Protection against impersonation attacks
First Claim
Patent Images
1. A computing method, comprising:
- running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, wherein general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, wherein in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, the first operating environment including an operating system and the second operating environment including an operating system separate from the operating system of the first operating environment, wherein the first operating environment does not interact with the server in the protected communication session;
detecting by a program running in the second operating environment an illegitimate communication session in the first operating environment that interacts with the first operating environment, including detecting via pattern recognition an impersonation attack that imitates at least a portion of characteristic elements of the protected communication session in the first operating environment to imitate the protected communication session in the first operating environment, wherein the characteristic elements include graphical user interface (GUI) features associated with the protected communication session that are not expected to be used in the first operating environment; and
automatically inhibiting the detected impersonation attack.
3 Assignments
0 Petitions
Accused Products
Abstract
A computing method includes running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment. A program running in the second operating environment detects an attempt to imitate the protected communication session made by an illegitimate communication session that interacts with the first operating environment. The detected attempt is inhibited automatically.
75 Citations
33 Claims
-
1. A computing method, comprising:
-
running on a user computer a first operating environment for performing general-purpose operations and a second operating environment, which is configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, wherein general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, wherein in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, the first operating environment including an operating system and the second operating environment including an operating system separate from the operating system of the first operating environment, wherein the first operating environment does not interact with the server in the protected communication session; detecting by a program running in the second operating environment an illegitimate communication session in the first operating environment that interacts with the first operating environment, including detecting via pattern recognition an impersonation attack that imitates at least a portion of characteristic elements of the protected communication session in the first operating environment to imitate the protected communication session in the first operating environment, wherein the characteristic elements include graphical user interface (GUI) features associated with the protected communication session that are not expected to be used in the first operating environment; and automatically inhibiting the detected impersonation attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A user computer, comprising:
-
an interface, which is operative to communicate with a server over a communication network; and a hardware processor, which is coupled to run a first operating environment, which is configured to perform general-purpose operations, and a second operating environment, which is configured expressly for interacting with the server in a protected communication session and is isolated from the first operating environment, wherein general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, wherein in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, the first operating environment including an operating system and the second operating environment including an operating system separate from the operating system of the first operating environment, wherein the first operating environment does not interact with the server in the protected communication session, wherein the second operating environment is further configured to detect an illegitimate communication session in the first operating environment that interacts with the first operating environment, including detecting via pattern recognition an impersonation attack that imitates at least a portion of characteristic elements of the protected communication session in the first operating environment to imitate the protected communication session in the first operating environment, wherein the characteristic elements include graphical user interface (GUI) features associated with the protected communication session that are not expected to be used in the first operating environment, and to automatically inhibit the detected impersonation attack. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer software product for use in a user computer, the computer software product comprising a non-transitory computer-readable storage medium, storing executable program instructions, which instructions, when executed by the user computer, cause the user computer to perform the operations of:
communicating with a server over a communication network, to run a first operating environment for performing general-purpose operations, to run a second operating environment, which is configured expressly for interacting with the server in a communication session and is isolated from the first operating environment, wherein general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, wherein in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, the first operating environment including an operating system and the second operating environment including an operating system separate from the operating system of the first operating environment, wherein the first operating environment does not interact with the server in the protected communication session, detecting by a program running in the second operating environment an illegitimate communication session in the first operating environment that interacts with the first operating environment, including detecting via pattern recognition an impersonation attack that imitates at least a portion of characteristic elements of the protected communication session in the first operating environment to imitate the protected communication session in the first operating environment, wherein the characteristic elements include graphical user interface (GUI) features associated with the protected communication session that are not expected to be used in the first operating environment, and automatically inhibiting the detected impersonation attack.
Specification