Network security zones
First Claim
1. A computer based method for providing client based security during a network browsing session between a client computer and a server computer, the method comprising:
- receiving, at the client computer, a Web document from the server computer for execution on the client computer that contains code in the actual content of the Web document that requests the client computer to perform an operation pertaining to the Web document;
in response to the client computer receiving a Web document from the server computer for execution on the client computer that contains code in the actual content of the Web document that requests the client computer to perform an operation pertaining to the Web document, the client computer analyzing the code to determine whether the requested operation is a protected operation prior to executing the Web document;
if a protected operation is to be performed, the client computer determining a security setting corresponding to the protected operation; and
the client computer executing the Web document if performing the protected operation is allowed based on the security setting.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer based system and method of providing security when receiving digital data at a client computer from one or more Web sites is disclosed. The method includes receiving security configuration information that specifies multiple security zones, each zone corresponding to a set of Web sites. The security configuration information also includes information specifying a set of security settings corresponding to each security zone. A security setting is a specification indicating an action to perform when a Web page from one of the security zones requests a protected operation to be performed. During a Web browsing session, the mechanism of the invention determines the security zone corresponding to the Web site currently being browsed. Prior to performing the protected operation, the mechanism of the invention determines the action to perform, based on the current Web site'"'"'s security zone, the requested operation, and the security setting corresponding to the requested operation and the Web site'"'"'s zone. Depending upon the security setting, the Web browser may perform the requested operation, prevent the requested operation from being performed, or prompt the user of whether to perform the requested operation. During the browsing of a Web site, the Web browser visually indicates the security zone corresponding to the current Web site.
-
Citations
19 Claims
-
1. A computer based method for providing client based security during a network browsing session between a client computer and a server computer, the method comprising:
-
receiving, at the client computer, a Web document from the server computer for execution on the client computer that contains code in the actual content of the Web document that requests the client computer to perform an operation pertaining to the Web document;
in response to the client computer receiving a Web document from the server computer for execution on the client computer that contains code in the actual content of the Web document that requests the client computer to perform an operation pertaining to the Web document, the client computer analyzing the code to determine whether the requested operation is a protected operation prior to executing the Web document;
if a protected operation is to be performed, the client computer determining a security setting corresponding to the protected operation; and
the client computer executing the Web document if performing the protected operation is allowed based on the security setting. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
the client computer selectively querying a user whether to perform the protected operation based on the security setting prior to executing the Web document; and
the client computer selectively executing the Web document and performing the protected operation based on a response received from the user.
-
-
6. The method of claim 1, further comprising storing in a log data indicating the protected operation.
-
7. The method of claim 1, wherein the client computer includes a browser executing thereon, the method further comprising:
-
configuring the browser to include a specification of a plurality of zones, each zone including at least one Web site and having a corresponding set of at least one security setting;
determining a zone corresponding to the Web site; and
wherein said determining a security setting is based on the protected operation and the zone corresponding to the Web site.
-
-
8. The method of claim 7, wherein configuring the browser comprises receiving configuration information from a user at the client computer.
-
9. The method of claim 7, wherein configuring the browser comprises receiving configuration information from a user at an administrator computer distinct from the client computer.
-
10. The method of claim 7, wherein the client computer is located behind a firewall, further comprising:
-
receiving at least one Web document from each of a plurality of Web sites, each Web site corresponding to a server computer, said plurality of Web sites including a Web site corresponding to a local server computer behind the firewall and a Web site corresponding to a remote server computer external to the firewall;
wherein at least one zone excludes all Web sites corresponding to server computers external to the firewall; and
wherein at least one zone excludes all Web sites corresponding to server computers behind the firewall.
-
-
11. The method of claim 7, further comprising:
-
displaying the Web document from the Web site; and
displaying information indicating the zone corresponding to the Web site at least partially concurrently with displaying the Web document.
-
-
12. The method of claim 1, wherein the protected operation comprises receiving a file from the server computer.
-
13. The method of claim 1, wherein the protected operation comprises receiving a software component from the server computer.
-
14. A computer-readable medium having computer-executable instructions for performing the method recited in claim 1.
-
15. The method of claim 1, further comprising:
-
the client computer receiving, from a user, a specification of a security zone, the specification indicating at least one server computer to be included in the security zone;
the client computer receiving, from the user, a specification of a security level to be associated with the security zone; and
the client computer storing the specification of the security zone and the specification of the associated security level prior to receiving the Web document from the server computer to be included in the security zone.
-
-
16. The method of claim 15, wherein the user operates the client computer.
-
17. The method of claim 15, wherein the user operates an administrator computer that communicates with the client computer.
-
18. A computer-readable medium having computer-executable instructions for performing the method recited in claim 15.
-
19. The method of claim 1, further comprising:
-
the client computer receiving, from a user, a specification of a plurality of security zones, each security zone specification indicating at least one Web site to be included in the corresponding security zone;
the client computer receiving from a user, for each security zone, a specification of a corresponding security level to be associated with the security zone;
receiving, at the client computer, a Web document from a Web site included in one of the security zones; and
the client computer storing the specification of the security zones and the specification of the associated security levels at the client computer prior to receiving the Web document from the Web site included in said one of the security zones.
-
Specification