PROVIDING A FAST, REMOTE SECURITY SERVICE USING HASHLISTS OF APPROVED WEB OBJECTS
First Claim
Patent Images
1. A method for reducing user-experienced latencies and server costs encountered when all requested Web objects by a client device must pass through a security server system, the method comprising:
- a) generating, by the security server system, a list of at least one {validated Web object identifier, validated Web object hash value} pair;
b) forwarding at least a part of the list to the client device;
c) receiving, by the client device, the at least part of the list;
d) storing, by the client device, the at least part of the list received in a client list of at least one {validated Web object identifier, validated Web object hash value} pair; and
e) responsive to a request for a Web object by an application at the client device,1) determining, by the client device, whether or not the requested Web object is included in the client list, and2) responsive to a determination, by the client device, that the requested Web object is included in the clientlist,A) fetching, by the client device, the requested Web object from an origin server,B) receiving, by the client device, the Web object,C) computing, by the client device, a hash of the received Web object,D) comparing, by the client device, the computed hash with the hash paired with the requested Web object included in the client list, andE) responsive to a determination, by the client device, that the computed hash matches the hash paired with the requested Web object included in the client list,i) passing, by the client device, the requested Web object to the application,otherwise, responsive to a determination, by the client device, that the computed hash does not match the hash paired with the requested Web object included in the client list,i) requesting, by the client device, the requested Web object via the security server system.
1 Assignment
0 Petitions
Accused Products
Abstract
A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.
-
Citations
22 Claims
-
1. A method for reducing user-experienced latencies and server costs encountered when all requested Web objects by a client device must pass through a security server system, the method comprising:
-
a) generating, by the security server system, a list of at least one {validated Web object identifier, validated Web object hash value} pair; b) forwarding at least a part of the list to the client device; c) receiving, by the client device, the at least part of the list; d) storing, by the client device, the at least part of the list received in a client list of at least one {validated Web object identifier, validated Web object hash value} pair; and e) responsive to a request for a Web object by an application at the client device, 1) determining, by the client device, whether or not the requested Web object is included in the client list, and 2) responsive to a determination, by the client device, that the requested Web object is included in the clientlist, A) fetching, by the client device, the requested Web object from an origin server, B) receiving, by the client device, the Web object, C) computing, by the client device, a hash of the received Web object, D) comparing, by the client device, the computed hash with the hash paired with the requested Web object included in the client list, and E) responsive to a determination, by the client device, that the computed hash matches the hash paired with the requested Web object included in the client list, i) passing, by the client device, the requested Web object to the application, otherwise, responsive to a determination, by the client device, that the computed hash does not match the hash paired with the requested Web object included in the client list, i) requesting, by the client device, the requested Web object via the security server system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for reducing user-experienced latencies and server costs encountered when all requested Web objects by a client device must pass through a security server system, the method comprising:
-
a) receiving, by the client device, the at least part of a list, generated by the security server system, of at least one {validated Web object identifier, validated Web object hash value} pair; b) storing, by the client device, the at least part of the list received in a client list of at least one {validated Web object identifier, validated Web object hash value} pair; and c) responsive to a request for a Web object by an application at the client device, 1) determining, by the client device, whether or not the requested Web object is included in the client list, and 2) responsive to a determination, by the client device, that the requested Web object is included in the clientlist, A) fetching, by the client device, the requested Web object from an origin server, B) receiving, by the client device, the Web object, C) computing, by the client device, a hash of the received Web object, D) comparing, by the client device, the computed hash with the hash paired with the requested Web object included in the client list, and E) responsive to a determination, by the client device, that the computed hash matches the hash paired with the requested Web object included in the client list, i) passing, by the client device, the requested Web object to the application, otherwise, responsive to a determination, by the client device, that the computed hash does not match the hash paired with the requested Web object included in the client list, i) requesting, by the client device, the requested Web object via the security server system. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A non-transitory storage device storing processor-executable code which, when executed by the at least one processor, causes the at least one processor to perform a method for reducing user-experienced latencies and server costs encountered when all requested Web objects by a client device must pass through a security server system, the methodreceiving, by the client device, the at least part of a list, generated by the security server system, of at least one {validated Web object identifier, validated Web object hash value} pair,storing, by the client device, the at least part of the list received in a client list of at least one {validated Web object identifier, validated Web object hash value} pair, andresponsive to a request for a Web object by an application at the client device,
A) determining, by the client device, whether or not the requested Web object is included in the client list, and B) responsive to a determination, by the client device, that the requested Web object is included in the clientlist, i) fetching, by the client device, the requested Web object from an origin server, ii) receiving, by the client device, the Web object, iii) computing, by the client device, a hash of the received Web object, iv) comparing, by the client device, the computed hash with the hash paired with the requested Web object included in the client list, and v) responsive to a determination, by the client device, that the computed hash matches the hash paired with the requested Web object included in the client list, passing, by the client device, the requested Web object to the application, otherwise, responsive to a determination, by the client device, that the computed hash does not match the hash paired with the requested Web object included in the client list, requesting, by the client device, the requested Web object via the security server system.
-
17. A method for reducing user-experienced latencies and server costs encountered when all requested Web objects by a client device must pass through a security server system, the method comprising:
-
a) generating, by the security server system, a list of at least one {validated Web object identifier, validated Web object hash value} pair; b) transmitting, by the security server system, at least a part of the list to the client device, thereby enabling the client device to determine whether or not a desired Web object has been validated by the security server system using a hash comparison. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification