Secure browsing via a transparent network proxy

US 9,537,885 B2
Filed: 12/02/2013
Issued: 01/03/2017
Est. Priority Date: 12/02/2013
Status: Active Grant

First Claim

Patent Images

1. A system for providing secure browsing via a transparent network proxy, the system comprising:

a non-transitory memory that stores instructions;

a computer processor that executes the instructions to perform operations, the operations comprising;

receiving, from a browser on a remote client device, a request to access a resource, wherein the request includes an identifier for locating the resource;

determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier is determined to not have been previously used and if the identifier or the resource is determined to be attempting to redirect the browser on the remote client device to a malicious resource;

forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines;

redirecting the browser on the remote client device to the browser virtual machine via a desktop virtualization technology connection;

removing a virtual browser control bar from the selected browser virtual machine;

filtering, by utilizing the selected browser virtual machine selected from the pool of browser virtual machines, malicious content out of the resource;

rendering strictly a viewable window of the selected browser virtual machine, wherein the viewable window includes a rendering of the resource; and

streaming, after filtering the malicious content out of the resource, the rendering of the viewable window of the selected browser virtual machine rendering the resource from the selected browser virtual machine to a viewable window of the browser on the remote client device based on the request, wherein the rendering of the resource is provided in lieu of the resource, and wherein the user may utilize controls in a control bar of the browser to control the selected browser virtual machine displayed within the viewable window of the browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing secure browsing via a transparent network proxy is disclosed. The system may receive, from a client, a request to access a resource. The request may include an identifier that may be utilized to locate the resource. Once the request is received, the system may determine if the resource is not trusted, such as if the identifier is determined to be unknown or suspicious. If the resource is determined to not be trusted by the system, the system may forward the request to a virtual machine manager that may select a browser virtual machine from a pool of browser virtual machines. After the browser virtual machine is selected, the browser virtual machine may stream a rendering of the resource to the client based on the request. The rendering of the resource may be provided in lieu of the actual resource.

27 Citations

20 Claims

1. A system for providing secure browsing via a transparent network proxy, the system comprising:
- a non-transitory memory that stores instructions;
  
  a computer processor that executes the instructions to perform operations, the operations comprising;
  
  receiving, from a browser on a remote client device, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier is determined to not have been previously used and if the identifier or the resource is determined to be attempting to redirect the browser on the remote client device to a malicious resource;
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines;
  
  redirecting the browser on the remote client device to the browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the selected browser virtual machine;
  
  filtering, by utilizing the selected browser virtual machine selected from the pool of browser virtual machines, malicious content out of the resource;
  
  rendering strictly a viewable window of the selected browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  streaming, after filtering the malicious content out of the resource, the rendering of the viewable window of the selected browser virtual machine rendering the resource from the selected browser virtual machine to a viewable window of the browser on the remote client device based on the request, wherein the rendering of the resource is provided in lieu of the resource, and wherein the user may utilize controls in a control bar of the browser to control the selected browser virtual machine displayed within the viewable window of the browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the operations further comprise providing the remote client device with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.
  - 3. The system of claim 2, wherein the operations further comprise receiving feedback from the remote client device, wherein the feedback indicates whether the determining based on the analysis of the identifier is accurate, and further comprising adjusting the determining based on the feedback when the feedback indicates that the determining is not accurate.
  - 4. The system of claim 1, wherein the operations further comprise providing the remote client device with access to the resource if the resource is determined to be trusted.
  - 5. The system of claim 1, wherein the browser virtual machine is replaced with an original image of the browser virtual machine when the browser on the remote client device is closed.
  - 6. The system of claim 5, wherein the browser virtual machine is released back into the pool of browser virtual machines when the browser virtual machine is reimaged.
  - 7. The system of claim 1, wherein the operations further comprise determining that the resource is not trusted if the analysis of the identifier indicates that the identifier is associated with a blacklisted identifier contained in a blacklist.
  - 8. The system of claim 1, wherein the operations further comprise monitoring the browser virtual machine to determine if the resource is associated with suspicious activity.
  - 9. The system of claim 8, wherein the operations further comprise storing the identifier of the resource in a blacklist if the resource is determined to be associated with the suspicious activity.
  - 10. The system of claim 1, wherein the operations further comprise determining that the resource is not trusted based on an action associated with the resource.

