Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1998-11-17
2002-12-03
Wiley, David (Department: 2158)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C709S218000
Reexamination Certificate
active
06490626
ABSTRACT:
TECHNICAL FIELD
The present invention relates in general to computerised systems for down-loading, or ‘browsing’, information stored in computer-readable form. More particularly, although not exclusively, the invention relates to a browser system for browsing information that contains mobile code retrievable from the World Wide Web.
BACKGROUND ART
The World Wide Web (Web) may be thought of as a global village where computers (hosts) are the buildings, and the worldwide computer network known as the Internet forms the streets. The computers have addresses (IP Addresses) consisting of four numbers separated by periods. Many hosts also have nicknames known as domain names. A Web site typically consists of a UNIX or Microsoft Windows based Web server, which runs on a host and ‘serves’ software or content to other computers accessing the Web site. A Web site is not a single application, but a system that provides access to applications and data stored on the host, as well as inside an organisation. A user utilises a Web ‘browser’ running on a client computer to access the software or content on the Web server.
FIG. 1
illustrates a client computer
100
executing a Web browser program
105
that is employed by a user to communicate over the Internet
110
, in a special language called HyperText Transfer Protocol (HTTP)
115
, with a host computer
120
executing a Web server program
125
to obtain data. Hereafter, the term ‘Web browser’ may be used interchangeably to describe a Web browser program or the program in execution on a computer, depending on the context. In the diagram, and in following diagrams, solid connection lines represent physical connections between hardware and broken connection lines represent logical connections between software processes. The most basic Web transaction involves the transmission of Web pages, written in HyperText Markup Language (HTML) from the Web server
125
to the Web browser
105
. Upon request by the user at the Web browser
105
, the Web server
125
translates the HTML-based Web page into HTTP and sends it over the Internet
110
for display as a Web page on the requesting browser
105
. The Web browser
105
receives the HTTP-encoded Web page, translates the HTTP back into HTML and displays the page.
The concept of ‘mobile code’ has been developed to extend the functionality of the Web. Mobile code is typically code associated with a Web page which, when downloaded from a Web server, automatically executes within the environment of the requesting Web browser. In a simple form, mobile code can be used to enhance the graphical appearance of a Web page by, for example, implementing simple animation. It is envisaged, however, that mobile code will be used to implement many different and far more complex functions in future. A good example of one use for mobile code is to download transactional clients, which support specialised user interfaces, to support data transfer between client and server applications.
Commonly, mobile code is written in the Java programming language as a Java applet. Mobile code may also be written in other languages, such as defined in the ActiveX model. Both Java applets and ActiveX control functions can be embedded into a standard Web page. Therefore, the simple operation of downloading a Web page can also download and activate associated mobile code.
While mobile code can greatly extend the functionality of the Web, the same extended functionality, by its nature, leads to serious security issues.
Mobile code, and Web browsers that run mobile code, are developed according to rigid security guidelines which are intended to prevent the possibility that malicious users can use mobile code to cause harm to the computing environment surrounding a Web browser. However, there are already many documented flaws in the security measures, which can lead to devastating results. Typically, the party downloading ‘rogue’ mobile code would be unaware of the damaging effect thereof until it was too late.
Some serious mobile code attacks known take advantage of bugs in the mobile code processing environment of the Web browser, which allow the mobile code to gain control over the operating system of the computing platform. From this position, the mobile code could cause damage such as deleting all files on the computer, or even launching attacks on other, networked computing platforms.
Other serious mobile code attacks are known as ‘social engineering’ attacks. These attacks rely on tricking an unwary user by, for example, sending the user a ‘patch’ for the Web browser, and suggesting that the patch is to remedy a security flaw in the Web browser. The patch, instead of being one that remedies a security flaw, actually overwrites good code with code that creates a security flaw. There are many other ways of tricking unwary users in this way.
Web browsers, which can run mobile code, such as Netscape Navigator™, typically include the option to ‘disable’ mobile code processing, thereby preventing the potential for any damage, even if mobile code is downloaded. Of course, this radical measure, whilst being very effective, also removes any benefit which can be obtained from genuine, safe mobile code.
It would therefore be desirable to have a system in which mobile code can be executed safely, while at the same time not allowing rogue mobile code to cause any damage to any system.
DISCLOSURE OF THE INVENTION
In accordance with a first aspect, the present invention provides a browser system, comprising a browser process configured to receive from a remote data source a resource incorporating mobile code and to process the mobile code to generate graphical output data; and
an interface process configured to provide a communications channel between the browser process and a remote display system to facilitate transfer of the graphical output data to the remote display system.
The term browser is commonly associated with complex and sophisticated programs such as Netscape Navigator™ or Internet Explorer™. These programs are well known. However, herein, the term browser is used more broadly to include any program or system which, when running, is able to receive a requested resource, for example a Web page, from a source such as a Web server connected via a communications network to the browser. Further, a browser according to the present invention can even receive unsolicited resources as a result of, for example, some form of ‘push’ technology, which distributes resources or messages to registered subscribers.
The invention has the advantage that mobile code is processed in a secure environment, so that the client, which is apart from the environment, remains relatively safe from attack. The client only receives data from the browser to visualise the output of the processing of the mobile code on the browser. The client is, therefore, in effect able to access mobile code, and see the result of the processing of the mobile code, without being subjected to any threat from rogue mobile code.
In a preferred embodiment of the present invention, the browser system comprises a secure operating system, for example one which enforces Mandatory Access Control (MAC), such that mobile code and the browser are unable to damage the system running the browser, let alone the client.
While the invention, in general, aims to protect user systems from rogue mobile code, and from vulnerable browsers running rogue mobile code, embodiments which employ secure operating systems, such as those providing MAC, can be configured to also provide a high level of protection to the computer platform that supports the browser running the mobile code. Such systems consequently can provide even more protection to users' systems, by greatly reducing the risk of mobile code reaching users' systems, or other parts of the network, by some other route.
Other aspects and features of the invention are described and claimed hereafter.
REFERENCES:
patent: 5903732 (1999-05-01), Reed et al.
patent: 5940831 (1999-08-01), Takano
patent: 5991796 (1999-11-01), Anupam et al.
Edwards Nigel
Rees Owen
Zhong Qun
Hewlett -Packard Company
Ladas & Parry
Wiley David
LandOfFree
Browser system does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Browser system, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Browser system will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2934352