U.S. patent application number 14/853792 was filed with the patent office on 2016-01-07 for anti-phishing filter.
The applicant listed for this patent is Gary Stephen SHUSTER. Invention is credited to Gary Stephen SHUSTER.
Application Number | 20160006761 14/853792 |
Document ID | / |
Family ID | 39940531 |
Filed Date | 2016-01-07 |
United States Patent
Application |
20160006761 |
Kind Code |
A1 |
SHUSTER; Gary Stephen |
January 7, 2016 |
ANTI-PHISHING FILTER
Abstract
A method operates to detect personal identifying or account
information exchanged in a real-time electronic communication
occurring between computer network users, such as electronic chat.
A detected personal identifier may be recognized as an attempt on
the part of one user to engage in a phishing attack upon another
user or to otherwise steal the other user's sensitive personal
information. Upon recognizing the communication as an unwarranted
attempt to collect such information, the electronic communication
may be monitored, and communication of the personal information may
be prevented.
Inventors: |
SHUSTER; Gary Stephen;
(Fresno, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
SHUSTER; Gary Stephen |
Fresno |
CA |
US |
|
|
Family ID: |
39940531 |
Appl. No.: |
14/853792 |
Filed: |
September 14, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
11744362 |
May 4, 2007 |
9137257 |
|
|
14853792 |
|
|
|
|
Current U.S.
Class: |
726/23 |
Current CPC
Class: |
H04L 51/046 20130101;
H04L 51/12 20130101; H04L 63/1483 20130101; G06F 21/6245 20130101;
H04L 51/04 20130101; H04L 63/101 20130101; H04L 63/1425 20130101;
H04L 63/1408 20130101; G06F 40/205 20200101 |
International
Class: |
H04L 29/06 20060101
H04L029/06; G06F 17/27 20060101 G06F017/27; H04L 12/58 20060101
H04L012/58 |
Claims
1. A method, comprising: parsing, by a computer server operating a
pattern-recognition algorithm, text chat data exchanged between a
first user and a second user during an electronic chat room data
exchange session hosted by the computer server, detecting, by the
computer server operating a pattern-recognition algorithm, a
defined type of personal identification comprising at least one of
a government-assigned identity number or an account number in text
data received from the first user, wherein the detecting does not
require recognition of any defined keyword or phrase in the chat
data; altering, by the computer server, a user interface associated
with the text chat data, in response to detecting the defined type
of personal identification number, prior to providing the personal
identification number to the second user, wherein the altering
comprises including an announcement indicating at least one of that
the first user opted not to provide the personal identification
number, that the chat room data exchange session is being monitored
for phishing activity, or that the users' registration information
is being logged.
Description
CROSS-REFERENCE TO RELATED APPLICATION
[0001] This application claims priority to and is a continuation of
U.S. patent application Ser. No. 11/744,362, filed May 4, 2007
(U.S. Pat. No. 9,137,257, to be issued Sep. 15, 2015), which is
hereby incorporated by reference in its entirety.
FIELD OF INVENTION
[0002] The present invention relates to a systems and methods for
electronic communications via computer networks, and more
particularly to filtering of such communications.
DESCRIPTION OF THE BACKGROUND
[0003] "Phishing" is a form of identity theft and internet scam in
which attackers try to trick internet users into divulging
sensitive personal information. Phishing attacks are often
accomplished by sending e-mails to users which purport to be from a
legitimate business and requesting the user to provide personal
data. Also, phishers may employ websites which impersonate a
legitimate business's website. Again, the purpose of such a website
is to induce a user to provide his sensitive, personal information.
Once armed with the user's identifying information, phishers use
the information to engage in fraudulent transactions utilizing the
users' identity.
[0004] Numerous methods have been implemented to prevent such
attacks including e-mail spam filters, spyware and virus detection
software, and digitally signed e-mail communications. These methods
and applications have been moderately effective in preventing
phishing attacks as they occur through e-mail communications.
[0005] Phishing attacks may also take place, with increasing
regularity, within internet chat systems or "chat rooms." A chat
system provides a means for computer users to anonymously meet and
communicate about a particular subject of interest by immediately
transmitting and sharing text and other data with each other
through the chat system's computer network. Specifically, a chat
system has a server, which is a host computer, and a plurality of
terminal computers connected to the host. A message received by the
host from a terminal user is immediately transmitted to another
terminal user so that a chat is realized between the two users. In
the chat system, the content of a user's communication is displayed
on each user's terminal computer along with the name of the user
who made the communication.
[0006] As with other phishing attacks described above, phishing
attacks within chat rooms occur when one terminal user involved in
the chat session tricks another terminal user to provide his
confidential information. The thief then uses this confidential
information to engage in fraudulent transactions. Users in a chat
room may be vulnerable to phishing attacks because: chat room users
are anonymous; a chat room conversation usually acquires an
intimate nature wherein users relax their vigilance; and the chat
room conversation occurs in real time, which may prevent some users
from adequately reflecting upon a request for personal
information.
