SETTING DEFAULT SECURITY FEATURES FOR USE WITH WEB APPLICATIONS AND EXTENSIONS

US 20130117807A1
Filed: 03/06/2012
Published: 05/09/2013
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing default security features for applications, comprising:

receiving a request to include a web application or a browser extension in a digital marketplace;

determining if the web application or the browser extension conforms to default security features;

allowing a developer to override one of the default security features if the developer declares the override in the request;

labeling the override with a risk level;

storing the override and the label in a database of a server; and

including the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.

Citations

20 Claims

1. A computer-implemented method for implementing default security features for applications, comprising:
- receiving a request to include a web application or a browser extension in a digital marketplace;
  
  determining if the web application or the browser extension conforms to default security features;
  
  allowing a developer to override one of the default security features if the developer declares the override in the request;
  
  labeling the override with a risk level;
  
  storing the override and the label in a database of a server; and
  
  including the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16)
- - 2. The computer-implemented method of claim 1, wherein the default security features include a prohibition against running in-line script on web pages.
  - 3. The computer-implemented method of claim 1, wherein the default security features include a limit on an ability of the web application or the browser extension to run a predetermined JavaScript function.
  - 4. The computer-implemented method of claim 1, further comprising:
    - displaying a notification related to the override prior to allowing a user to download the web application or the browser extension from the digital marketplace.
  - 5. The computer-implemented method of claim 1, further comprising:
    - allowing the developer to override one of the default security features if the developer receives permission from a curator of the digital marketplace.
  - 6. The computer-implemented method of claim 1, wherein the default security features apply to features of standard web technologies.
  - 7. The computer-implemented method of claim 1, further comprising:
    - evaluating, using a set of criteria, a request from the developer to override one of the default security features.
  - 8. The method of claim 1, wherein the default security feature is a restriction against a predetermined JavaScript function.
  - 9. The computer-implemented method of claim 1, further comprising:
    - evaluating, using a set of criteria, a request from a developer to bypass the default security feature.
  - 10. The computer-implemented method of claim 1, further comprising:
    - receiving, at the server, an explicit declaration of the override from the developer of the web application or the browser extension.
  - 11. The computer-implemented method of claim 1, wherein the web application is a packaged web application that may be executed locally on a computing device without access to a network.
  - 13. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - limit an ability of the web application or the browser extension to run a predetermined JavaScript function.
  - 14. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - allow the developer to override one of the default security features if the developer receives permission from a curator of the digital marketplace.
  - 15. The non-transitory computer-readable storage medium of claim 13, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - display a notification related to the override prior to allowing a user to download the web application or the browser extension from the digital marketplace.
  - 16. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - evaluate the request from the developer to override one of the default security features.

12. A non-transitory computer-readable storage medium having recorded and stored thereon instructions that, when executed by a processor of a computer system cause the computer system to:
- receive a request to include a web application or a browser extension in a digital marketplace;
  
  determine if the web application or the browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages;
  
  allow a developer to override one of the default security features if the developer declares the override in the request;
  
  label the override with a risk level;
  
  store the override and the label in a database of server; and
  
  include the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.

17. A system comprising:
- a memory configured to store executable code; and
  
  a processing device operably coupled to the memory, the processor configured to execute the code to;
  
  receive a request to include a web application or a browser extension in a digital marketplace;
  
  determine if the web application or the browser extension conforms to default security features;
  
  allow an override of one of the default security features if the override is declared in the request;
  
  label the override with a risk level;
  
  store the override and the label in a database of a server; and
  
  include the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the default security features include a prohibition against running in-line script on web pages.
  - 19. The system of claim 17, wherein the default security features include a limit on an ability of the web application or the browser extension to run a predetermined JavaScript function.
  - 20. The system of claim 17, wherein the web application is a packaged web application that may be executed locally on a computing device without access to a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Kay, Erik, Barth, Adam

Granted Patent

US 8,566,901 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/51   at application loading time...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/60   Protecting data

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/61   Installation

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

SETTING DEFAULT SECURITY FEATURES FOR USE WITH WEB APPLICATIONS AND EXTENSIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SETTING DEFAULT SECURITY FEATURES FOR USE WITH WEB APPLICATIONS AND EXTENSIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links