Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Mechanism to avoid internet phishing

IP.com Disclosure Number: IPCOM000181949D
Original Publication Date: 2009-Apr-20
Included in the Prior Art Database: 2009-Apr-20
Document File: 3 page(s) / 172K

Publishing Venue

IBM

Abstract

Disclosed is a method for avoiding Internet Phishing. According to the method, a read only area (Web Page Identity Area) for displaying the logo of the company who provides the web pages is created on a browser. Only browser itself could write this area, and then the current DNS (Domain Name Service) is extended and the following fields in addition to the host name and IP address mapping are added: (1) Company name who owns the host name. (2) Company logo who owns the host name. After the browser gets the HTTP response contents (for example, HTML), it will render the contents and display it on the browser. The browser will retrieve the host name from the URL input by the user, and then send a web server identity information query to the DNS. If the DNS contains the web page identity related information (identity, logo, and descriptions, and etc.), the DNS will return the information back to the browser. Then, the browser will display the information in the Web Page Identity Area. If the DNS does not have the web page identity related information, the DNS will return null back to the browser. Then, the browser will display the warning information in the Web Page Identity Area

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 3

Mechanism to avoid internet phishing

1. Background: Internet Phishing is a simple but very threatening attack to

e-commerce users. It steals the username and password, and if that's the critical username and password, for example your Internet bank account, then it can be disastrous. However, while Internet Phishing itself is a very simple concept, countering it is anything but simple. In fact, there's no single solution that can completely avoid Internet Phishing until now. Some solutions focus on client side, and the other solutions focus on server side. All of them have flaws, and only few of them addresses both server side and client side. We want to solve the internet phishing issues which usually happen in the internet world, especially on e-commerce. Current available solutions:
(1) Yahoo mail with personalized chop. https://login.yahoo.com/config/login?.intl=tw&.src=ym&.done=https://tw.login.yahoo.c om/cgi-bin/kcookie.cgi/mail/http%3a//edit.tpe.yahoo.com/config/mail%3f.intl=tw
(2) IE and Firefox could check if the web site is a reported phishing web site in a centralized server.
(3) Symentac uses 2 million decoy email accounts to collect phishing sites, and uses both human and computer filter mechanism to record phishing sites into DB, so it will block phishing sites if they are in the list.

Icon on the browser address/location bar

It is also controlled by the HTML content.

...

<link rel="shortcut icon" href="http://www.ibm.com

/images

/

ibmlogo.ico">

...
...

1

[This page contains 1 picture or other non-text object]

Page 2 of 3

...
2. Summary of Invention:

2.1. Browser will have a read only area for displaying the logo of the company who provides the web pages. Only browser itself could write this area.

Copyrights of IBM Corporation

Copyright International Business Machines and others, 1994, 2008. All rights reserved.

Web Page Identity Area (only browser could write this area.)

Detailed information will be shown when the curs...