PROTECTING SENSITIVE WEB TRANSACTIONS USING A COMMUNICATION CHANNEL ASSOCIATED WITH A USER

US 20150358306A1
Filed: 08/14/2015
Published: 12/10/2015
Est. Priority Date: 01/02/2014
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security device may receive, from a client device, a request associated with a server device. The security device may determine a communication channel and contact information for validating the request. The security device may provide validation information via the communication channel using the contact information. The security device may receive a validation response from the client device, and may determine whether the validation response is valid. The security device may selectively perform a first action or a second action based on determining whether the validation response is valid. The first action may be performed based on determining that the validation response is valid, and may include providing a validation indicator, with the request, to the server device. The second action may be performed based on determining that the validation response is not valid, and may include providing an invalidation indicator, with the request, to the server device.

Citations

40 Claims

1-20. -20. (canceled)

21. A device, comprising:
- one or more processors to;
  
  receive, from a client device and via a first communication channel, a request associated with a server device;
  
  determine a sensitivity level associated with the request;
  
  determine, based on the sensitivity level, a second communication channel for validating the request,the second communication channel being different from the first communication channel;
  
  determine contact information for contacting a user, associated with the request, via the second communication channel;
  
  transmit, via the second communication channel and using the contact information, validation information;
  
  receive a validation response from the client device;
  
  determine, based on the validation information and the validation response, whether the validation response is valid; and
  
  perform an action based on determining whether the validation response is valid.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The device of claim 21, where the one or more processors are further to:
    - store the request; and
      
      where the one or more processors, when determining whether the validation response is valid, are to;
      
      determine that the validation response is valid; and
      
      where the one or more processors, when performing the action, are to;
      
      provide the request and a validation indicator to the server device based on storing the request and based on determining that the validation response is valid,the validation indicator indicating that that client device has been validated.
  - 23. The device of claim 22, where the one or more processors, when providing the request and the validation indicator, are to:
    - provide the validation indicator in a header of the request.
  - 24. The device of claim 21, where the one or more processors are further to:
    - receive, from the server device, a response to the request;
      
      store the response to the request before determining whether the validation response is valid; and
      
      where the one or more processors, when determining whether the validation response is valid, are to;
      
      determine that the validation response is valid; and
      
      where the one or more processors, when performing the action, are to;
      
      provide the response to the client device based on determining that the validation response is valid.
  - 25. The device of claim 21, where the one or more processors, when transmitting the validation information, are to:
    - determine to validate the request based on at least one of;
      
      content included in the request,the client device,the server device,a user associated with the request, ora webpage associated with the request; and
      
      transmit the validation information based on determining to validate the request.
  - 26. The device of claim 21, where the one or more processors, when transmitting the validation information, are to:
    - receive, from the server device, an indication to validate the request; and
      
      transmit the validation information based on receiving the indication to validate the request.
  - 27. The device of claim 21, where the one or more processors, when determining the contact information, are to:
    - determine the contact information based on information included in the request.

28. A non-transitory computer-readable medium storing instructions, the instructions comprising:
- one or more instructions that, when executed by one or more processors, cause the one or more processors to;
  
  receive, from a client device and via a first communication channel, a request that identifies a server device as a destination for the request;
  
  determine, based on a sensitivity level associated with the request, a second communication channel for validating the request,the second communication channel being different from the first communication channel;
  
  determine contact information for contacting a user, associated with the request, via the second communication channel;
  
  transmit, via the second communication channel and using the contact information, validation information;
  
  receive a validation response from the client device after transmitting the validation information;
  
  determine, based on the validation information and the validation response, whether the validation response is valid; and
  
  perform an action based on determining whether the validation response is valid.
- View Dependent Claims (29, 30, 31, 32, 33)
- - 29. The non-transitory computer-readable medium of claim 28, where the sensitivity level is determined based on information included in the request.
  - 30. The non-transitory computer-readable medium of claim 28, where the one or more instructions, that cause the one or more processors to determine whether the validation response is valid, cause the one or more processors to:
    - determine that the validation response is invalid; and
      
      where the one or more instructions, that cause the one or more processors to perform the action, cause the one or more processors to;
      
      determine a quantity of times that validation has failed based on determining that the validation response is invalid;
      
      determine that the quantity of times is less than or equal to a threshold; and
      
      transmit new validation information based on determining that the quantity of times is less than or equal to the threshold.
  - 31. The non-transitory computer-readable medium of claim 28, where the one or more instructions, that cause the one or more processors to determine whether the validation response is valid, cause the one or more processors to:
    - determine that the validation response is invalid; and
      
      where the one or more instructions, that cause the one or more processors to perform the action, cause the one or more processors to;
      
      determine a quantity of times that validation has failed based on determining that the validation response is invalid;
      
      determine that the quantity of times is greater than or equal to a threshold; and
      
      perform the action based on determining that the quantity of times is greater than or equal to the threshold.
  - 32. The non-transitory computer-readable medium of claim 31, where the action includes at least one of:
    - blocking the client device from accessing the server device, orstoring, in a blacklist, information that identifies the client device.
  - 33. The non-transitory computer-readable medium of claim 28, where the second communication channel includes at least one of:
    - a communication channel associated with providing text messages,a communication channel associated with providing voice messages,a communication channel associated with providing email messages,a communication channel associated with providing instant messages,a communication channel associated with providing chat messages, ora communication channel associated with providing social media messages.

34. A method, comprising:
- receiving, by a security device and via a first communication channel, a request by a first device to access a second device;
  
  determining, by the security device, a sensitivity level associated with the request;
  
  determining, by the security device and based on the security level, at least one of;
  
  a second communication channel for validating the request,the second communication channel being different from the first communication channel, orcontact information for contacting a user, associated with the request, via the second communication channel;
  
  transmitting, by the security device, validation information via the second communication channel and using the contact information;
  
  receiving, by the security device, a validation response from the first device after transmitting the validation information;
  
  determining, by the security device, whether the validation response is valid based on the validation information and the validation response; and
  
  performing, by the security device, an action based on determining whether the validation response is valid.
- View Dependent Claims (35, 36, 37, 38, 39, 40)
- - 35. The method of claim 34, where determining whether the validation response is valid comprises:
    - determining that the validation response is valid; and
      
      where performing the action comprises;
      
      providing the request to the second device based on determining that the validation response is valid;
      
      receiving a response to the request from the second device; and
      
      providing the response to the first device.
  - 36. The method of claim 34, further comprising:
    - providing the request to the second device before determining whether the validation response is valid;
      
      receiving a response to the request from the second device before determining whether the validation response is valid;
      
      where determining whether the validation response is valid comprises;
      
      determining that the validation response is valid; and
      
      where performing the action comprises;
      
      providing the response to the first device based on determining that the validation response is valid.
  - 37. The method of claim 34, where the sensitivity level is based on a portion of a website for which access is being requested in the request.
  - 38. The method of claim 34, where determining the sensitivity level comprises:
    - determining the sensitivity level based on information received from the second device.
  - 39. The method of claim 34, where determining whether the validation response is valid comprises:
    - determining that the validation response is invalid; and
      
      where performing the action comprises;
      
      transmitting new validation information, via a third communication channel, based on determining that the validation response is invalid,the third communication channel being different from the first communication channel and the second communication channel.
  - 40. The method of claim 34, where determining whether the validation response is valid comprises:
    - determining that the validation response is invalid; and
      
      where performing the action comprises;
      
      dropping the request based on determining that the validation response is invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
ADAMS, Kyle, QUINLAN, Daniel J.

Granted Patent

US 10,079,806 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/123   received data contents, e.g...

PROTECTING SENSITIVE WEB TRANSACTIONS USING A COMMUNICATION CHANNEL ASSOCIATED WITH A USER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

PROTECTING SENSITIVE WEB TRANSACTIONS USING A COMMUNICATION CHANNEL ASSOCIATED WITH A USER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links