Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks

US 10,356,125 B2
Filed: 05/26/2017
Issued: 07/16/2019
Est. Priority Date: 05/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of preventing leakage of user credentials to phishing websites, comprising:

capturing user credentials input to a webpage of a website;

generating a hash of the captured user credentials;

updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites;

in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and

subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted;

when the requested input indicates that URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the website; and

in response to the requested input indicating that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user credentials to the website.

Citations

16 Claims

1. A computer-implemented method of preventing leakage of user credentials to phishing websites, comprising:
- capturing user credentials input to a webpage of a website;
  
  generating a hash of the captured user credentials;
  
  updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites;
  
  in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and
  
  subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted;
  
  when the requested input indicates that URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the website; and
  
  in response to the requested input indicating that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The computer-implemented method of claim 1, wherein generating the hash comprises applying a key-stretching algorithm to the captured user credentials.
  - 3. The computer-implemented method of claim 2, wherein applying the key-stretching algorithm to the captured user credentials further comprises inputting a cryptographic salt when generating the hash.
  - 4. The computing device of claim 2, wherein applying the key-stretching algorithm to the captured user credentials further comprises inputting a cryptographic salt when generating the hash.
  - 5. The computer-implemented method of claim 1 wherein, for each website, the stored list of trusted website credentials is configured as a First-In, First-Out (FIFO) queue.
  - 6. The computer-implemented method of claim 1, wherein the stored list of trusted website credentials further comprises the domain of the website to which the captured credentials were input and a time stamp.
  - 7. The computer-implemented method of claim 1, wherein capturing the user credentials further comprises:
    - waiting for a Document Object Model (DOM) tree of the webpage of the website to reach an idle state;
      
      waiting for a DOM event and a DOM mutation;
      
      identifying all forms having fields associated with user credentials;
      
      adding at least one of an input event listener to at least one of the identified fields and a click event listener to at least one button and link belonging to the identified forms; and
      
      capturing user credentials input to one of the forms using at least one of the input event listener and the click event listener.
  - 8. The computer-implemented method of claim 1, further comprising receiving updates to the list of trusted websites from the remote computer server.
  - 9. The computer-implemented method of claim 1, wherein the user credentials are input to a browser displaying the webpage of the website and wherein preventing leakage of user credentials by phishing websites is performed by a plug-in to the browser.
  - 10. The computing device of claim 1 wherein, for each website, the stored list of trusted website credentials is configured as a First-In, First-Out (FIFO) register.
  - 11. The computing device of claim 1, wherein the stored list of trusted website credentials further comprises the domain of the URL of the website to which the captured credentials were input and a time stamp.
  - 12. The computing device of claim 1, wherein the plurality of processes spawned by the at least one processor for capturing the user credentials further includes processing logic for:
    - waiting for a Document Object Model (DOM) tree of the webpage of the website to reach an idle state;
      
      waiting for a DOM event and a DOM mutation;
      
      identifying all forms having fields associated with user credentials;
      
      adding at least one of an input event listener to at least one of the identified fields and a click event listener to at least one button and link belonging to the identified forms; and
      
      capturing user credentials input to one of the forms using at least one of the input event listener and the click event listener.
  - 13. The computing device of claim 1, further comprising processing logic for receiving updates to the list of trusted websites from the remote computer server.
  - 14. The computing device of claim 1, wherein the plurality of processes spawned by the at least one processor are configured as a plug-in to the browser.

15. A computing device configured for preventing leakage of user credentials to phishing websites comprising:
- at least one hardware processor;
  
  at least one data storage device coupled to the at least one hardware processor;
  
  a network interface coupled to the at least one hardware processor and to a computer network;
  
  a plurality of processes spawned by said at least one hardware processor, the processes including processing logic for;
  
  capturing user credentials input to a webpage of a website;
  
  generating a hash of the captured user credentials;
  
  updating a stored list of trusted website credentials with the generated hashed user credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which the user credentials were input is present in a stored list of trusted websites;
  
  in response to determining that the domain of the URL of the website to which the user credentials were input is not present in the stored list of trusted websites, determining whether the generated hashed user credentials matches one of a plurality of hashed user credentials in the list of trusted website credentials; and
  
  subsequentlywhen the generated hashed user credentials matches a hashed user credential in the list of trusted website credentials, requesting input indicative of whether the URL of the website is trusted or whether the URL of the website is unknown and/or untrusted;
  
  when the requested input indicates that the URL of the website is unknown and/or untrusted, sending the URL of the website to a remote computer server over a computer network and disallowing submission of the user credentials to the websitein response to the requested input indicating is that the URL of website is trusted, adding the domain of the URL of the website to the stored list of trusted websites, adding the generated hash of the captured user credentials to the stored list of trusted website credentials and allowing the user credentials to be submitted to the website.
- View Dependent Claims (16)
- - 16. The computing device of claim 15, wherein generating the hash comprises applying a key-stretching algorithm to the captured user credentials.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VADE USA Incorporated
Original Assignee
VADE Secure Incorporated
Inventors
Goutal, Sebastien, Honore, Antoine
Primary Examiner(s)
Chai, Longbit

Application Number

US15/607,329
Publication Number

US 20180343283A1
Time in Patent Office

781 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/1483   service impersonation, e.g....

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Devices, systems and computer-implemented methods for preventing password leakage in phishing attacks

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links