公开(公告)号：US11329936B1

公开(公告)日：2022-05-10

申请号：US16852015

申请日：2020-04-17

Applicant: Trend Micro Inc.

Inventor： Jing Cao ,  Quan Yuan ,  Bo Liu

IPC: H04L51/10 ,  H04L51/234 ,  H04L9/40 ,  H04L29/06

Abstract: The system executes online on corporate premises or in a cloud service, or offline. An e-mail message is received at a server within a corporate network or cloud service. A header of the e-mail message is parsed to determine locations of server computers through which the e-mail message has traveled. Geographic locations are placed into a routing map. A banner is inserted into the e-mail message that includes the routing map or a link to the routing map. The routing map is stored by the e-mail gateway server at a storage location identified by the link. The modified e-mail message is delivered or downloaded from the e-mail server to a user computer in real time. The sender Web site is parsed to identify sender domain information to be inserted into the banner. If offline, a product fetches and modifies the e-mail message using an API of the e-mail server.

公开(公告)号：US11558375B1

公开(公告)日：2023-01-17

申请号：US16716156

申请日：2019-12-16

Applicant: Trend Micro Inc.

Inventor： Jing Cao ,  Quan Yuan ,  Bo Liu

IPC: H04L9/40 ,  G06F21/31 ,  H04L67/306 ,  G06F3/04886 ,  H04L9/32 ,  G06K7/14 ,  G06F21/42 ,  G06F21/34

Abstract: A virtual keyboard rendered on a separate computing device is independent of the user's computer. A virtual keyboard displayed on the user's computer screen is blank without any alphanumeric characters. Another virtual keyboard displayed on the user's independent computing device has a randomly generated layout of alphanumeric characters on a keypad. The user enters a password by pressing the blank keys of the blank keyboard on his computer screen with reference to the other virtual keyboard. The position sequence of these entered keys is sent to an application on a remote server computer. The remote server computer shares a virtual keyboard having the randomly generated layout of characters with the independent computing device via an online or off-line technique. When online, an encoded image of the encrypted layout is sent to the client computer and displayed for scanning by the device. When off-line, both the application and the device generate the same random key sequence by using the same pseudo random number generator and the same seed value.

公开(公告)号：US11323476B1

公开(公告)日：2022-05-03

申请号：US16692680

申请日：2019-11-22

Applicant: Trend Micro Inc.

Inventor： Jing Cao ,  Quan Yuan ,  Bo Liu

IPC: G06F15/16 ,  H04L29/06 ,  G06F16/954 ,  G06F11/32

Abstract: A system is implemented in browser plug-in software or in endpoint agent software on a user computer. The user accesses a Web site and fills in a login request form and submits it to the Web site. The system triggers a “forgot password” feature and detects a phishing Web site by determining that it does not send a reset link to a valid user e-mail address, or, the system detects a phishing Web site by determining that it does send a reset link to an invalid e-mail address. Or, the system detects a phishing Web site by determining that it sends a reset link to a user e-mail address from a domain different from the domain of a login request form. Or, the system fills in an incorrect account name or password in a login request form and detects a phishing Web site by determining that the Web site does not indicate that the incorrect user name or incorrect password are incorrect. Or, the system submits incorrect credentials and detects a phishing Web site by determining that the Web site does not implement any way to reset the account name or password.

公开(公告)号：US11516249B1

公开(公告)日：2022-11-29

申请号：US17234676

申请日：2021-04-19

Applicant: TREND MICRO INC.

Inventor： Jing Cao ,  Quan Yuan ,  Bo Liu

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/02 ,  H04L51/08

Abstract: An attachment to an e-mail message received at an e-mail gateway is scanned by a scan server and then is converted into an HTML file. The HTML file includes preview data of the attachment (minus any macro scripts), the entire original data of the attachment, scan functionality enabling a user to send the attachment back to a scan server for a second scan, or extract functionality enabling a user to extract the original attachment data for saving or opening in an application. The recipient is able to open or save the attachment directly if he or she believes it comes from a trusted sender. If the attachment seems suspicious, the recipient previews the attachment first before performing a scan, opening the attachment or deleting it. The recipient performs a scan of the attachment by clicking a “scan” button to send the attachment to a backend server for a second scan where an updated virus pattern file may be available to detect any zero-day malware.