Method and apparatus for cookie anonymization and rejection

US 9,152,820 B1
Filed: 03/30/2012
Issued: 10/06/2015
Est. Priority Date: 03/30/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a cookie included in a data stream transmitted from a source device intended for a destination device by an intercepting device other than the source device and the destination device, not otherwise required for transmission of the data stream from the source device to the destination device and collocated with the source device in a network at a location in a data path between the source device and the destination device before the data stream leaves the network;

performing a lexical analysis of the cookie included in the data stream to determine state information associated with the cookie;

inspecting context and content of the cookie included in the data stream;

creating a cookie fingerprint based on the context and the content of the cookie included in the data stream;

determining whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to a determination of whether the cookie fingerprint matches a target allowance according to a policy;

performing a transformation on the state information associated with the cookie according to the determination to generate a transformed cookie as part of a transformed data stream; and

forwarding the transformed data stream out of the network toward the destination device.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of the present invention provide a method, an apparatus and a computer program product for cookie anonymization and rejection. The method includes receiving a cookie included in a data stream transmitted from a source intended for a destination. A lexical analysis of the cookie included in the data stream is then performed to determine state information associated with the cookie. The state information associated with the cookie then may be forwarded to the destination according to the lexical analysis. Example embodiments of the present invention specifically targets cookies and beacons that flow through a system, and historically track cookie and beacon traffic in order to perform drill-down inspection on the contents. This inspection allows for detection of sensitive information such as credit cards, location, and any other personal info, as well as the potential presence of malware which is performing unusual behavior within the private system.

355 Citations

19 Claims

1. A computer-implemented method comprising:
- receiving a cookie included in a data stream transmitted from a source device intended for a destination device by an intercepting device other than the source device and the destination device, not otherwise required for transmission of the data stream from the source device to the destination device and collocated with the source device in a network at a location in a data path between the source device and the destination device before the data stream leaves the network;
  
  performing a lexical analysis of the cookie included in the data stream to determine state information associated with the cookie;
  
  inspecting context and content of the cookie included in the data stream;
  
  creating a cookie fingerprint based on the context and the content of the cookie included in the data stream;
  
  determining whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to a determination of whether the cookie fingerprint matches a target allowance according to a policy;
  
  performing a transformation on the state information associated with the cookie according to the determination to generate a transformed cookie as part of a transformed data stream; and
  
  forwarding the transformed data stream out of the network toward the destination device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1wherein performing a transformation on the state information associated with the cookie according to the lexical analysis to generate a transformed cookie comprises performing a transformation on the state information associated with the cookie according to the determination of whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to the policy;
    - andwherein forwarding the transformed data stream to the destination comprises forwarding the transformed data stream to the destination device according to the policy.
  - 3. The method of claim 2 wherein performing a transformation on the state information associated with the cookie according to the determination of whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to the policy comprises:
    - transforming the state information associated with the cookie according to the policy; and
      
      replacing the state information associated with the cookie with the transformed state information to conform to the policy.
  - 4. The method of claim 2 wherein inspecting content of the cookie included in the data stream comprises inspecting at least one attribute of state information selected from the group consisting of:
    - name, age, gender, address, telephone number, email address, username, Internet Protocol (IP) address, salary, credit card number, banking account number, location, and online shopping history.
  - 5. The method of claim 2 wherein inspecting context of the cookie included in the data stream comprises inspecting at least one attribute of state information selected from the group consisting of:
    - frequency that the cookie was sent, rate that the cookie was sent, existence of the cookie, size of the cookie, source or destination Internet Protocol (IP) address of the cookie, identity of the source of the cookie, identity of the originating site of the cookie, identity of the site requesting the cookie, identity of the destination of the cookie, time of day the cookie was sent, and a number of destination sites for the cookie.
  - 6. The method of claim 1wherein receiving a cookie included in a data stream transmitted from a source intended for a destination comprises receiving the cookie included in the data stream transmitted from the source intended for the destination in a manner irrespective of source-type;
    - andwherein forwarding the cookie to the destination comprises forwarding the transformed data stream to the destination in a manner transparent to the destination.
  - 7. The method of claim 1 wherein performing a lexical analysis of the cookie included in the data stream to determine state information associated with the cookie comprises:
    - tracking a history of cookie traffic; and
      
      performing drill-down inspection on the content and context of cookies included in the cookie traffic.
  - 8. The method of claim 7 wherein performing drill-down inspection on the content and context of cookies included in the cookie traffic provides structured content analysis of unstructured cookie data, the method further comprising:
    - generating a report of cookie behavior; and
      
      enabling modification of the policy according to the report of cookie behavior.
  - 9. The method of claim 7 wherein performing drill-down inspection on the content and context of cookies included in the cookie traffic comprises at least one of:
    - validating whether the cookie is an initiated or uninitiated data transfer;
      
      monitoring cookies associated with destinations communicated with by a user;
      
      detecting unexpected cookie traffic behavior;
      
      detecting privacy-related information; and
      
      detecting presence of malware on the source device causing unusual behavior within the source device.

