Secure Runtime Execution of Web Script Content on a Client

US 20090183227A1
Filed: 05/09/2008
Published: 07/16/2009
Est. Priority Date: 01/11/2008
Status: Abandoned Application

First Claim

Patent Images

1. A system for evaluating a web script content of a content holder, said content holder comprises a web page, said system comprising:

a remote memory area for storing policies, each of said policies defining an execution boundary of the web script content on a server, said execution boundary defining resource access and execution behaviors of the web script content on the server;

a client device;

a local memory accessible by the client device for storing a copy of the policies from the remote memory area;

an application executed on the client device for providing online content of the content holder on a display on the client device;

wherein the application is configured to execute computer-executable instructions for;

identifying the web script content of the content holder in response to providing the online content, said identified web script content being configured to issue an execution invocation to interact with other portions of the online content without receiving an explicit instruction from a user to grant such interaction with the other portions of the online content;

intercepting the issued execution invocation from the identified web script content;

identifying parameters included in the intercepted execution invocation, said identified parameters requesting resources from the application or the client device for interacting with the other portions of the online content;

evaluating the identified parameters against the execution boundary of each of the policies stored in the local memory and the other portions of the online content in the content holder; and

providing to the application a dynamic resolution in response to the evaluated parameters; and

a display of the client device for displaying the provided dynamic resolution.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method for ensuring security of online content on a client device. Online content is rendered on a display on the client device and the client device stores one or more policies each defining an execution boundary of a web script content. The execution boundary defines resource access of the web script content, and the web script content is configured to issue an execution invocation to interact with other portions of the online content. The issued execution invocation is intercepted and parameters included in the intercepted execution invocation are identified. The identified parameters request resources from an application or the client device for interacting with the other portions of the online content. The identified parameters are evaluated against the execution boundary of each of the policies stored in the client device. A dynamic resolution is provided to the web script content in response to the evaluating.

131 Citations

View as Search Results

20 Claims

1. A system for evaluating a web script content of a content holder, said content holder comprises a web page, said system comprising:
- a remote memory area for storing policies, each of said policies defining an execution boundary of the web script content on a server, said execution boundary defining resource access and execution behaviors of the web script content on the server;
  
  a client device;
  
  a local memory accessible by the client device for storing a copy of the policies from the remote memory area;
  
  an application executed on the client device for providing online content of the content holder on a display on the client device;
  
  wherein the application is configured to execute computer-executable instructions for;
  
  identifying the web script content of the content holder in response to providing the online content, said identified web script content being configured to issue an execution invocation to interact with other portions of the online content without receiving an explicit instruction from a user to grant such interaction with the other portions of the online content;
  
  intercepting the issued execution invocation from the identified web script content;
  
  identifying parameters included in the intercepted execution invocation, said identified parameters requesting resources from the application or the client device for interacting with the other portions of the online content;
  
  evaluating the identified parameters against the execution boundary of each of the policies stored in the local memory and the other portions of the online content in the content holder; and
  
  providing to the application a dynamic resolution in response to the evaluated parameters; and
  
  a display of the client device for displaying the provided dynamic resolution.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein the application provides the dynamic resolution as at least one of the following:
    - granting the execution invocation if the requested resource can be executed within the execution boundary, denying the execution invocation if the requested resource cannot be executed within the execution boundary, and augmenting the execution invocation before granting the execution invocation.
  - 3. The system of claim 1, wherein the client device further monitors execution activities of the application, said execution activities comprising at least one of the following:
    - activities between the provided dynamic resolution and the other portions of the online content, activities between the provided dynamic resolution and the web script content of the online content, activities between the provided dynamic resolution and the user, and activities between the provided dynamic resolution, the web script content, and the application, and wherein the client device further transmits at least a portion of the monitored execution activities to a server for storage.
  - 4. The system of claim 3, wherein the client device measures metrics representing a quality of service from the stored execution behavior, and wherein the client device provides the measured metrics to a content provider of the online content.
  - 5. The system of claim 1, wherein the client further instantiates one or more instances of the application, and wherein each of the one or more instances of the application further instantiates one or more instances of the web script content for processing.
  - 6. The system of claim 5, wherein the application is configured to intercept an issued execution invocation from each of the one or more instantiated instances of the web script content for a resource of the application or the client device.
  - 7. The system of claim 1, wherein the application is further configured to modify the execution invocation from the web script content in response to the evaluating, said modifying the execution invocation comprising at least one of the following:
    - rewriting the execution invocation such that the execution invocation is within the execution boundary based on the policies, replacing the execution invocation with another execution invocation before providing a substitute or an additional resolution in response to the another execution invocation, and requesting a user input from a user for granting or denying the execution invocation.

