发明名称 |
Transparent adaptive authentication and transaction monitoring |
摘要 |
Enhanced security processes are integrated into online service provider workflow activities in a transparent fashion with little or no impact on the servers. Enhanced security processes may include adaptive authentication and transaction monitoring. The enhanced security processes are partially implemented in a network device, such as a network communication device, a firewall, or a load balancing system, or a separate security device, rather than being implemented in the server systems hosting on-line websites. With such an arrangement, server software is minimally modified or rewritten, and third party software, such as security applications, remains in operation. |
申请公布号 |
US9282094(B1) |
申请公布日期 |
2016.03.08 |
申请号 |
US201414318068 |
申请日期 |
2014.06.27 |
申请人 |
EMC Corporation |
发明人 |
Hunold Philipp;Chapman Daniel |
分类号 |
G06F21/00;H04L29/06;G06F21/55 |
主分类号 |
G06F21/00 |
代理机构 |
BainwoodHuang |
代理人 |
BainwoodHuang |
主权项 |
1. A method of adding increased security to communications exchanged between a server and a client device, comprising:
receiving an intercepted and re-routed communication between the server and the client device, the communication having an intended recipient; storing the re-routed communication in a memory, and communicating with the client device requesting additional security information; performing a security operation including the additional security information and generating a security decision; sending the stored communication to the intended recipient when the security decision indicates that it is safe to continue; and preventing the stored communication from being sent when the security decision indicates that it is not safe to continue, wherein receiving the intercepted and re-routed communication further comprises (1) determining whether the re-routed communication requires increased security, (2) transmitting a call to a security analysis device including information related to the intercepted communication, for generating a step-up security decision when the re-routed communication requires increased security, and (3) transmitting a challenge to the client when the step-up security decision indicates that a step-up security procedure is indicated, and wherein performing the security operation including the additional security information and generating a security decision further includes receiving a response to the challenge from the client and comparing the response to information in the memory to determine confirmation, and wherein determining whether the re-routed communication requires increased security includes determining whether the communication from the server is a communication allowing access to a resource to the client. |
地址 |
Hopkinton MA US |