10. An apparatus comprising:
- a receiver configured to receive a cookie included in a data stream transmitted from a source device intended for a destination device, the apparatus comprising an intercepting device other than the source device and the destination device, not otherwise required for transmission of the data stream from the source device to the destination device and collocated with the source device in a network at a location in a data path between the source device and the destination device before the data stream leaves the network;
  
  a lexical analysis engine configured to perform a lexical analysis of the cookie included in the data stream to determine state information associated with the cookie;
  
  an inspection module configured to inspect context and content of the cookie included in the data stream and create a cookie fingerprint based on the context and the content of the cookie included in the data stream;
  
  an analysis module configured to determine whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to a determination of whether the cookie fingerprint matches a target allowance according to a policy;
  
  a transformation module configured to perform a transformation on the state information associated with the cookie according to the determination to generate a transformed cookie as part of a transformed data stream; and
  
  a dispatcher configured to forward the transformed data stream out of the network toward the destination device.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The apparatus of claim 10wherein the transformation module is further configured to perform a transformation on the state information associated with the cookie according to the determination of whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to the policy;
    - andwherein the dispatcher is further configured to forward the transformed data stream to the destination device according to the policy.
  - 12. The apparatus of claim 11 wherein the transformation module is further configured to transform the state information associated with the cookie according to the policy and replace the state information associated with the cookie with the transformed state information to conform to the policy.
  - 13. The apparatus of claim 11 wherein the inspection module is further configured to inspect at least one attribute of state information selected from the group consisting of:
    - name, age, gender, address, telephone number, email address, username, Internet Protocol (IP) address, salary, credit card number, banking account number, location, and online shopping history.
  - 14. The apparatus of claim 11 wherein the inspection module is further configured to inspect at least one attribute of state information selected from the group consisting of:
    - frequency that the cookie was sent, rate that the cookie was sent, existence of the cookie, size of the cookie, source or destination Internet Protocol (IP) address of the cookie, identity of the source of the cookie, identity of the originating site of the cookie, identity of the site requesting the cookie, identity of the destination of the cookie, time of day the cookie was sent, and a number of destination sites for the cookie.
  - 15. The apparatus of claim 10wherein the receiver is further configured to receive the cookie included in the data stream transmitted from the source intended for the destination in a manner irrespective of source-type;
    - andwherein the transfer module is further configured to forward the transformed data stream to the destination in a manner transparent to the destination.
  - 16. The apparatus of claim 10wherein the lexical analysis engine is further configured to track a history of cookie traffic;
    - andwherein the analysis module is further configured to perform drill-down inspection on the content and context of cookies included in the cookie traffic.
  - 17. The apparatus of claim 16 wherein the analysis module is further configured to generate a report of cookie behavior and enable modification of the policy according to the report of cookie behavior.
  - 18. The apparatus of claim 16 wherein the analysis module is further configured to validate whether the cookie is an initiated or uninitiated data transfer, monitor cookies associated with destinations communicated with by a user, detect unexpected cookie traffic behavior, detect privacy-related information, or detect presence of malware on the source device causing unusual behavior within the source device.

19. A computer program product including a non-transitory computer-readable storage medium encoded with computer-program code that, when executed on a processor of a computer, causes the computer to perform a lexical analysis of a cookie included in a data stream to determine state information associated with the cookie, the computer program product comprising:
- computer program code for receiving the cookie included in the data stream transmitted from a source device intended for a destination device, the computer comprising an intercepting device other than the source device and the destination device, not otherwise required for transmission of the data stream from the source device to the destination device and collocated with the source device in a network at a location in a data path between the source device and the destination device before the data stream leaves the network;
  
  computer program code for performing a lexical analysis of the cookie included in the data stream to determine state information associated with the cookie;
  
  computer program code for inspecting context and content of the cookie included in the data stream;
  
  computer program code for creating a cookie fingerprint based on the context and the content of the cookie included in the data stream;
  
  computer program code for determining whether the context and the content of the cookie included in the data stream requires transformation of the state information associated with the cookie according to a determination of whether the cookie fingerprint matches a target allowance according to a policy;
  
  computer program code for performing a transformation on the state information associated with the cookie according to the determination to generate a transformed cookie as part of a transformed data stream; and
  
  computer program code forwarding the transformed data stream out of the network toward the destination device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Pauley, Wayne A. Jr., Todd, Stephen J., Fisher, Michel F.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US13/436,702
Time in Patent Office

1,285 Days
Field of Search

726/22
US Class Current

1/1
CPC Class Codes

G06F 21/6263   during internet communicati...

H04L 63/0227   Filtering policies mail mes...

H04L 63/04   for providing a confidentia...

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04W 12/02   Protecting privacy or anony...

Method and apparatus for cookie anonymization and rejection

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

355 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for cookie anonymization and rejection

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

355 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others