Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2011-04-12
2011-04-12
Zand, Kambiz (Department: 2434)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
Reexamination Certificate
active
07925883
ABSTRACT:
A phishing detection server component and method is provided. The component can be employed as part of a system to detect/phishing attacks. The phishing detection server component can receive password reuse event report(s), for example, from a protection component of client component(s).Due to the malicious nature of phishing in general, the phishing detection server component can be susceptible to attacks by phishers (e.g., by reverse engineering of the client component). For example, false report(s) of PREs can be received from phisher(s) in an attempt to overwhelm the server component, induce false positives and/or induce false negatives.Upon receipt of a PRE report, the phishing detection server component can first verify that the timestamp(s) are genuine (e.g., previously generated by the phishing detection server component). The report verification component can employ the timestamp(s) to verify veracity of the report (e.g., to minimize attacks by phishers).
REFERENCES:
patent: 6044152 (2000-03-01), Mendolia
patent: 6104916 (2000-08-01), Steinhoff et al.
patent: 6230269 (2001-05-01), Spies et al.
patent: 6662300 (2003-12-01), Peters
patent: 6754507 (2004-06-01), Takagi
patent: 6845380 (2005-01-01), Su et al.
patent: 6848078 (2005-01-01), Birsan et al.
patent: 6925313 (2005-08-01), Kweon et al.
patent: 7152244 (2006-12-01), Toomey
patent: 7392543 (2008-06-01), Szor
patent: 7475135 (2009-01-01), Bantz et al.
patent: 2003/0023876 (2003-01-01), Bardsley et al.
patent: 2003/0025668 (2003-02-01), Lin
patent: 2003/0163737 (2003-08-01), Roskind
patent: 2003/0199289 (2003-10-01), Kao et al.
patent: 2003/0204481 (2003-10-01), Lau
patent: 2004/0060007 (2004-03-01), Gottlob et al.
patent: 2004/0128296 (2004-07-01), Krishnamurthy et al.
patent: 2004/0143581 (2004-07-01), Bohannon et al.
patent: 2004/0158714 (2004-08-01), Peyravian
patent: 2004/0261018 (2004-12-01), Dunne et al.
patent: 2005/0022020 (2005-01-01), Fremberg
patent: 2005/0041009 (2005-02-01), Kuroda
patent: 2005/0049017 (2005-03-01), Yoda
patent: 2005/0068913 (2005-03-01), Tan et al.
patent: 2005/0087769 (2005-04-01), Yamazaki et al.
patent: 2005/0108567 (2005-05-01), D'Souza et al.
patent: 2005/0127820 (2005-06-01), Yamazaki et al.
patent: 2005/0177578 (2005-08-01), Chen
patent: 2005/0179850 (2005-08-01), Du
patent: 2005/0182778 (2005-08-01), Heuer et al.
patent: 2005/0192990 (2005-09-01), Kharitidi et al.
patent: 2005/0229097 (2005-10-01), Lander
patent: 2005/0235358 (2005-10-01), Keohane et al.
patent: 2006/0015358 (2006-01-01), Chua
patent: 2006/0055608 (2006-03-01), Minemura
patent: 2006/0200856 (2006-09-01), Salowey et al.
patent: 2006/0216469 (2006-09-01), Hashizume
patent: 2006/0232495 (2006-10-01), Chang et al.
patent: 2006/0250312 (2006-11-01), Kobayashi
patent: 2007/0005984 (2007-01-01), Florencio et al.
patent: 2007/0006305 (2007-01-01), Florencio et al.
patent: 2007/0199054 (2007-08-01), Florencio et al.
patent: 2008/0015002 (2008-01-01), Crisp
patent: 14-073553 (2002-03-01), None
U.S. Appl. No. 11/172,466, filed Jun. 30, 2005, Florencio, et al.
U.S. Appl. No. 11/360,254, filed Feb. 23, 2006, Florencio, et al.
Adida, B. et al., “Fighting Phishing Attacks: A Lightweight Trust Architecture for Detecting Spoofed Emails,” in Proceedings of DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service, Piscataway, New Jersey, Apr. 2005. 16 pages.
Adida, B. et al., “Separable Identity-based Ring Signatures: Theoretical Foundations for Fighting Phishing Attacks,” in Proceedings of DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service, Piscataway, New Jersey, Feb. 28, 2005, 18 pages.
Chou, N. et al., “Client-Side Defense Against Web-Based Identity Theft,” in Proceedings of 11th Annual Network and Distributed System Security Symposium (NDSS '04), San Diego, Feb. 2004, 16 pages.