[0007] What is required therefore, is a system and method that can
protect a chat room user while the user is engaging in electronic
chat, especially in unsecured forums that are provided primarily
for casual communications as a leisure activity.
SUMMARY OF THE INVENTION
[0008] The invention provides a system and method whereby a
communication within a chat system is monitored to recognize the
input, by a chat room user, of certain keywords and/or patterns of
data which typify personal, sensitive information. When the keyword
or pattern is identified, the data exchanged in the chat is logged
and the keyword or pattern is replaced with random data so that the
user that requested the data and other users engaged in the chat
receive and view only the random data and not the personal
information requested.
[0009] In an embodiment of the invention, there is provided a chat
room data exchange search and display method, comprising:
determining keywords, phrases and data patterns for instructing a
filter center to monitor the chat room data exchange; searching for
the keyword, phrase or data patterns in a chat room message
transmitted from a first terminal engaged in the chat room data
exchange; recording all data transmitted from a first terminal for
the remaining time the first terminal remains logged on to the chat
room session when the keyword or phrase is detected; instructing
the filter center to monitor responses from a second terminal
displaying the transmitted data when the keyword, phrase or data
pattern is detected; instructing the filter center to alter any
data fitting the proscribed data pattern which is transmitted from
the second terminal in response to the data transmitted from the
first terminal when the keyword or phrase is detected; and
displaying the altered data on the first terminal.
[0010] Therefore, when a user uses a pre-determined keyword or
phrase, for example "birthdate" or "social security number,"
evidencing a request for personal identifying information, during a
chat room session, the filter center may begin recording the chat
room conversation and logging the users chat room registration
data. Thereafter, the filter center may monitor any response to the
user's request and alter any response that fits a corresponding
data pattern (e.g., the data pattern associated with a social
security number or birthdate) so as to display that altered
response on the user's terminal.
[0011] In another embodiment of the invention, there is provided a
chat room data exchange display method which comprises the steps of
determining a data pattern for instructing a filter center to
monitor a chat room data exchange; searching the data exchanged in
a chat room session for the data pattern; altering the data
comprising the data pattern; and displaying the altered data
pattern on the terminals connected to the chat room session.
[0012] In this embodiment, any pre-determined data pattern, for
example, the data pattern evidencing an individual's social
security number i.e., n/n/n-n/n-n/n/n/n, can be searched for in
real time during a chat room session. When detected, the data
pattern may be randomly altered or scrambled and displayed to the
other chat room terminals as different data. For example, the
social security number entered by a user at one terminal as
111-22-3333 may be altered and displayed on the other terminals as,
for example, 444-55-6666.
[0013] In another embodiment of the invention, there is provided a
chat room data exchange display method which comprises the steps
of; determining a data pattern for instructing a filter center to
monitor the chat room data exchange; searching for the data pattern
in a chat room message transmitted from a first terminal engaged in
the chat room data exchange; instructing the filter center to block
the chat room message transmitted from the first terminal; and to
display on the first terminal a warning to the first terminal user
that the exchange of such data may lead to theft of possible
personal identifying information; and providing the first user with
the option to transmit the data to the other users engaged in the
chat session or to not send the data.
[0014] Therefore, when a user enters the predetermined data pattern
evidencing personal identifying information, during a chat room
session, the filter center may prevent the user's chat room data
from being immediately transmitted to the other users engaged in
the chat room session, and instead provides the user with a warning
about disclosing personal identifying information. The user can
thereafter heed the warning and refuse to provide the information,
seek additional information regarding the other users' identity and
purposes; or if the user determines that the information is
innocuous, he or she can ignore the warning and continue with the
chat room data exchange.
[0015] A more complete understanding of the invention will be
afforded to those skilled in the art, as well as a realization of
additional advantages and objects thereof by a consideration of the
following detailed description of its embodiments. Reference will
be made to the appended sheets of drawings which will first be
described briefly.
BRIEF DESCRIPTION OF THE DRAWINGS
[0016] FIG. 1 is a block diagram showing a chat room network
according to the invention.
[0017] FIG. 2 is a block diagram showing a chat server according to
the invention.
[0018] FIG. 3 is a block diagram showing aspects of a Filter Center
system according to the invention.
[0019] FIG. 4 is a flow diagram showing exemplary steps of a method
of the invention according to a preferred embodiment of the
invention.
[0020] FIG. 5 is an exemplary diagram showing an example of a chat
terminal monitor screen.
[0021] FIG. 6 is an exemplary diagram showing another example of a
chat terminal monitor screen.
[0022] FIG. 7 is a block diagram showing exemplary steps of a
method of the invention according to a second embodiment of the
invention.
