Selective disabling of content portions

US 9,208,316 B1
Filed: 02/27/2012
Issued: 12/08/2015
Est. Priority Date: 02/27/2012
Status: Active Grant

First Claim

Patent Images

1. A system for protecting a client computing device from harmful network resources, the system comprising:

one or more computer processors;

a computer memory accessible by at least one of the one or more computer processors; and

a network computing component comprising an executable software module in the computer memory, the executable software module executed by the one or more computer processors, wherein the network computing component is configured to perform operations comprising;

hosting an instance of a browsing application, the instance of the browsing application in communication with a browsing application of a client computing device;

obtaining a network resource from one or more content sources, the network resource comprising a plurality of portions of source code;

determining that a first portion of source code is identified as harmful;

in response to determining that the first portion of source code is identified as harmful, modifying the network resource, wherein modifying the network resource comprises;

generating a visual representation of a harmful network resource referenced in the first portion of source code,disabling, in the first portion of source code, a reference to the harmful network resource, andinserting, into the first portion of source code, a reference to the generated visual representation of the harmful network resource; and

providing, to the browsing application of the client computing device, the modified network resource.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Features are described for detecting and disabling potentially harmful items that are embedded within or referenced by network resources such as web pages. A network node, remote from a user'"'"'s computing device, can compare content portions to a repository of content portions which are known to be harmful, or to a blacklist of resources which are known to be harmful. The network node can take preventative actions based on the nature of the threat and the nature of the resource. For example, the network node can modify or remove portions of source code, replace interactive content with static images, and/or disable objects. Other features include providing users with a mechanism to override the preventative measures and receive the original unprocessed content. The network node can monitor the user overrides and fine tune its detection of harmful content.

Citations

26 Claims

1. A system for protecting a client computing device from harmful network resources, the system comprising:
- one or more computer processors;
  
  a computer memory accessible by at least one of the one or more computer processors; and
  
  a network computing component comprising an executable software module in the computer memory, the executable software module executed by the one or more computer processors, wherein the network computing component is configured to perform operations comprising;
  
  hosting an instance of a browsing application, the instance of the browsing application in communication with a browsing application of a client computing device;
  
  obtaining a network resource from one or more content sources, the network resource comprising a plurality of portions of source code;
  
  determining that a first portion of source code is identified as harmful;
  
  in response to determining that the first portion of source code is identified as harmful, modifying the network resource, wherein modifying the network resource comprises;
  
  generating a visual representation of a harmful network resource referenced in the first portion of source code,disabling, in the first portion of source code, a reference to the harmful network resource, andinserting, into the first portion of source code, a reference to the generated visual representation of the harmful network resource; and
  
  providing, to the browsing application of the client computing device, the modified network resource.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The system of claim 1, wherein the reference to the harmful network resource is a network address associated with the harmful network resource, and wherein generating a visual representation of the harmful network resource comprises:
    - obtaining, using the network address, the harmful network resource; and
      
      rendering the harmful network resource to generate the visual representation of the harmful resource.
  - 3. The system of claim 1, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures of network resources identified as harmful;
      
      comparing a signature of the harmful network resource referenced in the first portion to one or more of the plurality of signatures of network resources; and
      
      determining, from the comparisons, that the harmful network resource referenced in the first portion is identified as harmful.
  - 4. The system of claim 1, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures comprising hashes of respective portions of network resources identified as harmful;
      
      comparing a hash of the harmful network resource referenced in the first portion to one or more of the plurality of signatures of network resources; and
      
      determining, from the comparisons, that the hash of the harmful network resource referenced in the first portion is identified as harmful.
  - 5. The system of claim 1, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures comprising network addresses included in respective portions of network resources that are identified as harmful; and
      
      comparing a network address associated with the harmful network resource referenced in the first portion to one or more of the plurality of signatures; and
      
      determining, from the comparisons, that the network address associated with the harmful network resource is identified as harmful.

6. A computer-implemented method comprising:
- hosting an instance of a browsing application, the instance of the browsing application in communication with a browsing application of a client computing device;
  
  obtaining a network resource from one or more content sources, the network resource comprising a plurality of portions of source code;
  
  determining that a first portion of source code, of the plurality of portions of source code, is identified as harmful;
  
  in response to determining that the first portion of source code is identified as harmful, modifying the network resource, wherein modifying the network resource comprisesgenerating a visual representation of a harmful network resource referenced in the first portion of source code,disabling, in the first portion of source code, a reference to the harmful network resource, andinserting, into the first portion of source code, a reference to the generated visual representation of the harmful network resource; and
  
