Securing locally stored web-based database data

US 8,959,336 B1
Filed: 07/06/2014
Issued: 02/17/2015
Est. Priority Date: 09/24/2010
Status: Active Grant

First Claim

Patent Images

1. At a computer system including a Web browser, a browser cache, a local store access module, and a controlled access local store, the Web browser for browsing Web-based content, the local store access module controlling access to contents of the controlled access local store based on domains associated with Web server requests to access the contents of the controlled access local store, a method for caching database data at the computer system for subsequent Web browser access in a secure manner, the method comprising:

verifying the identity of a first Web server in a specified domain that is seeking to store a database portion in the controlled access local store at the computer system, by a method of digital certification comprising;

receiving a digital certificate from the first Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;

verifying the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;

receiving a digital signature of the specified domain from the first Web server;

verifying the authenticity of the digital signature of the specified domain by using the public key for the specified domain;

sending a Web based request from the computer system to the first Web server in the specified domain, the Web based request requesting access to a Web page that includes the database portion and other content;

receiving the requested Web page from the first Web server, the Web page including the database portion and the other content;

the Web browser in the computer system caching the other content in the browser cache;

storing the database portion in the controlled access local store such that data contained in the stored database portion can be locally provided to the Web browser without the data being included in network based communication;

retaining an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including;

permitting requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system authenticates that the Web servers are in the specified domain by a method of digital certification comprising;

receiving a digital certificate from a second Web server in the specified domain, where the second Web server is the first Web server or is a different server than the first Web server, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;

verifying the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;

receiving a digital signature of the specified domain from the second Web server;

verifying the authenticity of the digital signature of the specified domain by using the public key for the specified domain;

and preventing requests from Web servers in other domains from accessing the database portion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention extends to methods, systems, and computer program products for locally storing Web-based database data in a secure manner. Embodiments of the present invention permit Web-based database data to be locally stored at a computer system to increase the efficiency of rendering the Web-based database data within a Web browser at the computer system. Web-based database data can be sandboxed per domain to mitigate (and possibly eliminate) the exposure of the Web-based database data to malicious computer systems. A web server may be required to authenticate itself before it may present database data to be locally stored at a computer system. A web server may be required to authenticate itself before being allowed to access database data stored locally at a computer system.

79 Citations

View as Search Results

18 Claims

1. At a computer system including a Web browser, a browser cache, a local store access module, and a controlled access local store, the Web browser for browsing Web-based content, the local store access module controlling access to contents of the controlled access local store based on domains associated with Web server requests to access the contents of the controlled access local store, a method for caching database data at the computer system for subsequent Web browser access in a secure manner, the method comprising:
- verifying the identity of a first Web server in a specified domain that is seeking to store a database portion in the controlled access local store at the computer system, by a method of digital certification comprising;
  
  receiving a digital certificate from the first Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verifying the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  receiving a digital signature of the specified domain from the first Web server;
  
  verifying the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  sending a Web based request from the computer system to the first Web server in the specified domain, the Web based request requesting access to a Web page that includes the database portion and other content;
  
  receiving the requested Web page from the first Web server, the Web page including the database portion and the other content;
  
  the Web browser in the computer system caching the other content in the browser cache;
  
  storing the database portion in the controlled access local store such that data contained in the stored database portion can be locally provided to the Web browser without the data being included in network based communication;
  
  retaining an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including;
  
  permitting requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system authenticates that the Web servers are in the specified domain by a method of digital certification comprising;
  
  receiving a digital certificate from a second Web server in the specified domain, where the second Web server is the first Web server or is a different server than the first Web server, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verifying the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  receiving a digital signature of the specified domain from the second Web server;
  
  verifying the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  and preventing requests from Web servers in other domains from accessing the database portion.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the database portion from the first Web server stored in the controlled access local store comprises tabular data.
  - 3. The method of claim 1, wherein the Web page includes script code.
  - 4. The method of claim 1, further comprising storing an indication that the first Web server has access rights to store the database portion in the controlled access local store.
  - 5. The method of claim 1, wherein the step of verifying the identity of the first Web server is performed after the step of sending the Web based request from the computer system to the first Web server to request access to the Web page.
  - 6. The method of claim 1, further comprising:
    - receiving a request from the first Web server indicating that the database portion either be stored in a secure or non-secure manner;
      
      wherein if the request indicates the database portion be stored in a secure manner, then the computer system retains an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including;
      
      permitting requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system authenticates that the Web servers are in the specified domain by a method of digital certification comprising;
      
      receiving a digital certificate from the second Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
      
      verifying the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
      
      receiving a digital signature of the specified domain from the second Web server;
      
      verifying the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
      
      and preventing requests from Web servers in other domains from accessing the database portion;
      
      wherein otherwise, then the computer system retains an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including;
      
      permitting requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser;
      
      and preventing requests from Web servers in other domains from accessing the database portion.

