US9270684B2 - Providing a domain to IP address reputation service - Google Patents
Providing a domain to IP address reputation service Download PDFInfo
- Publication number
- US9270684B2 US9270684B2 US13/864,743 US201313864743A US9270684B2 US 9270684 B2 US9270684 B2 US 9270684B2 US 201313864743 A US201313864743 A US 201313864743A US 9270684 B2 US9270684 B2 US 9270684B2
- Authority
- US
- United States
- Prior art keywords
- domain
- network
- information handling
- network address
- handling system
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H04L61/1511—
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Definitions
- the present disclosure relates to an approach that provides reputation input used in network address translations in order to reduce malevolent network intrusions.
- CA Certification Authority
- DNS Domain Name System
- the attacker manipulates the DNS response.
- Various methods of manipulating DNS responses include (1) DNS cache poisoning, (2) direct manipulation of the DNS records, and (3) manipulation of the local DNS storage on client side.
- a user requests a website by entering a domain name.
- the user gets a fake DNS response and is consequently redirect to a different server that is controlled by the attacker. Since the fake server has a valid certificate, no attack indication is provided to the user.
- the user may then unwittingly provide sensitive or confidential information, such as bank account numbers, passwords, etc. since the user does not realize he is being attacked.
- a network address is received from a domain name service (DNS) based on a requested uniform resource locator (URL) that corresponds to a requested domain.
- DNS domain name service
- URL uniform resource locator
- a set of one or more network addresses previously established as corresponding to the requested domain is retrieved from a data store accessible from the information handling system.
- the information handling system is automatically connected to the network address in response to the received network address matching one of the set of one or more retrieved network addresses.
- FIG. 1 is a block diagram of a data processing system in which the methods described herein can be implemented
- FIG. 2 provides an extension of the information handling system environment shown in FIG. 1 to illustrate that the methods described herein can be performed on a wide variety of information handling systems which operate in a networked environment;
- FIG. 3 is a component diagram showing the various components used in one embodiment of an approach that provides reputation input used in network address translations in order to reduce malevolent network intrusions;
- FIG. 4 is a component diagram showing the various components used in a single-system implementation of the approach that provides reputation input in order to reduce malevolent network intrusions;
- FIG. 5 is a component diagram showing the various components used in an enterprise implementation of the approach that provides reputation input in order to reduce malevolent network intrusions;
- FIG. 6 is a depiction of a flowchart showing the logic used to provide reputation input to a user in order to reduce malevolent network intrusions.
- FIG. 7 is a depiction of a flowchart showing the logic performed to update stored domain and IP address data used to reduce malevolent network intrusions.
- aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
- the computer readable medium may be a computer readable signal medium or a computer readable storage medium.
- a computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing.
- a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
- a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof.
- a computer readable signal medium may be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
- Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
- Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
- the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer, server, or cluster of servers.
- the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
- LAN local area network
- WAN wide area network
- Internet Service Provider for example, AT&T, MCI, Sprint, EarthLink, MSN, GTE, etc.
- These computer program instructions may also be stored in a computer readable medium that can direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- FIG. 1 illustrates information handling system 100 , which is a simplified example of a computer system capable of performing the computing operations described herein.
- Information handling system 100 includes one or more processors 110 coupled to processor interface bus 112 .
- Processor interface bus 112 connects processors 110 to Northbridge 115 , which is also known as the Memory Controller Hub (MCH).
- Northbridge 115 connects to system memory 120 and provides a means for processor(s) 110 to access the system memory.
- Graphics controller 125 also connects to Northbridge 115 .
- PCI Express bus 118 connects Northbridge 115 to graphics controller 125 .
- Graphics controller 125 connects to display device 130 , such as a computer monitor.
- Northbridge 115 and Southbridge 135 connect to each other using bus 119 .
- the bus is a Direct Media Interface (DMI) bus that transfers data at high speeds in each direction between Northbridge 115 and Southbridge 135 .
- DMI Direct Media Interface
- PCI Peripheral Component Interconnect
- Southbridge 135 also known as the I/O Controller Hub (ICH) is a chip that generally implements capabilities that operate at slower speeds than the capabilities provided by the Northbridge.
