Policy enforcing browser

US 9,043,863 B1
Filed: 01/21/2012
Issued: 05/26/2015
Est. Priority Date: 09/07/2010
Status: Active Grant

First Claim

Patent Images

1. A system of a policy enforcing browser comprising:

a processor;

memory in electronic communication with the processor;

instructions stored in the memory, the instructions being executable by the processor to;

interpret at least a document markup language contained in a web application, the web application including web application logic that uses a data communication facility to communicate over a network and a persistent storage facility to save or retrieve web-application data;

acquire a network enforcement policy for constraining use by the web application logic of the data communication facility according to said network enforcement policy;

acquire a storage enforcement policy for constraining use by the web application logic of the persistent storage facility according to said storage enforcement policy;

control access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); and

acquire an ancillary enforcement policy for constraining the web application logic according to said ancillary enforcement policy, and constraining operation of at least one browser plug-in program according to said ancillary enforcement policy, including permitting a first plug-in program to access the persistent storage facility and preventing a second plug-in program from accessing the persistent storage facility.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A web browser that includes a network policy enforcement unit, a storage policy enforcement unit, and an ancillary policy enforcement unit is disclosed. The network policy enforcement unit controls communications between application logic of a web application and data communication APIs. The storage policy enforcement unit controls access between the web application logic and persistent storage APIs. The ancillary policy enforcement unit controls user authentication of the web application logic.

Citations

32 Claims

1. A system of a policy enforcing browser comprising:
- a processor;
  
  memory in electronic communication with the processor;
  
  instructions stored in the memory, the instructions being executable by the processor to;
  
  interpret at least a document markup language contained in a web application, the web application including web application logic that uses a data communication facility to communicate over a network and a persistent storage facility to save or retrieve web-application data;
  
  acquire a network enforcement policy for constraining use by the web application logic of the data communication facility according to said network enforcement policy;
  
  acquire a storage enforcement policy for constraining use by the web application logic of the persistent storage facility according to said storage enforcement policy;
  
  control access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs); and
  
  acquire an ancillary enforcement policy for constraining the web application logic according to said ancillary enforcement policy, and constraining operation of at least one browser plug-in program according to said ancillary enforcement policy, including permitting a first plug-in program to access the persistent storage facility and preventing a second plug-in program from accessing the persistent storage facility.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 2. The system of claim 1,wherein the data communication facility is available via one or more data communication application program interfaces (APIs);
    - andwherein the web application logic uses the data communication facility by means of the data communication APIs.
  - 3. The system of claim 1,wherein the persistent storage facility is available via the one or more persistent storage APIs;
    - andwherein the web application logic uses the persistent storage facility by means of the one or more persistent storage APIs.
  - 4. The system of claim 1, wherein network enforcement policy includes blocking use, allowing use, or logging use of the data communication facility.
  - 5. The system of claim 1, wherein storage enforcement policy includes blocking use, allowing use, or logging use of persistent storage facility.
  - 6. The system of claim 1, wherein the document markup language is hypertext markup language (HTML).
  - 7. The system of claim 1, wherein the document markup language is hypertext markup language 5 (HTML5).
  - 8. The system of claim 1, wherein said instructions being executable by the processor to interpret JavaScript.
  - 9. The system of claim 1, wherein said ancillary enforcement policy includes authentication of a device on which the web application logic is permitted to run.
  - 12. The system of claim 1, wherein said instructions being executable by the processor to acquire the network enforcement policy from a policy storage area into which said network enforcement policy was loaded.
  - 13. The system of claim 1, wherein said instructions being executable by the processor to acquire the storage enforcement policy from a policy storage area into which said storage enforcement policy was loaded.
  - 14. The system of claim 1,wherein at least one browser plug-in program is available to the browser.
  - 15. The system of claim 14, wherein constraining operation includes permitting or preventing use of the plug-in program.
  - 16. The system of claim 14, wherein constraining operation includes permitting or preventing access to a network by the plug-in program.
  - 17. The system of claim 14, wherein constraining operation includes permitting or preventing access to persistent storage by the plug-in program.
  - 18. The system of claim 14, wherein constraining operation includes permitting or preventing access to the operating system by the plug-in program.
  - 19. The system of claim 1, wherein said ancillary policy includes controlling access to browser-specific stored data.
  - 20. The system of claim 19, wherein stored data specific to the browser includes cookies.
  - 21. The system of claim 1,wherein communication between at least two processes is available;
    - andwherein said instructions being executable by the processor to control the communication between the processes.
  - 22. The system of claim 1,wherein communication between at least two threads is available;
    - andwherein said instructions being executable by the processor to control communication between the threads.
  - 23. The system of claim 1,wherein a web browser supports at least two web applications;
    - andwherein said instructions being executable by the processor to control interactions between the at least two web applications.
  - 24. The system of claim 1, wherein a web browser core of the policy enforcing browser is subject to the storage enforcement policy, the network enforcement policy and the ancillary enforcement policy.
  - 25. The system of claim 1,wherein constraining the web application logic includes at least authenticating a user prior to use of the web application logic.

