-
公开(公告)号:US07870608B2
公开(公告)日:2011-01-11
申请号:US10996566
申请日:2004-11-23
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: G06F12/14
CPC分类号: H04L63/1466 , H04L51/12 , H04L63/1441 , H04L63/1483 , H04L63/1491 , H04M15/43 , H04M15/47 , H04M2215/0148 , H04M2215/22
摘要: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention can provide early warning of an online fraud, for instance by finding suspicious domains and/or monitoring those domains for activity. If a suspicious domain shows activity (for example, if a web site associated with the domain becomes active), one or more actions may be taken with respect to the domain.
摘要翻译: 本发明的各种实施例提供了用于处理在线欺诈的解决方案(包括系统,方法和软件)。 特别地,本发明的各种实施例可以提供在线欺诈的早期警告,例如通过发现可疑域和/或监视这些域用于活动。 如果可疑域显示活动(例如,如果与域相关联的网站变为活动状态),则可能会针对域执行一个或多个操作。
-
公开(公告)号:US07992204B2
公开(公告)日:2011-08-02
申请号:US10996567
申请日:2004-11-23
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: G06F11/00
CPC分类号: H04L63/1441 , H04L51/12 , H04L63/1483 , H04L63/1491
摘要: Solutions (including inter alia, systems, methods and software) for dealing with online fraud. Certain of these solutions provide enhanced responses to an identified instance of online fraud. Such enhanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, responses may be disguised (e.g., by transmitting the responses from a variety of computers, by transmitting responses that appear to originate from a computer different than the actual source of the responses, etc.). In some cases, a response strategy may be implemented that forces the server (and/or an operator thereof) to choose between accepting the responses and blocking potential responses from the targets of the fraudulent scheme.
摘要翻译: 处理在线欺诈的解决方案(包括系统,方法和软件)。 这些解决方案中的某些可以提供对所识别的在线欺诈实例的增强的响应。 这种增强的响应可以包括一种或多种各种策略,以消除服务器尝试过滤和/或以其他方式避免对其欺诈活动的响应。 仅作为示例,响应可以被伪装(例如,通过发送来自各种计算机的响应,通过发送来自不同于响应的实际源的计算机的响应等来传送来自各种计算机的响应)。 在某些情况下,可以执行响应策略,迫使服务器(和/或其操作者)在接受响应之间进行选择,并阻止来自欺诈方案的目标的潜在响应。
-
3.发明申请公开(公告)号:US20090064330A1
公开(公告)日:2009-03-05
申请号:US12263791
申请日:2008-11-03
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: G06F21/00
CPC分类号: H04L63/1425 , H04L12/1813 , H04L51/12 , H04L63/1441 , H04L63/1483 , H04L63/1491 , Y10S707/99945 , Y10S707/99948
摘要: Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections. Those skilled in the art will appreciate that the analysis of a particular component may comprise certain tests and/or evaluations, and that the analysis of another component may comprise different tests and/or evaluations. In other cases, the analysis of each component may comprise similar tests and/or evaluations. The variety of tests and/or evaluations generally will be implementation specific.
摘要翻译: 本发明的各种实施例提供用于分析数据的方法,系统和软件。 在具体实施例中,例如,可以分析关于网站的一组数据以确定网站是否可能是非法的(例如,涉及欺诈方案,例如网络钓鱼方案,出售灰色 市场商品等)。 在示例性实施例中,一组数据可以被划分为多个组件(在某些情况下,每个组件可以被认为是单独的数据集)。 仅作为示例,一组数据可以包括从多个数据源收集的数据,和/或每个组件可以包括从多个数据源之一收集的数据。 作为另一示例,一组数据可以包括具有多个部分的文档,并且每个部件可以包括多个部分之一。 本领域技术人员将理解,特定部件的分析可以包括某些测试和/或评估,并且另一部件的分析可以包括不同的测试和/或评估。 在其他情况下,每个组件的分析可以包括类似的测试和/或评估。 各种测试和/或评估通常将具体实施。
-
公开(公告)号:US20070299777A1
公开(公告)日:2007-12-27
申请号:US10996991
申请日:2004-11-23
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: H04L9/00
CPC分类号: G06Q10/107 , H04L51/12 , H04L63/1416 , H04L63/1441 , H04L63/1483 , H04L63/1491
摘要: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. Some embodiments function to access and/or obtain information from (and/or receive data from) a data source; the data might, for example, indicate a possible instance of online fraud. Certain embodiments, therefore, can be configured to analyze the data, e.g., to determine whether the data indicate a likely instance of online fraud. Such instances may be further investigated, and/or a response may be initiated. Data sources can include, without limitation, web pages, email messages, online chat sessions, domain zone files, newsgroups (and/or postings thereto), etc. Data obtained from the data sources can include, without limitation, suspect domain registrations, uniform resource locators, references to trademarks, advertisements, etc.