- Southbridge 135 typically provides various busses used to connect various components.
- busses include, for example, PCI and PCI Express busses, an ISA bus, a System Management Bus (SMBus or SMB), and/or a Low Pin Count (LPC) bus 192 .
- Extensible Firmware Interface (EFI) Boot Manager 180 connects to Southbridge 135 using System Peripheral Interface (SPI) bus 178 .
- the LPC bus 192 often connects low-bandwidth devices, such as boot ROM 196 and “legacy” I/O devices (using a “super I/O” chip).
- the “legacy” I/O devices ( 198 ) can include, for example, serial and parallel ports, keyboard, mouse, and/or a floppy disk controller.
- the LPC bus 192 also connects Southbridge 135 to Trusted Platform Module (TPM) 195 .
- TPM Trusted Platform Module
- Other components often included in Southbridge 135 include a Direct Memory Access (DMA) controller, a Programmable Interrupt Controller (PIC), and a storage device controller, which connects Southbridge 135 to nonvolatile storage device 185 , such as a hard disk drive, using bus 184 .
- DMA Direct Memory Access
- PIC Programmable Interrupt Controller
- storage device controller which connects Southbridge 135 to nonvolatile storage device 185 , such as a hard disk drive, using bus 184 .
- ExpressCard 155 is a slot that connects hot-pluggable devices to the information handling system.
- ExpressCard 155 supports both PCI Express and USB connectivity as it connects to Southbridge 135 using both the Universal Serial Bus (USB) the PCI Express bus.
- Southbridge 135 includes USB Controller 140 that provides USB connectivity to devices that connect to the USB. These devices include webcam (camera) 150 , infrared (IR) receiver 148 , keyboard and trackpad 144 , and Bluetooth device 146 , which provides for wireless personal area networks (PANs).
- webcam camera
- IR infrared
- keyboard and trackpad 144 keyboard and trackpad 144
- Bluetooth device 146 which provides for wireless personal area networks (PANs).
- USB Controller 140 also provides USB connectivity to other miscellaneous USB connected devices 142 , such as a mouse, removable nonvolatile storage device 145 , modems, network cards, ISDN connectors, fax, printers, USB hubs, and many other types of USB connected devices. While removable nonvolatile storage device 145 is shown as a USB-connected device, removable nonvolatile storage device 145 could be connected using a different interface, such as a Firewire interface, etcetera.
- Wireless Local Area Network (LAN) device 175 connects to Southbridge 135 via the PCI or PCI Express bus 172 .
- LAN device 175 typically implements one of the IEEE 0.802.11 standards of over-the-air modulation techniques that all use the same protocol to wireless communicate between information handling system 100 and another computer system or device.
- Optical storage device 190 connects to Southbridge 135 using Serial ATA (SATA) bus 188 .
- Serial ATA adapters and devices communicate over a high-speed serial link.
- the Serial ATA bus also connects Southbridge 135 to other forms of storage devices, such as hard disk drives.
- Audio circuitry 160 such as a sound card, connects to Southbridge 135 via bus 158 .
- Audio circuitry 160 also provides functionality such as audio line-in and optical digital audio in port 162 , optical digital output and headphone jack 164 , internal speakers 166 , and internal microphone 168 .
- Ethernet controller 170 connects to Southbridge 135 using a bus, such as the PCI or PCI Express bus. Ethernet controller 170 connects information handling system 100 to a computer network, such as a Local Area Network (LAN), the Internet, and other public and private computer networks.
- LAN Local Area Network
- the Internet and other public and private computer networks.
- an information handling system may take many forms.
- an information handling system may take the form of a desktop, server, portable, laptop, notebook, or other form factor computer or data processing system.
- an information handling system may take other form factors such as a personal digital assistant (PDA), a gaming device, ATM machine, a portable telephone device, a communication device or other devices that include a processor and memory.