11. A method for providing secure browsing via a transparent network proxy, the method comprising:
- receiving, from a browser on a remote client device, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining, by utilizing instructions from memory that are executed by a processor, if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier is determined to not have been previously used and if the identifier or the resource is determined to be attempting to redirect the browser on the remote client device to a malicious resource;
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines;
  
  redirecting the browser on the remote client device to the browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the selected browser virtual machine;
  
  filtering, by utilizing the selected browser virtual machine selected from the pool of browser virtual machines, malicious content out of the resource;
  
  rendering strictly a viewable window of the selected browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  streaming, after filtering the malicious content out of the resource, the rendering of the viewable window of the selected browser virtual machine rendering the resource from the selected browser virtual machine to a viewable window of the browser on the remote client device based on the request, wherein the rendering of the resource is provided in lieu of the resource and wherein the user may utilize controls in a control bar of the browser to control the selected browser virtual machine displayed within the viewable window of the browser.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising providing the remote client device with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.
  - 13. The method of claim 12, further comprising replacing the browser virtual machine with an original image of the browser virtual machine when the browser on the remote client device is closed.
  - 14. The method of claim 11, further comprising providing the remote client device with access to the resource if the resource is determined to be trusted.
  - 15. The method of claim 11, further comprising receiving feedback from the remote client device, wherein the feedback indicates whether the determining based on the analysis of the identifier is accurate, and further comprising adjusting the determining based on the feedback when the feedback indicates that the determining is not accurate.
  - 16. The method of claim 11, further comprising determining that the resource is not trusted if the analysis of the identifier indicates that the identifier is associated with a blacklisted identifier contained in a blacklist.
  - 17. The method of claim 11, further comprising monitoring the browser virtual machine to determine if the resource is associated with suspicious activity.
  - 18. The method of claim 17, further comprising storing the identifier of the resource in a blacklist if the resource is determined to be associated with the suspicious activity.

19. A non-transitory computer-readable device comprising instructions, which when loaded and executed by a processor, cause the processor to perform operations, the operations comprising:
- receiving, from a browser on a remote client device, a request to access a resource, wherein the request includes an identifier for locating the resource;
  
  determining if the resource is not trusted based on an analysis of the identifier, wherein the resource is determined to not be trusted if the identifier is determined to not have been previously used and if the identifier or the resource is determined to be attempting to redirect the browser on the remote client device to a malicious resource;
  
  forwarding, if the resource is determined to not be trusted based on the analysis of the identifier, the request to a virtual machine manager for selecting a browser virtual machine from a pool of browser virtual machines;
  
  redirecting the browser on the remote client device to the browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the selected browser virtual machine;
  
  filtering, by utilizing the selected browser virtual machine selected from the pool of browser virtual machines, malicious content out of the resource;
  
  rendering strictly a viewable window of the selected browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  streaming, after filtering the malicious content out of the resource, the rendering of the viewable window of the selected browser virtual machine rendering the resource from the selected browser virtual machine to a viewable window of the browser on the remote client device based on the request, wherein the rendering of the resource is provided in lieu of the resource, and wherein the user may utilize controls in a control bar of the browser to control the selected browser virtual machine displayed within the viewable window of the browser.
- View Dependent Claims (20)
- - 20. The non-transitory computer-readable device of claim 19, wherein the operations further comprise providing the remote client device with an option to securely access the stream including the rendering of the resource if the resource is determined to not be trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Giura, Paul, Bickford, Jeffrey E., Hendrix, Donald E., Shirokmann, Howard F., Anschutz, Thomas A., Shih, Ching C.
Primary Examiner(s)
Edwards, Linglan
Assistant Examiner(s)
BECHTEL, KEVIN M

Application Number

US14/094,258
Publication Number

US 20150156203A1
Time in Patent Office

1,128 Days
Field of Search

726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/101   Access control lists [ACL]

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

Secure browsing via a transparent network proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure browsing via a transparent network proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links