server-authentication application 15 to re-authenticate the site ‘onlinebank.com’ at a later date without having to rely upon thesecurity server 4. In order to prevent the authenticated client-database 17 from becoming outdated, the server-authentication application 15 may periodically refreshfragments 18 and retrieve once again thefragments 18 from thesecurity server 4. The related-information 9 associated with each fragment may include a creation or expiry date, which is used by the server-authentication application 15 to determine when to refresh the fragment or, alternatively, delete the fragment from the client-database 17. Similarly, where theclient computer 1 stores a database of visited servers, each entry in the database may include a creation or expiry date, which is again used by the server-authentication application 15 to determine when to refresh the entry and corresponding fragment or, alternatively, delete the entry from the database. - In a further embodiment, fragments 18 associated with a particular domain may be stored on a content-
provider server 3 of a subscriber. For example, the fragment for ‘onlinbank.com’ may be stored on a server provided by OnlineBank in addition to or rather than thesecurity server 4. In this embodiment, the server-authentication application 15 then receives the relevant fragment from the content-provider server 3 rather than thesecurity server 4. Preferably, the relevant fragment is received (e.g. downloaded) from the content-provider server 3 in response to theclient computer 1 requesting content-data from the content-provider server 3, e.g. when attempting to view webpage data. Similarly, the database of non-authenticated IP addresses 6 may be additionally or exclusively stored on a server of an assured organization. Indeed, the server-authentication application 15 may present the user with the option of receiving (e.g. downloading) fragments/databases exclusively from thesecurity server 4 or additionally from the server of the relevant content-provider/organization if the fragment/database is unavailable fromsecurity server 4. - Although each
fragment 18 may comprise a list of non-authenticated IP addresses in addition to a list of authenticatedIP addresses 8, thefragment 18 and therefore the list of non-authenticated IP addresses list is obtained only after receiving (e.g. downloading) the fragment from the content-provider server 3. It is therefore possible that the client-database of non-authenticated IP addresses 16 will not include information on known fraudulent sites until such time as the content-provider server 3 has been visited and thefragment 18 obtained. Accordingly, the server-authentication application 15 preferably also receives from thesecurity server 4, or other assured organization, the database of non-authenticated IP addresses 6 at regular intervals in addition to any fragments that may have been received. Rather than receiving theentire database 6, the server-authentication application 15 may check regularly for updates that become available. As already noted, the server-authentication application 15 preferably provides the user with the opportunity to receive a new, updated or refresheddatabase 6 from thesecurity server 4 at periodic intervals. - The
databases fragments 18, are preferably encrypted using a proprietary 256-bit encryption having keys derived from the domain name of theserver database fragment 18 and the domain name from which thedatabase fragment 18 is received by the server-authentication application 15. Accordingly, theserver authentication application 15, upon decrypting the receiveddatabases fragments 18, is able to determine whether thedatabases fragments 18, the server-authentication application 15 is able to determine that the received fragment contains information corresponding to the correct domain. Even if a fraudster were to download anencrypted database fragment 18 and, with significant computing power, decrypt thedatabase fragment 18 with the intention of inserting false IP addresses, the fraudster would not know the relevant key to re-encrypt thedatabase fragment 18 in order to, for example, place the fakeencrypted database fragment 18 on a spoof server. Encryption therefore prevents a spoof site creating an apparently,valid database fragment 18. - In addition to encrypting the contents of the
fragments 18, the filename of eachfragment 18 may also be encrypted. For example, thefragment 18 corresponding to thedomain 19 onlinebank.com may be stored on thesecurity server 4 or a specific content-provider server 3 as a file called hqofmnn9hc64pxvk.xml, which has no apparent relation to the actual domain name. The filename of thefragment 18 is preferably encrypted using a first key based upon thedomain 19 to which thefragment 18 relates (e.g. onlinebank.com) and a second key based upon the domain of thesecurity server 4 or the specific content-provider server 3. The filename of thefragment 18 will therefore be different when stored on different servers. In order to retrieve afragment 18, the server-authentication application 15 first resolves the fragment filename using thedomain 19 to which thefragment 18 relates and the domain of theserver fragment 18. The server-authentication application 15 then retrieves (e.g. downloads) from theserver 3, 4 a file having the resolved filename. Since the filename of the fragment depends upon the domain of the server storing the fragment, a fragment copied from a first server to a second server (e.g. from thesecurity server 4 to a fraudulent server) will not be found by the server-authentication application 15. - The server-
authentication application 15 may store a history database of recently visited sites, i.e. a list of content-provider servers 3 from which content data has recently been retrieved by theclient computer 1. By way of example, the history database may include a list of all content-provider servers 3 that have been visited in the last month. When the server-authentication application 15 is idle, theapplication 15 may retrievefragments 18 corresponding to those content-provider servers 3 that are listed in the history database. In this manner, thefragments 18 of content-provider servers 3 that are likely to be revisited are kept up-to-date such that no noticeable delay is observed by the server-authentication application 15 when the content-provider servers 3 are revisited. The history database preferably includes information regarding the date and/or time on which thefragment 18 corresponding to a particular content-provider server 3 was last retrieved or updated. The server-authentication application 15 then retrieves only thosefragments 18 where the authenticity of thefragment 18 has timed-expired. - The server-
authentication application 15, which is the software necessary to configure aclient computer 1 to operate in the manner described above and to provide security against phishing over thecommunications network 5, may be provided as a single computer program or suite of computer programs, which may be provided on a computer-readable data storage device, such as a floppy disk or a CD/DVD. Alternatively, the computer program or suite of computer programs may be made available for download over thecommunication network 5 from the security server 4 (seeFIG. 1 ), or from a trusted content-provider server 3, such as a bank, licensed to provide the software. - To prevent fraudsters spoofing the server-authentication software, the user is requested to enter a unique identifier upon installing the software. The unique identifier entered by the user is then encrypted, preferably using a key particular to the user's copy of the server authentication software, and stored (e.g. as a file) in the
memory 13 of theclient computer 1. The server-authentication application 15, when executed, decrypts and displays the unique identifier on theVDU 12, e.g. on the title bar of the server-authentication application 15. If the server-authentication software were to be replaced (e.g. by a fraudulent copy), the encryption key would be unknown and accordingly an incorrect unique identifier would be displayed by theapplication 15 on the VDU. Accordingly, the user is provided with an indication if the server-authentication software has been changed. - Banks, financial institutions and other e-commerce or similar content-providers which provide services and/or information over the Internet and which rely upon user-authorization data (e.g. personal details of a user) or wish to assure users of the validity of their webpages and any information thereby conveyed may register their IP addresses with the provider of the
security server 4 to be included in thedatabase 7 of authenticated IP addresses. - Provision may also be made for users themselves to enter frequently used websites, by their URLs converted into IP addresses, or by the IP addresses themselves, into the authenticated client-
database 17 maintained on theclient computer 1 so as to avoid unnecessary “Caution” warnings being displayed simply because the content-provider of an otherwise legitimate website may choose not to subscribe to the service provided by thesecurity server 4. - Although the invention has been described hereinabove in terms of databases being stored on a
client computer 1 both for authenticated IP addresses 17 and for non-authenticated IP addresses 16, and these databases being used to determine whether the IP address of a particular website appeared on one of these two databases or on neither, with appropriate messages or other indications being conveyed to the user in each of these three circumstances, this is not always necessary. - For example, only a database of authenticated IP addresses 17 may be stored, and in that case, the server-
authentication application 15 is only able to give assurance that a website may be trusted when its IP address is found in that database (and, if the check against address spoofing feature is included, the address is additionally shown not to have been spoofed). Equally well, only a database of non-authenticated IP addresses 16 may be stored, and in that case, the server-authentication application 15 is only able to give a clear danger warning when the IP address of a particular website appears in this database or (if the check against address spoofing feature is also included) if the address is shown to have been spoofed. - It should be appreciated and understood that the above descriptions of authenticating a content-server provider by the client computer can also be performed by the server. According to a further embodiment, content including but not limited to email messages, instant messages, chat messages, documents, webpages, and link data can be filtered at the server before being communicated to the client computer or before being displayed to an end user on the client computer.
- For instance, a server or server component can determine a domain name of the content-provider server (e.g., website, email (sender) server). The server or server component can also request data from the content-provider server in order to obtain a fragment of a database of IP addresses. The data can include, but is not limited to, at least one fragment of a database of IP addresses. The fragment corresponds to the domain name of the content-provider server and one or more IP addresses associated with the domain name. Thereafter, the server or server component can compare the IP address of the content-provider server against the IP addresses of the fragment and provide an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
- The server or server component can also determine whether data from the content-provider server has been previously requested. If it has been received within a pre-determined time indicating validity of the data, the server or server component can access one or more of its databases or memory stores to obtain the information. Otherwise, the fragment can be obtained if the request for such data has not already been submitted to the content-provider server.
- According to this embodiment, the client computer is not tasked with determining whether the content is from an authenticated, non-authenticated, or unknown source, nor is the end user exposed to potentially damaging information (e.g., spam, phishing messages, viruses, etc.). Rather, this determination is made at the server level and by the server, thereby affording additional protection to the client computer as well as to the end user, which in some cases may be desired. In addition, the end user is not necessarily tasked with choosing whether to view or download content from a server that is not authenticated or that is unknown (neither authenticated nor non-authenticated), as this decision can be burdensome to some users since making a bad decision may have significant impact to the user's computer as well as to the server and other connected client computers. However, it should be appreciated that the end user can request to be informed when content from a content-provider is blocked.
- In practice, for example, suppose that an email message has been “sent” to user Q. Before user Q receives the message in his email client mailbox, the server determines whether the email contains links to a trusted source (e.g., authenticated content-provider server/IP address) or non-trusted source in a manner as described above. This evaluation can be performed in part through the use of server-based databases (e.g., server-authenticated databases), independent of client-maintained databases.
- Moreover, server-authenticated and -non-authenticated databases can be maintained, updated, and employed—at or by the server—to determine whether a content-provider server is authenticated, non-authenticated, or neither without requiring a similar authentication performance by the client computer. As a result, a server that receives messages sent to user Q can essentially filter such content on a server side before any messages are delivered to the user Q.
