Reputation based redirection service

US 8,862,699 B2
Filed: 12/14/2009
Issued: 10/14/2014
Est. Priority Date: 12/14/2009
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable storage devices, storing processor-executable instructions that, when executed on a processor, configure a processor to perform acts for Uniform Resource Locator (URL) wrapping, the acts comprising:

receiving an input of a URL for accessing a document available over a network;

determining a characteristic associated with the received URL;

creating a security hash based on the received URL and the characteristic associated with the received URL, wherein the characteristic comprises an identifier of a user who originally posted the received URL;

outputting a wrapped URL comprising the received URL, the characteristic associated with the received URL, and the security hash;

validating that the wrapped URL has not been tampered with based at least in part upon authenticating the wrapped URL with the security hash;

outputting a redirection decision, wherein if the received URL is invalid, abusive, or unknown, the redirection decision redirects a user to a web page; and

logging the redirection decision and click-through telemetry information associated with the web page.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reputation based redirection service is usable to build URL wrappers for un-trusted and unknown URLs. Such URL wrappers can be used to protect Web users by, for example, redirecting traffic to interstitial Web pages. Additionally, reputation decisions can be made by the service to further protect users from malicious URLs.

Citations

20 Claims

1. One or more computer-readable storage devices, storing processor-executable instructions that, when executed on a processor, configure a processor to perform acts for Uniform Resource Locator (URL) wrapping, the acts comprising:
- receiving an input of a URL for accessing a document available over a network;
  
  determining a characteristic associated with the received URL;
  
  creating a security hash based on the received URL and the characteristic associated with the received URL, wherein the characteristic comprises an identifier of a user who originally posted the received URL;
  
  outputting a wrapped URL comprising the received URL, the characteristic associated with the received URL, and the security hash;
  
  validating that the wrapped URL has not been tampered with based at least in part upon authenticating the wrapped URL with the security hash;
  
  outputting a redirection decision, wherein if the received URL is invalid, abusive, or unknown, the redirection decision redirects a user to a web page; and
  
  logging the redirection decision and click-through telemetry information associated with the web page.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The one or more computer-readable devices of claim 1, wherein creating the security hash is further based on context information comprising a session identifier.
  - 3. The one or more computer-readable devices of claim 1, wherein the characteristic associated with the received URL comprises a location on the network where the received URL was posted and a container identifier of a container where the received URL was posted.
  - 4. The one or more computer-readable devices of claim 1, wherein the characteristic associated with the received URL comprises a unique identifier for back-end reputation look-up and/or back-end additional characteristic look-up.
  - 5. The one or more computer-readable devices of claim 1, further comprising instructions to perform acts comprising:
    - determining that the received URL is an un-trusted URL; and
      
      outputting the wrapped URL based on the determination that the received URL is an un-trusted URL.
  - 6. The one or more computer-readable devices of claim 1, further comprising instructions to perform acts comprising outputting an error message when the received URL is a malformed URL, a non-URL, a null URL, a URL of an un-supported Uniform Resource Identifier (URI) schema, and/or a URL with a length longer than a predetermined length.
  - 7. The one or more computer-readable devices of claim 1, wherein the wrapped URL further comprises a redirection service and/or shortened URL.
  - 8. The one or more computer-readable devices of claim 1, wherein the characteristic associated with the received URL comprises an identifier associated with an application which posted the received URL.
  - 9. The one or more computer-readable devices of claim 1, wherein the acts further comprise excluding in-network URLs from URL wrapping and directly loading the received URL.

