METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

US 20130227684A1
Filed: 03/22/2013
Published: 08/29/2013
Est. Priority Date: 03/19/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the method comprising:

performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file;

determining the existence of a password in the network traffic based only on the weak validation; and

determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.

22 Citations

View as Search Results

18 Claims

1. A computer-implemented method for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the method comprising:
- performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file;
  
  determining the existence of a password in the network traffic based only on the weak validation; and
  
  determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the network traffic is from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter.
  - 3. The method of claim 1, further comprising encoding an organization password file with the Bloom filter.
  - 4. The method of claim 3, wherein passwords in the password file are configured for use by users to access sensitive resources.
  - 5. The method of claim 1, wherein the step of analyzing the data is performed by a traffic analyzer in communication with the computer network.
  - 6. The method of claim 5, wherein the traffic analyzer is configured to block the data from being transmitted over the network if the data is a password.
  - 7. The method of claim 1, wherein a percent of false positives provided by the Bloom Filter is tunable.

8. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the system comprising:
- a processor configured to execute computer instructions, wherein the computer instructions include a traffic analyzer in communication with the computer network, the traffic analyzer being configured to perform a search of network traffic based at least in part on a weak validation using a Bloom filter, wherein the Bloom filter is based on an organizational password file, and determining the existence of a password in the network traffic based only on the weak validation; and
  
  a decision system configured to decide whether to do at least one of “
  
  block”
  
  , “
  
  alert”
  
  or “
  
  quarantine”
  
  the traffic based at least in part on the existence of a password in the traffic.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The system of claim 8, wherein the network traffic is from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter.
  - 10. The system of claim 8, wherein passwords in the password file are configured for use by users to access sensitive resources.
  - 11. The system of claim 8, further comprising a gateway configured to receive instructions from the decision system.
  - 12. The system of claim 11, wherein the traffic analyzer is installed on the gateway.
  - 13. The system of claim 8, wherein a percent of false positives provided by the Bloom Filter is tunable.

14. A system for reducing exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password, the system comprising:
- a processor configured to execute computer instructions, wherein the computer instructions include data traffic analyzer means in communication with the computer network,the traffic analyzer means configured to perform a search of the network traffic based, at least in part, on a weak validation using a Bloom filter encoding an organization password file, and configured to determine the existence of a password in the network traffic based only on the weak validation; and
  
  decision means for deciding whether to do at least one of “
  
  block”
  
  , “
  
  alert”
  
  or “
  
  quarantine”
  
  the network traffic based at least in part on the existence of the password in the network traffic.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein passwords in the password file are configured for use by users to access sensitive resources.
  - 16. The system of claim 14, wherein the network traffic is from at least one computerized device within an organizational perimeter to a site outside the organizational perimeter.
  - 17. The system of claim 14, wherein the traffic analyzer means blocks the data from being transmitted over the network if the data is a password.
  - 18. The system of claim 14, wherein a percent of false positives provided by the Bloom Filter is tunable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Troyansky, Lidror

Granted Patent

US 8,959,634 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1433   Vulnerability analysis

METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

22 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links