- Similarly, suppose user Q enters a request via the client computer to access content such as a website or other content on a network (e.g., content-provider server). The request is communicated to the client's server(s) and from there, the server performs the process in which the content-provider server is determined to be authenticated, non-authenticated, or neither. Upon making this determination, the server may have a protocol in place to decide whether to permit access to the content-provider server. In the alternative or in addition, the server can communicate the result to the client computer and allow the end user to make the decision based on the server's analysis.
- Furthermore, such content and source authentication can be done on the client side but before any content from the content-provider server is displayed on the client computer for user viewing—such as on a visual display unit. In some instances, the client computer or the server may be busy processing other items. Therefore, the authentication process of the content-provider server can switch between the server and the client computer depending on the existing processing loads of the server and client. For example, if the client computer cannot perform the authentication process, it can request or automatically inform the server to perform the process. Likewise, if the server cannot perform the authentication process due to a technical problem or otherwise, the server can signal or instruct the client computer to perform it. This switching of content-provider server authentication can be take place seamlessly and automatically and be completely invisible to the end user.
- The systems and methods above facilitate protecting users from receiving bad or otherwise harmful data. However, a similar problem that is often ignored or missed is that sensitive or personal user data generated at the client computer is often communicated to the server unbeknownst to the user. This has been termed identity profiling. Identity profiling to produce, amongst other things, targeted advertising is a growing feature of internet usage. Identity profiling is similar to identity theft in the way that it collects personal and possibly confidential information about an individual without their specific consent or permission. It then uses this information to target an individual with relevant e-mails or advertising which supposedly will have a greater influence than general advertising. This can be contrasted with identity theft which uses information about an individual for fraudulent purposes. Identity profiling has moral implications that many are questioning.
- There are products now available that internet service providers (ISPs) are starting to implement which monitor browser usage either directly or through search engines and then input targeted advertising according to the usage of the individual. As a simple example, entered into a search engine could be a search for ‘sports car’. The ‘sports car’ search input could produce advertisements for car dealers selling sports cars in the sponsored links section of the page. Privacy concerns are magnified for users when their complete internet usage is being monitored, not just random searches. Extrapolating the principle on a much larger and more realistic scale of monitoring, users have no knowledge of and do not know how the data will be used, moral or otherwise. The search for the ‘sports car’ followed by the ‘coincidental’ cold call or e-mail from a car dealer and then the similar call from an insurance agent suggests a possible manipulation of a user's browsing activity down certain channels without that user necessarily being aware of the manipulation.
- Identity profiling on the internet has been likened to an Internet-free world where all your mail is being opened and read by a third party to determine what you are doing, followed by the insertion of additional mail so as to guide you down certain commercial paths. Similarly, imagine individuals being followed around when shopping, with all their purchases being recorded, and then being approached with alternative products. If the above examples were in fact happening in everyday life, civil liberties would be considered violated and very few would find it acceptable, but in an internet world it is not as obvious to see the cause and effect of such intrusive practices.
- One solution to this problem is to give the ISPs that are monitoring usage large amounts of additional information such that the ‘real’ profile information of the individual is lost or obscured in the ‘white noise’ which is being generated independently of the individual but by software on the individual's computer. For example, a software system tool can generate browser requests to URLs without intervention of a user so as to mimic or appear to be produced by the user. Put another way, imagine a scenario where a typical user is browsing various web pages, clicking through to interior pages and sitting on some for longer periods of time than others or jumping to sites that are unrelated or at least somewhat related relatively quickly and then sitting on a page for awhile.
- Although, there is no correct or incorrect way to browse the Internet, the generated browser requests to URLs can mimic real browsing behavior of a user. This can be accomplished in part by employing a variety of browsing behaviors such as clicking from site to site, staying only on a site briefly and then landing on a site and even clicking through to interior pages and staying on the same site as if the user found something of interest. Instead of communicating the real browser requests to the real URLs that a user visits, the subject system or method can generate “fake” browser requests. The fake or generated browser requests can be made by choosing from various URLs (that do exist) but that when analyzed collectively to determine the user's preferred subjects, topics, favorites, or other real browsing patterns for the user, no such “profile”, browsing pattern, or user preferences can be discerned. Thus, few if any targeted advertisements can be successfully chosen and sent to the user.
- The mimicking of real browser behavior is performed by creating a neutral profile without any indication as to what “profile” the user may subscribe. For example, if a college student's browsing habits could identify them as a student, then this data must be lost or hidden within the generated browsing requests so that no identity profile can be accurately established for the user. In particular, the subject system or method can effectively “hide” real user data by masking it with a proportionally greater amount of generated browsing data (browsing requests). For instance, the number of generated browsing requests can be based on a factor (e.g., a factor of 10 or some other integer greater than 1) of a relative amount of real data communicated to the server. By doing so, the real user data is essentially lost amongst the generated user data.
- The generated browsing activity can include a multitude of URLs, for instance, that the targeted advertising system cannot understand, or that would essentially make it difficult for the targeted advertising system to determine which targeted advertisements to send to the user. As a result of confusing the targeted advertising system with “white noise” or cluttered URL data, a substantial portion of the user's personal browsing activity is not shared. Even more so, the user is not inundated with either relevant or irrelevant targeted ads.
- Several parameters can be considered and programmed so that server software cannot readily detect the use of such a software system tool, which jams any detection of targeted advertising with sufficient generated fake user data such that the real data generated by the user is only a small percentage of the data collected.
-
- The browser request can contain the same header as a real request generated by a browser installed on the client computer.
- The URL can be either generated at random from examination of a DNS server, or from a supplied list of non-discriminating, non-descript, or non-distinct web sites, or a combination thereof, or other techniques.
- Specific words can also be sent to search engines that perform identity profiling.
- Once a URL request has been generated further links from within that web page may be generated to simulate a user interest in the web page.
- The time between requests is randomly generated from between a few seconds and several minutes, to simulate real user intervention or browsing.
- The requests can run in the background and interspersed with the user's real browser requests, although the process would not take bandwidth from the user, hence it can have a lower priority than real usage.
- The software system tool can be aware of the number of real requests generated by the user and then can determine how many false requests to generate so as to make the real data insignificant compared to the ‘white noise’ generated to jam the data collection process.
- For example, though not illustrated in the figures, the browsing system tool can include a plurality of components to facilitate jamming the data collection process performed by targeted advertising systems or methods. The software system tool can form a database of websites or URLs that are non-discriminating, generic, non-descript, and/or non-distinct meaning that these websites are geared toward the masses and that knowing that a user has been to one or more of these website does not provide any interesting or helpful information about the user for targeted advertising purposes. As the user is browsing the internet, the system tool can collect URL data in at least one of two ways.
- In the first, a browser request generation component can collect URL data for the user by selecting a URL from the white noise database each time the user goes to a different URL. This means that the time the user spends at each URL is copied or mimicked but the actual URL visited by the user is replaced with another specifically or randomly selected URL (from the database).
- In the second, the browser request generation component can select URLs from the database and based on a time scheme that is appropriate for the type of user or user profile type. It should be appreciated that an Internet search engine can scan or monitor the Internet for such websites that are appropriate to produce URL data clutter (white noise) to hinder targeted advertising efforts and then add them to or replace older or out of date URL data in the database. It should be further appreciated that the tool can be turned off or on as desired by the user.
- When used in this specification and claims, the terms “comprises” and “comprising” and variations thereof mean that the specified features, steps, or integers are included. The terms are not to be interpreted to exclude the presence of other features, steps, or components.
- The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilized for realizing the invention in diverse forms thereof.
- When used in this specification and claims, the terms “comprises” and “comprising” and variations thereof mean that the specified features, steps or integers are included. The terms are not to be interpreted to exclude the presence of other features, steps, or components.
- The features disclosed in the foregoing description, or the following claims, or the accompanying drawings, expressed in their specific forms or in terms of a means for performing the disclosed function, or a method or process for attaining the disclosed result, as appropriate, may, separately, or in any combination of such features, be utilized for realizing the invention in diverse forms thereof.
Claims (27)
1. A server that is in communication with a content-provider server via a communication network, wherein the server performs an authentication method comprising:
determining a domain name of the content-provider server;
obtaining a fragment of a database of IP addresses, wherein the fragment corresponds to the domain name of the content-provider server and a store of one or more IP addresses associated with the domain name;
comparing the IP address of the content-provider server against the IP addresses of the fragment; and
providing an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
2. The server according to claim 1 , wherein the method further comprises communicating content from the content-provider server to a client computer in communication with the server when the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
3. The server according to claim 1 , wherein the server performs the authentication method before serving content from the content-provider server to the client computer.
4. The server according to claim 1 , wherein the method further comprises:
receiving a request to access content from a content-provider server wherein the request originates from a client computer; and
providing access to the content from the content-provider server by the client computer when the server indicates that the IP address of the content-provider server is included or excluded in the fragment.
5. The server according to claim 1 , wherein the method further comprises requesting data from the content-provider server and obtaining the fragment in response to the request for the data from the content-provider server.
6. The server according to claim 1 , wherein the method further comprises:
determining whether data from the content-provider server has been previously requested and obtained;
requesting the data from the content-provider server if the data has not been previously requested or obtained; and
obtaining the data from the content-provider server when the data has not been previously obtained or requested.
7. The server of claim 1 , wherein the content comprises at least one of email messages, instant messages, chat messages, documents, files, webpages, website data, and link data.
8. A method that facilitates authentication of a content-provider server by a server on a server side comprising:
filtering content from being served to a client computer when the IP address of the content-provider server is excluded from the IP addresses of a fragment, wherein the filtering comprises:
determining a domain name of the content-provider server;
obtaining a fragment of a database of IP addresses, wherein the fragment corresponds to the domain name of the content-provider server and a store of one or more IP addresses associated with the domain name;
comparing the IP address of the content-provider server against the IP addresses of the fragment; and
providing an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
9. The method of claim 8 , wherein filtering the content from being served to the client computer comprises preventing the content from being communicated or accessed by the client computer, wherein the content comprises at least one of email messages, instant messages, chat messages, documents, files, webpages, website data, and link data.
10. The method of claim 8 further comprising after determining that the IP address of the content-provider server is included in the IP addresses of the fragment, serving the content from the content-provider server to the client computer and displaying at least a subset of the content on a visual display unit of the client computer.
