Method, computer software, and system for providing end to end security protection of an online transaction

US 8,156,552 B2
Filed: 02/11/2008
Issued: 04/10/2012
Est. Priority Date: 08/30/2002
Status: Expired due to Term

First Claim

Patent Images

1. A non-transitory computer-readable medium storing program instructions executable on a computing device to:

at the point of entry into a transaction over a wide-area network via a first website, run a malicious code detection program, wherein running the malicious code detection program includes;

executing a plurality of routines;

using results of the plurality of routines to detect whether malicious code is executing on the computing device;

repeatedly re-run the malicious code detection program during the transaction, wherein each re-running of the malicious code detection include re-executing the plurality of routines; and

upon malicious code being detected by the malicious code detection program, provide an indication to a user of the computing device that malicious code has been detected.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for implementing an online transaction security product includes downloading an online transaction security product program from a web site to an information handling system. The security product program includes an anti-malicious code program configured to detect malicious code on the information handling system. Lastly, the security product program is executed, wherein the anti-malicious code program of the security product program operates to detect malicious code on the information handling system.

57 Citations

View as Search Results

20 Claims

1. A non-transitory computer-readable medium storing program instructions executable on a computing device to:
- at the point of entry into a transaction over a wide-area network via a first website, run a malicious code detection program, wherein running the malicious code detection program includes;
  
  executing a plurality of routines;
  
  using results of the plurality of routines to detect whether malicious code is executing on the computing device;
  
  repeatedly re-run the malicious code detection program during the transaction, wherein each re-running of the malicious code detection include re-executing the plurality of routines; and
  
  upon malicious code being detected by the malicious code detection program, provide an indication to a user of the computing device that malicious code has been detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the malicious code detection program is executable within a browser application as a plug-in, and wherein the transaction is an Internet-based banking transaction.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the program instructions are executable to discontinue the transaction upon detecting malicious code executing on the computing device.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the program instructions are executable to disable or quarantine the malicious code that is detected, and then continue the transaction.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the point of entry into the transaction is prior to a login sequence to the first website.
  - 6. The non-transitory computer-readable medium of claim 1, wherein the point of entry into the transaction is immediately after entry of a login sequence to the first website.
  - 7. The non-transitory computer-readable medium of claim 1, wherein the program instructions are executable to continue the transaction after prompting the user to change login information associated with the first website and receiving the changed login information.
  - 8. The non-transitory computer-readable medium of claim 1, wherein the malicious code detection program is executable to determine, for one of a plurality of programs executing on the computing device, a first composite score indicative of code characteristics and/or behaviors typically associated with valid code, and a second composite score indicative of code characteristics and/or behaviors typically associated with malicious code.
  - 9. The non-transitory computer-readable medium of claim 8, wherein the first composite score is calculated based on weighted output values of a first plurality of valid code detection routines, and wherein the second composite score is calculated based on weighted output values of a second plurality of malicious code detection routines, and wherein the program instructions are executable to determine whether to continue the transaction based on at least one of the first and second composite scores.
  - 10. The non-transitory computer-readable medium of claim 1, wherein the malicious code detection program is executable to analyze one of a plurality of programs running on the computing device to determine whether the analyzed program is malicious.

11. A non-transitory computer-readable medium storing program instructions executable on a computing device to facilitate performing a transaction via a first website to:
- repeatedly re-run a malicious code detection program throughout the duration of the online transaction, wherein re-running the malicious code detection program includes;
  
  executing a plurality of routines;
  
  using results of the plurality of routines to determine whether malicious code is running on the computing device; and
  
  upon the malicious code detection program determining that malicious code is running on the computing device, terminate the online transaction.
- View Dependent Claims (12, 13, 14)
- - 12. The non-transitory computer-readable medium of claim 11, wherein the online transaction is an Internet-based banking transaction to facilitate performing the first website.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the program instructions are executable to determine whether malicious code is running on the computing device by:
    - calculating, for each active program running on the computing device, a first composite score indicative of the likelihood of the active program being valid code and a second composite score indicative of the likelihood of the active program being malicious code; and
      
      using the first and second composite scores for each active program to determine whether that program is malicious code.
  - 14. The non-transitory computer-readable medium of claim 11, wherein the malicious code detection program is executable to analyze one of a plurality of programs running on the computing device to determine whether the analyzed program is malicious.

15. A non-transitory computer-readable medium storing program instructions executable on a computing device to facilitate performing a transaction via a first website to:
- repeatedly re-run a malicious code detection program during the online transaction, wherein re-running the malicious code detection program includes;
  
  executing a plurality of routines;
  
  using results of the plurality of routines to determine whether malicious code is running on the computing device; and
  
  upon the malicious code detection program determining that malicious code is running on the computing device, suspend the online transaction until the malicious code is disabled.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the program instructions are executable to disable malicious code by quarantining the malicious code.
  - 17. The non-transitory computer-readable medium of claim 15, wherein the malicious code detection program is executable within a browser application as a plug-in to disable the malicious code at least during the duration of the online transaction.
  - 18. The non-transitory computer-readable medium of claim 15, wherein the malicious code detection program is executable to calculate, for programs running on the computing device, valid scores and malicious scores indicative of valid and malicious characteristics and/or behaviors, respectively, and wherein the program instructions are executable to determine whether to suspend the online transaction based on at least one of the calculated valid and malicious scores.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the program instructions are executable to receive the plurality of routines from a server at the point of entry into or during the online transaction.
  - 20. The non-transitory computer-readable medium of claim 15, wherein the plurality of routines include a first set of routines executable to determine whether active programs on the computing device possess characteristics and/or behaviors indicative of valid code, and wherein the plurality of routines include a second set of routines executable to determine whether active programs on the computing device possess characteristics and/or behaviors indicative of malicious code, and wherein the program instructions are executable to determine whether to suspend the online transaction based on results of at least one of the first and second sets of routines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Symantec Corporation (NortonLifeLock Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Alagna, Michael Tony, Obrecht, Mark, Payne, Andy, Norwood, Peter
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Almamun, Abdullah

Application Number

US12/029,098
Publication Number

US 20080209561A1
Time in Patent Office

1,520 Days
Field of Search

726 22- 25, 713/164, 713/187, 713/188, 705/51, 705/52
US Class Current

726/22
CPC Class Codes

G06F 21/554   involving event detection a...

G06F 21/566   Dynamic detection, i.e. det...

G06Q 20/40   Authorisation, e.g. identif...

Method, computer software, and system for providing end to end security protection of an online transaction

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

57 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method, computer software, and system for providing end to end security protection of an online transaction

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

57 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links