Buffered viewing of electronic documents

US 8,707,251 B2
Filed: 06/07/2004
Issued: 04/22/2014
Est. Priority Date: 06/07/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of buffering an electronic document containing a plurality of unsafe features received from a sender, said method comprising:

establishing, by a client computer, a set of rules and patterns to detect said plurality of unsafe features in source codes;

receiving, by said client computer, an original source code of said electronic document containing said plurality of unsafe features, said plurality of unsafe features including undesired executable coding including hidden commands which, when executed, causes said client computer to perform undesired operations;

caching, by said client computer, said electronic document in a buffer of said client computer;

determining, by said client computer, said electronic document contains said plurality of unsafe features by applying said set of rules and patterns to said electronic document to identify said undesired executable coding;

producing, by said client computer, an alternate source code of said electronic document, which eliminates said undesired executable coding of said plurality of unsafe features from said original source code by replacing said undesired executable coding with said alternate source code which does not cause said client computer to perform said undesired operations and displays a message indicating said plurality of unsafe features have been removed;

presenting, by said client computer, a description of said undesired executable coding of said plurality of unsafe features from said original source code, said description identifying said hidden commands and explaining an effect of said undesired executable coding in a window display on said client computer;

presenting, to a user of said client computer, a choice of whether to replace said undesired executable coding from said original source code with said alternate source code to produce a safe electronic document, and caching said safe electronic document in said buffer;

gathering, by said client computer, information about said choice of said user, and using said information to adjust said set of rules and patterns; and

executing, by said client computer, said safe electronic document that is cached so as to display said safe electronic document corresponding to said electronic document and said message indicating said plurality of unsafe features contained in said electronic document have been removed, said safe electronic document avoiding performance, by said client computer, of said undesired operations.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, program storage device, and method of buffering an electronic document received from a host computer, wherein the method comprises determining whether an original source code of the electronic document includes executable coding which when executed by a client computer, causes the client computer to perform undesired operations, and producing an alternate source code of the electronic document, which eliminates the coding, wherein the undesired operations are characterized as undesirable based on predetermined settings established by the client computer. The electronic document comprises any of a web page, electronic mail message, an electronic mail attachment, a note in a hypertext format, a text document, a text file, and an application-specific electronic document. Each of the original source code and the alternate source code comprises a hypertext transfer protocol (HTTP) source code.

60 Citations

View as Search Results

41 Claims

1. A computer-implemented method of buffering an electronic document containing a plurality of unsafe features received from a sender, said method comprising:
- establishing, by a client computer, a set of rules and patterns to detect said plurality of unsafe features in source codes;
  
  receiving, by said client computer, an original source code of said electronic document containing said plurality of unsafe features, said plurality of unsafe features including undesired executable coding including hidden commands which, when executed, causes said client computer to perform undesired operations;
  
  caching, by said client computer, said electronic document in a buffer of said client computer;
  
  determining, by said client computer, said electronic document contains said plurality of unsafe features by applying said set of rules and patterns to said electronic document to identify said undesired executable coding;
  
  producing, by said client computer, an alternate source code of said electronic document, which eliminates said undesired executable coding of said plurality of unsafe features from said original source code by replacing said undesired executable coding with said alternate source code which does not cause said client computer to perform said undesired operations and displays a message indicating said plurality of unsafe features have been removed;
  
  presenting, by said client computer, a description of said undesired executable coding of said plurality of unsafe features from said original source code, said description identifying said hidden commands and explaining an effect of said undesired executable coding in a window display on said client computer;
  
  presenting, to a user of said client computer, a choice of whether to replace said undesired executable coding from said original source code with said alternate source code to produce a safe electronic document, and caching said safe electronic document in said buffer;
  
  gathering, by said client computer, information about said choice of said user, and using said information to adjust said set of rules and patterns; and
  
