SYSTEM AND METHOD FOR PROTECTING DATA ACCESSED THROUGH A NETWORK CONNECTION

US 20090187763A1
Filed: 01/21/2009
Published: 07/23/2009
Est. Priority Date: 01/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for protecting data accessed through a network connection, comprising:

transferring security software from an external memory device of a client computer to an internal memory device of the client computer that is operative to protect data communicated to and from the client computer via at least one communications link by providing at least one web browser which executes in user mode on a trusted secure desktop operative to run simultaneously with an unsecure desktop of the client computer.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems (100) and methods (400) for protecting data accessed through a network connection. The methods involve transferring security software (150) from an external memory device of a client computer (102) to an internal memory device of the client computer. The security software is operative to protect data communicated to and from the client computer via communication links. The security software is also operative to provide a web browser (110₁, 110₂, . . . , 110_p) which executes in user mode on a trusted secured desktop (904) configured to run simultaneously with an unsecured desktop (902) of the client computer. The security software is further operative to provide a security service to the web browser. The security service includes at least one service selected from the group consisting of a keylogger prevention service, a code injection prevention service, and a screen scraper protection service.

Citations

41 Claims

1. A method for protecting data accessed through a network connection, comprising:
- transferring security software from an external memory device of a client computer to an internal memory device of the client computer that is operative to protect data communicated to and from the client computer via at least one communications link by providing at least one web browser which executes in user mode on a trusted secure desktop operative to run simultaneously with an unsecure desktop of the client computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method according to claim 1, wherein the security software is further operative to protect the data communicated to and from the client computer via the communications link by providing at least one security service to the web browser, where the security service includes at least one service selected from the group consisting of a keylogger prevention service, a code injection prevention service, a process protection service, and a screen scraper protection service.
  - 3. The method according to claim 2, wherein the security service is provided by the trusted secure desktop, an underlying user mode software operative to communicate with the trusted secure desktop, and an underlying kernel mode software operative to communicate with the underlying user mode software and an operating system of the client computer.
  - 4. The method according to claim 1, further comprising establishing a first secure communications link between the client computer and a first network site system provided by a first business organization offering a network based service for protecting the data accessed through the network connection.
  - 5. The method according to claim 4, further comprising establishing a second secure communications link between the client computer and a second network site system provided by a second business organization different from the first business organization.
  - 6. The method according to claim 5, further comprising encrypting data prior to being communicated to and from the first network site system, the second network site system, and the client computer via a respective one of the first and second secure communication links.
  - 7. The method according to claim 1, further comprising:
    - receiving a domain name resolution request at a first network site system for obtaining a secure numerical identifier associated with networking equipment of a second network site system, the domain name resolution request being generated at the client computer;
      
      performing a domain name resolution at the first network site system to translate a domain name to the secure numerical identifier associated with the networking equipment for purposes of locating and addressing the networking equipment; and
      
      communicating the secure numerical identifier to the client computer over a secure communications link established between the first network site system and the client computer.
  - 8. The method according to claim 7, further comprising encrypting the secure numerical identifier prior to communicating the secure numerical identifier from the first network site system to the client computer.
  - 9. The method according to claim 1, further comprisingaccessing a configuration file stored in the internal memory device of the client computer including domain-name-to-secure-numerical-identifier resolution information;
    - obtaining a secure numerical identifier from the configuration file;
      
      generating a resource request at the client computer for a resource of a network site system using the secure numerical identifier; and
      
      communicating the resource request from the client computer to the network site system via a secure communications link.
  - 10. The method according to claim 1, further comprising creating a user profile identifying at least one network site system to which a user of the client computer wants to securely link and exchange information with.
  - 11. The method according to claim 1, further comprising storing the web browser on the client computer in an encrypted form and decrypting the web browser prior to executing the web browser on the trusted secure desktop.
  - 12. The method according to claim 2, wherein the keylogger prevention service is provided by:
    - temporarily breaking all connections between an operating system of the client computer and a plurality of first keyboard device drivers of the client computer; and
      
      establishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered keyboard device driver.
  - 13. The method according to claim 12, wherein the keylogger prevention service is further provided by:
    - intercepting at least one function used to patch memory images of the second keyboard device driver; and
      
      preventing the function from succeeding if the function is determined to be used by malware.
  - 14. The method according to claim 2, wherein the code injection prevention service is provided by:
    - monitoring a plurality of code injection functions being performed by the client computer; and
      
      preventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is determined to be used by malware.
  - 15. The method according to claim 2, wherein the screen scraper protection service is provided by:
    - monitoring a plurality of functions performed by the client computer used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
      
      intercepting the plurality of functions; and
      
      preventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is determined to be used by malware.
  - 16. The method according to claim 2, wherein the screen scraper protection service is provided bymonitoring a plurality of functions performed by the client computer used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
    - intercepting the plurality of functions; and
      
      performing the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is determined to be used by malware.
  - 17. The method according to claim 1, further comprising defining a landing page of the web browser to be a predefined site.
  - 18. The method according to claim 1, further comprisingscanning program data stored in the internal memory device of the client computer associated with a plurality of user mode and kernel mode applications running on the unsecure desktop for malware prior to launching the trusted secure desktop;
    - andpreventing at least one of the trusted secure desktop and the web browser from launching if the program data includes malware.
  - 19. The method according to claim 18, further comprisingrunning an anti-virus/spyware software on the unsecure desktop to identify and remove the malware from the client computer;
    - andallowing the trusted secure desktop and the web browser application to be launched subsequent to the removal of the malware from the client computer.
  - 20. The method according to claim 1, further comprising providing a mini-stack application operative to display a borderless browser window on a display screen of the client computer including an element facilitating a user-software interaction for establishing a secure communications link between the client computer and at least one network site.
  - 21. The method according to claim 20, wherein the mini-stack application is protected at least by an underlying user and kernel mode software against tampering by hackers and malware.
  - 22. The method according to claim 1, further comprising:
    - gathering information including software usage information, network site selection information, and advertisement information identifying advertisements clicks on by a user of the client computer; and
      
      storing the gathered information in a storage device of a network system site.

23. A network based system for protecting data accessed by a computer system through a network connection, comprising:
- a first network site system offering a network based service for protecting the data accessed through the network connection, the first network site system configured for transferring security software from a first memory device of the first network site to a second memory device of a client computer, the security software being operative to protect data communicated to and from the client computer via a communications link;
  
  wherein the security software includes a web browser which executes in user mode on a trusted secure desktop operative to run simultaneously with an unsecure desktop of the client computer.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 24. The network based system according to claim 23, wherein the security software protects the data communicated to and from the client computer via the communications link by performing at least one security service operation to protect the web browser from malware, where the security service operation includes at least one operation selected from the group consisting of a keylogger prevention operation, a code injection prevention operation, and a screen scraper protection operation.
  - 25. The network based system according to claim 24, wherein the security service is provided by the trusted secure desktop, an underlying user mode software operative to communicate with the trusted secure desktop, and an underlying kernel mode software operative to communicate with the underlying user mode software and an operating system of the client computer.
  - 26. The network based system according to claim 23, wherein the first network site system is further configured for establishing a first secure communications link with the client computer, and establishing a second secure communications link between the client computer and a second network site system.
  - 27. The network based system according to claim 26, wherein data is encrypted prior to being communicated to and from the first network site systems, the second network site systems, and the client computer via a respective one of the first and second secure communications links.
  - 28. The network based system according to claim 26, wherein the second network site system is selected from a secure index or directory provided by the first network site system.
  - 29. The network based system according to claim 26, wherein the second network site system is a banking network site system, a law firm intranet network site system, a government intranet network site system, a stock trading network site system, or a social data exchange network site system.
  - 30. The network based system according to claim 23, wherein the first network site system is further configured forreceiving a domain name resolution request from the client computer for obtaining a secure numerical identifier associated with networking equipment of a second network site system different from the first network site system;
    - performing a domain name resolution to translate a domain name to the secure numerical identifier associated with the networking equipment for purposes of locating and addressing the networking equipment; and
      
