Separating control of network sites

US 10,013,691 B1
Filed: 01/27/2014
Issued: 07/03/2018
Est. Priority Date: 11/10/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, via a proxy server application executed by a first computing device, a request for network content from a second computing device, the network content being hosted by an organization on behalf of a customer;

determining, via the proxy server application executed by the first computing device, whether the network content corresponds to a secured portion of a network site based at least in part on a proxy configuration entry designating a predefined uniform resource locator (URL) pattern that corresponds to the secured portion;

receiving, via the proxy server application executed by the first computing device, the network content, wherein the network content is received across a firewall from an application on a trusted network that is subject to security supervision by the organization when the network content is determined to correspond to the secured portion of the network site, and wherein the network content is received from a network content server application managed by the customer not behind the firewall on an untrusted network that is not subject to security supervision by the organization when the network content is determined to correspond to an unsecured portion of the network site; and

sending, via the proxy server application executed by the first computing device, the network content to the second computing device, the first computing device being within the untrusted network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for separating control of network sites through the use of a proxy server application. A request for network content is received from a computing device. The network content is hosted by an organization on behalf of a customer. The network content is requested from one application on a trusted network that is subject to security supervision by the organization when the network content is determined to correspond to a secured portion of a network site. The network content is instead requested from another application managed by the customer on an untrusted network that is not subject to security supervision by the organization when the network content is determined to correspond to an unsecured portion of the network site. The network content is then sent to the computing device.

Citations

20 Claims

1. A method, comprising:
- receiving, via a proxy server application executed by a first computing device, a request for network content from a second computing device, the network content being hosted by an organization on behalf of a customer;
  
  determining, via the proxy server application executed by the first computing device, whether the network content corresponds to a secured portion of a network site based at least in part on a proxy configuration entry designating a predefined uniform resource locator (URL) pattern that corresponds to the secured portion;
  
  receiving, via the proxy server application executed by the first computing device, the network content, wherein the network content is received across a firewall from an application on a trusted network that is subject to security supervision by the organization when the network content is determined to correspond to the secured portion of the network site, and wherein the network content is received from a network content server application managed by the customer not behind the firewall on an untrusted network that is not subject to security supervision by the organization when the network content is determined to correspond to an unsecured portion of the network site; and
  
  sending, via the proxy server application executed by the first computing device, the network content to the second computing device, the first computing device being within the untrusted network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the customer is a merchant, and the application comprises an electronic commerce application.
  - 3. The method of claim 2, wherein the electronic commerce application is configured to process an electronic payment for a plurality of different merchants.
  - 4. The method of claim 2, wherein the electronic commerce application is subject to compliance with Payment Card Industry Data Security Standards (PCI DSS).
  - 5. The method of claim 1, further comprising initiating, via the proxy server application executed by the first computing device, a hypertext transfer protocol secure (HTTPS) connection to the network content server application over the untrusted network.
  - 6. The method of claim 1, wherein the secured portion of the network site corresponds to a first domain name of the customer, and the unsecured portion of the network site corresponds to a second domain name of the customer.
  - 7. The method of claim 1, further comprising determining, via the first computing device, whether the network content corresponds to the secured portion of the network site or the unsecured portion of the network site based at least in part on a uniform resource locator (URL) included in the request for the network content.
  - 8. The method of claim 1, further comprising:
    - restricting, via the first computing device, first management access by the customer to the secured portion of the network site; and
      
      facilitating, via the first computing device, second management access by the customer to the unsecured portion of the network site.

9. A system, comprising:
- a processor of a first computing device; and
  
  a proxy server application executable in the first computing device, wherein when executed the proxy server application causes the first computing device to at least;
  
  receive a request for network content from a second computing device, the network content being hosted by an organization on behalf of a customer;
  
  request the network content from a second application across a firewall on a trusted network that is subject to security supervision by the organization when the network content is determined to correspond to a secured portion of a network site based at least in part on a first proxy configuration entry designating a first predefined uniform resource locator (URL) pattern that corresponds to the secured portion;
  
  request the network content from a third application managed by the customer on an untrusted network that is not behind the firewall and is not subject to security supervision by the organization when the network content is determined to correspond to an unsecured portion of the network site based at least in part on a second proxy configuration entry designating a second predefined URL pattern that corresponds to the unsecured portion; and
  
  send the network content to the second computing device.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein when executed the proxy server application further causes the first computing device to at least determine whether the network content corresponds to the secured portion of the network site or the unsecured portion of the network site based at least in part on a uniform resource locator (URL) embodied in the request for the network content.
  - 11. The system of claim 9, wherein when executed the proxy server application further causes the first computing device to at least determine whether the network content corresponds to the secured portion of the network site or the unsecured portion of the network site based at least in part on a header field embodied in the request for the network content.
  - 12. The system of claim 9, wherein first management access by the customer to the secured portion of the network site is subject to a restriction, and second management access by the customer to the unsecured portion of the network site is not subject to the restriction.
  - 13. The system of claim 9, wherein the proxy server application is executed in the untrusted network or a quarantined portion of the trusted network.
  - 14. The system of claim 9, wherein the third application is a network page server application.
  - 15. The system of claim 9, wherein the network content comprises a network page.

16. A non-transitory computer-readable medium embodying a proxy server application executable in a first computing device, wherein when executed the proxy server application causes the first computing device to at least:
- receive a request for network content from a second computing device, the network content being hosted by an organization on behalf of a customer;
  
  request the network content across a firewall from a second application on a trusted network that is subject to security supervision by the organization when the network content is determined to correspond to a secured portion of a network site based at least in part on a proxy configuration entry designating a first predefined uniform resource locator (URL) pattern that corresponds to the secured portion;
  
  request the network content from a third application managed by the customer on an untrusted network that is not subject to security supervision by the organization when the network content is determined to correspond to an unsecured portion of the network site based at least in part on a second proxy configuration entry designating a second predefined URL pattern that corresponds to the unsecured portion; and
  
  send the network content to the second computing device.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The non-transitory computer-readable medium of claim 16, wherein when executed the proxy server application further causes the first computing device to at least determine whether the network content corresponds to the unsecured portion of the network site by comparing a uniform resource locator (URL) embodied in the request for the network content to a set of URLs managed by the customer.
  - 18. The non-transitory computer-readable medium of claim 16, wherein the second application is configured to facilitate electronic commerce for the customer and at least one other customer of the organization.
  - 19. The non-transitory computer-readable medium of claim 16, wherein when executed the proxy server application further causes the first computing device to at least:
    - restrict first management access by the customer to the secured portion of the network site; and
      
      facilitate second management access by the customer to the unsecured portion of the network site.
  - 20. The non-transitory computer-readable medium of claim 16, wherein when executed the proxy server application further causes the first computing device to at least determine whether the network content corresponds to the secured portion of the network site or the unsecured portion of the network site based at least in part on a header field embodied in the request for the network content.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Huntwork, Andrew Stuart, Boynes, Jeremy
Primary Examiner(s)
Haq, Naeem U

Application Number

US14/164,703
Time in Patent Office

1,618 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 20/382   insuring higher security of...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/02   Banking, e.g. interest calc...

Separating control of network sites

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Separating control of network sites

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links