Separating control of network sites

US 8,666,828 B1
Filed: 11/10/2010
Issued: 03/04/2014
Est. Priority Date: 11/10/2010
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

at least one computing device;

an electronic commerce application executable in the at least one computing device, the electronic commerce application facilitating electronic commerce for a plurality of merchants; and

a proxy server application executable in the at least one computing device, the proxy server application comprising;

logic that obtains a request for a network page associated with one of a plurality of customers of an organization, the plurality of customers corresponding to the plurality of merchants, each of the customers having an online presence hosted in a trusted network that is subject to security supervision by the organization;

logic that determines whether the network page is within a merchant-managed portion of a network site;

logic that obtains the network page from an untrusted network that is not subject to security supervision by the organization when the network page is within the merchant-managed portion of the network site; and

logic that obtains the network page from the electronic commerce application when the network page is not within the merchant-managed portion of the network site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are various embodiments for separating control of network sites through the use of a proxy server application. A proxy server application obtains a request for a network page associated with one customer out of several customers of an organization. Each of the customers has an online presence hosted in a trusted network. The trusted network is subject to security supervision by the same organization. It is determined whether the network page is within a customer-managed portion of the network site. The network page is obtained from an untrusted network that is not subject to security supervision by the organization when the network page is within the customer-managed portion of the network site.

Citations

26 Claims

1. A system, comprising:
- at least one computing device;
  
  an electronic commerce application executable in the at least one computing device, the electronic commerce application facilitating electronic commerce for a plurality of merchants; and
  
  a proxy server application executable in the at least one computing device, the proxy server application comprising;
  
  logic that obtains a request for a network page associated with one of a plurality of customers of an organization, the plurality of customers corresponding to the plurality of merchants, each of the customers having an online presence hosted in a trusted network that is subject to security supervision by the organization;
  
  logic that determines whether the network page is within a merchant-managed portion of a network site;
  
  logic that obtains the network page from an untrusted network that is not subject to security supervision by the organization when the network page is within the merchant-managed portion of the network site; and
  
  logic that obtains the network page from the electronic commerce application when the network page is not within the merchant-managed portion of the network site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The system of claim 1, wherein the proxy server application is executed in the untrusted network.
  - 3. The system of claim 1, wherein the proxy server application is executed in the trusted network.
  - 4. The system of claim 3, wherein the proxy server application is executed within a quarantined portion of the trusted network.
  - 5. The system of claim 1, wherein the proxy server application further comprises:
    - logic that obtains the request from a client computing device; and
      
      logic that sends the network page to the client computing device.
  - 6. The system of claim 1, wherein the logic that determines whether the network page is within the merchant-managed portion of the network site is further configured to compare a uniform resource locator (URL) embodied in the request to a set of URLs managed by the one of the customers.
  - 7. The system of claim 1, wherein the logic that determines is further configured to determine whether the network page is within the merchant-managed portion of a network site based at least in part on a header field embodied in the request.
  - 8. The system of claim 7, wherein the header field is selected from the group consisting of:
    - a User-Agent field, an Accept field, an Accept-Language field, an Accept-Encoding field, an Accept-Charset field, an Authorization field, a Proxy-Authorization field, a From field, a Referer field, and a Host field.
  - 9. The system of claim 1, wherein the logic that obtains the network page from the untrusted network is further configured to request the network page from a network page server application executed in the untrusted network using an encrypted connection.
  - 10. The system of claim 1, wherein the trusted network is separated from the untrusted network by a firewall.
  - 11. The system of claim 1, wherein the network site corresponds to at least a portion of the online presence of the one of the customers.
  - 12. The system of claim 1, wherein the network page is fully customizable by the one of the customers when the network page is within the merchant-managed portion of the network site.
  - 13. The system of claim 1, wherein the logic that obtains the network page from the untrusted network is further configured to obtain the network page from a network page server application under control of the one of the customers.
  - 14. The system of claim 1, wherein a non-merchant-managed portion of the network site is subject to compliance with the Payment Card Industry Data Security Standards (PCI DSS).
  - 15. The system of claim 1, wherein any change initiated by the one of the customers to a non-merchant-managed portion of the network site is subject to a manual review.
  - 16. The system of claim 1, wherein a non-merchant-managed portion of the network site is associated with a first domain name, and the merchant-managed portion of the network site is associated with a second domain name.
  - 17. The system of claim 16, wherein the first domain name and the second domain name are subdomains of a parent domain name.

