Point of sale system protection against information theft attacks

US 9,912,692 B1
Filed: 03/27/2015
Issued: 03/06/2018
Est. Priority Date: 03/27/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, via a software component resident and executing on a point of sale system, a plurality of proactive operational modes selectable by at least one entity through a control and monitoring interface associated with the software component, wherein the proactive operational modes are operative to counter one or more information theft attacks attempting to obtain information comprising sensitive data, entered through the point of sale system, from a volatile memory of the point of sale system, wherein the one or more information theft attacks are initiated by malware resident on the point of sale system, and wherein the proactive operational modes comprise;

a first operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by creating at least one process executable in the point of sale system that comprises the false information;

a second operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by injecting the false information into at least one process executing in the point of sale system;

a third operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, during a given information theft attack that is detected to be in progress by replacing real information from the volatile memory of the point of sale system that is in transit during the given information theft attack with the false information; and

a fourth operational mode configured to restrict access to at least one operating system function in the point of sale system usable by a given information theft attack to obtain the information from the volatile memory of the point of sale system;

receiving, at the software component, a selection of one or more of the plurality of proactive operational modes; and

implementing, via the software component, the one or more selected proactive operational modes;

wherein the point of sale system comprises a processor and memory configured to execute the software component.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes selectively implementing, via a component resident and executing on a point of sale system, one or more of a set of proactive operations to counter an information theft attack against the point of sale system. The set of proactive operations comprises: generating false information that appears to be actual information and creating at least one process executable in the point of sale system that comprises the false information; injecting false information that appears to be actual information into at least one process executing in the point of sale system; replacing actual information with false information that appears to be actual information; and blocking at least one process in the point of sale system to prevent actual information from being taken from the point of sale system.

Citations

20 Claims

1. A method comprising:
- providing, via a software component resident and executing on a point of sale system, a plurality of proactive operational modes selectable by at least one entity through a control and monitoring interface associated with the software component, wherein the proactive operational modes are operative to counter one or more information theft attacks attempting to obtain information comprising sensitive data, entered through the point of sale system, from a volatile memory of the point of sale system, wherein the one or more information theft attacks are initiated by malware resident on the point of sale system, and wherein the proactive operational modes comprise;
  
  a first operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by creating at least one process executable in the point of sale system that comprises the false information;
  
  a second operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by injecting the false information into at least one process executing in the point of sale system;
  
  a third operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, during a given information theft attack that is detected to be in progress by replacing real information from the volatile memory of the point of sale system that is in transit during the given information theft attack with the false information; and
  
  a fourth operational mode configured to restrict access to at least one operating system function in the point of sale system usable by a given information theft attack to obtain the information from the volatile memory of the point of sale system;
  
  receiving, at the software component, a selection of one or more of the plurality of proactive operational modes; and
  
  implementing, via the software component, the one or more selected proactive operational modes;
  
  wherein the point of sale system comprises a processor and memory configured to execute the software component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the at least one created process appears to be a real process executable in the point of sale system.
  - 3. The method of claim 1, further comprising validating the generated false information in a manner in which the real information is validated.
  - 4. The method of claim 1, wherein at least one of the plurality of proactive operational modes is initiated after detection of the malware.
  - 5. The method of claim 1, wherein at least one of the plurality of proactive operational modes is initiated before detection of the malware.
  - 6. The method of claim 1, wherein the volatile memory comprises random access memory, and wherein a given information theft attack comprises a scraping attack of the random access memory.
  - 7. The method of claim 1, wherein the control and monitoring interface enables the at least one entity to adjust a rate of generation of the false information.
  - 8. The method of claim 1, wherein the control and monitoring user interface enables the at least one entity to detect that the given information theft attack is in progress.

9. An article of manufacture comprising a processor-readable storage medium having encoded therein executable code of one or more software programs, wherein the one or more software programs when executed by a processor and a memory associated with a point of sale system perform steps of:
- providing, via a software component resident and executing on a point of sale system, a plurality of proactive operational modes selectable by at least one entity through a control and monitoring interface associated with the software component, wherein the proactive operational modes are operative to counter one or more information theft attacks attempting to obtain information comprising sensitive data, entered through the point of sale system, from a volatile memory of the point of sale system, wherein the one or more information theft attacks are initiated by malware resident on the point of sale system, and wherein the proactive operational modes comprise;
  
  a first operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by creating at least one process executable in the point of sale system that comprises the false information;
  
  a second operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by injecting the false information into at least one process executing in the point of sale system;
  
  a third operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, during a given information theft attack that is detected to be in progress by replacing real information from the volatile memory of the point of sale system that is in transit during the given information theft attack with the false information; and
  
  a fourth operational mode configured to restrict access to at least one operating system function in the point of sale system usable by a given information theft attack to obtain the information from the volatile memory of the point of sale system;
  
  receiving, at the software component, a selection of one or more of the plurality of proactive operational modes; and
  
  implementing, via the software component, the one or more selected proactive operational modes.
- View Dependent Claims (10, 11)
- - 10. The article of claim 9, wherein the control and monitoring interface enables the at least one entity to adjust a rate of generation of the false information.
  - 11. The article of claim 9, wherein the control and monitoring user interface enables the at least one entity to detect that the given information theft attack is in progress.

