Method and service for user transparent certificate verifications for web mashups and other composite applications

US 9,081,940 B2
Filed: 03/13/2013
Issued: 07/14/2015
Est. Priority Date: 03/13/2013
Status: Active Grant

First Claim

Patent Images

1. A client for providing transparent certificate verifications for composite applications, comprising:

a content buffer arranged to hold content from a plurality of content sources arranged to provide content of a plurality of content types;

a browser core arranged to;

receive an aggregation of content from a plurality of sources; and

perform local verification of digital certificates associated with the content received from the plurality of sources;

a browser content interface coupled to the browser core and arranged to intercept the aggregation of content, the aggregation of content associated with verified digital certificates and untrusted certificates, to provide content associated with verified digital certificates to the content buffer for holding; and

an online certification circuit, coupled to the browser content interface, the online certification circuit arranged to receive, from the browser content interface, the untrusted certificates associated with the aggregation of content and to perform verification of the received untrusted certificates using an online certification service and a local certificate store and to provide verification results to the content buffer to allow the aggregation of content verified by the online certificate circuit to be presented in a browser user interface,wherein the online certification service includes a cloud security certificate verification service and an enterprise security certificate verification and policy service, wherein the cloud security certificate verification service and the enterprise security certificate verification and policy service are arranged to provide policy provisioning and verification services, andwherein the online certification circuit provides, to the content buffer, the verification results obtained from the verification of the received untrusted certificates using the online certification service, and wherein the content buffer determines whether to release or to block content being held to the browser user interface based on the verification results provided by the online certification circuit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments for providing user transparent certificate verifications for web mashups and other composite applications are generally described herein. In some embodiments, a content buffer is provided for holding content until receiving verification results that allow the content to be presented in a browser user interface. A browser core receives an aggregation of content from a plurality of sources and performing local verification of digital certificates associated with the content received from the plurality of sources. A browser content interface intercepts content associated with verified digital certificates from the browser core to provide content associated with verified digital certificates to the content buffer for holding. An online certification module is arranged to receive untrusted certificates from the browser content interface and to perform verification of the received untrusted certificates using online certification services and/or local certificate store on the client device.

Citations

17 Claims

1. A client for providing transparent certificate verifications for composite applications, comprising:
- a content buffer arranged to hold content from a plurality of content sources arranged to provide content of a plurality of content types;
  
  a browser core arranged to;
  
  receive an aggregation of content from a plurality of sources; and
  
  perform local verification of digital certificates associated with the content received from the plurality of sources;
  
  a browser content interface coupled to the browser core and arranged to intercept the aggregation of content, the aggregation of content associated with verified digital certificates and untrusted certificates, to provide content associated with verified digital certificates to the content buffer for holding; and
  
  an online certification circuit, coupled to the browser content interface, the online certification circuit arranged to receive, from the browser content interface, the untrusted certificates associated with the aggregation of content and to perform verification of the received untrusted certificates using an online certification service and a local certificate store and to provide verification results to the content buffer to allow the aggregation of content verified by the online certificate circuit to be presented in a browser user interface,wherein the online certification service includes a cloud security certificate verification service and an enterprise security certificate verification and policy service, wherein the cloud security certificate verification service and the enterprise security certificate verification and policy service are arranged to provide policy provisioning and verification services, andwherein the online certification circuit provides, to the content buffer, the verification results obtained from the verification of the received untrusted certificates using the online certification service, and wherein the content buffer determines whether to release or to block content being held to the browser user interface based on the verification results provided by the online certification circuit.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The client of claim 1, further comprising a composite application for receiving the content from the plurality of sources and aggregating the content to produce the aggregation of content.
  - 3. The client of claim 1, wherein the online certification circuit comprises a certificate verification application coupled to the browser content interface to receive the untrusted certificates and a verification aggregation engine arranged to aggregate verification results produced by the certificate verification application.
  - 4. The client of claim 3, wherein the verification aggregation engine is arranged to send the aggregated verification results to the content buffer, to provide feedback to online verification services based on the verification results produced by analysis of the untrusted certificates by the certificate verification application, and to send updates to the local certificate store based on the verification results.
  - 5. The client of claim 1, wherein the local certificate store comprises a local database with historical information with different websites and associated certificate data, along with user policies based on certificate status.

6. A system for providing transparent certificate verifications for composite applications, comprises:
- a plurality of content sources arranged to provide content of a plurality of content types;
  
  an online certification service, the online certification service including a cloud security certificate verification service and an enterprise security certificate verification and policy service, the cloud security certificate verification service and the enterprise security certificate verification and policy service arranged to provide policy provisioning and verification services; and
  
  a client, coupled to the plurality of content sources and the online certification service, the client further comprising;
  
  a content buffer for holding content until receiving verification results allowing the content to be presented in a browser user interface;
  
  a browser core for receiving an aggregation of content from a plurality of sources and performing local verification of digital certificates associated with the content received from the plurality of sources;
  
  a browser content interface, coupled to the browser core, arranged to intercept content associated with verified digital certificates and untrusted certificates from the browser core, to provide content associated with verified digital certificates to the content buffer for holding; and
  