11. The method of claim 8 further comprising after determining that the IP address of the content-provider server is excluded from the IP addresses of the fragment, serving the content from the content-provider server to the client computer and displaying at least a subset of the content on a visual display unit of the client computer.
12. A method that facilitates authentication of a content-provider server by at least one of a server on a server side or a client computer comprising:
filtering content from being viewable on a client computer when the IP address of the content-provider server is excluded from the IP addresses of a fragment, wherein the filtering comprises:
determining a domain name of the content-provider server;
obtaining a fragment of a database of IP addresses, wherein the fragment corresponds to the domain name of the content-provider server and a store of one or more IP addresses associated with the domain name;
comparing the IP address of the content-provider server against the IP addresses of the fragment; and
providing an indication that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
13. The method of claim 12 further comprising displaying the content from the content-provider server on the client computer after determining that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
14. The method of claim 12 further comprising displaying the content from the content-provider server on the client computer after determining that the IP address of the content-provider server is included in the IP addresses of the fragment.
15. The method of claim 12 is performed on or by the client computer, wherein the content is unviewable on the client computer until a determination is made that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
16. The method of claim 12 is performed on or by the client computer, wherein the content is unviewable on the client computer until a determination is made that the IP address of the content-provider server is included in the IP addresses of the fragment.
17. The method of claim 12 is performed on or by the server wherein the content is unviewable on the client computer until a determination is made that the IP address of the content-provider server is included or excluded from the IP addresses of the fragment.
18. The method of claim 12 is performed on or by the server wherein the content is unviewable on the client computer until a determination is made that the IP address of the content-provider server is included in the IP addresses of the fragment.
19. A secured browsing system that mitigates personal data communicated to a server comprising:
a browser request generation component that generates browser requests to one or more URLs without intervention of a user so as to appear to be produced by the user, thereby generating false browsing activity; and
a white noise database that stores a plurality of the URLs that, when selected, are included in a browser request without intervention from the user.
20. The system of claim 19 , wherein the browser request generation component selects a browsing behavior to apparently mimic for a user based in part on user-provided data.
21. The system of claim 19 , wherein the browser requests are based at least in part on browsing activity of the user and comprise a small portion of real user browsing activity, such that the small portion is insubstantial enough to mitigate generating at least one of the following: targeted advertisements and other unsolicited advertising to the user.
22. The system of claim 19 , wherein the false browsing activity comprises one or more URLs that a targeted advertising system cannot understand to make it difficult for the targeted advertising system to determine which targeted advertisements to send to the user.
23. The system of claim 19 , wherein the browser request comprises the same header as a real request generated by a browser installed on a client computer.
24. The system of claim 19 , wherein one or more of the URLs as stored in the white noise database are generated at random from at least one of the following: examination of a DNS server, a supplied list of non-discriminating, non-descript, and non-distinct web sites, or a combination thereof.
25. The system of claim 19 , wherein once the browser request comprising the one or more URLs has been generated, one or more additional links from within a website corresponding to the one or more URLs may be generated to simulate user interest in a web page on the website.
26. The system of claim 19 , wherein time between communications of browser requests to the server is randomly generated from between a few seconds and several minutes to simulate real user browsing times.
27. The system of claim 19 , wherein the browser generation component is made aware of a quantity of real browser requests generated by the user and determines how many false browser requests to generate so as to make the real data insignificant compared to the false browser activity generated to facilitate jamming a data collection process for targeted advertising.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/108,694 US20080201401A1 (en) | 2004-08-20 | 2008-04-24 | Secure server authentication and browsing |
Applications Claiming Priority (7)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GBGB0418613.6A GB0418613D0 (en) | 2004-08-20 | 2004-08-20 | Internet security system |
GB0418613.6 | 2004-08-20 | ||
GB0510803A GB0510803D0 (en) | 2005-05-26 | 2005-05-26 | Server authentication |
GB0510803.0 | 2005-05-26 | ||
PCT/GB2005/003237 WO2006018647A1 (en) | 2004-08-20 | 2005-08-19 | Server authentication |
US57398007A | 2007-06-14 | 2007-06-14 | |
US12/108,694 US20080201401A1 (en) | 2004-08-20 | 2008-04-24 | Secure server authentication and browsing |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/GB2005/003237 Continuation WO2006018647A1 (en) | 2004-08-20 | 2005-08-19 | Server authentication |
US11/573,980 Continuation US20090043765A1 (en) | 2004-08-20 | 2005-08-19 | Server authentication |
Publications (1)
Publication Number | Publication Date |
---|---|
US20080201401A1 true US20080201401A1 (en) | 2008-08-21 |
Family
ID=34979955
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/573,980 Abandoned US20090043765A1 (en) | 2004-08-20 | 2005-08-19 | Server authentication |
US12/108,694 Abandoned US20080201401A1 (en) | 2004-08-20 | 2008-04-24 | Secure server authentication and browsing |
US13/159,140 Expired - Fee Related US8996697B2 (en) | 2004-08-20 | 2011-06-13 | Server authentication |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/573,980 Abandoned US20090043765A1 (en) | 2004-08-20 | 2005-08-19 | Server authentication |
Family Applications After (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/159,140 Expired - Fee Related US8996697B2 (en) | 2004-08-20 | 2011-06-13 | Server authentication |
Country Status (3)
Country | Link |
---|---|
US (3) | US20090043765A1 (en) |
EP (1) | EP1779216A1 (en) |
WO (1) | WO2006018647A1 (en) |
Cited By (113)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080034404A1 (en) * | 2006-08-07 | 2008-02-07 | Ryan Pereira | Method and system for validating site data |
US20080177843A1 (en) * | 2007-01-22 | 2008-07-24 | Microsoft Corporation | Inferring email action based on user input |
US20090055928A1 (en) * | 2007-08-21 | 2009-02-26 | Kang Jung Min | Method and apparatus for providing phishing and pharming alerts |
US20100049784A1 (en) * | 2008-08-21 | 2010-02-25 | Ashish Khandelwal | System and method for web-based access relative to a document processing device |
US20110113354A1 (en) * | 2009-11-12 | 2011-05-12 | Sling Media Pvt Ltd | Always-on-top media player launched from a web browser |
US20120059712A1 (en) * | 2009-12-11 | 2012-03-08 | Stalker James R | Web enhancing systems and methods |
US20120066612A1 (en) * | 2010-09-14 | 2012-03-15 | Ritika Virmani | Download bar user interface control |
US20120173690A1 (en) * | 2011-01-05 | 2012-07-05 | International Business Machines Corporation | Managing security features of a browser |
US20130219413A1 (en) * | 2012-02-17 | 2013-08-22 | Microsoft Corporation | Contextually interacting with applications |
US8898272B1 (en) * | 2012-10-02 | 2014-11-25 | Amazon Technologies, Inc. | Identifying information in resource locators |
US20150095812A1 (en) * | 2013-09-30 | 2015-04-02 | Microsoft Corporation | Extensible and context-aware commanding infrastructure |
US20150163236A1 (en) * | 2013-12-09 | 2015-06-11 | F-Secure Corporation | Unauthorised/malicious redirection |
US9106691B1 (en) | 2011-09-16 | 2015-08-11 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US9147042B1 (en) | 2010-11-22 | 2015-09-29 | Experian Information Solutions, Inc. | Systems and methods for data verification |
US9230283B1 (en) | 2007-12-14 | 2016-01-05 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US20160006693A1 (en) * | 2014-07-01 | 2016-01-07 | Sophos Limited | Deploying a security policy based on domain names |
US9256904B1 (en) | 2008-08-14 | 2016-02-09 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US20160065611A1 (en) * | 2011-07-06 | 2016-03-03 | Nominum, Inc. | Analyzing dns requests for anomaly detection |
US20160063008A1 (en) * | 2014-09-02 | 2016-03-03 | Netapp, Inc. | File system for efficient object fragment access |
US9342783B1 (en) | 2007-03-30 | 2016-05-17 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
USD759690S1 (en) | 2014-03-25 | 2016-06-21 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
USD759689S1 (en) | 2014-03-25 | 2016-06-21 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
USD760256S1 (en) | 2014-03-25 | 2016-06-28 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
US9400589B1 (en) | 2002-05-30 | 2016-07-26 | Consumerinfo.Com, Inc. | Circular rotational interface for display of consumer credit information |
US9406085B1 (en) | 2013-03-14 | 2016-08-02 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US9443268B1 (en) | 2013-08-16 | 2016-09-13 | Consumerinfo.Com, Inc. | Bill payment and reporting |
