Server defenses against use of tainted cache

US 9,398,066 B1
Filed: 03/06/2013
Issued: 07/19/2016
Est. Priority Date: 03/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method of managing a browser cache operating on a client node connected to a second network, the method comprising:

receiving a description of an object on a server computing node, the description received by the server computing node from the client node over the second network, the object being contained in the browser cache on the client node;

analyzing the description with respect to a policy associated with a use of a first network to obtain the object contained in the browser cache; and

based at least in part on the analyzing, sending an indication to the client node with respect to a use of the object by a browser operating on the client node when connected to a web-based resource over the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer readable media are described for validating objects stored in a web cache. In one embodiment, a computing device caches objects received while accessing networked content over a network. The computing device generates a description of conditions associated with the caching of the objects. When the computing device accesses networked content via a second network, the computing device or a remote server connected thereto utilizes the description to determine whether an object in the cache is trusted or untrusted. The server manages a policy that defines rules for making the determination. The policy can be generated based on descriptions received from a plurality of devices.

Citations

27 Claims

1. A method of managing a browser cache operating on a client node connected to a second network, the method comprising:
- receiving a description of an object on a server computing node, the description received by the server computing node from the client node over the second network, the object being contained in the browser cache on the client node;
  
  analyzing the description with respect to a policy associated with a use of a first network to obtain the object contained in the browser cache; and
  
  based at least in part on the analyzing, sending an indication to the client node with respect to a use of the object by a browser operating on the client node when connected to a web-based resource over the second network.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the description comprises information about a condition associated with obtaining the object over the first network.
  - 3. The method of claim 2, wherein the policy comprises information about a web-based resource having content associated with the object, an author of the object, and a network for obtaining the object.
  - 4. The method of claim 1, wherein the indication comprises information indicative of whether the object complies with the policy.

5. A non-transitory computer-readable storage medium bearing instructions for using objects in a cache that, upon execution by a computing node, at least cause the computing node to:
- receive information associated with a cached object from a client node, the cached object being used to access content of a network-based resource, the information being indicative of a condition associated with caching the cached object at the client node;
  
  analyze the received information with respect to a policy to determine whether the cached object can be used to access the network-based content; and
  
  return an indication of the analysis to the client node.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 6. The non-transitory computer-readable storage medium of claim 5, wherein the information indicative of the condition associated with caching the cached object at the client node comprises an identifier of a network-based resource from which the cached object was obtained by the client node.
  - 7. The non-transitory computer-readable storage medium of claim 5, wherein the information indicative of the condition associated with caching the cached object at the client node comprises an identifier of a first network over which the cached object was obtained by the client node.
  - 8. The non-transitory computer-readable storage medium of claim 5, wherein the information associated with the cached object comprises the cached object.
  - 9. The non-transitory computer-readable storage medium of claim 5, wherein the indication of the analysis further comprises instructions to the client node to replace the cached object with a trusted object when the cached object is determined to be untrusted.
  - 10. The non-transitory computer-readable storage medium of claim 5 further comprising instructions that, upon execution by the computing node, at least cause the computing node to notify a computing device of a violation of the policy when the cached object is determined to be untrusted, wherein the computing device is associated with an administrator of a network over which the cached object was cached.
  - 11. The non-transitory computer-readable storage medium of claim 10, wherein the notification comprises data contained in the information associated with the cached object.
  - 12. The non-transitory computer-readable storage medium of claim 5 further comprising instructions that, upon execution by the computing node, at least cause the computing node to update the cached object and provide the update to the client node.
  - 13. The non-transitory computer-readable storage medium of claim 5 further comprising instructions that, upon execution by the computing node, at least cause the computing node to allow the cached object for use with a network-based resource when the cached object is determined to be trusted.
  - 14. The non-transitory computer-readable storage medium of claim 5, wherein the cached object comprises a library that is used by a browser associated with the client node.
  - 15. The non-transitory computer-readable storage medium of claim 5, wherein the information associated with the cached object comprises a first description associated with content of the cached object received from the client node, wherein the policy comprises a rule to compare the first description to a second description received from a second client node, and wherein a comparison of the first description and the second description indicates whether the object is untrusted.
  - 16. The non-transitory computer-readable storage medium of claim 15, wherein the information associated with the cached object further comprises a first identifier associated with a first network over which the cached object was downloaded to the client node, wherein the policy comprises a rule to compare the first identifier to a second identifier received from the second client node based at least in part on the comparison of the first description and the second description, and wherein a comparison of the first identifier and the second identifier indicates whether the object is untrusted.

17. A system for using a cache on a client node, the system comprising:
- a memory having stored thereon instructions that, upon execution, cause the system to at least;
  
  receive from the client node a request to analyze an object associated with the cache, the request comprising information associated with the object and indicative of a condition of caching the object at the client node;
  
  compare the information to a requirement associated with a use of the object; and
  
  provide an indication to the client node regarding the use of the object based at least in part on the comparison.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 18. The system of claim 17, further comprising instructions stored on the memory that, upon execution, cause the system to at least transmit a new object to the client node.
  - 19. The system of claim 17 wherein the object comprises a JavaScript library.
  - 20. The system of claim 17 wherein the object is associated with content of a website.
  - 21. The system of claim 17 wherein the information associated with the object comprises parameters associated with a first network over which the object was cached.
  - 22. The system of claim 17, wherein the requirement associated with the use of the object is derived from a history of contexts received from the client node, and wherein the history of contexts comprise descriptions associated with caching objects at the client node.
  - 23. The system of claim 17, wherein the requirement associated with the use of the object is based at least in part on requests received from a plurality of client nodes, and wherein the requests received from a plurality of client nodes comprise descriptions associated with caching of a plurality of objects at the plurality of client nodes.
  - 24. The system of claim 17, wherein the indication regarding the use of the object comprises disallowing the object from use on the client node.
  - 25. The system of claim 24, wherein the indication regarding the use of the object is provided within a service returned to the client node, and wherein the service comprises a determination of whether the object is trusted.
  - 26. The system of claim 25, wherein the service is configured to the client node based at least in part on the request received from the client node.
  - 27. The system of claim 25, wherein the service further comprises services provided to a plurality of client nodes, when the service provided to a second client node of the plurality of client nodes is configured based at least in part on parameters associated with the second client node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Brown, Nicholas Howard, Roth, Gregory Branchek
Primary Examiner(s)
Donaghue, Larry

Application Number

US13/787,553
Time in Patent Office

1,231 Days
Field of Search

709/213
US Class Current

1/1
CPC Class Codes

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/02   based on web technology, e....

H04L 67/5682   Policies or rules for updat...

Server defenses against use of tainted cache

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Server defenses against use of tainted cache

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links