Method and apparatus for network security in browser based interfaces

US 5,878,417 A
Filed: 11/20/1996
Issued: 03/02/1999
Est. Priority Date: 11/20/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method, implemented in a computer system, for determining execution permission for an application program retrieved by a web browser within a client'"'"'s workstation in a network operating environment, comprising the steps of:

creating a non-standard command filetype extension for all command files in said client'"'"'s workstation in said network operating environment containing said application program;

creating a unique filetype extension in said client'"'"'s workstation having protection and permission information for said application program, said unique file type extension different from said non-standard command filetype;

receiving at said client'"'"'s workstation in said network operating environment said application program retrieved by said web browser;

testing the content and source of said application program received at said client'"'"'s workstation for said unique filetype extension; and

executing said application program at said client'"'"'s workstation by said web browser based on said protection and permission information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for improving security for a workstation accessing network resources through a web browser interface. A three step procedure is provided on the workstation for testing the origin and filetype extensions of command files, retrieved by a web browser, to determine whether they may be executed on the workstation. Step one of the invention consists of creating a non-standard command filetype extension on the workstation to be protected. This is followed by step two which isolates specific network or system resources for all approved command files. Finally, step three protects the command file contents and sub-directory locations on the protected workstation. The invention grants execute permission for an application file command files only when all three conditions of the above steps are met.

46 Citations

View as Search Results

12 Claims

1. A method, implemented in a computer system, for determining execution permission for an application program retrieved by a web browser within a client'"'"'s workstation in a network operating environment, comprising the steps of:
- creating a non-standard command filetype extension for all command files in said client'"'"'s workstation in said network operating environment containing said application program;
  
  creating a unique filetype extension in said client'"'"'s workstation having protection and permission information for said application program, said unique file type extension different from said non-standard command filetype;
  
  receiving at said client'"'"'s workstation in said network operating environment said application program retrieved by said web browser;
  
  testing the content and source of said application program received at said client'"'"'s workstation for said unique filetype extension; and
  
  executing said application program at said client'"'"'s workstation by said web browser based on said protection and permission information.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the step of creating a unique filetype extension comprises the step of:
    - assigning read-only protection for said unique filetype extension in said client'"'"'s workstation.
  - 3. The method of claim 1, wherein the step of creating a unique filetype extension comprises the step of:
    - assigning a unique file extension to a command file of said application program in said client'"'"'s workstation.
  - 4. The method of claim 1, wherein the step of testing the context and source of said application program comprises the steps of:
    - determining if an executable command of said application file is of local origin; and
      
      passing permission to said web browser to execute said application file locally on said client'"'"'s workstation.

5. An apparatus for determining execution permission for an application program retrieved by a web browser within a client'"'"'s workstation in a network operating environment, comprising:
- means for creating a non-standard command filetype extension for all command files in said client'"'"'s workstation in said network operating environment containing said application program;
  
  means for creating a unique filetype extension in said client'"'"'s workstation having protection and permission information for said application program, said unique file type extension different from said non-standard command filetype;
  
  means for receiving at said client'"'"'s workstation in said network operating environment said application program retrieved by said web browser;
  
  means for testing the content and source of said application program received at said client'"'"'s workstation for said unique filetype extension; and
  
  means for executing said application program at said client'"'"'s workstation by said web browser based on said protection and permission information.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, wherein the means for creating a unique filetype extension comprises:
    - means for assigning read-only protection for said unique filetype extension in said client'"'"'s workstation.
  - 7. The apparatus of claim 5, wherein the means for creating a unique filetype extension comprises:
    - means for assigning a unique file extension to a command file of said application program in said client'"'"'s workstation.
  - 8. The apparatus of claim 5, wherein the means for testing the context and source of said application program comprises:
    - means for determining if an executable command of said application file is of local origin; and
      
      means for passing permission to said web browser to execute said application file locally on said client'"'"'s workstation.

9. A computer program product having a computer readable medium having computer program logic recorded thereon for determining execution permission for an application program retrieved by a web browser within a client'"'"'s workstation in a network operating environment, comprising:
- computer readable means for creating a non-standard command filetype extension for all command files in said client'"'"'s workstation in said network operating environment containing said application program;
  
  computer readable means for creating a unique filetype extension in said client'"'"'s workstation having protection and permission information for said application program, said unique filetype different from said non-standard command filetype;
  
  computer readable means for receiving at said client'"'"'s workstation in said network operating environment said application program retrieved by said web browser;
  
  computer readable means for testing the content and source of said application program received at said client'"'"'s workstation for said unique filetype extension; and
  
  computer readable means for executing said application program at said client'"'"'s workstation by said web browser based on said protection and permission information.
- View Dependent Claims (10, 11, 12)
- - 10. The computer program of claim 9, wherein the computer readable means for creating a unique filetype extension comprises:
    - computer readable means for assigning read-only protection for said unique filetype extension in said client'"'"'s workstation.
  - 11. The computer program of claim 9, wherein the computer readable means for creating a unique filetype extension comprises:
    - computer readable means for assigning a unique file extension to a command file of said application program in said client'"'"'s workstation.
  - 12. The computer program of claim 9, wherein the computer readable means for testing the context and source of said application program comprises:
    - computer readable means for determining if an executable command of said application file is of local origin; and
      
      computer readable means for passing permission to said web browser to execute said application file locally on said client'"'"'s workstation.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Gaitatzes, Athanasios, Naik, Sharad Janardhan, Foster, Robert Kimberlin, Christensen, Carol Sue, Talbot, Richard Dennis, Baldwin, Wayne Ross
Primary Examiner(s)
AMSBURY, WAYNE P

Application Number

US08/753,083
Time in Patent Office

832 Days
Field of Search

707/10, 707/200, 395/187.01
US Class Current

1/1
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/562 Static detection

Method and apparatus for network security in browser based interfaces

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for network security in browser based interfaces

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links