COMPUTER NETWORK CROSS-BOUNDARY PROTECTION

US 20170155651A1
Filed: 11/29/2015
Published: 06/01/2017
Est. Priority Date: 11/29/2015
Status: Active Grant

First Claim

Patent Images

1. A computer security method comprising:

detecting access, by a computer in a first computer network, to a computer-readable document;

determining whether the computer-readable document was retrieved from a second computer network;

identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network; and

preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer security method including detecting access, by a computer in a first computer network, to a computer-readable document, determining whether the computer-readable document was retrieved from a second computer network, identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network, and preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.

Citations

20 Claims

1. A computer security method comprising:
- detecting access, by a computer in a first computer network, to a computer-readable document;
  
  determining whether the computer-readable document was retrieved from a second computer network;
  
  identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network; and
  
  preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1 and further comprising maintaining an indicator indicating that the computer-readable document was retrieved from the second computer network, wherein the computer-readable document is stored in a data storage device of the computer after being retrieved from the second computer network, and wherein the detected access is to the computer-readable document that is retrieved from the data storage device.
  - 3. The method according to claim 1 wherein the detecting comprises detecting wherein the computer-readable document is a web page.
  - 4. The method according to claim 1 wherein the preventing comprises preventing operation of the resource.
  - 5. The method according to claim 1 and further comprising deleting the computer-readable document from a data storage device of the computer.
  - 6. The method according to claim 1 and further comprising deleting from a data storage device of the computer a second computer-readable document that is referred to by the computer-readable document that was retrieved from the second computer network.
  - 7. The method of claim 1 wherein the detecting, determining, identifying, and preventing are implemented in any ofa) computer hardware, andb) computer software embodied in a non-transitory, computer-readable medium.

8. A computer security system comprising:
- an access manager configured todetect access, by a computer in a first computer network, to a computer-readable document,determine whether the computer-readable document was retrieved from a second computer network,identify a reference, associated with the computer-readable document, to a resource at a location within the first computer network; and
  
  a security manager configured to prevent access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system according to claim 8 wherein the access manager is configured to maintain an indicator indicating that the computer-readable document was retrieved from the second computer network, wherein the computer-readable document is stored in a data storage device of the computer after being retrieved from the second computer network, and wherein the detected access is to the computer-readable document that is retrieved from the data storage device.
  - 10. The system according to claim 8 wherein the computer-readable document is a web page.
  - 11. The system according to claim 8 wherein the security manager is configured to prevent operation of the resource.
  - 12. The system according to claim 8 wherein the security manager is configured to delete the computer-readable document from the first computer network.
  - 13. The system according to claim 8 wherein the security manager is configured to delete from a data storage device of the computer a second computer-readable document that is referred to by the computer-readable document that was retrieved from the second computer network.
  - 14. The system of claim 9 wherein the access manager and the security manager are implemented in any ofa) computer hardware, andb) computer software embodied in a non-transitory, computer-readable medium.

15. A computer program product for providing computer security, the computer program product comprising:
- a non-transitory, computer-readable storage medium; and
  
  computer-readable program code embodied in the storage medium, wherein the computer-readable program code is configured todetect access, by a computer in a first computer network, to a computer-readable document,determine whether the computer-readable document was retrieved from a second computer network,identify a reference, associated with the computer-readable document, to a resource at a location within the first computer network, andprevent access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product according to claim 15 wherein the computer-readable program code is configured to maintain an indicator indicating that the computer-readable document was retrieved from the second computer network, wherein the computer-readable document is stored in a data storage device of the computer after being retrieved from the second computer network, and wherein the detected access is to the computer-readable document that is retrieved from the data storage device.
  - 17. The computer program product according to claim 15 wherein the computer-readable document is a web page.
  - 18. The computer program product according to claim 15 wherein the computer-readable program code is configured to prevent operation of the resource.
  - 19. The computer program product according to claim 15 wherein the computer-readable program code is configured to delete the computer-readable document from the first computer network.
  - 20. The computer program product according to claim 15 wherein the computer-readable program code is configured to delete from a data storage device of the computer a second computer-readable document that is referred to by the computer-readable document that was retrieved from the second computer network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
KLEIN, AMIT, REGEV, SHMUEL

Granted Patent

US 10,069,833 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

H04L 67/02   based on web technology, e....

H04L 67/06   specially adapted for file ...

COMPUTER NETWORK CROSS-BOUNDARY PROTECTION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

COMPUTER NETWORK CROSS-BOUNDARY PROTECTION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links