Transparent adaptive authentication and transaction monitoring
First Claim
1. A method of adding increased security to communications exchanged between a server and a client device, comprising:
- receiving an intercepted and re-routed communication between the server and the client device, the communication having an intended recipient;
storing the re-routed communication in a memory, and communicating with the client device requesting additional security information;
performing a security operation including the additional security information and generating a security decision;
sending the stored communication to the intended recipient when the security decision indicates that it is safe to continue; and
preventing the stored communication from being sent when the security decision indicates that it is not safe to continue,wherein receiving the intercepted and re-routed communication further comprises (1) determining whether the re-routed communication requires increased security, (2) transmitting a call to a security analysis device including information related to the intercepted communication, for generating a step-up security decision when the re-routed communication requires increased security, and (3) transmitting a challenge to the client when the step-up security decision indicates that a step-up security procedure is indicated,and wherein performing the security operation including the additional security information and generating a security decision further includes receiving a response to the challenge from the client and comparing the response to information in the memory to determine confirmation,and wherein determining whether the re-routed communication requires increased security includes determining whether the communication from the server is a communication allowing access to a resource to the client.
9 Assignments
0 Petitions
Accused Products
Abstract
Enhanced security processes are integrated into online service provider workflow activities in a transparent fashion with little or no impact on the servers. Enhanced security processes may include adaptive authentication and transaction monitoring. The enhanced security processes are partially implemented in a network device, such as a network communication device, a firewall, or a load balancing system, or a separate security device, rather than being implemented in the server systems hosting on-line websites. With such an arrangement, server software is minimally modified or rewritten, and third party software, such as security applications, remains in operation.
-
Citations
20 Claims
-
1. A method of adding increased security to communications exchanged between a server and a client device, comprising:
-
receiving an intercepted and re-routed communication between the server and the client device, the communication having an intended recipient; storing the re-routed communication in a memory, and communicating with the client device requesting additional security information; performing a security operation including the additional security information and generating a security decision; sending the stored communication to the intended recipient when the security decision indicates that it is safe to continue; and preventing the stored communication from being sent when the security decision indicates that it is not safe to continue, wherein receiving the intercepted and re-routed communication further comprises (1) determining whether the re-routed communication requires increased security, (2) transmitting a call to a security analysis device including information related to the intercepted communication, for generating a step-up security decision when the re-routed communication requires increased security, and (3) transmitting a challenge to the client when the step-up security decision indicates that a step-up security procedure is indicated, and wherein performing the security operation including the additional security information and generating a security decision further includes receiving a response to the challenge from the client and comparing the response to information in the memory to determine confirmation, and wherein determining whether the re-routed communication requires increased security includes determining whether the communication from the server is a communication allowing access to a resource to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for integrating security operations into a server workflow transparently to the server, comprising:
-
a controller; a memory device; a local area network communicatively coupled to an external client by at least one network gateway device; at least one server hosting a resource communicatively coupled to the local network; and a challenger communicatively coupled to the at least one network gateway device and communicatively coupled to a security analysis device; the network gateway device constructed and arranged to intercept and redirect communications between the server and the external client to the challenger; the challenger constructed and arranged to i) store information from the redirected communication in the memory and determine whether the redirected communication requires increased security, ii) transmit a call containing security information from the redirected communication to the security analysis device, for generating a step-up security decision when the redirected communication requires increased security, iii) receive a security analysis from the security analysis device, iv) transmit a challenge to the client when the step-up security decision indicates that a step-up security procedure is indicated, v) receive a response to the challenge from the client, vi) compare the response from the client to information in the memory, and vii) generate a decision on continuing the communication when the comparison to the information in the memory indicates a valid response, wherein determining whether the redirected communication requires increased security includes determining whether the communication from the server is a communication allowing access to a resource to the client. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A computer program product having a non-transitory, computer-readable storage medium which stores code including instructions for adding increased security to communications exchanged between a server and a client device, which, when executed cause a controller to:
-
receive an intercepted and re-routed communication between the server and the client device, the communication having an intended recipient; store the re-routed communication in a memory, and communicate with the client device to request additional security information; perform a security operation including the additional security information and generate a security decision; send the stored communication to the intended recipient when the security decision indicates that it is safe to continue; and prevent the stored communication from being sent when the security decision indicates that it is not safe to continue, wherein receiving the intercepted and re-routed communication further comprises (1) determining whether the re-routed communication requires increased security, (2) transmitting a call to a security analysis device including information related to the intercepted communication, for generating a step-up security decision when the re-routed communication requires increased security, and (3) transmitting a challenge to the client when the step-up security decision indicates that a step-up security procedure is indicated, and wherein performing the security operation including the additional security information and generating a security decision further includes receiving a response to the challenge from the client and comparing the response to information in the memory to determine confirmation, and wherein determining whether the re-routed communication requires increased security includes determining whether the communication from the server is a communication allowing access to a resource to the client. - View Dependent Claims (17, 18, 19, 20)
-
Specification