Systems and methods for preventing unauthorized modification of network resources

US 8,627,407 B1
Filed: 06/27/2008
Issued: 01/07/2014
Est. Priority Date: 06/27/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for preventing modification of network resources in the absence of a user'"'"'s consent, at least a portion of the method being performed by a client device comprising at least one processor, the method comprising:

identifying an attempt by the client device to modify a local network resource at least in part by;

detecting content received from an intranet indicating that the content originated from the local network resource;

determining, at the client device, that the content received from the local network resource may facilitate modification of at least one setting of the network resource by determining that the content received from the local network resource facilitates user input via a web-based form;

in response to the determination that the content received from the local network resource may facilitate modification of at least one setting of the local network resource, determining, at the client device, whether the attempt by the client device to modify the local network resource represents an unauthorized attempt to modify the local network resource without the consent of a user of the client device at least in part by;

embedding, at the client device, a human-verification test within the content received from the local network resource;

administering the human-verification test at the client device;

determining, at the client device based on the outcome of the human-verification test, whether to prevent modification of the local network resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for preventing modification of network resources in the absence of a user'"'"'s consent is disclosed. The method may comprise: 1) identifying an attempt to modify a network resource, 2) administering a human-verification test, and 3) determining, based on the outcome of the human-verification test, whether to prevent modification of the network resource. In addition, a computer-implemented method for preventing unauthorized communication with network resources may comprise: 1) identifying a communication attempt between a network resource and an untrusted resource, 2) determining whether communication between the network resource and the untrusted resource is authorized, and 3) determining, based on whether communication between the network resource and the untrusted resource is authorized, whether to allow communication between the network resource and the untrusted resource. Corresponding systems and computer-readable media are also disclosed.

28 Citations

View as Search Results

11 Claims

1. A computer-implemented method for preventing modification of network resources in the absence of a user'"'"'s consent, at least a portion of the method being performed by a client device comprising at least one processor, the method comprising:
- identifying an attempt by the client device to modify a local network resource at least in part by;
  
  detecting content received from an intranet indicating that the content originated from the local network resource;
  
  determining, at the client device, that the content received from the local network resource may facilitate modification of at least one setting of the network resource by determining that the content received from the local network resource facilitates user input via a web-based form;
  
  in response to the determination that the content received from the local network resource may facilitate modification of at least one setting of the local network resource, determining, at the client device, whether the attempt by the client device to modify the local network resource represents an unauthorized attempt to modify the local network resource without the consent of a user of the client device at least in part by;
  
  embedding, at the client device, a human-verification test within the content received from the local network resource;
  
  administering the human-verification test at the client device;
  
  determining, at the client device based on the outcome of the human-verification test, whether to prevent modification of the local network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein identifying the content received from the local network resource comprises at least one of:
    - identifying content received from an intranet zone;
      
      identifying content received from an intranet IP address.
  - 3. The method of claim 1, wherein the local network resource comprises at least one of:
    - a networked device within a local area network of the client device;
      
      a network service within a local area network of the client device.
  - 4. The method of claim 3, wherein the networked device comprises a router within a local area network of the client device.
  - 5. The method of claim 1, wherein administering the human-verification test comprises:
    - administering a Turing test;
      
      administering a CAPTCHA.
  - 6. The method of claim 1, wherein administering the human-verification test at the client device comprises embedding the human-verification test within a web browser of the client device.
  - 7. The method of claim 1, wherein determining whether to prevent modification of the local network resource comprises:
    - preventing modification of the local network resource if a response to the human-verification test is not provided;
      
      preventing modification of the local network resource if an incorrect response to the human-verification test is provided;
      
      allowing modification of the local network resource if a correct response to the human-verification test is provided.
  - 8. The method of claim 7, wherein preventing modification of the local network resource comprises preventing submission of data to the local network resource.
  - 9. The method of claim 7, further comprising transmitting a notification that indicates the outcome of the human-verification test.

10. A system for preventing unauthorized modification of network resources, the system comprising:
- a client device, the client device comprising at least one processor configured to execute at least one module programmed to;
  
  identify an attempt by the client device to modify a local network resource at least in part by;
  
  detecting content received from an intranet indicating that the content originated from the local network resource;
  
  determining, at the client device, that the content received from the local network resource may facilitate modification of at least one setting of the network resource by determining that the content received from the local resource facilitates user input via a web-based form;
  
  in response to the determination that the content received from the local network resource may facilitate modification of at least one setting of the local network resource, determining, at the client device, whether the attempt by the client device to modify the local network resource represents an unauthorized attempt to modify the local network resource without the consent of a user of the client device at least in part by;
  
  embedding, at the client device, a human-verification test within the content received from the local network resource;
  
  administering the human-verification test at the client device;
  
  determine, at the client device based on the outcome of the human-verification test, whether to prevent the client device from modifying the local network resource.
- View Dependent Claims (11)
- - 11. The system of claim 10, wherein the local network resource comprises at least one module programmed to:
    - identify a communication attempt between the client device and the local network resource;
      
      determine whether communication between the client device and the local network resource is authorized;
      
      determine, based on whether communication between the client device and the local network resource is authorized, whether to allow communication between the client device and the local network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Satish, Sourabh, Doshi, Nishant
Primary Examiner(s)
Schwartz, Darren B
Assistant Examiner(s)
Gyorfi, Thomas

Application Number

US12/147,642
Time in Patent Office

2,020 Days
Field of Search

726/2, 726/5, 726/28, 709/229
US Class Current

726/2
CPC Class Codes

G06F 21/31   User authentication

G06F 21/36   by graphic or iconic repres...

G06F 2221/2133   Verifying human interaction...

H04L 41/28   Restricting access to netwo...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Systems and methods for preventing unauthorized modification of network resources

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preventing unauthorized modification of network resources

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links