Method and system for inferring risk of data leakage from third-party tags
First Claim
Patent Images
1. A computer-implemented method for identifying data leakage across an Internet connection, comprising the steps of:
- a. accessing via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the MSP server is configured to mimic a standard web browser such that it appears from the Internet website as if the MSP server is a consumer using the standard web browser to access the Internet website but wherein the MSP server is actually configured to analyze the Internet website for data leakage;
b. searching the Internet website to identify any third-party tags on the Internet website;
c. determining whether any of the third-party tags forward requests to subsequent third-party tags, thereby allowing the subsequent third-party tags to piggyback through inspection of the Internet website at the time the Internet website is loaded;
d. if it is determined that subsequent third-party tags are piggybacking on the Internet website, dynamically calculating an individual threat score associated with each third-party tag found on the Internet website based on use by each third-party tag of any personal information associated with an individual accessing the Internet website;
e. if individual threat scores are calculated, calculating a cumulative threat score associated with the Internet website based on the individual threat scores; and
f. if a cumulative threat score is calculated, then determining whether the cumulative threat score is above a threshold threat score, and if so identifying the Internet website as a data leakage threat.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for assessing the data leakage threat associated with third-party tags on a particular website, such as a content publisher site, is assessed by mimicking a standard web browser. Each third-party tag on the site is identified and investigated in a hierarchical manner, and a data leakage threat score is assigned to each third-party tag based on certain attributes associated with the tag and the resource linked by the third-party tag. A cumulative data leakage threat score is then calculated to determine if the site is a data leakage threat, such as a threat for misuse of a consumer'"'"'s data.
26 Citations
28 Claims
-
1. A computer-implemented method for identifying data leakage across an Internet connection, comprising the steps of:
-
a. accessing via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the MSP server is configured to mimic a standard web browser such that it appears from the Internet website as if the MSP server is a consumer using the standard web browser to access the Internet website but wherein the MSP server is actually configured to analyze the Internet website for data leakage; b. searching the Internet website to identify any third-party tags on the Internet website; c. determining whether any of the third-party tags forward requests to subsequent third-party tags, thereby allowing the subsequent third-party tags to piggyback through inspection of the Internet website at the time the Internet website is loaded; d. if it is determined that subsequent third-party tags are piggybacking on the Internet website, dynamically calculating an individual threat score associated with each third-party tag found on the Internet website based on use by each third-party tag of any personal information associated with an individual accessing the Internet website; e. if individual threat scores are calculated, calculating a cumulative threat score associated with the Internet website based on the individual threat scores; and f. if a cumulative threat score is calculated, then determining whether the cumulative threat score is above a threshold threat score, and if so identifying the Internet website as a data leakage threat. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 23, 24, 25, 26, 27, 28)
-
-
9. A computer program product for assessing a risk associated with data leakage on the Internet, the computer program product being stored on a non-transitory tangible computer-readable medium and comprising instructions that, when executed, cause a computer system to:
-
a. access via threat analysis software hosted on at least one marketing services provider (MSP) server an Internet website hosted at a publisher server, wherein the analysis software mimics a standard web browser such that the Internet website appears to be accessed in the same manner as it would be accessed by a standard web browser but wherein the MSP server is actually configured to analyze the Internet website for data leakage; b. search the Internet website to identify any third-party tag piggybacking, wherein identifying third-party tag piggybacking comprises determining whether any third-party tags forward requests to subsequent third-party tags; c. dynamically calculate an individual threat score associated with each instance of third-party tag piggybacking found on the Internet website based on any use by each third-party tag of personal information associated with an individual accessing the Internet website; d. calculate a cumulative threat score associated with the Internet website based on each individual threat score; and e. if the cumulative threat score is above a threshold threat score, return an indicator that the Internet website is a data leakage threat. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A system for determining a threat of data leakage for an Internet website, comprising:
-
a. a marketing services provider (MSP) server configured to access the Internet website in a manner that mimics a standard web browser such that it appears to the Internet website that the MSP server is a consumer using the standard browser but wherein the MSP server is actually configured to analyze the Internet website to identify and investigate any third-party tag piggybacking found on the Internet website, wherein third-party tag piggybacking comprises a third-party tag forwarding requests to at least one subsequent third-party tag; b. a leaker table stored in a non-transitory computer-readable medium in communication with the MSP server, wherein the leaker table comprises a plurality of Internet domains known to be data leakers; and c. an attribute table stored in a non-transitory computer-readable medium in communication with the MSP server, wherein the attribute table comprises a plurality of attributes for an Internet domain associated with a threat of Internet-based data leakage based on use by any third-party tag of personal information associated with an individual. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification