Systems and methods for limiting access to potentially dangerous code

US 7,366,896 B1
Filed: 08/29/2000
Issued: 04/29/2008
Est. Priority Date: 08/29/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

a first electronic device digitally signing a web page, wherein the web page includes code to invoke a control object, and wherein the web page does not include the control object; and

subsequent to digitally signing the web page, the first electronic device delivering the web page to a second electronic device capable of authenticating the source of the web page based on the digital signature such that the second electronic device executes at least a portion of the web page in response to authenticating the digital signature.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and data structures are described for attaching a digital signature to a web page and authenticating the digital signature before allowing the web page to invoke a software control on a computer that has downloaded the web page. Unauthorized users cannot gain access to a control on a computer through a web page that is downloaded to the computer, if the source of the web page or application cannot be authenticated or is not a trusted source.

17 Citations

View as Search Results

34 Claims

1. A method, comprising:
- a first electronic device digitally signing a web page, wherein the web page includes code to invoke a control object, and wherein the web page does not include the control object; and
  
  subsequent to digitally signing the web page, the first electronic device delivering the web page to a second electronic device capable of authenticating the source of the web page based on the digital signature such that the second electronic device executes at least a portion of the web page in response to authenticating the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein digitally signing further comprises attaching the digital signature to the web page.
  - 3. The method as recited in claim 1, further comprising:
    - in an event that the web page does not include code to invoke the control object, the first electronic device delivering the web page without a digital signature.
  - 4. The method as recited in claim 1, wherein the web page includes a confirmation module that is used by the second electronic device to authenticate the digital signature.
  - 5. The method as recited in claim 1, wherein the web page is generated in an active server page (ASP) environment.
  - 6. The method as recited in claim 1, farther comprising designating one or more sources of a web page authorized to invoke the control object.
  - 7. The method as recited in claim 1, wherein the control object includes a confirmation module configured to authenticate the digital signature.
  - 8. The method as recited in claim 7, wherein the confirmation module is further configured to determine if the web page comes from a source that is authorized to invoke the control object and the control object is invoked only if the source of the web page is authorized to invoke the control object.
  - 9. The method as recited in claim 7, wherein the confirmation module is called by the web page prior to the web page invoking the control object.

10. A method, comprising:
- a first electronic device receiving from a second electronic device, a request to download a web page; and
  
  in response to receiving the request, the first electronic device;
  
  determining whether the web page includes code to invoke a control object;
  
  in an event that the web page includes code to invoke a control object, the first electronic device digitally signing the web page; and
  
  delivering the web page to the second electronic device, wherein the second electronic device is capable of authenticating the source of the web page based on the digital signature such that the second electronic device executes at least a portion of the web page in response to authenticating the web page digital signature.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method as recited in claim 10, wherein a control object digital signature is associated with the control object.
  - 12. The method as recited in claim 10, wherein digitally signing the web page further comprises deriving the web page digital signature.
  - 13. The method as recited in claim 10, further comprising:
    - in an event that the web page does not include code to invoke the control object;
      
      in response to receiving the request, the first electronic device delivering the web page to the second electronic device without the web page digital signature.
  - 14. The method as recited in claim 10, wherein the web page includes a confirmation module that is used by the second electronic device to authenticate the web page digital signature.
  - 15. The method as recited in claim 10, wherein the control object includes a confirmation module configured to authenticate the web page digital signature.
  - 16. The method as recited in claim 15, further comprising the second electronic device invoking the confirmation module prior to executing the code to invoke the control object.
  - 17. The method as recited in claim 10, further comprising a confirmation module determining whether a source of the web page is authorized to invoke the control object such that the web page is prevented from invoking the control object if the source of the web page is not authorized to invoke the control object.

18. A method, comprising:
- a first electronic device determining whether a web page includes code to invoke a control object, wherein the control object does not have an associated digital signature; and
  
  based on a determination that the web page includes code to invoke the control object;
  
  the first electronic device digitally signing the web page; and
  
  subsequent to digitally signing the web page, the first electronic device delivering the web page to a second electronic device capable of authenticating a source of the web page based on the digital signature such that the second electronic device executes the code to invoke the control object in response to authenticating the digital signature, and such that the second electronic device prevents execution of the code to invoke the control object in response to failing to authenticate the digital signature.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method as recited in claim 18, wherein digitally signing the web page further comprises deriving the digital signature.
  - 20. The method as recited in claim 18, further comprising:
    - based on a determination that the web page does not include code to invoke the control object;
      
      the first electronic device delivering the web page to the second electronic device without the digital signature.
  - 21. The method as recited in claim 18, wherein the web page includes a confirmation module that is used by the second electronic device to authenticate the digital signature.
  - 22. The method as recited in claim 18, wherein the control object includes a confirmation module configured to authenticate the digital signature.
  - 23. The method as recited in claim 18, farther comprising a confirmation module determining whether a source of the web page is authorized to invoke the control object such that the web page is prevented from invoking the control object if the source of the web page is not authorized to invoke the control object.
  - 24. The method as recited in claim 23, further comprising the second electronic device invoking the confirmation module prior to executing the code to invoke the control object.

