Security settings for markup language elements

US 7,318,238 B2
Filed: 01/14/2002
Issued: 01/08/2008
Est. Priority Date: 01/14/2002
Status: Active Grant

First Claim

Patent Images

1. In a computer system, a method comprising:

receiving a page comprising content including one or more elements having active content; and

controlling page output corresponding to at least part of the content by;

1) disabling or enabling execution of a first script or loading of a first control corresponding to at least one part of the page based on a first set of security settings; and

2) disabling or enabling execution of a second script or loading of a second control corresponding to at least one other part of the page based on a second set of security settings, the second set of security settings being different from the first set of security settings.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method that allows a page (e.g., Internet content) author to associate a set of security settings on any desired element (e.g., tag) of the page. When the page is interpreted, each element is handled based on its associated security settings, allowing a page author to request that any element be considered differently with respect to security than other elements, and/or differently relative to the page that contains it. A negotiator determines the actual settings for elements to ensure that security cannot be compromised by tagging an element such that it has the ability to do more than desired. The negotiator also determines the settings for elements that do not have specifically associated security data, e.g., elements without specified security settings may inherit security settings from higher elements, or the top-level container. The settings may correspond to those of a security zone.

119 Citations

View as Search Results

47 Claims

1. In a computer system, a method comprising:
- receiving a page comprising content including one or more elements having active content; and
  
  controlling page output corresponding to at least part of the content by;
  
  1) disabling or enabling execution of a first script or loading of a first control corresponding to at least one part of the page based on a first set of security settings; and
  
  2) disabling or enabling execution of a second script or loading of a second control corresponding to at least one other part of the page based on a second set of security settings, the second set of security settings being different from the first set of security settings.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein receiving the page includes accessing data received from a remote source.
  - 3. The method of claim 1, wherein receiving the page includes accessing data received from a cache.
  - 4. The method of claim 1, wherein a first action including one of execution of the first script or the loading of the first control is requested in the content in the at least one part of the page, wherein a second action including one of execution of the second script or the loading of the second control is requested in the content in the at least one other part of the page, and wherein controlling page output comprises, allowing the first action and disallowing the second action.
  - 5. The method of claim 4 wherein the first action corresponds to a command to run the first script, and wherein the second action corresponds to a command to run the second script.
  - 6. The method of claim 4 wherein the first action further corresponds to a command to download a first set of data, and wherein the second action corresponds to a command to download a second set of data.
  - 7. The method of claim 4 wherein allowing the first action comprises, prompting a user for a decision and receiving a response indicating that the first action is allowed.
  - 8. The method of claim 4 wherein disallowing the second action comprises, prompting a user for a decision and receiving a response indicating that the second action is not allowed.
  - 9. The method of claim 1, wherein a first action including one of execution of the first script or loading of the first control is requested in the content in the at least one part of the page, wherein a second action including one of execution of the second script or loading of the second control is requested in the content in the at least one other part of the page, and wherein controlling page output comprises, disallowing the first action and allowing the second action.
  - 10. The method of claim 1 further comprising:
    - retrieving the first set of security settings based on an identifier indicating a source from which the page is obtained, and associating the first set of security settings with the at least one part of the page.
  - 11. The method of claim 10 further comprising, constructing a tree to represent the page, and wherein associating the first set of security settings with the at least one part of the page includes storing data corresponding to the first set of security settings at a node in the tree.
  - 12. The method of claim 1 further comprising:
    - recognizing security data associated with an element of the page, and associating the second set of security settings with the at least one other part of the page based on the security data.
  - 13. The method of claim 12 further comprising, constructing a tree to represent the page, and wherein associating the second set of security settings with the at least one other part of the page includes storing data corresponding to the second set of security settings at a node in the tree that corresponds to the element.
  - 14. The method of claim 13 wherein storing data corresponding to the second set of security settings comprises negotiating the second set of security settings.
  - 15. The method of claim 14 wherein negotiating the second set of security settings comprises inheriting at least one setting in the second set of security settings based on security information associated with a parent node in the tree.
  - 16. The method of claim 14 wherein negotiating the second set of settings comprises receiving at least one setting in the second set of security settings based on security information associated with a child node in the tree.
  - 17. The method of claim 1, wherein controlling page output further comprises, accessing privacy settings.
  - 18. A computer-readable medium having computer-executable-instructions for performing the method of claim 1.

