Web page protection against phishing

US 8,745,151 B2
Filed: 11/09/2006
Issued: 06/03/2014
Est. Priority Date: 11/09/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

integrating, by a processing device of a client machine, a user interface control into a graphical user interface (GUI) of a network access application executing on the client machine;

receiving, by a user input device of the client machine, a request from a user via the user interface control to protect a first web page from a second web page;

caching first content of the first web page in a storage device at the client machine in response to the request;

followed by caching the first content of the first web page in the storage device at the client machine at predetermined periods of time;

comparing, by a processing device of the client machine, the first content of the first web page with second content of the second web page for a similarity between the first and second content;

assigning, by the processing device, a value to the similarity between the first and second content;

determining, by the processing device, that the value of the similarity passed a threshold value of a plurality of threshold values each corresponding to a different protective action of a plurality of protective actions that protect the first web page from the second web page; and

performing, by the processing device, a protective action of the plurality of protective actions corresponding to the threshold value that the value of the similarity passed;

wherein the plurality of threshold values are adjustable independent of each other by the user via the user interface control.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments of a method and apparatus for protecting web pages against phishing have been presented. In one embodiment, a user interface control is created at a client machine. A user may submit a request to protect a web page via the user interface control. In response to the request, a web page protection module may protect the web page against phishing based on content of the web page. In some embodiments, the web page protection module may be integrated with a network access application, such as, for example, as a plug-in to a browser.

17 Citations

View as Search Results

24 Claims

1. A method comprising:
- integrating, by a processing device of a client machine, a user interface control into a graphical user interface (GUI) of a network access application executing on the client machine;
  
  receiving, by a user input device of the client machine, a request from a user via the user interface control to protect a first web page from a second web page;
  
  caching first content of the first web page in a storage device at the client machine in response to the request;
  
  followed by caching the first content of the first web page in the storage device at the client machine at predetermined periods of time;
  
  comparing, by a processing device of the client machine, the first content of the first web page with second content of the second web page for a similarity between the first and second content;
  
  assigning, by the processing device, a value to the similarity between the first and second content;
  
  determining, by the processing device, that the value of the similarity passed a threshold value of a plurality of threshold values each corresponding to a different protective action of a plurality of protective actions that protect the first web page from the second web page; and
  
  performing, by the processing device, a protective action of the plurality of protective actions corresponding to the threshold value that the value of the similarity passed;
  
  wherein the plurality of threshold values are adjustable independent of each other by the user via the user interface control.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the plurality of actions comprise at least one of:
    - alerting the user of the second web page of a counterfeit of the first web page, reporting the second web page to a system administrator, blocking the second web page, or reporting the second web page to a database of counterfeit web pages.
  - 3. The method of claim 1, wherein caching comprises:
    - caching the first content of the first web page in the storage device at the client machine every time the user visits the first web page.
  - 4. The method of claim 1, wherein the network access application comprises an Internet browser.
  - 5. The method of claim 1, wherein caching comprises maintaining a current version of the first content of the first web page.
  - 6. The method of claim 1, wherein the value of the content similarity comprises an absolute difference of a word count of a word in the first content and a word count of the word in the second content.
  - 7. The method of claim 1, further comprising:
    - allowing, by the processing device, the user to adjust each of the plurality of thresholds.

8. An apparatus comprising:
- a storage device;
  
  a network interface device communicably coupled to the storage device, the network interface device to access a network;
  
  a user input device communicably coupled to the storage device and the network interface device, the user input device to control a first user interface control coupled to a graphical user interface (GUI) of a network access application executing on the apparatus, the first user interface control to allow the user to submit the request; and
  
  a processing device communicably coupled to the storage device, the network interface device, and the user input device, the processing device to;
  
  execute a web page protection module to protect a first web page accessible by the network access application over the network from a second web page in response to a request from a user received via the first user interface control;
  
  cache first content of the first web page in the storage device responsive to the request;
  
  followed by cache the first content of the first web page in the storage device at the client machine at predetermined periods of time;
  
  compare the first content of the first web page with second content of the second web page for a similarity between the first and second content;
  
  assign a value to the similarity between the first and second content;
  
  determine that the value of the similarity passed a threshold value of a plurality of threshold values each corresponding to a different protective action of a plurality of protective actions that protect the first web page from the second web page; and
  
