SYSTEM FOR DETECTING SPOOFED HYPERLINKS

US 20050076222A1
Filed: 09/21/2004
Published: 04/07/2005
Est. Priority Date: 09/22/2003
Status: Active Grant

First Claim

Patent Images

1. A computer program for assisting a user to determine whether a hyperlink to a target uniform resource locator (URL) is spoofed, the method comprising:

a code segment that listens with a computerized system for an activation of the hyperlink;

a code segment that extracts an originator identifier and encrypted data from the hyperlink;

a code segment that decrypts said encrypted data into decrypted data based on said originator identifier;

a code segment that presents information on a display unit;

a code segment that redirects; and

a code segment that determines whether the hyperlink includes said originator identifier and said encrypted data decrypts successfully, and then;

runs said code segment that presents, to present a confirmation of authentication to the user conveying the name of the owner and the domain name of the target URL, and runs said code segment that redirects, to redirect the user to the target URL;

and otherwise, runs said code segment that presents, to present a warning dialog to the user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system (50, 150) for assisting a user (14) to determine whether a hyperlink (152) to a target uniform resource locator (URL) is spoofed. A computerized system having a display unit is provided and logic (158) therein listens for activation of the hyperlink (152) in a message (154). The logic (158) extracts an originator identifier (102) and encrypted data from the hyperlink (152), and decrypts the encrypted data into decrypted data based on the originator identifier (102). The logic (158) determines whether the hyperlink (152) includes the originator identifier (102) and the encrypted data decrypts successfully. Responsive to this it then presents a confirmation of authentication conveying the name of the owner and the domain name of the target URL on the display unit, and it redirects the user (14) to the target URL. Otherwise, it presents a warning dialog to the user (14) on the display unit.

146 Citations

26 Claims

1. A computer program for assisting a user to determine whether a hyperlink to a target uniform resource locator (URL) is spoofed, the method comprising:
- a code segment that listens with a computerized system for an activation of the hyperlink;
  
  a code segment that extracts an originator identifier and encrypted data from the hyperlink;
  
  a code segment that decrypts said encrypted data into decrypted data based on said originator identifier;
  
  a code segment that presents information on a display unit;
  
  a code segment that redirects; and
  
  a code segment that determines whether the hyperlink includes said originator identifier and said encrypted data decrypts successfully, and then;
  
  runs said code segment that presents, to present a confirmation of authentication to the user conveying the name of the owner and the domain name of the target URL, and runs said code segment that redirects, to redirect the user to the target URL;
  
  and otherwise, runs said code segment that presents, to present a warning dialog to the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer program of claim 1, wherein the computer program is digitally signed.
  - 3. The computer program of claim 1, wherein said code segment that listens runs as a service in said computerized system.
  - 4. The computer program of claim 1, wherein said code segment that listens includes a hypertext transport protocol (HTTP) server.
  - 5. The computer program of claim 1, wherein said code segment that listens listens at a preset non routable internet protocol (IP) address and at a preset port.
  - 6. The computer program of claim 1, wherein said code segment that decrypts includes a code segment that extracts the target URL from said decrypted data.
  - 7. The computer program of claim 1, wherein said the hyperlink includes the target URL and said code segment that decrypts includes:
    - a code segment that extracts a digital signature from said decrypted data; and
      
      a code segment that verifies said digital signature against said originator identifier.
  - 8. The computer program of claim 1, wherein said code segment that decrypts employs a public key associated with said originator identifier.
  - 9. The computer program of claim 1, further comprising:
    - a code segment that matches said originator identifier to one of a plurality of registered originators; and
      
      a code segment that retrieves a decryption key associated with said originator identifier for use by said code segment that decrypts.
  - 10. The computer program of claim 1, wherein said code segment that presents employs a dialog box that only software running locally in said computerized system can provide, thereby avoiding confusion with a remotely generated browser window.