US9477737B1 (en) | 2013-11-20 | 2016-10-25 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US9529851B1 (en) | 2013-12-02 | 2016-12-27 | Experian Information Solutions, Inc. | Server architecture for electronic data quality processing |
US9536263B1 (en) | 2011-10-13 | 2017-01-03 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US9595051B2 (en) | 2009-05-11 | 2017-03-14 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
US9607336B1 (en) | 2011-06-16 | 2017-03-28 | Consumerinfo.Com, Inc. | Providing credit inquiry alerts |
US9654541B1 (en) | 2012-11-12 | 2017-05-16 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US9690901B1 (en) * | 2007-12-04 | 2017-06-27 | Google Inc. | Enhanced privacy with fewer cookies |
US9697263B1 (en) | 2013-03-04 | 2017-07-04 | Experian Information Solutions, Inc. | Consumer data request fulfillment system |
US9710852B1 (en) | 2002-05-30 | 2017-07-18 | Consumerinfo.Com, Inc. | Credit report timeline user interface |
US9721147B1 (en) | 2013-05-23 | 2017-08-01 | Consumerinfo.Com, Inc. | Digital identity |
US9779764B2 (en) | 2015-04-24 | 2017-10-03 | Netapp, Inc. | Data write deferral during hostile events |
US9817715B2 (en) | 2015-04-24 | 2017-11-14 | Netapp, Inc. | Resiliency fragment tiering |
US9823969B2 (en) | 2014-09-02 | 2017-11-21 | Netapp, Inc. | Hierarchical wide spreading of distributed storage |
US9830646B1 (en) | 2012-11-30 | 2017-11-28 | Consumerinfo.Com, Inc. | Credit score goals and alerts systems and methods |
US20170359212A1 (en) * | 2015-06-17 | 2017-12-14 | Tencent Technology (Shenzhen) Company Limited | Information processing method, device and computer readable storage medium |
US9853959B1 (en) | 2012-05-07 | 2017-12-26 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US9870589B1 (en) | 2013-03-14 | 2018-01-16 | Consumerinfo.Com, Inc. | Credit utilization tracking and reporting |
US9892457B1 (en) | 2014-04-16 | 2018-02-13 | Consumerinfo.Com, Inc. | Providing credit data in search results |
US10055317B2 (en) | 2016-03-22 | 2018-08-21 | Netapp, Inc. | Deferred, bulk maintenance in a distributed storage system |
US10075446B2 (en) | 2008-06-26 | 2018-09-11 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US10102570B1 (en) | 2013-03-14 | 2018-10-16 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10102536B1 (en) | 2013-11-15 | 2018-10-16 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
US20180302468A1 (en) * | 2016-03-14 | 2018-10-18 | Ebay Inc. | System and method for delegating content processing |
US10169761B1 (en) | 2013-03-15 | 2019-01-01 | ConsumerInfo.com Inc. | Adjustment of knowledge-based authentication |
US10176233B1 (en) | 2011-07-08 | 2019-01-08 | Consumerinfo.Com, Inc. | Lifescore |
US10255598B1 (en) | 2012-12-06 | 2019-04-09 | Consumerinfo.Com, Inc. | Credit card account data extraction |
US10262364B2 (en) | 2007-12-14 | 2019-04-16 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10262362B1 (en) | 2014-02-14 | 2019-04-16 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US10325314B1 (en) | 2013-11-15 | 2019-06-18 | Consumerinfo.Com, Inc. | Payment reporting systems |
US10373240B1 (en) | 2014-04-25 | 2019-08-06 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US10379742B2 (en) | 2015-12-28 | 2019-08-13 | Netapp, Inc. | Storage zone set membership |
US10389680B2 (en) * | 2013-10-30 | 2019-08-20 | Hewlett Packard Enterprise Development Lp | Domain name and internet address approved and disapproved membership interface |
US10514984B2 (en) | 2016-02-26 | 2019-12-24 | Netapp, Inc. | Risk based rebuild of data objects in an erasure coded storage system |
US10565266B2 (en) * | 2016-09-29 | 2020-02-18 | Konica Minolta Laboratory U.S.A., Inc. | Method and system for multiple profile creation to mitigate profiling |
US10621657B2 (en) | 2008-11-05 | 2020-04-14 | Consumerinfo.Com, Inc. | Systems and methods of credit information reporting |
US10664936B2 (en) | 2013-03-15 | 2020-05-26 | Csidentity Corporation | Authentication systems and methods for on-demand products |
US10671749B2 (en) | 2018-09-05 | 2020-06-02 | Consumerinfo.Com, Inc. | Authenticated access and aggregation database platform |
US10685398B1 (en) | 2013-04-23 | 2020-06-16 | Consumerinfo.Com, Inc. | Presenting credit score information |
US10742591B2 (en) | 2011-07-06 | 2020-08-11 | Akamai Technologies Inc. | System for domain reputation scoring |
US10824967B1 (en) * | 2007-07-26 | 2020-11-03 | United Services Automobile Association (Usaa) | Systems and methods for dynamic business decision making |
US10911234B2 (en) | 2018-06-22 | 2021-02-02 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US10951725B2 (en) * | 2010-11-22 | 2021-03-16 | Amazon Technologies, Inc. | Request routing processing |
US10963434B1 (en) | 2018-09-07 | 2021-03-30 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11003732B2 (en) * | 2017-06-30 | 2021-05-11 | Diluvian LLC | Methods and systems for protecting user-generated data in computer network traffic |
US11025747B1 (en) | 2018-12-12 | 2021-06-01 | Amazon Technologies, Inc. | Content request pattern-based routing system |
US11070514B2 (en) * | 2019-09-11 | 2021-07-20 | Verizon Patent And Licensing Inc. | System and method for domain name system (DNS) service selection |
US11075987B1 (en) | 2017-06-12 | 2021-07-27 | Amazon Technologies, Inc. | Load estimating content delivery network |
US11082353B2 (en) * | 2015-09-28 | 2021-08-03 | Arris Enterprises Llc | Domain name system response spoofing at customer premise equipment device |
US11108729B2 (en) | 2010-09-28 | 2021-08-31 | Amazon Technologies, Inc. | Managing request routing information utilizing client identifiers |
US11115500B2 (en) | 2008-11-17 | 2021-09-07 | Amazon Technologies, Inc. | Request routing utilizing client location information |
US11134134B2 (en) | 2015-11-10 | 2021-09-28 | Amazon Technologies, Inc. | Routing for origin-facing points of presence |
US11194719B2 (en) | 2008-03-31 | 2021-12-07 | Amazon Technologies, Inc. | Cache optimization |
US11201848B2 (en) | 2011-07-06 | 2021-12-14 | Akamai Technologies, Inc. | DNS-based ranking of domain names |
US11205037B2 (en) | 2010-01-28 | 2021-12-21 | Amazon Technologies, Inc. | Content distribution network |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11238656B1 (en) | 2019-02-22 | 2022-02-01 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11245770B2 (en) | 2008-03-31 | 2022-02-08 | Amazon Technologies, Inc. | Locality based content distribution |
US11282108B2 (en) * | 2018-07-16 | 2022-03-22 | James D. MacDonald-Korth | Automatic login link for targeted users without previous account creation |
US11283715B2 (en) | 2008-11-17 | 2022-03-22 | Amazon Technologies, Inc. | Updating routing information based on client location |
US11290418B2 (en) | 2017-09-25 | 2022-03-29 | Amazon Technologies, Inc. | Hybrid content request routing system |
US11297140B2 (en) | 2015-03-23 | 2022-04-05 | Amazon Technologies, Inc. | Point of presence based data uploading |
US11303717B2 (en) | 2012-06-11 | 2022-04-12 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US11315179B1 (en) | 2018-11-16 | 2022-04-26 | Consumerinfo.Com, Inc. | Methods and apparatuses for customized card recommendations |
US11330008B2 (en) | 2016-10-05 | 2022-05-10 | Amazon Technologies, Inc. | Network addresses with encoded DNS-level information |
US11336712B2 (en) | 2010-09-28 | 2022-05-17 | Amazon Technologies, Inc. | Point of presence management in request routing |
US11362986B2 (en) | 2018-11-16 | 2022-06-14 | Amazon Technologies, Inc. | Resolution of domain name requests in heterogeneous network environments |
US20220191233A1 (en) * | 2020-12-10 | 2022-06-16 | KnowBe4, Inc. | Systems and methods for improving assessment of security risk based on personal internet account data |
US11381487B2 (en) | 2014-12-18 | 2022-07-05 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US11388192B2 (en) * | 2018-07-09 | 2022-07-12 | Blackberry Limited | Managing third party URL distribution |
US20220272062A1 (en) * | 2020-10-23 | 2022-08-25 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
WO2022182553A1 (en) * | 2021-02-23 | 2022-09-01 | Prove Identity, Inc. | Proving possession of a communications device via a directed connection |
US11451472B2 (en) | 2008-03-31 | 2022-09-20 | Amazon Technologies, Inc. | Request routing based on class |
US11457088B2 (en) | 2016-06-29 | 2022-09-27 | Amazon Technologies, Inc. | Adaptive transfer rate for retrieving content from a server |
US11463550B2 (en) | 2016-06-06 | 2022-10-04 | Amazon Technologies, Inc. | Request management for hierarchical cache |
US11461402B2 (en) | 2015-05-13 | 2022-10-04 | Amazon Technologies, Inc. | Routing based request correlation |
US11477235B2 (en) | 2020-02-28 | 2022-10-18 | Abnormal Security Corporation | Approaches to creating, managing, and applying a federated database to establish risk posed by third parties |
US11552969B2 (en) | 2018-12-19 | 2023-01-10 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US20230031865A1 (en) * | 2021-07-29 | 2023-02-02 | Ricoh Company, Ltd. | Device, display method, and recording medium |
US11604667B2 (en) | 2011-04-27 | 2023-03-14 | Amazon Technologies, Inc. | Optimized deployment based upon customer locality |
US11663303B2 (en) | 2020-03-02 | 2023-05-30 | Abnormal Security Corporation | Multichannel threat detection for protecting against account compromise |
US11687648B2 (en) | 2020-12-10 | 2023-06-27 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US11743294B2 (en) | 2018-12-19 | 2023-08-29 | Abnormal Security Corporation | Retrospective learning of communication patterns by machine learning models for discovering abnormal behavior |
US11762703B2 (en) | 2016-12-27 | 2023-09-19 | Amazon Technologies, Inc. | Multi-region request-driven code execution system |
US11831661B2 (en) | 2021-06-03 | 2023-11-28 | Abnormal Security Corporation | Multi-tiered approach to payload detection for incoming communications |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
