Setting default security features for use with web applications and extensions

US 8,181,254 B1
Filed: 10/28/2011
Issued: 05/15/2012
Est. Priority Date: 10/28/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for implementing default security features for web applications and browser extensions, comprising:

receiving a request to include a web application or a web browser extension in a digital marketplace;

determining if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages;

allowing a developer to override one of the default security features if the developer declares the override in the request;

labeling the override with a risk level;

storing the override and the label in a database of a server; and

including the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one general aspect, a computer-implemented method for implementing default security features for web applications and browser extensions includes receiving a request to include a web application or a web browser extension in a digital marketplace. A determination is made if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages. The web application or the browser extension is included in the digital marketplace if the web application or the browser extension conforms to the default security features.

40 Citations

View as Search Results

16 Claims

1. A computer-implemented method for implementing default security features for web applications and browser extensions, comprising:
- receiving a request to include a web application or a web browser extension in a digital marketplace;
  
  determining if the web application or the web browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages;
  
  allowing a developer to override one of the default security features if the developer declares the override in the request;
  
  labeling the override with a risk level;
  
  storing the override and the label in a database of a server; and
  
  including the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the default security features include a limit on an ability of the web application or the browser extension to run a predetermined JavaScript function.
  - 3. The computer-implemented method of claim 1, further comprising:
    - displaying a notification related to the override prior to allowing a user to download the web application or the browser extension from the digital marketplace.
  - 4. The computer-implemented method of claim 1, further comprising:
    - allowing the developer to override one of the default security features if the developer receives permission from a curator of the digital marketplace.
  - 5. The computer-implemented method of claim 1, wherein the default security features apply to features of standard web technologies.
  - 6. The computer-implemented method of claim 1, further comprising:
    - evaluating, using a set of criteria, a request from the developer to override one of the default security features.

7. A computer-implemented method for notifying users of potential security issues for web applications, comprising:
- presenting a representation of a web application in a digital marketplace;
  
  receiving a selection of the representation;
  
  allowing a developer to override one of default security features;
  
  labeling the override with a risk level;
  
  storing the override and the label in a database of a server;
  
  upon receiving the selection, displaying an override notification of the default security feature prior to allowing a user to download the web application from the digital marketplace, wherein the default security feature is a restriction against a predetermined JavaScript function.
- View Dependent Claims (8, 9, 10)
- - 8. The computer-implemented method of claim 7, further comprising:
    - evaluating, using a set of criteria, a request from a developer to bypass the default security feature.
  - 9. The computer-implemented method of claim 7, further comprising:
    - receiving, at the server, an explicit declaration of the override from the developer of the web application.
  - 10. The computer-implemented method of claim 7, further comprising:
    - establishing a set of default security features.

11. A non-transitory computer-readable storage medium having recorded and stored thereon instructions that, when executed by a processor of a computer system cause the computer system to:
- receive a request to include a web application or a browser extension in a digital marketplace;
  
  determine if the web application or the browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages;
  
  allow a developer to override one of the default security features if the developer declares the override in the request;
  
  label the override with a risk level;
  
  store the override and the label in a database of server; and
  
  include the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - limit an ability of the web application or the browser extension to run a predetermined JavaScript function.
  - 13. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - allow the developer to override one of the default security features if the developer receives permission from a curator of the digital marketplace.
  - 14. The non-transitory computer-readable storage medium of claim 13, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - display a notification related to the override prior to allowing a user to download the web application or the browser extension from the digital marketplace.
  - 15. The non-transitory computer-readable storage medium of claim 11, further comprising instructions that, when executed by a processor of a computer system cause the computer system to:
    - evaluate the request from the developer to override one of the default security features.

16. A system comprising:
- a memory configured to store executable code; and
  
  a processing device operably coupled to the memory, the processor configured to execute the code to;
  
  receive a request to include a web application or a browser extension in a digital marketplace;
  
  determine if the web application or the browser extension conforms to default security features, wherein the default security features include a prohibition against running in-line script on web pages;
  
  allow an override of one of the default security features if the override is declared in the request;
  
  label the override with a risk level;
  
  store the override and the label in a database of a server; and
  
  include the web application or the browser extension in the digital marketplace if the web application or the browser extension conforms to the default security features.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Kay, Erik, Barth, Adam
Primary Examiner(s)
Gergiso, Techane

Application Number

US13/284,469
Time in Patent Office

200 Days
Field of Search

726/25, 713/168
US Class Current

726/25
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/51   at application loading time...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/60   Protecting data

G06F 2221/033   Test or assess software

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2119   Authenticating web pages, e...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 8/61   Installation

H04L 63/1433   Vulnerability analysis

H04L 63/1466   Active attacks involving in...

Setting default security features for use with web applications and extensions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

40 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Setting default security features for use with web applications and extensions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links