Content inspection

US 9,223,976 B2
Filed: 09/08/2011
Issued: 12/29/2015
Est. Priority Date: 09/08/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting, by a computing device, that an application is calling a code element of a pre-specified group of code elements to be used to process content that is separate from the application;

responsive to the detecting, determining whether the content to be processed is untrusted; and

responsive to ascertaining that the content is trusted based on a source of the content being local to the computing device on which the application is executing, allowing the trusted content to be passed to the code element; and

responsive to ascertaining that the content is untrusted based on the source of the content being remote to the computing device on which the application is executing, inspecting the content separately from the code element to determine if the content is safe to be passed to the code element, the inspecting being performed subsequent to determining whether the content to be processed is untrusted and including identifying whether the content itself includes one or more unsafe criteria.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Content inspection techniques are described. In one or more implementations, it is detected that an application executing on a computing device is calling a particular code element of a group of code elements to be used to process content. For example, the group of code elements can include a pre-specified group of code elements (e.g., functions and/or properties) that may enable access to particular functionalities of a computing device and thus are associated with a known security risk. It is then ascertained that the content is untrusted and, in response to ascertaining that the content is untrusted, the content is inspected to determine if the content is safe to be passed to the code element.

Citations

20 Claims

1. A method, comprising:
- detecting, by a computing device, that an application is calling a code element of a pre-specified group of code elements to be used to process content that is separate from the application;
  
  responsive to the detecting, determining whether the content to be processed is untrusted; and
  
  responsive to ascertaining that the content is trusted based on a source of the content being local to the computing device on which the application is executing, allowing the trusted content to be passed to the code element; and
  
  responsive to ascertaining that the content is untrusted based on the source of the content being remote to the computing device on which the application is executing, inspecting the content separately from the code element to determine if the content is safe to be passed to the code element, the inspecting being performed subsequent to determining whether the content to be processed is untrusted and including identifying whether the content itself includes one or more unsafe criteria.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A method as described in claim 1, wherein the code element is included as part of the pre-specified group of code elements based on the code element enabling access to particular functionalities of a computing device.
  - 3. A method as described in claim 1, wherein the code element comprises at least one of a function, a subroutine, a method, a parameter, a property, or an application programing interface (API).
  - 4. A method as described in claim 1, wherein ascertaining that the content is untrusted is further based at least in part on the source of the content being unknown to the computing device on which the application is executing.
  - 5. A method as described in claim 1, wherein ascertaining that the content is untrusted is further based on the application including a script tag that indicates that the content is to be retrieved from a resource that is remote from the computing device on which the application is executing.
  - 6. A method as described in claim 1, wherein inspecting the content further comprises applying one or more content inspection policies to the content to determine if the content is safe to be passed to the code element, the one or more content inspection policies indicating that if the content meets one or more criteria the content is considered to be unsafe.
  - 7. A method as described in claim 1, wherein inspecting the content includes determining that the content is unsafe to be passed to the code element based on the content including executable code.
  - 8. A method as described in claim 7, further comprising:
    - responsive to ascertaining that the content is unsafe, sanitizing the unsafe content by removing the executable code from the content; and
      
      allowing the sanitized content to be passed to the code element.
  - 9. A method as described in claim 1, further comprising preventing the content from being passed to the code element based on a determination from the inspecting that the content is unsafe.
  - 10. A method as described in claim 1, wherein the code element is included as part of the pre-specified group of code elements based on the code element enabling access to document object model (DOM) functionality of a computing device.

11. A method, comprising:
- detecting, by a computing device, that an application is calling a pre-specified code element to be used to process content that is separate from the application;
  
  responsive to the detecting, ascertaining, by the computing device, whether the content is trusted or untrusted to be passed to the pre-specified code element, the ascertaining being based on a source of the content;
  
  responsive to ascertaining that the content is trusted based on the source of the content being local to the computing device, allowing the trusted content to be passed to the pre-specified code element; and
  
  responsive to ascertaining that content is untrusted based on the source of the content being remote to the computing device;
  
  inspecting the untrusted content separately from the pre-specified code element to determine that the untrusted content is unsafe to be passed to the pre-specified code element; and
  
  sanitizing the unsafe content by removing one or more unsafe features from the untrusted content itself prior to allowing the sanitized content to be passed to the pre-specified code element.
- View Dependent Claims (12, 13, 14, 15)
- - 12. A method as described in claim 11, wherein ascertaining that the content is untrusted is further based on the source of the content including unknown or unverified security credentials.
  - 13. A method as described in claim 11, wherein the one or more unsafe features comprise executable code, and wherein the removing comprises removing the executable code from the content.
  - 14. A method as described in claim 11, wherein the one or more unsafe features comprise a script tag, and wherein the removing comprises removing the script tag from the content.
  - 15. A method as described in claim 11, wherein the pre-specified code element comprises at least one of a function, a subroutine, a method, a parameter, a property, or an application programing interface (API).

16. A system, comprising:
- one or more processors;
  
  one or more computer-readable storage media storing instructions that, responsive to execution by the one or more processors, cause a computing device to perform operations comprising;
  
  detecting that an application is calling a code element of a pre-specified group of code elements to be used to process content that is separate from the application;
  
  ascertaining whether the content is trusted or untrusted to be passed to the code element, the ascertaining being based on a source of the content;
  
  responsive to ascertaining that the content is trusted content based on the source of the content being internal to the computing device, allowing the trusted content to be passed to the code element; and
  
  responsive to ascertaining that the content is untrusted content based on the source of the content being external to the computing device;
  
  inspecting the untrusted content separately from the code element to determine that the untrusted content is unsafe to be passed to the code element; and
  
  sanitizing the unsafe content by removing one or more unsafe features from the untrusted content itself prior to allowing the sanitized content to be passed to the code element.
- View Dependent Claims (17, 18, 19, 20)
- - 17. A system as described in claim 16, further comprising pre-specifying, prior to the detecting, a set of code elements on the computing device.
  - 18. A system as described in claim 17, wherein pre-specifying the set of code elements is based, at least in part, on whether a code element of the set of code elements enables access to security-sensitive functionalities of the computing device.
  - 19. A system as described in claim 16, wherein the one or more unsafe features includes a script with an executable portion and wherein removing the one or more unsafe features from the untrusted content includes removing the executable portion from the script prior to passing the script to the code element.
  - 20. A system as described in claim 16, the operations further comprising, responsive to sanitizing the unsafe content:
    - determining that the sanitized content is safe content; and
      
      causing presentation of the safe content as a web page, a document, or a visual presentation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Risney, David L. Jr., Graham, Scott B., Ross, David Andrew, Jourdain, Mathias
Primary Examiner(s)
KIM, TAE K

Application Number

US13/228,338
Publication Number

US 20130067570A1
Time in Patent Office

1,573 Days
Field of Search

726 22- 25
US Class Current

1/1
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/629   to features or functions of...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/107   wherein the security polici...

H04L 63/126   the source of the received ...

H04L 63/14   for detecting or protecting...

Content inspection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Content inspection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links