Security broker
First Claim
1. A method comprising:
- identifying, at a server system hosting a particular service, an attempted transaction involving a first customer device and the particular service;
determining whether the first customer device is associated with one of a set of trusted customer profiles;
sending redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system;
receiving at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data transmitted from the first customer device to the security broker, and the security report indicates whether the first customer device is in compliance with the security policy of the particular service; and
performing an action, at the server system, in association with the attempted transaction based at least in part on the received security report.
11 Assignments
0 Petitions
Accused Products
Abstract
An attempted transaction is identified involving a customer device and the first customer device is redirected to a security broker. A security report for the first customer device is received from the security broker. The security report is based on security data transmitted from the customer device to the security broker. An action can be performed in association with the attempted transaction based at least in part on the received security report. In some aspects, the security broker receives security data describing security conditions on the customer device in connection with the transaction between the customer device and a transaction partner. A risk tolerance policy is identified that corresponds to the transaction partner, such as an ecommerce provider. A security report is generated based on a comparison of the risk tolerance policy and the security data and the security report.
-
Citations
26 Claims
-
1. A method comprising:
-
identifying, at a server system hosting a particular service, an attempted transaction involving a first customer device and the particular service; determining whether the first customer device is associated with one of a set of trusted customer profiles; sending redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system; receiving at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data transmitted from the first customer device to the security broker, and the security report indicates whether the first customer device is in compliance with the security policy of the particular service; and performing an action, at the server system, in association with the attempted transaction based at least in part on the received security report. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method comprising:
-
receiving at a security broker system, over a secure communication channel of a computer network, security data from a customer device, the security data describing security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider; identifying a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system; generating a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and communicating the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify, at a server system hosting a particular service, an attempted ecommerce transaction involving a first customer device; determine whether the first customer device is associated with one of a set of trusted customer profiles; send redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system; receive at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is to be based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data, and the security report is to indicate whether the first customer device is in compliance with the security policy of the particular service; and perform an action, at the server system, in association with the attempted ecommerce transaction based at least in part on the received security report. - View Dependent Claims (15, 16, 17, 18)
-
-
19. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive, over a secure communication channel of a computer network at a security broker system, security data from a customer device, the security data to describe security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider; identify a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system; generate a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and communicate the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A system comprising:
-
at least one processor device; at least one memory element; and a security broker, adapted when executed by the at least one processor device to; receive, over a secure communication channel of a computer network, security data from a customer device, the security data describing security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider; identify a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system; generate a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and communicate the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction. - View Dependent Claims (26)
-
Specification