Piggybacking malicious code blocker

US 8,196,200 B1
Filed: 09/28/2006
Issued: 06/05/2012
Est. Priority Date: 09/28/2006
Status: Active Grant

First Claim

Patent Images

1. A computer system comprising:

a memory having stored therein a piggybacking malicious code blocking application; and

a processor coupled to said memory, wherein execution of said piggybacking malicious code blocking application generates a method comprising;

determining whether a transaction request has occurred during a transaction session, wherein upon a determination that said transaction request has occurred, said method further comprising;

following a determination that a transaction request has been made, the transaction request is intercepted by an http proxy which stalls the transaction request until a determination is made that the transaction request is legitimate, the process for determining whether the transaction request is legitimate comprising;

parsing a first critical value from said transaction request; and

determining whether said first critical value is legitimate;

upon a determination that said first critical value is legitimate, said piggybacking malicious code blocking application further performs;

determining whether said transaction request contains at least one additional critical value to be evaluated as legitimate;

selecting a second critical value upon a determination that said transaction request does contain said at least one additional critical value; and

determining whether said second critical value is legitimate.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes determining whether a transaction request has occurred during a transaction session. Upon a determination that a transaction request has occurred, the method includes parsing critical values from the transaction request and determining whether the critical values are legitimate. If the critical values are found to be suspicious instead of legitimate, the method further includes seeking approval of the transaction request from the user of the host computer system. Upon approval of the transaction request, the transaction request is allowed. Conversely, upon denial of the transaction request, the transaction request is determined to be malicious, and protective action is taken including terminating the transaction request.

Citations

18 Claims

1. A computer system comprising:
- a memory having stored therein a piggybacking malicious code blocking application; and
  
  a processor coupled to said memory, wherein execution of said piggybacking malicious code blocking application generates a method comprising;
  
  determining whether a transaction request has occurred during a transaction session, wherein upon a determination that said transaction request has occurred, said method further comprising;
  
  following a determination that a transaction request has been made, the transaction request is intercepted by an http proxy which stalls the transaction request until a determination is made that the transaction request is legitimate, the process for determining whether the transaction request is legitimate comprising;
  
  parsing a first critical value from said transaction request; and
  
  determining whether said first critical value is legitimate;
  
  upon a determination that said first critical value is legitimate, said piggybacking malicious code blocking application further performs;
  
  determining whether said transaction request contains at least one additional critical value to be evaluated as legitimate;
  
  selecting a second critical value upon a determination that said transaction request does contain said at least one additional critical value; and
  
  determining whether said second critical value is legitimate.

2. A computer-program product comprising a nontransitory computer readable medium containing computer program code stored thereon which when executed by a processor, performs operations comprising:
- a piggybacking malicious code blocking application for determining whether a transaction request has occurred during a transaction session, wherein upon a determination that said transaction request has occurred, said piggybacking malicious code blocking application further for;
  
  following a determination that a transaction request has been made, the transaction request is intercepted by an http proxy which stalls the transaction request until a determination is made that the transaction request is legitimate, the process for determining whether the transaction request is legitimate comprising;
  
  parsing a first critical value from said transaction request; and
  
  determining whether said first critical value is legitimate;
  
  upon a determination that said first critical value is legitimate, said piggybacking malicious code blocking application further performs;
  
  determining whether said transaction request contains at least one additional critical value to be evaluated as legitimate;
  
  selecting a second critical value upon a determination that said transaction request does contain said at least one additional critical value; and
  
  determining whether said second critical value is legitimate.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 3. The computer-program product of claim 2 wherein said piggybacking malicious code blocking application is further for recording user input, said determining whether said first critical value is legitimate comprising determining whether said first critical value matches said user input, wherein upon a match between said first critical value and said user input, a determination is made that said first critical value is legitimate.
  - 4. The computer-program product of claim 3 wherein said piggybacking malicious code blocking application is further for updating a transaction history store with said first critical value upon said determination that said first critical value is legitimate.
  - 5. The computer-program product of claim 2 wherein said determining whether said first critical value is legitimate comprising determining whether said first critical value matches a value in a transaction history store, wherein upon a match between said first critical value and a value in said transaction history store, a determination is made that said first critical value is legitimate.
  - 6. The computer-program product of claim 5 wherein said transaction history store comprises critical values from previous transaction requests.
  - 7. The computer-program product of claim 3 wherein said critical values from previous transaction requests were entered using a keyboard.
  - 8. The computer-program product of claim 2 wherein said determining whether said first critical value is legitimate comprising determining whether said first critical value matches a value in a HTTP request page, wherein upon a match between said first critical value and a value in said HTTP request page, a determination is made that said first critical value is legitimate.
  - 9. The computer-program product of claim 8 wherein said piggybacking malicious code blocking application is further for updating a transaction history store with said first critical value upon said determination that said first critical value is legitimate.
  - 10. The computer-program product of claim 2 wherein upon a determination that said first critical value is not legitimate, said piggybacking malicious code blocking application further for seeking approval of said transaction request.
  - 11. The computer-program product of claim 10 wherein upon approval of said transaction request, said piggybacking malicious code blocking application is further for:
    - updating a transaction history store with said first critical value; and
      
      allowing said transaction request.
  - 12. The computer-program product of claim 10 wherein upon denial of said transaction request, said piggybacking malicious code blocking application is further for taking protective action comprising terminating said transaction request.
  - 13. The computer-program product of claim 2 wherein said piggybacking malicious code blocking application is further for:
    - stalling said transaction request; and
      
      allowing said transaction request upon a determination that said first critical value is legitimate.
  - 14. The computer-program product of claim 2 wherein said piggybacking malicious code blocking application comprises:
    - a HTTP proxy;
      
      a keyboard logger; and
      
      a transaction history store.
  - 15. The computer-program product of claim 2 wherein said piggybacking malicious code blocking application is further for determining whether a URL has been requested, wherein upon a determination that a URL has been requested, said piggybacking malicious code blocking application is further for determining whether said URL is protected.
  - 16. The computer-program product of claim 15 wherein upon a determination that said URL is protected, said piggybacking malicious code blocking application is further for activating user input recording.
  - 17. The computer-program product of claim 16 wherein said determination that said URL is protected indicates that said transaction session is being initiated, said piggybacking malicious code blocking application further for determining whether said transaction session has ended, wherein upon a determination that said transaction session has ended, said piggybacking malicious code blocking application further for deactivating said user input recording.
  - 18. The computer-program product of claim 2 wherein upon a determination that the either of the first or second critical values of the transaction request was not input by the user directly into the transaction request, determining if the transaction request is deemed suspicious, and seeking approval of suspicious request, by asking the user to authenticate the transaction request, if the transaction request has been approved by the user, the suspicious transaction request is deemed legitimate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Yeo, Matthew, Nachenberg, Carey
Primary Examiner(s)
Orgad, Edan
Assistant Examiner(s)
Jackson, Jenise

Application Number

US11/540,821
Time in Patent Office

2,077 Days
Field of Search

726 22- 24, 726/26
US Class Current

726/22
CPC Class Codes

G06F 21/64   Protecting data integrity, ...

G06Q 40/02   Banking, e.g. interest calc...

H04L 63/1466   Active attacks involving in...

H04L 63/168   above the transport layer

Piggybacking malicious code blocker

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Piggybacking malicious code blocker

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links