Protection and communication abstractions for web browsers
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-012/859
G06F-021/53
G06F-009/455
H04L-029/06
출원번호
US-0762900
(2007-06-14)
등록번호
US-10019570
(2018-07-10)
발명자
/ 주소
Wang, Jiahe Helen
Fan, Xiaofeng
Jackson, Collin Edward
Howell, Jonathan Ryan
Xu, Zhenbin
출원인 / 주소
Microsoft Technology Licensing, LLC
대리인 / 주소
Singh Law, PLLC
인용정보
피인용 횟수 :
0인용 특허 :
143
초록▼
Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management co
Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.
대표청구항▼
1. A system comprising at least one processor coupled to a non-transitory computer-readable storage medium storing instructions executable by the at least one processor to implement: a browser configured to integrate first content from a first server associated with a first domain with second conten
1. A system comprising at least one processor coupled to a non-transitory computer-readable storage medium storing instructions executable by the at least one processor to implement: a browser configured to integrate first content from a first server associated with a first domain with second content comprising restricted content from a second server associated with a second domain different from the first domain;a resource management component, at the browser, configured to provide a sandbox for the second content comprising the restricted content, wherein the resource management component is further configured to prevent the restricted content from directly accessing the first content from the first server associated with the first domain and yet allow the restricted content to communicate with the first content from the first server associated with the first domain using a messaging function implemented using browser-side communication across domains using a port-based naming scheme; andwherein, the browser is further configured to isolate third content from a third server via a browser-side abstraction, different from the sandbox, and wherein the browser-side abstraction is configured to display at least a portion of the third content. 2. The system of claim 1, wherein the sandbox is implemented using hypertext markup language (HTML) and a resource containment functionality provided by the browser. 3. The system of claim 1, wherein the sandbox is configured to allow the first content to access the second content contained in the sandbox. 4. The system of claim 1, wherein the browser is configured to allow a web application to create a new popup window. 5. The system of claim 1, wherein the restricted content comprises a script. 6. The system of claim 1, wherein the resource management component is further configured to provide a second sandbox for a third content, wherein the second sandbox is nested within the sandbox. 7. The system of claim 1, wherein the first content further comprises untrusted user input, and wherein the resource management component is further configured to contain the untrusted user input in the sandbox. 8. A method implemented by at least one processor, the method comprising: obtaining content, via a browser, comprising restricted content from a server;at the browser, providing a sandbox for the content comprising the restricted content;using a browser-side resource management component, preventing the restricted content from directly accessing any non-sandboxed content and yet allowing the restricted content to communicate with the non-sandboxed content using a messaging function implemented using browser-side communication; andusing a browser-side abstraction, different from the sandbox, isolating additional content obtained via the browser, wherein the browser-side abstraction is configured to display at least a portion of the additional content. 9. The method of claim 8 further comprising implementing the sandbox using hypertext markup language (HTML) and a corresponding resource containment functionality. 10. The method of claim 8, wherein the restricted content comprises a script. 11. The method of claim 8, wherein the sandbox is enclosed within a browser page. 12. The method of claim 8, further comprising the browser allowing a web application to create a new popup window. 13. The method of claim 8 further comprising providing a second sandbox for a second content different from the content. 14. The method of claim 8, wherein the content further comprises untrusted user input, and wherein the method further comprising containing the untrusted user input in the sandbox. 