FIREWALL INFORMED BY WEB SERVER SECURITY POLICY IDENTIFYING AUTHORIZED RESOURCES AND HOSTS

US 20170302628A1
Filed: 06/28/2017
Published: 10/19/2017
Est. Priority Date: 11/10/2015
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to unauthorized digital content, the method comprising:

forwarding a request originating at a client computer regarding access to digital content hosted at a content server;

receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server;

intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server;

identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies;

blocking the triggered request from being sent to the malware server; and

sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user of a client device that is protected by a firewall may navigate to a website using a particular browser process (e.g., a window/tab of a browser) of the client device, sending a content request toward a web content server in the process. The firewall may intercept the content request, and may also receive information from the client device identifying which browser process initiated the content request. Before passing the content request to the appropriate web content server, the firewall may request and download a security policy from a security policy server. The security policy may notify the firewall which hosts are authorized/unauthorized for use with a particular domain, and which file types from each of these hosts are authorized/unauthorized for use with the particular domain. The firewall may then filter content related to the identified browser process based on the security policy.

18 Citations

View as Search Results

20 Claims

1. A method for controlling access to unauthorized digital content, the method comprising:
- forwarding a request originating at a client computer regarding access to digital content hosted at a content server;
  
  receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server;
  
  intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server;
  
  identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies;
  
  blocking the triggered request from being sent to the malware server; and
  
  sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - sending a domain name service (DNS) query to a DNS server regarding a domain name of the content server; and
      
      receiving a DNS response from the DNS server that identifies an Internet Protocol (IP) address of the content server.
  - 3. The method of claim 2, wherein the IP address of the content server corresponds to one or more of the security policies.
  - 4. The method of claim 3, further comprising sending a request to a security policy server to obtain the one or more security policies associated with the IP address of the content server.
  - 5. The method of claim 1, wherein the one or more security policies define at least one of types of resources authorized for use with the requested digital content and sources of content authorized for use with the requested digital content.
  - 6. The method of claim 1, wherein the one or more policies identify at least one authorized device.
  - 7. The method of claim 1, wherein the one or more policies identify at least one unauthorized device.

8. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor for implementing a method for controlling access to unauthorized digital content, the method comprising:
- forwarding a request originating at a client computer regarding access to digital content hosted at a content server;
  
  receiving a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server;
  
  intercepting the triggered request from the client computer, wherein the triggered request is addressed to the malware server;
  
  identifying that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies;
  
  blocking the triggered request from being sent to the malware server; and
  
  sending the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8, wherein the program further comprises instructions executable to:
    - send a domain name service (DNS) query to a DNS server regarding a domain name of the content server; and
      
      receive a DNS response from the DNS server that identifies an Internet Protocol (IP) address of the content server.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein the IP address of the content server corresponds to one or more of the security policies.
  - 11. The non-transitory computer readable storage medium of claim 10, wherein the program further comprises instructions executable to send a request to a security policy server to obtain the one or more security policies associated with the IP address of the content server.
  - 12. The non-transitory computer readable storage medium of claim 8, wherein the one or more security policies define at least one of types of resources authorized for use with the requested digital content and sources of content authorized for use with the requested digital content.
  - 13. The non-transitory computer readable storage medium of claim 8, wherein the one or more security policies identify at least one authorized device.
  - 14. The non-transitory computer readable storage medium of claim 8, wherein the one or more security policies identify at least one unauthorized device.

15. An apparatus for controlling access to unauthorized digital content, the apparatus comprising:
- a communication interface that communicates over a communication network to;
  
  forward a request originating at a client computer regarding access to digital content hosted at a content server,receive a response to the request from the content server, wherein the response includes undetected malware that triggers the client computer to request content from a malware server, andintercept the triggered request from the client computer, wherein the triggered request is addressed to the malware server,a processor that executes instructions stored in memory, wherein execution of the instructions by the processor;
  
  identifies that the malware server designated in the triggered request is an unauthorized data source in accordance with one or more security policies, andblocks the triggered request from being sent to the malware server;
  
  wherein the communication interface sends the client device an error message based on the identification that the triggered request is associated with the unauthorized data source in accordance with the one or more security policies.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the communication interface sends a domain name service (DNS) query to a DNS server and receives a DNS response from the DNS server that identifies an Internet Protocol (IP) address of the content server.
  - 17. The apparatus of claim 16, wherein the IP address of the content server corresponds to one or more of the security policies.
  - 18. The apparatus of claim 15, wherein the communication interface further sends a request to a security policy server to obtain the one or more security policies associated with the IP address of the content server.
  - 19. The apparatus of claim 15, wherein the one or more security policies define at least one of types of resources authorized for use with the requested digital content and sources of content authorized for use with the requested digital content.
  - 20. The method of claim 15, wherein the one or more security policies identify at least one authorized device or one unauthorized device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
Dell Software, Inc. (Dell Technologies Inc.)
Inventors
Vazquez Carames, Hugo

Granted Patent

US 10,491,566 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

H04L 61/4511   using domain name system [DNS]

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0245   Filtering by information in...

H04L 63/0263   Rule management

H04L 63/101   Access control lists [ACL]

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

FIREWALL INFORMED BY WEB SERVER SECURITY POLICY IDENTIFYING AUTHORIZED RESOURCES AND HOSTS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FIREWALL INFORMED BY WEB SERVER SECURITY POLICY IDENTIFYING AUTHORIZED RESOURCES AND HOSTS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links