System and method for zone transition mitigation with relation to a network browser
First Claim
1. A computer-implemented method for security privilege transition mitigation between web pages that are associated with different security zones while a user is browsing, comprising:
- accessing, using a computing device, a first web page at a first Uniform Resource Locator (URL) in a web browser having a first security context determined from the first web page that is associated with a first security zone having a first security level;
determining, using the computing device, when an event occurs that requests a navigation to occur from the first web page to a second web page at a second URL having a second security context determined from the second web page that is associated with a second security zone having a second security level; and
determining, using the computing device, when to allow the navigation to occur from the first web page to the second web page by determining when the first security context of the first web page is higher than or equal to the second security context of the second web page.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system for determining whether to allow a network browser action when a transition occurs between security zones as a result of the action is provided. Gaining access to a local machine zone may be a goal for unauthorized entities attempting to improperly access a user'"'"'s content. The present invention therefore may be initiated to block transitions from the security zones with stricter security restrictions to zones with less security restrictions. In addition, a selected alternative may be commenced depending on the relative weight of the security zones involved the zone transition. Depending on the relative weight of security zones, the transition between zones may be allowed, prevented, or the user may be prompted to decide whether to allow or prevent the action that results in the zone transition.
186 Citations
23 Claims
-
1. A computer-implemented method for security privilege transition mitigation between web pages that are associated with different security zones while a user is browsing, comprising:
-
accessing, using a computing device, a first web page at a first Uniform Resource Locator (URL) in a web browser having a first security context determined from the first web page that is associated with a first security zone having a first security level; determining, using the computing device, when an event occurs that requests a navigation to occur from the first web page to a second web page at a second URL having a second security context determined from the second web page that is associated with a second security zone having a second security level; and determining, using the computing device, when to allow the navigation to occur from the first web page to the second web page by determining when the first security context of the first web page is higher than or equal to the second security context of the second web page. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer-readable medium that includes computer-executable instructions which, when executed by a computing device, implement a method comprising:
-
determining a first security zone that is associated with a first Uniform Resource Locator (URL); determining when an attempt is made to navigate to a second security zone that is associated with a second URL; determining whether to allow the navigation from the first URL to the second URL based upon an examination of a first security privilege that is associated with the first security zone and an examination of a second security privilege that is associated with the second security zone;
wherein the determination is made by examining only the first URL and second URL; andpreventing the navigation from the first URL to the second URL when the first security zone has a first security context that is lower than a second security context associated with the second security zone. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A system for mitigating transitions between security zones associated with a network browser, comprising:
-
one or more processors; and one or more computer-readable storage media, comprising instructions that, when executed by the one or more processors, implement; a zone manager that is configured to manage the privileges associated with the security zones;
wherein the security zones include a trusted sites zone, an Internet zone, a restricted sites zone, and a local machine zone;a zone determination function that is configured to determine security zones corresponding to resources that are associated with a network browser action; and a zone weight determination function that is configured to determine the relative weight between the security zones and apply an alternative based upon the relative weight;
wherein the alternative prevents the network browser action when a first security zone has a first security context determined from a first web page that is lower than a second security context that is determined from a second web page. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
Specification