[0023] FIG. 8 is a block diagram showing exemplary steps of a
method of the invention according to a third embodiment of the
invention.
DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION
[0024] The disclosed solution to prevent and curtail phishing
attacks and other attempts at identity theft in electronic chat
room data exchanges is a system and method for monitoring chat room
conversations and searching data exchanged for key words, phrases
and/or patterns which evidence such attempts and preventing a chat
room user from providing his or her personal identifying
information. In the detailed description that follows, like element
numerals are used to indicate like elements appearing in one or
more of the figures.
[0025] FIG. 1 is a block diagram showing a chat room system 20
according to an embodiment of the present invention. System 20 may
comprise a chat server 21, which is a computer, is connected to a
network 22. Network 22 may comprise a wide area network, for
example, the Internet. Terminals 23, 24, and 25, may comprise any
user-operated communication device configured for connecting to
network 22, for example, a personal or portable computer, mobile
telephone or other handheld device, or dumb terminal. Although
three terminals are illustrated, the number of terminals in a chat
session may range from two to any number greater than two up to the
processing limits of the chat room server. The terminals 23, 24,
and 25 may be connected, through the network 22, to the chat server
21.
[0026] FIG. 2 is a block diagram showing exemplary details of chat
server 21. The chat server may comprise a CPU 11 connected to a
Filter Center 12 and a terminal 13. The Filter Center, described in
more detail below, may comprise software or hardware configured for
monitoring the chat room data exchange and searching the chat room
data exchange for key words, phrases and/or data patterns. The
terminal 13 may be used by an administrator to monitor and manage
activity of the chat server and Filter Center.
[0027] FIG. 3 is a block diagram showing exemplary details of
Filter Center 12. The Filter Center may comprise a Monitor Tool
101, User Registration Information Storage Tool 102, an Analysis
Tool 100 and an Encryption Tool 103. When a user logs onto the chat
room session, information about that user i.e., user name and other
identifying information may be logged and stored by means of the
Filter Centers Registration Information Storage Tool 102. The
Analysis Tool 102 provides a means to search each chat entry
received by the Chat Server 21 for keywords or phrases and other
predetermined data patterns which may evidence personal identifying
information vulnerable to identity thieves. If a keyword, phrase or
data pattern is detected, the Monitor Tool 101 may initiate a
recording or monitoring of the chat entries and the users' activity
within in the chat room session in conjunction with the
Registration Information Storage Tool 102. Thereafter, any chat
entry that fits a predetermined data pattern, sent in response to a
chat entry containing a keyword or phrase, may be routed to the
Encryption Tool 103, which may randomly alter the chat entry. The
chat entry may then be displayed on the other chat room users'
terminals while the user who entered the data pattern may see his
or her unaltered entry.
[0028] FIG. 4 is a flow chart showing exemplary steps of a process
400 carried out by the Filter Center during the chat room session.
A chat entry may be received by the Chat Server and routed to the
Filter Center which receives the chat entry at S401. The contents
of the chat entry may be parsed or searched by the Analysis Tool
for a keyword or phrase at S402. If the keyword is detected as
indicated at S403, a Monitor Tool may be initiated whereby the chat
conversation is logged and recorded at S404. Also, the Monitor Tool
may identify and log user registration information of the user
whose chat entry contained the keyword or phrase, at S404.
Thereafter, at S405, the Monitor Tool may identify the user, and
any response by that user, to whom the chat entry which contained
the keyword or phrase was directed. If the Monitor Tool recognizes
the users' response as containing a pattern of data evidencing
personal identifying information, the response may routed through
the Encryption Tool 103 at S406. The Monitor Tool 101 may then
monitor and log the users' registration information S407. The
Encryption Tool may substitute the responding data with random data
which is then displayed on the terminal 23, 24 and 25 of the other
users involved in the chat session, at S408. If no data pattern
designated for filtering is recognized, the original chat entry may
displayed on the users' terminal at S409.
[0029] FIG. 5 and FIG. 6 are explanatory diagrams showing exemplary
screenshots 500, 600 as may be displayed at two users' terminals
according to an embodiment of the invention. Both displays 500, 600
show an exchange of text data in a "chat format," meaning the
exchange of text data is presented in a unified display presenting
each participating user's contribution to the chat session, and the
identity of the user contributing each item of textual data.
[0030] As shown in FIG. 5, user "Naive's" terminal monitor may
include a display 500 providing Naive with a visual record of the
data exchanged, in real time, between Naive and another user
"Phisher." According to the example, Phisher has asked Naive for
his social security number. The phrase "social security number" is
a key phrase recognized by the Filter Centers Monitor Tool. As a
result, the Filter Center may begin to monitor the chat room data
exchange. In addition, when Naive inputs his social security
number, his terminal display may show the social security number he
entered, in this example, 111-22-3333. However, as shown in FIG. 6,
Phisher's terminal may display a different social security number,
in this example, 222-44-5555, reflecting the altering of Naive's
entry by the Encryption Tool which was activated by the key word,
phrase, or designated data pattern.