US11949713B2 (en) | 2020-03-02 | 2024-04-02 | Abnormal Security Corporation | Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats |
Families Citing this family (40)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005032042A1 (en) | 2003-09-24 | 2005-04-07 | Infoexpress, Inc. | Systems and methods of controlling network access |
EP1779216A1 (en) * | 2004-08-20 | 2007-05-02 | Rhoderick John Kennedy Pugh | Server authentication |
US20060174119A1 (en) * | 2005-02-03 | 2006-08-03 | Xin Xu | Authenticating destinations of sensitive data in web browsing |
EP1922632B1 (en) | 2005-08-11 | 2014-05-07 | SanDisk IL Ltd. | Extended one-time password method and apparatus |
US9015090B2 (en) * | 2005-09-06 | 2015-04-21 | Daniel Chien | Evaluating a questionable network communication |
US8621604B2 (en) * | 2005-09-06 | 2013-12-31 | Daniel Chien | Evaluating a questionable network communication |
US9912677B2 (en) | 2005-09-06 | 2018-03-06 | Daniel Chien | Evaluating a questionable network communication |
US9674145B2 (en) * | 2005-09-06 | 2017-06-06 | Daniel Chien | Evaluating a questionable network communication |
US7590733B2 (en) * | 2005-09-14 | 2009-09-15 | Infoexpress, Inc. | Dynamic address assignment for access control on DHCP networks |
US20070192500A1 (en) * | 2006-02-16 | 2007-08-16 | Infoexpress, Inc. | Network access control including dynamic policy enforcement point |
US7634543B1 (en) * | 2006-02-16 | 2009-12-15 | Ironport Systems, Inc. | Method of controlling access to network resources referenced in electronic mail messages |
US8214899B2 (en) * | 2006-03-15 | 2012-07-03 | Daniel Chien | Identifying unauthorized access to a network resource |
US20080060062A1 (en) * | 2006-08-31 | 2008-03-06 | Robert B Lord | Methods and systems for preventing information theft |
US8397279B2 (en) * | 2006-09-07 | 2013-03-12 | Fazal Raheman | Method and system of network integrity via digital authorization (NIDA) for enhanced internet security |
US20080104269A1 (en) * | 2006-10-30 | 2008-05-01 | Research In Motion Limited | Method and apparatus for web browser page fragmentation |
US9521161B2 (en) | 2007-01-16 | 2016-12-13 | International Business Machines Corporation | Method and apparatus for detecting computer fraud |
JP4865581B2 (en) * | 2007-02-08 | 2012-02-01 | 株式会社エヌ・ティ・ティ・ドコモ | Content distribution management device and content distribution system |
US7706267B2 (en) * | 2007-03-06 | 2010-04-27 | Hewlett-Packard Development Company, L.P. | Network service monitoring |
US20090037419A1 (en) * | 2007-08-03 | 2009-02-05 | Johannes Huber | Website exchange of personal information keyed to easily remembered non-alphanumeric symbols |
US8949990B1 (en) | 2007-12-21 | 2015-02-03 | Trend Micro Inc. | Script-based XSS vulnerability detection |
US8578482B1 (en) * | 2008-01-11 | 2013-11-05 | Trend Micro Inc. | Cross-site script detection and prevention |
US8850567B1 (en) | 2008-02-04 | 2014-09-30 | Trend Micro, Inc. | Unauthorized URL requests detection |
US8656490B1 (en) * | 2010-09-14 | 2014-02-18 | Symantec Corporation | Safe and secure access to dynamic domain name systems |
JP5669521B2 (en) * | 2010-10-29 | 2015-02-12 | オリンパス株式会社 | Wireless communication terminal and connection setting method |
US8646035B1 (en) * | 2011-08-18 | 2014-02-04 | Sprint Communications Company L.P. | Parallel restricted integrated sign on system and method |
US10110601B1 (en) * | 2012-08-16 | 2018-10-23 | Paypal, Inc. | Systems and methods for protecting users from malicious content |
SI24434A (en) * | 2013-07-17 | 2015-01-30 | Connet D.O.O. | A system of granting web trust seals with the detection of attacks by redirecting of ip address |
EP3033865A4 (en) * | 2013-08-14 | 2016-08-17 | Daniel Chien | Evaluating a questionable network communication |
US10084791B2 (en) | 2013-08-14 | 2018-09-25 | Daniel Chien | Evaluating a questionable network communication |
US9936048B2 (en) * | 2014-09-10 | 2018-04-03 | International Business Machines Corporation | Client system communication with a member of a cluster of server systems |
US10382436B2 (en) | 2016-11-22 | 2019-08-13 | Daniel Chien | Network security based on device identifiers and network addresses |
US10542006B2 (en) * | 2016-11-22 | 2020-01-21 | Daniel Chien | Network security based on redirection of questionable network access |
US10474836B1 (en) | 2017-04-26 | 2019-11-12 | Wells Fargo Bank, N.A. | Systems and methods for a generated fraud sandbox |
US11295301B1 (en) * | 2017-12-15 | 2022-04-05 | Worldpay, Llc | Systems and methods for electronic certification of e-commerce security badges |
US11188622B2 (en) | 2018-09-28 | 2021-11-30 | Daniel Chien | Systems and methods for computer security |
US10848489B2 (en) | 2018-12-14 | 2020-11-24 | Daniel Chien | Timestamp-based authentication with redirection |
US10826912B2 (en) | 2018-12-14 | 2020-11-03 | Daniel Chien | Timestamp-based authentication |
US11677754B2 (en) | 2019-12-09 | 2023-06-13 | Daniel Chien | Access control systems and methods |
US11438145B2 (en) | 2020-05-31 | 2022-09-06 | Daniel Chien | Shared key generation based on dual clocks |
US11509463B2 (en) | 2020-05-31 | 2022-11-22 | Daniel Chien | Timestamp-based shared key generation |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030163731A1 (en) * | 2002-02-28 | 2003-08-28 | David Wigley | Method, system and software product for restricting access to network accessible digital information |
US20040006621A1 (en) * | 2002-06-27 | 2004-01-08 | Bellinson Craig Adam | Content filtering for web browsing |
US20040267886A1 (en) * | 2003-06-30 | 2004-12-30 | Malik Dale W. | Filtering email messages corresponding to undesirable domains |
US20060021031A1 (en) * | 2004-06-30 | 2006-01-26 | Scott Leahy | Method and system for preventing fraudulent activities |
Family Cites Families (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5491750A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
US6335927B1 (en) * | 1996-11-18 | 2002-01-01 | Mci Communications Corporation | System and method for providing requested quality of service in a hybrid network |
US7117227B2 (en) * | 1998-03-27 | 2006-10-03 | Call Charles G | Methods and apparatus for using the internet domain name system to disseminate product information |
US6654891B1 (en) * | 1998-10-29 | 2003-11-25 | Nortel Networks Limited | Trusted network binding using LDAP (lightweight directory access protocol) |
US6258879B1 (en) * | 1999-04-02 | 2001-07-10 | General Electric Company | Polyphenylene ether resin concentrates containing organic phosphates |
JP3764016B2 (en) * | 1999-05-10 | 2006-04-05 | 財団法人流通システム開発センタ− | Integrated IP transfer network |
JP2000349747A (en) * | 1999-06-02 | 2000-12-15 | Hitachi Ltd | Public key managing method |
JP3613550B2 (en) * | 2000-03-29 | 2005-01-26 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Web page acquisition service system, server, web page acquisition method, storage medium, and program transmission device |
US20040186996A1 (en) * | 2000-03-29 | 2004-09-23 | Gibbs Benjamin K. | Unique digital signature |
US6865671B1 (en) * | 2000-04-07 | 2005-03-08 | Sendmail, Inc. | Electronic mail system with authentication methodology for supporting relaying in a message transfer agent |
US7308709B1 (en) * | 2000-04-21 | 2007-12-11 | Microsoft Corporation | System and method for managing and authenticating services via service principal names |
US20010056354A1 (en) * | 2000-05-05 | 2001-12-27 | Feit Michelle Stacy | Methods and systems for requesting services from service providers over a communications network |
US6947909B1 (en) * | 2000-05-12 | 2005-09-20 | Hoke Jr Clare L | Distribution, recognition and accountability system for intellectual and copy written properties in digital media's |
US6829654B1 (en) * | 2000-06-23 | 2004-12-07 | Cloudshield Technologies, Inc. | Apparatus and method for virtual edge placement of web sites |
WO2002031702A1 (en) * | 2000-10-09 | 2002-04-18 | Enic Corporation | Registering and using multilingual domain names |
US7243370B2 (en) * | 2001-06-14 | 2007-07-10 | Microsoft Corporation | Method and system for integrating security mechanisms into session initiation protocol request messages for client-proxy authentication |
JP2003046533A (en) * | 2001-08-02 | 2003-02-14 | Nec Commun Syst Ltd | Network system, authentication method therefor and program thereof |
US20030055979A1 (en) * | 2001-09-19 | 2003-03-20 | Cooley William Ray | Internet domain name resolver |
WO2003050774A1 (en) * | 2001-12-10 | 2003-06-19 | Beamtrust A/S | A method of distributing a public key |
US7072944B2 (en) * | 2002-10-07 | 2006-07-04 | Ebay Inc. | Method and apparatus for authenticating electronic mail |
US7409544B2 (en) * | 2003-03-27 | 2008-08-05 | Microsoft Corporation | Methods and systems for authenticating messages |
JP4222110B2 (en) * | 2003-05-28 | 2009-02-12 | ソニー株式会社 | Information recording medium, information processing apparatus and method |
CN100456739C (en) * | 2003-07-04 | 2009-01-28 | 日本电信电话株式会社 | Remote access vpn mediation method and mediation device |
US20050060643A1 (en) * | 2003-08-25 | 2005-03-17 | Miavia, Inc. | Document similarity detection and classification system |
US7624431B2 (en) * | 2003-12-04 | 2009-11-24 | Cisco Technology, Inc. | 802.1X authentication technique for shared media |
US20050204038A1 (en) * | 2004-03-11 | 2005-09-15 | Alexander Medvinsky | Method and system for distributing data within a network |
US7457823B2 (en) * | 2004-05-02 | 2008-11-25 | Markmonitor Inc. | Methods and systems for analyzing data related to possible online fraud |
US7774824B2 (en) * | 2004-06-09 | 2010-08-10 | Intel Corporation | Multifactor device authentication |
EP1779216A1 (en) * | 2004-08-20 | 2007-05-02 | Rhoderick John Kennedy Pugh | Server authentication |
US20060212931A1 (en) * | 2005-03-02 | 2006-09-21 | Markmonitor, Inc. | Trust evaluation systems and methods |
CN101123549B (en) * | 2006-08-11 | 2010-05-12 | 华为技术有限公司 | Access network system with separated control and carrier and its communication implementation method |