18. A method, comprising:
- obtaining, in at least one computing device, a request for a network page associated with one of a plurality of customers of an organization, each of the customers having an online presence hosted in a trusted network that is subject to security supervision by the organization;
  
  determining, in the at least one computing device, whether the network page is within a customer-managed portion of a network site;
  
  obtaining, in the at least one computing device, the network page from an untrusted network that is not subject to security supervision by the organization when the network page is within the customer-managed portion of the network site;
  
  determining, in the at least one computing device, whether the network page is within a non-merchant-managed portion of the network site, wherein the customers are merchants; and
  
  obtaining, in the at least one computing device the network page from an electronic commerce application when the network page is within the non-merchant-managed portion of the network site, the electronic commerce application facilitating electronic commerce for the merchants.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, wherein the determining further comprises comparing, in the at least one computing device, a uniform resource locator (URL) embodied in the request to a set of URLs managed by the one of the customers.
  - 20. The method of claim 18, wherein the determining further comprises determining, in the at least one computing device, whether the network page is within the customer-managed portion of a network site based at least in part on a header field embodied in the request.
  - 21. The method of claim 18, wherein obtaining the network page from the untrusted network further comprises requesting the network page from a network page server application executed in the untrusted network using an encrypted connection.
  - 22. The method of claim 18, wherein the non-merchant-managed portion of the network site is associated with a first domain name, and the customer-managed portion of the network site is associated with a second domain name.

23. A non-transitory computer-readable medium embodying a program executable in a computing device, comprising:
- code that obtains a request for a network page associated with one of a plurality of customers of an organization, each of the customers having an online presence hosted in a trusted network that is subject to security supervision by the organization;
  
  code that determines whether the network page is within a customer-managed portion of a network site;
  
  code that obtains the network page from an untrusted network that is not subject to security supervision by the organization when the network page is within the customer-managed portion of the network site;
  
  code that determines whether the network page is within a non-merchant-managed portion of the network site, wherein the customers are merchants; and
  
  code that obtains the network page from an electronic commerce application when the network page is within the non-merchant-managed portion of the network site.
- View Dependent Claims (24, 25, 26)
- - 24. The non-transitory computer-readable medium of claim 23, wherein the code that determines whether the network page is within the customer-managed portion of the network site is further configured to compare a uniform resource locator (URL) embodied in the request to a set of URLs managed by the one of the customers.
  - 25. The non-transitory computer-readable medium of claim 23, wherein the code that determines is further configured to determine whether the network page is within the customer-managed portion of a network site based at least in part on a header field embodied in the request.
  - 26. The non-transitory computer-readable medium of claim 23, wherein the non-merchant-managed portion of the network site is associated with a first domain name, and the customer-managed portion of the network site is associated with a second domain name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Huntwork, Andrew S., Boynes, Jeremy
Primary Examiner(s)
HAQ, NAEEM U

Application Number

US12/943,127
Time in Patent Office

1,210 Days
Field of Search

705/26.1, 705/26.2, 705/26.25, 705/26.3, 705/26.35, 705/26.4, 705 2641- 2644, 705/26.5, 705 2661- 2664, 705/26.7, 705/26.8, 705/26.81, 705/26.82, 705/26.9, 705/27.1, 705/27.2
US Class Current

705/26.1
CPC Class Codes

G06Q 10/06   Resources, workflows, human...

G06Q 20/382   insuring higher security of...

G06Q 30/0601   Electronic shopping [e-shop...

G06Q 40/02   Banking, e.g. interest calc...

Separating control of network sites

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Separating control of network sites

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links