Network Communication System With Improved Security

US 20120174218A1
Filed: 12/30/2010
Published: 07/05/2012
Est. Priority Date: 12/30/2010
Status: Active Grant

First Claim

Patent Images

1. A method for connecting user browser software running on a user computer to the internet for the purposes of data communication with internet data sources, the method comprising the steps of:

providing a software rendering application that is;

(i) remote from the user computer, and (ii) in data communication with the user computer;

issuing at least one command from the user browser software, the at least one command being intended for a target internet data source internet data sources;

intercepting, by the software rendering application, the at least one command before it reaches the target internet data source;

proxying, by the software rendering application, the at least one command;

receiving, by the software rendering application, responsive data through the internet from the target internet data source;

rendering, by the software rendering application, the responsive data into a pixilated image defined by pixilated image data;

encapsulating, by the software rendering application, the pixilated image data into a browser readable code set; and

sending the browser readable code set from the software rendering application to the user browser software.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network communication method and system wherein software rendering software is interposed in the data communication path between a browser running on a user computer and the internet data sources (for example, internet-accessible server computers) that the user browser wants to receive information from. The software rendering application gets data from internet data sources, but this data may contain malware. To provide enhanced security, the software rendering application renders this data to form a new browser readable code set (for example, an xml page with CSS layers), and this new and safe browser readable code set is sent along to the browser on the user computer for appropriate presentation to the user. As part of the rendering process, dedicated and distinct virtual machines may be used to render certain portion of the data, such as executable code. These virtual machines may be watched, and quickly destroyed if it is detected that they have encountered some type of malware.

Citations

20 Claims

1. A method for connecting user browser software running on a user computer to the internet for the purposes of data communication with internet data sources, the method comprising the steps of:
- providing a software rendering application that is;
  
  (i) remote from the user computer, and (ii) in data communication with the user computer;
  
  issuing at least one command from the user browser software, the at least one command being intended for a target internet data source internet data sources;
  
  intercepting, by the software rendering application, the at least one command before it reaches the target internet data source;
  
  proxying, by the software rendering application, the at least one command;
  
  receiving, by the software rendering application, responsive data through the internet from the target internet data source;
  
  rendering, by the software rendering application, the responsive data into a pixilated image defined by pixilated image data;
  
  encapsulating, by the software rendering application, the pixilated image data into a browser readable code set; and
  
  sending the browser readable code set from the software rendering application to the user browser software.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising the steps of:
    - reading, by the user browser software, the pixilated image data; and
      
      displaying, by the user computer, the pixilated image data on a display that is part of the user computer.
  - 3. The method of claim 1 wherein:
    - the rendering step further comprises forming, based on the responsive data, an interactive overlay of the image that contains at least one form field; and
      
      the encapsulating step further comprises encapsulating the interactive overlay of the image that contains at least one form field with the pixilated image data into the browser readable code set.
  - 4. The method of claim 1 wherein:
    - the rendering step further comprises forming, based on the responsive data, a hyperlink; and
      
      the encapsulating step further comprises encapsulating the hyperlink with the pixilated image data into the browser readable code set.
  - 5. The method of claim 1 wherein:
    - the rendering step further comprises forming, based on the responsive data, a reconstructed video; and
      
      the encapsulating step further comprises encapsulating the reconstructed video with the pixilated image data into the browser readable code set.
  - 6. The method of claim 1 further comprising the step of interacting with third party secure certificates in the remote rendering process.
  - 7. The method of claim 1 further comprising the steps of:
    - offering a service through a third party to provide the software rendering application; and
      
      controlling access to the software rendering application by the third party.

8. A security module for use in a computer communication system including a communication network, a server computer sub-system and a user computer sub-system that includes a user browser module, the security module comprising:
- a receive non-secure browser readable code set sub-module that is structured, connected and/or programmed to receive a non-secure browser readable code set from the server computer sub-system which is intended for the user computer browser module;
  
  a render and/or recontainerize sub-module structured, programmed and/or connected to render and/or recontainerize at least a substantial portion of the non-secure browser readable code set to form a secure browser readable code set corresponding to the non-secure browser readable code set; and
  
  a send secure browser readable code set sub-module that is structured, programmed and/or connected to send the secure browser readable code set to the user browser module;
  
  wherein;
  
  the security module is remote from the server computer sub-system; and
  
  the security module is remote from the user computer sub-system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The security module of claim 8 wherein the receive non-secure browser readable code set sub-module, the render and/or recontainerize sub-module and the send secure browser readable code set sub-module are implemented by a virtual machine.
  - 10. The security module of claim 9 wherein the receive non-secure browser readable code set sub-module, the render and/or recontainerize sub-module and the send secure browser readable code set sub-module are implemented by a process virtual machine.
  - 11. The security module of claim 9 wherein the receive non-secure browser readable code set sub-module, the render and/or recontainerize sub-module and the send secure browser readable code set sub-module are implemented by a system virtual machine.
  - 12. The security module of claim 9 further comprising a flip virtual machine sub-module is structured, connected and/or programmed to:
    - (i) store a set of flipping conditions, including at least one flipping condition, and (ii) flip the virtual machine if any flipping condition from the set of flipping condition(s) are met.
  - 13. The security module of claim 12 wherein:
    - the set of flipping conditions includes at least a first flipping condition; and
      
      the first flipping condition is likely to occur during normal network communication operations and is not an indication that indicates anything abnormal in the operation of the virtual machine.
  - 14. The security module of claim 12 wherein:
    - the set of flipping conditions includes at least a first flipping condition; and
      
      the first flipping condition is based on operational state of the flow characteristics.

15. A method of receiving and processing communications by a computer system, the method comprising the following steps (not necessarily in the following order):
- determining, by the computer system, a set of flip condition(s) comprising at least a first flip condition;
  
  setting up a first virtual machine running on the computer system;
  
  setting up a second virtual machine running on the computer system;
  
  receiving, by the computer system, a plurality of network communications from at least one remote machine over a communication network;
  
  processing, by the first virtual machine, at least some of the network communications received at the receiving step; and
  
  evaluating whether any flip condition(s) in the set of flip condition(s) have been met;
  
  flipping the first virtual machine to a second virtual machine on condition that it is determined that at least one flip condition is met at the evaluating step;
  
  wherein the first flipping condition is likely to occur during normal network communication operations and is not an indication that indicates anything abnormal in the operation of the virtual machine.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein the first flipping condition is based on operational state of the flow characteristics.
  - 17. The method of claim 15 wherein the first flipping condition is that a TCIP session ends and a new TCIP session begins
  - 18. The method of claim 15 wherein the first flipping condition is based upon the occurrence of a file download
  - 19. The method of claim 15 wherein the first flipping condition is that a network communication is received from a predetermined website
  - 20. The method of claim 15 wherein the first flipping condition is one of the following conditions:
    - (i) network communication received from a website having some predetermined characteristic, (ii) a switch in network protocols, (iii) a switch in packet size or MTU (maximum transmission unit);
      
      (iv) passage of a predetermined amount to time since the setting up of the first virtual machine;
      
      or (v) some predetermined volume of data flow since the setting up of the first virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Touchpoint Projection Innovations LLC (Leigh M. Rothschild)
Original Assignee
Everis, Inc.
Inventors
McCoy, Joseph, White, Joshua

Granted Patent

US 9,118,712 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/1441   Countermeasures against mal...

H04L 63/168   above the transport layer

Network Communication System With Improved Security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network Communication System With Improved Security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links