  executing, by said client computer, said safe electronic document that is cached so as to display said safe electronic document corresponding to said electronic document and said message indicating said plurality of unsafe features contained in said electronic document have been removed, said safe electronic document avoiding performance, by said client computer, of said undesired operations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, said electronic document comprising any of a web page, electronic mail message, an electronic mail attachment, a note in a hypertext format, a text document, a text file, and an application-specific electronic document.
  - 3. The method of claim 1, said original source code and said alternate source code comprising a hypertext markup language (HTML) source code.
  - 4. The method of claim 1, said undesired operations comprising any of altering a configuration of said client computer, installing a code in said client computer, installing a plug-in command in said client computer, installing a program in said client computer, installing an application in said client computer, installing executable scripts in said client computer, saving a file in said client computer, reading a file in said client computer, transmitting from said client computer, a file, security-related information, and personal settings from said client computer.
  - 5. The method of claim 1, said set of rules and patterns detecting and inspecting different types of operations, system calls, registry alterations, and browser settings alterations on said client computer.
  - 6. The method of claim 5, said set of rules and patterns being learned from a set of samples using machine learning techniques comprising classifier training.
  - 7. The method of claim 5, said information comprising any of:
    - decisions of said user about controlled links in said electronic document, and a history of previous access to said electronic document and to a similar document.
  - 8. The method of claim 1, said producing being performed on any of said client computer, a server storing said electronic document, a proxy server attached to said client computer, and an intermediary computer operable for providing a security service to buffer said electronic document.
  - 9. The method of claim 1, said original source code and said alternate source code disabling linked items in said electronic document.
  - 10. The method of claim 1, said original source code and said alternate source code controlling access to linked items in said electronic document.
  - 11. The method of claim 1, said sender comprising any of a host computer, a server, and a program storage device.
  - 12. The method of claim 1, said description comprising an identification of hidden, non-displayed commands and hidden, non-displayed links in said original source code.
  - 13. The method of claim 1, said description comprising instructions relating to scripts that run when said electronic document is retrieved by said client computer.
  - 14. The method of claim 1, said producing of said alternate source code of said electronic document, further comprising:
    - neutralizing an “
      
      on mouse over”
      
      area of said electronic document in said original source code;
      
      displaying a message on said client computer that explains an effect of said “
      
      on mouse over”
      
      area; and
      
      adding code to said alternate source code to display, “
      
      Don'"'"'t place your mouse here”
      
      , on text of said safe electronic document that is proximate to said “
      
      on mouse over”
      
      area of said safe electronic document.
  - 15. The method of claim 1, said producing of said alternate source code of said electronic document, further comprising:
    - comparing said originals source code for a URL displayed by said electronic document to an actual URL link in said original source code.

16. A computer-implemented method of filtering an electronic document containing a plurality of unsafe features received from a sender, said method comprising:
- establishing, by a client computer, a set of rules and patterns to detect said plurality of unsafe features in coding instructions;
  
  receiving, by a client computer, first coding instructions of said electronic document including said plurality of unsafe features including undesired executable coding and hidden commands that cause changes in a configuration of said client computer which are undesired by said client computer;
  
  caching, by said client computer, said electronic document in a buffer of said client computer;
  
  determining, by said client computer, said electronic document contains said plurality of unsafe features by applying said set of rules and patterns to said electronic document to identify said undesired executable coding;
  
  producing, by said client computer, second coding instructions for said electronic document, which eliminates said undesired executable coding of said plurality of unsafe features from said first coding instructions by replacing said undesired executable coding with said second coding instructions which do not cause said client computer to change said configuration and display a message indicating said plurality of unsafe features have been removed;
  
  presenting, by said computer, a description of said undesired executable coding of said plurality of unsafe features from said first coding instructions, said description identifying said hidden commands and explaining an effect on said unsafe features in a window display on said client computer;
  
  presenting, to a user of said client computer, a choice of whether to replace said undesired executable coding from said first coding instructions with said second coding instructions to produce a safe electronic document, and caching said safe electronic document in said buffer; and
  
  executing, by said client computer, said safe electronic document that is cached, so as to display said safe electronic document corresponding to said electronic document and said message indicating said plurality of unsafe features contained in said electronic document have been removed, said safe electronic document avoiding said changes of said configuration of said client computer which are undesired.

