ACCESSING NETWORK RESOURCES OUTSIDE A SECURITY BOUNDARY
First Claim
1. At a computer system connected to a network, the computer system including a host environment with a network based application running inside a security boundary of the host environment, an originating computer system and one or more other external computer systems also being connected to the network, the originating computer system and one or more other computer systems being outside of the security boundary, the network based application having been received from the originating computer system, a method for making a network access decision for the network based application, the method comprising:
- an act of receiving a network access request from the network based application running inside the security boundary, the network access request requesting network access be implemented to one of the external computer systems outside of the security boundary;
an act of accessing network security policies that control network access to the external computer systems, the network security policies configured to make a network access decision for the network access request based on network access information corresponding to the network access request;
an act of accessing network access information associated with the network access request, the network access information including at least one property of a setting for the computer system and at least one property of the network access request;
an act of applying the network security polices to the network access information to make a network access decision for the received network access request; and
an act of returning the network access decision to the network based application to indicate to the network based application whether or not the network based application is permitted to implement the requested network access to the external computer system outside of the security boundary.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for accessing network resources outside a security boundary. The present invention can provide a modules running within a security boundary (e.g., sandboxed client-side scripts) access to network resources at computer systems other than the computer system where the module originated. When network access is permitted, the properties of network request can be adjusted so that security information of the client system and the originating computer system for the module are not divulged. Thus, a module can obtain content for inclusion in a Web page from third party servers in a more secure meaner. Network e access decisions can be made based on ambient data already accessible to a host environment such that network access decisions can be made in a more automated manner.
-
Citations
20 Claims
-
1. At a computer system connected to a network, the computer system including a host environment with a network based application running inside a security boundary of the host environment, an originating computer system and one or more other external computer systems also being connected to the network, the originating computer system and one or more other computer systems being outside of the security boundary, the network based application having been received from the originating computer system, a method for making a network access decision for the network based application, the method comprising:
-
an act of receiving a network access request from the network based application running inside the security boundary, the network access request requesting network access be implemented to one of the external computer systems outside of the security boundary; an act of accessing network security policies that control network access to the external computer systems, the network security policies configured to make a network access decision for the network access request based on network access information corresponding to the network access request; an act of accessing network access information associated with the network access request, the network access information including at least one property of a setting for the computer system and at least one property of the network access request; an act of applying the network security polices to the network access information to make a network access decision for the received network access request; and an act of returning the network access decision to the network based application to indicate to the network based application whether or not the network based application is permitted to implement the requested network access to the external computer system outside of the security boundary. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At a computer system connected to a network, the computer system including a Web browser with a Web based application running inside a security boundary of the Web browser, an originating computer system and one or more other external computer systems also being connected to the network, the originating computer system and one or more other computer systems being outside of the security boundary, the Web based application having been received from the originating computer system, a method for implementing network access from the Web based application inside the security boundary to one of the external computer systems outside of the security boundary, the method comprising:
-
an act of receiving a network access request from the Web based application running inside the security boundary, the network access request requesting that a network access be implemented to one of the external computer systems outside of the security boundary; an act of accessing network security policies that control network access to the external computer systems, the network security policies configured to make a network access decision for the network access request based on network access information associated with the network access request; an act of accessing network access information associated with the network access request, the network access information including at least one property of a setting for the Web browser and at least one property of the network access request; an act of applying the network security polices to the network access information to determine that the requested network access is to be permitted; an act of permitting network communication from the Web based application running inside the security boundary to the external computer system outside of the security boundary such that the Web based application can retrieve content from the external computer system notwithstanding that the Web based application was received from the originating computer system; and an act of indicating to the Web based application that network access to the external computer system has been permitted. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. At a computer system connected to a network, the computer system including a Web browser with a Web based application running inside a security boundary of the Web browser, an originating computer system and one or more other external computer systems also being connected to the network, the originating computer system and the one or more other computer systems being outside of the security boundary, the Web based application having been received from the originating computer system, a method for implementing network access from the Web based application inside the security boundary to one of the external computer systems outside of the security boundary, the method comprising:
-
an act of sending a Web page request to the originating computer system; an act of receiving a Web page from the originating computer system in response to the Web page request, the Web page including a Web based application configured to provide at least a portion of the content for the Web page; an act of running the Web based application inside a security boundary of the Web browser; an act of the Web based application running inside the security boundary sending a network access request, the network access request requesting network access be implemented to one of the external computer systems outside of the security boundary; an act of receiving an indication that network access to the external computer system outside of the security boundary has been permitted; and an act of the Web based application running inside the security boundary retrieving content from the external computer system outside of the security boundary for inclusion in the Web page notwithstanding that the Web based application was received from the originating computer system. - View Dependent Claims (17, 18, 19, 20)
-
Specification