Detecting and preventing man-in-the-middle attacks on an encrypted connection
First Claim
1. A method comprising:
- determining, by a device, one or more verification domains to be used to verify a public key certificate,the one or more verification domains being different from a host domain associated with the device;
determining, by the device, one or more resources to be requested to verify the public key certificate;
determining, by the device, one or more actions to perform when the public key certificate is not valid;
generating, by the device, executable verification code, for performing the one or more actions without prompting a user to accept or reject the public key certificate, based on determining the one or more verification domains, based on determining the one or more resources, and based on determining the one or more actions;
embedding, by the device, the executable verification code in other code; and
providing, by the device, the other code, with the executable verification code, for execution by a client device.
1 Assignment
0 Petitions
Accused Products
Abstract
A client device may provide, to a host device, a request to access a website associated with a host domain. The client device may receive, based on the request, verification code that identifies a verification domain and a resource, associated with the verification domain, to be requested to verify a public key certificate. The verification domain may be different from the host domain. The client device may execute the verification code, and may request the resource from the verification domain based on executing the verification code. The client device may determine whether the requested resource was received, and may selectively perform a first action or a second action based on determining whether the requested resource was received. The first action may indicate that the public key certificate is not valid, and the second action may indicate that the public key certificate is valid.
94 Citations
20 Claims
-
1. A method comprising:
-
determining, by a device, one or more verification domains to be used to verify a public key certificate, the one or more verification domains being different from a host domain associated with the device; determining, by the device, one or more resources to be requested to verify the public key certificate; determining, by the device, one or more actions to perform when the public key certificate is not valid; generating, by the device, executable verification code, for performing the one or more actions without prompting a user to accept or reject the public key certificate, based on determining the one or more verification domains, based on determining the one or more resources, and based on determining the one or more actions; embedding, by the device, the executable verification code in other code; and providing, by the device, the other code, with the executable verification code, for execution by a client device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a memory; and one or more processors to; determine one or more verification domains to be used to verify a public key certificate, the one or more verification domains being different from a host domain; determine one or more resources to be requested to verify the public key certificate; determine one or more actions to perform when the public key certificate is not valid; generate executable verification code, for performing the one or more actions without prompting a user to accept or reject the public key certificate, based on determining the one or more verification domains, based on determining the one or more resources, and based on determining the one or more actions; embed the executable verification code in other code; and provide the other code with the executable verification code for execution by a client device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by at least one processor, cause the at least one processor to; determine one or more verification domains to be used to verify a public key certificate, the one or more verification domains being different from a host domain; determine one or more resources to be requested to verify the public key certificate; determine one or more actions to perform when the public key certificate is not valid; generate executable verification code, for performing the one or more actions without prompting a user to accept or reject the public key certificate, based on determining the one or more verification domains, based on determining the one or more resources, and based on determining the one or more actions; embed the executable verification code in other code; and provide the other code with the executable verification code for execution by a client device. - View Dependent Claims (16, 17, 18, 19, 20)
Specification