SYSTEM AND METHOD FOR IDENTIFYING SECURITY BREACH ATTEMPT OF A WEBSITE

US 20130254888A1
Filed: 05/16/2013
Published: 09/26/2013
Est. Priority Date: 09/23/2009
Status: Abandoned Application

First Claim

Patent Images

1. A website security system for detecting security breach attempts associated with a phishing scheme, said system comprising:

a code of a first website;

a first software module, functionally associated with said code, and adapted to detect its own instancement on a server not associated with said first website; and

a server associated with said first website and adapted to provide a client computer with said code and said first software module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.

14 Citations

View as Search Results

8 Claims

1. A website security system for detecting security breach attempts associated with a phishing scheme, said system comprising:
- a code of a first website;
  
  a first software module, functionally associated with said code, and adapted to detect its own instancement on a server not associated with said first website; and
  
  a server associated with said first website and adapted to provide a client computer with said code and said first software module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system according to claim 1, further comprising a file, stored on a server associated with said first website and not part of the code that is sent to a browser when it navigates to said first website;
  - 3. The system according to claim 2, wherein said first software module is further adapted to locate said file every time it is instanced and to determine that it has been instanced on a server, not associated with said first website, when it cannot locate said file.
  - 4. The system according to claim 2, wherein said file is an image.
  - 5. The system according to claim 1, wherein said first software module is further adapted, when it detects its own instancement on a server not associated with said first website, to perform one or more of the actions selected from the group of actions consisting of:
    - (a) sending a warning to said first website proprietor, (b) sending a warning to the supplier of said software module, (c) sending a warning to an investigative body, (d) reporting the IP address of said unassociated server to said first website'"'"'s proprietor (e) reporting the IP address of said unassociated server to the supplier of said software module, (f) reporting the IP address of said unassociated server to an investigative body, (g) reporting further details relating to said instancement to the supplier of said first software module, (h) reporting further details relating to said instancement to said first website'"'"'s proprietor, and (i) reporting further details relating to said instancement to an investigative body.
  - 6. The system according to claim 1, further comprising a second software module, functionally associated with said first website and adapted to scan other websites and to report other websites containing graphics or text patterns similar to those contained in said first website.
  - 7. The system according to claim 6, wherein said second software module is further adapted to target for scanning, websites selected from the group of websites consisting of:
    - (a) websites with new domain names, (b) websites with domain names that have recently changed ownership, and (c) websites with domain names similar to said first website'"'"'s domain name.
  - 8. The system according to claim 1, further comprising a second software module, functionally associated with said first website and adapted to scan emails and to report emails masquerading as an email being sent by the proprietor of said first web site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
Versafe Ltd. (F5 Incorporated)
Inventors
AMIR, Idan, Gruner, Eyal, Zilber, Boaz

Application Number

US13/895,386
Publication Number

US 20130254888A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

SYSTEM AND METHOD FOR IDENTIFYING SECURITY BREACH ATTEMPT OF A WEBSITE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR IDENTIFYING SECURITY BREACH ATTEMPT OF A WEBSITE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links