CLOUD-ASSISTED METHOD AND SERVICE FOR APPLICATION SECURITY VERIFICATION

US 20140096241A1
Filed: 09/28/2012
Published: 04/03/2014
Est. Priority Date: 09/28/2012
Status: Active Grant

First Claim

Patent Images

1. A cloud server system for generating a security recommendation for a browser-based application, the cloud server comprising:

a communication module to receive an application verification request from a client computing device;

a source authentication module to (i) receive application source data that identifies a source of the browser-based application, (ii) retrieve source authentication data; and

(iii) authenticate the source as a function of the application source data and the source authentication data;

an application verification module to (i) retrieve application validation data and (ii) verify the browser-based application as a function of the application validation data; and

a recommendation engine to generate a security recommendation in response to the authentication of the source authentication module and the verification of the application verification module;

wherein the communication module further to transmit the security recommendation to the client computing device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, device, and system for browser-based application security verification is disclosed. A client device requests a browser-based application from a web server. An application security module of the client device intervenes and transmits an application verification request to a cloud service system. The cloud service system retrieves data regarding the security of the application and source from cloud resources and a local database of the cloud server. The cloud service system then uses the data to authenticate the source and verify the security of the browser-based application. The cloud service system provides the client device with a recommendation regarding the security of the browser-based application and updates its local database. The client device may then consider the recommendation in determining whether to download or execute the browser-based application and provide feedback to the cloud service system. The client device may also perform a local security analysis after receiving the cloud service system'"'"'s recommendation.

Citations

26 Claims

1. A cloud server system for generating a security recommendation for a browser-based application, the cloud server comprising:
- a communication module to receive an application verification request from a client computing device;
  
  a source authentication module to (i) receive application source data that identifies a source of the browser-based application, (ii) retrieve source authentication data; and
  
  (iii) authenticate the source as a function of the application source data and the source authentication data;
  
  an application verification module to (i) retrieve application validation data and (ii) verify the browser-based application as a function of the application validation data; and
  
  a recommendation engine to generate a security recommendation in response to the authentication of the source authentication module and the verification of the application verification module;
  
  wherein the communication module further to transmit the security recommendation to the client computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The cloud server system of claim 1, wherein the source authentication module is to (i) receive location data identifying a location of the browser-based application and (ii) download the browser-based application from a web server located at the identified location.
  - 3. The cloud server system of claim 2, wherein the location data includes a uniform resource locator of the browser-based application.
  - 4. The cloud server system of claim 1, wherein the source authentication module is to retrieve the application source data from a remote location other than the client computing device and the application verification module is to retrieve the browser-based application from the remote location.
  - 5. The cloud server system of claim 1, wherein the security recommendation identifies a level of trust of the browser-based application.
  - 6. The cloud server system of claim 1, wherein the recommendation engine is to receive feedback from the client computing device in response to the security recommendation, the feedback indicating a security action taken by the client computing device.
  - 7. The cloud server system of claim 6, wherein the recommendation engine is to update a local database of the cloud server in response to receiving feedback from the client computing device.
  - 8. The cloud server system of claim 1, wherein the application source data identifies at least one of:
    - a host of the browser-based application and an internet protocol address at which the browser-based application is available.
  - 9. The cloud server system of claim 1, wherein:
    - the source authentication module is to retrieve the source authentication data from at least one of;
      
      a local database of the cloud server and cloud resources accessible to the cloud server; and
      
      the application verification module is to retrieve the application validation data from at least one of;
      
      the local database and the cloud resources.
  - 10. The cloud server system of claim 1, wherein:
    - the source authentication module is to authenticate the source by comparing the application source data to the source authentication data, wherein the source authentication data includes a list of known malicious browser-based application hosts; and
      
      the application verification module is to verify the security of the browser-based application by comparing the browser-based application to at least one of;
      
      a trusted source code of the browser-based application and the application validation data, wherein the application validation data includes known malware signatures.
  - 11. The cloud server system of claim 10, wherein the application verification module is to retrieve the application validation data from at least one of:
    - cloud resources accessible to the cloud server and a local database of the cloud server.
  - 12. The cloud server system of claim 1, wherein the recommendation engine is to update a local database of the cloud server in response to generating the security recommendation.
  - 13. The cloud service system of claim 1, wherein the browser-based application is a Hypertext Markup Language 5 application or other web application.

