Monitoring Entity Behavior using Organization Specific Security Policies
US-2019124118-A1 · Apr 25, 2019 · US
Systems and methods for traffic inspection via an embedded browser
US11658993B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11658993-B2 |
| Application number | US-202217572048-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 10, 2022 |
| Priority date | May 4, 2018 |
| Publication date | May 23, 2023 |
| Grant date | May 23, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Described embodiments provide systems and methods for traffic inspection via embedded browsers. An application inspector module of an embedded browser executable on a client may intercept network traffic for an application. The network traffic may include packets exchanged between the application and the server via a channel. The application inspector module may identify a computing resource usage on the client in providing a user with access to the application via the embedded browser. The application inspector module may generate analytics data based on the intercepted network traffic and the computing resource usage. The application inspector module may maintain a user behavior profile based on the analytics data. The application inspector module may determine that a portion of the network traffic directed to the remote server contains sensitive information. Responsive to the determination, the application inspector module may block or remove the portion of the network traffic.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: monitoring, by a client device, traffic of an application hosted on one or more remote computing devices and accessed via the client device; providing, by the client device responsive to monitoring, data associated with traffic of the application as input to a model, the model configured to output identification of a predicted behavior of a user responsive to the input; causing, by the device, access to the application by the user to be restricted responsive to the identification of the predicted behavior of the user from using the model; and using, by the client device, one or more weights with the model, the one or more weights determined based at least on the data. 2. The method of claim 1 , further comprising accessing, by the client device, the application via browser within a client application of the client device. 3. The method of claim 1 , further comprising generating, by the client device from monitoring, the data identifying one or more interactions of the user with the application. 4. The method of claim 1 , further comprising determining, by the client device, a deviation from the predicted behavior and a behavior of the user measured from monitoring. 5. The method of claim 1 , further comprising determining, by the client device, to restrict access to the application responsive to the deviation being greater than a threshold. 6. The method of claim 1 , wherein the data comprises one or more of a metric of a computing resource of the client device or a metric of the traffic. 7. A client device comprising: one or more processors, coupled to memory and configured to: monitor traffic of an application hosted on one or more remote computing devices and accessed via the client device; provide, responsive to monitoring, data associated with traffic of the application as input to a model, the model configured to output identification of a predicted behavior of a user responsive to the input; and cause access to the application by the user to be restricted responsive to the identification of the predicted behavior of the user from using the model; wherein the one or more processors are further configured to use one or more weights with the model, the one or more weights determined based at least on the data. 8. The client device of claim 7 , wherein the one or more processors are further configured to access the application via browser within a client application of the client device. 9. The client device of claim 7 , wherein the one or more processors are further configured to generate, from monitoring, the data identifying one or more interactions of the user with the application. 10. The client device of claim 7 , wherein the one or more processors are further configured to determine a deviation from the predicted behavior and a behavior of the user measured from monitoring. 11. The client device of claim 10 , wherein the one or more processors are further configured to determine to restrict access to the application responsive to the deviation being greater than a threshold. 12. The client device of claim 7 , wherein the data comprises one or more of a metric of a computing resource of the client device or a metric of the traffic. 13. A non-transitory computer readable medium storing program instructions for causing one or more processors of a client device to: monitor traffic of an application hosted on one or more remote computing devices and accessed via the client device; provide, responsive to monitoring, data associated with traffic of the application as input to a model, the model configured to output identification of a predicted behavior of a user responsive to the input; and cause access to the application by the user to be restricted responsive to the identification of the predicted behavior of the user from using the model; wherein the program instructions further cause the one or more processors to use one or more weights with the model, the one or more weights determined based at least on the data. 14. The non-transitory computer readable medium of claim 13 , wherein the program instructions further cause the one or more processors to generate, from monitoring, the data identifying one or more interactions of the user with the application. 15. The non-transitory computer readable medium of claim 13 , wherein the program instructions further cause the one or more processors to determine a deviation from the predicted behavior and a behavior of the user measured from monitoring. 16. The non-transitory computer readable medium of claim 13 , wherein the program instructions further cause the one or more processors to determine to restrict access to the application responsive to the deviation being greater than a threshold. 17. The non-transitory computer readable medium of claim 13 , wherein the data comprises one or more of a metric of a computing resource of the client device or a metric of the traffic.
Assignees
Inventors
Classifications
Generation of reports · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
related to network devices · CPC title
involving simulating, designing, planning or modelling of a network · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11658993B2 cover?
- Described embodiments provide systems and methods for traffic inspection via embedded browsers. An application inspector module of an embedded browser executable on a client may intercept network traffic for an application. The network traffic may include packets exchanged between the application and the server via a channel. The application inspector module may identify a computing resource us…
- Who is the assignee on this patent?
- Citrix Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue May 23 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).