Security broker

US 9,741,032 B2
Filed: 12/18/2012
Issued: 08/22/2017
Est. Priority Date: 12/18/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

identifying, at a server system hosting a particular service, an attempted transaction involving a first customer device and the particular service;

determining whether the first customer device is associated with one of a set of trusted customer profiles;

sending redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system;

receiving at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data transmitted from the first customer device to the security broker, and the security report indicates whether the first customer device is in compliance with the security policy of the particular service; and

performing an action, at the server system, in association with the attempted transaction based at least in part on the received security report.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An attempted transaction is identified involving a customer device and the first customer device is redirected to a security broker. A security report for the first customer device is received from the security broker. The security report is based on security data transmitted from the customer device to the security broker. An action can be performed in association with the attempted transaction based at least in part on the received security report. In some aspects, the security broker receives security data describing security conditions on the customer device in connection with the transaction between the customer device and a transaction partner. A risk tolerance policy is identified that corresponds to the transaction partner, such as an ecommerce provider. A security report is generated based on a comparison of the risk tolerance policy and the security data and the security report.

Citations

26 Claims

1. A method comprising:
- identifying, at a server system hosting a particular service, an attempted transaction involving a first customer device and the particular service;
  
  determining whether the first customer device is associated with one of a set of trusted customer profiles;
  
  sending redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system;
  
  receiving at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data transmitted from the first customer device to the security broker, and the security report indicates whether the first customer device is in compliance with the security policy of the particular service; and
  
  performing an action, at the server system, in association with the attempted transaction based at least in part on the received security report.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the action is one of a set of available actions including allowing the transaction and disallowing the transaction.
  - 3. The method of claim 1, wherein the action is based at least in part on a type of the attempted transaction.
  - 4. The method of claim 3, wherein the action includes either allowance or disallowance of the transaction based on the security report.
  - 5. The method of claim 1, wherein the security broker generates a security score from the security data and the security report identifies the security score.
  - 6. The method of claim 1, further comprising communicating the security policy to the security broker associated with the particular service.
  - 7. The method of claim 6, wherein the security report is generated based on a comparison of the security policy and the security data.

8. A method comprising:
- receiving at a security broker system, over a secure communication channel of a computer network, security data from a customer device, the security data describing security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider;
  
  identifying a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system;
  
  generating a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and
  
  communicating the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The method of claim 8, further comprising receiving transaction data in association with the received security data, the transaction data including an identifier of the particular transaction and an identifier of the ecommerce provider.
  - 10. The method of claim 8, wherein the security requirements data is obtained from a local memory element.
  - 11. The method of claim 8, wherein the particular risk tolerance policy is defined by the ecommerce provider.
  - 12. The method of claim 11, wherein the security data includes a security score calculated for the customer device.
  - 13. The method of claim 8, further comprising:
    - receiving security data describing security conditions on the customer device in association with a second ecommerce transaction between the customer device and a second ecommerce provider;
      
      identifying a second risk tolerance policy corresponding to the second ecommerce provider;
      
      generating a second security report based on a comparison of the risk tolerance policy and the security data; and
      
      communicating the second security report to at least one computing device associated with the second ecommerce provider.

14. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify, at a server system hosting a particular service, an attempted ecommerce transaction involving a first customer device;
  
  determine whether the first customer device is associated with one of a set of trusted customer profiles;
  
  send redirect data to the first customer device in response to determining that the first customer device is not associated with one of the set of trusted customer profiles, wherein the redirect data causes the first customer device to send security data to a security broker system remote from the server system and the first customer device, wherein the security data is to reference the attempted transaction with the particular service, the security data includes information describing security-related attributes of the first customer device, and the security data is sent privately between the first customer device and the security broker system to hide the security-related attributes from the server system;
  
  receive at the server system, from the security broker, a security report for the first customer device corresponding to the attempted transaction, wherein the security report is to be based on a security policy associated with the particular service and the security-related attributes of the first customer device included in the security data, and the security report is to indicate whether the first customer device is in compliance with the security policy of the particular service; and
  
  perform an action, at the server system, in association with the attempted ecommerce transaction based at least in part on the received security report.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The storage medium of claim 14, wherein the transaction comprises an ecommerce transaction.
  - 16. The storage medium of claim 15, wherein the action is one of a set of available actions including applying a price discount in the attempted ecommerce transaction and applying a price premium in the attempted ecommerce transaction based on security of the transaction.
  - 17. The storage medium of claim 14, wherein the security report masks attributes of the security data.
  - 18. The storage medium of claim 14, wherein the security data describes attributes of the first customer device relating to risk associated with the first customer device.

19. At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive, over a secure communication channel of a computer network at a security broker system, security data from a customer device, the security data to describe security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider;
  
  identify a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system;
  
  generate a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and
  
  communicate the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The storage medium of claim 19, wherein the security data describes configuration attributes of the customer device.
  - 21. The storage medium of claim 19, wherein the security data includes a pre-generated security score representing security conditions of the customer device.
  - 22. The storage medium of claim 21, wherein the security score includes a plurality of score components each corresponding to a particular security category.
  - 23. The storage medium of claim 21, wherein the security score is to be generated by a neutral third party based on attributes of the customer device.
  - 24. The storage medium of claim 19, wherein specific attributes of the customer device are abstracted in the security data.

25. A system comprising:
- at least one processor device;
  
  at least one memory element; and
  
  a security broker, adapted when executed by the at least one processor device to;
  
  receive, over a secure communication channel of a computer network, security data from a customer device, the security data describing security conditions on the customer device in association with a particular ecommerce transaction between the customer device and a remote ecommerce provider, wherein the security data is sent in response to a redirect of the customer device to the security broker system by the ecommerce provider, and the security data is secured to be hidden from the ecommerce provider;
  
  identify a particular risk tolerance policy corresponding to the ecommerce provider, wherein the particular risk tolerance policy is one of a plurality of risk tolerance policies of a plurality of entities managed by the security broker system;
  
  generate a security report based on a comparison of the particular risk tolerance policy and the security conditions described in the security data; and
  
  communicate the security report to at least one computing device associated with the ecommerce provider, wherein the ecommerce provider is to use the security report in association with the particular ecommerce transaction.
- View Dependent Claims (26)
- - 26. The system of claim 25, further comprising an ecommerce server associated with the ecommerce provider and adapted when executed by the at least one processor device to:
    - identify attempted ecommerce transactions involving customer devices and services hosted by the ecommerce provider;
      
      send data to customer devices to cause the customer devices to send security data to the security broker system remote from the server system and the customer devices, wherein the security data is to reference the attempted transaction with a corresponding one of the services and is to be hidden from the ecommerce server;
      
      receive one or more security reports generated by the security broker indicating security of the customer devices in association with the respective attempted transaction, wherein the security reports are to indicate whether the customer devices are in compliance with the particular risk tolerance policy; and
      
      perform actions in association with the attempted ecommerce transactions based at least in part on the received security reports.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Condry, Michael, Schrecker, Sven
Primary Examiner(s)
Trotter, Scott S

Application Number

US13/718,043
Publication Number

US 20140172706A1
Time in Patent Office

1,708 Days
Field of Search
US Class Current
CPC Class Codes

G06Q 20/382   insuring higher security of...

G06Q 20/4016   involving fraud or risk lev...

G06Q 30/00   Commerce

G06Q 30/0601   Electronic shopping [e-shop...

Security broker

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Security broker

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links