Deriving reputation scores for web sites that accept personally identifiable information

US 8,019,689 B1
Filed: 09/27/2007
Issued: 09/13/2011
Est. Priority Date: 09/27/2007
Status: Active Grant

First Claim

Patent Images

1. A method of providing computer security, comprising:

using a computer to perform steps comprising;

receiving data describing personally identifiable information (PII) submitted to a web site by a plurality of clients;

receiving data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites;

determining a number of clients that have submitted the PII to the web site;

computing a reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and

providing the reputation score to a client.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A reputation server is coupled to multiple clients. Each client has a security module that detects submissions of personally identifiable information (PII) from the client to a web site. The security module reports the identity of the web site and the type of submitted PII to the reputation server. The reputation server computes a reputation score for the web site based on the number and type of PII submissions to it. The reputation score represents an assessment of whether the web site is trustworthy. The reputation server provides the reputation scores for the web site to a client. The security module at the client evaluates the reputation score of the web site and optionally generates an alert advising the user not to submit PII to the web site because the site is untrustworthy.

89 Citations

View as Search Results

16 Claims

1. A method of providing computer security, comprising:
- using a computer to perform steps comprising;
  
  receiving data describing personally identifiable information (PII) submitted to a web site by a plurality of clients;
  
  receiving data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites;
  
  determining a number of clients that have submitted the PII to the web site;
  
  computing a reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and
  
  providing the reputation score to a client.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein receiving data describing the PII submitted to the web site comprises:
    - receiving data describing a uniform resource locator (URL) referencing the web site; and
      
      receiving data describing one or more types of PII submitted to the web site.
  - 3. The method of claim 1, wherein receiving data describing the PII submitted to the web site comprises:
    - receiving separate submissions from each of the plurality of clients, each submission describing one or more types of PII submitted to the web site by the client.
  - 4. The method of claim 1, wherein there are a plurality of types of PII that the plurality of clients can submit to the web site and wherein computing a reputation score for the web site comprises:
    - determining a number of distinct clients that have submitted a specified type of PII of the plurality of types of PII to the web site;
      
      determining times of submission of the specified type of PII to the web site; and
      
      computing a reputation score for the web site responsive at least in part to the specified type of PII, the number of distinct clients that have submitted the specified type of PII to the web site, and the times of submission of the specified type of PII to the web site.
  - 5. The method of claim 4, wherein different reputation scores are computed for the web site with respect to different types of PII.
  - 6. The method of claim 1, further comprising:
    - receiving the reputation score for the web site at the client;
      
      analyzing the reputation score for the web site to determine whether the web site is trustworthy; and
      
      responsive to a determination that the web site is not trustworthy, generating an alert at the client indicating that the site is not trustworthy.

7. A computer-implemented system for providing computer security, comprising:
- a computer processor; and
  
  a computer-readable storage medium storing computer program modules configured to execute on the computer processor, the computer program modules comprising;
  
  a communication module configured to;
  
  receive data describing personally identifiable information (PII) submitted to a web site by a plurality of clients;
  
  receive data describing hygiene scores of the plurality of clients that have submitted the PII to the web site, wherein a hygiene score of a client indicates the client'"'"'s propensity to submit the PII to untrustworthy web sites; and
  
  provide a computed reputation score for the web site to clients; and
  
  a reputation computation module configured to;
  
  determine a number of clients that have submitted the PII to the web site; and
  
  compute the reputation score for the web site responsive at least in part to the number of clients that have submitted the PII to the web site and the hygiene scores of the plurality of clients that have submitted the PII to the web site, the reputation score representing an assessment of the trustworthiness of the web site, the website receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site.
- View Dependent Claims (8)
- - 8. The computer-implemented system of claim 7, wherein a higher reputation score indicates that the web site is more trustworthy and wherein the reputation computation module is further configured to:
    - determine a number of distinct clients that have submitted a specified type of PII of the plurality of types of PII to the web site; and
      
      compute a reputation score for the web site responsive at least in part to the specified type of PII and the number of distinct clients that have submitted the specified type of PII to the web site.

9. A computer program product having a non-transitory computer-readable storage medium storing computer-executable code for providing computer security to a client, the code comprising:
- a communication module configured to receive, from a reputation server on a network, a reputation score for a web site on the network, the reputation score representing an assessment of the trustworthiness of the web site and computed based at least in part on a number of clients that have submitted personally identifiable information (PII) to the web site and hygiene scores of the plurality of clients that have submitted PII to the web site, wherein hygiene scores of the clients indicate the clients'"'"' propensities to submit the PII to untrustworthy web sites, the web site receiving a higher reputation score than a second web site based on a determination that the web site has received the PII from a larger number of clients than has the second web site; and
  
  an alert generation module configured to analyze the reputation score for the web site to determine whether the web site is trustworthy and, responsive at least in part to a determination that the web site is not trustworthy, generate an alert at the client indicating that the web site is not trustworthy.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer program product of claim 9, the code further comprising:
    - a PII recognition module configured to monitor client browsing of web sites on the network and detect if the client has browsed to the web site;
      
      wherein the alert generation module is further configured to generate the alert indicating that the web site is not trustworthy responsive to detecting that the client has browsed to the web site.
  - 11. The computer program product of claim 9, the code further comprising:
    - a PII recognition module configured to detect an attempted submission of PII to the web site;
      
      wherein the alert generation module is further configured to generate the alert indicating that the web site is not trustworthy responsive to the detected attempted submission of PII to the web site.
  - 12. The computer program product of claim 11, the code further comprising:
    - a PII blocking module configured to block the attempted submission of PII to the web site.
  - 13. The computer program product of claim 9, the code further comprising:
    - a PII recognition module configured to detect an attempted submission of PII from the client to the web site;
      
      wherein the alert generation module is further configured to;
      
      compare the reputation score for the web site to the reputation scores of other web sites to which the client has submitted the same PII to determine whether the web site is less trustworthy than the other web sites; and
      
      generate an alert at the client responsive to a determination that the web site is less trustworthy than the other web sites to which the client has submitted the same PII.
  - 14. The computer program product of claim 9, the code further comprising:
    - a PII recognition module configured to detect a submission of PII from the client to the web site; and
      
      a PII reporting module configured to report the submission of PII to the reputation server responsive at least in part to detecting the submission of PII.
  - 15. The computer program product of claim 14, wherein the PII reporting module is further configured to:
    - send a report to the reputation server, the report identifying the web site to which the PII was submitted and specifying a type of PII that was submitted.
  - 16. The computer program product of claim 14, wherein the PII reporting module is further configured to:
    - send a report to the reputation server, the report identifying the web site to which the PII was submitted, specifying a type of PII that was submitted, and specifying a hygiene score for the client, the hygiene score of the client indicating the client'"'"'s propensity to submit PII to untrustworthy web sites.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NortonLifeLock Inc.
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Nachenberg, Carey S.
Primary Examiner(s)
Worjloh; Jalatee

Application Number

US11/863,110
Time in Patent Office

1,447 Days
Field of Search

705/7, 705 50- 79, 713/150
US Class Current

705/64
CPC Class Codes

G06Q 10/063   Operations research, analys...

G06Q 20/027   involving a payment switch ...

G06Q 20/0855   involving a third party

G06Q 20/382   insuring higher security of...

G06Q 30/06   Buying, selling or leasing ...

H04L 63/126   the source of the received ...

Deriving reputation scores for web sites that accept personally identifiable information

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

89 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Deriving reputation scores for web sites that accept personally identifiable information

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others