CONSCIOUS QUALITATIVE EXPERIENCES OF THE USER

*****

DESCRIPTION

FIELD OF THE INVENTION

The present invention refers to a computer implemented method for the prevention from computer attacks in which it is utilized the falsification of the identity in some form, through qualitative countermeasures of conscious experiences, or rather through a conscious experience with a qualitative sensation different from another one.

Meaning, with these, the qualitative aspects of conscious experiences. Every conscious experience has a qualitative sensation different from another one. For example, the experience that we make while we're tasting an ice cream is qualitatively different from that one that we make while we're contemplating the "Gioconda" of Leonardo Da Vinci.

The qualitative experiences are extremely specific and essentially characterize the individual conscious experiences .

The philosopher Daniel Dennett has defined that qualitative experiences "the way things seem to us" and has traced four fundamental properties:

Ineffable, because they are relative only to the subject who's experiencing them, who can't tell others how he is seeing, tasting, smelling, etc.

Intrinsic, because they are atomic and simple elements, that are not reducible to anything else.

Private, because related to the subject who's experiencing them, therefore not comparable with those experienced from other subjects.

Understandable directly or immediately in the consciousness, or else, immediate experiences not relative to the part of unconscious.

Such that make possible that a sensory data series deriving from different peripheral channels, are then unified in a homogeneous and indivisible dimension (the subjective experience, exactly) .

BACKGROUND OF THE INVENTION

There are known various computer implemented methods of prevention from phishing attacks (or rather deceptive computer attacks through which the attacker tries to deceive the victim convincing him to provide personal information, access codes or tricking him to perform actions that could compromise personal data) , which provide, for example, verification measures on IP addresses of the server, on the domain name of the web- site, on the e-mail address, on the presence of secure connections, but that require the user's proactive attention, or, an action to perform by the user to complete the verification. The above mentioned methods are incapable to give back to the user the certainty of deception without the latter having to perform an action of verification, check or recognition, such that they can't be considered, in the current state of the technique, enough effective to recognize a phishing attack from a population of users with a normal culture and computer literacy.

There are known even other methods of protection that utilize hardware and software devices, characterized by a mechanism of user's authentication or by a set of techniques and methods of authentication, through the use of systems or devices different among them (for example OTP password- One Time Password-; SMS verification; etc.) .

However, even these last don't satisfy the aim of the present invention, remaining necessary an active and specific action from the user, with great expenditures of resources in means, infrastructures and materials, without anyway obtaining defensive results sufficiently suitable.

There are also known, lastly, some countermeasures which utilize an anti-phishing bar specific on the web- sites, checking the authenticity of every page downloaded from the site. Even these are ineffective against the new techniques of phishing that utilize the "keylogging" from deceptive e-mails, allowing the navigation on the original site, but capturing data at the time of their inclusion on the keyboard; even them are devoid a method able to alert the user of the phishing attempt from the very moment of the reception of deceptive e-mail, without the user having to verify or control the authenticity of the provenance or of the identity of the e-mail or of the web-site.

The latest report on phishing activities realized by the international organization "APWG" (Anti Phishing World Group) , which brings together a coalition of more than 2.000 institutions worldwide, including governmental organizations, has estimated in 2014 more than 255.000 new attacks every day, with a monthly growth of attacks by about 91%.

DISCLOSURE OF INVENTION

From a general point of view, the aim of the present invention is to offer to every user a cognitive qualitative experience and univocal for the web-site and the e-mail, such as to ensure an immediate difference between the deceptive web site or e-mail and the original one, without that the attacker can reply and/or deceive such mode of navigation on the web.

The limit, found until now, in the techniques and methods known so far, was the obligation, by the user, to utilize verification or authentication systems prior to proceed to any kind of operation on the web.

The aim of the present invention is that to eliminate the verification by the user, inserting univocal qualitative elements of the conscious experience such to distinguish the defection from the original .

The originality and the ingenuity of the proposal consists in having drawn a new process and computer implemented method that makes unique the pages of the original web-site and e-mails to users, with peculiar elements known only by the user and that don' t need a voluntary attention, but that respond to particular qualitative sensations of the conscious experience at least in four fundamental properties (above mentioned by the Philosopher Daniel Dennett) :

- Ineffable .

- Intrinsic .

- Pri vate . Understandable directly or immediately in the consciousness .

Such that make possible that a sensory data series deriving from different peripheral channels, are then unified in a homogeneous and indivisible dimension (the subjective experience, exactly) .

The innovativeness of the proposal materializes in the combination, completely original and ingenious, of the utilization of techniques and proceedings in part already known. The combination according to the present invention provides a new industrial result, economically convenient and currently not reached with the use of one or more elements and means taken separately .

The technical problem at the current state of art, which is the basis of the present invention, is to provide a computer implemented method that allows, in a generic system of e-mail transmission and in a generic system of web-sites publication, to give back to the user an univocal experience of reading and navigation on the web, based on a sensorial data series not replicable, such that can distinguish, by a "sensory perception", a deceptive computer attack of phishing from an original communication or web-site, reaching the above mentioned aims.

