Deceiving attackers accessing network data
US11695800B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 15, 2020 |
| Grant date | Jul 4, 2023 |
| Priority date | — |
| Expiry date | Nov 22, 2040 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L61/4523
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Endpoints in a network execute a sensor module that intercepts commands. The sensor module compares a source of commands to a sanctioned list of applications received from a management server. If the source does not match a sanctioned application the command is ignored and a simulated acknowledgment is sent or, deception data is returned instead. In some embodiments, certain data is protected such that commands will be ignored or modified to refer to deception data where the source is not a sanctioned application. The source may be verified to be a sanctioned application by evaluating a certificate, hash, or path of the source. Responses from an active directory server may be intercepted and modified to reference a decoy server when not addressed to a sanctioned application. Requests to view network resources may be responded to with references to a decoy server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.