METHODS AND APPARATUS FOR PREVENTING CRIMEWARE ATTACKS

US 20120284506A1
Filed: 05/25/2012
Published: 11/08/2012
Est. Priority Date: 04/30/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method in a server including a processor and memory, the method comprising:

establishing in the processor a first communication session with a first electronic device;

receiving in the processor from the first electronic device a secure browsing request;

based upon information included in the secure browsing request, locating in the processor a third-party electronic device hosting on a network a third-party application that fulfills the secure browsing request;

establishing in the processor a second communication session with the third-party electronic device; and

establishing in the processor a third communication session between the first electronic device and the third-party electronic device wherein the third communication session enables data generated from the third party application to be received by the first electronic device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central server configured to mediate communications including establishing secure online sessions between user-controlled devices and 3^rdparty devices, such as a 3^rdparty device hosting a financial site. The methods and apparatus used to instantiate and carry out the mediated communications can be designed to thwart crimeware. To enable communications between the user-controlled devices and the 3^rdparty devices, the central server can be configured to instantiate a first secure communication session between the central server and the user-controlled device and a second secure communication session between the central server and the 3^rdparty device. If desired, separate encryption keys can be used for the first communication session and the second communication session where only the central server possesses the encryption keys for both the first communication session and the second communication session. Optionally, after the communications are established between the devices, the server can withdraw from the communications.

82 Citations

View as Search Results

22 Claims

1. A method in a server including a processor and memory, the method comprising:
- establishing in the processor a first communication session with a first electronic device;
  
  receiving in the processor from the first electronic device a secure browsing request;
  
  based upon information included in the secure browsing request, locating in the processor a third-party electronic device hosting on a network a third-party application that fulfills the secure browsing request;
  
  establishing in the processor a second communication session with the third-party electronic device; and
  
  establishing in the processor a third communication session between the first electronic device and the third-party electronic device wherein the third communication session enables data generated from the third party application to be received by the first electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The method of claim 1, wherein data generated from the third party application includes instructions that enable a web-page to be generated and output using a web-browser executing on the first electronic device.
  - 3. The method of claim 2, wherein the third communication session is established and maintained without revealing an identity of a user of the first electronic device or identification information associated with the first electronic device allowing the user to view the web-page anonymously on the first electronic device.
  - 4. The method of claim 1, wherein the secure browsing request includes a name of the third-party and wherein the third-party electronic device is located using the name of the third-party.
  - 5. The method of claim 4, wherein the secure browsing request further includes a requested service and wherein the third-party electronic device is located using the name of the third-party and the requested service.
  - 6. The method of claim 4, wherein the name of the third-party is used to determine a web address associated with third-party and wherein the second communication session is established using the web-address.
  - 7. The method of claim 1, further comprising:
    - determining a symmetric encryption key to use for encrypting data in the first communication session.
  - 8. The method of claim 7, wherein the symmetric encryption key is determined using a transport layer security (TLS) handshake between the first electronic device and the server.
  - 9. The method of claim 7, further comprising:
    - sending a message including the symmetric encryption key to the third-party electronic device wherein the third communication session includes direct communications between the first electronic device and the third-party electronic device using the symmetric encryption key such that the server is by-passed.
  - 10. The method of claim 1, further comprising:
    - determining a symmetric encryption key to use for encrypting data in the second communication session.
  - 11. The method of claim 10, wherein the symmetric encryption key is determined using a TLS handshake between the third-party electronic device and the server.
  - 12. The method of claim 11, further comprising:
    - sending a message including the symmetric encryption key to the first electronic device wherein the third communication session includes direct communications between the first electronic device and the third-party electronic device using the symmetric encryption key such that the server is by-passed.
  - 13. The method of claim 1, further comprising:
    - determining a first symmetric encryption key to use for encrypting data in the first communication session sent between the first electronic device and server and determining a second symmetric encryption key to use for encrypting data in the second communication session sent between the first server and the third-party electronic device.
  - 14. The method of claim 13, further comprising:
    - receiving in the server the third-party application data that is encrypted with the second symmetric encryption key, decrypting the encrypted third-party application data with the second symmetric encryption key, encrypting the third party application data with the first symmetric encryption key and sending the third-party application data encrypted with the first symmetric encryption key to the first electronic device.
  - 15. The method of claim 14, wherein the third-party application is used to generate a web-page on the first electronic device.
  - 16. The method of claim 13, further comprising:
    - receiving in the server a message including input data for the third-party application from the first electronic device wherein the input data is encrypted using the first symmetric encryption key, decrypting the input data using the first symmetric encryption key, encrypting the input data using the second symmetric encryption key and sending the input data encrypted using the second symmetric key to the third-party electronic device.
  - 17. The method of claim 16, wherein the input data includes a user name and a password used to grant access to features of the third-party application.
  - 18. The method of claim 13, wherein only the server possess knowledge of both the first symmetric encryption key and the second symmetric encryption key.
  - 19. The method of claim 1, further comprising:
    - receiving a login request from the first electronic device, sending a challenge vector to the first electronic device, receiving a response to the challenge vector from the first electronic device and when the response to the challenge vector is correct, sending a login display message to the first electronic device.
  - 20. The method of claim 19, wherein the challenge vector includes information used by the first electronic device to retrieve one or more random bits previously hidden in a persistent memory on the first electronic device.
  - 21. The method of claim 19, prior to receiving the login request, sending first random information, a global unique ID and instructions for hiding the first random information in a persistent memory associated with the first electronic device.

22. A computer readable storage medium including computer program code for execution by a processor to establish a secure online browsing session, said computer readable storage medium comprising:
- computer code for establishing in the processor a first communication session with a first electronic device;
  
  computer code for receiving in the processor from the first electronic device a secure browsing request;
  
  computer code for, based upon information included in the secure browsing request, locating in the processor a third-party electronic device on a network hosting a third-party application that fulfills the secure browsing request;
  
  computer code for establishing in the processor a second communication session with the third-party electronic device; and
  
  computer code for establishing in the processor a third communication session between the first electronic device and the third-party electronic device wherein the third communication session enables data generated from the third party application to be received by the first electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Central, Inc.
Original Assignee
T-Central, Inc.
Inventors
KRAVITZ, David W., GRAHAM, Donald H. III, BOUDETT, Josselyn

Application Number

US13/481,553
Publication Number

US 20120284506A1
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

G06Q 40/00   Finance; Insurance; Tax str...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/166   at the transport layer

METHODS AND APPARATUS FOR PREVENTING CRIMEWARE ATTACKS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS FOR PREVENTING CRIMEWARE ATTACKS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links