Policy enforcing browser
First Claim
Patent Images
1. A system of a policy enforcing browser comprising:
- a processor;
memory in electronic communication with the processor;
instructions stored in the memory, the instructions being executable by the processor to;
interpret at least a document markup language contained in a web application, the web application including web application logic that uses a data communication facility to communicate over a network and a persistent storage facility to save or retrieve web-application data;
acquire a network enforcement policy for constraining use by the web application logic of the data communication facility according to said network enforcement policy;
acquire a storage enforcement policy for constraining use by the web application logic of the persistent storage facility according to said storage enforcement policy;
control access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); and
acquire an ancillary enforcement policy for constraining the web application logic according to said ancillary enforcement policy, and constraining operation of at least one browser plug-in program according to said ancillary enforcement policy, including permitting a first plug-in program to access the persistent storage facility and preventing a second plug-in program from accessing the persistent storage facility.
2 Assignments
0 Petitions
Accused Products
Abstract
A web browser that includes a network policy enforcement unit, a storage policy enforcement unit, and an ancillary policy enforcement unit is disclosed. The network policy enforcement unit controls communications between application logic of a web application and data communication APIs. The storage policy enforcement unit controls access between the web application logic and persistent storage APIs. The ancillary policy enforcement unit controls user authentication of the web application logic.
-
Citations
32 Claims
-
1. A system of a policy enforcing browser comprising:
-
a processor; memory in electronic communication with the processor; instructions stored in the memory, the instructions being executable by the processor to; interpret at least a document markup language contained in a web application, the web application including web application logic that uses a data communication facility to communicate over a network and a persistent storage facility to save or retrieve web-application data; acquire a network enforcement policy for constraining use by the web application logic of the data communication facility according to said network enforcement policy; acquire a storage enforcement policy for constraining use by the web application logic of the persistent storage facility according to said storage enforcement policy; control access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); and acquire an ancillary enforcement policy for constraining the web application logic according to said ancillary enforcement policy, and constraining operation of at least one browser plug-in program according to said ancillary enforcement policy, including permitting a first plug-in program to access the persistent storage facility and preventing a second plug-in program from accessing the persistent storage facility. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
10. The system 9, wherein authentication includes responding to challenges related to device authentication.
-
11. The system 9, wherein authentication includes collecting device credentials.
-
26. A method of enforcing a data communication policy in a computer system, the method comprising:
-
obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility and a data communication facility of the computer system; controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); acquiring an ancillary enforcement policy relating to plug-in programs; preventing installation of a plug-in program according to the ancillary enforcement policy; acquiring a network enforcement policy; and constraining use by the web application logic of the data communication facility according to the network enforcement policy. - View Dependent Claims (27, 28, 29)
-
-
30. A method of enforcing a persistent storage policy in a computer system, the method comprising:
-
obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility of the computer system; controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); acquiring an ancillary enforcement policy relating to plug-in programs; permitting a first plug-in program to access the persistent storage facility according to the ancillary enforcement policy; preventing a second plug-in program from accessing the persistent storage facility according to the ancillary enforcement policy; acquiring a persistent storage enforcement policy; and constraining use, by the web application logic, of the persistent storage facility according to the persistent storage enforcement policy. - View Dependent Claims (31)
-
-
32. A method of enforcing an ancillary policy in a computer system, the method comprising:
-
obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility and one or more installed browser plug-in programs, controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); acquiring an ancillary enforcement policy relating to the plug-in programs; preventing installation of a plug-in program according to the ancillary enforcement policy; and constraining use by the web application logic of the one or more installed browser plug-in programs according to the ancillary enforcement policy.
-
Specification