19. In a computer connected to a network, a system comprising:
- browser software that interprets content received from the network, anda security mechanism that associates a first security zone with a first part of the content and associates a second security zone with a second part of the content, the security mechanism being further operable to associate a first set of security settings with the first part of the content based on the first security zone, and associate a second set of security settings with the second part of the content based on the second security zone, the second set of security settings being different from the first set of security settings, whether execution of a first script or loading of a first control corresponding to the first part of the content is permitted being based on the first set of security settings, and whether execution of a second script or loading of a second control corresponding to the second part of the content is permitted being based on the second set of security settings.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 20. The system of claim 19 further comprising, a negotiator that controls the second set of security settings.
  - 21. The system of claim 20 wherein the negotiator controls the second set of security settings relative to the first set of security settings.
  - 22. The system of claim 21 wherein the negotiator controls the second set of security settings relative to the first set of security settings by having at least one setting in the second set be inherited from a corresponding setting in the first set.
  - 23. The system of claim 19 wherein the first set of security settings is based on a network identifier of a source of the content.
  - 24. The system of claim 19 wherein the second part of the content corresponds to an element in the content.
  - 25. The system of claim 24, further comprising a component that detects security data associated with the element.
  - 26. The system of claim 25 wherein the security data associated with the element comprises, a reference to a security zone.
  - 27. The system of claim 25 wherein the security data associated with the element comprises, a reference to a file.
  - 28. The system of claim 25 wherein the security data associated with the element comprises, a reference to a source of remote data.
  - 29. The system of claim 25 wherein the security data associated with the element comprises a string of data corresponding to at least some of the security settings.
  - 30. The system of claim 25 wherein the security data associated with the element comprises information indicating that the security settings should be determined relative to other security settings.
  - 31. The system of claim 19 further comprising, a tree of nodes constructed from the content, the tree including a first node corresponding to the first part and a second node corresponding to the second part.
  - 32. The system of claim 31 further comprising, a negotiator that controls the second set of security settings.
  - 33. The system of claim 32 wherein the negotiator evaluates the second set of security settings.
  - 34. The system of claim 32 wherein the negotiator changes at least one setting in the second set of security settings based on a rule.
  - 35. The system of claim 31 further comprising, at least one other node in the tree that is associated with security settings based on inheriting information from a parent node.
  - 36. The system of claim 35 wherein the parent node comprises the first node.
  - 37. The system of claim 35 wherein the parent node comprises the second node.
  - 38. The system of claim 31 further comprising, at least one other node in the tree that is associated with security settings based on security data of a child node.
  - 39. The system of claim 19 wherein the second part of the content corresponds to a frame tag in the content.
  - 40. The system of claim 19 wherein the content comprises a HyperText Markup Language page.

41. A markup language document, comprising:
- a first set of content associated with a first set of security settings, the first set of security settings indicating whether execution of a first script or loading of a first control corresponding to the first set of content is permitted; and
  
  a second set of content associated with a second set of security settings, the second set of security settings being different from the first set of security settings. and the second set of security settings indicating whether execution of a second script or loading of a second control corresponding to the second set of content is permitted.
- View Dependent Claims (42, 43, 44, 45, 46, 47)
- - 42. The markup language document of claim 41 wherein the first set of content corresponds to a page, the second set of content is included in the page, and wherein the second set of security settings take precedence over the first set of security settings with respect to determining security for the second set of content.
  - 43. The markup language document of claim 41 wherein the first set of content corresponds to a page and the second set of content corresponds to a frame element included in the page.
  - 44. The markup language document of claim 41, wherein the markup language document includes a reference to a file that corresponds to at least some of the second set of security settings.
  - 45. The markup language document of claim 41, wherein the markup language document includes a reference to a source of remote data that corresponds to at least some of the second set of security settings.
  - 46. The markup language document of claim 41, wherein the markup language document includes a string of data that corresponds to at least some of the second set of security settings.
  - 47. The markup language document of claim 41, wherein the markup language document includes information indicating that at least some of the second set of security settings should be determined relative to other security settings.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Elvanoglu, Ferhan, Dujari, Rajeev
Primary Examiner(s)
Moazzami, Nasser
Assistant Examiner(s)
Cervetti, David Garcia

Application Number

US10/047,302
Publication Number

US 20030135504A1
Time in Patent Office

2,185 Days
Field of Search

713/176, 709/203, 715/513
US Class Current

726/30
CPC Class Codes

G06F 16/986   Document structures and sto...

G06F 21/53   by executing in a restricte...

G06F 21/54   by adding security routines...

G06F 2221/2145   Inheriting rights or proper...

Security settings for markup language elements

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

119 Citations

47 Claims

Specification

Solutions

Use Cases

Quick Links

Security settings for markup language elements

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

119 Citations

47 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links