8. A method for ensuring security of online content on a client device, said method comprising:
- rendering online content on a display on the client device, wherein the client device stores one or more policies, each of the one or more stored policies defining an execution boundary of a web script content, said execution boundary defining resource access of the web script content, said web script content being configured to issue an execution invocation to interact with other portions of the online content without receiving an explicit instruction from a user to grant such interaction with the other portions of the online content;
  
  intercepting the issued execution invocation from the web script content in the online content;
  
  identifying parameters included in the intercepted execution invocation, said identified parameters requesting resources from an application or the client device for interacting with the other portions of the online content;
  
  evaluating the identified parameters against the execution boundary of each of the policies stored in the client device and the other portions of the online content; and
  
  providing to the web script content a dynamic resolution in response to the evaluating.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein the dynamic resolution comprises at least one of the following:
    - granting the execution invocation if the requested resource can be executed within the execution boundary, denying the execution invocation if the requested resource cannot be executed within the execution boundary, and augmenting the execution invocation before granting the execution invocation.
  - 10. The method of claim 8, further comprising monitoring execution activities of at least one of the following:
    - activities between the provided dynamic resolution and the other portions of the online content, activities between the provided dynamic resolution and the web script content of the online content, activities between the provided dynamic resolution and the user, and activities between the provided dynamic resolution, the web script content, and the application, and further comprising transmitting at least a portion of the monitored execution activities to a server for storage.
  - 11. The method of claim 10, further comprising measuring metrics representing a quality of service from the monitored execution activities and further comprising providing the measured metrics to a content provider of the online content.
  - 12. The method of claim 8, further instantiating one or more instances of the web script content, wherein each of the instantiated one or more instances of the web script content has an independent and separate execution boundary.
  - 13. The method of claim 12, wherein the intercepting comprises intercepting an issued execution invocation from each of the one or more instantiated instances of the web script content for a resource of the application or the client device.
  - 14. The method of claim 8, further comprising modifying the execution invocation from the web script content in response to the evaluating, said modifying the execution invocation comprises at least one of the following:
    - transforming the execution invocation such that the execution invocation is within the execution boundary based on the policies, replacing the execution invocation with another execution invocation before providing a substitute or an additional resolution in response to the another execution invocation, and requesting a user input from a user for granting or denying the execution invocation.

15. A method for ensuring security of online content on a client device, said method comprising:
- rendering online content on a display on the client device, wherein the client device stores one or more policies, each of the one or more stored policies defining an execution boundary of a web script content, said execution boundary defining resource access of the web script content, said web script content being configured to issue an execution invocation to interact with other portions of the online content without receiving an explicit instruction from a user to grant such interaction with the other portions of the online content;
  
  intercepting the issued execution invocation from the web script content in the online content;
  
  identifying parameters included in the intercepted execution invocation, said identified parameters requesting resources from an application or the client device for interacting with the other portions of the online content;
  
  evaluating the identified parameters against the execution boundary of each of the policies stored in the client device and the other portions of the online content;
  
  providing to the web script content a dynamic resolution in response to the evaluating; and
  
  receiving a feedback from the user in response to the provided dynamic resolution.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising monitoring execution activities of at least one of the following:
    - activities between the provided dynamic resolution and the other portions of the online content, activities between the provided dynamic resolution and the web script content of the online content, activities between the provided dynamic resolution and the user, and activities between the provided dynamic resolution, the web script content, and the application.
  - 17. The method of claim 16, further comprising measuring metrics representing a quality of service from the monitored execution activities, and further comprising transmitting at least a portion of the measured metrics to a server for storage.
  - 18. The method of claim 17, further comprising transmitting the received feedback and the measured metrics to one of the following:
    - a content provider of the web script content and a content provider of the online content.
  - 19. The method of claim 15, wherein the dynamic resolution comprises at least one of the following:
    - granting the execution invocation if the requested resource can be executed within the execution boundary, denying the execution invocation if the requested resource cannot be executed within the execution boundary, augmenting the execution invocation before granting the execution invocation, replacing the execution invocation with another execution invocation before providing a substitute resolution in response to the another execution invocation, transforming the execution invocation such that the execution invocation is within the execution boundary based on the defined policy, and requesting a user input from a user for granting or denying the execution invocation.
  - 20. The method of claim 15, further instantiating one or more instances of the web script content, wherein each of the instantiated one or more instances of the web script content has an independent and separate execution boundary, and wherein the intercepting comprises intercepting an issued execution invocation from each of the one or more instantiated instances of the web script content for a resource of the application or the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Yolleck, Stephen Mark, Isaacs, Scott, Logan, Ronald Keith

Application Number

US12/118,333
Publication Number

US 20090183227A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 2221/2119   Authenticating web pages, e...

G06F 9/451   Execution arrangements for ...

G06F 9/468   Specific access rights for ...

Secure Runtime Execution of Web Script Content on a Client

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

131 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Runtime Execution of Web Script Content on a Client

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

131 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links