12. An apparatus comprising:
- a processor operatively coupled to a memory to form a point of sale system configured to;
  
  provide, via a software component resident and executing on the point of sale system, a plurality of proactive operational modes selectable by at least one entity through a control and monitoring interface associated with the software component, wherein the proactive operational modes are operative to counter one or more information theft attacks attempting to obtain information comprising sensitive data, entered through the point of sale system, from a volatile memory of the point of sale system, wherein the one or more information theft attacks are initiated by malware resident on the point of sale system, and wherein the proactive operational modes comprise;
  
  a first operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by creating at least one process executable in the point of sale system that comprises the false information;
  
  a second operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by injecting the false information into at least one process executing in the point of sale system;
  
  a third operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, during a given information theft attack that is detected to be in progress by replacing real information from the volatile memory of the point of sale system that is in transit during the given information theft attack with the false information; and
  
  a fourth operational mode configured to restrict access to at least one operating system function in the point of sale system usable by a given information theft attack to obtain the information from the volatile memory of the point of sale system;
  
  receive, at the software component, a selection of one or more of the plurality of proactive operational modes; and
  
  implement, via the software component, the one or more selected proactive operational modes.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The apparatus of claim 12, wherein the at least one created process appears to be a real process executable in the point of sale system.
  - 14. The apparatus of claim 13, wherein the processor is further configured to validate, via the software component, the generated false information in a manner in which the real information is validated.
  - 15. The apparatus of claim 12, wherein at least one of the plurality of proactive operational modes is initiated after detection of the malware.
  - 16. The apparatus of claim 12, wherein at least one of the plurality of proactive operational modes is initiated before detection of the malware.
  - 17. The apparatus of claim 12, wherein the control and monitoring interface enables the at least one entity to adjust a rate of generation of the false information.
  - 18. The apparatus of claim 12, wherein the control and monitoring user interface enables the at least one entity to detect that the given information theft attack is in progress.

19. A system comprising:
- one or more point of sale systems each comprising a processor operatively coupled to a memory, wherein the processor of a given one of the point of sale systems is configured to execute a software component resident on the given point of sale system; and
  
  a controller remote from the one or more point of sale systems, wherein the controller is associated with at least one entity;
  
  wherein the software component is configured to;
  
  provide a plurality of proactive operational modes selectable by the at least one entity through a control and monitoring interface associated with the software component and operatively coupled to the controller, wherein each one of the plurality of proactive operational modes is operative to counter one or more information theft attacks attempting to obtain information comprising sensitive data, entered through the given point of sale system, from volatile memory of the given point of sale system, wherein the one or more information theft attacks are initiated by malware resident on the given point of sale system, and wherein the proactive operational modes comprise;
  
  a first operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by creating at least one process executable in the given point of sale system that comprises the false information;
  
  a second operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, by injecting the false information into at least one process executing in the given point of sale system;
  
  a third operational mode configured to utilize false information, wherein the false information comprises false sensitive data generated to appear to be real sensitive data, during a given information theft attack that is detected to be in progress by replacing real information from the volatile memory of the point of sale system that is in transit during the given information theft attack with the false information; and
  
  a fourth operational mode configured to restrict access to at least one operating system function in the given point of sale system usable by a given information theft attack to obtain the information from the volatile memory of the given point of sale system;
  
  receive a selection of one or more of the plurality of proactive operational modes; and
  
  implement the one or more selected proactive operational modes.
- View Dependent Claims (20)
- - 20. The system of claim 19, wherein the control and monitoring interface enables the at least one entity remote from the one or more point of sale systems to adjust a rate of generation of the false information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Fleyder, Uri, Kerner, Rotem, Rabinovich, Zeev, Salinas, Rotem, Ben-Porat, Lior, Frank, Daniel
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US14/671,578
Time in Patent Office

1,075 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/629   to features or functions of...

G06Q 20/20   Point-of-sale [POS] network...

G06Q 20/4016   involving fraud or risk lev...

H04L 63/1466   Active attacks involving in...

H04L 63/1491   using deception as counterm...

Point of sale system protection against information theft attacks

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Point of sale system protection against information theft attacks

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links