System and method for identifying security breach attempts of a website
First Claim
Patent Images
1. A website security method implemented by a network system comprising one or more client devices and server devices, the method comprising:
- receiving a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters;
sending the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to;
intercept a subsequent request resulting from an interaction with the requested web page,extract one or more communication parameters contained within the intercepted subsequent request,compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, anddetermine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters;
initiating a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; and
responding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a method, circuit and system for detecting, reporting and preventing an attempted security breach of a commercial website (for example a banking website), such as identity theft, website duplication (mirroring/Phishing), MITB (man in the browser) attacks, MITM (man in the middle) attacks and so on.
298 Citations
12 Claims
-
1. A website security method implemented by a network system comprising one or more client devices and server devices, the method comprising:
-
receiving a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters; sending the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to; intercept a subsequent request resulting from an interaction with the requested web page, extract one or more communication parameters contained within the intercepted subsequent request, compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, and determine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters; initiating a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; and responding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. - View Dependent Claims (2, 3)
-
-
4. An apparatus, comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters; send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to; intercept a subsequent request resulting from an interaction with the requested web page, extract one or more communication parameters contained within the intercepted subsequent request, compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, and determine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters; receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; and responding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. - View Dependent Claims (5, 6)
-
-
7. A non-transitory computer readable medium having stored thereon instructions for website security comprising machine executable code which when executed by at least one processor, causes the processor to:
-
receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters; send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to; intercept a subsequent request resulting from an interaction with the requested web page, extract one or more communication parameters contained within the intercepted subsequent request, compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, and determine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters; receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; and responding to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. - View Dependent Claims (8, 9)
-
-
10. A network system, comprising one or more client devices and server devices, the network system comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to:
-
receive a request from a client device for a web page to be provided by a server application, wherein anti-trojan software code is embedded in the requested web page and the anti-trojan software code is functionally associated with the server application and comprises one or more expected communication parameters; send the requested web page to the client device responsive to the request, wherein the anti-trojan software code is configured to; intercept a subsequent request resulting from an interaction with the requested web page, extract one or more communication parameters contained within the intercepted subsequent request, compare the extracted communication parameters with the expected communication parameters, wherein the expected communication parameters comprise communication parameters of different types of possible communications expected by the server application in connection with requests to the server application, and determine a potential client security breach exists when one or more of the extracted communication parameters do not match one or more of the expected communication parameters; receive the notification from the client device and initiate a mitigation action when an indication is received from the executing anti-trojan software code that a potential security breach exists; and respond to the subsequent request from the client device by providing a requested resource when no indication is received from the executing anti-trojan software code that a potential security breach exists. - View Dependent Claims (11, 12)
-
Specification