- PDA personal digital assistant
- the Trusted Platform Module (TPM 195 ) shown in FIG. 1 and described herein to provide security functions is but one example of a hardware security module (HSM). Therefore, the TPM described and claimed herein includes any type of HSM including, but not limited to, hardware security devices that conform to the Trusted Computing Groups (TCG) standard, and entitled “Trusted Platform Module (TPM) Specification Version 1.2.”
- TCG Trusted Computing Groups
- TPM Trusted Platform Module
- the TPM is a hardware security subsystem that may be incorporated into any number of information handling systems, such as those outlined in FIG. 2 .
- FIG. 2 provides an extension of the information handling system environment shown in FIG. 1 to illustrate that the methods described herein can be performed on a wide variety of information handling systems that operate in a networked environment.
- Types of information handling systems range from small handheld devices, such as handheld computer/mobile telephone 210 to large mainframe systems, such as mainframe computer 270 .
- handheld computer 210 include personal digital assistants (PDAs), personal entertainment devices, such as MP3 players, portable televisions, and compact disc players.
- PDAs personal digital assistants
- Other examples of information handling systems include pen, or tablet, computer 220 , laptop, or notebook, computer 230 , workstation 240 , personal computer system 250 , and server 260 .
- Other types of information handling systems that are not individually shown in FIG. 2 are represented by information handling system 280 .
- the various information handling systems can be networked together using computer network 200 .
- Types of computer network that can be used to interconnect the various information handling systems include Local Area Networks (LANs), Wireless Local Area Networks (WLANs), the Internet, the Public Switched Telephone Network (PSTN), other wireless networks, and any other network topology that can be used to interconnect the information handling systems.
- Many of the information handling systems include nonvolatile data stores, such as hard drives and/or nonvolatile memory.
- Some of the information handling systems shown in FIG. 2 depicts separate nonvolatile data stores (server 260 utilizes nonvolatile data store 265 , mainframe computer 270 utilizes nonvolatile data store 275 , and information handling system 280 utilizes nonvolatile data store 285 ).
- the nonvolatile data store can be a component that is external to the various information handling systems or can be internal to one of the information handling systems.
- removable nonvolatile storage device 145 can be shared among two or more information handling systems using various techniques, such as connecting the removable nonvolatile storage device 145 to a USB port or other connector of the information handling systems.
- FIGS. 3-7 depict an approach that can be executed on an information handling system, such as a mobile device, and computer network as shown in FIGS. 1-2 .
- the core idea of this approach is to use reputation data to assist a user in preventing malevolent network-based attacks.
- the approach verifies the IP Address of the requested Domain on the client side.
- the approach performs the verification by checking data stored in the client's local storage. These checks include (1) checking if the IP address is contained in a stored list of valid IP ranges for the particular Domain, and (2) checking if the Domain/IP pair is valid. In one embodiment, the second check might be possible because of an earlier request made by the user. If one of the checks does not match, the user is notified of a potential problem.
- the user can either deny the connection request or he can approve it. If the user approves the connection request, the combination of Domain and IP are added to the client's local storage.
- Various techniques are disclosed to supply the list of IP ranges and domains. Any one of the techniques, or a combination thereof, are used to supply the list.
- the IP address ranges can be manually supplied by the user.
- the Domain owner can provide a file, such as an XML file, that includes the IP address ranges used by the Domain.
- a trusted service provider such as the IBM X-Force, can supplies the IP address ranges used by multiple Domains. This approach verifies that the IP address that the user's device is about to connect to belongs to the Domain name that was requested by the user. Further details and examples depicting various embodiments of the approach that uses reputation data to assist a user in preventing network-based attacks are shown in FIGS. 3-7 , descriptions of which are found below.
- FIG. 3 is a component diagram showing the various components used in one embodiment of an approach that provides reputation input used in network address translations in order to reduce malevolent network intrusions.
- User 300 is a user of local system 310 .
- Local system is an information handling system as shown in FIG. 1 . Examples of various types of information handling systems are shown in FIG. 2 with such information handling system being connected to computer network 200 , such as the Internet.
- Process 320 runs at the user's local system to provide a domain to Internet Protocol (IP) address reputation service.
