Deriving reputation scores for web sites that accept personally identifiable information
First Claim
1. A method of providing computer security, comprising:
- using a computer to perform steps comprising;
receiving data describing personally identifiable information (PII) submitted to a web site by a plurality of clients;
receiving data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites;
determining a number of clients that have submitted the PII to the web site;
computing a reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and
providing the reputation score to a client.
5 Assignments
0 Petitions
Accused Products
Abstract
A reputation server is coupled to multiple clients. Each client has a security module that detects submissions of personally identifiable information (PII) from the client to a web site. The security module reports the identity of the web site and the type of submitted PII to the reputation server. The reputation server computes a reputation score for the web site based on the number and type of PII submissions to it. The reputation score represents an assessment of whether the web site is trustworthy. The reputation server provides the reputation scores for the web site to a client. The security module at the client evaluates the reputation score of the web site and optionally generates an alert advising the user not to submit PII to the web site because the site is untrustworthy.
89 Citations
16 Claims
-
1. A method of providing computer security, comprising:
- using a computer to perform steps comprising;
receiving data describing personally identifiable information (PII) submitted to a web site by a plurality of clients; receiving data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites; determining a number of clients that have submitted the PII to the web site; computing a reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and providing the reputation score to a client. - View Dependent Claims (2, 3, 4, 5, 6)
- using a computer to perform steps comprising;
-
7. A computer-implemented system for providing computer security, comprising:
-
a computer processor; and a computer-readable storage medium storing computer program modules configured to execute on the computer processor, the computer program modules comprising; a communication module configured to; receive data describing personally identifiable information (PII) submitted to a web site by a plurality of clients; receive data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites; and provide a computed reputation score for the web site to clients; and a reputation computation module configured to; determine a number of clients that have submitted the PII to the web site; and compute the reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site. - View Dependent Claims (8)
-
-
9. A computer program product having a non-transitory computer-readable storage medium storing computer-executable code for providing computer security to a client, the code comprising:
-
a communication module configured to receive, from a reputation server on a network, a reputation score for a web site on the network, the reputation score representing an assessment of the trustworthiness of the web site and computed based at least in part on a number of clients that have submitted personally identifiable information (PII) to the web site and hygiene scores of the plurality of clients that have submitted PII to the web site, wherein hygiene scores of the clients indicate the clients'"'"' propensities to submit the PII to untrustworthy web sites, the web site receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and an alert generation module configured to analyze the reputation score for the web site to determine whether the web site is trustworthy and, responsive at least in part to a determination that the web site is not trustworthy, generate an alert at the client indicating that the web site is not trustworthy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification