IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0047302
(2002-01-14)
|
등록번호 |
US-7318238
(2008-01-08)
|
발명자
/ 주소 |
- Elvanoglu,Ferhan
- Dujari,Rajeev
|
출원인 / 주소 |
|
인용정보 |
피인용 횟수 :
22 인용 특허 :
56 |
초록
▼
A system and method that allows a page (e.g., Internet content) author to associate a set of security settings on any desired element (e.g., tag) of the page. When the page is interpreted, each element is handled based on its associated security settings, allowing a page author to request that any e
A system and method that allows a page (e.g., Internet content) author to associate a set of security settings on any desired element (e.g., tag) of the page. When the page is interpreted, each element is handled based on its associated security settings, allowing a page author to request that any element be considered differently with respect to security than other elements, and/or differently relative to the page that contains it. A negotiator determines the actual settings for elements to ensure that security cannot be compromised by tagging an element such that it has the ability to do more than desired. The negotiator also determines the settings for elements that do not have specifically associated security data, e.g., elements without specified security settings may inherit security settings from higher elements, or the top-level container. The settings may correspond to those of a security zone.
대표청구항
▼
What is claimed is: 1. In a computer system, a method comprising: receiving a page comprising content including one or more elements having active content; and controlling page output corresponding to at least part of the content by: 1) disabling or enabling execution of a first script or loading o
What is claimed is: 1. In a computer system, a method comprising: receiving a page comprising content including one or more elements having active content; and controlling page output corresponding to at least part of the content by: 1) disabling or enabling execution of a first script or loading of a first control corresponding to at least one part of the page based on a first set of security settings; and 2) disabling or enabling execution of a second script or loading of a second control corresponding to at least one other part of the page based on a second set of security settings, the second set of security settings being different from the first set of security settings. 2. The method of claim 1, wherein receiving the page includes accessing data received from a remote source. 3. The method of claim 1, wherein receiving the page includes accessing data received from a cache. 4. The method of claim 1, wherein a first action including one of execution of the first script or the loading of the first control is requested in the content in the at least one part of the page, wherein a second action including one of execution of the second script or the loading of the second control is requested in the content in the at least one other part of the page, and wherein controlling page output comprises, allowing the first action and disallowing the second action. 5. The method of claim 4 wherein the first action corresponds to a command to run the first script, and wherein the second action corresponds to a command to run the second script. 6. The method of claim 4 wherein the first action further corresponds to a command to download a first set of data, and wherein the second action corresponds to a command to download a second set of data. 7. The method of claim 4 wherein allowing the first action comprises, prompting a user for a decision and receiving a response indicating that the first action is allowed. 8. The method of claim 4 wherein disallowing the second action comprises, prompting a user for a decision and receiving a response indicating that the second action is not allowed. 9. The method of claim 1, wherein a first action including one of execution of the first script or loading of the first control is requested in the content in the at least one part of the page, wherein a second action including one of execution of the second script or loading of the second control is requested in the content in the at least one other part of the page, and wherein controlling page output comprises, disallowing the first action and allowing the second action. 10. The method of claim 1 further comprising: retrieving the first set of security settings based on an identifier indicating a source from which the page is obtained, and associating the first set of security settings with the at least one part of the page. 11. The method of claim 10 further comprising, constructing a tree to represent the page, and wherein associating the first set of security settings with the at least one part of the page includes storing data corresponding to the first set of security settings at a node in the tree. 12. The method of claim 1 further comprising: recognizing security data associated with an element of the page, and associating the second set of security settings with the at least one other part of the page based on the security data. 13. The method of claim 12 further comprising, constructing a tree to represent the page, and wherein associating the second set of security settings with the at least one other part of the page includes storing data corresponding to the second set of security settings at a node in the tree that corresponds to the element. 14. The method of claim 13 wherein storing data corresponding to the second set of security settings comprises negotiating the second set of security settings. 15. The method of claim 14 wherein negotiating the second set of security settings comprises inheriting at least one setting in the second set of security settings based on security information associated with a parent node in the tree. 16. The method of claim 14 wherein negotiating the second set of settings comprises receiving at least one setting in the second set of security settings based on security information associated with a child node in the tree. 17. The method of claim 1, wherein controlling page output further comprises, accessing privacy settings. 