SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING

US 20090077383A1
Filed: 08/06/2008
Published: 03/19/2009
Est. Priority Date: 08/06/2007
Status: Active Grant

First Claim

Patent Images

1. A method for data communication using a computer device, comprising:

determining whether to upgrade a first version of a data communication component, the first version of the data communication component containing a definition of a first communication protocol;

connecting to a secure server when it is determined to upgrade the first version of the data communication component;

performing an authentication check;

receiving a package from the secure server when the authentication check is successful, the package containing at least a second version of the data communication component containing a definition of a second communication protocol;

determining whether a digital signature embedded in package is valid;

installing the second version of the data communication component when the digital signature is valid;

executing the second version of the data communication component; and

performing data communication utilizing the second version of the data communication component and the second communication protocol.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities.

Citations

25 Claims

1. A method for data communication using a computer device, comprising:
- determining whether to upgrade a first version of a data communication component, the first version of the data communication component containing a definition of a first communication protocol;
  
  connecting to a secure server when it is determined to upgrade the first version of the data communication component;
  
  performing an authentication check;
  
  receiving a package from the secure server when the authentication check is successful, the package containing at least a second version of the data communication component containing a definition of a second communication protocol;
  
  determining whether a digital signature embedded in package is valid;
  
  installing the second version of the data communication component when the digital signature is valid;
  
  executing the second version of the data communication component; and
  
  performing data communication utilizing the second version of the data communication component and the second communication protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein determining whether to upgrade a first version of a data communication component includes:
    - determining a time elapsed from a time of a prior execution of the first version of the data communication component to a present time;
      
      comparing the elapsed time with a predetermined trigger time value; and
      
      connecting to the secure server when the elapsed time is one of equal to or greater than the triggering time value.
  - 3. The method of claim 2, whereinthe comparing the elapsed time includes determination of the present time using a network time protocol
  - 4. The method of claim 1, further comprising:
    - generating an alert when the authentication check is not successful or the digital signature is not valid; and
      
      transmitting the alert to at least one of a user of the computer device, a user of the secure server, or a survey server.
  - 5. The method of claim 1, whereinan address of the secure server is located in a pool of direct IP addresses;
    - andthe pool of direct IP addresses is stored in the first version of the secure communication component.
  - 6. The method of claim 1, whereinthe authentication check includes use of at least one of a zero knowledge protocol, an SSL certificate, or an asymmetric cryptography technique.
  - 7. The method of claim 1, whereinthe package further includes at least one dependency of the second version of the data communication component.
  - 8. The method of claim 1, whereinthe second version of the data communication component includes a modification of source code of the first version of the data communication component;
    - andthe modification is produced by a source code level polymorph engine.
  - 9. The method of claim 8, whereinthe source code level polymorph engine performs at least one of insertion of noise using non-functional instructions, embedding of variables, embedding of mathematical functions, embedding of values, insertion of jumps, insertion of time-shifting delays, randomly reordering the source code, insertion of references to API and call wrappings, insertion of tracer detection code, insertion of sub-thread generators, insertion of fake code, or insertion of auto-protection systems.

10. A method for generating a second version of a data communication component using a computer device, comprising:
- generating a pool of random numbers;
  
  generating a pool of ciphering keys;
  
  modifying source code of a first version of a data communication component using the pool of random numbers;
  
  linking a library of equivalent functions;
  
  compiling the modified source code;
  
  shielding the compiled source code;
  
  signing of the shielded compiled source code; and
  
  embedding dependencies.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, whereinthe second version of the data communication component includes a modification of source code of the first version of the data communication component;
    - andthe modification is produced by a source code level polymorph engine.
  - 12. The method of claim 11, whereinthe source code level polymorph engine performs at least one of insertion of noise using non-functional instructions, embedding of variables, embedding of mathematical functions, embedding of values, insertion of jumps, insertion of time-shifting delays, randomly reordering the source code, insertion of references to API and call wrappings, insertion of tracer detection code, insertion of sub-thread generators, insertion of fake code, or insertion of auto-protection systems.
  - 13. The method of claim 10, whereinthe shielding is performed by a binary level code protector;
    - andthe binary level code protector includes a binary level polymorph engine.
  - 14. The method of claim 13, whereinthe binary level polymorph engine performs at least one of injection of code protection functions, injection of anti-tracers, injection of anti-debugger traps, compression of binary code, ciphering of binary code, rewriting of headers, rewriting of resources, or rewriting of loaders.
  - 15. The method of claim 10, whereinthe signing of the compiled source code includes signing with an editor'"'"'s private key.
  - 16. The method of claim 10, whereinthe dependencies include at least one of an anti-malware database, a correction, or updated elements of other processes.