10. The system 9, wherein authentication includes responding to challenges related to device authentication.

11. The system 9, wherein authentication includes collecting device credentials.

26. A method of enforcing a data communication policy in a computer system, the method comprising:
- obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility and a data communication facility of the computer system;
  
  controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs);
  
  acquiring an ancillary enforcement policy relating to plug-in programs;
  
  preventing installation of a plug-in program according to the ancillary enforcement policy;
  
  acquiring a network enforcement policy; and
  
  constraining use by the web application logic of the data communication facility according to the network enforcement policy.
- View Dependent Claims (27, 28, 29)
- - 27. The method of claim 26, wherein the web application is run by browser software running on the computer system.
  - 28. The method of claim 26, wherein the web application is run by an operating system running on the computer system.
  - 29. The method of claim 26, wherein network enforcement policy includes blocking use, allowing use, or logging use of the data communication facility.

30. A method of enforcing a persistent storage policy in a computer system, the method comprising:
- obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility of the computer system;
  
  controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs);
  
  acquiring an ancillary enforcement policy relating to plug-in programs;
  
  permitting a first plug-in program to access the persistent storage facility according to the ancillary enforcement policy;
  
  preventing a second plug-in program from accessing the persistent storage facility according to the ancillary enforcement policy;
  
  acquiring a persistent storage enforcement policy; and
  
  constraining use, by the web application logic, of the persistent storage facility according to the persistent storage enforcement policy.
- View Dependent Claims (31)
- - 31. The method of claim 30, wherein the persistent storage enforcement policy includes blocking use, allowing use, or logging use of persistent storage facility.

32. A method of enforcing an ancillary policy in a computer system, the method comprising:
- obtaining a web application, said web application operable on the computer system and including web application logic that uses a persistent storage facility and one or more installed browser plug-in programs,controlling access to the persistent storage facility by limiting access of said web application logic to one or more persistent storage application program interfaces (APIs);
  
  acquiring an ancillary enforcement policy relating to the plug-in programs;
  
  preventing installation of a plug-in program according to the ancillary enforcement policy; and
  
  constraining use by the web application logic of the one or more installed browser plug-in programs according to the ancillary enforcement policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Enderwick, Thomas Jeffrey, Perret, Christopher Edward, Ozakil, Azim, Scalpone, Stephen James
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
NGUYEN, TRONG H

Application Number

US13/355,529
Time in Patent Office

1,221 Days
Field of Search

726 1- 4, 726 22- 30, 713165-167, 713193-194
US Class Current

726/1
CPC Class Codes

G06F 16/00   Information retrieval; Data...

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 2221/2119   Authenticating web pages, e...

G06F 9/44526   Plug-ins; Add-ons

H04L 63/145   the attack involving the pr...

H04L 67/02   based on web technology, e....

Policy enforcing browser

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Policy enforcing browser

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links