  providing, to the browsing application of the client computing device, the modified network resource,wherein the method is performed by a network computing component comprising hardware.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 7. The computer-implemented method of claim 6, wherein a network resource comprises a web page, an image, a video, an applet, or a document.
  - 8. The computer-implemented method of claim 6, wherein determining that a first portion of source code is identified as harmful comprises:
    - determining that the first portion includes a reference to a blacklisted external resource.
  - 9. The computer-implemented method of claim 6, wherein the reference to the harmful network resource is a network address associated with the harmful network resource, and wherein generating a visual representation of the harmful network resource comprises:
    - obtaining, using the network address, the harmful network resource; and
      
      rendering the harmful network resource to generate the visual representation of the harmful resource.
  - 10. The computer-implemented method of claim 6, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures of network resources identified as harmful;
      
      comparing a signature of the harmful network resource referenced in the first portion to one or more of the plurality of signatures of network resources; and
      
      determining, from the comparisons, that the harmful network resource referenced in the first portion is identified as harmful.
  - 11. The computer-implemented method of claim 6, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures comprising hashes of respective portions of network resources identified as harmful;
      
      comparing a hash of the harmful network resource referenced in the first portion to one or more of the plurality of signatures of network resources; and
      
      determining, from the comparisons, that the hash of the harmful network resource referenced in the first portion is identified as harmful.
  - 12. The computer-implemented method of claim 6, wherein determining that a first portion of source code is identified as harmful comprises:
    - obtaining a plurality of signatures comprising network addresses included in respective portions of network resources that are identified as harmful; and
      
      comparing a network address associated with the harmful network resource referenced in the first portion to one or more of the plurality of signatures; and
      
      determining, from the comparisons, that the network address associated with the harmful network resource is identified as harmful.
  - 13. The computer-implemented method of claim 6, further comprising:
    - providing, to the client computing device, data identifying an unmodified first portion.
  - 14. The computer-implemented method of claim 13, further comprising:
    - receiving, from the client computing device, a request to receive the unmodified first portion.
  - 15. The computer-implemented method of claim 6, wherein a network resource comprises a web page, an image, a video, an applet, or a document.

16. A system for overriding protective measures applied to network resources, the system comprising:
- a network computing component comprising hardware, the network computing component operable to;
  
  provide, to a client device, a network resource comprising a plurality of portions of source code, wherein a portion identified as harmful is modified, and wherein modifying the identified portion comprises;
  
  generating a visual representation of a harmful network resource referenced in the portion,disabling a reference to the harmful network resource, andincluding reference to the generated visual representation of the harmful network resource;
  
  receive, from the client device, override data, wherein the override data comprises a request from a user of the client device to receive an unmodified version of the modified portion; and
  
  provide, to the client device, the unmodified version.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein providing the unmodified version comprises providing, to the client device, the network resource, wherein the portion is not modified.
  - 18. The system of claim 16, wherein the network computing component is further operable to receive override data from a plurality of client computing devices, the override data associated with the portion.
  - 19. The system of claim 18, wherein the network computing component is further operable to modify a repository associated with harmful network resources in response to receiving a statistically significant amount of override data from the plurality of client computing devices.
  - 20. The system of claim 16, wherein a network resource comprises a web page, an image, a video, an applet, or a document.

21. A non-transitory computer storage medium that stores an executable browser component that directs a user computing device to perform a process that comprises:
- transmitting, to a proxy server, a request for a content page;
  
  receiving from the proxy server a modified version of the content page with metadata reflective of how the content page was modified by the proxy server, the modified version including a modified portion of source code identified by the proxy server as harmful, wherein the metadata identifies one or more modifications of the portion of source code including;
  
  a reference to a visual representation, generated by the proxy server and stored on the proxy server, of a harmful network resource, referenced in an unmodified version of the portion, was inserted in the portion, anda reference to the harmful network resource was disabled; and
  
  displaying the modified version of the content page on the user computing device together with a selectable user option to initiate retrieval of the portion identified as harmful, the user option displayed in response to the metadata.
- View Dependent Claims (22, 23, 24, 25, 26)
- - 22. The non-transitory computer storage medium of claim 21, wherein the metadata is embedded in the modified version of the content page.
  - 23. The non-transitory computer storage medium of claim 21, wherein the metadata is received by the user computing device separately from the modified version of the content page.
  - 24. The non-transitory computer storage medium of claim 21, wherein the metadata specifies a harmfulness rating of the portion, and the method further comprises displaying an indication of the harmfulness rating.
  - 25. The non-transitory computer storage medium of claim 21, wherein the process further comprises receiving from the proxy server executable code, wherein the executable code causes display of a visual indicator of how the content page was modified by the proxy server.
  - 26. The non-transitory computer storage medium of claim 21, wherein a network resource comprises a web page, an image, a video, an applet, or a document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Hill, Peter F., Trahan, Matthew L.
Primary Examiner(s)
Nguyen, Thuong

Application Number

US13/406,327
Time in Patent Office

1,380 Days
Field of Search

726 22- 24, 709/245
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/566   Dynamic detection, i.e. det...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

H04L 63/168   above the transport layer

Selective disabling of content portions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Selective disabling of content portions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links