- IP Internet Protocol
- the local system receives, from a domain name service (DNS), a network address that is based on the requested URL that corresponds to a requested domain.
- DNS domain name service
- Process 320 retrieves, from data store 330 which is accessible from the local system, a set of one or more network addresses previously established as corresponding to the requested domain. If the requested domain corresponds to one of the network addresses retrieved from data store 330 , then the local system is automatically connected to the network address.
- the user of local system 310 is prompted for a trust reply. If the trust reply received from the user indicates that the user does not trust the received network address as corresponding to the requested domain, then the system does not connect the local system to the network address received from the DNS. On the other hand, if the user's trust reply indicates that the user trusts that the received network address corresponds to the requested domain, then the received network address and the requested domain are added to data store 330 and the local system is connected to the network address.
- FIG. 3 further depicts techniques used to update data store 330 .
- data store 330 is updated using a list of network addresses from one of the domains shown in network domains collection 340 .
- list 350 such as an Extensible Markup Language (XML) file that is prepared by the domain and distributed.
- the user validates the domain-provided list of network addresses using traditional validation techniques such as using private/public keys, etc.
- the list of network addresses may indicate ranges of network addresses that correspond to the domain. Once validated, the list is used to update and populate data store 330 .
- XML Extensible Markup Language
- trusted service 360 provides data file 370 that includes a number of domains with each of the domains corresponding to any number of network addresses.
- the user's local system validates data file 370 using traditional validation techniques and the list of network addresses may include domain-address range pairs where each of the domains can correspond to a range of network addresses. Once validated, the domain-address range pairs included in data file 370 are used to update and populate data store 330 .
- FIG. 4 is a component diagram showing the various components used in a single-system implementation of the approach that provides reputation input in order to reduce malevolent network intrusions.
- process 320 that provides the domain to IP address reputation service is accessible from browser core 410 within browser application 400 .
- process 320 might be installed as a plug-in to browser application 400 .
- Local domain name service (DNS) storage 415 is stored on a nonvolatile storage device accessible from browser core 410 .
- User 300 utilizes browser 400 and can also submit manual updates 450 which are processed by domain to IP address reputation process 320 .
- Browser core 410 accesses network resources via computer network 200 , such as the Internet.
- a network-based DNS service 425 is accessed by browser core 410 in order to identify network addresses (IP addresses) based on a network name, such as a Uniform Resource Locator (URL).
- IP addresses network addresses
- URL Uniform Resource Locator
- Process 320 retrieves, from data store 330 which is accessible from local filesystem 475 , a set of one or more network addresses previously established as corresponding to the requested domain.
- Data store 330 is updated using manual updates 450 provided by user 300 as well as by trusted source updates list 350 , such as an Extensible Markup Language (XML) file that is prepared by Internet domains 340 and distributed via the network.
- Trusted service 360 provides data file 370 that includes a number of domains with each of the domains corresponding to any number of network addresses. Both list 350 and data file 370 are received at process 320 .
- the domains and address ranges included in list 350 and data file 370 are, upon successful validation, used to update and populate data store 330 .
- FIG. 5 is a component diagram showing the various components used in an enterprise implementation of the approach that provides reputation input in order to reduce malevolent network intrusions.
- user 300 utilizes browser 400 which has local DNS storage accessible.
- DNS service 425 is available via local network 525 .
- Proxy/inline device 500 is accessible by user 300 's device via local area network 525 .
- Proxy/inline device 500 includes core 510 and process 320 .
- process 320 that provides the domain to IP address reputation service is accessible from core 510 within proxy/inline device 500 .
- Process 320 retrieves, from data store 330 which is stored in filesystem 475 which is accessible via local area network 525 , a set of one or more network addresses previously established as corresponding to the requested domain.
- Data store 330 is updated using manual updates 450 provided by user 300 as well as by trusted source updates list 350 , such as an Extensible Markup Language (XML) file that is prepared by Internet domains 340 and distributed via the network.
- Manual updates from user 300 should be first verified by an administrator before the data is usable by others.