15. A non-transitory computer-readable medium storing instructions executable by a processor to: obtain content, via a browser, comprising a first restricted content and a second restricted content from a server; andat the browser, provide a first sandbox for the first restricted content and provide a second sandbox for the second restricted content, wherein each of the first sandbox and the second sandbox is implemented using hypertext markup language (HTML) and a resource containment functionality provided by the browser;using a browser-side resource management component: (1) prevent the first restricted content from directly accessing the second restricted content and yet allow the first restricted content to communicate with the second restricted content using a messaging function implemented using a port-based naming scheme and prevent the second restricted content from directly accessing the first restricted content and yet allow the second restricted content to communicate with the first restricted content using the messaging function implemented using the port-based naming scheme; andusing a browser-side abstraction, wherein the browser-side abstraction is different from the sandbox, isolate additional content obtained via the browser, wherein the browser-side abstraction is configured to display at least a portion of the additional content. 16. The non-transitory computer-readable medium of claim 15, wherein the content further comprises untrusted user input, and wherein the non-transitory computer-readable medium further comprising instructions executable by the processor to contain the untrusted user input in the sandbox. 17. The non-transitory computer-readable medium of claim 15, wherein the content further comprises a reply to a search query directed to a web server, and wherein the non-transitory computer-readable medium further comprising instructions executable by the processor to contain the reply to the search query in the sandbox. 18. The non-transitory computer-readable medium of claim 15, wherein the content further comprises a user profile comprising a script for a social networking website, and wherein the non-transitory computer-readable medium further comprising instructions executable by the processor to contain at least the script for the social networking website in the sandbox. 19. The non-transitory computer-readable medium of claim 15, wherein the first restricted content comprises untrusted user input, and wherein the non-transitory computer-readable medium further comprising instructions executable by the processor to contain the untrusted user input in the first sandbox. 20. The non-transitory computer-readable medium of claim 15, wherein the second restricted content comprises a script, and wherein the non-transitory computer-readable medium further comprising instructions executable by the processor to contain the script in the second sandbox.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (143)
Cornelius, Richard D.; Stepniczka, Andreas; Chu, Kevin, Account settlement and financing in an e-commerce environment.
Ansell, Steven T.; Cherenson, Andrew R.; Rishniw, Leon; Cannon, Susan A.; Allard, Edward J.; Brownell, Jason S.; Stroud, Micah, Adaptable security mechanism for preventing unauthorized access of digital data.
Jerger Michael S. ; Bisset Jeffrey A. ; Sinclair Craig T. ; Toutonghi Michael J., Administering permissions associated with a security zone in a computer system security model.
Hind John Raithel ; Lindquist David Bruce ; Nanavati Pratik Biharilal ; Tan Yih-Shin ; Wesley Ajamu Akinwunmi, Applet redirection for controlled access to non-orginating hosts.
Frezza William A. (Warminster PA) Conover Richard D. (Richboro PA) Kaufman David (Torrance CA), Bootstrap channel security arrangement for communication network.
Hailpern Brent Tzion ; Malkin Peter Kenneth ; Schloss Robert Jeffrey ; White Steve R. ; Yu Philip Shi-Lung ; Palmer Charles Campbell, Collaborative server processing of content and meta-information with application to virus checking in a server network.
Stammers,Soren; Band,Jamie A.; Sadler,Andrew P.; Patterson,Andrew J., Component installer permitting interaction among isolated components in accordance with defined rules.
Ehrsam William F. (Kingston NY) Elander Robert C. (Saugerties NY) Hollis Lloyd L. (Cary NC) Lennon Richard E. (Woodstock NY) Matyas Stephen M. (Poughkeepsie NY) Meyer Carl H. W. (Kingston NY) Oseas J, Cryptographic communication security for multiple domain networks.
Valente, Luis Filipe Pereira; Cooper, Geoffrey Howard; Shaw, Robert Allen; Sherlock, Kieran Gerard, Declarative language for specifying a security policy.
Michael S. Jerger ; Jeffrey A. Bisset ; Craig T. Sinclair ; Michael J. Toutonghi, Directional set operations for permission based security in a computer system.
Wood, David L.; Weschler, Paul; Norton, Derk; Ferris, Chris; Wilson, Yvonne; Soley, William R., Log-on service providing credential level change without loss of session continuity.
Moreh, Jahanshah; Olkin, Terry Michael; Bruns, Logan O'Sullivan; Perrin, Trevor Scott, METHOD AND SYSTEM OF FEDERATED AUTHENTICATION SERVICE FOR INTERACTING BETWEEN AGENT AND CLIENT AND COMMUNICATING WITH OTHER COMPONENTS OF THE SYSTEM TO CHOOSE AN APPROPRIATE MECHANISM FOR THE SUBJECT.
Barnes, Brian C.; Strongin, Geoffrey S.; Schmidt, Rodney W., Memory management system and method for providing physical address based memory access security.
Swanson Jim A. (Dallas/Fort Worth Airport TX), Method and apparatus for developing scripts that access mainframe resources that can be executed on various computer sys.