Delany, M., “Domain-Based Email Authentication Using Public-Keys Advertised in the DNS (DomainKeys),” Internet Draft available at: http://www.ietf.org/internet-drafts/draft-delany-domainkeys-base-03.txt, Sep. 29, 2005, last checked Feb. 24, 2006, 40 pages.
Florencio, D. and Herley, C., “Stopping a Phishing Attack, Even When the Victims Ignore Warnings,” Microsoft Research Technical Report, Oct. 2005. Available at: http://research.microsoft.com/research/pubs/view.aspx?type=Publication&id=1489, last accessed Feb. 24, 2006.
Gabber, E. et al., “How to Make Personalized Web Browsing Simple, Secure, and Anonymous,” Financial Cryptography, 1997, pp. 17-32.
Halderman, J.A. et al., “A Convenient Method for Securely Managing Passwords,” in Proceedings of the 14th International World Wide Web Conference (WWW 2005), Chiba, Japan, May 10-14, 2005, 9 pages.
Jakobsson, M. and Young, A., “Distributed Phishing Attacks,” in Proceedings of DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service, Piscataway, New Jersey, Apr. 2005, 10 pages.
Kelsey, J. et al., “Secure Applications of Low-Entropy Keys,” Lecture Notes in Computer Science, 1997, vol. 1396, pp. 121-134.
Oechslin, P., “Making a Faster Cryptanalytical Time-Memory Trade-Off,” in Proceedings of Advances in Cryptology—CRYPTO 2003, 23rd Annual International Cryptology Conference, Santa Barbara, California, Aug. 17-21, 2003, 15 pages.
Ross, B. et al., “A Browser Plug-In Solution to the Unique Password Problem,” in Proceedings of the 14th USENIX Security Symposium, Technical Report Stanford-SecLab-TR-2005-1, 2005, 15 pages.
Sahami, M. et al., “A Bayesian Approach to Filtering Junk Email,” in AAAI '98 Workshop on Learning for Text Categorization, Jul. 1998, 8 pages.
http://www.passport.com, links directly to: https://accountservices.passport.net/ppnetworkhome.srf?vv=330&lc=1033, last accessed Feb. 28, 2006.
http://www.spoofstick.com, last accessed Feb. 28, 2006.
Anti-Phishing Working Group, at http://www.antiphishing.org, last accessed Feb. 28, 2006.
“Bloom Filter” http://www.nist.gov/dads/HTML/bloomFilter.html last viewed, Jan. 27, 2006, 1 page.
“Earthlink Toolbar Featuring ScamBlocker for Windows Users” http://www/earthlink.net/software/free/toolbar/, last accessed Mar. 7, 2006, 2 pages.
Ross, et al. “Stronger Password Authentication Using Browser Extensions” (2005) Proceedings of the 14th Usenix Security Symposium 15 pages.
OA Dated Dec. 26, 2008 for U.S. Appl. No. 11/172,466, 35 pages.
OA Dated Dec. 23, 2008 for U.S. Appl. No. 11/318,378, 25 pages.
OA Dated Dec. 3, 2008 for U.S. Appl. No. 11/317,767, 13 pages.
OA Dated Dec. 29, 2008 for U.S. Appl. No. 11/319,377, 19 pages.
OA Dated Oct. 15, 2008 for U.S. Appl. No. 11/318,209, 14 pages.
Netcraft, “Netcraft Toolbar Help Pages FAQ,” 2004, available at: http://toolbar.netcraft.com/help/faq/index.html.
Boneh, et al., “Defending Against Online Identity Theft and Phishing,” presentation given at Proceedings: United States—Japan Critical Information Infrastructure Protection Workshop, Sep. 2004, available at: http://www2.gwu.edu/˜usjpciip/BonehD.pdf.
Boneh, et al., “Web Password Hashing,” 3 pages, last accessed Jun. 28, 2005, available at: http://crypto.stanford.edu/PwdHash.
International Search Report dated Oct. 24, 2007 for PCT Application Serial No. PCT/US2007/004044, 3 Pages.
“James F. Power, et al., A metrics suite for grammar-based software, Journal of Software Maintenance and Evolution: Research and Practice, 2004http://www.cs.nuim.ie/˜jpower/Research/Papers/2004/jsme04.pdf”.
Florencio Dinei A.
Herley Cormac E.
Lee & Hayes PLLC
Microsoft Corporation
Wyszynski Aubrey H
Zand Kambiz
LandOfFree
Attack resistant phishing detection does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Attack resistant phishing detection, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Attack resistant phishing detection will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2712986