18. A computer-readable medium having computer-executable-instructions for performing the method of claim 1. 19. In a computer connected to a network, a system comprising: browser software that interprets content received from the network, and a security mechanism that associates a first security zone with a first part of the content and associates a second security zone with a second part of the content, the security mechanism being further operable to associate a first set of security settings with the first part of the content based on the first security zone, and associate a second set of security settings with the second part of the content based on the second security zone, the second set of security settings being different from the first set of security settings, whether execution of a first script or loading of a first control corresponding to the first part of the content is permitted being based on the first set of security settings, and whether execution of a second script or loading of a second control corresponding to the second part of the content is permitted being based on the second set of security settings. 20. The system of claim 19 further comprising, a negotiator that controls the second set of security settings. 21. The system of claim 20 wherein the negotiator controls the second set of security settings relative to the first set of security settings. 22. The system of claim 21 wherein the negotiator controls the second set of security settings relative to the first set of security settings by having at least one setting in the second set be inherited from a corresponding setting in the first set. 23. The system of claim 19 wherein the first set of security settings is based on a network identifier of a source of the content. 24. The system of claim 19 wherein the second part of the content corresponds to an element in the content. 25. The system of claim 24, further comprising a component that detects security data associated with the element. 26. The system of claim 25 wherein the security data associated with the element comprises, a reference to a security zone. 27. The system of claim 25 wherein the security data associated with the element comprises, a reference to a file. 28. The system of claim 25 wherein the security data associated with the element comprises, a reference to a source of remote data. 29. The system of claim 25 wherein the security data associated with the element comprises a string of data corresponding to at least some of the security settings. 30. The system of claim 25 wherein the security data associated with the element comprises information indicating that the security settings should be determined relative to other security settings. 31. The system of claim 19 further comprising, a tree of nodes constructed from the content, the tree including a first node corresponding to the first part and a second node corresponding to the second part. 32. The system of claim 31 further comprising, a negotiator that controls the second set of security settings. 33. The system of claim 32 wherein the negotiator evaluates the second set of security settings. 34. The system of claim 32 wherein the negotiator changes at least one setting in the second set of security settings based on a rule. 35. The system of claim 31 further comprising, at least one other node in the tree that is associated with security settings based on inheriting information from a parent node. 36. The system of claim 35 wherein the parent node comprises the first node. 37. The system of claim 35 wherein the parent node comprises the second node. 38. The system of claim 31 further comprising, at least one other node in the tree that is associated with security settings based on security data of a child node. 39. The system of claim 19 wherein the second part of the content corresponds to a frame tag in the content. 40. The system of claim 19 wherein the content comprises a HyperText Markup Language page. 41. A markup language document, comprising: a first set of content associated with a first set of security settings, the first set of security settings indicating whether execution of a first script or loading of a first control corresponding to the first set of content is permitted; and a second set of content associated with a second set of security settings, the second set of security settings being different from the first set of security settings. and the second set of security settings indicating whether execution of a second script or loading of a second control corresponding to the second set of content is permitted. 42. The markup language document of claim 41 wherein the first set of content corresponds to a page, the second set of content is included in the page, and wherein the second set of security settings take precedence over the first set of security settings with respect to determining security for the second set of content. 43. The markup language document of claim 41 wherein the first set of content corresponds to a page and the second set of content corresponds to a frame element included in the page. 44. The markup language document of claim 41, wherein the markup language document includes a reference to a file that corresponds to at least some of the second set of security settings. 45. The markup language document of claim 41, wherein the markup language document includes a reference to a source of remote data that corresponds to at least some of the second set of security settings. 46. The markup language document of claim 41, wherein the markup language document includes a string of data that corresponds to at least some of the second set of security settings. 47. The markup language document of claim 41, wherein the markup language document includes information indicating that at least some of the second set of security settings should be determined relative to other security settings.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.