Method and system for inferring risk of data leakage from third-party tags

US 10,108,918 B2
Filed: 09/05/2014
Issued: 10/23/2018
Est. Priority Date: 09/19/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for identifying data leakage across an Internet connection, comprising the steps of:

a. accessing via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the MSP server is configured to mimic a standard web browser such that it appears from the Internet website as if the MSP server is a consumer using the standard web browser to access the Internet website but wherein the MSP server is actually configured to analyze the Internet website for data leakage;

b. searching the Internet website to identify any third-party tags on the Internet website;

c. determining whether any of the third-party tags forward requests to subsequent third-party tags, thereby allowing the subsequent third-party tags to piggyback through inspection of the Internet website at the time the Internet website is loaded;

d. if it is determined that subsequent third-party tags are piggybacking on the Internet website, dynamically calculating an individual threat score associated with each third-party tag found on the Internet website based on use by each third-party tag of any personal information associated with an individual accessing the Internet website;

e. if individual threat scores are calculated, calculating a cumulative threat score associated with the Internet website based on the individual threat scores; and

f. if a cumulative threat score is calculated, then determining whether the cumulative threat score is above a threshold threat score, and if so identifying the Internet website as a data leakage threat.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for assessing the data leakage threat associated with third-party tags on a particular website, such as a content publisher site, is assessed by mimicking a standard web browser. Each third-party tag on the site is identified and investigated in a hierarchical manner, and a data leakage threat score is assigned to each third-party tag based on certain attributes associated with the tag and the resource linked by the third-party tag. A cumulative data leakage threat score is then calculated to determine if the site is a data leakage threat, such as a threat for misuse of a consumer'"'"'s data.

26 Citations

View as Search Results

28 Claims

1. A computer-implemented method for identifying data leakage across an Internet connection, comprising the steps of:
- a. accessing via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the MSP server is configured to mimic a standard web browser such that it appears from the Internet website as if the MSP server is a consumer using the standard web browser to access the Internet website but wherein the MSP server is actually configured to analyze the Internet website for data leakage;
  
  b. searching the Internet website to identify any third-party tags on the Internet website;
  
  c. determining whether any of the third-party tags forward requests to subsequent third-party tags, thereby allowing the subsequent third-party tags to piggyback through inspection of the Internet website at the time the Internet website is loaded;
  
  d. if it is determined that subsequent third-party tags are piggybacking on the Internet website, dynamically calculating an individual threat score associated with each third-party tag found on the Internet website based on use by each third-party tag of any personal information associated with an individual accessing the Internet website;
  
  e. if individual threat scores are calculated, calculating a cumulative threat score associated with the Internet website based on the individual threat scores; and
  
  f. if a cumulative threat score is calculated, then determining whether the cumulative threat score is above a threshold threat score, and if so identifying the Internet website as a data leakage threat.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23, 24, 25, 26, 27, 28)
- - 2. The computer-implemented method of claim 1, wherein the Internet website is associated with an Internet domain, and further comprising the steps of:
    - a. searching for the Internet domain in a table of known data leaker Internet domains;
      
      b. identifying the Internet website as a data leakage threat if the Internet domain associated with the Internet website is found in the table of known data leaker Internet domains; and
      
      c. updating the table of known data leakers if the Internet domain is shared with other websites.
  - 3. The computer-implemented method of claim 2, wherein the step of calculating individual threat scores comprises the step of determining whether an Internet-based resource associated with each third-party tag exhibits any of a plurality of attributes, wherein each attribute is associated with a data leakage threat.
  - 4. The computer-implemented method of claim 3, wherein each attribute is associated with a numerical threat score.
  - 5. The computer-implemented method of claim 4, wherein the individual threat score is calculated as a sum of the threat scores associated with each attribute associated with each third-party tag.
  - 6. The computer-implemented method of claim 5, wherein the cumulative threat score is calculated as a sum of the individual threat scores.
  - 7. The computer-implemented method of claim 1, wherein the threshold is a numerical score that is at least as high as an identified percentage of a plurality of reference cumulative threat scores.
  - 8. The computer-implemented method of claim 1, wherein a second MSP server geographically remote from the MSP server, but connected by the Internet, repeats steps (a) and (b).
  - 23. The method of claim 1, wherein the step of dynamically calculating the individual threat scores associated with each third-party tag comprises a Bayesian inference analysis of attributes associated with a plurality of Internet domains, such that Internet domains with similar attributes to known data leakage Internet domains receive higher threat scores and domains with similar attributes to known non-data leakage Internet domains receive lower threat scores.
  - 24. The method of claim 1, wherein the step of dynamically calculating the individual threat scores associated with each third-party tag comprises the step of considering loose conditions for a set of threats and adjusting a magnitude of the threat scores through an averaged centroid based off of a frequency and aggregate scores relative to each threat.
  - 25. The method of claim 24, wherein the step of dynamically calculating the individual threat scores comprises the step of calculating an ideal median threat percentage based upon a distribution of threats in all Internet websites analyzed.
  - 26. The method of claim 25, wherein an ideal median threat percentage is calculated based upon the distribution of threats in all Internet websites analyzed, and is defined as occurring half the time with a set threat score and then scaling the threat scores of other threats around the ideal medial threat percentage.
  - 27. The method of claim 26, further comprising the calculation of a highest score by doubling a default score for a threat that occurs half of the time.
  - 28. The method of claim 25, wherein more common-appearing threats are de-emphasized in the step of dynamically calculating individual threat scores by creating an inverse relationship between a percent of time a threat is seen against an ideal percentage of the most common threat.

