Secure web site authentication using web site characteristics, secure user credentials and private browser
First Claim
1. A secure process for user access of web sites, comprising:
- (a) a user computer;
(b) a web site database for installation on said user computer and for storing respective internet protocol (IP) addresses and corresponding uniform resource locators (URL) for each web site a user has previously established user credentials for secure access;
(c) an agent program for installation on the user computer and providing for retrieval of IP addresses from any web sites said user attempts to access in a standard browser by providing user credentials, and for not allowing said user credentials to be forwarded unless a corresponding and particular IP address retrieved is already known in the web site database as a trusted web site;
(d) a private browser for installation on said user computer, said private browser being incapable of having any browser plug-ins installed therein and controllable only by the agent program, and for solely conducting user sessions with trusted web sites;
wherein, user credentials are only supplied to a trusted web site and only supplied by the private browser and only if the agent program finds a correspondence of the retrieved IP address with information stored in the web site database; and
wherein said private browser, instead of the standard browser, establishes the user sessions with trusted web sites upon supplying said user credentials.
22 Assignments
0 Petitions
Accused Products
Abstract
A secure authentication process detects and prevents phishing and pharming attacks for specific web sites. The process is based on a dedicated secure hardware store for user sign-in credentials, a database of information about specific web sites, and a private secure browser. All user web activity is monitored by an agent program. The agent program checks to make sure that user attempts to send any sign-in credentials stored in secure hardware store of user sign-in credentials, to any web site accessed by the user, is allowed only if the IP address of the web site accessed by the user matches at least one of the IP addresses stored web site database associated with the sign-in credential the user is attempting to send. The process also detects mismatches between a URL and the actual IP address of the web site associated with the URL.
-
Citations
8 Claims
-
1. A secure process for user access of web sites, comprising:
-
(a) a user computer; (b) a web site database for installation on said user computer and for storing respective internet protocol (IP) addresses and corresponding uniform resource locators (URL) for each web site a user has previously established user credentials for secure access; (c) an agent program for installation on the user computer and providing for retrieval of IP addresses from any web sites said user attempts to access in a standard browser by providing user credentials, and for not allowing said user credentials to be forwarded unless a corresponding and particular IP address retrieved is already known in the web site database as a trusted web site; (d) a private browser for installation on said user computer, said private browser being incapable of having any browser plug-ins installed therein and controllable only by the agent program, and for solely conducting user sessions with trusted web sites; wherein, user credentials are only supplied to a trusted web site and only supplied by the private browser and only if the agent program finds a correspondence of the retrieved IP address with information stored in the web site database; and wherein said private browser, instead of the standard browser, establishes the user sessions with trusted web sites upon supplying said user credentials. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A secure web site authentication processer (1) for use with a user computer (3) configured to access a variety of web sites (7, 9, 13) over the Internet (5), comprising:
-
a user web site database (44) for keeping address information (32) related to trusted web sites (7, 9) that include those for which a user has previously established corresponding user credentials; a password store (42) for keeping user credentials (34) corresponding to pre-established web site addresses maintained in the user web site database (44); a standard browser (20) extendable with browser plug-ins (22); the improvements characterized by; a private browser (46) characterized by its inability to be extended with browser plug-ins (22), and wherein user sessions (82) are limited to trusted web sites (7, 9); and an agent program (40) connected to the user computer (3), the browser plug-ins (22), the user web site database (44), the password store (42), and the private browser (46), and having sole control of the private browser (46), wherein user attempts in the standard browser (20) to send user credentials (34) to any web site automatically triggers a retrieval of the IP address and a comparison with those stored in the user web site database (44), and only if a corresponding match is found then the private browser (46) is called upon to supply the corresponding user credentials (34); wherein the private browser (46), instead of the standard browser (20), is configured to establish a user session (82) with a trusted web site upon acceptance of the supplied corresponding user credentials (34); wherein, redirected access to malicious and bogus web sites (13) are prevented by not allowing user credentials (34) to be sent to non-corresponding web sites (7, 9, 13). - View Dependent Claims (7, 8)
-
Specification