17. A method for data communication using a computer device, comprising:
- intercepting data communication when a link embedded in an electronic communication is selected by a user, the link containing at least one target location identifier;
  
  determining a type of application used to display the electronic communication; and
  
  when the application type is one of an electronic communication reader application or a web browser software application in a web-mail domain;
  
  extracting the subject of the electronic communication;
  
  extracting the content of the electronic communication;
  
  analyzing the electronic communication;
  
  analyzing the extracted subject and content;
  
  analyzing the selected link;
  
  analyzing a human factor of the electronic communication;
  
  determining a risk factor based on the analysis of the electronic communication, the analysis of the extracted subject and content, the analysis of the selected link, and the analysis of the human factor; and
  
  directing the user to one of the target location identified by the link or a valid location based upon a value of the determined risk factor.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, whereinthe extraction of at least one of the subject or the content of the electronic communication includes analyzing a document object model.
  - 19. The method of claim 17, whereinanalyzing the communication includes at least one of determining whether the selected link is embedded in an electronic email document, detection of a location and size of at least one image in the electronic communication, detection of visible and invisible elements of the electronic communication, calculation of a distances between foreground and background colors of one of text, area, and zones of the electronic communication, or analysis of images contained in the electronic communication using an embedded picture recognition algorithm.
  - 20. The method of claim 17, whereinanalyzing the subject and content includes at least one of analyzing words contained in the electronic communication, determination of a quantity of words commonly used in phishing communications, analyzing text referencing links contained in the electronic communication, or analyzing a format of the electronic communication.
  - 21. The method of claim 17, whereinanalyzing the selected link includes at least one of detection of encoded links, detection of redirection of domains, detection of top level domains, detection of spoofed links, detection of sub-redirected links, sorting of improperly formatted links, detection of username spoofing, detection of direct IP links, detection of protected targets, detection of misspelled links, detection of phonetic meanings in textual links, detection of companions'"'"' links, detection of known domains, detection of free hosting services, detection of dangerous geographical regions, or checking hidden redirection by a local host file.
  - 22. The method of claim 17, further comprising analyzing the target location identified in the link.
  - 23. The method of claim 17, whereinthe direction of the user to the valid location includes obtaining a default valid location link from a protection field dictionary.

24. A method for creation of a certificate using a computer device, comprising:
- receiving a request for certification at a server;
  
  performing an external verification;
  
  generating the certificate, the generation utilizing at least one requested option; and
  
  signing the certificate using a private key, whereinthe server is identified by a fully qualified domain name of the server and a TCP/IP address of the server.

25. A method for using a certificate utilizing a computer device, comprising:
- querying a server hosting at least one website;
  
  launching a call to an internal function to determine a protection of the server;
  
  downloading the certificate;
  
  using a public key to verify an authenticity of the certificate;
  
  extracting at least one certificate field when the certificate is verified as authentic;
  
  calculating at least one of a digital signature or a hash code of data received from the server;
  
  comparing the at least one certificate field with at least one of the digital signature or the hash code of the received data; and
  
  determining whether the website is valid based upon a result of the comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Morgamon SA
Original Assignee
Morgamon SA
Inventors
Moreau, Stephane, de Monseignat, Bernard

Granted Patent

US 8,578,166 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/175
CPC Class Codes

H04L 61/4511   using domain name system [DNS]

H04L 63/0823   using certificates cryptogr...

H04L 63/1483   service impersonation, e.g....

H04L 63/166   at the transport layer

H04L 9/3242   involving keyed hash functi...

SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links