- the data input from user 300 could be stored in a temporary area and moved to a production area after verification.
- Trusted service 360 provides data file 370 that includes a number of domains with each of the domains corresponding to any number of network addresses. Both list 350 and data file 370 are received at process 320 .
- the domains and address ranges included in list 350 and data file 370 are, upon successful validation, used to update and populate data store 330 .
- FIG. 6 is a depiction of a flowchart showing the logic used to provide reputation input to a user in order to reduce malevolent network intrusions.
- Processing commences at 600 whereupon, at step 610 , the process receives a URL (uniform resource locator) request from a network connected system.
- the process receives the network address (IP address) by performing a lookup of the URL, such as from a local or network-based domain name service (DNS) provider.
- DNS domain name service
- the process executes the update storage routine to possibly update data store 330 with new information (see FIG. 7 and corresponding text for processing details). Based on the execution of predefined process 650 , a decision is made as to whether the user wishes to connect to the network address provided by the DNS (decision 660 ).
- decision 660 branches to the “yes” branch whereupon, at step 670 , the user's device connects to the network address provided by the DNS. On the other hand, if the user does not wish to connect to the network address provided by the DNS, then decision 660 branches to the “no” branch whereupon, at step 675 , the connection is rejected and the user's device is not connected to the network address provided by the DNS.
- decision 640 if the domain is a known domain (stored in data store 330 ) and the network address returned by the DNS is within the sets, or ranges, of network addresses known for this domain, then decision 640 branches to the “yes” branch whereupon, at step 670 , the user's device connects to the network address provided by the DNS.
- step 680 the process waits for the next network connection request.
- a decision is made as to whether a shutdown of the process has been requested (decision 690 ). If a shutdown of the process has not been requested, then decision 690 branches to the “no” branch which loops back to receive the next URL requested by the user and the URL is processed as described above. This looping continues until the user wishes to shutdown the system and/or the process, at which point decision 690 branches to the “yes” branch and processing ends at 695 .
- FIG. 7 is a depiction of a flowchart showing the logic performed to update stored domain and IP address data used to reduce malevolent network intrusions. This routine is called by the processing shown in FIG. 6 (see predefined process 650 ) and is also called when list 350 is received from a domain and when data file 370 is received from a trusted service.
- FIG. 7 processing commences at 700 whereupon, at step 705 , a request is received.
- requests can include manual update requests, such as when an network address is not found in data store 320 and the process seeks user approval to add the network address, a list of one or more network addresses 350 pertaining to a domain that are received from a domain, and data file 370 received from a trusted service that includes a number of domains with each of the domains corresponding to any number of network addresses.
- the process receives user configuration data from data store 715 .
- user configuration data may indicate which domains can supply lists of network addresses as well as which service organizations are trusted services organizations that can provide data files to update data store 320 .
- decision 720 A decision is made as to whether the request is a manual input request (decision 720 ). If the request is a manual input request, then decision 720 branches to the “yes” branch whereupon, at step 725 , the process prompts the user as to whether the user trusts that the network address returned by the DNS corresponds to the domain. A decision is made, based on the user's response to the prompt, as to whether the user trusts that the network address returned by the DNS corresponds to the domain (decision 730 ).
- decision 730 branches to the “no” branch whereupon processing returns to the calling routine at 732 without updating data store 320 and with a return code indicating that the process should not connect to the network address. This decision, not to trust the data, could be cached for a period of time, so that the user does not have to be prompted again.
- decision 730 branches to the “yes” branch whereupon, at step 735 , the user is prompted as to whether the user wishes to update data store 320 with the domain-network address pair.
- decision 740 A decision is made, based on the user's response, as to whether the user wishes to add the domain-network address pair to data store 320 (decision 740 ). If the user wishes to add the domain-network address pair to storage, then decision 740 branches to the “yes” branch whereupon, at step 745 , the domain-network address pair is written to data store 320 and processing returns at step 748 to the calling routine (see FIG. 6 ) with a return code indicating that the process should connect to the network address received from the DNS. Returning to decision 740 , if the user did not wish to add the domain-network address pair to data store 320 , then decision 740 branches to the “no” branch bypassing step 745 and processing returns to the calling routine (see FIG. 6 ) with a return code indicating that the process should connect to the network address received from the DNS.
