Secure network cache content
First Claim
1. A computer-implemented method for securing content in a network cache, comprising:
- monitoring a computing device associated with the network cache to detect a network activity performed by the computing device, wherein the network activity comprises a network connection establishment with a computer network;
responsive to the detection of the network activity performed by the computing device, examining content in the network cache to identify a piece of suspicious content in the network cache, the examining comprising;
retrieving, through the established network connection, a response from a website from which a piece of cache content originated before the detected network connection establishment;
comparing the piece of cache content with the response; and
responsive to the piece of cache content not matching the response, identifying the piece of cache content as the piece of suspicious content in the network cache; and
responsive to the identification of the piece of suspicious content in the network cache, preventing the piece of suspicious content in the network cache from carrying out malicious activities in the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A security module on a computing device applies security rules to examine content in a network cache and identify suspicious cache content. Cache content is identified as suspicious according to security rules, such as a rule determining whether the cache content is associated with modified-time set into the future, and a rule determining whether the cache content was created in a low-security environment. The security module may establish an out-of-band connection with the websites from which the cache content originated through a high security access network to receive responses from the websites, and use the responses to determine whether the cache content is suspicious cache content. Suspicious cache content is removed from the network cache to prevent the suspicious cache content from carrying out malicious activities.
264 Citations
19 Claims
-
1. A computer-implemented method for securing content in a network cache, comprising:
-
monitoring a computing device associated with the network cache to detect a network activity performed by the computing device, wherein the network activity comprises a network connection establishment with a computer network; responsive to the detection of the network activity performed by the computing device, examining content in the network cache to identify a piece of suspicious content in the network cache, the examining comprising; retrieving, through the established network connection, a response from a website from which a piece of cache content originated before the detected network connection establishment; comparing the piece of cache content with the response; and responsive to the piece of cache content not matching the response, identifying the piece of cache content as the piece of suspicious content in the network cache; and responsive to the identification of the piece of suspicious content in the network cache, preventing the piece of suspicious content in the network cache from carrying out malicious activities in the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A computer system for securing content in a network cache, comprising:
a non-transitory computer-readable storage medium storing executable computer program code, the computer program code comprising program code for; monitoring a computing device associated with the network cache to detect a network activity performed by the computing device, wherein the network activity comprises a network connection establishment with a computer network; responsive to the detection of the network activity performed by the computing device, examining content in the network cache to identify a piece of suspicious content in the network cache, the examining comprising; retrieving, through the established network connection, a response from a website from which a piece of cache content originated before the detected network connection establishment; comparing the piece of cache content with the response; and responsive to the piece of cache content not matching the response, identifying the piece of cache content as the piece of suspicious content in the network cache; and responsive to the identification of the piece of suspicious content in the network cache, preventing the piece of suspicious content in the network cache from carrying out malicious activities in the computing device. - View Dependent Claims (13, 14, 18)
-
15. A non-transitory computer-readable storage medium encoded with executable computer program code for securing content in a network cache, the computer program code comprising program code for:
-
monitoring a computing device associated with the network cache to detect a network activity performed by the computing device, wherein the network activity comprises a network connection establishment with a computer network; responsive to the detection of the network activity performed by the computing device, examining content in the network cache to identify a piece of suspicious content in the network cache, the examining comprising; retrieving, through the established network connection, a response from a website from which a piece of cache content originated before the detected network connection establishment; comparing the piece of cache content with the response; and responsive to the piece of cache content not matching the response, identifying the piece of cache content as the piece of suspicious content in the network cache; and responsive to the identification of the piece of suspicious content in the network cache, preventing the piece of suspicious content in the network cache from carrying out malicious activities in the computing device. - View Dependent Claims (16, 17, 19)
-
Specification