US7671729B2 (en) * | 2006-11-14 | 2010-03-02 | Shmuel Hershkovitz | System and a method for remote monitoring customer security systems |
WO2009092441A1 (en) * | 2008-01-23 | 2009-07-30 | Telefonaktiebolaget Lm Ericsson (Publ) | Selection of an edge node in a fixed access communication network |
US8245030B2 (en) * | 2008-12-19 | 2012-08-14 | Nai-Yu Pai | Method for authenticating online transactions using a browser |
US8665819B2 (en) * | 2009-06-19 | 2014-03-04 | Cisco Technology, Inc. | System and method for providing mobility between heterogenous networks in a communication environment |
-
2005
- 2005-08-19 EP EP20050771801 patent/EP1779216A1/en not_active Withdrawn
- 2005-08-19 US US11/573,980 patent/US20090043765A1/en not_active Abandoned
- 2005-08-19 WO PCT/GB2005/003237 patent/WO2006018647A1/en active Application Filing
-
2008
- 2008-04-24 US US12/108,694 patent/US20080201401A1/en not_active Abandoned
-
2011
- 2011-06-13 US US13/159,140 patent/US8996697B2/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030163731A1 (en) * | 2002-02-28 | 2003-08-28 | David Wigley | Method, system and software product for restricting access to network accessible digital information |
US20040006621A1 (en) * | 2002-06-27 | 2004-01-08 | Bellinson Craig Adam | Content filtering for web browsing |
US20040267886A1 (en) * | 2003-06-30 | 2004-12-30 | Malik Dale W. | Filtering email messages corresponding to undesirable domains |
US20060021031A1 (en) * | 2004-06-30 | 2006-01-26 | Scott Leahy | Method and system for preventing fraudulent activities |
Cited By (216)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9710852B1 (en) | 2002-05-30 | 2017-07-18 | Consumerinfo.Com, Inc. | Credit report timeline user interface |
US9400589B1 (en) | 2002-05-30 | 2016-07-26 | Consumerinfo.Com, Inc. | Circular rotational interface for display of consumer credit information |
US20080034404A1 (en) * | 2006-08-07 | 2008-02-07 | Ryan Pereira | Method and system for validating site data |
US8646071B2 (en) * | 2006-08-07 | 2014-02-04 | Symantec Corporation | Method and system for validating site data |
US20080177843A1 (en) * | 2007-01-22 | 2008-07-24 | Microsoft Corporation | Inferring email action based on user input |
US11308170B2 (en) | 2007-03-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US10437895B2 (en) | 2007-03-30 | 2019-10-08 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US9342783B1 (en) | 2007-03-30 | 2016-05-17 | Consumerinfo.Com, Inc. | Systems and methods for data verification |
US10824967B1 (en) * | 2007-07-26 | 2020-11-03 | United Services Automobile Association (Usaa) | Systems and methods for dynamic business decision making |
US20090055928A1 (en) * | 2007-08-21 | 2009-02-26 | Kang Jung Min | Method and apparatus for providing phishing and pharming alerts |
US9947030B1 (en) | 2007-12-04 | 2018-04-17 | Google Llc | Enhanced privacy with fewer cookies |
US9690901B1 (en) * | 2007-12-04 | 2017-06-27 | Google Inc. | Enhanced privacy with fewer cookies |
US10262364B2 (en) | 2007-12-14 | 2019-04-16 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US11379916B1 (en) | 2007-12-14 | 2022-07-05 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10878499B2 (en) | 2007-12-14 | 2020-12-29 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US9542682B1 (en) | 2007-12-14 | 2017-01-10 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US9230283B1 (en) | 2007-12-14 | 2016-01-05 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US9767513B1 (en) | 2007-12-14 | 2017-09-19 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US10614519B2 (en) | 2007-12-14 | 2020-04-07 | Consumerinfo.Com, Inc. | Card registry systems and methods |
US11245770B2 (en) | 2008-03-31 | 2022-02-08 | Amazon Technologies, Inc. | Locality based content distribution |
US11451472B2 (en) | 2008-03-31 | 2022-09-20 | Amazon Technologies, Inc. | Request routing based on class |
US11194719B2 (en) | 2008-03-31 | 2021-12-07 | Amazon Technologies, Inc. | Cache optimization |
US11909639B2 (en) | 2008-03-31 | 2024-02-20 | Amazon Technologies, Inc. | Request routing based on class |
US10075446B2 (en) | 2008-06-26 | 2018-09-11 | Experian Marketing Solutions, Inc. | Systems and methods for providing an integrated identifier |
US11769112B2 (en) | 2008-06-26 | 2023-09-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US11157872B2 (en) | 2008-06-26 | 2021-10-26 | Experian Marketing Solutions, Llc | Systems and methods for providing an integrated identifier |
US10650448B1 (en) | 2008-08-14 | 2020-05-12 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US9489694B2 (en) | 2008-08-14 | 2016-11-08 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US9256904B1 (en) | 2008-08-14 | 2016-02-09 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US11004147B1 (en) | 2008-08-14 | 2021-05-11 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US10115155B1 (en) | 2008-08-14 | 2018-10-30 | Experian Information Solution, Inc. | Multi-bureau credit file freeze and unfreeze |
US11636540B1 (en) | 2008-08-14 | 2023-04-25 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US9792648B1 (en) | 2008-08-14 | 2017-10-17 | Experian Information Solutions, Inc. | Multi-bureau credit file freeze and unfreeze |
US20100049784A1 (en) * | 2008-08-21 | 2010-02-25 | Ashish Khandelwal | System and method for web-based access relative to a document processing device |
US10621657B2 (en) | 2008-11-05 | 2020-04-14 | Consumerinfo.Com, Inc. | Systems and methods of credit information reporting |
US11811657B2 (en) | 2008-11-17 | 2023-11-07 | Amazon Technologies, Inc. | Updating routing information based on client location |
US11115500B2 (en) | 2008-11-17 | 2021-09-07 | Amazon Technologies, Inc. | Request routing utilizing client location information |
US11283715B2 (en) | 2008-11-17 | 2022-03-22 | Amazon Technologies, Inc. | Updating routing information based on client location |
US9595051B2 (en) | 2009-05-11 | 2017-03-14 | Experian Marketing Solutions, Inc. | Systems and methods for providing anonymized user profile data |
US20110113354A1 (en) * | 2009-11-12 | 2011-05-12 | Sling Media Pvt Ltd | Always-on-top media player launched from a web browser |
US20120059712A1 (en) * | 2009-12-11 | 2012-03-08 | Stalker James R | Web enhancing systems and methods |
US11205037B2 (en) | 2010-01-28 | 2021-12-21 | Amazon Technologies, Inc. | Content distribution network |
US9244698B2 (en) * | 2010-09-14 | 2016-01-26 | Microsoft Technology Licensing, Llc | Download bar user interface control |
TWI550499B (en) * | 2010-09-14 | 2016-09-21 | 微軟技術授權有限責任公司 | Download bar user interface control |
US20120066612A1 (en) * | 2010-09-14 | 2012-03-15 | Ritika Virmani | Download bar user interface control |
US11108729B2 (en) | 2010-09-28 | 2021-08-31 | Amazon Technologies, Inc. | Managing request routing information utilizing client identifiers |
US11336712B2 (en) | 2010-09-28 | 2022-05-17 | Amazon Technologies, Inc. | Point of presence management in request routing |
US11632420B2 (en) | 2010-09-28 | 2023-04-18 | Amazon Technologies, Inc. | Point of presence management in request routing |
US10951725B2 (en) * | 2010-11-22 | 2021-03-16 | Amazon Technologies, Inc. | Request routing processing |
US9147042B1 (en) | 2010-11-22 | 2015-09-29 | Experian Information Solutions, Inc. | Systems and methods for data verification |
US9684905B1 (en) | 2010-11-22 | 2017-06-20 | Experian Information Solutions, Inc. | Systems and methods for data verification |
US8671175B2 (en) * | 2011-01-05 | 2014-03-11 | International Business Machines Corporation | Managing security features of a browser |
US20120173690A1 (en) * | 2011-01-05 | 2012-07-05 | International Business Machines Corporation | Managing security features of a browser |
US11604667B2 (en) | 2011-04-27 | 2023-03-14 | Amazon Technologies, Inc. | Optimized deployment based upon customer locality |
US10719873B1 (en) | 2011-06-16 | 2020-07-21 | Consumerinfo.Com, Inc. | Providing credit inquiry alerts |
US10115079B1 (en) | 2011-06-16 | 2018-10-30 | Consumerinfo.Com, Inc. | Authentication alerts |
US11232413B1 (en) | 2011-06-16 | 2022-01-25 | Consumerinfo.Com, Inc. | Authentication alerts |
US11954655B1 (en) | 2011-06-16 | 2024-04-09 | Consumerinfo.Com, Inc. | Authentication alerts |
US9665854B1 (en) | 2011-06-16 | 2017-05-30 | Consumerinfo.Com, Inc. | Authentication alerts |
US9607336B1 (en) | 2011-06-16 | 2017-03-28 | Consumerinfo.Com, Inc. | Providing credit inquiry alerts |
US10685336B1 (en) | 2011-06-16 | 2020-06-16 | Consumerinfo.Com, Inc. | Authentication alerts |
US9843601B2 (en) * | 2011-07-06 | 2017-12-12 | Nominum, Inc. | Analyzing DNS requests for anomaly detection |
US11201848B2 (en) | 2011-07-06 | 2021-12-14 | Akamai Technologies, Inc. | DNS-based ranking of domain names |
US20180054457A1 (en) * | 2011-07-06 | 2018-02-22 | Nominum, Inc. | Analyzing DNS Requests for Anomaly Detection |
US10742591B2 (en) | 2011-07-06 | 2020-08-11 | Akamai Technologies Inc. | System for domain reputation scoring |
US20160065611A1 (en) * | 2011-07-06 | 2016-03-03 | Nominum, Inc. | Analyzing dns requests for anomaly detection |
US10084814B2 (en) * | 2011-07-06 | 2018-09-25 | Nominum, Inc. | Analyzing DNS requests for anomaly detection |
US10798197B2 (en) | 2011-07-08 | 2020-10-06 | Consumerinfo.Com, Inc. | Lifescore |
US11665253B1 (en) | 2011-07-08 | 2023-05-30 | Consumerinfo.Com, Inc. | LifeScore |
US10176233B1 (en) | 2011-07-08 | 2019-01-08 | Consumerinfo.Com, Inc. | Lifescore |
US9106691B1 (en) | 2011-09-16 | 2015-08-11 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US10061936B1 (en) | 2011-09-16 | 2018-08-28 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US11790112B1 (en) | 2011-09-16 | 2023-10-17 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US10642999B2 (en) | 2011-09-16 | 2020-05-05 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US9542553B1 (en) | 2011-09-16 | 2017-01-10 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US11087022B2 (en) | 2011-09-16 | 2021-08-10 | Consumerinfo.Com, Inc. | Systems and methods of identity protection and management |
