Apparatus, method and system for providing network security for executable code in computer and communications networks

US 6,058,482 A
Filed: 05/22/1998
Issued: 05/02/2000
Est. Priority Date: 05/22/1998
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing network security for executable code, the system comprising:

a network interface coupleable to a network communications channel for the reception and transmission of network information;

a processor coupled to the network interface, the processor responsive when operative, through a set of program instructions, to determine whether the network information includes a first network language keyword;

when the network information includes the first network language keyword, the processor further responsive to generate a first distinctive reference to a first corresponding executable code, and to provide, for transmission by the network interface, the network information in which the first network language keyword incorporates the first distinctive reference; and

when the first network language keyword incorporating the first distinctive reference is invoked, the processor further responsive to provide, for transmission by the network interface, the first corresponding executable code; and

a memory coupled to the processor for storing the first corresponding executable code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus, method and system are disclosed for providing network security for executable code in computer and communications networks, such as providing network security for downloadable and executable Java programming language bytecode. The preferred apparatus embodiment includes a network interface for the reception and transmission of network information, such as an interactive world wide web page; and includes a processor having program instructions to determine whether network information includes a network language keyword, such as a Java applet. When the network information includes such a network language keyword, the processor includes further instructions is further responsive to generate the network language keyword having a distinctive reference to corresponding executable code, such as a distinctive Java class name, and to provide, for transmission by the network interface, the network information in which the network language keyword incorporates the distinctive reference. When the network language keyword incorporating the distinctive reference is invoked, the processor includes further instructions to provide, for downloading by the network interface, the corresponding executable code. The preferred apparatus embodiment is within a network server, and may also include a memory system for storage of the corresponding executable code.

Citations

19 Claims

1. A system for providing network security for executable code, the system comprising:
- a network interface coupleable to a network communications channel for the reception and transmission of network information;
  
  a processor coupled to the network interface, the processor responsive when operative, through a set of program instructions, to determine whether the network information includes a first network language keyword;
  
  when the network information includes the first network language keyword, the processor further responsive to generate a first distinctive reference to a first corresponding executable code, and to provide, for transmission by the network interface, the network information in which the first network language keyword incorporates the first distinctive reference; and
  
  when the first network language keyword incorporating the first distinctive reference is invoked, the processor further responsive to provide, for transmission by the network interface, the first corresponding executable code; and
  
  a memory coupled to the processor for storing the first corresponding executable code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The system of claim 1, wherein the processor is further responsive, when the network information has a plurality of network language keywords, to generate a plurality of respective, distinctive references to a corresponding executable code;
    - to provide, for transmission by the network interface, the network information in which each network language keyword of the plurality of network language keywords incorporates a respective, distinctive reference; and
      
      the processor further responsive, when a network language keyword incorporating a respective, distinctive reference is invoked, to provide, for transmission by the network interface, the corresponding executable code.
  - 3. The system of claim 2 wherein the processor is further responsive to generate multiple pluralities of network language keywords, each plurality of the multiple pluralities of network language keywords corresponding to a separate request for network information, and wherein each network language keyword of each plurality of network language keywords includes a respective, distinctive reference to a corresponding executable code.
  - 4. The system of claim 1 wherein the requested network information is a world wide web page, wherein the first network language keyword is an applet tag, wherein the first distinctive reference is a Java class name, and wherein the first corresponding executable code is Java programming language bytecode.
  - 5. The system of claim 1 wherein the system is embodied with a server.
  - 6. The system of claim 1 wherein the first network language keyword is an object tag.
  - 7. The system of claim 1 wherein the first network language keyword is an HTML keyword.
  - 8. The system of claim 1 wherein the first network language keyword is a scripting language keyword.
  - 9. The system of claim 1 wherein the processor further executes instructions to randomly generate the first distinctive reference.
  - 10. The system of claim 9 wherein the first network language keyword is an object tag.
  - 11. The system of claim 9 wherein the first network language keyword is an HTML keyword.
  - 12. The system of claim 9 wherein the first network language keyword is a scripting language keyword.
  - 13. The system of claim 1 wherein the processor further executes instructions to select the first distinctive reference from a set of predetermined distinctive references.
  - 14. The system of claim 13 wherein the first network language keyword is an object tag.
  - 15. The system of claim 13 wherein the first network language keyword is an HTML keyword.
  - 16. The system of claim 13 wherein the first network language keyword is a scripting language keyword.

17. A method of providing dynamic class naming for Java bytecode, the method comprising:
- (a) receiving a request for a web page;
  
  (b) determining whether the web page includes a first applet tag;
  
  (c) in response to the presence of the first applet tag, generating a first distinctive applet class name for the first applet tag and storing first corresponding Java bytecode having the first distinctive applet class name;
  
  (d) in response to the presence of a plurality of applet tags, generating a corresponding distinctive applet class name for each applet tag of the plurality of applet tags, and storing a corresponding plurality of Java bytecode each having its corresponding distinctive applet class name;
  
  (e) providing the web page in which all applet tags include their corresponding distinctive applet class names; and
  
  (f) when any applet tag incorporating its corresponding distinctive class name is invoked, providing the corresponding Java bytecode.

18. An apparatus for dynamic class naming for Java bytecode, the apparatus comprising:
- means for receiving a request for a web page;
  
  means for determining whether the web page includes a first applet tag;
  
  means for generating, in response to the first applet tag, a first distinctive applet class name for the first applet tag;
  
  memory means for storing first corresponding Java bytecode having the first distinctive applet class name;
  
  means for generating, in response to a plurality of applet tags, a corresponding distinctive applet class name for each applet tag of the plurality of applet tags;
  
  memory means for storing a corresponding plurality of Java bytecode each having its corresponding distinctive applet class name;
  
  means for providing the web page in which all applet tags have their corresponding distinctive applet class names; and
  
  means for providing the corresponding Java bytecode when any applet tag incorporating its corresponding distinctive class name is invoked.

19. A system for dynamic class naming for Java bytecode, the system comprising:
- a local end system, the local end system responsive through a set of program instructions, when operative, to transmit a request for a web page and to invoke an applet tag; and
  
  a remote server coupleable through a network to the local end system, the remote server, responsive through a set of program instructions, when operative, to receive a request for a web page and to determine whether the web page includes an applet tag;
  
  in response to the presence of the applet tag, the remote server further responsive to generate a distinctive applet class name for the applet tag and to corresponding Java bytecode having the distinctive applet class name;
  
  the remote server further responsive to provide the web page to the local end system in which the applet tag includes the distinctive applet class names, and to provide the corresponding Java bytecode in response to an invocation by the local end system of the applet tag incorporating the distinctive class name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Liu, James C.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/084,444
Time in Patent Office

711 Days
Field of Search

713/201, 713/151, 713/164, 713/165, 713/166, 713/167, 713/190, 713/193, 713/200
US Class Current

726/23
CPC Class Codes

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Apparatus, method and system for providing network security for executable code in computer and communications networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, method and system for providing network security for executable code in computer and communications networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links