News Column

Patent Application Titled "Using Metadata in Security Tokens to Prevent Coordinated Gaming in a Reputation System" Published Online

February 13, 2014



By a News Reporter-Staff News Editor at Computer Weekly News -- According to news reporting originating from Washington, D.C., by VerticalNews journalists, a patent application by the inventors Nachenberg, Carey (Northridge, CA); Ramzan, Zulfikar (Cupertino, CA), filed on September 25, 2013, was made available online on January 30, 2014.

The assignee for this patent application is Symantec Corporation.

Reporters obtained the following quote from the background information supplied by the inventors: "This invention relates generally to computer security and particularly to detecting attempts to manipulate a reputation system for detecting malicious objects.

"A wide variety of malicious software (malware) can attack modern computers. Malware threats include computer viruses, worms, Trojan horse programs, spyware, adware, crimeware, and phishing websites. Malicious entities sometimes attack servers that store sensitive or confidential data that can be used to the malicious entity's own advantage. Similarly, other computers, including home computers, must be constantly protected from malicious software that can be transmitted when a user communicates with others via electronic mail, when a user downloads new programs or program updates, and in many other situations. The different options and methods available to malicious entities for attack on a computer are numerous.

"Conventional techniques for detecting malware, such as signature string scanning, are becoming less effective. Modern malware is often targeted and delivered to only a relative handful of computers. For example, a Trojan horse program can be designed to target computers in a particular department of a particular enterprise. Such malware might never be encountered by security analysts, and thus the security software might never be configured with signatures for detecting such malware. Mass-distributed malware, in turn, can contain polymorphisms that make every instance of the malware unique. As a result, it is difficult to develop signature strings that reliably detect all instances of the malware.

"Newer techniques for detecting malware involve the use of reputation systems. A reputation system can determine the reputation of a file or other object encountered on a computer in order to assess the likelihood that the object is malware. One way to develop the reputation for an object is to collect reports from networked computers on which the object is found and base the reputation on information within the reports.

"However, because such a reputation system relies on reports from what are essentially unknown parties, it is susceptible to subversion by malicious actors. For example, an entity distributing malware could attempt to 'game' the reputation system by submitting false reports indicating that the malware is legitimate. Thus, there is a need for a reputation system that is able to withstand such attempts to subvert its operation."

In addition to obtaining background information on this patent application, VerticalNews editors also obtained the inventors' summary information for this patent application: "The above and other needs are met by a method and computer-readable storage medium for generating a security token for a client of a reputation system and a method of authenticating a client of a reputation system. In this way, a malicious actor that has stolen (or forged) a security token and is using the stolen token in multiple locations, for example, may be detected. An embodiment of the method comprises receiving a registration request from the client of the reputation system. The method further comprises observing metadata about the client and selecting observed metadata about the client for use in a security token. The selected metadata comprise metadata that can be correlated through independent observation of the client. In addition, the method comprises generating the security token, which is derived from the selected metadata, for the client. The method also comprises providing the security token to the client. The client is adapted to use the security token to authenticate the client.

"In one embodiment, a method for authenticating a client of a reputation system comprises conducting a transaction with a client in which a security token is received from the client. The method further comprises observing metadata about the client during the transaction and extracting metadata about the client from the security token. In addition, the method comprises correlating the observed metadata with the extracted metadata to determine a degree of correlation. The method applies a security policy determined responsive to the degree of correlation.

"Embodiments of the computer-readable medium store computer program instructions for generating a security token for a client of a reputation system, the instructions comprising instructions for receiving a registration request from the client of the reputation system. The instructions further comprise instructions for observing metadata about the client and selecting observed metadata about the client for use in a security token. The selected metadata comprise metadata that can be correlated through independent observation of the client. In addition, the instructions comprise instructions for generating the security token, which is derived from the selected metadata, for the client. The instructions also comprise instructions for providing the security token to the client. The client is adapted to use the security token to authenticate the client.

"The features and advantages described in this disclosure and in the following detailed description are not all-inclusive, and particularly, many additional features and advantages will be apparent to one of ordinary skill in the relevant art in view of the drawings, specification, and claims hereof. Moreover, it should be noted that the language used in the specification has been principally selected for readability and instructional purposes, and may not have been selected to delineate or circumscribe the inventive subject matter, resort to the claims being necessary to determine such inventive subject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

"FIG. 1 is a high-level block diagram of a computing environment according to one embodiment of the present invention.

"FIG. 2 is a high-level block diagram of a computer for acting as a security server and/or a client according to one embodiment.

"FIG. 3 is a high-level block diagram illustrating modules within the registration server according to one embodiment.

"FIG. 4 is a high-level block diagram illustrating a detailed view of modules within the security server according to one embodiment.

"FIG. 5 is a flowchart illustrating the operation of the registration server in generating security tokens for clients according to one embodiment.

"FIG. 6 is a flowchart illustrating the operation of the security server according to one embodiment.

"The figures depict various embodiments of the present invention for purposes of illustration only. One skilled in the art will readily recognize from the following discussion that alternative embodiments of the structures and methods illustrated herein may be employed without departing from the principles of the invention described herein."

For more information, see this patent application: Nachenberg, Carey; Ramzan, Zulfikar. Using Metadata in Security Tokens to Prevent Coordinated Gaming in a Reputation System. Filed September 25, 2013 and posted January 30, 2014. Patent URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&u=%2Fnetahtml%2FPTO%2Fsearch-adv.html&r=80&p=2&f=G&l=50&d=PG01&S1=20140123.PD.&OS=PD/20140123&RS=PD/20140123

Keywords for this news article include: Software, Symantec Corporation.

Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Computer Weekly News


Story Tools