Method and system for restricting access to user resources
First Claim
1. A non-transitory computer-readable storage medium having computer-executable code stored therein for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, the computer-executable code executable to perform steps comprising:
- receiving a message from the service intended for the client;
examining a header of the message to determine whether the header represents a potential security violation;
stripping the header from the message responsive to a determination that the header represents a potential security violation;
determining permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden;
including the determined permissions with the message in a second header; and
passing the message and the second header to the client.
0 Assignments
0 Petitions
Accused Products
Abstract
A user'"'"'s set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS). The client sends a request to the WGPS to access a service provided by a site in the garden. The site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. If the code lacks permission, the shell stops execution.
137 Citations
15 Claims
-
1. A non-transitory computer-readable storage medium having computer-executable code stored therein for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, the computer-executable code executable to perform steps comprising:
-
receiving a message from the service intended for the client; examining a header of the message to determine whether the header represents a potential security violation; stripping the header from the message responsive to a determination that the header represents a potential security violation; determining permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; including the determined permissions with the message in a second header; and passing the message and the second header to the client. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A proxy server for passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, the proxy server comprising:
-
a processor for executing computer program code; a non-transitory computer-readable storage medium having computer-executable code stored therein, the computer-executable code executable to; receive a message from the service intended for the client; examine a header of the message to determine whether the header represents a potential security violation; strip the header from the message responsive to a determination that the header represents a potential security violation; determine permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; include the determined permissions with the message in a second header; and pass the message and the second header to the client. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-implemented method of passing messages from a service provided by a server in a first walled garden of a plurality of walled gardens to a client, wherein each of the plurality of walled gardens is identified by an affiliation value, comprising:
-
receiving, using one or more computers, a message from the service intended for the client; examining, using one or more computers, a header of the message to determine whether the header represents a potential security violation; stripping, using one or more computers, the header from the message responsive to a determination that the header represents a potential security violation; determining, using one or more computers, permissions of the service with respect to the client, wherein the permissions are determined responsive at least in part to the service, the client, and an affiliation value of the first walled garden; including, using one or more computers, the determined permissions with the message in a second header; and passing, using one or more computers, the message and the second header to the client. - View Dependent Claims (12, 13, 14, 15)
-
Specification