14. A client computing device for verifying the security of a browser-based application, the client computing device comprising:
- an application security module to (i) determine whether the client computing device has requested the browser-based application and (ii) in response to determining that the browser-based application has been requested, transmit an application verification request to a cloud service system to verify the security of the browser-based application; and
  
  a communication module to receive a security recommendation from the cloud service system ;
  
  wherein the application security module further to perform a security action in response to the security recommendation.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The client computing device of claim 14, wherein the browser-based application is a Hypertext Markup Language 5 application or other web application.
  - 16. The client computing device of claim 14, wherein the application security module determining whether the client computing device has requested the browser-based application comprises determining whether the client computing device has executed a hyperlink directed to the browser-based application.
  - 17. The client computing device of claim 14, wherein the application security module transmitting the application verification request comprises transmitting at least one of:
    - (i) at least a portion of the source code of the browser-based application to the cloud service system and (ii) location data indicating a location at which the browser-based application is available.
  - 18. The client computing device of claim 17, wherein the location data comprises a uniform resource locator of the browser-based application.
  - 19. The client computing device of claim 14, wherein the security action comprises at least one of:
    - notifying a user of the client computing device of the security recommendation;
      
      deleting the source code of the browser-based application from the client computing device;
      
      preventing downloading of the browser-based application to a memory of the client computing device; and
      
      quarantining the browser-based application in a secure location of a memory of the client computing device.
  - 20. The client computing device of claim 14, wherein the application security module is to transmit feedback to the cloud service system, the feedback indicating the security action performed by the client computing device.
  - 21. The client computing device of claim 14, further comprising a local code analysis module to perform a local security analysis of the browser-based application on the client computing device.
  - 22. The client computing device of claim 21, wherein the local security analysis comprises comparing the browser-based application to virus signatures.

23. One or more machine-readable storage media comprising a plurality of instructions stored thereon that, in response to being executed, result in a computing device:
- receiving a browser-based application and application source data that identifies a source of the browser-based application;
  
  retrieving source authentication data and application validation data;
  
  authenticating the source as a function of the application source data and the source authentication data;
  
  verifying the security of the browser-based application as a function of the application validation data;
  
  generating a security recommendation as a function of authenticating the source and verifying the browser-based application; and
  
  transmitting the security recommendation to a remote computing device.
- View Dependent Claims (24, 25, 26)
- - 24. The one or more machine-readable storage media of claim 23, wherein the plurality of instructions further result in the computing device:
    - receiving a request from the remote computing device to generate a security recommendation regarding the level of trust of the browser-based application;
      
      receiving feedback from the remote computing device in response to the security recommendation, the feedback indicating an action taken by the remote computing device; and
      
      updating a local database of the cloud service system in response to receiving feedback from the remote computing device.
  - 25. The one or more machine-readable storage media of claim 23, wherein:
    - authenticating the source comprises comparing the application source data to the source authentication data, wherein the source authentication data includes a list of known malicious browser-based application hosts; and
      
      verifying the security of the browser-based application comprises comparing the browser-based application to at least one of;
      
      a trusted source code of the browser-based application and the application validation data, wherein the application validation data includes known malware signatures.
  - 26. The one or more machine-readable media of claim 23, wherein the browser-based application is a Hypertext Markup Language 5 application or other web application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
John B. Vicente
Inventors
Li, Hong, Wouhaybi, Rita H., Vicente, John B., Yarvis, Mark D., Blakley, James R.

Granted Patent

US 9,430,640 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 2221/033   Test or assess software

G06F 2221/2119   Authenticating web pages, e...

H04L 63/12   Applying verification of th...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

CLOUD-ASSISTED METHOD AND SERVICE FOR APPLICATION SECURITY VERIFICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

CLOUD-ASSISTED METHOD AND SERVICE FOR APPLICATION SECURITY VERIFICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links