- decision 720 if the request is not a manual input request, then decision 720 branches to the “no” branch whereupon a decision is made as to whether the request is a request received by a domain to add a list of network addresses provided by a particular domain (decision 750 ). If the request is a request received by a domain to add a list of network addresses provided by a particular domain, then decision 750 branches to the “yes” branch whereupon, at step 755 , the process checks whether the domain and/or the list (e.g., an XML file, etc.) are trusted by the user, such as per a previously set configuration setting (e.g., using public/private keys, etc.) or based upon a manual approval.
- the domain and/or the list e.g., an XML file, etc.
- decision 760 A decision is made, based on the check performed at step 755 , as to whether the domain and/or received list is trusted (decision 760 ). If the domain and the received list of network addresses are trusted, then decision 760 branches to the “yes” branch whereupon, at step 765 , the process adds the received domain/network address range(s) (sets of network addresses) to data store 320 and processing returns at 768 to the calling routine indicating that the process can connect to any of the network addresses added by the domain.
- decision 760 branches to the “no” branch whereupon the network addresses are not added to data store 320 and processing returns at 769 to the calling routine indicating that the process should not connect to any of the network addresses included in the list.
- decision 750 if the request is not a request received by a domain to add a list of network addresses provided by a particular domain then decision 750 branches to the “no” branch whereupon a decision is made as to whether the request is a data file received by a service organization to add sets of domain names and network addresses to data store 320 (decision 770 ).
- decision 770 branches to the “yes” branch whereupon, at step 775 , the process checks whether the service organization and data file provided by the service organization are trusted, such as per a previously set configuration setting (e.g., using public/private keys, etc.) or based upon a manual approval.
- a determination is made as to whether the service organization is a trusted service organization and whether the data file received from the service organization is also trusted (e.g., not tampered, etc.).
- decision 780 branches to the “yes” branch whereupon, at step 785 , the process updates data store 320 using sets of domain names and network address range(s) (sets) received from the trusted service organization and processing returns at 788 to the calling routine indicating that the process can connect to any of the network addresses added by the trusted service organization.
- decision 780 branches to the “no” branch whereupon the network addresses are not added to data store 320 and processing returns at 789 to the calling routine indicating that the process should not connect to the network addresses included in the data file.
- decision 770 if the request is not a data file received by a service organization to add sets of domain names and network addresses to data store 320 , then decision 770 branches to the “no” branch whereupon, at step 790 , the process handles other types of requests, such as a user configuration request that updates user configuration data store 715 . Processing thereafter ends at 795 .
- each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s).
- the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
Abstract
Description
Claims (17)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/864,743 US9270684B2 (en) | 2013-04-17 | 2013-04-17 | Providing a domain to IP address reputation service |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/864,743 US9270684B2 (en) | 2013-04-17 | 2013-04-17 | Providing a domain to IP address reputation service |
Publications (2)
Publication Number | Publication Date |
---|---|
US20140317730A1 US20140317730A1 (en) | 2014-10-23 |
US9270684B2 true US9270684B2 (en) | 2016-02-23 |
Family
ID=51730089
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US13/864,743 Expired - Fee Related US9270684B2 (en) | 2013-04-17 | 2013-04-17 | Providing a domain to IP address reputation service |
