Technologies for multi-factor security analysis and runtime control

US 10,055,580 B2
Filed: 05/27/2016
Issued: 08/21/2018
Est. Priority Date: 09/23/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device for client-level web application runtime control and multi-factor security analysis, the computing device comprising:

a processor; and

a memory that comprises instructions stored thereon, which when executed by the processor, causes the computing device to;

access application code associated with a browser-based application received from a web server, wherein the application code is to be executed by the processor of the computing device;

collect real-time data associated with the computing device;

perform a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code to determine whether the application code includes impermissible code, wherein the impermissible code is a portion of the application code that, if executed, poses a security risk to the computing device;

determine whether the application code is modifiable to eliminate execution of impermissible code in response to an indication by the multi-factor security assessment that the application code includes the impermissible code;

modify the application code in response to a determination that the application code is modifiable to eliminate the execution of the impermissible code; and

execute the modified application code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies for client-level web application runtime control and multi-factor security analysis by a computing device include receiving application code associated with a browser-based application from a web server. The computing device collects real-time data generated by at least one sensor of the computing device and performs a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code. Further, the computing device establishes a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment and enforces the client-level web application runtime security policy.

55 Citations

23 Claims

1. A computing device for client-level web application runtime control and multi-factor security analysis, the computing device comprising:
- a processor; and
  
  a memory that comprises instructions stored thereon, which when executed by the processor, causes the computing device to;
  
  access application code associated with a browser-based application received from a web server, wherein the application code is to be executed by the processor of the computing device;
  
  collect real-time data associated with the computing device;
  
  perform a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code to determine whether the application code includes impermissible code, wherein the impermissible code is a portion of the application code that, if executed, poses a security risk to the computing device;
  
  determine whether the application code is modifiable to eliminate execution of impermissible code in response to an indication by the multi-factor security assessment that the application code includes the impermissible code;
  
  modify the application code in response to a determination that the application code is modifiable to eliminate the execution of the impermissible code; and
  
  execute the modified application code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computing device of claim 1, wherein the memory further comprises instructions stored thereon, which when executed by the processor, causes the computing device to:
    - establish a client-level web application runtime security policy associated with the browser-based application in response to performance of the multi-factor security assessment, wherein the client-level web application runtime security policy identifies at least one of hardware, firmware, or software access rules; and
      
      enforce the client-level web application runtime security policy.
  - 3. The computing device of claim 1, wherein to collect the real-time data comprises to determine an impact of execution of the application code on the operation of computing device.
  - 4. The computing device of claim 3, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on a parameter of the operation of the computing device unrelated to a maliciousness aspect of the application code.
  - 5. The computing device of claim 3, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on concurrent execution of another application of the computing device different from the browser-based application.
  - 6. The computing device of claim 3, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on at least one of power consumption or latency of the computing device.
  - 7. The computing device of claim 1, wherein to collect the real-time data comprises to determine a real-time security threat level of a network of the computing device.
  - 8. The computing device of claim 1, wherein to collect the real-time data comprises to:
    - transmit the application code to a cloud server for remote simulation of the application code; and
      
      receive security results from the cloud server in response to transmittal of the application code to the cloud server.

9. One or more non-transitory machine-readable storage media comprising a plurality of instructions stored thereon that, in response to execution by a computing device, causes the computing device to:
- access application code associated with a browser-based application received from a web server, wherein the application code is to be executed by the processor of the computing device;
  
  collect real-time data associated with the computing device;
  
  perform a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code to determine whether the application code includes impermissible code, wherein the impermissible code is a portion of the application code that, if executed, poses a security risk to the computing device;
  
  determine whether the application code is modifiable to eliminate execution of impermissible code in response to an indication by the multi-factor security assessment that the application code includes the impermissible code;
  
  modify the application code in response to a determination that the application code is modifiable to eliminate the execution of the impermissible code; and
  
