Interactive phishing detection (IPD)

US 8,650,614 B2
Filed: 04/01/2010
Issued: 02/11/2014
Est. Priority Date: 05/29/2009
Status: Active Grant

First Claim

Patent Images

1. A system for use with a client device comprising a user interface element and a verification engine configured to authenticate the client device to the system in response to a user initiation, the system comprising:

a server processor configured to;

generate, at the server, a visually verifiable visual indicator;

transmit the visual indicator from the server to the client device for display on the user interface element in response to a successful authentication of the client device by the server processor; and

display the same visual indicator on a website by the server, wherein the website display of the visual indicator is distinct from the display, on the user interface element, of the visual indicator transmitted to the client device, for visual comparison, by a user, of the website-displayed visual indicator with the user interface-displayed visual indicator for user verification of authenticity of a software application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for use with a client device and a server provide interactive phishing detection at the initiation of the user. Detection of phishing is based on the user'"'"'s comparison of a visual indicator sent from the server to the client device with a another identical looking visual indicator displayed, for example, on a trusted website. Several security measures may be employed such as changing the visual indicator periodically, generating the visual indicator in a random manner, and authenticating the client device to the server before the server will transmit the visual indicator to the client device. User comparison of the website-displayed visual indicator with the user'"'"'s client device user interface-displayed visual indicator may facilitate user verification of authenticity of a software application.

Citations

20 Claims

1. A system for use with a client device comprising a user interface element and a verification engine configured to authenticate the client device to the system in response to a user initiation, the system comprising:
- a server processor configured to;
  
  generate, at the server, a visually verifiable visual indicator;
  
  transmit the visual indicator from the server to the client device for display on the user interface element in response to a successful authentication of the client device by the server processor; and
  
  display the same visual indicator on a website by the server, wherein the website display of the visual indicator is distinct from the display, on the user interface element, of the visual indicator transmitted to the client device, for visual comparison, by a user, of the website-displayed visual indicator with the user interface-displayed visual indicator for user verification of authenticity of a software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, wherein:
    - the server processor sends a response to the client device only after an authentication of the client device by the server processor.
  - 3. The system of claim 1, wherein:
    - the server processor randomly generates the visually verifiable visual indicator.
  - 4. The system of claim 1, wherein:
    - the server processor changes the visually verifiable visual indicator periodically.
  - 5. The system of claim 1, wherein:
    - the visual indicator comprises color, shape, or text.
  - 6. The system of claim 1, wherein:
    - the software application is authenticated if a predetermined combination of attributes of the visual indicator are correct.
  - 7. The system of claim 1, wherein:
    - the visual indicator is available at a trusted source site for a matching comparison by a user.
  - 8. The system of claim 1, wherein:
    - the server processor is included in a financial service provider (FSP) infrastructure.
  - 9. The system of claim 1, wherein:
    - the server processor is included in a trusted integrity manager (TIM) of an FSP.

10. A method for use with a client device configured to authenticate the client device to a server in response to a user initiation;
- the method comprising;
  
  generating a visually verifiable visual indicator at the server;
  
  allowing retrieval of the visual indicator from the server by the client device for display by the client device upon successful authentication of the client device by the server; and
  
  displaying the visual indicator on a website by the server for visual comparison by a user to the retrieved visual indicator wherein the website display of the visual indicator is distinct from display of the retrieved visual indicator on the client device.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, wherein allowing retrieval of the visual indicator further comprises:
    - sending a response to the client device only after an authentication of the client device by the server.
  - 12. The method of claim 10, further comprising:
    - randomly generating the visually verifiable visual indicator.
  - 13. The method of claim 10, further comprising:
    - changing the visually verifiable visual indicator periodically.
  - 14. The method of claim 10, further comprising:
    - generating the visual indicator with attributes comprising color, shape, or text.
  - 15. The method of claim 10, further comprising:
    - displaying the visual indicator at a trusted source site for a matching comparison by a user.
  - 16. The method of claim 10, wherein the server component is included in a financial service provider (FSP) infrastructure.

17. A computer program product comprising a non-transitory computer readable medium having computer readable and executable code for instructing a client processor to perform a method, the method comprising:
- authenticating a client device to a server in response to a user initiation;
  
  retrieving a visually verifiable visual indicator by the client device from the server upon successful authentication of the client device by the server; and
  
  displaying, by the client device, the visual indicator retrieved from the server for visual comparison by a user to the visually verifiable visual indicator displayed on a website by the server, wherein the website display of the visual indicator is distinct from the display on the client device of the visual indicator retrieved from the server.
- View Dependent Claims (18, 19, 20)
- - 18. The computer program product of claim 17, wherein the visual indicator comprises:
    - randomly generated attributes;
      
      attributes that are changed periodically; and
      
      attributes comprising color, shape, or text.
  - 19. The computer program product of claim 17, wherein the method further comprises:
    - receiving a response by the client device after an authentication of the client device by the server component.
  - 20. The computer program product of claim 17, wherein the visual indicator is displayed on a website that comprises a trusted source site for a matching comparison by a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Nahari, Hadi, Sanin, Aleksey V.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Nobahar, Abdulhakim

Application Number

US12/752,988
Publication Number

US 20100306819A1
Time in Patent Office

1,412 Days
Field of Search

713168-170, 713/189, 713/193, 726 2- 6, 726/9, 726/22, 705/26.35, 705/35, 705/37, 705/44, 705/64, 705/67, 705/72, 705/75, 705/317, 705/318
US Class Current

726/3
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/126   the source of the received ...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1483   service impersonation, e.g....

H04L 63/168   above the transport layer

H04W 12/10   Integrity

H04W 12/77   Graphical identity

Interactive phishing detection (IPD)

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Interactive phishing detection (IPD)

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links