Protecting sensitive web transactions using a communication channel associated with a user

US 10,079,806 B2
Filed: 08/14/2015
Issued: 09/18/2018
Est. Priority Date: 01/02/2014
Status: Active Grant

First Claim

Patent Images

1. A device, comprising:

a communication interface; and

one or more processors to;

receive, from a client device and via a first communication channel, a first request associated with a server device,the first request requesting access to a first portion of a website;

determine a sensitivity level associated with the first request;

determine, based on the sensitivity level and based on the first request requesting access to the first portion of the website, a second communication channel for validating the first request,the second communication channel being different from the first communication channel;

determine contact information for contacting a user, associated with the first request, via the second communication channel;

transmit, via the second communication channel and using the contact information, first validation information;

receive a first validation response from the client device;

determine, based on the first validation information and the first validation response, that the first validation response is valid;

grant access to the first portion of the website based on determining that the first validation response is valid;

receive a second request requesting access to a second portion of the website;

determine, based on the second request requesting access to the second portion of the website, a third communication channel for validating the second request,the third communication channel being different from the first communication channel and the second communication channel;

transmit second validation information via the third communication channel;

receive a second validation response after transmitting the second validation information;

determine whether the second validation response is valid based on the second validation information and the second validation response; and

perform an action based on determining whether the second validation response is valid,the action comprising;

granting access to the second portion of the website based on determining that the second validation response is valid, orproviding the second request and an invalidation indicator to the server device, via the third communication channel, based on determining that the second validation response is invalid,

information identifying at least one of the client device or the user being included on a blacklist when validation fails a threshold quantity of times.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security device may receive, from a client device, a request associated with a server device. The security device may determine a communication channel and contact information for validating the request. The security device may provide validation information via the communication channel using the contact information. The security device may receive a validation response from the client device, and may determine whether the validation response is valid. The security device may selectively perform a first action or a second action based on determining whether the validation response is valid. The first action may be performed based on determining that the validation response is valid, and may include providing a validation indicator, with the request, to the server device. The second action may be performed based on determining that the validation response is not valid, and may include providing an invalidation indicator, with the request, to the server device.

Citations

20 Claims

1. A device, comprising:
- a communication interface; and
  
  one or more processors to;
  
  receive, from a client device and via a first communication channel, a first request associated with a server device,the first request requesting access to a first portion of a website;
  
  determine a sensitivity level associated with the first request;
  
  determine, based on the sensitivity level and based on the first request requesting access to the first portion of the website, a second communication channel for validating the first request,the second communication channel being different from the first communication channel;
  
  determine contact information for contacting a user, associated with the first request, via the second communication channel;
  
  transmit, via the second communication channel and using the contact information, first validation information;
  
  receive a first validation response from the client device;
  
  determine, based on the first validation information and the first validation response, that the first validation response is valid;
  
  grant access to the first portion of the website based on determining that the first validation response is valid;
  
  receive a second request requesting access to a second portion of the website;
  
  determine, based on the second request requesting access to the second portion of the website, a third communication channel for validating the second request,the third communication channel being different from the first communication channel and the second communication channel;
  
  transmit second validation information via the third communication channel;
  
  receive a second validation response after transmitting the second validation information;
  
  determine whether the second validation response is valid based on the second validation information and the second validation response; and
  
  perform an action based on determining whether the second validation response is valid,the action comprising;
  
  granting access to the second portion of the website based on determining that the second validation response is valid, orproviding the second request and an invalidation indicator to the server device, via the third communication channel, based on determining that the second validation response is invalid,
  
  information identifying at least one of the client device or the user being included on a blacklist when validation fails a threshold quantity of times.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, where the one or more processors are further to:
    - store the first request;
      
      where the one or more processors, when determining whether the second validation response is valid, are to;
      
      determine that the second validation response is valid; and
      
      where the one or more processors, when performing the action, are to;
      
