최소 단어 이상 선택하여야 합니다.
최대 10 단어까지만 선택 가능합니다.
다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
NTIS 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
DataON 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Edison 바로가기다음과 같은 기능을 한번의 로그인으로 사용 할 수 있습니다.
Kafe 바로가기국가/구분 | United States(US) Patent 등록 |
---|---|
국제특허분류(IPC7판) |
|
출원번호 | US-0389076 (2009-02-19) |
등록번호 | US-8307067 (2012-11-06) |
발명자 / 주소 |
|
출원인 / 주소 |
|
대리인 / 주소 |
|
인용정보 | 피인용 횟수 : 153 인용 특허 : 310 |
An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured v
An improved system and approaches for protecting secured files when being used by an application (e.g., network browser) that potentially transmits the files over a network to unknown external locations are disclosed. According to one aspect, access to secured files is restricted so that unsecured versions of the secured files are not able to be transmitted over a network (e.g., the Internet) to unauthorized destinations. In one embodiment, processes operating on a computer system are monitored to determine destination locations, if any, of said processes, and then using such destination locations to determine whether to permit the processes to open files in a secure or unsecured manner.
1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising: determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system;examining,
1. A method for identifying a destination address configured to be accessed by a window for a process operating on a computer system, the method comprising: determining, by the computer system, a foreground window for the process, wherein the process is associated with the computer system;examining, by the computer system, a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; anddetermining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process. 2. The method as recited in claim 1, wherein the process is associated with a network browser operating on the computer system. 3. The method as recited in claim 1, wherein the examining comprises: determining whether the process is associated with a network browser operating on the computer system; andexamining the resource being displayed in the foreground window of the network browser to determine the destination address. 4. The method as recited in claim 1, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system. 5. The method as recited in claim 1, wherein the resource comprises at least one of content or characteristics within the foreground window. 6. The method as recited in claim 1, further comprising informing a file security system with respect to the destination address being accessed by the process such that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process in response to the informing. 7. The method as recited in claim 6, wherein the process is associated with a network browser operating on the computer system. 8. The method as recited in claim 7, wherein the examining comprises: determining whether the process is associated with a network browser operating on the computer system; andexamining the resource being displayed in the foreground window of the network browser to determine the destination address. 9. The method as recited in claim 8, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system. 10. A computer-readable medium having stored thereon, computer program code that, if executed by a device, causes the device to identify a destination address configured to be accessed by a window for a process operating on a computer system by a method, the method comprising: determining a foreground window for the process, wherein the process is associated with the computer system;examining a resource within the foreground window to determine a destination address that is configured to be accessed by the process, wherein the destination address is external with respect to the computer system; anddetermining, by the computer system, whether the process is a pre-approved process based at least on the destination address and a process identifier of the process, in order to ascertain permissions for transmission of unsecured files for the process. 11. The computer-readable medium as recited in claim 10, wherein the examining comprises: determining whether the process is associated with a network browser operating on the computer system; andexamining the resource being displayed in the foreground window of the network browser to determine the destination address. 12. The computer-readable medium as recited in claim 10, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system. 13. The computer-readable medium as recited in claim 10, further comprising informing a file security system with respect to the destination address being accessed by the process such that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process in response to the informing. 14. The computer-readable medium as recited in claim 13, wherein the process is associated with a network browser operating on the computer system. 15. The computer-readable medium as recited in claim 14, wherein the examining comprises: determining whether the process is associated with a network browser operating on the computer system; andexamining the resource being displayed in the foreground window of the network browser to determine the destination address. 16. The computer-readable medium as recited in claim 15, wherein the destination address is separately determined for each of a plurality of separate processes operating on the computer system. 17. An address identification system comprising: a processor; anda memory coupled to the processor and configured to store instructions that in response to execution by the processor, cause the processor to invoke an address identifier monitor configured to identify a destination address configured to be accessed by a window for a process operating on a computer system, wherein the process is associated with the computer system, wherein the address identifier monitor comprises:a foreground window monitor configured to determine a foreground window for a process;a resource examiner configured to examine a resource within the foreground window to determine a destination address that is being accessed by the process having a process identifier, wherein the destination address is external with respect to the computer system; anda determining module configured to determine, based at least on the destination address and the process identifier, whether the process is a pre-approved process, in order to ascertain permissions for transmission of unsecured files for the process. 18. The system as recited in claim 17, wherein the resource examiner is further configured to: determine that the process pertains to a network browser operating on the computer system; andexamine the resource being displayed in the foreground window of the network browser to determine the destination address that is being accessed by the network browser. 19. The system as recited in claim 17, wherein the address identifier monitor is further configured to separately identify destination addresses for each of a plurality of separate processes operating on the computer system. 20. The system as recited in claim 17, wherein the address identifier monitor is further configured to inform a file security system about the destination address being or to be accessed by the process so that the file security system can restrict files accessible to the computer system from being transmitted to destinations that are not pre-approved via the process.
Copyright KISTI. All Rights Reserved.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.