Methods and systems for detecting and preventing network connection compromise
First Claim
Patent Images
1. A method for preventing the use of a first connection, the method comprising:
- (i) inspecting, by a client-side proxy on a computing device, a communication from an application on the computing device to a destination, the communication originating from the computing device and configured to use the first connection to send content to the destination, the inspecting of the communication being completed before the first connection is used and the inspecting including a determination of whether the content contains predetermined content; and
(ii) when the determination is that the content contains the predetermined content;
creating, by the client-side proxy before the first connection is used, a second connection, the client-side proxy creating the second connection through a server to the destination, the second connection being more secure than the first connection, andmodifying, by the client-side proxy, the communication to use the second connection instead of using the first connection to send the content, including the predetermined content, to the destination.
7 Assignments
0 Petitions
Accused Products
Abstract
The security of network connections on a computing device is protected by detecting and preventing compromise of the network connections, including man-in-the-middle (MITM) attacks. Active probing and other methods are used to detect the attacks. Responses to detection include one or more of displaying a warning to a user of the computing device, providing an option to disconnect the network connection, blocking the network connection, switching to a different network connection, applying a policy, and sending anomaly information to a security server.
229 Citations
40 Claims
-
1. A method for preventing the use of a first connection, the method comprising:
-
(i) inspecting, by a client-side proxy on a computing device, a communication from an application on the computing device to a destination, the communication originating from the computing device and configured to use the first connection to send content to the destination, the inspecting of the communication being completed before the first connection is used and the inspecting including a determination of whether the content contains predetermined content; and (ii) when the determination is that the content contains the predetermined content; creating, by the client-side proxy before the first connection is used, a second connection, the client-side proxy creating the second connection through a server to the destination, the second connection being more secure than the first connection, and modifying, by the client-side proxy, the communication to use the second connection instead of using the first connection to send the content, including the predetermined content, to the destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for preventing the use of a first connection, the method comprising:
-
(i) inspecting, by a client-side proxy on a computing device, a communication from an application on the computing device to a destination, the communication originating from the computing device and configured to use the first connection to send content to the destination, the inspecting of the communication being completed before the first connection is used and the inspecting including a determination of whether the content contains predetermined content; and (ii) when the determination is that the content contains the predetermined content; creating, by the client-side proxy before the first connection is used, a second connection to the destination, the second connection being more secure than the first connection, performing, by the client-side proxy before the first connection is used, a handshake with the destination using the second connection, recording, by the client-side proxy before the first connection is used, session information associated with the handshake, breaking, by the client-side proxy before the first connection is used, the second connection, making, by the client-side proxy before the first connection is used, a third connection to the destination, the third connection being made using the recorded session information, and modifying, by the client-side proxy before the first connection is used, the communication so that the modified communication uses the third connection to send the content, including the predetermined content, to the destination. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A non-transitory, computer-readable storage medium having stored thereon a plurality of instructions, which, when executed by a processor, cause the processor to:
-
(i) inspect, by a client-side proxy on a computing device, a communication from an application on the computing device to a destination, the communication originating from the computing device and configured to use the first connection to send content to the destination, the inspecting of the communication being completed before the first connection is used and the inspecting including a determination of whether the content contains predetermined content; and (ii) when the determination is that the content contains the predetermined content; create, by the client-side proxy before the first connection is used, a second connection, the client-side proxy creating the second connection through a server to the destination, the second connection being more secure than the first connection, and modify, by the client-side proxy, the communication to use the second connection instead of using the first connection to send the content, including the predetermined content, to the destination. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system, comprising at least one processor and memory and instructions that when executed cause the at least one processor to:
-
(i) inspect, by a client-side proxy on a computing device, a communication from an application on the computing device to a destination, the communication originating from the computing device and configured to use the first connection to send content to the destination, the inspecting of the communication being completed before the first connection is used and the inspecting including a determination of whether the content contains predetermined content; and (ii) when the determination is that the content contains the predetermined content; create, by the client-side proxy before the first connection is used, a second connection, the client-side proxy creating the second connection through a server to the destination, the second connection being more secure than the first connection, and modify, by the client-side proxy, the communication to use the second connection instead of using the first connection to send the content, including the predetermined content, to the destination. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification