Secure Browsing Via A Transparent Network Proxy

US 20150156203A1
Filed: 12/02/2013
Published: 06/04/2015
Est. Priority Date: 12/02/2013
Status: Active Grant

First Claim

Patent Images

1. A system for providing secure browsing via a transparent network proxy, the system comprising:

a memory that stores instructions;

a processor that executes the instructions to perform operations, the operations comprising;

receiving, from a client, a request to access a resource, wherein the request includes an identifier for locating the resource;

determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier has been utilized less than a threshold number of times; and

forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines, wherein a stream including a rendering of the resource is streamed from the browser virtual machine to the client based on the request, and wherein the rendering of the resource is provided in lieu of the resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing secure browsing via a transparent network proxy is disclosed. The system may receive, from a client, a request to access a resource. The request may include an identifier that may be utilized to locate the resource. Once the request is received, the system may determine if the resource is not trusted, such as if the identifier is determined to be unknown or suspicious. If the resource is determined to not be trusted by the system, the system may forward the request to a virtual machine manager that may select a browser virtual machine from a pool of browser virtual machines. After the browser virtual machine is selected, the browser virtual machine may stream a rendering of the resource to the client based on the request. The rendering of the resource may be provided in lieu of the actual resource.

47 Citations

View as Search Results

20 Claims

1. A system for providing secure browsing via a transparent network proxy, the system comprising:
- a memory that stores instructions;
  
  a processor that executes the instructions to perform operations, the operations comprising;
  
  receiving, from a client, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier has been utilized less than a threshold number of times; and
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines, wherein a stream including a rendering of the resource is streamed from the browser virtual machine to the client based on the request, and wherein the rendering of the resource is provided in lieu of the resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the operations further comprise providing the client with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.
  - 3. The system of claim 2, wherein the operations further comprise redirecting a browser associated with the client to a desktop virtualization technology connection if the option to securely access the stream including the rendering of the resource is selected by the client, wherein the desktop virtualization technology connection enables the rendering of the resource to be displayed within a virtual browser that is displayed within a viewable window of the browser associated with the client.
  - 4. The system of claim 1, wherein the operations further comprise providing the client with access to the resource if the resource is determined to be trusted.
  - 5. The system of claim 1, wherein the browser virtual machine is replaced with an original image of the browser virtual machine when a browser associated with the client is closed.
  - 6. The system of claim 5, wherein the browser virtual machine is released back into the pool of browser virtual machines when the browser virtual machine is reimaged.
  - 7. The system of claim 1, wherein the operations further comprise determining that the resource is not trusted if the analysis of the identifier indicates that the identifier is associated with a blacklisted identifier contained in a blacklist.
  - 8. The system of claim 1, wherein the operations further comprise monitoring the browser virtual machine to determine if the resource is associated with suspicious activity.
  - 9. The system of claim 8, wherein the operations further comprise storing the identifier of the resource in a blacklist if the resource is determined to be associated with the suspicious activity.
  - 10. The system of claim 1, wherein the operations further comprise determining that the resource is not trusted based on an action associated with the resource.

11. A method for providing secure browsing via a transparent network proxy, the method comprising:
- receiving, from a client, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining, by utilizing instructions from memory that are executed by a processor, if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier has been utilized less than a threshold number of times; and
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines, wherein a stream including a rendering of the resource is streamed from the browser virtual machine to the client based on the request, and wherein the rendering of the resource is provided in lieu of the resource.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising providing the client with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.
  - 13. The method of claim 12, further comprising redirecting a browser associated with the client to a desktop virtualization technology connection if the option to securely access the stream including the rendering of the resource is selected by the client, wherein the desktop virtualization technology connection enables the rendering of the resource to be displayed within the browser associated with the client.
  - 14. The method of claim 11, further comprising providing the client with access to the resource if the resource is determined to be trusted.
  - 15. The method of claim 11, further comprising receiving feedback from the client, wherein the feedback indicates whether the determining based on the analysis of the identifier is accurate, and further comprising adjusting the determining based on the feedback when the feedback indicates that the determining is not accurate.
  - 16. The method of claim 11, further comprising determining that the resource is not trusted if the analysis of the identifier indicates that the identifier is associated with a blacklisted identifier contained in a blacklist.
  - 17. The method of claim 11, further comprising monitoring the browser virtual machine to determine if the resource is associated with suspicious activity.
  - 18. The method of claim 17, further comprising storing the identifier of the resource in a blacklist if the resource is determined to be associated with the suspicious activity.

19. A non-transitory computer-readable device comprising instructions, which when loaded and executed by a processor, cause the processor to perform operations, the operations comprising:
- receiving, from a client, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier has been utilized less than a threshold number of times; and
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines, wherein a stream including a rendering of the resource is streamed from the browser virtual machine to the client based on the request, and wherein the rendering of the resource is provided in lieu of the resource.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable device of claim 19, wherein the operations further comprise providing the client with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Giura, Paul, Bickford, Jeffrey E., Anschutz, Thomas A., Hendrix, Donald E., Shirokmann, Howard F., Shih, Ching C.

Granted Patent

US 9,537,885 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/101   Access control lists [ACL]

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

Secure Browsing Via A Transparent Network Proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Browsing Via A Transparent Network Proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links