Secure web site authentication using web site characteristics, secure user credentials and private browser

US 8,095,967 B2
Filed: 07/27/2007
Issued: 01/10/2012
Est. Priority Date: 07/27/2006
Status: Active Grant

First Claim

Patent Images

1. A secure process for user access of web sites, comprising:

(a) a user computer;

(b) a web site database for installation on said user computer and for storing respective internet protocol (IP) addresses and corresponding uniform resource locators (URL) for each web site a user has previously established user credentials for secure access;

(c) an agent program for installation on the user computer and providing for retrieval of IP addresses from any web sites said user attempts to access in a standard browser by providing user credentials, and for not allowing said user credentials to be forwarded unless a corresponding and particular IP address retrieved is already known in the web site database as a trusted web site;

(d) a private browser for installation on said user computer, said private browser being incapable of having any browser plug-ins installed therein and controllable only by the agent program, and for solely conducting user sessions with trusted web sites;

wherein, user credentials are only supplied to a trusted web site and only supplied by the private browser and only if the agent program finds a correspondence of the retrieved IP address with information stored in the web site database; and

wherein said private browser, instead of the standard browser, establishes the user sessions with trusted web sites upon supplying said user credentials.

View all claims

22 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure authentication process detects and prevents phishing and pharming attacks for specific web sites. The process is based on a dedicated secure hardware store for user sign-in credentials, a database of information about specific web sites, and a private secure browser. All user web activity is monitored by an agent program. The agent program checks to make sure that user attempts to send any sign-in credentials stored in secure hardware store of user sign-in credentials, to any web site accessed by the user, is allowed only if the IP address of the web site accessed by the user matches at least one of the IP addresses stored web site database associated with the sign-in credential the user is attempting to send. The process also detects mismatches between a URL and the actual IP address of the web site associated with the URL.

Citations

8 Claims

1. A secure process for user access of web sites, comprising:
- (a) a user computer;
  
  (b) a web site database for installation on said user computer and for storing respective internet protocol (IP) addresses and corresponding uniform resource locators (URL) for each web site a user has previously established user credentials for secure access;
  
  (c) an agent program for installation on the user computer and providing for retrieval of IP addresses from any web sites said user attempts to access in a standard browser by providing user credentials, and for not allowing said user credentials to be forwarded unless a corresponding and particular IP address retrieved is already known in the web site database as a trusted web site;
  
  (d) a private browser for installation on said user computer, said private browser being incapable of having any browser plug-ins installed therein and controllable only by the agent program, and for solely conducting user sessions with trusted web sites;
  
  wherein, user credentials are only supplied to a trusted web site and only supplied by the private browser and only if the agent program finds a correspondence of the retrieved IP address with information stored in the web site database; and
  
  wherein said private browser, instead of the standard browser, establishes the user sessions with trusted web sites upon supplying said user credentials.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The process of claim 1 further comprising:
    - a device for storing textual user sign-on credentials associated respectively with said trusted web sites in a password store accessible by said user computer.
  - 3. The process of claim 1 further comprising:
    - a device for storing one or more textual user sign-on credentials associated respectively with said trusted web sites in a password store within a protected digital memory device connectable to said user computer.
  - 4. The process of claim 1 wherein:
    - the web site database is configured to be updated by periodic secure connections of said user computer with a web site database server.
  - 5. The process of claim 1 further comprising:
    - a protected digital memory device connectable to said user computer with textual user sign-on credentials associated respectively with said web sites and configured in a removable password store;
      
      a digital signature for protecting access to said web site database and stored in said protected digital memory device.

6. A secure web site authentication processer (1) for use with a user computer (3) configured to access a variety of web sites (7, 9, 13) over the Internet (5), comprising:
- a user web site database (44) for keeping address information (32) related to trusted web sites (7, 9) that include those for which a user has previously established corresponding user credentials;
  
  a password store (42) for keeping user credentials (34) corresponding to pre-established web site addresses maintained in the user web site database (44);
  
  a standard browser (20) extendable with browser plug-ins (22);
  
  the improvements characterized by;
  
  a private browser (46) characterized by its inability to be extended with browser plug-ins (22), and wherein user sessions (82) are limited to trusted web sites (7, 9); and
  
  an agent program (40) connected to the user computer (3), the browser plug-ins (22), the user web site database (44), the password store (42), and the private browser (46), and having sole control of the private browser (46), wherein user attempts in the standard browser (20) to send user credentials (34) to any web site automatically triggers a retrieval of the IP address and a comparison with those stored in the user web site database (44), and only if a corresponding match is found then the private browser (46) is called upon to supply the corresponding user credentials (34);
  
  wherein the private browser (46), instead of the standard browser (20), is configured to establish a user session (82) with a trusted web site upon acceptance of the supplied corresponding user credentials (34);
  
  wherein, redirected access to malicious and bogus web sites (13) are prevented by not allowing user credentials (34) to be sent to non-corresponding web sites (7, 9, 13).
- View Dependent Claims (7, 8)
- - 7. The secure web site authentication processer (1) of claim 6, wherein the user web site database (44) includes a digital signature (48) which is stored in the password store (42) and configured such that only the user web site database (44) can be accessed when the password store (42) is connected to the user computer (3).
  - 8. The secure web site authentication processer (1) of claim 6, wherein the web site database (44) is configured to be periodically updated over the Internet (5) with new information from a remote web site database server (50).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aura Sub, LLC
Original Assignee
White Sky Incorporated (Aura Sub, LLC)
Inventors
Loesch, William, Fluker, Derek
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Ho, Virginia T

Application Number

US11/881,482
Publication Number

US 20080028444A1
Time in Patent Office

1,628 Days
Field of Search

726/22
US Class Current

726/5
CPC Class Codes

G06F 16/9574   of access to content, e.g. ...

G06F 21/606   by securing the transmissio...

G06F 21/6209   to a single file or object,...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/083   using passwords cryptograph...

H04L 63/126   the source of the received ...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

Secure web site authentication using web site characteristics, secure user credentials and private browser

First Claim

22 Assignments

0 Petitions

Accused Products

Abstract

Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Secure web site authentication using web site characteristics, secure user credentials and private browser

First Claim

22 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links