17. A computer system comprising a non-transitory program storage device for storing instructions executable by a client computer to perform a method for filtering an electronic document containing a plurality of unsafe features received from a sender, said system comprising:
- a memory that caches source codes; and
  
  a processor processing operations of;
  
  establishing a set of rules and patterns to detect said plurality of unsafe features in said source codes;
  
  receiving an original source code of said electronic document containing said plurality of unsafe features, said plurality of unsafe features including undesired executable coding including hidden commands which, when executed, perform undesired operations;
  
  caching said electronic document in a buffer of said client computer;
  
  determining said electronic document contains said plurality of unsafe features by applying said set of rules and patterns to said electronic document to identify said undesired executable coding;
  
  producing an alternate source code of said electronic document, which eliminates said undesired executable coding of said plurality of unsafe features from said original source code by replacing said undesired executable coding with said alternate source code which does not perform said undesired operations and displays a message indicating said plurality of unsafe features have been removed;
  
  presenting a description of said undesired executable coding of said plurality of unsafe features from said original source code, said description identifying said hidden commands and explaining an effect of said undesired executable coding in a window display;
  
  presenting to a user, a choice of whether to replace said undesired executable coding from said original source code with said alternate source code to produce a safe electronic document, and caching said safe electronic document in said buffer;
  
  gathering information about said choice of said user, and using said information to adjust said set of rules and patterns; and
  
  executing said safe electronic document that is cached so as to display said safe electronic document corresponding to said electronic document and said message indicating said plurality of unsafe features contained in said electronic document have been removed, said safe electronic document avoiding performance of said undesired operations.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 18. The system of claim 17, said electronic document comprising any of a web page, electronic mail, an electronic mail attachment, a note in a hypertext format, a text document, a text file, and an application-specific electronic document.
  - 19. The system of claim 17, said original source code and said alternate source code comprising a hypertext markup language (HTML) source code.
  - 20. The system of claim 17, said original source code and said alternate source code disabling linked items in said electronic document.
  - 21. The system of claim 17, said original source code and said alternate source code controlling access to linked items in said electronic document.
  - 22. The system of claim 17, said original source code and said alternate source code disabling clickable items in said electronic document.
  - 23. The system of claim 17, further comprising a user interface connected to said buffer, wherein said user interface presents said description of said undesired executable coding.
  - 24. The system of claim 23, said description comprising an identification of hidden, non-displayed commands and hidden, non-displayed links in said original source code.
  - 25. The system of claim 23, said description comprising instructions relating to scripts that run when said electronic document is retrieved.
  - 26. The system of claim 23, said user interface being embedded into said original source code and said alternate source code by adding a hypertext markup language (HTML) code and scripts to produce new mouse over information and controlled clickable items.

27. A tangible program storage device readable by computer, tangibly embodying a program of instructions executable by said computer to perform a computer-implemented method of buffering an electronic document containing a plurality of unsafe features received from a sender, said method comprising:
- establishing a set of rules and patterns to detect said plurality of unsafe features in said source codes;
  
  receiving an original source code of said electronic document containing said plurality of unsafe features, said plurality of unsafe features including undesired executable coding including hidden commands which, when executed, perform undesired operations;
  
  caching said electronic document in a buffer of said client computer;
  
  determining said electronic document contains said plurality of unsafe features by applying said set of rules and patterns to said electronic document to identify said undesired executable coding;
  
  producing an alternate source code of said electronic document, which eliminates said undesired executable coding of said plurality of unsafe features from said original source code by replacing said undesired executable coding with said alternate source code which does not perform said undesired operations and displays a message indicating said plurality of unsafe features have been removed;
  
