Secure browsing via a transparent network proxy

US 9,882,928 B2
Filed: 11/16/2016
Issued: 01/30/2018
Est. Priority Date: 12/02/2013
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a non-transitory memory that stores instructions;

a computer processor that executes the instructions to perform operations, the operations comprising;

receiving, from a browser on a device, a request to access a resource;

determining that the resource is not trusted based on an analysis of an identifier included with the request, wherein the resource is determined to not be trusted based on determining that the identifier has not been previously used;

redirecting the browser on the client device to a browser virtual machine via a desktop virtualization technology connection;

removing a virtual browser control bar from the browser virtual machine;

filtering, by utilizing the browser virtual machine, malicious content from the resource;

rendering strictly a viewable window of the browser virtual machine, wherein the viewable window includes a rendering of the resource; and

streaming, after filtering the malicious content from the resource, the rendering of the viewable window of the browser virtual machine rendering the resource from the browser virtual machine to a viewable window of the browser on the client device based on the request, wherein controls in a control bar of the browser are utilized to control the browser virtual machine displayed within the viewable window of the browser.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing secure browsing via a transparent network proxy is disclosed. The system may receive, from a client, a request to access a resource. The request may include an identifier that may be utilized to locate the resource. Once the request is received, the system may determine if the resource is not trusted, such as if the identifier is determined to be unknown or suspicious. If the resource is determined to not be trusted by the system, the system may forward the request to a virtual machine manager that may select a browser virtual machine from a pool of browser virtual machines. After the browser virtual machine is selected, the browser virtual machine may stream a rendering of the resource to the client based on the request. The rendering of the resource may be provided in lieu of the actual resource.

28 Citations

20 Claims

1. A system, comprising:
- a non-transitory memory that stores instructions;
  
  a computer processor that executes the instructions to perform operations, the operations comprising;
  
  receiving, from a browser on a device, a request to access a resource;
  
  determining that the resource is not trusted based on an analysis of an identifier included with the request, wherein the resource is determined to not be trusted based on determining that the identifier has not been previously used;
  
  redirecting the browser on the client device to a browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the browser virtual machine;
  
  filtering, by utilizing the browser virtual machine, malicious content from the resource;
  
  rendering strictly a viewable window of the browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  streaming, after filtering the malicious content from the resource, the rendering of the viewable window of the browser virtual machine rendering the resource from the browser virtual machine to a viewable window of the browser on the client device based on the request, wherein controls in a control bar of the browser are utilized to control the browser virtual machine displayed within the viewable window of the browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the operations further comprise forwarding, after determining that the resource is not trusted, the request to a virtual machine manager for selecting the browser virtual machine from a plurality of browser virtual machines.
  - 3. The system of claim 1, wherein the operations further comprise selecting, by utilizing the virtual machine manager, the browser virtual machine from the plurality of browser virtual machines.
  - 4. The system of claim 1, wherein the operations further comprise determining that the resource is not trusted when the identifier or the resource is determined to be attempting to redirect the browser on the device to a malicious resource.
  - 5. The system of claim 1, wherein the operations further comprise providing a warning to the device after determining that the resource is not trusted.
  - 6. The system of claim 1, wherein the operations further comprise updating a blacklist to include the identifier after determining that the resource is not trusted.
  - 7. The system of claim 1, wherein the operations further comprise downloading the resource.
  - 8. The system of claim 1, wherein the operations further comprise providing the device with an option to securely access the resource.
  - 9. The system of claim 8, wherein the operations further comprise receiving, from the device, a selection of the option to securely access the resource.
  - 10. The system of claim 1, wherein the operations further comprise receiving feedback from the device.
  - 11. The system of claim 10, wherein the operations further comprise determining that the feedback indicates that the determining that the resource is not trusted is not accurate.
  - 12. The system of claim 11, wherein the operations further comprise trusting the resource based on the feedback.

13. A method, comprising:
- receiving, from a browser on a device, a request to access a resource;
  
  determining, by utilizing instructions from a memory that are executed by a processor, that the resource is not trusted based on an analysis of an identifier included with the request, wherein the resource is determined to not be trusted based on determining that the identifier has not been previously used;
  
  redirecting the browser on the client device to a browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the browser virtual machine;
  
  removing, by utilizing the browser virtual machine, malicious content from the resource;
  
  rendering strictly a viewable window of the browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  streaming, after filtering the malicious content from the resource, the rendering of the viewable window of the browser virtual machine rendering the resource from the browser virtual machine to a viewable window of the browser on the client device based on the request, wherein controls in a control bar of the browser are utilized to control the browser virtual machine displayed within the viewable window of the browser.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The method of claim 13, further comprising replacing an original image of the browser virtual machine when the browser on the device is closed.
  - 15. The method of claim 13, further comprising determining that the resource is trusted if the identifier has been previously used.
  - 16. The method of claim 13, further comprising providing the device with an option to securely access the resource.
  - 17. The method of claim 13, further comprising updating a blacklist to include the identifier after determining that the resource is not trusted.
  - 18. The method of claim 13, further comprising determining that the resource is not trusted if the identifier or resource is uncategorized.
  - 19. The method of claim 13, further comprising determining that the resource is not trusted if the identifier or resource is utilized less than a predetermined number of times.

20. A non-transitory computer-readable device comprising instructions, which when loaded and executed by a processor, cause the processor to perform operations, the operations comprising:
- receiving, from a browser on a device, a request to access a resource;
  
  determining, by utilizing instructions from a memory that are executed by a processor, that the resource is not trusted based on an analysis of an identifier included with the request, wherein the resource is determined to not be trusted based on determining that the identifier has not been previously used;
  
  redirecting the browser on the client device to a browser virtual machine via a desktop virtualization technology connection;
  
  removing a virtual browser control bar from the browser virtual machine;
  
  filtering, by utilizing the browser virtual machine, malicious content from the resource;
  
  rendering strictly a viewable window of the browser virtual machine, wherein the viewable window includes a rendering of the resource; and
  
  providing, after filtering the malicious content from the resource, the rendering of the viewable window of the browser virtual machine rendering the resource from the browser virtual machine to a viewable window of the browser on the client device based on the request, wherein controls in a control bar of the browser are utilized to control the browser virtual machine displayed within the viewable window of the browser.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Giura, Paul, Bickford, Jeffrey E., Hendrix, Donald E., Shirokmann, Howard F., Anschutz, Thomas A., Shih, Ching C.
Primary Examiner(s)
BECHTEL, KEVIN M

Application Number

US15/353,174
Publication Number

US 20170070509A1
Time in Patent Office

440 Days
Field of Search
US Class Current
CPC Class Codes

G06F 2009/45587   Isolation or security of vi...

G06F 2009/45595   Network integration; Enabli...

G06F 9/45558   Hypervisor-specific managem...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/101   Access control lists [ACL]

H04L 63/1441   Countermeasures against mal...

H04L 67/02   based on web technology, e....

Secure browsing via a transparent network proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure browsing via a transparent network proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links