User session dependent URL masking

US 8,407,482 B2
Filed: 03/31/2006
Issued: 03/26/2013
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

intercepting web content to be displayed in a web page by a browser client;

analyzing, by a processor, the web content for one or more references within the web content, the references being one or more Uniform Resource Locators (URLs);

during a first session, selecting a first set of masking parameters from a masking parameter queue based on one or more static or transient parameters;

editing the web content by masking a reference with the selected first set of masking parameters, the masked reference to be displayed in the web page by the browser client;

during a second session, selecting a second set of masking parameters from the masking parameter queue based on one or more of the static or transient parameters, wherein the first and second sets of masking parameters include at least one different type of parameter; and

editing the web content by masking a second reference with the selected second set of masking parameters, the second masked reference to be displayed in a second web page by the browser client, wherein within each respective session, each occurrence of a same URL with the web content is masked in a different manner than other versions of the same URL in the web content.

View all claims

25 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed toward a method, device, and system for enhancing web security by masking a URL embedded in at least some portion of web content. A session dependent URL is generated and masked on a server side prior to being distributed to a customer for viewing. The session dependent URL is only active during the session in which it was generated. After the session has ended information relating to the session, web content, and masking of the URL is purged from memory.

24 Citations

View as Search Results

22 Claims

1. A method, comprising:
- intercepting web content to be displayed in a web page by a browser client;
  
  analyzing, by a processor, the web content for one or more references within the web content, the references being one or more Uniform Resource Locators (URLs);
  
  during a first session, selecting a first set of masking parameters from a masking parameter queue based on one or more static or transient parameters;
  
  editing the web content by masking a reference with the selected first set of masking parameters, the masked reference to be displayed in the web page by the browser client;
  
  during a second session, selecting a second set of masking parameters from the masking parameter queue based on one or more of the static or transient parameters, wherein the first and second sets of masking parameters include at least one different type of parameter; and
  
  editing the web content by masking a second reference with the selected second set of masking parameters, the second masked reference to be displayed in a second web page by the browser client, wherein within each respective session, each occurrence of a same URL with the web content is masked in a different manner than other versions of the same URL in the web content.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the first and second sets of parameters comprise at least one of a time-stamp, a server identification number, a number of processes currently being employed by a server, free disk space in a server, a file being accessed by a server, a number of high priority processes, a number of files open on a system connected to a server, a CPU'"'"'s usage information, a user name, and subject matter surrounding at least one of the references in the Web content.
  - 3. The method of claim 1, further comprising:
    - receiving Web content comprising the reference in at least one of the first and second sessions;
      
      replacing the received reference with the masked reference in the Web content, thus resulting in an altered Web content comprising the masked reference; and
      
      distributing the altered Web content comprising the masked reference to at least one client.
  - 4. The method of claim 1, wherein the first session corresponds to a first connection between the at least one client and a server, wherein the second session corresponds to the same first connection between the at least one client and server, and wherein the second session is initiated when the at least one client initiates an action that requests new Web content from the server.
  - 5. The method of claim 1, wherein the first session corresponds to a first communication between the at least one client and a server, and wherein the second session corresponds to a second communication between the at least one client and server that occurs at a time later than the first communication.
  - 6. The method of claim 1, wherein the first session ends when Web content comprising a reference in a second session is masked, further comprising purging the first set of parameters from memory.
  - 7. The method of claim 1, wherein the masking comprises:
    - determining an amount of time in which at least one of the masked references should become inactive after it has been distributed to the at least one client;
      
      enabling at least one of the masked references with a timing-out mechanism;
      
      determining whether the amount of time has lapsed; and
      
      in the event that the amount of time has lapsed, altering at least one of the masked references such that it cannot be properly unmasked by a server.
  - 8. The method of claim 1, wherein the masking comprises:
    - determining authorized and unauthorized actions that can be performed by the at least one client during the first session;
      
      enabling at least one of the masked references with an action sensitive mechanism;
      
      a server monitoring actions of the at least one client during the first session;
      
      in the event that an authorized action is performed by the at least one client, altering at least one of the masked references such that it can be properly unmasked by the server; and
      
      in the event that an unauthorized action is performed by the at least one client, altering at least one of the masked references such that it cannot be properly unmasked by the server.
  - 9. The method of claim 1, further comprising:
    - receiving at least one of the masked references from a first client;
      
      parsing at least one of the masked references to determine a session identification number;
      
      validating the session identification number in order to confirm the session identification number corresponds to a legitimate session identification number;
      
      after the session identification number has been validated, determining a set of parameters that were used to mask at least one of the masked references; and
      
      unmasking at least one of the masked references using the determined set of parameters.
  - 10. The method of claim 1, wherein at least one of the first and second sets of parameters are chosen based at least in part on time-stamped information.
  - 11. The method of claim 1, wherein at least one of the first and second sets of parameters are chosen based at least in part on transient information.
  - 12. A non-transitory computer readable medium comprising instructions, that when executed by a processor, are operable to perform the method of claim 1.

