BROWSER ACCESS CONTROL
First Claim
Patent Images
1. A computer implemented method, comprising:
- receiving at a processing node a request for a domain from a client browser;
determining at the processing node whether the request for the domain includes browser authorization data;
if the request for the domain includes the browser authorization data, then allowing the request;
if the request for the domain does not include the browser authorization data, then;
providing a configuration page to the client browser, the configuration page including a configuration script that in response to execution at the client browser generates browser configuration data, the browser configuration data defining a browser configuration of the client browser;
receiving the browser configuration data from the client browser;
comparing the browser configuration data to security policy data associated with the client browser, the security policy data defining a security policy associated with the browser configuration of the client browser;
determining whether the browser configuration data complies with the security policy data based on the comparison; and
if the browser configuration data complies with the security policy data, then providing the browser authorization data to the client browser.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and apparatus for a distributed security that monitors communications to manage client browser network access based upon the browser configuration of the client browser by use of a configuration script executed in the browser environment. Such management can reduce the exposure of potentially vulnerable client browsers to domains associated with malicious activity.
-
Citations
17 Claims
-
1. A computer implemented method, comprising:
-
receiving at a processing node a request for a domain from a client browser; determining at the processing node whether the request for the domain includes browser authorization data; if the request for the domain includes the browser authorization data, then allowing the request; if the request for the domain does not include the browser authorization data, then; providing a configuration page to the client browser, the configuration page including a configuration script that in response to execution at the client browser generates browser configuration data, the browser configuration data defining a browser configuration of the client browser; receiving the browser configuration data from the client browser; comparing the browser configuration data to security policy data associated with the client browser, the security policy data defining a security policy associated with the browser configuration of the client browser; determining whether the browser configuration data complies with the security policy data based on the comparison; and if the browser configuration data complies with the security policy data, then providing the browser authorization data to the client browser. - View Dependent Claims (2, 3, 4, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
5. The method of 1, further comprising:
if the request for the domain includes the browser authorization data, then; removing the browser authorization data before the request for the domain is allowed; and redirecting the request to the domain.
-
14. A computer implemented method, comprising:
-
providing from a client browser a request for a domain to a processing node; in response to the request; receiving at the client browser a configuration page including a configuration script; executing at the client browser the configuration script to generate browser configuration data, the browser configuration data defining a browser configuration of the client browser; comparing at the client browser the browser configuration data to security policy data associated with the client browser; determining at the client browser whether the browser configuration data complies with the security policy data based on the comparison; and if the browser configuration data complies with the security policy data, then providing security policy compliance data to the processing node. - View Dependent Claims (15, 16)
-
-
17. A network security system, comprising:
-
a processing node external to network edges of an external system, the processing node comprising; a configuration processor configured to; receive a request for a domain from a client browser; determine whether the request for the domain includes browser authorization data; identify browser configuration data associated with the request for the domain from the client browser; generate the browser authorization data if the browser configuration data complies with a security policy data associated with the client browser; and provide the browser authorization data to the client browser.
-
Specification