  an online certification circuit, coupled to the browser content interface, the online certification circuit arranged to receive the untrusted certificates from the browser content interface and to perform verification of the received untrusted certificates using online certification services and a local certificate store,wherein the online certification circuit provides, to the content buffer, verification results obtained from the verification of the received untrusted certificates using online certification services, andwherein the client further comprises a browser user interface, the content buffer determining whether to release or to block content being held to the browser user interface based on the verification results provided by the online certification circuit.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system of claim 6 further comprising a composite application for receiving the content from the plurality of sources and aggregating the content to produce the aggregation of content provided to the browser core.
  - 8. The system of claim 6, wherein the online certification circuit comprises a certificate verification application coupled to the browser content interface to receive the untrusted certificates and a verification aggregation engine arranged to aggregate verification results produced by the certificate verification application.
  - 9. The system of claim 8, wherein the verification aggregation engine is arranged to send the aggregated verification results to the content buffer, to provide feedback to online verification services based on the verification results produced by analysis of the untrusted certificates by the certificate verification application, and to send updates to a local certificate store based on the verification results.
  - 10. The system of claim 6, wherein the local certificate store comprises a local database with historical information with different websites and associated certificate data, along with user policies based on certificate status.

11. A method for providing transparent certificate verifications for composite applications, comprising:
- performing, at a browser core, local verification of digital certificates associated with an aggregation of content received from a plurality of content sources arranged to provide content of a plurality of content types;
  
  intercepting, by a browser content interface, the aggregation of content associated with verified digital certificates and unverified certificates from the browser core;
  
  holding the aggregation of content, obtained from the browser content interface, in a content buffer until receiving verification results for the unverified certificates allowing the content to be presented in a browser user interface;
  
  receiving, at an online certification circuit, the untrusted certificates received from the browser content interface;
  
  performing, by the online certification circuit, verification of the received untrusted certificates using an online certification service and a local certificate store, wherein the online certification service includes a cloud security certificate verification service and an enterprise security certificate verification and policy service, wherein the cloud security certificate verification service and the enterprise security certificate verification and policy service are arranged to provide policy provisioning and verification services;
  
  providing, by the online certification circuit to the content buffer, verification results obtained from the verification of the received untrusted certificates using online certification services; and
  
  determining, by the content buffer, whether to release or to block content being held to the browser user interface based on the verification results provided by the online certification circuit.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11 further comprising receiving, at a composite application, the content from the plurality of sources and aggregating the content to produce the aggregation of content provided to the browser core.
  - 13. The method of claim 11, wherein the receiving untrusted certificates at the online certification circuit further comprises receiving the untrusted certificates at a certificate verification application coupled to the browser content interface and aggregating verification results produced by the certificate verification application at a verification aggregation engine.
  - 14. The method of claim 13 further comprising sending, by the verification aggregation engine, the aggregated verification results to the content buffer, providing feedback to online verification services based on the verification results produced by analysis of the untrusted certificates by the certificate verification application, and updating a local certificate store based on the verification results.
  - 15. The method of claim 13, wherein the performing, by the online certification circuit, verification of the received untrusted certificates using online certification services further comprises sending the untrusted certificates to a cloud security certificate verification service, to an enterprise security certificate verification and policy service, and to the local certificate store to produce the verification results, wherein the local certificate store comprises a local database with historical information with different websites and associated certificate data, along with user policies based on certificate status.

16. At least one machine readable memory comprising instructions that, when executed by the machine, cause the machine to perform operations for providing transparent certificate verifications for composite applications, the operations comprising:
- performing, at a browser core, local verification of digital certificates associated with an aggregation of content received from a plurality of content sources arranged to provide content of a plurality of content types;
  
  intercepting, by a browser content interface, the aggregation of content associated with verified digital certificates and unverified certificates from the browser core;
  
  holding the aggregation of content, obtained from the browser content interface, in a content buffer until receiving verification results for the unverified certificates allowing the content to be presented in a browser user interface;
  
  receiving, at an online certification circuit, the untrusted certificates received from the browser content interface;
  
  performing, by the online certification circuit, verification of the received untrusted certificates using an online certification service and a local certificate store, wherein the online certification service includes a cloud security certificate verification service and an enterprise security certificate verification and policy service, wherein the cloud security certificate verification service and the enterprise security certificate verification and policy service are arranged to provide policy provisioning and verification services;
  
  providing, by the online certification circuit to the content buffer, verification results obtained from the verification of the received untrusted certificates using online certification services; and
  
  determining, by the content buffer, whether to release or to block content being held to the browser user interface based on the verification results provided by the online certification circuit.
- View Dependent Claims (17)
- - 17. The at least one machine readable memory of claim 16 further comprising receiving, at a composite application, the content from the plurality of sources and aggregating the content to produce the aggregation of content provided to the browser core.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Trevor, Brian Scott, Li, Hong, Doolittle, Joseph
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
Zarrineh, Shahriar

Application Number

US13/799,360
Publication Number

US 20140283105A1
Time in Patent Office

853 Days
Field of Search

726/27
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/51   at application loading time...

G06F 21/6218   to a system of files or obj...

G06F 2221/2119   Authenticating web pages, e...

Method and service for user transparent certificate verifications for web mashups and other composite applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Method and service for user transparent certificate verifications for web mashups and other composite applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links