      communicating the secure numerical identifier to the client computer over a secure communications link established between the first network site system and the client computer.
  - 31. The network based system according to claim 30, wherein the first network site system is further configured for encrypting the secure numerical identifier prior to communicating the secure numerical identifier to the client computer.
  - 32. The network based system according to claim 23, wherein the first network site system is further configured for transferring a configuration file from the first memory device to the second memory device of the client computer including domain-name-to-secure-numerical-identifier resolution information.
  - 33. The network based system according to claim 23, wherein the first network site system is further configured for generating a user profile identifying at least one network site system to which a user of the client computer wants to securely link and exchange information with.
  - 34. The network based system according to claim 23, wherein the first network site system is further configured for encrypting the web browser prior to transferring the security software to the client computer.
  - 35. The network based system according to claim 24, wherein the keylogger prevention operation involves:
    - temporarily breaking all connections between an operating system of the client computer and a plurality of first keyboard device drivers of the client computer; and
      
      establishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered device driver.
  - 36. The network based system according to claim 35, wherein the keylogger prevention operation further involves:
    - intercepting at least one function used to patch memory images of the second keyboard device driver; and
      
      preventing the function from succeeding if the function is determined to be used by malware.
  - 37. The network based system according to claim 24, wherein the code injection prevention operation involves:
    - monitoring a plurality of code injection functions performed by the client computer; and
      
      preventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is determined to be used by malware.
  - 38. The network based system according to claim 24, wherein the screen scraper protection operation involves:
    - monitoring a plurality of functions performed by the client computer used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
      
      intercepting the plurality of functions; and
      
      preventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is determined to be used by malware.
  - 39. The network based system according to claim 24, wherein the screen scraper protection operation involves:
    - monitoring a plurality of functions performed by the client computer used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
      
      intercepting the plurality of functions; and
      
      performing the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is determined to be used by malware.

40. A network based system including at least one client computer, comprising:
- at least one server computer provided by a first business organization offering a network based service for protecting data accessed through a network connection, the server computer configured forcommunicating with the client computer via a first secure communication link established between the server computer and the client computer,performing a domain name resolution to translate a domain name to a secure numerical identifier associated with a second network site system provided by a second business organization different from the first business organization for purposes of locating and addressing the second network site system,communicating the secure numerical identifier to the client computer over the first secure communication link, andfacilitating a second secure communications link between the client computer and the second network site system.
- View Dependent Claims (41)
- - 41. The first network system according to claim 40, wherein the server computer is further configured forreceiving a security software download request from the client computer, andresponsive to the security software download request obtaining files for the security software and communicating the files to the client computer;
    - wherein the security software includes at least one web browser which executes in user mode on a trusted secure desktop operative to run simultaneously with an unsecure desktop of the client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wontok, Inc. (Wontok Enterprises Pty Ltd.)
Original Assignee
SafeCentral, Inc. (Wontok Enterprises Pty Ltd.)
Inventors
Freericks, Helmuth, Kouznetsov, Oleg, Sharp, John C.

Granted Patent

US 8,918,865 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/57   Certifying or maintaining t...

H04L 63/0428   wherein the data content is...

H04L 63/14   for detecting or protecting...

H04L 63/168   above the transport layer

H04L 67/34   involving the movement of s...

SYSTEM AND METHOD FOR PROTECTING DATA ACCESSED THROUGH A NETWORK CONNECTION

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR PROTECTING DATA ACCESSED THROUGH A NETWORK CONNECTION

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links