25. A method, comprising:
- a first electronic device determining whether a web page includes code to invoke a control object, wherein a first digital signature is associated with the control object;
  
  based on a determination that the web page includes code to invoke the control object, the first electronic device digitally signing the web page with a second digital signature; and
  
  subsequent to digitally signing the web page with the second digital signature, the first electronic device delivering the web page to a second electronic device capable of authenticating the source of the web page based on the second digital signature such that the second electronic device executes the code to invoke the control object in response to authenticating the second digital signature, and such that the second electronic device prevents execution of the code to invoke the control object in response to failing to authenticate the source of the web page based on the second digital signature.
- View Dependent Claims (26, 27, 28, 29, 30, 31)
- - 26. The method as recited in claim 25, wherein digitally signing the web page further comprises deriving the second digital signature.
  - 27. The method as recited in claim 25, further comprising:
    - based on a determination that the web page does not include code to invoke the control object;
      
      the first electronic device delivering the web page to the second electronic device without the second digital signature.
  - 28. The method as recited in claim 25, wherein the web page includes a confirmation module that is used by the second electronic device to authenticate the second digital signature.
  - 29. The method as recited in claim 25, wherein the control object includes a confirmation module configured to authenticate the second digital signature.
  - 30. The method as recited in claim 25, further comprising a confirmation module determining whether a source of the web page is authorized to invoke the control object such that the web page is prevented from invoking the control object if the source of the web page is not authorized to invoke the control object.
  - 31. The method as recited in claim 30, further comprising the second electronic device invoking the confirmation module prior to executing the code to invoke the control object.

32. One or more tangible computer-readable media comprising computer-executable instructions that, when executed, direct a first computing device to:
- determine whether a web page includes code to invoke a control object, wherein the control object does not have an associated digital signature; and
  
  based on a determination that the web page includes code to invoke the control object, digitally signing the web page, wherein the digital signature is not directly associated with the control object; and
  
  deliver the web page to a second computing device capable of authenticating the source of the web page based on the digital signature such that the second computing device executes the code to invoke the control object in response to authenticating the source of the web page based on the digital signature, and such that the second computing device prevents execution of the code to invoke the control object in response to failing to authenticate the source of the web page based on the digital signature.

33. One or more tangible computer-readable media comprising computer-executable instructions that, when executed, direct a first computing device to:
- determine whether a web page includes code to invoke a control object, wherein a first digital signature is associated with the control object;
  
  based on a determination that the web page includes code to invoke the control object, digitally sign the web page with a second digital signature; and
  
  deliver the web page to a second computing device capable of authenticating the source of the web page based on the second digital signature such that the second computing device executes the code to invoke the control object in response to authenticating the source of the web page based on the second digital signature, and such that the second computing device prevents execution of the code to invoke the control object in response to failing to authenticate the source of the web page based on the second digital signature.

34. A system comprising:
- a page generator to generate a web page, wherein the web page includes a control object;
  
  a digital signature module to;
  
  determining whether the web page includes a script to invoke the control object;
  
  derive a digital signature from the web page;
  
  based on a determination that the web page includes a script to invoke the control object, digitally signing the web page such that the digital signature is not directly associated with the control object, but is associated with the source of the web page; and
  
  a web page delivery module to deliver the web page to an electronic device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rajan, Sanjeev K., Cooper, Kristi L., Mariani, Rico, Broman, David M.
Primary Examiner(s)
Sheikh; Ayaz
Assistant Examiner(s)
CHEN, SHIN HON

Application Number

US09/650,712
Time in Patent Office

2,800 Days
Field of Search

713/164, 713/200, 713/120, 713/156, 713/176, 713/170, 713/181, 713/166, 713/175, 713/155, 395/186, 395/188.01, 395/425, 717/11, 717/203, 709/217, 709/221, 709/218, 709/219
US Class Current

713/156
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 9/3247   involving digital signatures

Systems and methods for limiting access to potentially dangerous code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

34 Claims

Specification

Use Cases

Quick Links

Others

Systems and methods for limiting access to potentially dangerous code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

34 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others