System and method for providing transactional security for an end-user device

US 8,434,148 B2
Filed: 03/30/2007
Issued: 04/30/2013
Est. Priority Date: 03/30/2006
Status: Active Grant

First Claim

Patent Images

1. A network system comprising:

a server computer operative to provide a transaction with an end-user device over a transaction network;

an agent configured to operate on the end-user device operative to securely download a security mechanism from a trusted source to the end-user device to protect the end-user device during the transaction, the agent being pre-configured with a network address to a secure network address resolution service configured to provide an IP address of the trusted source; and

the security mechanism being configured to operate on the end-user device to at least partially protect the end-user device from malicious code, the malicious code being operative on the end-user device to attempt to capture confidential data presented during the transaction, the security mechanism being maintained by a party other than an end user of the end-user device, wherein the security mechanism being further configured operative to temporarily suspend an application that is not necessary for the transaction, and the temporary suspension being for the duration of the transaction.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system comprises a transaction network operative to provide a transaction with an end user; a trusted source of a security mechanism (e.g., a start/stop trigger module, an application lockout module, a network/file I/O control module, a trusted driver manager, a keystrokes generator driver, a keystrokes deletion hook, and/or a transaction network VPN manager) for at least partially protecting an end-user device from malicious code operative thereon that attempts to capture confidential data presented during the transaction, the security mechanism being maintained by a party other than the end user; and an agent for providing the security mechanism to the end-user device to protect the end-user device during the transaction.

95 Citations

View as Search Results

40 Claims

1. A network system comprising:
- a server computer operative to provide a transaction with an end-user device over a transaction network;
  
  an agent configured to operate on the end-user device operative to securely download a security mechanism from a trusted source to the end-user device to protect the end-user device during the transaction, the agent being pre-configured with a network address to a secure network address resolution service configured to provide an IP address of the trusted source; and
  
  the security mechanism being configured to operate on the end-user device to at least partially protect the end-user device from malicious code, the malicious code being operative on the end-user device to attempt to capture confidential data presented during the transaction, the security mechanism being maintained by a party other than an end user of the end-user device, wherein the security mechanism being further configured operative to temporarily suspend an application that is not necessary for the transaction, and the temporary suspension being for the duration of the transaction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The network system of claim 1, wherein the server computer is a banking site.
  - 3. The network system of claim 1, wherein the server computer is a gaming site.
  - 4. The network system of claim 1, wherein the trusted source resides on an ISP network.
  - 5. The network system of claim 1, wherein the trusted source and the server computer is managed by the same entity.
  - 6. The network system of claim 1, wherein the trusted source resides on the transaction network.
  - 7. The network system of claim 1, wherein the security mechanism includes a security engine operative to temporarily suspend the application.
  - 8. The network system of claim 1, wherein the security mechanism includes a security profile comprising identification information for the security mechanism.
  - 9. The network system of claim 1, wherein the security mechanism includes a security engine and a security profile.
  - 10. The network system of claim 1, wherein the security mechanism includes a start/stop trigger module for controlling when to initiate one or more aspects of the security mechanism and when to deactivate the one or more aspects of the security mechanism.
  - 11. The network system of claim 1, wherein the security mechanism includes a file/network I/O control module for disabling at least one file or network operation during the transaction.
  - 12. The network system of claim 1, wherein the security mechanism includes a trusted driver module for determining whether a driver on the end-user device matches a known trusted driver.
  - 13. The network system of claim 12, wherein driver is a keyboard driver.
  - 14. The network system of claim 1, wherein the security mechanism includes a keystrokes generator driver for generating additional keystrokes to a keystroke pattern generated by the end user.
  - 15. The network system of claim 14, wherein the security mechanism includes a keystrokes deletion hook for deleting the additional keystrokes generated by the keystrokes generator driver.
  - 16. The network system of claim 1, wherein the security mechanism includes an IP address to a server computer within the transaction network.
  - 17. The network system of claim 1, wherein the security mechanism includes a VPN manager capable of establishing a secure tunnel between the end-user device and the transaction network.
  - 18. The network system of claim 1, wherein the agent is capable of removing the security mechanism upon completion of the transaction.
  - 19. The network system of claim 1, further comprising a second agent being capable of removing the security mechanism upon completion of the transaction.
  - 20. The network system of claim 1, wherein the agent includes an install agent downloaded from the trusted source.
  - 21. The network system of claim 1, wherein the agent includes an install agent downloaded from a third-party server.
  - 22. The network system of claim 1, wherein the agent includes a connection agent preloaded onto the end-user device.