摘要翻译: 本发明的各种实施例提供了用于处理在线欺诈的解决方案(包括系统,方法和软件)。 一些实施例用于从数据源(和/或从数据源接收数据)访问和/或获取信息; 例如,数据可能指示可能的在线欺诈实例。 因此,某些实施例可被配置为分析数据,例如,以确定数据是否指示可能的在线欺诈实例。 可以进一步研究这种情况,和/或可以启动响应。 数据来源可以包括但不限于网页,电子邮件,在线聊天会话,域区域文件,新闻组(和/或其中的帖子)等。从数据源获得的数据可以包括但不限于可疑域注册,统一 资源定位器,商标,广告等的引用
-
公开(公告)号:US20070192853A1
公开(公告)日:2007-08-16
申请号:US10996993
申请日:2004-11-23
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: G06F12/14
CPC分类号: H04L51/12 , G06Q10/107 , H04L63/1441 , H04L63/1483 , H04L63/1491
摘要: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide advanced responses to an identified instance of online fraud. Such advanced responses can incorporate one or more of a variety of strategies for defeating an attempt by a server to filter and/or otherwise avoid responses to its fraudulent activity. Merely by way of example, in accordance with some embodiments, one or more HTTP responses to a server's request (such as an online form, etc.) may be submitted and/or transmitted for reception by the server. In some cases, each of the submitted responses may appear to comprise valid information responsive to the server's request. In other cases, one or more countermeasures may be implemented to defeat an attempt by a phisher (or any other operator of an illegitimate server) to filter responses.
摘要翻译: 本发明的各种实施例提供了用于处理在线欺诈的解决方案(包括系统,方法和软件)。 特别地,本发明的各种实施例对所识别的在线欺诈实例提供了高级响应。 这样的高级响应可以包括一种或多种各种策略,以消除服务器尝试过滤和/或以其他方式避免对其欺诈活动的响应。 仅作为示例,根据一些实施例,可以提交和/或发送对服务器的请求(诸如在线表单等)的一个或多个HTTP响应以供服务器接收。 在某些情况下,每个提交的响应可能似乎包含响应服务器请求的有效信息。 在其他情况下,可以实施一种或多种对策来消除钓鱼者(或非法服务器的任何其他操作者)尝试过滤响应。
-
6.发明授权公开(公告)号:US09026507B2
公开(公告)日:2015-05-05
申请号:US12263791
申请日:2008-11-03
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
CPC分类号: H04L63/1425 , H04L12/1813 , H04L51/12 , H04L63/1441 , H04L63/1483 , H04L63/1491 , Y10S707/99945 , Y10S707/99948
摘要: Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data sources. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections. Those skilled in the art will appreciate that the analysis of a particular component may comprise certain tests and/or evaluations, and that the analysis of another component may comprise different tests and/or evaluations. In other cases, the analysis of each component may comprise similar tests and/or evaluations. The variety of tests and/or evaluations generally will be implementation specific.
摘要翻译: 本发明的各种实施例提供用于分析数据的方法,系统和软件。 在具体实施例中,例如,可以分析关于网站的一组数据以确定网站是否可能是非法的(例如,涉及欺诈方案,例如网络钓鱼方案,出售灰色 市场商品等)。 在示例性实施例中,一组数据可以被划分为多个组件(在某些情况下,每个组件可以被认为是单独的数据集)。 仅作为示例,一组数据可以包括从多个数据源收集的数据,和/或每个组件可以包括从多个数据源之一收集的数据。 作为另一示例,一组数据可以包括具有多个部分的文档,并且每个部件可以包括多个部分之一。 本领域技术人员将理解,特定部件的分析可以包括某些测试和/或评估,并且另一部件的分析可以包括不同的测试和/或评估。 在其他情况下,每个组件的分析可以包括类似的测试和/或评估。 各种测试和/或评估通常将具体实施。
-
公开(公告)号:US07761583B2
公开(公告)日:2010-07-20
申请号:US12349042
申请日:2009-01-06
申请人: Mark Shull , Ihab Shraim , David Silver , Allen Enfant Chen , Elisa Cooper
发明人: Mark Shull , Ihab Shraim , David Silver , Allen Enfant Chen , Elisa Cooper
IPC分类号: G06F15/16
CPC分类号: H04L63/1441 , H04L29/12066 , H04L29/12594 , H04L61/1511 , H04L61/3015 , H04L63/1483 , H04L63/1491
摘要: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.
摘要翻译: 本发明的实施例提供用于验证域名所有权的系统和方法。 根据一个实施例,验证域名的所有权可以包括检索一个或多个域名所有权记录。 例如,一个或多个域名所有权记录包括谁是记录。 一个或多个域名记录的有效性可以用指定的域名管理员确认。 根据一个实施例,用指定的域管理器确认一个或多个域名记录的有效性可以包括基于由指定的域管理器提供的证书来认证指定的域管理者。
-
公开(公告)号:US20090119402A1
公开(公告)日:2009-05-07
申请号:US12349042
申请日:2009-01-06
申请人: Mark Shull , Ihab Shraim , David Silver , Allen Enfant Chen , Elisa Cooper
发明人: Mark Shull , Ihab Shraim , David Silver , Allen Enfant Chen , Elisa Cooper
IPC分类号: G06F15/173
CPC分类号: H04L63/1441 , H04L29/12066 , H04L29/12594 , H04L61/1511 , H04L61/3015 , H04L63/1483 , H04L63/1491
摘要: Embodiments of the invention provide systems and methods for validating ownership of a domain name. According to one embodiment, a validating ownership of a domain name can comprise retrieving one or more domain name ownership records. For example, the one or more domain name ownership records comprise Who Is records. Validity of the one or more domain name records can be confirmed with a designated domain manager. According to one embodiment, confirming validity of the one or more domain name records with the designated domain manager can comprise authenticating the designated domain manager based on a certificate provided by the designated domain manager.
