Method and apparatus for securing software distributed over a network
First Claim
Patent Images
1. A method to secure software downloaded from a server computer to a client computer over a computer network, the method comprising:
- receiving a Universal Resource Locator (URL) pertaining to a server computer in a browser window provided by a browser program running on a client computer;
initiating the downloading of a web page on the browser window on the client computer based on the URL, wherein the web page has associated therewith a control software program with a corresponding digital signature;
verifying the control software program using the digital signature;
displaying a first message if the control software program fails the verification;
querying the browser program to determine the URL to which the browser program is pointed;
determining whether the URL to which the browser program is pointed is authorized;
executing the control software program if it is determined that the URL to which the browser program is pointed is authorized; and
displaying a second message if it is determined that the URL to which the browser program is pointed is not authorized.
14 Assignments
0 Petitions
Accused Products
Abstract
A method and computer executable program code are disclosed to verify the source of software downloaded from a remote site to a client computer over a computer network before the software can be executed on the client computer.
-
Citations
8 Claims
-
1. A method to secure software downloaded from a server computer to a client computer over a computer network, the method comprising:
-
receiving a Universal Resource Locator (URL) pertaining to a server computer in a browser window provided by a browser program running on a client computer;
initiating the downloading of a web page on the browser window on the client computer based on the URL, wherein the web page has associated therewith a control software program with a corresponding digital signature;
verifying the control software program using the digital signature;
displaying a first message if the control software program fails the verification;
querying the browser program to determine the URL to which the browser program is pointed;
determining whether the URL to which the browser program is pointed is authorized;
executing the control software program if it is determined that the URL to which the browser program is pointed is authorized; and
displaying a second message if it is determined that the URL to which the browser program is pointed is not authorized.
-
-
2. The method of claim 1 and further comprising authenticating a user via the browser program.
-
3. The method of claim 1 and further comprising
invoking at least two of a plurality of methods provided by the browser program to determine if it is pointed to an authorized web site; - and
comparing the results obtained by the methods that are invoked.
- and
-
4. The method of claim 1 and further comprising invoking at least one method provided by the browser program to obtain information located in a top-level browser window.
-
5. The method of claim 1 and further comprising invoking at least one method provided by the browser program to obtain information located in an opener browser window.
-
6. Computer executable program code stored on a computer readable medium to implement the method of claim 1.
-
7. A method to secure software downloaded from a server computer to a client computer over a computer network, the method comprising:
-
receiving a Universal Resource Locator (URL) pertaining to a server computer in a browser window provided by a browser program running on a client computer;
initiating the downloading of a web page on the browser window on the client computer based on the URL, wherein the web page has associated therewith a control software program with a corresponding digital signature, wherein the control software program includes computer maintenance software;
verifying the control software program using the digital signature;
displaying a first message if the control software program fails the verification;
querying the browser program to determine the URL to which the browser program is pointed;
determining whether the URL to which the browser program is pointed is authorized;
executing the control software program if it is determined that the URL to which the browser program is pointed is authorized; and
displaying a second message if it is determined that the URL to which the browser program is pointed is not authorized.
-
-
8. A method to secure software downloaded from a server computer to a client computer over a computer network, the method comprising:
-
receiving a Universal Resource Locator (URL) pertaining to a server computer in a browser window provided by a browser program on a client computer;
initiating the downloading of a web page on the browser window on the client computer based on the URL, wherein the web page has associated therewith a control software program with a corresponding digital signature;
verifying the control software program using the digital signature;
displaying a first message if the control software program fails the verification;
querying the browser program to determine the URL to which the browser program is pointed;
determining whether the URL to which the browser program is pointed is authorized;
executing the control software program if it is determined that the URL to which the browser program is pointed is authorized;
displaying a second message if it is determined that the URL to which the browser program is pointed is not authorized;
determining a first URL pointed to by a top-level window;
determining a second URL pointed to by an opener window; and
executing the control software program only if both the first URL and the second URL are authorized.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeNetworks Associates Technology, Inc. (McAfee, LLC)
-
InventorsKannan, Ravi, Katchapalayam, Babu, Balasubramaniam, Chandrasekar, Sampath, Srivats, Revashetti, Siddaraya Basappa
-
Primary Examiner(s)Hayes, Gail
-
Assistant Examiner(s)REVAK, CHRISTOPHER A
-
Application NumberUS09/248,115Time in Patent Office1,412 DaysField of Search713/200, 713/201, 713/156, 713/176, 713/155, 713/168, 713/169, 713/170, 713/175, 709/217-219, 709/223-229, 709/310, 709/311, 705/59, 705/51, 705/53, 705/54, 705/76, 340/5.85, 340/5.86US Class Current726/22CPC Class CodesG06F 11/30 MonitoringG06F 21/316 by observing the pattern of...G06F 21/645 using a third partyG06F 2221/2133 Verifying human interaction...H04L 63/0236 Filtering by address, proto...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/12 Applying verification of th...H04L 63/123 received data contents, e.g...H04L 63/1408 by monitoring network traff...H04L 63/145 the attack involving the pr...H04L 67/10 in which an application is ...H04L 67/55 Push-based network servicesH04L 69/329 in the application layer [O...
