Information security – Prevention of unauthorized use of data including prevention...
Reexamination Certificate
2006-03-10
2009-06-30
Chai, Longbit (Department: 2431)
Information security
Prevention of unauthorized use of data including prevention...
C726S027000, C726S028000, C726S029000, C726S030000, C713S187000, C713S188000, C713S189000, C380S247000, C380S248000, C380S249000
Reexamination Certificate
active
07555781
ABSTRACT:
A security component determines whether a request for a resource poses a security risk to a computing device and verifies the integrity of the requested resource before the request is allowed. For a request having arguments and a resource path with a filename that identifies the resource, the security component determines that the request does not pose a security risk if the resource path does not exceed a maximum number of characters, individual arguments do not exceed a maximum number of characters, the arguments combined do not exceed a maximum number of characters, and the filename has a valid extension. The security component verifies the integrity of a requested resource by formulating a descriptor corresponding to the resource and comparing the descriptor with a cached descriptor corresponding to the resource.
REFERENCES:
patent: 6415280 (2002-07-01), Farber et al.
patent: 2002/0004917 (2002-01-01), Malcolm et al.
patent: 2002/0083178 (2002-06-01), Brothers
U.S. Appl. No. 60/224,907 “System and Method for the Management of Secure Content on an HTTP Distribution Infrastructure”, Brothers, Filed Aug. 11, 2000.
Bruschi, et al., “A Tool for Pro-Active Defense Against the Bugger Overrun Attack,” ESORICS (Computer Security), Sep. 1998, pp. 17-31.
Curtin, “On Guard Fortifying Your Site Against Attack,” available at <<www.webtechniques.com>>, Apr. 2000, pp. 46-50.
Juszczyszyn, “Domain and Type Enforcement Access Control Model in Firewall Systems,” Information Systems Architecture and Technology (ISAT), 1998.
Smith, “Mandatory Protection for Internet Server Software,” IEEE Computer Security Applications Conference, Dec. 1996, pp. 178-184.
Smith, “Sidewinder: Defense in Depth using Type Enforcement,” International Journal of Network Management, Jul.-Aug. 1995, pp. 219-229.
Feuerstein Yehuda
Pfost Jared E.
Purpura Stephen J.
Chai Longbit
Lee & Hayes PLLC
Microsoft Corporation
LandOfFree
Security component for a computing device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security component for a computing device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security component for a computing device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4118202