WEB ELEMENT SPOOFING PREVENTION SYSTEM AND METHOD

US 20130263263A1
Filed: 12/12/2011
Published: 10/03/2013
Est. Priority Date: 12/13/2010
Status: Abandoned Application

First Claim

Patent Images

1. A method of inspecting Web elements for real-time classification and detection of Web elements spoofing attempts, comprising the steps of:

(a) identifying trustworthy Web locations for generating a database of safe zones;

(b) for each inspected element, checking whether or not its top frame URL is included in said database, if it is included, classifying said element as suspected in Web elements location spoofing attempt;

(c) looking for patterns to identify known Web content in said element, if no visual consequences are identified, classifying said element as unknown;

(d) checking whether said known element is in an HTML frame or not, if it is in an HTML frame, classifying said element as unsafe;

(e) checking whether or not the URL of the element points to an expected location for serving its content, if the location is expected, classifying said element as suspected in Web elements location spoofing attempt;

(f) checking whether or not the URL host is an IP address, if it is not an IP address, classifying said element as unsafe;

(g) resolving said IP address to domain name; and

(h) checking whether or not said resolved URL points to an expected location, if the location is expected, classifying said element as safe, otherwise, classifying said element as unsafe.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of inspecting Web elements for real-time classification and detection of Web elements spoofing attempts, according to which trustworthy Web locations are identified for generating a database of safe zones. For each inspected element, it is checked whether or not its top frame URL is included in the database, and if it is included, the element is classified as suspected in Web elements location spoofing attempt.

253 Citations

10 Claims

1. A method of inspecting Web elements for real-time classification and detection of Web elements spoofing attempts, comprising the steps of:
- (a) identifying trustworthy Web locations for generating a database of safe zones;
  
  (b) for each inspected element, checking whether or not its top frame URL is included in said database, if it is included, classifying said element as suspected in Web elements location spoofing attempt;
  
  (c) looking for patterns to identify known Web content in said element, if no visual consequences are identified, classifying said element as unknown;
  
  (d) checking whether said known element is in an HTML frame or not, if it is in an HTML frame, classifying said element as unsafe;
  
  (e) checking whether or not the URL of the element points to an expected location for serving its content, if the location is expected, classifying said element as suspected in Web elements location spoofing attempt;
  
  (f) checking whether or not the URL host is an IP address, if it is not an IP address, classifying said element as unsafe;
  
  (g) resolving said IP address to domain name; and
  
  (h) checking whether or not said resolved URL points to an expected location, if the location is expected, classifying said element as safe, otherwise, classifying said element as unsafe.
- View Dependent Claims (3, 4, 5, 6, 7)
- - 3. The method according to claim 1, wherein the patterns have visual consequences which prevent exact calculation for identifying the Web page, thus said identification is not sensitive to minor content changes and the number of false positives alarms is minimal.
  - 4. The method according to claim 1, wherein the identification of trustworthy Web locations is done by matching the URL of the inspected content against a set of known content location patterns.
  - 5. The method according to claim 1, wherein said method is implemented over client side or over web gateways.
  - 6. The method according to claim 1, wherein Web elements spoofing attacks are detected from sources taken from the group consisting of instant messaging services, social networks, blogs, forums, redirection techniques, links in documents, and links sent by emails.
  - 7. The method according to claim 1, further preventing known content to be loaded in Web frames, thus preventing malicious Web sites from obtaining user'"'"'s private information by using keystroke loggers.

2. A method of inspecting Web traffic elements for real-time classification and detection of Web elements location spoofing attempts, comprising the steps of:
- (a) checking whether or not the URL is an SSL encrypted location, if it is not an SSL encrypted location, resolving the IP address to which the Web browser is accessing to a domain name on a trusted DNS server;
  
  (b) comparing the returned domain name against the domain name in the URL, if the domain name matches the one on said URL, classifying said element as safe, else classifying said element as unsafe;
  
  (c) if the URL is an SSL encrypted location, checking whether or not the SSL certificate is valid, if the SSL certificate is not valid, resolving the IP address to a domain name and jumping to step (b); and
  
  (d) extracting the domain name from the certificate and comparing it against the domain name from the URL, if the domain names are not the same, the content is classified as unsafe, else, resolving the IP address to a domain name and jumping to step (b).
- View Dependent Claims (8, 9, 10)
- - 8. The method according to claim 2, wherein said method is implemented over client side or over web gateways.
  - 9. The method according to claim 2, wherein Web elements spoofing attacks are detected from sources taken from the group consisting of instant messaging services, social networks, blogs, forums, redirection techniques, links in documents, and links sent by emails.
  - 10. The method according to claim 2, further preventing known content to be loaded in Web frames, thus preventing malicious Web sites from obtaining user'"'"'s private information by using keystroke loggers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Comitari Technologies Ltd.
Original Assignee
Comitari Technologies Ltd.
Inventors
Narkolayev, Alecsander, Shahaf, Nir

Application Number

US13/992,899
Publication Number

US 20130263263A1
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/101   Access control lists [ACL]

H04L 63/1483   service impersonation, e.g....

WEB ELEMENT SPOOFING PREVENTION SYSTEM AND METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

253 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

WEB ELEMENT SPOOFING PREVENTION SYSTEM AND METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

253 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others