Country Status (1)
Country | Link |
---|---|
US (1) | US9270684B2 (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10681001B2 (en) | 2018-03-29 | 2020-06-09 | Akamai Technologies, Inc. | High precision mapping with intermediary DNS filtering |
US11838262B1 (en) | 2022-11-30 | 2023-12-05 | Cujo LLC | Discovery of FQDN for target website |
US20230412559A1 (en) * | 2022-06-21 | 2023-12-21 | Uab 360 It | Systems and methods for controlling access to domains using artificial intelligence |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9722801B2 (en) * | 2013-09-30 | 2017-08-01 | Juniper Networks, Inc. | Detecting and preventing man-in-the-middle attacks on an encrypted connection |
GB2545491B (en) * | 2015-12-18 | 2020-04-29 | F Secure Corp | Protection against malicious attacks |
US11706241B1 (en) | 2020-04-08 | 2023-07-18 | Wells Fargo Bank, N.A. | Security model utilizing multi-channel data |
US11720686B1 (en) | 2020-04-08 | 2023-08-08 | Wells Fargo Bank, N.A. | Security model utilizing multi-channel data with risk-entity facing cybersecurity alert engine and portal |
US11777992B1 (en) * | 2020-04-08 | 2023-10-03 | Wells Fargo Bank, N.A. | Security model utilizing multi-channel data |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070083670A1 (en) | 2005-10-11 | 2007-04-12 | International Business Machines Corporation | Method and system for protecting an internet user from fraudulent ip addresses on a dns server |
US20090216852A1 (en) * | 2008-02-22 | 2009-08-27 | Geoffrey George Filippi | System and method for updating a dynamic domain name server |
US20110078309A1 (en) * | 2006-04-29 | 2011-03-31 | Eric Bloch | Apparatus for Filtering Server Responses |
US7979734B2 (en) | 2007-07-11 | 2011-07-12 | Samsung Electronics Co., Ltd. | Method and system for preventing service disruption of internet protocol (IP) based services due to domain name resolution failures |
EP2375672A1 (en) | 2000-04-26 | 2011-10-12 | VirnetX Inc. | Improvements to an agile network protocol for secure communications with assured system availability |
EP2381650A1 (en) | 2000-04-26 | 2011-10-26 | VirnetX Inc. | Secure domain name service |
US20110283174A1 (en) | 2010-05-13 | 2011-11-17 | Verisign, Inc. | Optimizing Security Seals on Web Pages |
US20120011590A1 (en) | 2010-07-12 | 2012-01-12 | John Joseph Donovan | Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud |
-
2013
- 2013-04-17 US US13/864,743 patent/US9270684B2/en not_active Expired - Fee Related
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2375672A1 (en) | 2000-04-26 | 2011-10-12 | VirnetX Inc. | Improvements to an agile network protocol for secure communications with assured system availability |
EP2381650A1 (en) | 2000-04-26 | 2011-10-26 | VirnetX Inc. | Secure domain name service |
US20070083670A1 (en) | 2005-10-11 | 2007-04-12 | International Business Machines Corporation | Method and system for protecting an internet user from fraudulent ip addresses on a dns server |
US20110078309A1 (en) * | 2006-04-29 | 2011-03-31 | Eric Bloch | Apparatus for Filtering Server Responses |
US7979734B2 (en) | 2007-07-11 | 2011-07-12 | Samsung Electronics Co., Ltd. | Method and system for preventing service disruption of internet protocol (IP) based services due to domain name resolution failures |
US20090216852A1 (en) * | 2008-02-22 | 2009-08-27 | Geoffrey George Filippi | System and method for updating a dynamic domain name server |
US20110283174A1 (en) | 2010-05-13 | 2011-11-17 | Verisign, Inc. | Optimizing Security Seals on Web Pages |
US20120011590A1 (en) | 2010-07-12 | 2012-01-12 | John Joseph Donovan | Systems, methods and devices for providing situational awareness, mitigation, risk analysis of assets, applications and infrastructure in the internet and cloud |
Non-Patent Citations (2)
Title |
---|
Mills, "Fraudulent Google certificate points to Internet attack," CNET News, Aug. 29, 2011, 5 pages. |
Mutton, "Browsers vulnerable to fraudulent SSL certificates," netcraft.com, posted on Mar. 23, 2011, 1 page. |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10681001B2 (en) | 2018-03-29 | 2020-06-09 | Akamai Technologies, Inc. | High precision mapping with intermediary DNS filtering |