10. A system for implementing a URL redirection service comprising:
- memory and a processor;
  
  a policy module, stored in the memory and executable on the processor, configured to exclude URLs on a same network as the URL redirection service from the URL redirection service and to directly load a destination URL on the same network as the URL redirection service;
  
  a redirection server interface module, stored in the memory and executable on the processor, configured to receive a request for handling a wrapped URL comprising the destination URL, a characteristic of the destination URL, and a security hash;
  
  a URL validation/verification module, stored in the memory and executable on the processor, configured to verify that the received wrapped URL has not been tampered with based at least in part upon authenticating the wrapped URL with the security hash;
  
  a reputation lookup module, stored in the memory and executable on the processor, configured to determine a reputation rating for the destination URL;
  
  a redirection logic module, stored in the memory and executable on the processor, configured to output a confidence score and a redirection decision based on validity of the received wrapped URL, the reputation rating of the destination URL, and a characteristic of the destination URL;
  
  a telemetry service module, stored in the memory and executable on the processor, configured to receive click-through telemetry information from an interstitial page; and
  
  a logging module, stored in the memory and executable on the processor, configured to create a telemetry report based on the click-through telemetry information and a log report based on the redirection decision.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, the characteristic associated with the destination URL comprises an identifier of a user who originally posted the destination URL and a location where the destination URL was posted.
  - 12. The system of claim 10, further comprising a shortened/redirected URL handling module, stored in the memory and executable on the processor, configured to:
    - receive a shortened URL or a redirected URL;
      
      determine a final destination URL of the shortened or redirected URL; and
      
      output the final destination URL to the reputation lookup module.
  - 13. The system of claim 10, further comprising a configuration module, stored in the memory and executable on the processor, configured to maintain system configuration settings in a system configuration store.
  - 14. The system of claim 10, the redirection decision comprising determining, based on the reputation rating of the destination URL, when to display the interstitial page, the interstitial page comprising an abuse information page, an unknown information page, or an error information page.
  - 15. The system of claim 10, the redirection decision comprising determining, based on rules applied to the destination URL or a characteristic of the destination URL, when to display the interstitial page, the interstitial page comprising an abuse information page, an unknown information page, or an error information page.

16. One or more computer-readable storage devices, storing processor-executable instructions that, when executed on a processor, configure the processor to perform acts for URL Web service calls, the acts comprising:
- receiving a Web service call for a destination URL;
  
  creating a security hash based on the destination URL and a characteristic associated with the destination URL, wherein the characteristic comprises an identifier of a user who posted the destination URL;
  
  outputting a wrapped URL comprising the destination URL, the characteristic associated with the destination URL, and the security hash;
  
  validating that the wrapped URL has not been tampered with based at least in part upon authenticating the wrapped URL with the security hash;
  
  determining a redirection decision for the destination URL;
  
  outputting the redirection decision, wherein if the destination URL is invalid, abusive, or unknown, the redirection decision redirects a user to a web page; and
  
  logging the redirection decision and click-through telemetry information associated with the web page.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The one or more computer-readable devices of claim 16, the redirection decision determined based on a reputation rating of the destination URL.
  - 18. The one or more computer-readable devices of claim 16, wherein the characteristic associated with the destination URL further comprises a website where the URL was originally posted.
  - 19. The one or more computer-readable devices of claim 18, wherein the acts further comprise excluding in-network URLs from URL wrapping and directly loading the destination URL.
  - 20. The one or more computer-readable devices of claim 18, wherein creating the security hash is further based on context information comprising a session identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Bhatawdekar, Ameya S., Iverson, Kristofer N., Haber, Elliott J., Scarrow, John L., Mills, Chad W.
Primary Examiner(s)
Winder, Patrice
Assistant Examiner(s)
Chang, Julian

Application Number

US12/637,673
Publication Number

US 20110145435A1
Time in Patent Office

1,765 Days
Field of Search

709/245, 709/201, 709/203, 709217-219, 726/23, 726/25, 726/27, 726/30
US Class Current

709/219
CPC Class Codes

G06F 16/9566   URL specific, e.g. using al...

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/123   received data contents, e.g...

H04L 63/1466   Active attacks involving in...

H04L 63/1483   service impersonation, e.g....

H04L 67/02   based on web technology, e....

H04L 9/3236   using cryptographic hash fu...

Reputation based redirection service

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Reputation based redirection service

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links