SYSTEM AND METHOD FOR VERIFYING NETWORKED SITES

US 20100031022A1
Filed: 09/06/2007
Published: 02/04/2010
Est. Priority Date: 12/12/2006
Status: Active Grant

First Claim

Patent Images

1. A method of indicating to a user that a networked site is authentic comprising:

enabling encryption of user-customized information on an end-user device, the user-customized information having been previously selected by a user of the end-user device;

when said end-user device accesses the networked site, receiving from said end-user device a request to verify the authenticity of the networked site together with identity information about the networked site;

verifying whether the networked site is authentic; and

if the networked site is verified as authentic, enabling decryption of the encrypted user-customized information so that the user-customized information can be presented to the user on the end-user device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for indicating to a user that a networked site is authentic includes a verification application configured to send a request to verify the authenticity of the networked site together with identity information about the site to a verification server. The verification application has access to encrypted user-customized information that was previously selected by a user and is encrypted and stored focally on the end-user device. The verification server verifies whether the networked site is authentic and is further configured to enable decryption of the encrypted user-customized information when a networked site is verified as authentic, so that the user-customized information can be presented to the user.

111 Citations

View as Search Results

47 Claims

1. A method of indicating to a user that a networked site is authentic comprising:
- enabling encryption of user-customized information on an end-user device, the user-customized information having been previously selected by a user of the end-user device;
  
  when said end-user device accesses the networked site, receiving from said end-user device a request to verify the authenticity of the networked site together with identity information about the networked site;
  
  verifying whether the networked site is authentic; and
  
  if the networked site is verified as authentic, enabling decryption of the encrypted user-customized information so that the user-customized information can be presented to the user on the end-user device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the request to verify is received at a verification server that is remote from the end-user device, and verifying whether the networked site is authentic occurs at the verification server.
  - 3. The method of claim 2, wherein the verification server is also remote from a server of a provider of the networked site.
  - 4. The method of claim 2, wherein enabling encryption of the user-customized information comprises:
    - receiving at the verification server the user-customized information together with security information from the end-user device;
      
      determining at the verification server a set of encryption parameters including an encryption key;
      
      encrypting the user-customized information at the verification server based on the encryption parameters; and
      
      sending the encrypted user-customized information to the end-user device together with a subset of the encryption parameters, said subset not including said encryption key.
  - 5. The method of claim 4 further comprising, when said end-user device accesses the networked site, additionally receiving from said end-user device the encrypted user-customized information and the subset of encryption parameters;
    - and wherein enabling decryption of the user-customized information comprises decrypting the encrypted user-customized information at the verification server and sending the decrypted user-customized information to the end-user device.
  - 6. The method of claim 5 wherein the decrypted user-customized information is sent to the end-user device over a secure channel.
  - 7. The method of claim 2, wherein enabling encryption of the user-customized information comprises:
    - determining at the verification server a set of encryption parameters including an encryption key;
      
      sending the set of encryption parameters including the encryption key to the end-user device so that the user-customized information can thereafter be encrypted on the end-user device using said encryption parameters.
  - 8. The method of claim 7 further comprising, when said end-user device accesses the networked site, additionally receiving from said end-user device the set of encryption parameters;
    - and wherein enabling decryption of the user-customized information comprises sending a decryption key to the end-user device to enable decryption of the user-customized information at said end-user device.
  - 9. The method of claim 8 wherein the decryption key is sent to the end-user device over a secure channel, wherein the encryption parameters include a key identifier, and wherein the encryption key and the decryption key are purged from the end-user device once encryption and decryption have respectively been carried out.
  - 10. The method of claim 2, wherein the encrypted user-customized information is only stored locally on the end-user device and not at the verification server.
  - 11. The method of claim 2 wherein the method further comprises, when the networked site is verified as authentic, sending supplementary data about a provider of the networked site from the verification server to the end-user device so that the supplementary data can be presented to the user on the end-user device.
  - 12. The method of claim 1, wherein the identity information comprises at least one script variable value in an object model of a browser used to access the networked site on the end-user device, the at least one script variable relating to at least one of the following properties of the networked site:
    - hostname and IP address.
  - 13. The method of claim 1, wherein the identity information comprises hostname data gathered from a digital certificate of the networked site.
  - 14. The method of claim 1, wherein verifying whether the networked site is authentic comprises evaluating the identity information provided for the networked site and further evaluating a response provided by a server of the networked site in reply to an authentication challenge.
  - 15. The method of claim 14, further comprising generating the authentication challenge from a nonce that is cryptographically tied to a session cookie on the end-user device.
  - 16. The method of claim 1, further comprising providing an application to the end-user device that enables the user to select the user-customized information.
  - 17. The method of claim 1, wherein the user-customized information comprises at least one of the following:
    - an image and an audio recording.
  - 18. The method of claim 1, wherein the user-customized information is presented to the user on the end-user device as a component of a verification seal.
  - 19. The method of claim 1, wherein the user-customized information is presented to the user on the end-user device as part of the content of the networked site.