US20230412559A1 (en) * | 2022-06-21 | 2023-12-21 | Uab 360 It | Systems and methods for controlling access to domains using artificial intelligence |
US11838262B1 (en) | 2022-11-30 | 2023-12-05 | Cujo LLC | Discovery of FQDN for target website |
Also Published As
Publication number | Publication date |
---|---|
US20140317730A1 (en) | 2014-10-23 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9270684B2 (en) | Providing a domain to IP address reputation service | |
US10091127B2 (en) | Enrolling a mobile device with an enterprise mobile device management environment | |
US10880287B2 (en) | Out of box experience application API integration | |
US9871821B2 (en) | Securely operating a process using user-specific and device-specific security constraints | |
US8413130B2 (en) | System and method for self policing of authorized configuration by end points | |
AU2015256293B2 (en) | Facilitating single sign-on to software applications | |
US9201642B2 (en) | Extending platform trust during program updates | |
US9197629B2 (en) | Remote direct memory access authentication of a device | |
US9160731B2 (en) | Establishing a trust relationship between two product systems | |
US10673835B2 (en) | Implementing single sign-on in a transaction processing system | |
US20160380977A1 (en) | Enterprise reputations for uniform resource locators | |
JP2015523669A (en) | Dynamic registration of applications to enterprise systems | |
US11924210B2 (en) | Protected resource authorization using autogenerated aliases | |
CN110555293A (en) | Method, apparatus, electronic device and computer readable medium for protecting data | |
US9984228B2 (en) | Password re-usage identification based on input method editor analysis | |
US20150381629A1 (en) | Crowd Sourced Access Approvals | |
US9449194B2 (en) | Secure access to running client application features from a browser application | |
CN112905990A (en) | Access method, client, server and access system | |
US11496511B1 (en) | Systems and methods for identifying and mitigating phishing attacks | |
US20150195253A1 (en) | Retrieving both sensitive and non-sensitive content in a secure manner | |
JP2020109645A (en) | System and method for changing password of account record under threat of illegal access to user data | |
US10171486B2 (en) | Security and authentication daisy chain analysis and warning system | |
US11196762B2 (en) | Vulnerability scanner based on network profile | |
US11113378B2 (en) | Content-based authentication | |
US9225715B2 (en) | Securely associating an application with a well-known entity |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ASHLEY, PAUL A.;HAGEMANN, CARSTEN;REEL/FRAME:030237/0767 Effective date: 20130417 |
|
AS | Assignment |
Owner name: GLOBALFOUNDRIES U.S. 2 LLC COMPANY, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:036277/0160 Effective date: 20150629 |
|
AS | Assignment |
Owner name: GLOBALFOUNDRIES INC., CAYMAN ISLANDS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GLOBALFOUNDRIES U.S. 2 LLC;GLOBALFOUNDRIES U.S. INC.;REEL/FRAME:036779/0001 Effective date: 20150910 |
|
AS | Assignment |
Owner name: GLOBALFOUNDRIES U.S.2 LLC, NEW YORK Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE THE RECEIVING PARTY DATA (NAME OF ASSIGNEE) NEEDS TO BE CORRECTED. ASSIGNEE SHOULD READ GLOBALFOUNDRIES U.S. 2 LLC PREVIOUSLY RECORDED ON REEL 036277 FRAME 0160. ASSIGNOR(S) HEREBY CONFIRMS THE GLOBALFOUNDRIES U.S. 2 LLC COMPANY;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:036919/0644 Effective date: 20150629 |
|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
AS | Assignment |
Owner name: WILMINGTON TRUST, NATIONAL ASSOCIATION, DELAWARE Free format text: SECURITY AGREEMENT;ASSIGNOR:GLOBALFOUNDRIES INC.;REEL/FRAME:049490/0001 Effective date: 20181127 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20200223 |
|
AS | Assignment |
Owner name: GLOBALFOUNDRIES INC., CAYMAN ISLANDS Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION;REEL/FRAME:054636/0001 Effective date: 20201117 |
|
AS | Assignment |
Owner name: GLOBALFOUNDRIES U.S. INC., NEW YORK Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:WILMINGTON TRUST, NATIONAL ASSOCIATION;REEL/FRAME:056987/0001 Effective date: 20201117 |