Magee James Michael ; Rawson ; III Freeman Leigh ; Sotomayor ; Jr. Guy Gil, Method and apparatus for management of mapped and unmapped regions of memory in a microkernel data processing system.
Russell William C. (Laguna Hills CA) Kalwitz George A. (Costa Mesa CA) Barrett Lorraine F. (Yorba Linda CA), Method and apparatus for remotely altering programmable firmware stored in an interactive network board coupled to a net.
Oliver,Jonathan J.; Koblas,David A.; Wilson,Brian K., Method and system for classifying a message based on canonical equivalent of acceptable items included in the message.
Kalantar, Michael Husayn; Merwah, Rahul Kumar; Tracey, John Michael, Method and system for cross-domain service invocation using a single data handle associated with the stored common data and invocation-specific data.
Eilbott, Seth Aaron; Rodriguez, Jeffrey Edward; Walker, Michael John, Method for prefetching external resources to embedded objects in a markup language data stream.
Fletcher,James Corvin; Kaminsky,David Louis; Kessler,Carl Shawn, Method, system and apparatus for selecting encryption levels based on policy profiling.
Buchthal,David Michael; Forschler,Lucas Jason; Gallagher,Thomas Patrick; Loisey,Christophe Rene; Pullen,Walter David; Turski,Andrzej, Method, system, and computer-readable medium for filtering harmful HTML in an electronic document.
Howard, Michael; Brown, Don L.; Clark, Quentin J.; Dillingham, Lara N.; Meijer, Ronald; Multerer, Boyd C.; Sellers, Timothy D., Methods and apparatus for synchronizing access control in a web server.
Marolia,Sunil; Chia,Teck; Dinh,John D. V.; Soberano,Vincent P.; Hamasaki, Jr.,Glenn; Gustafson,James P.; Pakarinen,Toni; Jacobi,Sidney A., Mobile services network for update of firmware/software in mobile handsets.
Lewis Robert W. ; Tanner Matthew A. ; Walker Timothy K., Object-oriented computer program, system, and method for developing control schemes for facilities.
Slaughter,Gregory L.; Saulpaugh,Thomas E.; Traversat,Bernard A.; Abdelaziz,Mohamed M., Remote function invocation with messaging in a distributed computing environment.
Davis, Mark C.; Hind, John R.; Peters, Marcia L.; Topol, Brad B., Selective data encryption using style sheet processing for decryption by a group clerk.
Magee James Michael ; Rawson ; III Freeman L. ; Youngworth Christopher Dean, Shared memory support method and apparatus for a microkernel data processing system.
Hinton, Heather Maria; Moran, Anthony Scott; Falola, Dolapo Martin; Milman, Ivan Matthew; Wardrop, Patrick Ryan, Specializing support for a federation relationship.
Hartrick Thomas V. (Gaithersburg MD) Higgins Patricia E. (Gaithersburg MD) Sabia Nicholas J. (Silver Spring MD), Structured document tags invoking specialized functions.
Ptacek, Thomas Henry; Newsham, Timothy Nakula; Friedrichs, Oliver, System and method for building an executable script for performing a network security audit.
Srivastava,Biplav; Nanavati,Amit A.; Batra,Vishal S; Bhide,Manish A; Kamesam,Pasumarti V, System and method for dynamic exception handling using an external exception handler.
Brender Ronald F. (Hollis NH) Iles Michael V. (Basingstoke GB2), System and method for jacketing cross-domain calls in a multi-code execution and debugging system within a multi-archite.
Notani Ranjit N. ; Mayer John E., System and process for inter-domain planning analysis and optimization using model agents as partial replicas of remote.
Bodin William Kress (Boca Raton FL) Hyde David Michael (Boca Raton FL) Lay Tatchi Placido (Boca Raton FL) Wilkinson James (Southampton GBX) Yee Susan (Coral Springs FL), System for locking down part of portion of memory and updating page directory with entry corresponding to part of portio.
Berger David A. ; Weber Jay C. ; Madapurmath Vilas I., System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible archite.
Green,Jeffrey; Gartside,Paul N; Bolin,Chris, Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.