  perform a protective action of the plurality of protective actions corresponding to the threshold value that the value of the similarity passed;
  
  wherein the plurality of threshold values are adjustable independent of each other by the user via the user interface control.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 9. The apparatus of claim 8, further comprising:
    - the storage device to store a buffer to cache the first content of the first web page every time the user visits the first web page.
  - 10. The apparatus of claim 8, wherein the plurality of actions comprise at least one of:
    - alerting the user of the second web page of a counterfeit of the first web page, reporting the second web page to a system administrator, blocking the second web page, or reporting the second web page to a database of counterfeit web pages.
  - 11. The apparatus of claim 8, wherein the network access application comprises an Internet browser.
  - 12. The apparatus of claim 8, further comprising:
    - a server to host the first web page;
      
      the network coupled to the server; and
      
      the network interface device coupled to the network.
  - 13. The apparatus of claim 8, wherein the processing device is further to execute the web page protection module to apply a form test on the second web page to determine a probability of the second web page is a counterfeit of the first web page.
  - 14. The apparatus of claim 8, wherein the processing device is further to execute the web page protection module to determine if the second web page contains any form having one or more editable fields, and to alert the user that the second web page is likely to be a counterfeit of the first web page if the second web page contains a form having one or more editable fields.
  - 15. The apparatus of claim 8, wherein caching comprises maintaining a current version of the first content of the first web page.
  - 16. The apparatus of claim 8, wherein the second web page is determined to be a counterfeit of the first web page if an absolute difference of the similarity between the first content and the second content is below a threshold of the plurality of thresholds.
  - 17. The apparatus of claim 8, further comprising:
    - the user input device to control a second user interface control to adjust each of the plurality of thresholds.

18. A non-transitory machine-readable storage medium that provides instructions that, if executed by a processing device, will cause the processing device to perform operations comprising:
- integrating, by the processing device of a client machine, a user interface control into a graphical user interface (GUI) of a network access application executing on the client machine;
  
  receiving, by a user input device of the client machine, a request from a user via the user interface control to protect a first web page from a second web page;
  
  caching first content of the first web page in a storage device at the client machine in response to the request;
  
  followed by caching the first content of the first web page in the storage device at the client machine at predetermined periods of time;
  
  comparing, by a processing device of the client machine, the first content of the first web page with second content of the second web page for a similarity between the first and second content;
  
  assigning, by the processing device, a value to the similarity between the first and second content;
  
  determining, by the processing device, that the value of the similarity passed a threshold value of a plurality of threshold values each corresponding to a different protective action of a plurality of protective actions that protect the first web page from the second web page; and
  
  performing, by the processing device, a protective action of the plurality of protective actions corresponding to the threshold value that the value of the similarity passed;
  
  wherein the plurality of threshold values are adjustable independent of each other by the user via the user interface control.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The non-transitory machine-readable storage medium of claim 18, wherein the plurality of actions comprise at least one of:
    - alerting the user of the second web page of a counterfeit of the first web page, reporting the second web page to a system administrator, blocking the second web page, or reporting the second web page to a database of counterfeit web pages.
  - 20. The non-transitory machine-readable storage medium of claim 18, wherein protecting the web page comprise:
    - caching the first content of the first web page in the storage device at the client machine every time the user visits the first web page.
  - 21. The non-transitory machine-readable storage medium of claim 18, wherein the network access application comprises an Internet browser.
  - 22. The non-transitory machine-readable medium of claim 18, wherein caching comprises maintaining a current version of the first content of the first web page.
  - 23. The non-transitory machine-readable medium of claim 18, wherein the second web page is determined to be a counterfeit of the first web page if an absolute difference of the similarity between the first content and the second content is below a threshold of the plurality of thresholds.
  - 24. The non-transitory machine-readable storage medium of claim 18, wherein the operations further comprise:
    - allowing, by the processing device, the user to adjust each of the plurality of thresholds.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Rowley, Peter A.
Primary Examiner(s)
JENSEN, NICHOLAS A

Application Number

US11/595,414
Publication Number

US 20080115214A1
Time in Patent Office

2,763 Days
Field of Search

709/217, 726 26- 27
US Class Current

709/217
CPC Class Codes

G06F 21/31 User authentication

G06F 21/6209 to a single file or object,...

Web page protection against phishing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Web page protection against phishing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links