[0031] The Filter Center may also consider variations of key words,
for example, "SSN", "DOB", "Acct. No." or deliberate misspellings
designed to evade the filtering process such as "what is your
s03ial 3ecurity numb3r." Fuzzy logic, learning algorithms, manual
updating, or any combination of the foregoing may be employed to
keep abreast of and block communication patterns used by phishers
to elicit personal information from identity theft victims.
[0032] In addition, or in the alternative, data patterns, for
example social security numbers, dates, street addresses, phone
numbers, bank account numbers, URL's, or any other type of data
deemed to present an unacceptably high risk of identity theft, may
be recognized by the Filter Center without the Filter Center having
to search for and recognize a corresponding keyword or phrase. For
example, the Filter Center may recognize the data pattern
associated with a social security number, and automatically alter
the display of the social security number on other users' terminals
as shown in FIG. 6. As set forth above, other data patterns
recognized by the Filter Center 12 may include, for example,
birthdates, phone numbers, account numbers and alphanumeric
passwords. In this embodiment, if a user attempts to evade the
filter by using variations of key words that are outside the Filter
Centers search parameters, or by not using keywords at all, the
Filter Center may recognize the data pattern of any input that may
constitute identifying information and alter the input so that a
different entry would be displayed on the users' terminals. Since
personal identifying information of the type sought by identity
thieves fits only a limited number of patterns, the Filter Center
12 will be able to readily search for and recognize these patterns
and prevent their disclosure.
[0033] FIG. 7 show exemplary steps of a method 700 according to
this second embodiment of the invention. Filter Center may receive
a chat entry, at S701, from the Chat Server. The chat entry may be
parsed or searched for predetermined data patterns at S702, using
one or more pattern-recognition algorithms. If a data pattern is
recognized, the Monitor Tool may initiate monitoring and logging of
the chat room session and its participants at S703. Thereafter, the
Analysis Tool may alter the chat entry by replacing the characters
of the suspect chat entry and replacing them with random or
pre-selected characters, at S704. The Chat Server may then display
the altered chat entry on receiving user's terminals, as shown in
FIG. 6, at step S705.
[0034] In the alternative, or in addition, a chat entry may be
received by the Filter Center and analyzed to detect a
predetermined data pattern. If a data pattern is detected, a
warning may be displayed on the chat entry senders terminal 23, 24,
or 25. The warning may advise the chat entry sender that the chat
entry the sender is about to send may possibly be disclosing
personal identifying information and that, as a result, he or she
may be subject to identity theft. The warning then provides the
chat entry sender the option of sending the chat entry to the other
users' terminals in the chat room session. If the chat entry sender
opts to send the chat entry despite the warning, the chat entry may
be displayed on the other users' terminals 23, 24 or 25. If the
user opts not to send the chat entry, then the Filter Center may
monitor the chat conversation and log the users' registration
information. Thereafter, an announcement may be displayed on the
users' terminals, which announcement may indicate that the chat
entry sender opted not to provide the data that fit the
predetermined data pattern, that the chat room session is being
monitored for phishing activity, that the users' registration
information is being logged, or any combination of the
foregoing.
[0035] FIG. 8 is a flow chart showing exemplary steps of a method
800 according to the foregoing. The Filter Center may receive a
chat entry from the Chat Server as shown at S801. The Filter Center
may analyze the chat entry for a predetermined data pattern at
S802. If a data pattern is detected, a warning may be displayed on
the chat entry senders terminal S803 and S804. The warning may
advise the chat entry sender that the chat entry he or she is about
to send may be disclosing personal identifying information and
that, as a result, he or she may be subject to identity theft. The
warning may then provide the chat entry sender the option of
sending the chat entry to the other users' terminals in the chat
room session S805. If the chat entry sender opts to send the chat
entry despite the warning, the chat entry may be displayed on the
other users' terminals S808. If the user opts not to send the chat
entry, then the Filter Center may monitor the chat conversation and
log the users' registration information S806. Thereafter, an
announcement may be displayed on the users' terminals indicating
the chat entry sender opted not to provide the data that fit the
predetermined data pattern, that the chat room session was being
monitored for phishing activity and that the users' registration
information was being logged, at S807.
[0036] Having thus described embodiments of a system and method for
monitoring chat room data exchanges and preventing phishing attacks
occurring within chat room data exchanges, it should be apparent to
those skilled in the art that certain advantages of the within
system have been achieved. It should also be appreciated that
various modifications, adaptations, and alternative embodiments
thereof may be made within the scope and spirit of the present
invention.
* * * * *