20. A system for indicating to a user that a networked site is authentic comprising:
- a verification application comprising computer-readable program code residing on an end-user device, the verification application being configured;
  
  when the end-user device accesses the networked site to send, via the network, a request to verify the authenticity of the networked site together with identity information about the networked site,to access encrypted user-customized information stored locally on the end-user device, the user-customized information having been previously selected by a user of the end-user device; and
  
  a verification server configured to receive, via the network, the request to verify from the verification application and to verify whether the networked site is authentic, wherein the verification server is further configured to enable decryption of the encrypted user-customized information when a networked site is verified as authentic so that the user-customized information can be presented to the user on the end-user device.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38)
- - 21. The system of claim 20, wherein the verification server is remote from a server of a provider of the networked site.
  - 22. The system of claim 20, wherein the verification server is further configured to:
    - receive the user-customized information together with security information from the end-user device;
      
      determine a set of encryption parameters including an encryption key;
      
      encrypt the user-customized information based on the encryption parameters; and
      
      send the encrypted user-customized information to the end-user device together with a subset of the encryption parameters, said subset not including said encryption key.
  - 23. The system of claim 22, wherein, when said end-user device accesses the networked site, the verification server is further configured to:
    - additionally receive from said end-user device the encrypted user-customized information and the subset of encryption parameters;
      
      decrypt the encrypted user-customized information based in part on said subset of encryption parameters; and
      
      send the decrypted user-customized information to the end-user device.
  - 24. The system of claim 20, wherein:
    - the verification server is further configured to determine a set of encryption parameters including an encryption key and to send the set of encryption parameters including the encryption key to the end-user device; and
      
      the verification application is further configured to encrypt the user-customized information based on the encryption parameters.
  - 25. The system of claim 24, wherein when said end-user device accesses the networked site:
    - the verification application is configured to send the set of encryption parameters to the verification server, and the verification server is in turn configured to send a corresponding decryption key the end-user device; and
      
