DEVICES, SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR PREVENTING PASSWORD LEAKAGE IN PHISHING ATTACKS

US 20190327268A1
Filed: 04/01/2019
Published: 10/24/2019
Est. Priority Date: 05/26/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

requesting, by a web browser, a webpage of a website over a computer network;

waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser;

waiting for an event on the loaded webpage;

identifying forms on the loaded webpage having fields associated with user credentials;

adding, to the identified forms, at least one of;

an input event listener to at least one of the identified fields, anda click event listener to at least one button or link belonging to the identified forms;

capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener;

generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials;

storing the generated hashes in a memory, andpreventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method of preventing leakage of user credentials to phishing websites may comprise capturing user credentials input to website; updating a stored list of trusted website credentials upon determining that the domain of the URL of the website is present in a stored list of trusted websites; generating a hash of the captured user credentials; determining whether the hashed user credentials matches one of the hashed user credentials in the list of trusted website credentials; and when a match is found, requesting input whether the website is trusted or whether the website is unknown and/or untrusted; sending the URL to a remote computer server when the input indicates that the website is unknown and/or untrusted and disallowing submission of the user credentials to the website; adding the domain of the URL to the stored list of trusted websites, adding the generated hash of the captured user credentials to a stored list of trusted website credentials and allowing submission of the user credentials to the website.

1 Citation

20 Claims

1. A computer-implemented method, comprising:
- requesting, by a web browser, a webpage of a website over a computer network;
  
  waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser;
  
  waiting for an event on the loaded webpage;
  
  identifying forms on the loaded webpage having fields associated with user credentials;
  
  adding, to the identified forms, at least one of;
  
  an input event listener to at least one of the identified fields, anda click event listener to at least one button or link belonging to the identified forms;
  
  capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener;
  
  generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials;
  
  storing the generated hashes in a memory, andpreventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein waiting for the requested webpage to be loaded comprises waiting for a Document Object Model (DOM) tree of the webpage of the website to reach an idle state.
  - 3. The computer-implemented method of claim 1, wherein waiting for an event further comprises waiting for a DOM event and a DOM mutation.
  - 4. The computer-implemented method of claim 1, wherein storing comprises storing the generated hashes in a First-In-First Out (FIFO) queue of a predetermined depth.
  - 5. The computer-implemented method of claim 1 further comprising, for each trusted website, storing the generated hashes in a First-In-First Out (FIFO) queue that is associated with the trusted website.
  - 6. The computer-implemented method of claim 1, further comprising:
    - updating a stored list of trusted websites hashed credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which captured user credentials were input is present in a stored list of trusted websites.
  - 7. The computer-implemented method of claim 1, further comprising, when the requested input indicates that the website is unknown and/or untrusted:
    - sending the URL of the website to a remote computer server over a computer network, anddisallowing submission of the user credentials to the website; and
  - 8. The computer-implemented method of claim 1, further comprising, when the requested input indicates that the website is trusted:
    - adding the domain of the URL of the website to the stored list of trusted websites,adding the generated hashes of the captured user credentials to a stored list of trusted websites hashed credentials, andallowing the user credentials to be submitted to the website.
  - 9. The computer-implemented method of claim 1, further comprising receiving updates to the list of trusted websites from the remote computer server.
  - 10. The computer-implemented method of claim 1, wherein preventing leakage of user credentials by phishing websites is performed by a web browser plug-in.

11. A computing device comprising:
- at least one processor;
  
  at least one data storage device coupled to the at least one processor;
  
  a network interface coupled to the at least one processor and to a computer network;
  
  a plurality of processes spawned by said at least one processor, the processes including processing logic for;
  
  requesting a webpage of a website over a computer network;
  
  waiting for the requested webpage and all of the resources of the requested webpage to be loaded in the web browser;
  
  waiting for an event on the loaded webpage;
  
  identifying forms on the loaded webpage having fields associated with user credentials;
  
  adding, to the identified forms, at least one of;
  
  an input event listener to at least one of the identified fields, anda click event listener to at least one button or link belonging to the identified forms;
  
  capturing user credentials input to at least one of the forms using the input event listener and/or the click event listener;
  
  generating hashes of the captured user credentials by applying a key-stretching algorithm using a cryptographic salt to the captured user credentials;
  
  storing the generated hashes in a memory, andpreventing leakage of user credentials to phishing websites by comparing the generated hashes stored in the memory with entries of a list of trusted websites hashed credentials and by requesting and acting upon input indicative of whether the website is trusted or whether the website is unknown and/or untrusted.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computing device of claim 11, wherein the processing logic for waiting for the requested webpage to be loaded comprises processing logic for waiting for a Document Object Model (DOM) tree of the webpage of the website to reach an idle state.
  - 13. The computing device of claim 11, wherein waiting for an event further comprises waiting for a DOM event and a DOM mutation.
  - 14. The computing device of claim 11, wherein the processing logic for storing comprises the processing logic for storing the generated hashes in a First-In-First Out (FIFO) queue of a predetermined depth.
  - 15. The computing device of claim 11, further comprising processing logic, for each trusted website, for storing the generated hashes in a First-In-First Out (FIFO) queue that is associated with the trusted website.
  - 16. The computing device of claim 11, further comprising processing logic for:
    - updating a stored list of trusted websites hashed credentials upon determining that the domain of a Uniform Resource Locator (URL) of the website to which captured user credentials were input is present in a stored list of trusted websites.
  - 17. The computing device of claim 11, further comprising processing logic for, when the requested input indicates that the website is unknown and/or untrusted:
    - sending the URL of the website to a remote computer server over a computer network, anddisallowing submission of the user credentials to the website; and
  - 18. The computing device of claim 11, further comprising processing logic for, when the requested input indicates that the website is trusted:
    - adding the domain of the URL of the website to the stored list of trusted websites,adding the generated hashes of the captured user credentials to a stored list of trusted websites hashed credentials, andallowing the user credentials to be submitted to the website.
  - 19. The computing device of claim 11, further comprising processing logic for receiving updates to the list of trusted websites from the remote computer server.
  - 20. The computing device of claim 11, wherein the processing logic for preventing leakage of user credentials by phishing websites is configured as a web browser plug-in.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
VADE USA Incorporated
Original Assignee
VADE Secure Incorporated
Inventors
GOUTAL, Sebastien, HONORE, Antoine

Granted Patent

US 10,673,896 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/06   for supporting key manageme...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/1483   service impersonation, e.g....

H04L 9/3236   using cryptographic hash fu...

H04L 9/3239   involving non-keyed hash fu...

DEVICES, SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR PREVENTING PASSWORD LEAKAGE IN PHISHING ATTACKS

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

1 Citation

20 Claims

Specification

Use Cases

Quick Links

Others

DEVICES, SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR PREVENTING PASSWORD LEAKAGE IN PHISHING ATTACKS

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1 Citation

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others