US9972048B1 (en) | 2011-10-13 | 2018-05-15 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US11200620B2 (en) | 2011-10-13 | 2021-12-14 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US9536263B1 (en) | 2011-10-13 | 2017-01-03 | Consumerinfo.Com, Inc. | Debt services candidate locator |
US10757182B2 (en) | 2012-02-17 | 2020-08-25 | Microsoft Technology Licensing, Llc | Contextually interacting with applications |
US9256462B2 (en) * | 2012-02-17 | 2016-02-09 | Microsoft Technology Licensing, Llc | Contextually interacting with applications |
US20130219413A1 (en) * | 2012-02-17 | 2013-08-22 | Microsoft Corporation | Contextually interacting with applications |
US9853959B1 (en) | 2012-05-07 | 2017-12-26 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US11356430B1 (en) | 2012-05-07 | 2022-06-07 | Consumerinfo.Com, Inc. | Storage and maintenance of personal data |
US11303717B2 (en) | 2012-06-11 | 2022-04-12 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US11729294B2 (en) | 2012-06-11 | 2023-08-15 | Amazon Technologies, Inc. | Processing DNS queries to identify pre-processing information |
US8898272B1 (en) * | 2012-10-02 | 2014-11-25 | Amazon Technologies, Inc. | Identifying information in resource locators |
US11012491B1 (en) | 2012-11-12 | 2021-05-18 | ConsumerInfor.com, Inc. | Aggregating user web browsing data |
US9654541B1 (en) | 2012-11-12 | 2017-05-16 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US11863310B1 (en) | 2012-11-12 | 2024-01-02 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US10277659B1 (en) | 2012-11-12 | 2019-04-30 | Consumerinfo.Com, Inc. | Aggregating user web browsing data |
US11132742B1 (en) | 2012-11-30 | 2021-09-28 | Consumerlnfo.com, Inc. | Credit score goals and alerts systems and methods |
US11308551B1 (en) | 2012-11-30 | 2022-04-19 | Consumerinfo.Com, Inc. | Credit data analysis |
US10366450B1 (en) | 2012-11-30 | 2019-07-30 | Consumerinfo.Com, Inc. | Credit data analysis |
US11651426B1 (en) | 2012-11-30 | 2023-05-16 | Consumerlnfo.com, Inc. | Credit score goals and alerts systems and methods |
US9830646B1 (en) | 2012-11-30 | 2017-11-28 | Consumerinfo.Com, Inc. | Credit score goals and alerts systems and methods |
US10963959B2 (en) | 2012-11-30 | 2021-03-30 | Consumerinfo. Com, Inc. | Presentation of credit score factors |
US10255598B1 (en) | 2012-12-06 | 2019-04-09 | Consumerinfo.Com, Inc. | Credit card account data extraction |
US9697263B1 (en) | 2013-03-04 | 2017-07-04 | Experian Information Solutions, Inc. | Consumer data request fulfillment system |
US9870589B1 (en) | 2013-03-14 | 2018-01-16 | Consumerinfo.Com, Inc. | Credit utilization tracking and reporting |
US11113759B1 (en) | 2013-03-14 | 2021-09-07 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10929925B1 (en) | 2013-03-14 | 2021-02-23 | Consumerlnfo.com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US11514519B1 (en) | 2013-03-14 | 2022-11-29 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US9697568B1 (en) | 2013-03-14 | 2017-07-04 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US9406085B1 (en) | 2013-03-14 | 2016-08-02 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US10043214B1 (en) | 2013-03-14 | 2018-08-07 | Consumerinfo.Com, Inc. | System and methods for credit dispute processing, resolution, and reporting |
US11769200B1 (en) | 2013-03-14 | 2023-09-26 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10102570B1 (en) | 2013-03-14 | 2018-10-16 | Consumerinfo.Com, Inc. | Account vulnerability alerts |
US10740762B2 (en) | 2013-03-15 | 2020-08-11 | Consumerinfo.Com, Inc. | Adjustment of knowledge-based authentication |
US11775979B1 (en) | 2013-03-15 | 2023-10-03 | Consumerinfo.Com, Inc. | Adjustment of knowledge-based authentication |
US11164271B2 (en) | 2013-03-15 | 2021-11-02 | Csidentity Corporation | Systems and methods of delayed authentication and billing for on-demand products |
US10169761B1 (en) | 2013-03-15 | 2019-01-01 | ConsumerInfo.com Inc. | Adjustment of knowledge-based authentication |
US11288677B1 (en) | 2013-03-15 | 2022-03-29 | Consumerlnfo.com, Inc. | Adjustment of knowledge-based authentication |
US10664936B2 (en) | 2013-03-15 | 2020-05-26 | Csidentity Corporation | Authentication systems and methods for on-demand products |
US11790473B2 (en) | 2013-03-15 | 2023-10-17 | Csidentity Corporation | Systems and methods of delayed authentication and billing for on-demand products |
US10685398B1 (en) | 2013-04-23 | 2020-06-16 | Consumerinfo.Com, Inc. | Presenting credit score information |
US11120519B2 (en) | 2013-05-23 | 2021-09-14 | Consumerinfo.Com, Inc. | Digital identity |
US9721147B1 (en) | 2013-05-23 | 2017-08-01 | Consumerinfo.Com, Inc. | Digital identity |
US11803929B1 (en) | 2013-05-23 | 2023-10-31 | Consumerinfo.Com, Inc. | Digital identity |
US10453159B2 (en) | 2013-05-23 | 2019-10-22 | Consumerinfo.Com, Inc. | Digital identity |
US9443268B1 (en) | 2013-08-16 | 2016-09-13 | Consumerinfo.Com, Inc. | Bill payment and reporting |
US9792354B2 (en) | 2013-09-30 | 2017-10-17 | Microsoft Technology Licensing, Llc | Context aware user interface parts |
US20150095812A1 (en) * | 2013-09-30 | 2015-04-02 | Microsoft Corporation | Extensible and context-aware commanding infrastructure |
US9754018B2 (en) | 2013-09-30 | 2017-09-05 | Microsoft Technology Licensing, Llc | Rendering interpreter for visualizing data provided from restricted environment container |
US9727636B2 (en) | 2013-09-30 | 2017-08-08 | Microsoft Technology Licensing, Llc | Generating excutable code from complaint and non-compliant controls |
US9805114B2 (en) | 2013-09-30 | 2017-10-31 | Microsoft Technology Licensing, Llc | Composable selection model through reusable component |
US10389680B2 (en) * | 2013-10-30 | 2019-08-20 | Hewlett Packard Enterprise Development Lp | Domain name and internet address approved and disapproved membership interface |
US10269065B1 (en) | 2013-11-15 | 2019-04-23 | Consumerinfo.Com, Inc. | Bill payment and reporting |
US10102536B1 (en) | 2013-11-15 | 2018-10-16 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
US10580025B2 (en) | 2013-11-15 | 2020-03-03 | Experian Information Solutions, Inc. | Micro-geographic aggregation system |
US10325314B1 (en) | 2013-11-15 | 2019-06-18 | Consumerinfo.Com, Inc. | Payment reporting systems |
US10628448B1 (en) | 2013-11-20 | 2020-04-21 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US10025842B1 (en) | 2013-11-20 | 2018-07-17 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US9477737B1 (en) | 2013-11-20 | 2016-10-25 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US11461364B1 (en) | 2013-11-20 | 2022-10-04 | Consumerinfo.Com, Inc. | Systems and user interfaces for dynamic access of multiple remote databases and synchronization of data based on user rules |
US9529851B1 (en) | 2013-12-02 | 2016-12-27 | Experian Information Solutions, Inc. | Server architecture for electronic data quality processing |
US9407650B2 (en) * | 2013-12-09 | 2016-08-02 | F-Secure Corporation | Unauthorised/malicious redirection |
US20150163236A1 (en) * | 2013-12-09 | 2015-06-11 | F-Secure Corporation | Unauthorised/malicious redirection |
US11107158B1 (en) | 2014-02-14 | 2021-08-31 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US10262362B1 (en) | 2014-02-14 | 2019-04-16 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
US11847693B1 (en) | 2014-02-14 | 2023-12-19 | Experian Information Solutions, Inc. | Automatic generation of code for attributes |
USD760256S1 (en) | 2014-03-25 | 2016-06-28 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
USD759690S1 (en) | 2014-03-25 | 2016-06-21 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
USD759689S1 (en) | 2014-03-25 | 2016-06-21 | Consumerinfo.Com, Inc. | Display screen or portion thereof with graphical user interface |
US10482532B1 (en) | 2014-04-16 | 2019-11-19 | Consumerinfo.Com, Inc. | Providing credit data in search results |
US9892457B1 (en) | 2014-04-16 | 2018-02-13 | Consumerinfo.Com, Inc. | Providing credit data in search results |
US10373240B1 (en) | 2014-04-25 | 2019-08-06 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US11587150B1 (en) | 2014-04-25 | 2023-02-21 | Csidentity Corporation | Systems and methods for eligibility verification |
US11074641B1 (en) | 2014-04-25 | 2021-07-27 | Csidentity Corporation | Systems, methods and computer-program products for eligibility verification |
US9571452B2 (en) * | 2014-07-01 | 2017-02-14 | Sophos Limited | Deploying a security policy based on domain names |
US20160006693A1 (en) * | 2014-07-01 | 2016-01-07 | Sophos Limited | Deploying a security policy based on domain names |
US9767104B2 (en) * | 2014-09-02 | 2017-09-19 | Netapp, Inc. | File system for efficient object fragment access |
US9823969B2 (en) | 2014-09-02 | 2017-11-21 | Netapp, Inc. | Hierarchical wide spreading of distributed storage |
US20160063008A1 (en) * | 2014-09-02 | 2016-03-03 | Netapp, Inc. | File system for efficient object fragment access |
US11863417B2 (en) | 2014-12-18 | 2024-01-02 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US11381487B2 (en) | 2014-12-18 | 2022-07-05 | Amazon Technologies, Inc. | Routing mode and point-of-presence selection service |
US11297140B2 (en) | 2015-03-23 | 2022-04-05 | Amazon Technologies, Inc. | Point of presence based data uploading |
US9779764B2 (en) | 2015-04-24 | 2017-10-03 | Netapp, Inc. | Data write deferral during hostile events |
US9817715B2 (en) | 2015-04-24 | 2017-11-14 | Netapp, Inc. | Resiliency fragment tiering |
US11461402B2 (en) | 2015-05-13 | 2022-10-04 | Amazon Technologies, Inc. | Routing based request correlation |
US10855513B2 (en) * | 2015-06-17 | 2020-12-01 | Tencent Technology (Shenzhen) Company Limited | Information pushing method, device and computer readable storage medium |
US20170359212A1 (en) * | 2015-06-17 | 2017-12-14 | Tencent Technology (Shenzhen) Company Limited | Information processing method, device and computer readable storage medium |
