+

WO2008038277A2 - Système et procédé pour une navigation web sécurisée utilisant une configuration informatique à base de serveur - Google Patents

Système et procédé pour une navigation web sécurisée utilisant une configuration informatique à base de serveur Download PDF

Info

Publication number
WO2008038277A2
WO2008038277A2 PCT/IL2007/001181 IL2007001181W WO2008038277A2 WO 2008038277 A2 WO2008038277 A2 WO 2008038277A2 IL 2007001181 W IL2007001181 W IL 2007001181W WO 2008038277 A2 WO2008038277 A2 WO 2008038277A2
Authority
WO
WIPO (PCT)
Prior art keywords
browser
organization
network
data communication
external data
Prior art date
Application number
PCT/IL2007/001181
Other languages
English (en)
Other versions
WO2008038277A3 (fr
Inventor
David Yanovsky
Original Assignee
Jetro Platforms Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jetro Platforms Ltd. filed Critical Jetro Platforms Ltd.
Publication of WO2008038277A2 publication Critical patent/WO2008038277A2/fr
Publication of WO2008038277A3 publication Critical patent/WO2008038277A3/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/535Tracking the activity of the user
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1004Server selection for load balancing
    • H04L67/1008Server selection for load balancing based on parameters of servers, e.g. available memory or workload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1001Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers
    • H04L67/1029Protocols in which an application is distributed across nodes in the network for accessing one among a plurality of replicated servers using data related to the state of servers by a load balancer

