LOCKBOX FOR MITIGATING SAME ORIGIN POLICY FAILURES

US 20100017883A1
Filed: 07/17/2008
Published: 01/21/2010
Est. Priority Date: 07/17/2008
Status: Active Grant

First Claim

Patent Images

1. A system allowing mitigating security policy failures in a computing environment comprising:

a lockbox module operative to process one or more requests for data and/or an application feature; and

an instruction set comprising at least one instruction instructing the lockbox module to generate a lockbox computing application element operative to associate security privileges to selected content and to process data and/or an application feature to determine the data and/or application feature is associated with the lockbox computing application element according to a selected SOP management paradigm,wherein the SOP management paradigm comprises at least one instruction to associate data and/or an application feature with a lockbox comprising one or more lockbox operational properties.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.

43 Citations

View as Search Results

20 Claims

1. A system allowing mitigating security policy failures in a computing environment comprising:
- a lockbox module operative to process one or more requests for data and/or an application feature; and
  
  an instruction set comprising at least one instruction instructing the lockbox module to generate a lockbox computing application element operative to associate security privileges to selected content and to process data and/or an application feature to determine the data and/or application feature is associated with the lockbox computing application element according to a selected SOP management paradigm,wherein the SOP management paradigm comprises at least one instruction to associate data and/or an application feature with a lockbox comprising one or more lockbox operational properties.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system as recited in claim 1, wherein the one or more lockbox operational properties comprise that the lockbox module comprises its own tree designation.
  - 3. The system as recited in claim 2, wherein the one or more lockbox operational properties comprise that the lockbox allows access to the data and/or the application feature associated with the lockbox to a requesting entity if source of the one or more requests is provided by the DOM tree of the lockbox.
  - 4. The system as recited in claim 3, wherein the DOM tree is a hyper text mark-up language (HTML) document object tree.
  - 5. The system as recited in claim 3, wherein the one or more lockbox operational properties comprise associating the data and/or the application feature associated with the lockbox as the principal of a domain deploying the lockbox.
  - 6. The system as recited in claim 1, wherein the lockbox module is operative to attach a source URL associated with the lockbox as an HTTP header comprising a portion of an out-going HTTP request.
  - 7. The system as recited in claim 6, wherein the HTTP header is unique.
  - 8. The system as recited in claim 7, wherein the lockbox module is operative to deploy a personal image when asserting the authenticity of a contents contained in the lockbox.
  - 9. The system as recited in claim 8, wherein the personal image and the lockboxed contents are displayable on one or more cooperating computing environments for use by the lockbox module in determining which content to release from the lockbox.
  - 10. The system as recited in claim 1, wherein data and/or application features can be associated as data and/or application features to be contained in a lockbox according to a selected tag.

11. A method to mitigate SOP failures in a computing environment comprising:
- creating a lockbox computing application element operative to associate security privileges to selected content;
  
  receiving a request for data and/or application feature that is contained in the lockbox computing application element;
  
  identifying the source of the received request to determine if the source is a selected approved source to which the lockbox computing application element is operable to provide access; and
  
  providing the requested data and/or application feature to the source of the received request if the sources is a selected approved source.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method as recited in claim 11, further comprising associating the lockbox to a selected DOM tree.
  - 13. The method as recited in claim 12, further comprising determining whether the source of the received request is part of the domain tree which contains the lockbox.
  - 14. The method as recited in claim 11, further comprising allowing access to the source of the received request comprises an HTML domain tree.
  - 15. The method as recited in claim 14, further comprising associating the data and/or application feature with a lockbox.
  - 16. The method as recited in claim 15, further comprising associating data and/application feature of the lockbox as the principal of the domain that hosts the lockbox.
  - 17. The method as recited in claim 15, further comprising associating an HTML domain tree to the lockbox.
  - 18. The method as recited in claim 17, further comprising including a syntax in the lockbox operable as an identification tag for the lockbox.
  - 19. The method as recited in claim 13, further comprising providing an error to the source of the received request if the identified source is not an approved source.

20. A computer-readable medium having computer executable instructions to instruct a computing environment to perform a method comprising:
- creating a lockbox computing application element operative to associate security privileges to selected content;
  
  receiving a request for data and/or application feature that is contained in the lockbox computing application element;
  
  identifying the source of the received request to determine if the source is a selected approved source to which the lockbox computing application element is operable to provide access; and
  
  providing the requested data and/or application feature to the source of the received request if the sources is a selected approved source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chen, Shuo, Wang, Jiahe Helen, Fan, Xiaofeng

Granted Patent

US 8,782,797 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/55 Detecting local intrusion o...

H04L 63/1416 Event detection, e.g. attac...

LOCKBOX FOR MITIGATING SAME ORIGIN POLICY FAILURES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

LOCKBOX FOR MITIGATING SAME ORIGIN POLICY FAILURES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links