Transaction security systems and methods

US 9,973,501 B2
Filed: 10/09/2013
Issued: 05/15/2018
Est. Priority Date: 10/09/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the redirection protocols redirecting at least a portion of network traffic to the secure transaction device, the secure transaction device configured to use network configuration details of the host device to mimic the host device to render the secure transaction device transparent to a remote network resource;

obtaining, by the secure transaction device, a security policy from a policy management system that is remote from the secure transaction device and from the host device;

receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to a secure network resource that is remote from the secure transaction device and from the host device;

determining, by the secure transaction device, using the security policy, whether the host application is authorized to access the secure network resource;

if the secure transaction device determines that the host application is authorized to access the secure network resource, transmitting the outbound network traffic over a secure tunnel to the secure network resource; and

if the secure transaction device determines that the host application is not authorized to access the secure network resource, disallowing the outbound network traffic to be forwarded over the secure tunnel to the secure network resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Outbound traffic of a host application may be received from a host device having a host processor. The secure resource may be configured to provide a secure transaction based on the outbound network traffic. Using a second processor different than the host processor, it may be determined whether the host application is authorized to provide the outbound network traffic to the secure resource. The outbound network traffic may be allowed to be forwarded to the secure resource if the host application is authorized. The outbound network traffic may be disallowed to be forwarded to the secure resource if the host application is not authorized.

141 Citations

19 Claims

1. A method comprising:
- establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the redirection protocols redirecting at least a portion of network traffic to the secure transaction device, the secure transaction device configured to use network configuration details of the host device to mimic the host device to render the secure transaction device transparent to a remote network resource;
  
  obtaining, by the secure transaction device, a security policy from a policy management system that is remote from the secure transaction device and from the host device;
  
  receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to a secure network resource that is remote from the secure transaction device and from the host device;
  
  determining, by the secure transaction device, using the security policy, whether the host application is authorized to access the secure network resource;
  
  if the secure transaction device determines that the host application is authorized to access the secure network resource, transmitting the outbound network traffic over a secure tunnel to the secure network resource; and
  
  if the secure transaction device determines that the host application is not authorized to access the secure network resource, disallowing the outbound network traffic to be forwarded over the secure tunnel to the secure network resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the host application comprises a stand-alone application resident on the host device, or an interface resident on the host device that cooperates with a server application resident on at least one server.
  - 3. The method of claim 1, further comprising receiving, by the secure transaction device, all incoming network traffic for the host device.
  - 4. The method of claim 1, wherein the determining whether the host application is authorized to access the secure network resource comprises looking up permissions of the host application on the security policy.
  - 5. The method of claim 1, further comprising determining whether a user of the host application has permission to access sensitive information on the secure network resource.
  - 6. The method of claim 1, wherein the secure transaction device is a device coupled externally to the host device.
  - 7. The method of claim 1, wherein the secure transaction device is a device coupled internally to the host device.
  - 8. The method of claim 1, wherein the establishing redirection protocols in the host device includes injecting redirection code into an operating system of the host device.
  - 9. The method of claim 1, wherein the network configuration details include network protocols and network addresses.

10. A secure transaction device comprising:
- a secure transaction device processor;
  
  a configuration module configured to establish redirection protocols in a host device having a host device processor different than the secure transaction device processor, the redirection protocols configured to redirect at least a portion of network traffic to the secure transaction device, the secure transaction device configured to use network configuration details of the host device to mimic the host device to render the secure transaction device transparent to a remote network resource;
  
  a policy management module configured to obtain a security policy from a policy management system that is remote from the secure transaction device and from the host device;
  
  a host device interface module configured to receive outbound network traffic originated by a host application on the host device, the outbound network traffic directed to a secure network resource that is remote from the secure transaction device and from the host device;
  
  an application determination module configured to use the security policy to determine whether the host application is authorized to access the secure network resource;
  
  a trusted application module configured to transmit the outbound network traffic over a secure tunnel to the secure network resource if the application determination module determines that the host application is authorized to access the secure network resource; and
  
  an untrusted application module configured to disallow the outbound network traffic to be forwarded to the secure network resource if the application determination module determines that the host application is not authorized to access the secure network resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The device of claim 10, wherein the host application comprises a stand-alone application resident on the host device, or an interface resident on the host device that cooperates with a server application resident on at least one server.
  - 12. The device of claim 10, further comprising a data redirection module configured to receive all incoming network traffic for the host device.
  - 13. The device of claim 10, wherein the application determination module is configured to look up permissions of the host application on the security policy.
  - 14. The device of claim 10, further comprising a module configured to determine whether a user of the host application has permission to access sensitive information on the secure network resource.
  - 15. The device of claim 10, wherein the secure transaction device is a device coupled externally to the host device.
  - 16. The device of claim 10, wherein the secure transaction device is a device coupled internally to the host device.
  - 17. The device of claim 10, wherein the configuration module injects redirection code into an operating system of the host device.
  - 18. The device of claim 10, wherein the network configuration details include network protocols and network addresses.

19. A non-transitory computer-readable medium comprising one or more processors, and memory coupled to the one or more processors, the memory configured to store computer-program instructions configured to instruct the one or more processors to perform a method, the method comprising:
- establishing, by a secure transaction device having a secure transaction device processor, redirection protocols in a host device having a host device processor different than the secure transaction device processor, the redirection protocols redirecting at least a portion of network traffic to the secure transaction device, the secure transaction device configured to use network configuration details of the host device to mimic the host device to render the secure transaction device transparent to a remote network resource;
  
  obtaining, by the secure transaction device, a security policy from a policy management system that is remote from the secure transaction device and from the host device;
  
  receiving, by the secure transaction device, outbound network traffic originated by a host application on the host device, the outbound network traffic directed to a secure network resource that is remote from the secure transaction device and from the host device;
  
  determining, by the secure transaction device, using the security policy, whether the host application is authorized to access the secure network resource;
  
  if the secure transaction device determines that the host application is authorized to access the secure network resource, transmitting the outbound network traffic over a secure tunnel to the secure network resource; and
  
  if the secure transaction device determines that the host application is not authorized to access the secure network resource, disallowing the outbound network traffic to be forwarded over the secure tunnel to the secure network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CUPP Computing AS
Original Assignee
CUPP Computing AS
Inventors
Touboul, Shlomo
Primary Examiner(s)
Hoffman, Brandon
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US14/050,279
Publication Number

US 20140101716A1
Time in Patent Office

1,679 Days
Field of Search

726 1, 726 2, 726 3
US Class Current
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/53   by executing in a restricte...

G06F 21/606   by securing the transmissio...

H04L 63/0236   Filtering by address, proto...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04L 63/10   for controlling access to d...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

Transaction security systems and methods

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

141 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Transaction security systems and methods

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

141 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links