  presenting a description of said undesired executable coding of said plurality of unsafe features from said original source code, said description identifying said hidden commands and explaining an effect of said undesired executable coding in a window display;
  
  presenting to a user, a choice of whether to replace said undesired executable coding from said original source code with said alternate source code to produce a safe electronic document in said buffer;
  
  gathering information about said choice of said user, and using said information to adjust said set of rules and patterns; and
  
  executing said safe electronic document that is cached so as to display said safe electronic document corresponding to said electronic document and said message indicating said plurality of unsafe features contained in said electronic document have been removed, said safe electronic document avoiding performance of said undesired operations.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 28. The tangible program storage device of claim 27, said electronic document comprising any of a web page, electronic mail message, an electronic mail attachment, a note in a hypertext format, a text document, a text file, and an application-specific electronic document.
  - 29. The tangible program storage device of claim 27, said original source code and said alternate source code comprising a hypertext markup language (HTML) source code.
  - 30. The tangible program storage device of claim 27, said undesired operations comprising any of altering a configuration of said client computer, installing a code in said client computer, installing a plug-in command in said client computer, installing a program in said client computer, installing an application in said client computer, installing executable scripts in said client computer, saving a file in said client computer, reading a file in said client computer, transmitting from said client computer, a file, security-related information, and personal settings from said client computer.
  - 31. The tangible program storage device of claim 27, said set of rules and patterns detecting and inspecting different types of operations, system calls, registry alterations, and browser settings alterations on said client computer.
  - 32. The tangible program storage device of claim 31, said rules and patterns being learned from a set of samples using machine learning techniques comprising classifier training.
  - 33. The tangible program storage device of claim 31, said gathering information including user decisions about controlled links in said electronic document, and a history of previous access to said electronic document and to a similar document.
  - 34. The tangible program storage device of claim 27, said producing being performed on any of said client computer, a server storing said electronic document, a proxy server attached to said client computer, and an intermediary computer operable for providing a security service to buffer said electronic document.
  - 35. The tangible program storage device of claim 27, said original source code and said alternate source code disabling linked items in said electronic document.
  - 36. The tangible program storage device of claim 27, said original source code and said alternate source code controlling access to linked items in said electronic document.
  - 37. The tangible program storage device of claim 27, said original source code and said alternate source code disabling clickable items in said electronic document.
  - 38. The tangible program storage device of claim 27, said description comprising an identification of hidden, non-displayed commands and hidden, non-displayed links in said original source code.
  - 39. The tangible program storage device of claim 27, said description comprising instructions relating to scripts that run when said electronic document is retrieved by said client computer.
  - 40. The tangible program storage device of claim 27, said producing of said alternate source code of said electronic document, further comprising:
    - neutralizing an “
      
      on mouse over”
      
      area of said electronic document in said original source code;
      
      displaying a message on said client computer that explains an effect of said “
      
      on mouse over”
      
      area; and
      
      adding code to said alternate source code to display, “
      
      Don'"'"'t place your mouse here”
      
      , on text of said safe electronic that is proximate to said “
      
      on mouse over”
      
      area of said safe electronic document.
  - 41. The tangible program storage device of claim 27, said producing of said alternate source code of said electronic document, further comprising:
    - comparing said originals source code for a URL displayed by said electronic document to an actual URL link in said original source code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Amir, Arnon, Megiddo, Nimrod
Primary Examiner(s)
MITCHELL, JASON D

Application Number

US10/862,227
Publication Number

US 20060041837A1
Time in Patent Office

3,606 Days
Field of Search

707/2, 717106-107, 717126-127, 717168-178, 726 22- 24
US Class Current

717/106
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/57   Certifying or maintaining t...

H04L 63/145   the attack involving the pr...

Buffered viewing of electronic documents

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

41 Claims

Specification

Use Cases

Quick Links

Others

Buffered viewing of electronic documents

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

41 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others