Systems and methods for intercepting, processing, and protecting user data through web application pattern detection

US 9,361,085 B2
Filed: 03/10/2014
Issued: 06/07/2016
Est. Priority Date: 03/18/2013
Status: Active Grant

First Claim

Patent Images

1. A processor implemented method on a client device, the method comprising:

receiving web application resources associated with a web application;

modifying the web application resources by adding methods at least some of which pertain to processing of user data of the web application; and

executing the modified web application resources on the client device;

wherein at least one added method that pertains to the processing of user data implements a security feature by intercepting user data without modifying control data for the web application, and replacing the user data with replacement data for the purpose of communicating with an external server, such that the external server is exposed to the replacement data but not the user data;

wherein the user data represents data entered by a user and control data is data specific to the web application that is necessary for its operation.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of intercepting user data of a web application are provided. After web application resources are obtained for execution on a client device, methods that process user data of the web application are added to create modified web application resources. Certain runtime application calls are intercepted. This can be achieved by modifying the actual code to replace calls to certain functions with calls to the added methods, or by using overloading. The data processing may add data security functionality.

Citations

29 Claims

1. A processor implemented method on a client device, the method comprising:
- receiving web application resources associated with a web application;
  
  modifying the web application resources by adding methods at least some of which pertain to processing of user data of the web application; and
  
  executing the modified web application resources on the client device;
  
  wherein at least one added method that pertains to the processing of user data implements a security feature by intercepting user data without modifying control data for the web application, and replacing the user data with replacement data for the purpose of communicating with an external server, such that the external server is exposed to the replacement data but not the user data;
  
  wherein the user data represents data entered by a user and control data is data specific to the web application that is necessary for its operation.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1 wherein for at least one of the added methods:
    - the added method overloads a runtime API method such that calls to the runtime API method are intercepted during execution.
  - 3. The method of claim 1 further comprising:
    - initiating further modification of the web application resources to produce the modified resources by replacing calls to at least one first method that pertains to processing of user data with calls to at least one of the added methods such that calls to the first methods are intercepted prior to execution of the modified web application resources.
  - 4. The method of claim 3 further comprising upon initiating modification, modifying the web application resource by the client device.
  - 5. The method of claim 3 further upon initiating modification, modifying the web application resource with a remote logic analyzer service.
  - 6. The method of claim 1 wherein for at least one of the added methods:
    - the added method overloads a runtime API call such that calls to the runtime API method are intercepted during execution of the modified web application resources;
      
      the method further comprising;
      
      initiating modification of the web application resources to produce modified resources by replacing calls to at least one first method that pertains to processing of user data with calls to at least one of the added methods such that calls to the first methods are intercepted prior to execution, wherein the at least one first method is a method for which a method has not been added that overloads a call to the first method.
  - 7. The method of claim 1 wherein the added methods comprise:
    - at least one data handler that processes user data;
      
      a rules engine that applies rules for each intercepted call to determine whether to process the user data with a data handler of the at least one data handler and/or to select which data handler to be used to process the user data.
  - 8. The method of claim 7 wherein applying rules matching comprises attempting to identify patterns pertaining to how user data is handled by the web application resources and the server.
  - 9. The method of claim 8 wherein attempting to identify patterns comprises attempting to identify at least one of the following patterns involving exchange of user data:
    - loading HTML or Script URL in which user data is sent as part of the URL or in which HTML/Script content contains user data from as server;
      
      an HTML Form action carried out through HTTP (client data to server);
      
      asynchronous messaging calls.
  - 10. The method of claim 1 wherein least one added method implements the security feature by:
    - i) processing outgoing data by;
      
      a) tokenizing the user data to produce tokenized user data and returning the tokenized user data;
      
      b) encrypting the user data to produce encrypted user data;
      
      c) creating a mapping between the encrypted user data and the tokenized user data;
      
      ii) the security feature processes incoming data by;
      
      d) extracting tokenized data;
      
      e) demapping the tokenized data to obtain corresponding encrypted user data;
      
      f) decrypting the encrypted user data to produce cleartext data;
      
      g) returning cleartext data.
  - 11. The method of claim 10 wherein encrypting and decrypting are performed using one or more user'"'"'s public/private key pairs.
  - 12. The method of claim 10 further comprising storing the mapping locally.
  - 13. The method of claim 10 further comprising storing the mapping using a remote mapping service.
  - 14. The method of claim 1 further comprising:
    - receiving and installing a modification to an application runtime that contains the added methods.
  - 15. The method of claim 14 wherein installing a modification comprises installing a browser extension.
  - 16. The method of claim 1 wherein functionality that modifies the web application resources is part of the client runtime.
  - 17. The method of claim 1 wherein at least one added method pertains tointercepting user data in order to support monitoring of access to key data.
  - 18. The method of claim 1 wherein at least one added method pertains to one or more of:
    - intercepting user data in order to support automatic classification of records;
      
      intercepting and modifying user data for the purpose of translating and transforming keywords using a predefined dictionary; and
      
      intercepting user data to enforce business rules and data validation, including verification of user activities performed before/after entering the data.
  - 19. The method of claim 1 wherein the method that intercepts data does so without relying on any external server or proxy, in a manner that preserves data format and application behavior so as to be transparent to any server involved in providing the web application.

