System and method for network security including detection of attacks through partner websites
First Claim
1. A non-transitory computer readable storage medium with instructions for execution on a host computer, comprising instructions to:
- (i) record a relationship between a partner site and the host computer;
(ii) substitute a reference to the partner site with a partner site alias referencing the host computer;
(iii) deliver the partner site alias to a client;
(iv) replace the partner site alias for the reference to the partner site in response to receiving the partner site alias from the client;
(v) augment an address of the client with an address alias;
(vi) send the address alias to the partner site;
(vii) receive from the partner site a partner action and the address alias;
(viii) exchange the address for the address alias;
(ix) deliver the partner action to the client utilizing the address;
(x) monitor (ii) through (ix) to identify client activity that constitutes a security threat at the host computer or the partner site; and
(xi) implement a remedial action in response to the security threat, wherein the remedial action is selected from blocking the client, delaying the client, diverting the client to a harmless webpage and supplying the client with spoofed information.
12 Assignments
0 Petitions
Accused Products
Abstract
A computer readable storage medium with instructions executable on a host computer. The instructions record a relationship between a partner site and the host computer, substitute a reference to the partner site with a partner site alias referencing the host computer, deliver the partner site alias to a client, replace the partner site alias for the reference to the partner site in response to receiving the partner site alias from the client and augment the address of the client with an address alias. The address alias is sent to the partner site. A partner action and the address alias are received from the partner site. The address is exchanged for the address alias. The partner action is delivered to the client utilizing the address. These operations are monitored to identify client activity that constitutes a security threat at the host computer or the partner site.
79 Citations
21 Claims
-
1. A non-transitory computer readable storage medium with instructions for execution on a host computer, comprising instructions to:
-
(i) record a relationship between a partner site and the host computer; (ii) substitute a reference to the partner site with a partner site alias referencing the host computer; (iii) deliver the partner site alias to a client; (iv) replace the partner site alias for the reference to the partner site in response to receiving the partner site alias from the client; (v) augment an address of the client with an address alias; (vi) send the address alias to the partner site; (vii) receive from the partner site a partner action and the address alias; (viii) exchange the address for the address alias; (ix) deliver the partner action to the client utilizing the address; (x) monitor (ii) through (ix) to identify client activity that constitutes a security threat at the host computer or the partner site; and (xi) implement a remedial action in response to the security threat, wherein the remedial action is selected from blocking the client, delaying the client, diverting the client to a harmless webpage and supplying the client with spoofed information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. In a host computer controlled by a first party, a method of providing security, comprising:
-
receiving, from a third-party controlling a partner site, web content including (i) third-party material for presentation to a user of a client device and (ii) a third-party hyperlink which identifies the partner site, the third-party being different than the first party controlling the host computer; generating, by the host computer, a webpage having modified web content, the modified web content including (i) the third-party material for presentation to the user of the client device and (ii) a host computer hyperlink in place of the third-party hyperlink, the host computer hyperlink identifying the host computer; providing the webpage having the modified web content to the client device; receiving a client message from the client device, the client message including (i) a request to access a resource of the partner site and (ii) a client address identifying the client device; generating a proxy message based on the client message, the proxy message including (i) the request to access a resource of the partner site and (ii) a proxy address identifying the host computer; providing the proxy message to the partner site; receiving a partner action message from the partner site in response to the proxy message, the partner action message including (i) a partner action response and (ii) a partner site address identifying the partner site; generating a proxy action message based on the partner action message, the proxy action message, the partner action message including (i) the partner action response and (ii) a proxy address identifying the host computer; providing the proxy action message to the client device; monitoring communications between the client device and the partner site through the host computer to identify security threats resulting from the communications; and implementing a remedial action in response to an identified security threat, the remedial action being selected from blocking the client device, delaying the client device, diverting the client device to a harmless webpage and supplying the client device with spoofed information.
-
-
20. A network security apparatus, comprising:
-
a communications interface; memory; and processing circuitry coupled to the communications interface and the memory, the memory storing instructions which, when carried out by the processing circuitry, cause the processing circuitry to; receive, from a third-party controlling a partner site, web content including (i) third-party material for presentation to a user of a client device and (ii) a third-party hyperlink which identifies the partner site, the third-party being different than the first party controlling the host computer, generate, by the host computer, a webpage having modified web content, the modified web content including (i) the third-party material for presentation to the user of the client device and (ii) a host computer hyperlink in place of the third-party hyperlink, the host computer hyperlink identifying the host computer, provide the webpage having the modified web content to the client device, receive a client message from the client device, the client message including (i) a request to access a resource of the partner site and (ii) a client address identifying the client device, generate a proxy message based on the client message, the proxy message including (i) the request to access a resource of the partner site and (ii) a proxy address identifying the host computer; provide the proxy message to the partner site, receive a partner action message from the partner site in response to the proxy message, the partner action message including (i) a partner action response and (ii) a partner site address identifying the partner site, generate a proxy action message based on the partner action message, the proxy action message, the partner action message including (i) the partner action response and (ii) a proxy address identifying the host computer, provide the proxy action message to the client device, monitor communications between the client device and the partner site through the host computer to identify security threats resulting from the communications; implement a remedial action in response to an identified security threat, the remedial action being selected from blocking the client device, delaying the client device, diverting the client device to a harmless webpage and supplying the client device with spoofed information.
-
-
21. A computer program product having a non-transitory computer readable medium which stores a set of instructions to provide security, the set of instructions, when carried out by a host computer controlled by a first party, causing the host computer to perform a method of:
-
receiving, from a third-party controlling a partner site, web content including (i) third-party material for presentation to a user of a client device and (ii) a third-party hyperlink which identifies the partner site, the third-party being different from the first party controlling the host computer; generating, by the host computer, a webpage having modified web content, the modified web content including (i) the third-party material for presentation to the user of the client device and (ii) a host computer hyperlink in place of the third-party hyperlink, the host computer hyperlink identifying the host computer; providing the webpage having the modified web content to the client device; receiving a client message from the client device, the client message including (i) a request to access a resource of the partner site and (ii) a client address identifying the client device; generating a proxy message based on the client message, the proxy message including (i) the request to access a resource of the partner site and (ii) a proxy address identifying the host computer; providing the proxy message to the partner site; receiving a partner action message from the partner site in response to the proxy message, the partner action message including (i) a partner action response and (ii) a partner site address identifying the partner site; generating a proxy action message based on the partner action message, the proxy action message, the partner action message including (i) the partner action response and (ii) a proxy address identifying the host computer; providing the proxy action message to the client device; monitoring communications between the client device and the partner site through the host computer to identify security threats resulting from the communications; and implementing a remedial action in response to an identified security threat, the remedial action being selected from blocking the client device, delaying the client device, diverting the client device to a harmless webpage and supplying the client device with spoofed information.
-
Specification