Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks

US 20080222736A1
Filed: 03/07/2007
Published: 09/11/2008
Est. Priority Date: 03/07/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:

a. detecting a submission of a first request from the client'"'"'s browser to said site;

b. redirecting, by the redirector, said first request to the traffic processor for monitoring said first request;

c. forwarding said first request from said traffic processor to said site;

d. receiving a response containing at least one HTML page, from said site, by said traffic processor;

e. modifying said response by obfuscating said at least one HTML page of said response;

f. storing de-obfuscation information in a transaction table;

g. forwarding the modified response from said traffic processor to said browser;

h. redirecting a second request from said browser to said traffic processor by said redirector;

i. checking said second request for an unauthorized command;

j. de-obfuscating said second request using the stored information in said transaction table; and

k. forwarding the modified second request to said site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to a method for preventing an unauthorized activity including a transaction in a web site comprising the steps of: (a) receiving a response containing at least one HTML page, from said site, by the traffic processor; (b) modifying said response by obfuscating said at least one HTML page of said response; (c) storing de-obfuscation information in a transaction table; (d) forwarding the modified response from said traffic processor to the client'"'"'s browser; (e) redirecting a request from said browser to the traffic processor, by the redirector; (f) checking said request for an unauthorized command; (g) de-obfuscating said request using the stored information in said transaction table; and (h) forwarding the modified request to said site.

157 Citations

14 Claims

1. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
- a. detecting a submission of a first request from the client'"'"'s browser to said site;
  
  b. redirecting, by the redirector, said first request to the traffic processor for monitoring said first request;
  
  c. forwarding said first request from said traffic processor to said site;
  
  d. receiving a response containing at least one HTML page, from said site, by said traffic processor;
  
  e. modifying said response by obfuscating said at least one HTML page of said response;
  
  f. storing de-obfuscation information in a transaction table;
  
  g. forwarding the modified response from said traffic processor to said browser;
  
  h. redirecting a second request from said browser to said traffic processor by said redirector;
  
  i. checking said second request for an unauthorized command;
  
  j. de-obfuscating said second request using the stored information in said transaction table; and
  
  k. forwarding the modified second request to said site.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method according to claim 1 wherein the transaction table stores de-obfuscation information of more than one HTML page.
  - 3. A method according to claim 1 wherein the forwarding of the request(s) by the traffic processor and the receiving of response(s) from the site is done using a secure path.
  - 4. A method according to claim 1 wherein the first request from the client'"'"'s browser is the login request.
  - 5. A method according to claim 1 wherein when an unauthorized command is detected a log event or an alert event is triggered.
  - 6. A method according to claim 5 wherein the user, or the web site, or the operator of the service, or a 3rd party entity are alerted when an unauthorized command is detected.
  - 7. A method according to claim 1 wherein the obfuscation of the HTML page is performed using one or more of the following techniques:
    - adding user invisible forms/links, changing the form action, adding user invisible form parameters, renaming form parameters, changing the form/link order in the DOM, moving forms/links from the static HTML, changing the forms/links at runtime, adding client side code for encryption, changing some of the page text to an image, a series of images or a distorted image.

8. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
- a. receiving a response containing at least one HTML page, from said site, by the traffic processor;
  
  b. modifying said response by obfuscating said at least one HTML page of said response;
  
  c. storing de-obfuscation information in a transaction table;
  
  d. forwarding the modified response from said traffic processor to the client'"'"'s browser;
  
  e. redirecting a request from said browser to said traffic processor by the redirector;
  
  f checking said request for an unauthorized command;
  
  g. de-obfuscating said request using the stored information in said transaction table; and
  
  h. forwarding the modified request to said site.

9. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
- a. redirecting, by the redirector, a first request from the client'"'"'s browser to the traffic processor for monitoring said first request;
  
  b. forwarding said first request from said traffic processor to said site;
  
  c. receiving a response containing at least one HTML page, from said site, by the traffic processor;
  
  d. modifying said response by obfuscating said at least one HTML page of said response;
  
  e. storing de-obfuscation information in a transaction table;
  
  f forwarding the modified response from said traffic processor to said browser;
  
  g. redirecting a second request from said browser to said traffic processor by the redirector;
  
  h. checking said second request for an unauthorized command;
  
  i. de-obfuscating said second request using the stored information in said transaction table; and
  
  j. forwarding the modified second request to said site.

10. A method for preventing an unauthorized activity including a transaction in a web site comprising the steps of:
- a. receiving a response containing at least one HTML page, from said site, by the traffic processor;
  
  b. modifying said response by obfuscating said at least one HTML page of said response;
  
  c. storing de-obfuscation information in a transaction table;
  
  d. forwarding the modified response from said traffic processor to the client'"'"'s browser;
  
  e. receiving a request from said browser by said traffic processor;
  
  f checking said request for an unauthorized command;
  
  g. de-obfuscating said request using the stored information in said transaction table; and
  
  h. forwarding the modified request to said site.
- View Dependent Claims (11, 12, 13, 14)
- - 11. A method according to claim 10 wherein the traffic processor resides on the client.
  - 12. A method according to claim 10 wherein the traffic processor resides on a server.
  - 13. A method according to claim 10 wherein the traffic processor resides on the ISP.
  - 14. A method according to claim 10 wherein the obfuscation of the HTML page is performed by manipulating the DOM.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trusteer Incorporated (International Business Machines Corporation)
Original Assignee
Trusteer Incorporated (International Business Machines Corporation)
Inventors
Boodaei, Michael, Klein, Amit

Application Number

US11/714,933
Publication Number

US 20080222736A1
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/128   involving web programs, i.e...

G06F 21/14   against software analysis o...

G06F 21/51   at application loading time...

G06F 21/606   by securing the transmissio...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1441   Countermeasures against mal...

Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

157 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Scrambling HTML to prevent CSRF attacks and transactional crimeware attacks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links