That problem is solved by a new computer implemented method that utilizes an elaboration for the prevention of phishing through qualitative countermeasures of conscious experiences, including the following processes:

1) PREREQUISITES: A) Establishment of a protected electronic database for the storage of user' s personal data, that can be remotely consulted by a generic user and by the service provider of electronic mail or web application (in abbreviation Repository) ;

B) Establishment of an electronical generator random, elaborated with volatile data, of a representative code of a sensorial visual perception, or tactile, acoustic, vestibular or kinesthetic (in abbreviation CSP - Coding of Sensory Perception) . For example the color code in hexadecimal for the visual perception; the ASCII code (American Standard Code for Information Interchange) of a Braille terminal for the tactile perception; a sound or a musical note for the acoustic perception; the measurement value of a movement, of a position and of an environment through accelerometer, gyroscope, magnetometer, light meter, barometer or geomagnetic for vestibular perception; the measurement motory value of a muscle through electrodes for the kinesthetic perception;

C ) A method of data elaboration through an algorithm including following functions:

• Step 1) - elaboration of CSP: transformation of the decimal mathematic value, representative of the sensorial code CSP, into a hexadecimal format, in order to obtain a fixed length string

• Step 2) - elaboration of the name of CSP, (in abbreviation NCSP) : choice by the user of a name or title of CSP and elimination from the text string' s name of all the spaces and all the character marks and assignation of the result to a volatile variable;

extraction of a fixed number of the first characters on the left of the text contained in that variable, and concatenation in string with the extraction of a fixed number of the last characters on the right of the text contained in the same variable and addition of as many padding bits until obtaining a fixed length string .

Step 3) - elaboration of a simple number to remember, (in abbreviation EN) : generation of a random integer, in decimal base, included between 1 and 9, excluding the zero, and assignation of the result to a volatile variable ;

randomic cyclic repetition of the step 3 until obtaining four values stored in the respective volatile variables and concatenation in string of the four values to obtain a random integer of four digits without ever including the number zero.

Step 4) - elaboration of the username, (in abbreviation UN) : concatenation in string of the name and surname of the user, or of his denomination, and elimination of the string thus obtained from all the spaces and character marks and assignation of the result to a volatile variable;

extraction of a fixed number of the first characters on the left of the text contained in that variable and concatenation in string with the extraction of a fixed number of the last characters on the right of the text contained in that same variable and addition of many padding bits until obtaining a fixed length string .

· Step 5) - aggregation of data, (in abbreviation

AD) : concatenation in string of the obtained results in the previous passages in the sequence of order of elaboration, i.e. CSP + NCSP + EN + UN, obtaining a univocal string code AD of fixed length, representative of the sensorial subjective experience referred to the single user.

USER ASSOCIATION:

A) User' s association, in the Repository, with so elaborated data AD;

B) Possibility for the user to modify, change and/or update the CSP (through a different coding of a new sensorial perception) , the relative name (even fantasious, chosen by the user) , and the relative easy number EN to remember .

) E-MAIL AND WEB INTEGRATION:

A) Integration of the dataset CSP, NCSP and EN connected together to the individual user (subjective experience), in each e-mail message or each web page of the sender of the e-mail or of the website owner, both in form of text string AD and in form of sensorial representation (for example: color's representation for the visual perception; the propagation of a sound or a voice for the acoustic perception; the rotation of the text or of images for the vestibular perception, etc . ) .

The main benefit of the new method, according to the present invention, resides in the allowing to every user a sensorial perception characteristic and univocal in every message of electronic mail or web page of navigation, such that as make highly improbable that the attacker of a deceptive message (phishing) may know and then, replicate, through the deception, the reproduction of the same sensorial information, different from user to user and anyway modifiable from time to time only by that one user.

It follows that all the systems of messaging, electronic mail and web pages that will utilize that new method, offer to the user an effective prevention against the phishing.

BEST MODE FOR CARRYING OUT THE INVENTION

Every time that the user utilizes a web application or receives an e-mail message, a colorful bar is generated by the present method, on the top of the web page or on the top of every e-mail message, of variable height, containing the name, the surname or the complete denomination of the user, the fantastic name chosen by the user for his sensorial perceptive experience and an easy number to remember. The color of that bar is the representation of the color chosen by the user among 65.536 possible different colors (color depth at 16 bit) .

The original web application or the electronic mail of third parties queries the present method which conserves the data and the sensorial codes for every single user to generate the anti-phishing colorful bar and destroys the volatile data used for the query, extraction and elaboration of that same data.

The method processes every request of third parties through the identification of the web domain or referenced electronic mail to verify the certain origin .

The result will be a new user experience in which every web page or e-mail message contain, on top of, user's personal anti-phishing colorful bar, so that user's visual perception gets used to the presence, colors and distinctive elements of that new anti- phishing element.

In case that a site or a deceptive e-mail reproduces a web application or a not original e-mail message, that new element (the anti-phishing bar) is not present, or else, if present is because the deceptive site tries to query that new method and is not recognized as original, a red anti-phishing bar is returned, with inside an alarm message in evidence.

The present invention, described ahead, according to its form of favorite realization, is provided by way of example and not limitative.

To the above described system and method, every person skilled in the art, in order to satisfy additional and contingent requirements, will may make numerous further changes and variants, all moreover included in the scope of protection of the present invention, that is defined by the claims attached.