Definitions

  • the present invention relates to systems and method which enable end users of networks of organizations to gain access to the internet while ensuring that the integrity of the internal network is not breached. More particularly, the present invention relates to systems and method which provide secure browsing for end users of networks of organizations using application virtualization and server-based computing technologies.
  • SBC Server-based computing
  • SBC is a network architecture according to which applications are deployed, managed, supported and executed in full on a remote server.
  • data and applications reside on servers.
  • the method includes the steps of monitoring designated locations of HTTP requests and distinguishing between locations of the requests on network of the organization and locations of the requests on external data communication networks. This distinction is performed by a first dedicated browser plug residing on a local browser of the client computer and a second dedicated browser plug residing on a remote browser.
  • the method also includes the step of automatically switching to operating in application virtualization mode using the remote browser when the designated location is identified as located on the external data communication networks.
  • the remote browser information is displayed on the application window of the local browser.
  • the disclosed method further includes the step of automatically switching to the local browser when the location is identified as located on the network of the organization.
  • the remote browser information is displayed on the application window of the local browser.
  • the remote browser is located on a remote server in a Secure Internet Browsing Zone located between the network of the organization and the external data communication networks.
  • the method may also include the step of randomly allocating anonymous identification information to the user.
  • the anonymous identification information replaces real identification information of the user before accessing the external data communication networks.
  • the list associating the anonymous identification information and real identification information of users is stored inside the network of the organization. This allocation is performed anew for each communication session for each user.
  • the distinction between locations of the requests on network of the organization and locations of the requests on external data communication networks is performed in accordance with system administrator definitions.
  • the method may also include the step of converting into safe files files from the external data communication networks which are sent to a printer located in the network of the organization. Additionally, the method may include the step of sending a file as an email attachment to the email of a user when the user performs file download from the external data communication networks. Alternatively, the method may include the steps of quarantining a file and inspecting the file using third party tools before allowing the transference of the file into the network of the organization. The quarantining and inspecting are performed when file download is requested from the external data communication networks.
  • the method may further include the steps of monitoring browser data flow and load balancing of the browsing in accordance with the monitored browser data flow. [0013] The method may also include the step of synchronizing between the local browser residing on the client computer and the remote browser. The synchronization may include copying lists of favorite links, copying cookies, and copying browsing history. [0014] The method may further include the step of controlling the execution of flash movies on the browsers. [0015] Also disclosed is a system of enabling the secure access to external data communication networks for a client computer of a user of a network of an organization using application virtualization and server-based computing architecture. The system comprises at least one local browser wherein the local browser resides on the client computer and at least one remote browser located on a server in a Secure Internet 007/001181
  • the Secure Internet Browsing Zone is located between the network of the organization and the external data communication networks.
  • the system also includes a first dedicated browser plug residing on the local browser wherein the plug monitors all designated locations of HTTP requests and distinguishes between locations on the network of the organization and locations on external data communication networks.
  • a second dedicated browser plug residing on the remote browser located on a remote server wherein the plug monitors all designated locations of HTTP requests and distinguishes between locations on the network of the organization and locations on external data communication networks.
  • the system also includes a switching module for alternating between browsing using the local browser and browsing using the remote browser in application virtualization mode in accordance with the distinctions between links on the network of the organization and links on the external data communication networks. The information of the local browser and the remote browser is alternately displayed to the user on the same browser application window.
  • the system may further include at least one dedicated local server residing on the network of the organization.
  • the local server monitors and controls browsing activity of the users in accordance with predefined criteria.
  • the system may further include a local internal directory service for managing the predefined criteria.
  • the local internal directory service further manages the allocation of random identification information for the users.
  • the system may also include at least one gateway server residing on the Secure Internet Browsing Zone.
  • the gateway server may monitor and control browsing activity of the users in accordance with predefined criteria.
  • a remote internal directory service for managing the predefined criteria.
  • the system may further include at least one remote application virtualization controlling server in the Secure Internet Browsing Zone for monitoring and controlling browsing activity through Secure Internet Browsing Zone in accordance with predefined rules.
  • the system may also include a first firewall leg.
  • the first firewall leg is located between the network of the organization and the Secure Internet Browsing Zone.
  • the system may also include a second firewall leg.
  • the second firewall leg is located between the Secure Internet Browsing Zone and the external data communication networks.
  • FIG. 1 is a block diagram illustrating principal components of the proposed system and method in accordance with embodiments of the present invention, and the environment in which they operate;
  • Figure 2 is a flowchart schematically illustrating the principal steps and the flow of information in accordance with embodiments of the present invention.
  • the present invention provides a highly secured controlled access to external data communication networks, which are outside the network of the organization, such as the internet, for end users of an organization.
  • the disclosed system makes use of application virtualization and server based technology (SBC) architectures to provide users with a transparent browsing experience which may be centrally monitored and controlled.
  • SBC application virtualization and server based technology
  • the system enables users the browsing of the internet using their client computers without executing any HTML or downloading of any original web content, such as files, pictures and print files, into the network of the organization and onto the client computer.
  • the proposed system provides additional security measures to the network of the organization by allocating random anonymous users to the client users of the organization.
  • the proposed configuration also enables highly effective load balancing services.
  • An embodiment is an example or implementation of the inventions.
  • the various appearances of "one embodiment,” “an embodiment” or “some embodiments” do not necessarily all refer to the same embodiments.
  • various features of the invention may be described in the context of a single embodiment, the features may also be provided separately or in any suitable combination.
  • the invention may also be implemented in a single embodiment.
  • Reference in the specification to "one embodiment”, “an embodiment”, “some embodiments” or “other embodiments” means that a particular feature, structure, or characteristic described in connection with the embodiments is included in at least one embodiments, but not necessarily all embodiments, of the inventions. It is understood that the phraseology and terminology employed herein is not to be construed as limiting and are for descriptive purpose only.
  • bottom”, “below”, “top” and “above” as used herein do not necessarily indicate that a “bottom” component is below a “top” component, or that a component that is “below” is indeed “below” another component or that a component that is “above” is indeed “above” another component.
  • directions, components or both may be flipped, rotated, moved in space, placed in a diagonal orientation or position, placed horizontally or vertically, or similarly modified.
  • the terms “bottom”, “below”, “top” and “above” may be used herein for exemplary purposes only, to illustrate the relative positioning or placement of certain components, to indicate a first and a second component or to do both.
  • FIG. 1 is a block diagram illustrating principal components of the proposed system and method in accordance with embodiments of the present invention, and the environment in which they operate.
  • users in the organization connect to their client computers 110 which may be any type of computer device such as desktop, laptop, handheld personal computer (PC), Palm, BlackberryTM, Smart PhoneTM, workstation and the like.
  • the client computers are connected to the network of the organization 100.
  • Also connected to the network of the organization 100 are dedicated servers 120.
  • Dedicated servers 120 monitor and control the internal and external browsing activity of the users based on information stored in internal directory service 125.
  • Internal directory service 125 manages the identities and relationships that make up network environments.
  • the system switches to secure application virtualization browsing mode.
  • dedicated servers 160 in the network of the organization 100 communicate with remote servers 160 in Secure Internet Browsing Zone 140 through first firewall leg 130.