11. A system for assisting a user to determine whether a hyperlink to a target uniform resource locator (URL) is spoofed, the system comprising:
- a computerized system having a display unit;
  
  a logic in said computerized system that listens for activation of the hyperlink;
  
  a logic that extracts an originator identifier and encrypted data from the hyperlink;
  
  a logic that decrypts said encrypted data into decrypted data based on said originator identifier;
  
  a logic that determines whether the hyperlink includes said originator identifier and that said encrypted data decrypts successfully;
  
  a logic responsive to said logic that determines, that presents on said display unit a confirmation of authentication conveying the name of the owner and the domain name of the target URL and that redirects the user to the target URL; and
  
  a logic responsive to said logic that determines, that presents on said display unit a warning dialog to the user.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein said logic that listens runs as a service.
  - 13. The system of claim 11, wherein logic that listens includes a hypertext transport protocol (HTTP) server.
  - 14. The system of claim 11, wherein said logic that listens listens at a preset non routable internet protocol (IP) address and at a preset port.
  - 15. The system of claim 11, wherein said logic that decrypts includes a logic that extracts the target URL from said decrypted data.
  - 16. The system of claim 11, wherein said the hyperlink includes the target URL and said logic that decrypts includes:
    - a logic that extracts a digital signature from said decrypted data; and
      
      a logic segment that verifies said digital signature against said originator identifier.
  - 17. The system of claim 11, wherein said logic that decrypts employs a public key associated with said originator identifier.
  - 18. The system of claim 11, further comprising:
    - a logic that matches said originator identifier to one of a plurality of registered originators; and
      
      a logic that retrieves a decryption key associated with said originator identifier for use by said logic that decrypts.
  - 19. The system of claim 11, wherein said logic that presents employs a dialog box that only software running locally in said computerized system can provide, thereby avoiding confusion with a remotely generated browser window.

20. A method for assisting a user to determine whether a hyperlink to a target uniform resource locator (URL) is spoofed, the method comprising:
- listening for an activation of the hyperlink;
  
  extracting an originator identifier and encrypted data from the hyperlink;
  
  decrypting said encrypted data into decrypted data based on said originator identifier;
  
  when the hyperlink includes said originator identifier and said encrypted data decrypts successfully;
  
  presenting a confirmation of authentication to the user, wherein said confirmation of authentication conveys the name of the owner and the domain name of the target URL; and
  
  redirecting the user to the target URL;
  
  and otherwise, presenting a warning dialog to the user.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The method of claim 20, wherein said listening includes running at least one of a service and a hypertext transport protocol (HTTP) server in a computerized system.
  - 22. The method of claim 20, wherein said listening is at a preset non routable internet protocol (IP) address and a preset port.
  - 23. The method of claim 20, said decrypting includes extracting the target URL from said decrypted data.
  - 24. The method of claim 20, wherein said the hyperlink includes the target URL and said decrypting includes:
    - extracting a digital signature from said decrypted data; and
      
      verifying said digital signature against said originator identifier.
  - 25. The method of claim 20, further comprising:
    - matching said originator identifier to one of a plurality of registered originators;
      
      retrieving a decryption key associated with said originator identifier for use in said decrypting.
  - 26. The method of claim 20, wherein said presenting a confirmation employs a dialog box that only software running locally in a computerized system can provide, thereby avoiding confusion with a remotely generated browser window.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Proofpoint Incorporated
Original Assignee
Secure Data In Motion, Inc. (Proofpoint Incorporated)
Inventors
Olkin, Terry M., Olkin, Jeffrey C., Moreh, Jahanshah

Granted Patent

US 7,461,257 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 51/212   using filtering or selectiv...

H04L 51/48   Message addressing, e.g. ad...

H04L 63/0442   wherein the sending and rec...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

SYSTEM FOR DETECTING SPOOFED HYPERLINKS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

146 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM FOR DETECTING SPOOFED HYPERLINKS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

146 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links