23. A method comprising:
- requesting by an end-user device a secure transaction with a server computer operative to provide the secure transaction over a transaction network;
  
  receiving by the end-user device an IP address of a trusted source from a secure network address resolution service at a network address, the end-user device being pre-configured with the network address of the secure network address resolution service and being operative to securely downloading a security mechanism from the trusted source to the end-user device;
  
  receiving, from the trusted source, a security mechanism, the security mechanism being configured to operate on the end-user device to at least partially protect the end-user device from malicious code, the malicious code being operative on the end-user device to attempt to capture confidential data presented during the transaction, the security mechanism being maintained by a party other than an end user of the end-user device;
  
  activating the security mechanism;
  
  temporarily suspending, by the security mechanism, an application on the end-user device that is not necessary for the transaction, the temporary suspension being for the duration of the transaction;
  
  establishing a secure connection between an end-user device and the server computer; and
  
  enabling the transaction.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 24. The method of claim 23, wherein the server computer is a banking site.
  - 25. The method of claim 23, wherein the server computer is a gaming site.
  - 26. The method of claim 23, wherein the trusted source resides on an ISP network.
  - 27. The method of claim 23, wherein the trusted source and the server computer is managed by the same entity.
  - 28. The method of claim 23, wherein the trusted source resides on the transaction network.
  - 29. The method of claim 23, wherein the security mechanism includes a security engine operative to temporarily suspend the application.
  - 30. The method of claim 23, wherein the security mechanism includes a security profile comprising identification information for the security mechanism.
  - 31. The method of claim 23, wherein the security mechanism includes a security engine and a security profile.
  - 32. The method of claim 23, wherein the security mechanism includes a start/stop trigger module for controlling when to initiate one or more aspects of the security mechanism and when to deactivate the one or more aspects of the security mechanism.
  - 33. The method of claim 23, wherein the security mechanism includes a file/network I/O control module for disabling at least one file or network operation during the transaction.
  - 34. The method of claim 23, wherein the security mechanism includes a trusted driver module for determining whether a driver on the end-user device matches a known trusted driver.
  - 35. The method of claim 34, wherein driver is a keyboard driver.
  - 36. The method of claim 23, wherein the security mechanism includes a keystrokes generator driver for generating additional keystrokes to a keystroke pattern generated by the end user.
  - 37. The method of claim 36, wherein the security mechanism includes a keystrokes deletion hook for deleting the additional keystrokes generated by the keystrokes generator driver.
  - 38. The method of claim 23, wherein the security mechanism includes an IP address to a server within the transaction network.
  - 39. The method of claim 23, wherein the security mechanism includes a VPN manager capable of establishing a secure tunnel between the end-user device and the transaction network.
  - 40. The method of claim 23, further comprising removing the security mechanism upon completion of the transaction.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Antlabs Pte Ltd.
Original Assignee
Antlabs Pte Ltd.
Inventors
Teo, Wee Tuck
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mohammad L

Application Number

US11/694,476
Publication Number

US 20070234061A1
Time in Patent Office

2,223 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06Q 20/382   insuring higher security of...

G06Q 30/06   Buying, selling or leasing ...

H04L 63/08   for authentication of entit...

H04L 63/1441   Countermeasures against mal...

System and method for providing transactional security for an end-user device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

95 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing transactional security for an end-user device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

95 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links