  • Remote servers 160 acquire information from their local directory services domain 165 and communicate with Application Virtualization Services (AVS) Servers, in remote AVS farm 150.
  • the local directory services domain 165 may be any type of directory services domain, such as Active Directory of MicrosoftTM.
  • AVS Servers in remote AVS farm 150 may be any type of servers of Application Virtualization Services, such as Terminal Servers of MicrosoftTM Presentation Server of CitrixTM and application vitalizing technology of VMwareTM.
  • the servers in the Secure Internet Browsing Zone 140 establish connections with external data communication networks 180 through a second firewall leg 170.
  • the data from external data communication networks 180 to client computers 110 flows from the external data communication networks 180 through second firewall leg 170 to the remote servers in Secure Internet Browsing Zone 140, and through the first firewall leg 130 to the client computers 110 on the network of the organization 100.
  • the distinction between the network of the organization 100 and the external data communication networks 180 may be defined by the system administrator.
  • the system administrator may define the local area network (LAN) of the organization as the network of the organization 100 and any other address as residing on an external data communication network 180.
  • the system administrator may define several addresses on the internet as belonging to the network of the organization 100 and any other addresses as residing on external data communication network 180. Such definitions may be performed according to the domain names of the websites.
  • the browser on the client computers 110 operates in local mode when browsing sites in the internal links within the network of the organization 100.
  • local browsing mode the browsing is performed using a local browser which runs on the client computer 110.
  • the system automatically switches to browsing in application virtualization mode.
  • switching between local browsing mode and secure application virtualization mode is performed in a manner which is totally transparent to the user.
  • users in the organization may be totally unaware that the browsing application accessible to them on the client computer is not run locally, but operates through remote AVS Servers 150.
  • the system automatically switches to local browsing mode using a browser operating locally, on client computer 110.
  • Remote AVS Server 150 receives all actions performed by the users on the client computers 110 and implements user activities on a browser residing on remote AVS Server 150. Any changes occurring in the browser on remote AVS Server 150 are transmitted to the appropriate client computer 110 using client-server communication protocols, proprietary or commercial protocol such as Remote Desktop Protocol (RDP), Independent Computing Architecture (ICA) or any other protocol.
  • RDP Remote Desktop Protocol
  • ICA Independent Computing Architecture
  • the only information streaming from external data communication networks 180, through Secure Internet Browsing Zone 140 to the network of the organization 100 are graphic, text, video and audio information changes reflecting changes occurring in the browser window.
  • all browser activity is performed on remote AVS 150 and the user receives only graphic, text, video and audio information of the browser window.
  • the network of the organization 100 and its client computers are therefore protected from any malicious content from the external data communication networks 180, such as viruses, worms, Trojan horses and the like.
  • a dedicated browser plug resides on client computer 110 and an additional plug is on external AVSs 150.
  • This plug intercepts all client computer 110 appeals to HTTP/HTTPS protocols.
  • the plug redirects the calls to local browser for internal corporate sites and to remote browser for external sites.
  • Additional features may be added in order to provide enhanced browser 3rd party contents or functionality. These may include content blocking of particular formats, such as flash and video streaming, enabling or disabling add-ins like toolbars, and enabling the operation of additional protocols such as instant messaging and voice over internet protocol (VoIP) tools.
  • the proposed system and method enable controlling the execution of flash movies.
  • FIG. 2 is a flowchart schematically illustrating the above described procedure in accordance with embodiments of the present invention.
  • the user selects a link (step 200).
  • the dedicated agent on the client computer of the user checks whether the link is an internal or an external one (step 205). Provided that the link is an internal one, the local browser on the client computer of the user retrieves the information in local browsing mode (step 210). If the link is found to point to an external website the browser seamlessly switches to operating in virtual browsing mode in accordance with application virtualization methods (step 215).
  • the seamless switching between local browsing mode and virtual browsing mode is achieved using several means.
  • a random user identification information is retrieved from a local server for the user (step 220).
  • the random user identification information is generated anew for each communication session of each user.
  • all browsing activity of the users is kept completely anonymous.
  • the external link information and random user identification information is sent to the server of the Secure Internet Browsing Zone and this information is validated (step 225) by the servers of the Secure Internet Browsing Zone. Additionally, at this step the system may check that requested external link complies with organization policies concerning web-browsing.
  • a browser is activated on the servers of the Secure Internet Browsing Zone (step 230) and the requested information is retrieved from the remote website on the external data communication networks (step 235). The retrieved information is checked according to data-security definitions (step 240). Finally, graphic, text, video and audio information are sent from the browser on the server of the Secure Internet Browsing Zone to the virtual browsing window on the client computer of the user in accordance with application virtualization methods (step 245, 250). Thus, only graphic, text, video and audio information representing the information on the browser in the Secure Internet Browsing Zone is sent to the network of the organization 100.
  • the system includes a AVS shield to protect eavesdropping of communication between the server and the terminals from distributed denial-of-service, buffer overflow and similar attacks.
  • the default eavesdropper accepts connections only from a dedicated secure relay module. All communication protocols such as RDP, secure RDP (RDPS) and printing are encapsulated by digitally signed Extensible Markup Language (XML) tags. The public and private certificates are unique for every organization site. All other unsigned or wrongly signed communication packets are dropped.
  • Client computer 150 in the network of the organization 100 only communicates with servers of the system 120 inside the network of the organization 100.
  • the transmission control protocol (TCP) communication between the network of the organization 100 and Secure Internet Browsing Zone 140 are performed only from servers of the system 120 on the network of the organization 100 to servers 160 of Secure Internet Browsing Zone 140. There are no open communication ports to AVS Servers 150 or to service Directory 165 for replication, thus client desktop do not communicate directly with AVS Servers 150. Any attempt to establish connection with the AVA Servers 150 or to bypass the security system is automatically blocked by the system.
  • an internal user has to be a member of the service directory such as active directory or any other directory service (NOVEL, Netscape etc) of the organization in order to connect to AVS Servers 150. The user identity is kept anonymous during internet browsing.
  • the system allocates random usernames to the users of the organization to create anonymous usernames.
  • the lists of real usernames and anonymous usernames are kept only in server 120 of the network of the organization 100.
  • the outside world, including the Secure Internet Browsing Zone 140 only has access to the anonymous usernames.
  • the system erases the cookies and browsing history lists of the user with every user logoff.
  • the proposed system and method also enable implementing precise monitoring of user activity on external data communication networks 180.
  • the system may not only monitor which websites the user accesses, but also give precise indications as to for how long the window presenting the website was active. Since users sometime use multiple windows simultaneously and leave some windows open even when they are not working directly with them, it is difficult to provide accurate indications as for the actual time the user spent in a particular website using prior art. However, since in application virtualization architecture the status of the window is constantly monitored, the system may provide accurate information concerning the internet usage patterns of the user. Additionally, according to embodiments of the present invention the system may implement management restriction regarding the access of the user to the internet, including time and website content limitations.
  • the downloaded file is sent by email to the user.
  • the downloaded file is scanned and filtered by the email security mechanisms of the organization.
  • all downloaded files are first downloaded to a secure isolated zone. The files are then checked and scanned using file inspection third party tools before allowing their transference to the network of the organization 100.
  • all files which are sent to printers located on the network of the organization 100 from external data communication networks 180 are converted into safe files and printing commands before entering the network of the organization 100.
  • load balancing tools are used in order to provide maximum scalability and performance when running browsers on the AVS Server 150.
  • a dedicated performance related counter may be implemented, which may include monitoring browser I/O operations per second, page faults per second, private bytes, thread counts, user and kernel time and the like. Those counters enable identifying bottlenecks and releasing them. Releasing bottlenecks enables the increase of server resource utilization and allow more users to be served by same AVS Servers 150.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer And Data Communications (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