20. A processor implemented method of processing data on a client device, the method comprising:
- i) in respect of outgoing user data;
  
  a) tokenizing the data to produce tokenized data and returning the tokenized data;
  
  b) transmitted the tokenized data in place of the outgoing user data;
  
  such that an external server is exposed to the replacement data but not the user data;
  
  c) encrypting the user data using a public key of a public and private key pair to produce encrypted user data;
  
  d) creating a mapping between the encrypted user data and the tokenized data;
  
  the security feature processes incoming data by;
  
  ii) in respect of incoming data;
  
  e) extracting tokenized data;
  
  f) demapping the tokenized data to obtain corresponding encrypted data;
  
  g) decrypting the encrypted data using a private key of the public and private key pair to produce cleartext data;
  
  h) returning cleartext data;
  
  wherein the user data represents data entered by a user, the tokenizing being performed without relying on any external server or proxy.
- View Dependent Claims (21, 22, 23)
- - 21. The method of claim 20 further comprising storing the mapping locally.
  - 22. The method of claim 20 further comprising storing the mapping using a remote mapping service.
  - 23. The method of claim 20 further comprising:
    - intercepting one or more search terms in a search field before the search field is submitted to a web app server;
      
      for each search term, constructing a list of tokens that have been used to represent the search term;
      
      generating a modified search field by for each search term, replacing the search term in the search field with an OR expression composed of the list of tokens used to represent the search term;
      
      submitting the modified search field containing the OR expression(s) to the web app server.

24. A non-transitory computer readable storage medium having computer executable instructions stored thereon that when executed by a client device cause the computer to perform a method comprising:
- receiving web application resources associated with a web application;
  
  modifying the web application resources by adding methods at least some of which pertain to processing of user data of the web application; and
  
  executing the modified web application resources on the client device;
  
  wherein at least one added method that pertains to the processing of user data implements a security feature by intercepting user data without modifying control data for the web application, and replacing the user data with replacement data for the purpose of communicating with an external server, such that the external server is exposed to the replacement data but not the user data;
  
  wherein the user data represents data entered by a user and control data is data specific to the web application that is necessary for its operation.

25. A system comprising:
- a processor;
  
  memory;
  
  at least one user interface;
  
  an application runtime with user data interception and processing for execution by the processor configured to receive web application resources executable on the application runtime, and modify the web application resources by adding methods at least some of which pertain to processing of user data, and to execute the modified web application resources on the client device;
  
  wherein at least one added method that pertains to the processing of user data implements a security feature by intercepting user data without modifying control data for the web application, and replacing the user data with replacement data for the purpose of communicating with an external server, such that the external server is exposed to the replacement data but not the user data;
  
  wherein the user data represents data entered by a user and control data is data specific to the web application that is necessary for its operation.
- View Dependent Claims (26, 27, 28, 29)
- - 26. The system of claim 25 wherein for at least one of the added methods:
    - the added method overloads a runtime API method such that calls to the runtime API method are intercepted during execution of the modified web application resources.
  - 27. The system of claim 26 wherein the method that intercepts data does so without relying on any external server or proxy, and is transparent to any server involved in providing the web application.
  - 28. The system of claim 25 further comprising:
    - an interceptor that modifies the web application resources to produce modified resources by replacing calls to at least one first method that pertains to processing of user data with calls to at least one of the added methods such that calls to the first methods are intercepted prior to execution of the modified web application resources.
  - 29. The system of claim 25 wherein for at least one of the added methods:
    - the added method overloads a runtime API call such that calls to the runtime API method are intercepted during execution of the modified web application resources;
      
      the system further comprising;
      
      an interceptor that initiates modification of the web application resources to produce modified resources by replacing calls to at least one first method that pertains to processing of user data with calls to at least one of the added methods such that calls to the first methods are intercepted prior to execution, wherein the at least one first method is a method for which a method has not been added that overloads a call to the first method.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cloudmask
Original Assignee
Cloudmask
Inventors
El-Gillani, Tarek
Primary Examiner(s)
Nguyen, Phillip H

Application Number

US14/202,931
Publication Number

US 20140282464A1
Time in Patent Office

820 Days
Field of Search

717/110, 717/111
US Class Current

1/1
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 16/9574   of access to content, e.g. ...

G06F 21/54   by adding security routines...

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6263   during internet communicati...

G06F 8/33   Intelligent editors

G06F 8/61   Installation

G06F 8/65   Updates security arrangemen...

Systems and methods for intercepting, processing, and protecting user data through web application pattern detection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for intercepting, processing, and protecting user data through web application pattern detection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links