System and method for securing a network session

US 9,112,897 B2
Filed: 06/13/2008
Issued: 08/18/2015
Est. Priority Date: 03/30/2006
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

an end-user device configured to receive a security policy from a website during a website session with the website, the security policy being based on security demands of a particular section of the website associated with an increased data security risk; and

a security component on the end-user device configured to use the security policy to activate a security mechanism to temporarily protect the end-user device while a user visits the particular section of the website from operations of malicious code that may be on the end-user device, the security component configured to activate the security mechanism at an activation point corresponding to the user visiting the particular section of the website associated with the increased data security risk, the security component further configured to deactivate the security mechanism at a deactivation point corresponding to the user navigating away from the particular section of the website associated with the increased data security risk.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system comprises an end-user device including a browser and a security component capable of executing a security policy, the security policy to be downloaded from a website; and a website including a security policy downloadable to the security component.

Citations

23 Claims

1. A system comprising:
- an end-user device configured to receive a security policy from a website during a website session with the website, the security policy being based on security demands of a particular section of the website associated with an increased data security risk; and
  
  a security component on the end-user device configured to use the security policy to activate a security mechanism to temporarily protect the end-user device while a user visits the particular section of the website from operations of malicious code that may be on the end-user device, the security component configured to activate the security mechanism at an activation point corresponding to the user visiting the particular section of the website associated with the increased data security risk, the security component further configured to deactivate the security mechanism at a deactivation point corresponding to the user navigating away from the particular section of the website associated with the increased data security risk.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The system of claim 1, wherein the end-user device receives the security policy from the website upon connection to the website after at least one of an SSL, SSH, or PKI session has been established.
  - 3. The system of claim 1, wherein the security mechanism includes at least one of cross site scripting protection, resource access controls, HTML data integrity protection using checksums keylogger controls I/O access controls browser cache access controls, or network access controls.
  - 4. The system of claim 1, wherein the activation point corresponds to an explicit trigger point identifying a protected portion of the website or a secure website.
  - 5. The system of claim 4, wherein the explicit trigger point includes a metatag embedded in the website.
  - 6. The system of claim 5, wherein the metatag comprises a checksum metatag.
  - 7. The system of claim 1, wherein the activation point corresponds to an implicit trigger point identifying a change in a domain name system (DNS) identifier.
  - 8. The system of claim 1, wherein the activation point corresponds to an implicit trigger point identifying a change in a uniform resource locator (URL) identifier.
  - 9. The system of claim 1, wherein the security component connects to the website via a point-to-point tunnel before executing the security policy.
  - 10. The system of claim 1, wherein the website includes an integrity checksum embedded in the website, and the security component includes a website integrity checker to use the integrity checksum to confirm that the website has not been modified during transport.
  - 11. The system of claim 1, wherein the security policy identifies alias and affiliate servers where a browser may navigate without raising concern.

12. A method for execution on an end-user device comprising a browser and a security component, the end-user device possibly including malicious code capable of data theft, the method comprising:
- accessing, by the browser, a website during a website session;
  
  receiving, by the end-user device, a security policy during the website session in response to accessing the website, the security policy being based on security demands of a particular section of the website associated with an increased data security risk;
  
  activating, by the security component, a security mechanism using the security policy to temporarily protect the end-user device while a user visits the particular section of the website from operations of the malicious code capable of data theft that may be on the end-user device, the security component configured to activate the security mechanism at an activation point corresponding to the user visiting the particular section of the website associated with the increased data security risk; and
  
  deactivating, by the security component, the security mechanism at a deactivation point corresponding to the user navigating away from the particular section of the website associated with the increased data security risk.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein the receiving of the security policy from the website occurs upon connection to the website after at least one of an SSL, SSH, or PKI session has been established.
  - 14. The method of claim 12, wherein the security mechanism includes at least one of cross site scripting protection, resource access controls, HTML data integrity protection using checksums keylogger controls I/O access controls browser cache access controls, or network access controls.
  - 15. The method of claim 12, wherein the activation point corresponds to an explicit trigger point identifying a protected portion of the website or a secure website.
  - 16. The method of claim 15, wherein the explicit trigger point includes a metatag embedded in the website.
  - 17. The method of claim 16, wherein the metatag comprises a checksum metatag.
  - 18. The method of claim 12, wherein the activation point corresponds to an implicit trigger point identifying a change in a domain name system (DNS) identifier.
  - 19. The method of claim 12, wherein the activation point corresponds to an implicit trigger point identifying a change in a uniform resource locator (URL) identifier.
  - 20. The method of claim 12, further comprising connecting, by the security component, to the website via a point-to-point tunnel before executing the security policy.
  - 21. The method of claim 12, wherein the website includes an integrity checksum embedded in the website, and further comprising using the integrity checksum, by the security component, to confirm that the website has not been modified during transport.
  - 22. The method of claim 12, wherein the security policy identifies alias and affiliate servers where the browser may navigate without raising concern.

23. A system comprising:
- means for accessing a website during a website session by an end-user device, the end-user device possibly including malicious code capable of data theft;
  
  means for receiving, at the end-user device, a security policy during the website session in response to accessing the website, the security policy being based on security demands of a particular section of the website associated with an increased data security risk;
  
  means for activating a security mechanism on the end-user device using the security policy to temporarily protect the end-user device while a user visits the particular section of the website from operations of the malicious code that may be on the end-user device, the security component configured to activate the security mechanism at an activation point corresponding to the user visiting the particular section of the website associated with the increased data security risk; and
  
  means for deactivating the security mechanism at a deactivation point corresponding to the user navigating away from the particular section of the website associated with the increased data security risk.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Antlabs Pte Ltd.
Original Assignee
Antlabs Pte Ltd.
Inventors
Teo, Wee Tuck, Toh, Teck Kang, Chung, Hyung Hwan
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
MEJIA, FELICIANO S

Application Number

US12/139,422
Publication Number

US 20090037976A1
Time in Patent Office

2,622 Days
Field of Search

726/1, 726 25- 26, 713/170, 380/286
US Class Current

1/1
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

System and method for securing a network session

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for securing a network session

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links