| 摘要 |
A modification to commercial browsers is made that can enable them to detect a change in the server certificate of certain sensitive websites. Browsers are modified to remember certain fields in a certificate, the entire certificate, or hashes of certain fields or the entire certificate. When revisiting the website, if the website certificate changed, then the user or browser can be alerted to a change in the certificate with further action taken to determine the nature of the change and raise an alert if necessary. To accomplish this, for certain sensitive websites, browsers create a local database of websites with their corresponding server fields/certificates/hash. Later, upon a revisit to those websites, browsers will compare the certificate data received with the stored information. Alternatively to a local cash of server certificate information, the browser can send the data to compare to a trusted website to analyze. |
| 主权项 |
1. Apparatus comprising:
at least one computer memory that is not a transitory signal and that comprises instructions executable by at least one processor to: receive, at a user device, a web application command to navigate to a target web site; receive a first server certificate of the target web site; present a user interface (UI) on the user device prompting as to whether a representation of the server certificate should be recorded by the user device; responsive to first input from the UI indicating the representation of the certificate should be recorded by the user device, record, by the user device, the representation of the first certificate; responsive to second input from the UI indicating the representation of the certificate should not be recorded by the user device not record, by the user device, the representation of the first certificate; subsequent to receiving the first input, receive, at the user device, a web application command to navigate to the target web site; receive a second certificate of the target web site; compare a representation of the second certificate to the representation of the first certificate recorded by the user device; responsive to the representation of the first certificate matching the representation of the second certificate, indicate or complete normal navigation to the target web site; responsive to the representation of the first certificate not matching the representation of the second certificate, perform additional processing steps to determine the security nature of the change; and present an alert to the web application or UI on the user device depending on the security nature of the change. |