13. An information server, comprising:
- an input operable to receive a request from a client for Web content to be displayed in a web page by a browser client, the Web content comprising at least one reference to further Web content;
  
  a URL manager that intercepts the web content to be displayed in the web page by the browser client and analyzes the web content for one or more references within the web content, the references being one or more Uniform Resource Locators (URLs);
  
  a reference manager and processor operable to select a first set of parameters from a masking parameter queue based on one or more static or transient parameters for masking the at least one reference in the web page in a first session and a second set of parameters from the masking parameter queue based on one or more of the static or transient parameters, that includes at least one parameter that differs from the first set of parameters, for masking the at least one reference in a web page in a second session, wherein the reference manager is further operable to replace the at least one reference in the web page with a masked version of the at least one reference, thus resulting in an altered Web content comprising the masked version of the at least one reference; and
  
  an output operable to distribute the altered Web content including the masked version of the at least one reference to the client for display by the browser client, wherein within each respective session, each occurrence of a same URL with the web content is masked in a different manner than other versions of the same URL in the web content.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 14. The information server of claim 13, wherein the first and second set of parameters comprise at least one of a time-stamp, the server identification number, a number of processes currently being employed by the server, free disk space in the server, a file being accessed by the server, a number of high priority processes, a number of files open on a system connected to the server, a CPU'"'"'s usage information, a user name, and subject matter surrounding the at least one reference in the Web content.
  - 15. The information server of claim 13, wherein the first session corresponds to a first connection between the client and the server, wherein the second session corresponds to the same first connection between the client and server, and wherein the second session is initiated when the client initiates an action that requests new Web content from the server.
  - 16. The information server of claim 13, wherein the first session corresponds to a first communication between the client and the server, and wherein the second session corresponds to a second communication between the client and server that occurs at a time later than the first communication.
  - 17. The information server of claim 13, wherein the first session ends when the Web content comprising the at least one reference in a second Web session is received, and wherein the reference manager is further operable to purge the first set of parameters from memory.
  - 18. The information server of claim 13, wherein the reference manager is further operable to determine an amount of time in which the at least one reference should become inactive after it has been distributed to the client, enable the masked version of the at least one reference with a timing-out mechanism, determine whether the amount of time has lapsed, and in the event that the amount of time has lapsed, to alter the masked version of the at least one reference such that it cannot be properly unmasked by the server.
  - 19. The information server of claim 13, wherein the reference manager is further operable to determine authorized and unauthorized actions that can be performed by the client during the first session, enable the masked version of the at least one reference with an action sensitive mechanism, monitor actions of the client during the first session, and in the event that an authorized action is performed by the client, to alter the masked version of the at least one reference such that it can be properly unmasked by the server.
  - 20. The information server of claim 13, wherein the reference manager is further operable to receive a masked reference to Web content from a first client, parse the masked reference to Web content to determine a session identification number, validate the session identification number in order to confirm the session identification number corresponds to a legitimate session identification number, after the session identification number has been validated, determine a set of parameters that were used to mask the masked reference to Web content, and to unmask the masked reference to Web content using the determined set of parameters.
  - 21. The information server of claim 13, wherein at least one of the first and second sets of parameters are chosen based at least in part on time-stamped information.
  - 22. The information server of claim 13, wherein at least one of the first and second sets of parameters are chosen based at least in part on transient information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avaya Incorporated
Original Assignee
Avaya Incorporated
Inventors
Ghosh, Biswadip, Rao, Santhpur N.
Primary Examiner(s)
LANIER, BENJAMIN E

Application Number

US11/395,439
Publication Number

US 20070245027A1
Time in Patent Office

2,552 Days
Field of Search

713/189, 726/2, 726/26
US Class Current

713/189
CPC Class Codes

H04L 2463/121   Timestamp cryptographic mec...

H04L 61/30   Managing network names, e.g...

H04L 61/301   Name conversion

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 67/14   Session management for real...

User session dependent URL masking

First Claim

25 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

User session dependent URL masking

First Claim

25 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links