      wherein the verification application is further configured to decrypt the encrypted user-customized information based on the decryption key.
  - 26. The system of claim 25, wherein the encryption parameters include a key identifier, and wherein the verification application is further configured to purge the encryption key and the decryption key from the end-user device once encryption and decryption have respectively been carried out.
  - 27. The system of claim 20, wherein, when the networked site is verified as authentic, the verification server is further configured to send supplementary data about a provider of the networked site to the end-user device so that the supplementary data can be presented to the user on the end-user device.
  - 28. The method of claim 20, wherein the verification server is configured to evaluate the identity information provided for the networked site, and the identity information comprises at least one script variable value in an object model of a browser used to access the networked site on the end-user device, the at least one script variable relating to at least one of the following properties of the networked site:
    - hostname and IP address.
  - 29. The method of claim 20, wherein the verification server is configured to evaluate the identity information provided for the networked site, and the identity information comprises hostname data gathered from a digital certificate of the networked site.
  - 30. The system of claim 20, wherein the verification server is configured to evaluate the identity information provided for the networked site, to generate an authentication challenge for a provider of the networked site, and to evaluate a response provided by a server of the networked site in reply to the authentication challenge.
  - 31. The system of claim 20, further comprising an editor application on the end-user device, the editor application being configured to enable the user to select the user-customized information.
  - 32. The system of claim 31, wherein the editor application is a component of the verification application.
  - 33. The system of claim 20, wherein the content of the networked site includes a link invoking the verification application.
  - 34. The system of claim 33, wherein the verification application is already resident on the end-user device when the end-user device accesses the networked site.
  - 35. The system of claim 33, wherein the link initiates the downloading of the verification application, via the network, from a third party onto the end-user device.
  - 36. The system of claim 35, wherein the third party is the verification server.
  - 37. The system of claim 33, wherein the verification application is a Java applet and the link is provided as part of a JavaScript file.
  - 38. The system of claim 20, wherein the user-customized information comprises at least one of the following:
    - an image and an audio recording.

39. A method for a user of an end-user device to determine that a networked site is authentic comprising:
- communicating with a verification server to enable encryption of user-customized information based on a set of encryption parameters determined by the verification server and to store said encrypted user-customized information in a storage accessible locally to the end-user device;
  
  when the end-user device accesses the networked site, sending a request to verify the authenticity of the networked site together with identity information about the networked site to the verification server;
  
  if the networked site is verified as authentic by the verification server, communicating with the verification server to enable decryption of the encrypted user-customized information so that the user-customized information can be presented to the user on the end-user device.
- View Dependent Claims (40)
- - 40. The method of claim 39, further comprising enabling the user to select the user-customized information.

41. A verification application for a user of an end-user device to determine that a networked site is authentic, the verification application comprising computer-readable program code residing on an end-user device, the verification application being configured to:
- communicate with a verification server to enable encryption of user-customized information based on a set of encryption parameters determined by the verification server and to store said encrypted user-customized information in a storage accessible locally to the end-user device;
  
  when the end-user device accesses the networked site, send a request to verify the authenticity of the networked site together with identity information about the networked site to the verification server;
  
  if the networked site is verified as authentic by the verification server, communicate with the verification server to enable decryption of the encrypted user-customized information so that the user-customized information can be presented to the user on the end-user device.
- View Dependent Claims (42)
- - 42. The method of claim 41, wherein the verification application is further configured to enable presentation of the user-customized information on the end-user device as part of the content of the networked site.

43. A method of allowing a user of to verify the authenticity of a provider of a networked site comprising:
- embedding within the content of the networked site a link to invoke a verification application on an end-user device, said verification application being configured to communicate with a verification server to enable the verification server to authenticate the provider based on identity information provided by the verification application; and
  
  upon verification of the networked site by the verification server, presenting user-customized information to the user on the end-user device as part of the content of the networked site, the user-customized information having been previously selected by a user of the end-user device.
- View Dependent Claims (44, 45, 46, 47)
- - 44. The method of claim 43, wherein the verification application is already resident on the end-user device when the end-user device accesses the networked site.
  - 45. The method of claim 43, wherein the link initiates the downloading of the verification application, via the network, from a third party onto the end-user device.
  - 46. The method of claim 43, comprising presenting the user-customized information as a component of a verification seal.
  - 47. The method of claim 43, further comprising responding to an authentication challenge issued by the verification server and received at the networked site via the verification application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Richemont International SA (Compagnie Financiere Richemont SA)
Original Assignee
Columbus Venture Capital SARL (Compagnie Financiere Richemont SA)
Inventors
KRAMER, Glenn A.

Granted Patent

US 8,356,333 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/123   received data contents, e.g...

H04L 63/1441   Countermeasures against mal...

H04L 63/1483   service impersonation, e.g....

SYSTEM AND METHOD FOR VERIFYING NETWORKED SITES

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

111 Citations

47 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHOD FOR VERIFYING NETWORKED SITES

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

47 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others