      provide the first request and a validation indicator to the server device based on storing the first request and based on determining that the second validation response is valid,the validation indicator indicating that that client device has been validated.
  - 3. The device of claim 2, where the one or more processors, when providing the first request and the validation indicator, are to:
    - provide the validation indicator in a header of the first request.
  - 4. The device of claim 1, where the one or more processors are further to:
    - receive, from the server device, a response to the first request; and
      
      store the response to the first request before determining whether the second validation response is valid;
      
      where the one or more processors, when determining whether the second validation response is valid, are to;
      
      determine that the second validation response is valid; and
      
      where the one or more processors, when performing the action, are to;
      
      provide the second validation response to the client device based on determining that the second validation response is valid.
  - 5. The device of claim 1, where the one or more processors are further to:
    - determine to validate the first request based on at least one of;
      
      content included in the first request,the client device,the server device,a webpage associated with the first request; and
      
      where the one or more processors, when transmitting the first validation information, are to;
      
      transmit the first validation information based on determining to validate the first request.
  - 6. The device of claim 1, where the one or more processors are further to:
    - receive, from the server device, an indication to validate the first request; and
      
      where the one or more processors, when transmitting the first validation information, are to;
      
      transmit the first validation information based on receiving the indication to validate the first request.
  - 7. The device of claim 1, where the one or more processors, when determining the contact information, are to:
    - determine the contact information based on information included in the first request.

8. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive, from a client device and via a first communication channel, a first request that identifies a server device as a destination for the first request,the first request requesting access to a first portion of a website;
  
  determine, based on a sensitivity level associated with the first request and based on the first request requesting access to the first portion of the website, a second communication channel for validating the first request,the second communication channel being different from the first communication channel;
  
  determine contact information for contacting a user, associated with the first request, via the second communication channel;
  
  transmit, via the second communication channel and using the contact information, first validation information;
  
  receive a first validation response from the client device after transmitting the first validation information;
  
  determine, based on the first validation information and the first validation response, that the first validation response is valid;
  
  grant access to the first portion of the website based on determining that the first validation response is valid;
  
  receive a second request requesting access to a second portion of the website;
  
  determine, based on the second request requesting access to the second portion of the website, a third communication channel for validating the second request,the third communication channel being different from the first communication channel and the second communication channel;
  
  transmit second validation information via the third communication channel;
  
  receive a second validation response after transmitting the second validation information;
  
  determine whether the second validation response is valid based on the second validation information and the second validation response; and
  
  perform an action based on determining whether the second validation response is valid,the action comprising;
  
  granting access to the second portion of the website based on determining that the second validation response is valid, orproviding the second request and an invalidation indicator to the server device, via the third communication channel, based on determining that the second validation response is invalid.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable medium of claim 8, where the sensitivity level is determined based on information included in the first request.
  - 10. The non-transitory computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to determine whether the second validation response is valid, cause the one or more processors to:
    - determine that the second validation response is invalid; and
      
      where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to;
      
      determine a quantity of times that validation has failed based on determining that the second validation response is invalid;
      
      determine that the quantity of times is less than or equal to a threshold; and
      
      transmit new validation information based on determining that the quantity of times is less than or equal to the threshold.
  - 11. The non-transitory computer-readable medium of claim 8, where the one or more instructions, that cause the one or more processors to determine whether the second validation response is valid, cause the one or more processors to:
    - determine that the second validation response is invalid; and
      
      where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to;
      
      determine a quantity of times that validation has failed based on determining that the second validation response is invalid;
      
      determine that the quantity of times is greater than or equal to a threshold; and
      
      deny access to the second portion of the website based on determining that the quantity of times is greater than or equal to the threshold.
  - 12. The non-transitory computer-readable medium of claim 11, where the one or more instructions, when executed by the one or more processors, further cause the one or more processors to:
    - block the client device from accessing the server device based on determining that the quantity of times is greater than or equal to the threshold, orstore, in a blacklist, information that identifies the client device based on determining that the quantity of times is greater than or equal to the threshold.
  - 13. The non-transitory computer-readable medium of claim 8, where the second communication channel includes at least one of:
    - a communication channel associated with providing text messages,a communication channel associated with providing voice messages,a communication channel associated with providing email messages,a communication channel associated with providing instant messages,a communication channel associated with providing chat messages, ora communication channel associated with providing social media messages.