La présente invention concerne un accès contrôlé hautement sécurisé à des réseaux de communication de données externes, lesquels se trouvent à l'extérieur du réseau de l'organisation, tels que l'Internet, pour des utilisateurs finaux d'une organisation. Selon des modes de réalisation de la présente invention, le système révélé emploie la visualisation d'application et des architectures de technologie à base de serveur (SBC) afin de fournir une expérience de navigation transparente aux utilisateurs qui peut être commandée et contrôlée centralement. Le système permet aux utilisateurs la navigation sur Internet en utilisant les ordinateurs de leurs clients sans exécuter n'importe quel HTML ou sans télécharger n'importe quel contenu Web original dans le réseau de l'organisation et sur l'ordinateur du client. Selon des modes de réalisation de la présente invention, le système proposé fournit des mesures de sécurité supplémentaires au réseau de l'organisation en attribuant des utilisateurs anonymes aléatoires aux utilisateurs clients de l'organisation. La configuration proposée permet également des services d'équilibrage des charges hautement efficace.
PCT/IL2007/001181 2006-09-26 2007-09-25 Système et procédé pour une navigation web sécurisée utilisant une configuration informatique à base de serveur WO2008038277A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US84711906P 2006-09-26 2006-09-26
US60/847,119 2006-09-26