9. A computer program product for assessing a risk associated with data leakage on the Internet, the computer program product being stored on a non-transitory tangible computer-readable medium and comprising instructions that, when executed, cause a computer system to:
- a. access via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the analysis software mimics a standard web browser such that the Internet website appears to be accessed in the same manner as it would be accessed by a standard web browser but wherein the MSP server is actually configured to analyze the Internet website for data leakage;
  
  b. search the Internet website to identify any third-party tag piggybacking, wherein identifying third-party tag piggybacking comprises determining whether any third-party tags forward requests to subsequent third-party tags;
  
  c. dynamically calculate an individual threat score associated with each instance of third-party tag piggybacking found on the Internet website based on any use by each third-party tag of personal information associated with an individual accessing the Internet website;
  
  d. calculate a cumulative threat score associated with the Internet website based on each individual threat score; and
  
  e. if the cumulative threat score is above a threshold threat score, return an indicator that the Internet website is a data leakage threat.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The computer program product of claim 9, further comprising instructions that, when executed, cause a computer system to search an Internet domain associated with the Internet website in a table of known data leaker Internet domains, and identify the Internet website as a data leakage threat if the Internet domain associated with the Internet website is found in the table of known data leaker domains.
  - 11. The computer program product of claim 10, further comprising instructions that, when executed, cause a computer system to determine whether a resource associated with each third-party tag exhibits any of a plurality of attributes, wherein each attribute is associated with an Internet-based data leakage threat.
  - 12. The computer program product of claim 11, wherein each attribute is associated with a numerical threat score.
  - 13. The computer program product of claim 12, further comprising instructions that, when executed, cause a computer system to calculate the individual threat score as a sum of the threat scores associated with each attribute associated with each third-party tag.
  - 14. The computer program product of claim 13, further comprising instructions that, when executed, cause a computer system to calculate the cumulative threat score as a sum of the individual threat scores.
  - 15. The computer program product of claim 9, wherein the threshold is a threat score that is at least as high as a set percent of a database of dynamically calculated reference cumulative threat scores.

16. A system for determining a threat of data leakage for an Internet website, comprising:
- a. a marketing services provider (MSP) server configured to access the Internet website in a manner that mimics a standard web browser such that it appears to the Internet website that the MSP server is a consumer using the standard browser but wherein the MSP server is actually configured to analyze the Internet website to identify and investigate any third-party tag piggybacking found on the Internet website, wherein third-party tag piggybacking comprises a third-party tag forwarding requests to at least one subsequent third-party tag;
  
  b. a leaker table stored in a non-transitory computer-readable medium in communication with the MSP server, wherein the leaker table comprises a plurality of Internet domains known to be data leakers; and
  
  c. an attribute table stored in a non-transitory computer-readable medium in communication with the MSP server, wherein the attribute table comprises a plurality of attributes for an Internet domain associated with a threat of Internet-based data leakage based on use by any third-party tag of personal information associated with an individual.
- View Dependent Claims (17, 18, 19, 20, 21, 22)
- - 17. The system for determining a threat of data leakage across the Internet for a website of claim 16, wherein the attribute table further comprises, for each attribute, a numerical threat value associated with the attribute.
  - 18. The system for determining a threat of data leakage across the Internet for a website of claim 17, wherein the MSP server is further configured to identify each of the attributes from the attribute table associated with each third-party tag found on the Internet website.
  - 19. The system for determining a threat of data leakage across the Internet for a website of claim 18, wherein the MSP server is further configured to dynamically calculate an individual threat score for each third-party tag by summing the numerical threat value for each attribute associated with the third-party tag.
  - 20. The system for determining a threat of data leakage across the Internet for a website of claim 19, wherein the MSP server is further configured to calculate a cumulative threat score by summing the individual threat scores associated with each of the third-party tags on the Internet website.
  - 21. The system for determining a threat of data leakage across the Internet for an Internet website of claim 20, wherein the MSP server is further configured to compare the cumulative threat score to a threshold threat score, and return a threat result if the cumulative threat score is at least as high as the threshold score.
  - 22. The system for determining a threat of data leakage across the Internet for a website of claim 16, further comprising at least one additional MSP server located in a geographically remote location from the MSP server and connected via the Internet and configured to access the Internet website in the manner of a standard web browser but configured to analyze the Internet website to identify and investigate any third-party tag piggybacking found on the Internet website.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
LiveRamp, Inc. (LiveRamp Holdings, Inc.)
Original Assignee
Acxiom Corporation (LiveRamp Holdings, Inc.)
Inventors
Palan, Vivek, Owen, Paul, Ledo, Frank, Jolitz, Ben
Primary Examiner(s)
Henderson, Esther B.

Application Number

US14/478,714
Publication Number

US 20150082426A1
Time in Patent Office

1,509 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2119   Authenticating web pages, e...

G06Q 10/0635   Risk analysis of enterprise...

G06Q 30/02   Marketing; Price estimation...

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

Method and system for inferring risk of data leakage from third-party tags

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for inferring risk of data leakage from third-party tags

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links