14. A method, comprising:
- receiving, by a security device and via a first communication channel, a first request by a first device to access a second device,the first request requesting access to a first portion of a website;
  
  determining, by the security device, a sensitivity level associated with the first request;
  
  determining, by the security device, based on the sensitivity level, and based on the first request requesting access to the first portion of the website, at least one of;
  
  a second communication channel for validating the first request,the second communication channel being different from the first communication channel, orcontact information for contacting a user, associated with the first request, via the second communication channel;
  
  transmitting, by the security device, first validation information via the second communication channel and using the contact information;
  
  receiving, by the security device, a first validation response from the first device after transmitting the first validation information;
  
  determining, by the security device, that the first validation response is valid based on the first validation information and the first validation response;
  
  granting, by the security device, access to the first portion of the website based on determining that the first validation response is valid;
  
  receiving, by the security device, a second request requesting access to a second portion of the website;
  
  determining, by the security device and based on the second request requesting access to the second portion of the website, a third communication channel for validating the second request,the third communication channel being different from the first communication channel and the second communication channel;
  
  transmitting, by the security device, second validation information via the third communication channel;
  
  receiving, by the security device, a second validation response after transmitting the second validation information;
  
  determining, by the security device, whether the second validation response is valid based on the second validation information and the second validation response; and
  
  performing, by the security device, an action based on determining whether the second validation response is valid,the action comprising;
  
  granting access to the second portion of the website based on determining that the second validation response is valid, orproviding the second request and an invalidation indicator to the second device, via the third communication channel, based on determining that the second validation response is invalid.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, where determining whether the second validation response is valid comprises:
    - determining that the second validation response is valid; and
      
      where performing the action comprises;
      
      providing the first request to the second device based on determining that the second validation response is valid;
      
      receiving a response to the first request from the second device; and
      
      providing the response to the first device.
  - 16. The method of claim 14, further comprising:
    - providing the first request to the second device before determining whether the second validation response is valid;
      
      receiving a response to the first request from the second device before determining whether the second validation response is valid;
      
      where determining whether the second validation response is valid comprises;
      
      determining that the second validation response is valid; and
      
      where performing the action comprises;
      
      providing the second validation response to the first device based on determining that the second validation response is valid.
  - 17. The method of claim 14, where determining the sensitivity level comprises:
    - determining the sensitivity level based on information received from the second device.
  - 18. The method of claim 14, where determining whether the second validation response is valid comprises:
    - determining that the second validation response is invalid; and
      
      where performing the action comprises;
      
      dropping the first request based on determining that the second validation response is invalid.
  - 19. The method of claim 14, further comprising:
    - receiving, via the first communication channel, another request by the first device to access the second device,the other request requesting access to another portion of the website;
      
      determining another sensitivity level associated with the other request;
      
      determining, based on the other sensitivity level and based on the other request requesting access to the other portion of the website, a fourth communication channel for validating the other request,the fourth communication channel being different from the first communication channel, the second communication channel, and the third communication channel;
      
      transmitting other validation information via the fourth communication channel;
      
      receiving another validation response from the first device after transmitting the other validation information;
      
      determining whether the other validation response is valid based on the other validation information and the other validation response; and
      
      performing another action based on determining whether the other validation response is valid,the other action comprising granting or denying access to the other portion of the website.
  - 20. The method of claim 14, where a prompt is provided for display on the first device to enter a validation code included in the first validation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Adams, Kyle, Quinlan, Daniel J.
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Bell, Kalish

Application Number

US14/826,528
Publication Number

US 20150358306A1
Time in Patent Office

1,131 Days
Field of Search

726 2, 726 11, 726 12, 726 21, 726 27
US Class Current
CPC Class Codes

G06F 21/31   User authentication

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

Protecting sensitive web transactions using a communication channel associated with a user

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting sensitive web transactions using a communication channel associated with a user

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links