Protect applications from session stealing/hijacking attacks by tracking and blocking anomalies in end point characteristics throughout a user session
US-2015341383-A1 · Nov 26, 2015 · US
Software as a service scanning system and method for scanning web traffic
US9716701B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-9716701-B1 |
| Application number | US-201514666914-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 24, 2015 |
| Priority date | Mar 24, 2015 |
| Publication date | Jul 25, 2017 |
| Grant date | Jul 25, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An endpoint computer includes a local client that transmits web traffic to a local proxy that also runs on the endpoint computer. The local proxy obtains a customer identity string that identifies a user of the local client as a paying customer of an SaaS scanning service provided by an SaaS scanning system. The local proxy inserts the customer identity string into the web traffic and thereafter transmits the web traffic to the SaaS scanning system, which authenticates the customer identity string before scanning the web traffic for web threats. The local client transmits the web traffic to the local proxy using a communication protocol and the local proxy can transmit the web traffic to the SaaS scanning system using the same or different communication protocol.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for scanning web traffic, the method comprising: receiving, by a local proxy, a first web traffic transmitted by a local client, wherein the local proxy and the local client are separate applications running on a same endpoint computer; the local proxy obtaining a customer identity string that identifies a user of the local client as a paying customer to a software as a service (SaaS) scanning service; the local proxy including the customer identity string in a header of the first web traffic, encrypting the header using a same symmetric encryption key shared by both the local proxy and an SaaS scanning system that provides the SaaS scanning service, and thereafter transmitting the first web traffic to the SaaS scanning system; the SaaS scanning system decrypting the header using the same symmetric encryption key and authenticating the customer identity string included in the first web traffic to verify that the user of the local client is subscribed to the SaaS scanning service; and the SaaS scanning system scanning the first web traffic for web threats, wherein the first web traffic is transmitted by the local client to the local proxy using a first communication protocol that is different from a second communication protocol employed by the local proxy to transmit the first web traffic to the SaaS scanning system. 2. The computer-implemented method of claim 1 , wherein the first communication protocol is HTTP and the second communication protocol is HTTP Secure (HTTPS). 3. The computer-implemented method of claim 1 , wherein the SaaS scanning system scans the first web traffic for malicious code. 4. The computer-implemented method of claim 1 , further comprising: after scanning the first web traffic for web threats, the SaaS scanning system transmitting the first web traffic to a web server system that is in communication with the local client. 5. The computer-implemented method of claim 1 , further comprising: after scanning the first web traffic for web threats, the SaaS scanning system transmitting the first web traffic using the first communication protocol to a web server system that hosts an SaaS application in communication with the local client. 6. The computer-implemented method of claim 5 , further comprising: receiving, by the SaaS scanning system, a second web traffic transmitted by the SaaS application using the first communication protocol; and the SaaS scanning system scanning the second web traffic for web threats. 7. The computer-implemented method of claim 6 , further comprising: the SaaS scanning system transmitting the second web traffic to the endpoint computer. 8. The computer-implemented method of claim 1 , wherein the local proxy receives the first web traffic from a web browser. 9. A non-transitory computer-readable medium with instructions stored thereon, that when executed on a processor of an endpoint computer, perform the steps of: receiving, by a local proxy, web traffic transmitted by a local client, wherein the local proxy and the local client are separate applications on the endpoint computer; obtaining a customer identity string that identifies a user of the local client as a paying customer of a software as a service (SaaS) scanning service; and including the customer identity string in a header of the web traffic, encrypting the header using a same symmetric encryption key shared by the local proxy and an SaaS scanning system, and thereafter transmitting the web traffic to the SaaS scanning system that provides the SaaS scanning service to scan the web traffic for web threats, wherein the web traffic is received from the local client using a first communication protocol and the web traffic is transmitted to the SaaS scanning system using a second communication protocol that is different from the first communication protocol. 10. The non-transitory computer-readable medium of claim 9 , wherein the local client is a web browser. 11. The non-transitory computer-readable medium of claim 9 , wherein the customer identity string is obtained by locally generating the customer identity string in the endpoint computer. 12. A system for scanning web traffic, the system comprising: an endpoint computer running a local client and a local proxy that receives web traffic from the local client, obtains a customer identity string that identifies a user of the local client as a paying customer of a software as a service (SaaS) scanning service, includes the customer identity string in a header of the web traffic, encrypts the header using a same symmetric encryption key shared by the local proxy and an SaaS scanning system that provides the SaaS scanning service, and transmits the web traffic to the SaaS scanning system, wherein the local client and the local proxy are separate applications running on the endpoint computer; the SaaS scanning system that receives the web traffic, decrypts the header using the same symmetric encryption key, extracts the customer identity string from the web traffic, authenticates the customer identity string, scans the web traffic for web threats, and transmits the web traffic to a web server system; and the web server system that receives the web traffic from the SaaS scanning system after the SaaS scanning system scans the web traffic for the web threats, wherein the local client transmits the web traffic to the local proxy using a first communication protocol and the local proxy transmits the web traffic to the SaaS scanning system using a second communication protocol that is different from the first communication protocol. 13. The system of claim 12 , wherein the web server system hosts an SaaS application in communication with the local client. 14. The system of claim 12 , wherein the local client is a web browser. 15. The system of claim 12 , wherein the local client transmits the web traffic to the local proxy using hypertext transfer protocol (HTTP) and the local proxy transmits the web traffic to the SaaS scanning system using HTTP Secure (HTTPS).
Assignees
Inventors
Classifications
service impersonation, e.g. phishing, pharming or web spoofing (detection of rogue wireless access points H04W12/12) · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Denial of Service · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9716701B1 cover?
- An endpoint computer includes a local client that transmits web traffic to a local proxy that also runs on the endpoint computer. The local proxy obtains a customer identity string that identifies a user of the local client as a paying customer of an SaaS scanning service provided by an SaaS scanning system. The local proxy inserts the customer identity string into the web traffic and thereafte…
- Who is the assignee on this patent?
- Trend Micro Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jul 25 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).