Publications (2)

Publication Number Publication Date
WO2008038277A2 true WO2008038277A2 (fr) 2008-04-03
WO2008038277A3 WO2008038277A3 (fr) 2009-08-27

Family

ID=39230670

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IL2007/001181 WO2008038277A2 (fr) 2006-09-26 2007-09-25 Système et procédé pour une navigation web sécurisée utilisant une configuration informatique à base de serveur

Country Status (2)

Country Link
IL (1) IL186289A (fr)
WO (1) WO2008038277A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312928A (zh) * 2012-03-14 2013-09-18 柯尼卡美能达商用科技株式会社 信息处理系统、用户终端装置、信息处理装置以及控制方法
KR101509081B1 (ko) 2014-02-28 2015-04-08 (주) 더존비즈온 애플리케이션 가상화 시스템 및 그 시스템에서의 브라우저 구동 방법
CN105320536A (zh) * 2014-10-15 2016-02-10 贵州电网公司信息通信分公司 一种基于应用虚拟化的终端管理方法
EP3247084B1 (fr) 2016-05-17 2019-02-27 Nolve Developments S.L. Serveur et procédé pour fournir un accès sécurisé à des services web

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6286046B1 (en) * 1997-12-22 2001-09-04 International Business Machines Corporation Method of recording and measuring e-business sessions on the world wide web

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103312928A (zh) * 2012-03-14 2013-09-18 柯尼卡美能达商用科技株式会社 信息处理系统、用户终端装置、信息处理装置以及控制方法
US20130246509A1 (en) * 2012-03-14 2013-09-19 Konica Minolta Business Technologies, Inc. Information processing system, user terminal, information processing device, and non-transitory computer readable recording medium
EP2639688A3 (fr) * 2012-03-14 2014-02-19 Konica Minolta Business Technologies, Inc. Système de traitement d'informations, terminal d'utilisateurs, dispositif de traitement d'informations et support d'enregistrement lisible par ordinateur non transitoire
US9578084B2 (en) 2012-03-14 2017-02-21 Konica Minolta Business Technologies, Inc. Information processing system for starting up a browser, user terminal, information processing device, and non-transitory computer readable recording medium
KR101509081B1 (ko) 2014-02-28 2015-04-08 (주) 더존비즈온 애플리케이션 가상화 시스템 및 그 시스템에서의 브라우저 구동 방법
CN105320536A (zh) * 2014-10-15 2016-02-10 贵州电网公司信息通信分公司 一种基于应用虚拟化的终端管理方法
EP3247084B1 (fr) 2016-05-17 2019-02-27 Nolve Developments S.L. Serveur et procédé pour fournir un accès sécurisé à des services web
US11232167B2 (en) 2016-05-17 2022-01-25 Randed Technologies Partners S.L. Server and method for providing secure access to web-based services

Also Published As

Publication number Publication date
WO2008038277A3 (fr) 2009-08-27
IL186289A (en) 2009-02-11

Similar Documents

Publication Publication Date Title
US12225050B2 (en) Distribution and management of services in virtual environments
CN109196505B (zh) 基于硬件的虚拟化安全隔离
EP3716108B1 (fr) Système de traitement de contenu web basé sur le nuage permettant d'isoler les menaces pour les clients et d'assurer l'intégrité des données
US10375111B2 (en) Anonymous containers
US8613045B1 (en) Generating secure roaming user profiles over a network
US8272045B2 (en) System and method for secure remote desktop access
US10305907B2 (en) Computer device and method for controlling access to a web resource
US12111941B2 (en) Dynamically controlling access to linked content in electronic communications
US8272041B2 (en) Firewall control via process interrogation
RU2327214C2 (ru) Системы и способы предотвращения вторжения для сетевых серверов
US20200267146A1 (en) Network analytics for network security enforcement
US10032027B2 (en) Information processing apparatus and program for executing an electronic data in an execution environment
WO2008038277A2 (fr) Système et procédé pour une navigation web sécurisée utilisant une configuration informatique à base de serveur
JP6359260B2 (ja) クラウド環境においてセキュアなクレジットカードシステムを実現するための情報処理システムおよびファイアウォール装置
US11902298B2 (en) Dynamic remote browsing
Karras On defining an hierarchical Secure proxy agent architecture for embedded communication network applications

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07827155

Country of ref document: EP

Kind code of ref document: A2

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07827155

Country of ref document: EP

Kind code of ref document: A2

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载