  execute the modified application code.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The one or more non-transitory machine-readable storage media of claim 9, wherein the plurality of instructions further causes the computing device to:
    - establish a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment, wherein the client-level web application runtime security policy identifies at least one of hardware, firmware, or software access rules; and
      
      enforce the client-level web application runtime security policy.
  - 11. The one or more non-transitory machine-readable storage media of claim 9, wherein to collect the real-time data comprises to determine an impact of execution of the application code on the operation of computing device.
  - 12. The one or more non-transitory machine-readable storage media of claim 11, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on a parameter of the operation of the computing device unrelated to a maliciousness aspect of the application code.
  - 13. The one or more non-transitory machine-readable storage media of claim 11, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on concurrent execution of another application of the computing device different from the browser-based application.
  - 14. The one or more non-transitory machine-readable storage media of claim 11, wherein to determine the impact of the execution of the application code comprises to determine an impact of execution of the application code on at least one of power consumption or latency of the computing device.
  - 15. The one or more non-transitory machine-readable storage media of claim 9, wherein to collect the real-time data comprises to determine a real-time security threat level of a network of the computing device.
  - 16. The one or more non-transitory machine-readable storage media of claim 9, wherein to collect the real-time data comprises to:
    - transmit the application code to a cloud server for remote simulation of the application code; and
      
      receive security results from the cloud server in response to transmittal of the application code to the cloud server.

17. A method for client-level web application runtime control and multi-factor security analysis by a computing device, the method comprising:
- accessing, by a computing device, application code associated with a browser-based application received from a web server, wherein the application code is to be executed by a processor of the computing device;
  
  collecting, by the computing device, real-time data associated with the computing device;
  
  performing, by the computing device, a multi-factor security assessment of the browser-based application as a function of the collected real-time data and the application code to determine whether the application code includes impermissible code, wherein the impermissible code is a portion of the application code that, if executed, poses a security risk to the computing device;
  
  determining, by the computing device, whether the application code is modifiable to eliminate execution of impermissible code in response to an indication by the multi-factor security assessment that the application code includes the impermissible code;
  
  modifying, by the computing device, the application code in response to a determination that the application code is modifiable to eliminate the execution of the impermissible code; and
  
  executing, by the computing device, the modified application code.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The method of claim 17, further comprising:
    - establishing, by the computing device, a client-level web application runtime security policy associated with the browser-based application in response to performing the multi-factor security assessment, wherein the client-level web application runtime security policy identifies at least one of hardware, firmware, or software access rules; and
      
      enforcing the client-level web application runtime security policy.
  - 19. The method of claim 17, wherein collecting the real-time data comprises determining an impact of execution of the application code on the operation of computing device.
  - 20. The method of claim 19, wherein determining the impact of the execution of the application code comprises determining an impact of execution of the application code on a parameter of the operation of the computing device unrelated to a maliciousness aspect of the application code.
  - 21. The method of claim 19, wherein determining the impact of the execution of the application code comprises determining an impact of execution of the application code on at least one of power consumption or latency of the computing device.
  - 22. The method of claim 17, wherein collecting the real-time data comprises determining a real-time security threat level of a network of the computing device.
  - 23. The method of claim 17, wherein collecting the real-time data comprises:
    - transmitting the application code to a cloud server for remote simulation of the application code; and
      
      receiving security results from the cloud server in response to transmittal of the application code to the cloud server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Li, Hong, Dewan, Prashant
Primary Examiner(s)
Patel, Haresh N

Application Number

US15/166,952
Publication Number

US 20160364566A1
Time in Patent Office

816 Days
Field of Search

726 1
US Class Current
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

H04L 12/4625   Single bridge functionality...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 65/1045   Proxies, e.g. for session i...

H04L 67/02   based on web technology, e....

H04L 67/1097   for distributed storage of ...

Technologies for multi-factor security analysis and runtime control

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

55 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Technologies for multi-factor security analysis and runtime control

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others