US11082353B2 (en) * | 2015-09-28 | 2021-08-03 | Arris Enterprises Llc | Domain name system response spoofing at customer premise equipment device |
US11134134B2 (en) | 2015-11-10 | 2021-09-28 | Amazon Technologies, Inc. | Routing for origin-facing points of presence |
US10379742B2 (en) | 2015-12-28 | 2019-08-13 | Netapp, Inc. | Storage zone set membership |
US10514984B2 (en) | 2016-02-26 | 2019-12-24 | Netapp, Inc. | Risk based rebuild of data objects in an erasure coded storage system |
US20180302468A1 (en) * | 2016-03-14 | 2018-10-18 | Ebay Inc. | System and method for delegating content processing |
US10055317B2 (en) | 2016-03-22 | 2018-08-21 | Netapp, Inc. | Deferred, bulk maintenance in a distributed storage system |
US11463550B2 (en) | 2016-06-06 | 2022-10-04 | Amazon Technologies, Inc. | Request management for hierarchical cache |
US11457088B2 (en) | 2016-06-29 | 2022-09-27 | Amazon Technologies, Inc. | Adaptive transfer rate for retrieving content from a server |
US10565266B2 (en) * | 2016-09-29 | 2020-02-18 | Konica Minolta Laboratory U.S.A., Inc. | Method and system for multiple profile creation to mitigate profiling |
US11330008B2 (en) | 2016-10-05 | 2022-05-10 | Amazon Technologies, Inc. | Network addresses with encoded DNS-level information |
US11762703B2 (en) | 2016-12-27 | 2023-09-19 | Amazon Technologies, Inc. | Multi-region request-driven code execution system |
US11681733B2 (en) | 2017-01-31 | 2023-06-20 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11227001B2 (en) | 2017-01-31 | 2022-01-18 | Experian Information Solutions, Inc. | Massive scale heterogeneous data ingestion and user resolution |
US11075987B1 (en) | 2017-06-12 | 2021-07-27 | Amazon Technologies, Inc. | Load estimating content delivery network |
US11003732B2 (en) * | 2017-06-30 | 2021-05-11 | Diluvian LLC | Methods and systems for protecting user-generated data in computer network traffic |
US11290418B2 (en) | 2017-09-25 | 2022-03-29 | Amazon Technologies, Inc. | Hybrid content request routing system |
US11588639B2 (en) | 2018-06-22 | 2023-02-21 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US10911234B2 (en) | 2018-06-22 | 2021-02-02 | Experian Information Solutions, Inc. | System and method for a token gateway environment |
US11665198B2 (en) | 2018-07-09 | 2023-05-30 | Blackberry Limited | Managing third party URL distribution |
US11388192B2 (en) * | 2018-07-09 | 2022-07-12 | Blackberry Limited | Managing third party URL distribution |
US11861661B2 (en) * | 2018-07-16 | 2024-01-02 | James D. MacDonald-Korth | Automatic login link for targeted users without previous account creation |
US20230005016A1 (en) * | 2018-07-16 | 2023-01-05 | James D. MacDonald-Korth | Automatic login link for targeted users without previous account creation |
US11282108B2 (en) * | 2018-07-16 | 2022-03-22 | James D. MacDonald-Korth | Automatic login link for targeted users without previous account creation |
US11265324B2 (en) | 2018-09-05 | 2022-03-01 | Consumerinfo.Com, Inc. | User permissions for access to secure data at third-party |
US11399029B2 (en) | 2018-09-05 | 2022-07-26 | Consumerinfo.Com, Inc. | Database platform for realtime updating of user data from third party sources |
US10880313B2 (en) | 2018-09-05 | 2020-12-29 | Consumerinfo.Com, Inc. | Database platform for realtime updating of user data from third party sources |
US10671749B2 (en) | 2018-09-05 | 2020-06-02 | Consumerinfo.Com, Inc. | Authenticated access and aggregation database platform |
US10963434B1 (en) | 2018-09-07 | 2021-03-30 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11734234B1 (en) | 2018-09-07 | 2023-08-22 | Experian Information Solutions, Inc. | Data architecture for supporting multiple search models |
US11315179B1 (en) | 2018-11-16 | 2022-04-26 | Consumerinfo.Com, Inc. | Methods and apparatuses for customized card recommendations |
US11362986B2 (en) | 2018-11-16 | 2022-06-14 | Amazon Technologies, Inc. | Resolution of domain name requests in heterogeneous network environments |
US11025747B1 (en) | 2018-12-12 | 2021-06-01 | Amazon Technologies, Inc. | Content request pattern-based routing system |
US11552969B2 (en) | 2018-12-19 | 2023-01-10 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US11824870B2 (en) | 2018-12-19 | 2023-11-21 | Abnormal Security Corporation | Threat detection platforms for detecting, characterizing, and remediating email-based threats in real time |
US11743294B2 (en) | 2018-12-19 | 2023-08-29 | Abnormal Security Corporation | Retrospective learning of communication patterns by machine learning models for discovering abnormal behavior |
US11238656B1 (en) | 2019-02-22 | 2022-02-01 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11842454B1 (en) | 2019-02-22 | 2023-12-12 | Consumerinfo.Com, Inc. | System and method for an augmented reality experience via an artificial intelligence bot |
US11070514B2 (en) * | 2019-09-11 | 2021-07-20 | Verizon Patent And Licensing Inc. | System and method for domain name system (DNS) service selection |
US11941065B1 (en) | 2019-09-13 | 2024-03-26 | Experian Information Solutions, Inc. | Single identifier platform for storing entity data |
US11477235B2 (en) | 2020-02-28 | 2022-10-18 | Abnormal Security Corporation | Approaches to creating, managing, and applying a federated database to establish risk posed by third parties |
US11949713B2 (en) | 2020-03-02 | 2024-04-02 | Abnormal Security Corporation | Abuse mailbox for facilitating discovery, investigation, and analysis of email-based threats |
US11663303B2 (en) | 2020-03-02 | 2023-05-30 | Abnormal Security Corporation | Multichannel threat detection for protecting against account compromise |
US11528242B2 (en) * | 2020-10-23 | 2022-12-13 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US11683284B2 (en) * | 2020-10-23 | 2023-06-20 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US20220272062A1 (en) * | 2020-10-23 | 2022-08-25 | Abnormal Security Corporation | Discovering graymail through real-time analysis of incoming email |
US11552984B2 (en) * | 2020-12-10 | 2023-01-10 | KnowBe4, Inc. | Systems and methods for improving assessment of security risk based on personal internet account data |
US11704406B2 (en) | 2020-12-10 | 2023-07-18 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US11687648B2 (en) | 2020-12-10 | 2023-06-27 | Abnormal Security Corporation | Deriving and surfacing insights regarding security threats |
US20220191233A1 (en) * | 2020-12-10 | 2022-06-16 | KnowBe4, Inc. | Systems and methods for improving assessment of security risk based on personal internet account data |
US11831731B2 (en) * | 2021-02-23 | 2023-11-28 | Prove Identity, Inc. | Proving possession of a communications device via a directed connection |
WO2022182553A1 (en) * | 2021-02-23 | 2022-09-01 | Prove Identity, Inc. | Proving possession of a communications device via a directed connection |
US11880377B1 (en) | 2021-03-26 | 2024-01-23 | Experian Information Solutions, Inc. | Systems and methods for entity resolution |
US11831661B2 (en) | 2021-06-03 | 2023-11-28 | Abnormal Security Corporation | Multi-tiered approach to payload detection for incoming communications |
US20230031865A1 (en) * | 2021-07-29 | 2023-02-02 | Ricoh Company, Ltd. | Device, display method, and recording medium |
Also Published As
Publication number | Publication date |
---|---|
US20110247053A1 (en) | 2011-10-06 |
US20090043765A1 (en) | 2009-02-12 |
WO2006018647A1 (en) | 2006-02-23 |
EP1779216A1 (en) | 2007-05-02 |
US8996697B2 (en) | 2015-03-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20080201401A1 (en) | Secure server authentication and browsing | |
US20230030475A1 (en) | User interface for email inbox to call attention differently to different classes of email | |
JP6871357B2 (en) | Systems and methods for detecting online scams | |
US8079087B1 (en) | Universal resource locator verification service with cross-branding detection | |
US8073910B2 (en) | User interface for email inbox to call attention differently to different classes of email | |
Herzberg et al. | Trustbar: Protecting (even naive) web users from spoofing and phishing attacks | |
Herzberg et al. | Security and identification indicators for browsers against spoofing and phishing attacks | |
Ramzan | Phishing attacks and countermeasures | |
US20080172382A1 (en) | Security Component for Use With an Internet Browser Application and Method and Apparatus Associated Therewith | |
US7422115B2 (en) | Techniques for to defeat phishing | |
US20060070126A1 (en) | A system and methods for blocking submission of online forms. | |
WO2005091107A1 (en) | Security component for use with an internet browser application and method and apparatus associated therewith | |
WO2006020095A2 (en) | Security systems and services to provide identity and uniform resource identifier verification | |
WO2009052524A2 (en) | Methods and systems for indicating trustworthiness of secure communications | |
US20150052005A1 (en) | Internet site authentication with payments authorization data | |
US9972013B2 (en) | Internet site authentication with payments authorization data | |
Herzberg et al. | Protecting (even) Naive Web Users, or: preventing spoofing and establishing credentials of web sites | |
Tsow | Phishing with Consumer Electronics-Malicious Home Routers. | |
US8443192B2 (en) | Network security method | |
Berghel et al. | Phish phactors: Offensive and defensive strategies | |
Mihai | Overview on phishing attacks | |
Hallam-Baker | Prevention strategies for the next wave of cyber crime | |
Garcia et al. | How to Defend against Identity Theft, Phishing, and Web Spoofing | |
Qi et al. | SSL‐enabled trusted communication: Spoofing and protecting the non‐cautious users |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: ADRAIN, JOHN B., WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MIASNIKOV, STANISLAV;REEL/FRAME:022312/0807 Effective date: 20090219 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |