DISTRIBUTED CLIENT PROTECTION

US 20190327263A1
Filed: 04/18/2018
Published: 10/24/2019
Est. Priority Date: 04/18/2018
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implementable method for managing network communication, comprising:

responsive to receipt of traffic from a server to a client;

parsing content of the traffic; and

injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client;

determines whether the content includes additional content that overrides the action of the original content; and

in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and computer-usable medium are disclosed for, responsive to receipt of traffic from a server to a client, parsing content of the traffic, and injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client determines whether the content includes additional content that overrides the action of the original content, and in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.

8 Citations

View as Search Results

21 Claims

1. A computer-implementable method for managing network communication, comprising:
- responsive to receipt of traffic from a server to a client;
  
  parsing content of the traffic; and
  
  injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client;
  
  determines whether the content includes additional content that overrides the action of the original content; and
  
  in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the inspection service executes locally on a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 3. The method of claim 1, wherein the inspection service executes remotely from a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 4. The method of claim 1, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, executes the action during inspection of the action by the inspection service.
  - 5. The method of claim 4, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, communicates a warning to the user indicating that the action is malicious.
  - 6. The method of claim 1, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, delays the action during inspection of the action by the inspection service.
  - 7. The method of claim 6, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, blocks execution of the action.

8. A system comprising:
- a processor;
  
  a data bus coupled to the processor; and
  
  a non-transitory, computer-readable storage medium embodying computer program code, the non-transitory, computer-readable storage medium being coupled to the data bus, the computer program code interacting with a plurality of computer operations and comprising instructions executable by the processor and configured for;
  
  responsive to receipt of traffic from a server to a client;
  
  parsing content of the traffic; and
  
  injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client;
  
  determines whether the content includes additional content that overrides the action of the original content; and
  
  in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the inspection service executes locally on a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 10. The system of claim 8, wherein the inspection service executes remotely from a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 11. The system of claim 8, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, executes the action during inspection of the action by the inspection service.
  - 12. The system of claim 11, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, communicates a warning to the user indicating that the action is malicious.
  - 13. The system of claim 8, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, delays the action during inspection of the action by the inspection service.
  - 14. The system of claim 13, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, blocks execution of the action.

15. A non-transitory, computer-readable storage medium embodying computer program code, the computer program code comprising computer executable instructions configured for:
- responsive to receipt of traffic from a server to a client;
  
  parsing content of the traffic; and
  
  injecting additional content into original content of the server response to override an action of the original content, such that when the client executes the content of the traffic the client;
  
  determines whether the content includes additional content that overrides the action of the original content; and
  
  in response to determining that the content includes additional content that overrides the action of the original content, communicates parameters associated with execution of the action to an inspection service to determine if the action is malicious.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The storage medium of claim 15, wherein the inspection service executes locally on a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 17. The storage medium of claim 15, wherein the inspection service executes remotely from a security device that performs the steps of parsing content of the traffic and injecting additional content into original content of the server response.
  - 18. The storage medium of claim 15, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, executes the action during inspection of the action by the inspection service.
  - 19. The storage medium of claim 18, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, communicates a warning to the user indicating that the action is malicious.
  - 20. The storage medium of claim 15, such that the client further, in response to determining that the content includes additional content that overrides the action of the original content, delays the action during inspection of the action by the inspection service.
  - 21. The storage medium of claim 20, such that the client further:
    - receives an indication from the inspection service regarding whether the action is malicious; and
      
      if the indication from the inspection service indicates the action is malicious, blocks execution of the action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
JALIO, Christian, RAHKONEN, Valtteri, LEVOMAKI, Antti

Application Number

US15/956,357
Publication Number

US 20190327263A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/567   using dedicated hardware

H04L 43/062   related to network traffic

H04L 63/1466   Active attacks involving in...

H04L 63/20   for managing network securi...

DISTRIBUTED CLIENT PROTECTION

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

8 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED CLIENT PROTECTION

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

8 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links