SYSTEM AND METHOD FOR AUTHENTICATION, DATA TRANSFER, AND PROTECTION AGAINST PHISHING
First Claim
1. A method for data communication using a computer device, comprising:
- determining whether to upgrade a first version of a data communication component, the first version of the data communication component containing a definition of a first communication protocol;
connecting to a secure server when it is determined to upgrade the first version of the data communication component;
performing an authentication check;
receiving a package from the secure server when the authentication check is successful, the package containing at least a second version of the data communication component containing a definition of a second communication protocol;
determining whether a digital signature embedded in package is valid;
installing the second version of the data communication component when the digital signature is valid;
executing the second version of the data communication component; and
performing data communication utilizing the second version of the data communication component and the second communication protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for secure electronic data communication over public communication networks. A secure data communication component may be utilized to implement a communication protocol. New versions of the data communication component may be generated, with each version containing a different communication protocol. Source code of the data communication component may be modified using a polymorph engine to create a functionally-equivalent component having a different code structure. An anti-phishing component may intercept a link in an electronic communication activated by a user, analyze the link and the electronic communication, determine a phishing risk to the user posed by the link, and direct the user to a location indicated by the link or redirect the user to a valid location. A server authentication component may detect and prevent DNS attacks, injections, and defacing activities.
-
Citations
25 Claims
-
1. A method for data communication using a computer device, comprising:
-
determining whether to upgrade a first version of a data communication component, the first version of the data communication component containing a definition of a first communication protocol; connecting to a secure server when it is determined to upgrade the first version of the data communication component; performing an authentication check; receiving a package from the secure server when the authentication check is successful, the package containing at least a second version of the data communication component containing a definition of a second communication protocol; determining whether a digital signature embedded in package is valid; installing the second version of the data communication component when the digital signature is valid; executing the second version of the data communication component; and performing data communication utilizing the second version of the data communication component and the second communication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for generating a second version of a data communication component using a computer device, comprising:
-
generating a pool of random numbers; generating a pool of ciphering keys; modifying source code of a first version of a data communication component using the pool of random numbers; linking a library of equivalent functions; compiling the modified source code; shielding the compiled source code; signing of the shielded compiled source code; and embedding dependencies. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A method for data communication using a computer device, comprising:
-
intercepting data communication when a link embedded in an electronic communication is selected by a user, the link containing at least one target location identifier; determining a type of application used to display the electronic communication; and when the application type is one of an electronic communication reader application or a web browser software application in a web-mail domain; extracting the subject of the electronic communication; extracting the content of the electronic communication; analyzing the electronic communication; analyzing the extracted subject and content; analyzing the selected link; analyzing a human factor of the electronic communication; determining a risk factor based on the analysis of the electronic communication, the analysis of the extracted subject and content, the analysis of the selected link, and the analysis of the human factor; and directing the user to one of the target location identified by the link or a valid location based upon a value of the determined risk factor. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A method for creation of a certificate using a computer device, comprising:
-
receiving a request for certification at a server; performing an external verification; generating the certificate, the generation utilizing at least one requested option; and signing the certificate using a private key, wherein the server is identified by a fully qualified domain name of the server and a TCP/IP address of the server.
-
-
25. A method for using a certificate utilizing a computer device, comprising:
-
querying a server hosting at least one website; launching a call to an internal function to determine a protection of the server; downloading the certificate; using a public key to verify an authenticity of the certificate; extracting at least one certificate field when the certificate is verified as authentic; calculating at least one of a digital signature or a hash code of data received from the server; comparing the at least one certificate field with at least one of the digital signature or the hash code of the received data; and determining whether the website is valid based upon a result of the comparison.
-
Specification