7. A computer system including a Web browser, a browser cache, a local store access module, and a controlled access local store, the Web browser for browsing Web-based content, the local store access module for controlling access to contents of the controlled access local store based on domains associated with Web server requests to access the contents of the controlled access local store, the computer system configured to:
- verify the identity of a first Web server in a specified domain that seeks to store a database portion in the controlled access local store at the computer system, the verification using digital certification, including configuration of the computer system to;
  
  receive a digital certificate from the first Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  receive a digital signature of the specified domain from the first Web server;
  
  verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  send a Web based request from the computer system to the first Web server in the specified domain, the Web based request requesting access to a Web page that includes the database portion and other content;
  
  receive the requested Web page from the first Web server, the Web page including the database portion and the other content;
  
  cache the other content in the browser cache;
  
  store the database portion in the controlled access local store such that data contained in the stored database portion can be locally provided to the Web browser without the data being included in network based communication;
  
  retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
  
  permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system is configured to authenticate that the Web servers are in the specified domain by using digital certification, including configuration of the computer system to;
  
  receive a digital certificate from a second Web server in the specified domain, where the second Web server is the first Web server or is a different server than the first Web server, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  receive a digital signature of the specified domain from the second Web server;
  
  verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  and prevent requests from Web servers in other domains from accessing the database portion.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system of claim 7, wherein the database portion from the first Web server stored in the controlled access local store comprises tabular data.
  - 9. The computer system of claim 7, wherein the Web page includes script code.
  - 10. The computer system of claim 7, further configured to store an indication that the first Web server has access rights to store the database portion in the controlled access local store.
  - 11. The computer system of claim 7, further configured to verify the identity of the first Web server at a time after the computer system sends the Web based request to the first Web server to request access to the Web page.
  - 12. The computer system of claim 7, further configured to:
    - receive a request from the first Web server indicating that the database portion either be stored in a secure or non-secure manner;
      
      wherein if the request indicates the database portion be stored in a secure manner, then the computer system is configured to retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
      
      permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system is configured to authenticate that the Web servers are in the specified domain by using digital certification, including configuration of the computer system to;
      
      receive a digital certificate from the second Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
      
      verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
      
      receive a digital signature of the specified domain from the second Web server;
      
      verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
      
      and prevent requests from Web servers in other domains from accessing the database portion;
      
      wherein otherwise, then the computer system is configured to retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
      
      permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser;
      
      and prevent requests from Web servers in other domains from accessing the database portion.

13. A computer system including a Web browser, a browser cache, a local store access module, and a controlled access local store, the Web browser for browsing Web-based content, the local store access module for controlling access to contents of the controlled access local store based on domains associated with Web server requests to access the contents of the controlled access local store, the computer system configured to:
- verify the identity of a first Web server in a specified domain that seeks to store a database portion in the controlled access local store at the computer system, the verification using digital certification, including configuration of the computer system to;
  
  receive a digital certificate from the first Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  send a request from the computer system to the first Web server, the request requesting that the first Web server send an acknowledgement with a digital signature of the specified domain;
  
  receive an acknowledgement from the first Web server, the acknowledgement containing the digital signature of the specified domain;
  
  verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  send a Web based request from the computer system to the first Web server in the specified domain, the Web based request requesting access to a Web page that includes the database portion and other content;
  
  receive the requested Web page from the first Web server, the Web page including the database portion and the other content;
  
  cache the other content in the browser cache;
  
  store the database portion in the controlled access local store such that data contained in the stored database portion can be locally provided to the Web browser without the data being included in network based communication;
  
  retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
  
  permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system is configured to authenticate that the Web servers are in the specified domain by using digital certification, including configuration of the computer system to;
  
  receive a digital certificate from a second Web server in the specified domain, where the second Web server is the first Web server or is a different server than the first Web server, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
  
  verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
  
  send a request from the computer system to the second Web server, the request requesting that the second Web server send an acknowledgement with a digital signature of the specified domain;
  
  receive an acknowledgement from the second Web server, the acknowledgement containing the digital signature of the specified domain;
  
  verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
  
  and prevent requests from Web servers in other domains from accessing the database portion.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer system of claim 13, wherein the database portion from the first Web server stored in the controlled access local store comprises tabular data.
  - 15. The computer system of claim 13, wherein the Web page includes script code.
  - 16. The computer system of claim 13, further configured to store an indication that the first Web server has access rights to store the database portion in the controlled access local store.
  - 17. The computer system of claim 13, further configured to verify the identity of the first Web server at a time after the computer system sends the Web based request to the first Web server to request access to the Web page.
  - 18. The computer system of claim 13, further configured to:
    - receive a request from the first Web server indicating that the database portion either be stored in a secure or non-secure manner;
      
      wherein if the request indicates the database portion be stored in a secure manner, then the computer system is configured to retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
      
      permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser, wherein the computer system is configured to authenticate that the Web servers are in the specified domain by using digital certification, including configuration of the computer system to;
      
      receive a digital certificate from the second Web server in the specified domain, the digital certificate containing a digital signature of a certificate authority, the digital certificate containing a public key for the specified domain;
      
      verify the authenticity of the digital certificate by verifying the authenticity of the digital signature of the certificate authority;
      
      send a request from the computer system to the second Web server, the request requesting that the second Web server send an acknowledgement with a digital signature of the specified domain;
      
      receive an acknowledgement from the second Web server, the acknowledgement containing the digital signature of the specified domain;
      
      verify the authenticity of the digital signature of the specified domain by using the public key for the specified domain;
      
      and prevent requests from Web servers in other domains from accessing the database portion;
      
      wherein otherwise, then the computer system is configured to retain an indication that the database portion was received from the specified domain so that the local store access module can limit access to the database portion stored in the controlled access local store, the limited access including configuration of the computer system to;
      
      permit requests from Web servers in the specified domain to access the database portion for use in Web pages presented at the Web browser;
      
      and prevent requests from Web servers in other domains from accessing the database portion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Advanced Research LLC
Original Assignee
Advanced Research LLC
Inventors
Lee, Bryant
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US14/324,215
Time in Patent Office

226 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/0823   using certificates cryptogr...

H04L 63/10   for controlling access to d...

H04L 63/126   the source of the received ...

H04L 67/02   based on web technology, e....

Securing locally stored web-based database data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

79 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Securing locally stored web-based database data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

79 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links