摘要翻译: 本发明的实施例提供用于验证域名所有权的系统和方法。 根据一个实施例,验证域名的所有权可以包括检索一个或多个域名所有权记录。 例如,一个或多个域名所有权记录包括谁是记录。 一个或多个域名记录的有效性可以用指定的域名管理员确认。 根据一个实施例,用指定的域管理器确认一个或多个域名记录的有效性可以包括基于由指定的域管理器提供的证书来认证指定的域管理者。
-
公开(公告)号:US20070294352A1
公开(公告)日:2007-12-20
申请号:US10996568
申请日:2004-11-23
申请人: Ihab Shraim , Mark Shull
发明人: Ihab Shraim , Mark Shull
IPC分类号: G06F15/16
CPC分类号: H04L63/1491 , G06F15/16 , G06Q10/107 , H04L51/12 , H04L63/1441 , H04L63/1483
摘要: Various embodiments of the invention provide solutions (including inter alia, systems, methods and software) for dealing with online fraud. In particular, various embodiments of the invention provide ways to incite unsolicited email messages (such as spam messages, phish messages, etc.). In accordance with some embodiments, a bait email address may be planted in a particular location on the Internet. In particular embodiments, the location of the planted email address may be tracked in order to determine which locations are relatively more likely to generate unsolicited email messages. In other embodiments, domains likely to host the bait email addresses receiving unsolicited messages may be obtained. In some cases, unsolicited messages may be analyzed and/or otherwise processed to determine whether the messages are possibly associated with a fraudulent activity. Such analysis may lead to the investigation of one or more web sites and/or to the initiation of a response against a fraudulent activity.
摘要翻译: 本发明的各种实施例提供了用于处理在线欺诈的解决方案(包括系统,方法和软件)。 特别地,本发明的各种实施例提供了煽动未经请求的电子邮件消息(例如垃圾邮件,网络钓鱼消息等)的方法。 根据一些实施例,诱饵电子邮件地址可以种植在因特网上的特定位置。 在特定实施例中,可以跟踪种植的电子邮件地址的位置,以便确定哪些位置相对更可能产生未经请求的电子邮件消息。 在其他实施例中,可以获得可能托管接收未经请求的消息的诱饵电子邮件地址的域。 在某些情况下,可以分析和/或以其他方式处理未经请求的消息以确定消息是否可能与欺诈活动相关联。 这种分析可能导致对一个或多个网站的调查和/或针对欺诈活动启动响应。
-
公开(公告)号:US20060212925A1
公开(公告)日:2006-09-21
申请号:US11368329
申请日:2006-03-02
申请人: Mark Shull , William Bohlman , Ihab Shraim , Christopher Bura
发明人: Mark Shull , William Bohlman , Ihab Shraim , Christopher Bura
IPC分类号: H04L9/00
CPC分类号: H04L63/08 , G06F21/55 , G06F21/577 , H04L63/104 , H04L63/14 , H04L63/1408
摘要: Embodiments of the present invention provide methods, systems, and software for implementing trust policies. Such policies may be implemented in a variety of ways, including at one or more border devices, client computers, etc. In accordance with various embodiments, a communication between a client computer (and/or application) and an online entity may be monitored and/or otherwise detected. The online entity may be identified, and/or one or more trust scores associated with the online entity may be obtained. Based on the trust scores, as well, perhaps as the nature of the communication, an action (such as allowing the communication, blocking the communication, quarantining the communication, warning a user, administrator, etc.) may be taken. In some cases, a trust policy may be consulted to determine what action should be taken with respect to a given communication.
摘要翻译: 本发明的实施例提供了用于实施信任策略的方法,系统和软件。 这样的策略可以以各种方式实现,包括在一个或多个边界设备,客户端计算机等等。根据各种实施例,可以监视客户端计算机(和/或应用)与在线实体之间的通信,并且 /或以其他方式检测。 可以识别在线实体,和/或可以获得与在线实体相关联的一个或多个信任评分。 基于信任分数,也许作为通信的性质,可以采取行动(例如允许通信,阻止通信,隔离通信,警告用户,管理员等)。 在某些情况下,可以咨询信托政策,以确定对某一通信采取何种行动。
-
-
-
-
-
-
-
-
-
搜索结果
34 条记录 (耗时 0.034 秒)
