Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
1998-04-06
2002-04-02
Alam, Hosain T. (Department: 2172)
Data processing: database and file management or data structures
Database design
Data structure types
C707S793000, C709S219000, C713S152000
Reexamination Certificate
active
06366912
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to the field of network browsing software and, in particular, to methods and systems for providing security when accessing network sites.
BACKGROUND OF THE INVENTION
In recent years, there has been a tremendous proliferation of computers connected to a global network known as the Internet. A “client” computer connected to the Internet can download digital information from “server” computers connected to the Internet. Client application and operating system software executing on client computers typically accept commands from a user and obtain data and services by sending requests to server applications running on server computers connected to the Internet. A number of protocols are used to exchange commands and data between computers connected to the Internet. The protocols include the File Transfer Protocol (FTP), the Hyper Text Transfer Protocol (HTTP), the Simple Mail Transfer Protocol (SMTP), and the “Gopher” document protocol.
The HTTP protocol is used to access data on the World Wide Web, often referred to as “the Web.” The World Wide Web is an information service on the Internet providing documents and links between documents. The World Wide Web is made up of numerous Web sites around the world that maintain and distribute Web documents. A Web site may use one or more Web server computers that are able to store and distribute documents in one of a number of formats including the Hyper Text Markup Language (HTML). An HTML document can contain text, graphics, audio clips, and video clips, as well as metadata or commands providing formatting information. HTML documents also include embedded “links” that reference other data or documents located on the local computer or network server computers.
A Web browser is a client application, software component, or operating system utility that communicates with server computers via FTP, HTTP, and Gopher protocols. Web browsers receive Web documents from the network and present them to a user. Internet Explorer, available from Microsoft Corporation, of Redmond, Washington, is an example of a popular Web browser.
An intranet is a local area network containing Web servers and client computers operating in a manner similar to the World Wide Web described above. Additionally, on an intranet a Web browser can retrieve files from a file system server executing on the same computer as the Web browser, or on a remote computer on the local area network. A Web browser can retrieve files on the local area network using the “FILE” protocol, which comprises file system commands. Typically, all of the computers on an intranet are contained within a company or organization. Many intranets include a “firewall” that functions as a gateway between the intranet and the Internet, and prevents outside people from breaking into the computers of an organization. A “proxy server” is one well-known type of firewall.
In addition to data and metadata, HTML documents can contain embedded software components containing program code that perform a wide variety of operations. These software components expand the interactive ability of an HTML document's user interface. The components can perform other operations, such as manipulating data and playing audio or video clips. ActiveX is a specification developed by Microsoft Corporation for creating software components that can be embedded into an HTML document. Java is a well-known programming language that can be used to develop components called “applets,” which are transmitted with HTML documents from Web servers to client computers. JavaScript and VBScript are scripting languages that are also used to extend the capabilities of HTML. JavaScript and VBScript scripts are embedded in HTML documents. A browser executes each script as it reaches the position in the script during interpretation of the HTML document.
Some software components transferred over the World Wide Web perform operations that are not desired by a user. This may occur either because a component developer intentionally programmed the component to perform a malicious operation, or because a “bug” in the software causes the component to perform a malicious operation. In addition to components that are transferred with an HTML document, files transferred to a client computer utilizing other protocols, such as FTP, may include commands that perform malicious operations.
One way in which browsers have addressed the problem of undesirable operations being performed as a result of Web transfers is to notify the user prior to performing a “risky” operation. The user is permitted to determine, prior to each operation, whether to allow the specified operation. For example, prior to installing an ActiveX control, a browser may display a dialog window specifying the source of the ActiveX control and allowing the user to decide whether or not to install the specified control. Similarly, the browser may present a dialog window to the user prior to downloading a file, executing a program, or executing a script.
This security procedure can result in a user repeatedly being presented with dialog windows asking for permission to perform certain operations, interrupting the user's browsing session. Faced with frequent interruptions, a user may respond hastily and improperly.
It is desirable to have a mechanism that allows a user to specify desired security information in order to avoid repetitive and unnecessary queries from the Web browser. Preferably, such a mechanism will provide a browser user with a way to categorize different Web servers according to a level of trust, and allow the performance of operations based on the level of trust corresponding to a source location. Additionally, a preferable mechanism will allow an administrator or an end user to specify, for each category of source locations, a corresponding set of operations that are allowed or disallowed. Further, a preferable mechanism will provide sets of predetermined security settings that can be associated with each category of trust level. The present invention is directed to providing such a mechanism.
SUMMARY OF THE INVENTION
In accordance with this invention, a system and a computer based method of providing security when browsing one or more Web sites from a client computer is disclosed. The method includes configuring a Web browser to establish multiple security zones, each zone corresponding to a set of Web sites. Each zone has a corresponding set of security settings that specify actions to be taken when a corresponding protected operation to be performed in response to receiving a Web document. During a Web browsing session, the mechanism of the invention determines the security zone corresponding to the Web site currently being browsed. Prior to performing a protected operation, the mechanism of the invention determines the action to perform, based on the current Web site's security zone, the requested operation, and the security setting corresponding to the requested operation and the Web site's zone.
In accordance with other aspects of this invention, during a Web browsing session between a client computer and a server computer, upon receiving, at the client computer, a Web document from a server computer, the Web browser determines whether a protected operation is to be performed in response to receiving the Web document. If a protected operation is to be performed, the Web browser determines a security setting corresponding to the protected operation and the server computer. The Web browser may perform the protected operation or prevent the performance of the protected operation. It may also query a user whether to perform the protected operation and selectively perform the protected operation based on the user response.
In accordance with still other aspects of this invention, the Web browser displays visual information indicating the security zone corresponding to a server computer when a Web document from the server computer is being displayed.
In accordance with yet still other aspects of this invention, t
Dujari Rajeev
Geer Lewis
Kohnfelder Loren M.
Ramakrishna Anand
Wallent Michael J.
Alam Hosain T.
Christensen O'Connor Johnson & Kindness PLLC
Fleurantin Jean Bolte
Microsoft Corporation
LandOfFree
Network security zones does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Network security zones, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Network security zones will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2844201