Browser security notification

US 8,074,272 B2
Filed: 07/07/2005
Issued: 12/06/2011
Est. Priority Date: 07/07/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method, comprising:

assigning a default behavior for each of a plurality of security settings in each of a plurality of zones of a network browser application, the assigning utilizing a predetermined settings/risk table that maps one of a plurality of behaviors to each of the plurality of security settings of the network browser application;

receiving an indication that one of the plurality of security settings of the network browser application has been altered;

determining, responsive to receiving the indication that the one of the plurality of security settings of the network browser application has been altered and based at least in part on the predetermined settings/risk table and a security risk assessment associated with the plurality of behaviors in the plurality of zones, without user interaction, that the one of the plurality of security settings of the network browser application that has been altered poses a security risk;

notifying a user of the security risk in response to the determining via a notification that includes a selectable option to ignore the security risk;

presenting an explanation indicating why the one of the plurality of security settings poses the security risk;

presenting the user, responsive to the determining and unless the selectable option to ignore the security risk is selected, with an option to restore the plurality of security settings in one of the plurality of zones to the default behaviors for the one of the plurality of zones and an option to restore the plurality of security settings in the plurality of zones to the default behaviors for the plurality of zones; and

in response to a single user selection, restoring the plurality of security settings in the one of the plurality of zones to the default behaviors for the one of the plurality of zones or restoring the plurality of security settings in the plurality of zones to the default behaviors for the plurality of zones.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tools are described that notify a user of a security risk in a network browser. The tools can determine that a security setting of a network browser poses a security risk and notify the user of this risk. In some situations the tools also enable a user to reduce the security risk with a single user action. This single user action can alter one or multiple security settings responsible for the security risk.

76 Citations

View as Search Results

12 Claims

1. A computer-implemented method, comprising:
- assigning a default behavior for each of a plurality of security settings in each of a plurality of zones of a network browser application, the assigning utilizing a predetermined settings/risk table that maps one of a plurality of behaviors to each of the plurality of security settings of the network browser application;
  
  receiving an indication that one of the plurality of security settings of the network browser application has been altered;
  
  determining, responsive to receiving the indication that the one of the plurality of security settings of the network browser application has been altered and based at least in part on the predetermined settings/risk table and a security risk assessment associated with the plurality of behaviors in the plurality of zones, without user interaction, that the one of the plurality of security settings of the network browser application that has been altered poses a security risk;
  
  notifying a user of the security risk in response to the determining via a notification that includes a selectable option to ignore the security risk;
  
  presenting an explanation indicating why the one of the plurality of security settings poses the security risk;
  
  presenting the user, responsive to the determining and unless the selectable option to ignore the security risk is selected, with an option to restore the plurality of security settings in one of the plurality of zones to the default behaviors for the one of the plurality of zones and an option to restore the plurality of security settings in the plurality of zones to the default behaviors for the plurality of zones; and
  
  in response to a single user selection, restoring the plurality of security settings in the one of the plurality of zones to the default behaviors for the one of the plurality of zones or restoring the plurality of security settings in the plurality of zones to the default behaviors for the plurality of zones.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, further comprising notifying the user of the security risk without user interaction.
  - 3. The method of claim 1, further comprising, in response to notifying the user of the security risk, presenting to the user an option to alter the one of the plurality of security settings effective to reduce the security risk.
  - 4. The method of claim 3, further comprising presenting a user interface to the user showing the one of the plurality of security settings, the user interface including one or more selectable changes to the one of the plurality of security settings capable of reducing the security risk.
  - 5. The method of claim 1, further comprising determining that the one of the plurality of security settings of the network browser application poses a security risk includes assigning a risk level of either unsafe or safe.

6. A computer-implemented method, comprising:
- assigning a default behavior for each of a plurality of security settings in each of a plurality of network zones of a network browser application, the assigning utilizing a predetermined settings/risk table that maps one of a plurality of behaviors to each of the plurality of security settings of the network browser application;
  
  receiving an indication that one or more of the plurality of security settings of the network browser application have been altered;
  
  determining, responsive to receiving the indication that the one or more of the plurality of security settings of the network browser application have been altered and based at least in part on the predetermined settings/risk table and a security risk assessment associated with the plurality of behaviors in the plurality of network zones, that the one or more of the plurality of security settings of a network browser that have been altered pose a security risk, the security risk assessment not assessing a risk of the one or more of the plurality of settings for at least one of the plurality of network zones that do not depend on the respective one or more of the plurality of security settings;
  
  notifying a user of the security risk in response to the determining;
  
  presenting an explanation indicating why the one or more of the plurality of security settings of the network browser that have been altered pose the security risk;
  
  presenting to the user, responsive to the determining, with an option to restore the plurality of security settings in one of the plurality of network zones to the default behaviors and an option to restore the plurality of security settings in the plurality of zones to the default behaviors; and
  
  in response to a single user selection, restoring the plurality of security settings in the one of the plurality of network zones to the default behaviors or restoring the plurality of security settings in the plurality of network zones to the default behaviors.
- View Dependent Claims (7)
- - 7. The method of claim 6, wherein the presenting to the user the option to restore the plurality of security settings in the one of the plurality of network zones to the default behaviors for the one of the plurality of zones and the option to restore the plurality of security settings in the plurality of zones to the default behaviors for the plurality of zones further comprises;
    - presenting selectable controls; and
      
      altering the one or more of the plurality of security setting(s) in response to receiving a user selection of one of the selectable controls.

8. A system comprising:
- one or more processors;
  
  one or more computer-readable storage media having computer-readable instructions stored therein that, when executed by the one or more processors, causes the one or more processors to implement a user interface comprising;
  
  a first region having a first indication indicating a security risk for a network browser based on one or more of a plurality of security settings for each of a plurality of network zones of the network browser, a first visual selectable control that is selectable to cause the security risk to be ignored, and a second indication indicating that selection of the first visual selectable control is effective to ignore the security risk;
  
  an explanation indicating why the one or more of the plurality of security settings pose the security risk;
  
  a second region having a second visual selectable control that is selectable to cause the security risk to be reduced, a third indication indicating that selection of the second visual selectable control is effective to reduce the security risk, a third visual selectable control that is selectable to restore the plurality of security settings for one of the plurality of network zones to a safe level with a single user action, and a fourth visual selectable control that is selectable to restore the plurality of security settings for the plurality of network zones to a safe level with a single user action; and
  
  a third region displaying the one or more of the plurality of security settings that pose the security risk, the one or more of the plurality of security settings being associated with a behavior selected from a group comprising enable, disable, or prompt.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the third indication indicates that one or more of the plurality of security settings of the network browser will be made safe in response to selecting the second visual selectable control.
  - 10. The system of claim 8, wherein the third indication indicates that a plurality of security settings of the one of the plurality of network zones will be made safe.
  - 11. The system of claim 8, wherein the third indication indicates that the plurality of security settings of the plurality of network zones will be made safe.
  - 12. The system of claim 8, wherein the computer-readable instructions, when executed by the one or more processors, cause the one or more processors to perform further acts comprising receiving selection of the second visual selectable control with a single user action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Choi, Wayne, Lyndersay, Sean O., Franco, Roberto A.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US11/176,754
Publication Number

US 20070016954A1
Time in Patent Office

2,343 Days
Field of Search

713/187, 713/188, 713/152, 707/9, 726/1, 726/23, 726/24, 726/25, 726/26, 726/27
US Class Current

726/17
CPC Class Codes

G06F 21/554 involving event detection a...

G06F 21/577 Assessing vulnerabilities a...

Browser security notification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

76 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Browser security notification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

76 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links