Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-10-13
2004-03-30
Barrón, Gilberto (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000
Reexamination Certificate
active
06715083
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates generally to the Internet, and more specifically to Internet security. More particularly still, the present invention provides a method and system of alerting Internet Service Providers (ISPs) that a hacker may be using their system to attempt to gain unauthorized access to a server.
BACKGROUND OF THE INVENTION
The Internet seems to be christened by Wall Street as the business wave of the future. This is because users of the Internet have the ability to quickly and accurately complete business transactions at remote and dispersed locations and with practically no transactional costs. Furthermore, access to the Internet is cheap, with many Internet computers actually being given away for free when Internet access is purchased for as little as fifteen dollars each month. Accordingly, it is estimated that by the year 2000 over half the households in the United States will have access to the Internet.
Because of widespread access to the Internet, people are using the Internet to access services for information on topics ranging from animals to zoos. When coupled with the vast amounts of university information already on the Internet, it can be seen that the Internet is beginning to fulfill its early promise as an educational clearing house of information. To take advantage of this rapidly growing community, many businesses, educational institutions, as well as national, state, and local governments, have connected to the Internet. Unfortunately, the ease with which users can gain access to the Internet also provides unscrupulous users easy access to information that another user does not desire to make publicly available when that information is maintained on a server that is connected to the Internet.
Access to the Internet is achieved through a computing platform, typically a server or a computer, that has a connection to an Internet Service Provider (ISP). Sometimes, a user may connect directly to the Internet through a modem or direct line (such as cable or ISDN) to the ISP. In a Local Area Network, a centralized computer, known as a server, is connected between one or more computers and the Internet. Accordingly, each computer in the LAN can access the Internet through the server.
A hacker is a person who accesses the Internet and seeks to infiltrate a target computer that is also on the Internet (hackers are notorious for reaching the Internet through a server at a university). The target may be a government computer, an educational institution computer or a business computer, for example.
Hackers have many motivations. Sometimes, a hacker may be interested in infiltrating a government computer to alter tax records or manipulate records of criminal convictions. A hacker may be interested in accessing an educational institution's databases to falsify grades or to fraudulently record credits. Other hackers may infiltrate a business in order to manipulate business orders or to transfer money from one account to another account. The dire consequences of hacking have created an entire industry aimed at preventing hacker infiltration into computers and LANs, and the manipulation of data by hackers on individual computers.
Systems designed to stop hackers typically operate as firewalls or as host based security systems. Firewalls are software programs designed to prevent unauthorized access into a target server or computer connected to the Internet. A firewall typically restricts remote access to the central server by requiring a password to be entered by those desiring remote access before access to the central server will be allowed. If an incorrect password is used too many times, the firewall program will automatically forbid that user from attempting another log-in. In addition, firewalls may also incorporate authentication or encryption technologies to provide for secure Internet transactions.
Host based security systems seek to protect the information stored in a specific target server or a computer connected to the target server (targeted computer). Thus, if a hacker successfully gets through a firewall security system and is able to log on to the central server, he may still face a host based security system. A host based security system will typically require a user to enter a password before allowing that user to have access to a specific program run on that computer or server. If an incorrect password is used too many times the host based security system may forbid that user from attempting another log-in or the host based security system may direct the firewall software to completely forbid access to that local area network connected through the central server.
Unfortunately, hackers may attempt multiple logins disguised as different users. For example, a hacker targeting a server may attempt multiple log-ins under one user ID, and then be rejected by the firewall software and forbidden from using that user ID for any further log-in attempts. However, the hacker then needs only to utilize a different user ID to try to gain access to the server again. Thus, a persistent and technologically sophisticated hacker can often gain access through a firewall. Once access is gained to the server, the hacker may attempt to gain access to a particular program where he may encounter a hostbased security system. Then, in a similar manner, he may attempt to use multiple user IDs to access that specific software and continue his misdeeds until his hacking urges are satisfied.
Therefore, there exists a need for a method and system of spotting hackers that may be using multiple account names or other techniques to gain access to a target, that that can identify the hacker. It would be advantageous for the method to operate in real time. The present invention provides such a method and system.
SUMMARY OF THE INVENTION
The present invention achieves technical advantages as a real time method and a system for detecting and reporting potential hacking on a Local Area Network (LAN) or the Internet (collectively “network”). The method generally detects a hacking event at a targeted system, and then sends an indication of the hacking event along the packet pathway towards the potential hacker's access point to the network. The method notifies the server targeted by the potential hacker, as well as other servers located in the network, of the hacking event and “fingerprints” packets originating from the potential hacker. The system generally comprises modules that may be implemented as software. One module detects hacking attempts by a potential hacker and sends reports about the hacking attempts to a second module which collects the reports and takes actions based on the reports. The disclosed invention identifies and thwarts potential hackers in real time, and generates an additional layer of protection in addition to firewalls and host-based security systems, thus making the Internet a more secure place to conduct information exchange.
In one embodiment, the invention is a method of alerting an Internet Service Provider (ISP) or an Internet Connected Server (ICC), that a potential hacker may be using it to attempt to gain unauthorized access to a targeted server. The method includes the steps of detecting a hacking event at the targeted server (target), and reporting the hacking event to a server located outside the target (which could be an ISP functioning as an access point for the potential hacker, or an ICC located in a packet pathway). In addition, the method reports potential hacker information to the target, and tags each packet originating from the potential hacker or an ISP or ICC associated with the hacker (which records the route the packet takes through the Internet). By tagging the packets, every ISP and every ICC that is identified by the tag as being in the packet pathway may be notified of the potential hacker and receive reports of the hacking events. Other sources may be notified of the potential hacker, such as local, state or federal authorities.
Furthermore, packets originating from the potential hacker may
Barrón Gilberto
Ericsson Inc.
Gurshman Grigory
LandOfFree
Method and system of alerting internet service providers... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system of alerting internet service providers..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system of alerting internet service providers... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3256250