Securing A Computing Environment Against Malicious Entities

US 20130254829A1
Filed: 03/22/2012
Published: 09/26/2013
Est. Priority Date: 03/22/2012
Status: Active Grant

First Claim

Patent Images

1. In a computing environment, a method performed at least in part on at least one processor, comprising, securing network data traffic through a trusted partition of the computing environment, including, processing transaction data directed to one or more electronic commercial entities via a security component framework associated with the trusted partition, comparing security policy information to the transaction data to produce a comparison result, using the security component framework to generate response data based on the comparison result, and communicating the response data to at least one party associated with the transaction data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client.

48 Citations

View as Search Results

20 Claims

1. In a computing environment, a method performed at least in part on at least one processor, comprising, securing network data traffic through a trusted partition of the computing environment, including, processing transaction data directed to one or more electronic commercial entities via a security component framework associated with the trusted partition, comparing security policy information to the transaction data to produce a comparison result, using the security component framework to generate response data based on the comparison result, and communicating the response data to at least one party associated with the transaction data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein using the security component framework further comprises routing the transaction data to the one or more electronic commercial entities.
  - 3. The method of claim 1 further comprising terminating communications with any party to the transaction data that is in violation of the security policy information.
  - 4. The method of claim 1, wherein using the security component framework further comprises modifying the transaction data based on the comparison result.
  - 5. The method of claim 1, wherein using the security component framework further comprises modifying the response data provided by the one or more electronic commercial entities based on the comparison result.
  - 6. The method of claim 1, wherein using the security component framework further comprises encrypting sensitive data being transmitted within the transaction data and replacing corresponding portions of the transaction data that comprise the sensitive data.
  - 7. The method of claim 1, wherein using the security component framework further comprises authenticating data entry points corresponding to the transaction data.
  - 8. The method of claim 1, wherein using the security component framework further comprises partitioning an electronic form document into a first portion comprising sensitive data entry points and a second portion comprising other data entry points.
  - 9. The method of claim 1 further comprising executing an entity-specific security component of the security component framework on the transaction data.
  - 10. The method of claim 1, wherein communicating the response data further comprises returning entity-specific content based on the transaction data.

11. In a computing environment, a system, comprising, an administrative component configured to allocate computing resources and generate one or more secure machines corresponding to an electronic commercial entity, the administrative component being further configured to communicate data with an isolation mechanism for providing a protected execution environment to run the one or more secure machines, to present the one or more secure machines as a proxy component for the electronic commercial entity, and to instrument a computing fabric to communicate Internet transactions from users to the proxy component and to communicate secured Internet transactions from the proxy component to the commercial electronic entity.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the administrative component is further configured to generate the isolated partition to secure sensitive data that is stored in a structured format within electronic documents corresponding to the Internet transactions.
  - 13. The system of claim 11, wherein the isolated partition is physically separated from the commercial electronic entity.
  - 14. The system of claim 11, wherein the commercial electronic entity is configured to run within the computing environment.
  - 15. The system of claim 11, wherein the administrative component is configured to install an entity-specific security component to a security component framework associated with the isolated partition.

16. One or more computer-readable media having computer-executable instructions stored thereon, which in response to execution by a computer, cause the computer to perform steps comprising:
- processing a request form directed to a commercial electronic entity from a client computer;
  
  applying a security component framework to the request form;
  
  returning information to the client computer if a security component framework identifies a security policy violation associated with the request form; and
  
  if the security component framework determines that the request form satisfies a security policy, converting the request form into a secure request form and communicating the secure request form to the commercial electronic entity.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The one or more computer-readable media of claim 16 having further computer-executable instructions, which in response to execution by the computer, cause the computer to perform further steps comprising:
    - returning a response corresponding to the request that is provided by the commercial electronic entity.
  - 18. The one or more computer-readable media of claim 16 having further computer-executable instructions, which in response to execution by the computer, cause the computer to perform further steps comprising:
    - computing a hash value for at least one portion of the request form according to the security policy.
  - 19. The one or more computer-readable media of claim 16 having further computer-executable instructions, which in response to execution by the computer, cause the computer to perform further steps comprising:
    - excluding request form content from hash computations.
  - 20. The one or more computer-readable media of claim 16 having further computer-executable instructions, which in response to execution by the computer, cause the computer to perform further steps comprising:
    - generating a secure communication channel with the client computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jakubowski, Mariusz H., Peinado, Marcus

Granted Patent

US 9,916,439 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

Securing A Computing Environment Against Malicious Entities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Securing A Computing Environment Against Malicious Entities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links