专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08782797B2 Lockbox for mitigating same origin policy failures 有权
标题翻译： Lockbox用于减轻相同的原始策略失败
公开(公告)号：US08782797B2
公开(公告)日：2014-07-15
申请号：US12175264
申请日：2008-07-17
申请人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
发明人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
IPC分类号： G06F7/04
CPC分类号： G06F21/55 , H04L63/1416
摘要： Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
摘要翻译：提供了管理在计算环境中发生的相同来源策略（SOP）故障的系统和方法。在说明性实现中，示例性计算环境包括锁箱模块，以及指令集，其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令，以及根据一个选定的SOP管理模式。在说明性实现中，SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令，允许管理，监视和控制可在相同原始策略下操作的计算应用特征/操作。

2. 发明申请

US20100017883A1 LOCKBOX FOR MITIGATING SAME ORIGIN POLICY FAILURES 有权
标题翻译：用于减轻相同原因的LOCKBOX策略失败
公开(公告)号：US20100017883A1
公开(公告)日：2010-01-21
申请号：US12175264
申请日：2008-07-17
申请人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
发明人： Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
IPC分类号： G06F21/00
CPC分类号： G06F21/55 , H04L63/1416
摘要： Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
摘要翻译：提供了管理在计算环境中发生的相同来源策略（SOP）故障的系统和方法。在说明性实现中，示例性计算环境包括锁箱模块，以及指令集，其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令，以及根据一个选定的SOP管理模式。在说明性实现中，SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令，允许管理，监视和控制可在相同原始策略下操作的计算应用特征/操作。

3. 发明授权

US10019570B2 Protection and communication abstractions for web browsers 有权
公开(公告)号：US10019570B2
公开(公告)日：2018-07-10
申请号：US11762900
申请日：2007-06-14
申请人： Jiahe Helen Wang , Xiaofeng Fan , Collin Edward Jackson , Jonathan Ryan Howell , Zhenbin Xu
发明人： Jiahe Helen Wang , Xiaofeng Fan , Collin Edward Jackson , Jonathan Ryan Howell , Zhenbin Xu
IPC分类号： H04L12/859 , G06F21/53 , G06F9/455 , H04L29/06
CPC分类号： G06F21/53 , G06F2009/45587 , G06F2221/2119 , H04L63/1441
摘要： Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.

4. 发明申请

US20090070663A1 PROXY ENGINE FOR CUSTOM HANDLING OF WEB CONTENT 审中-公开
标题翻译：用于自定义处理WEB内容的代理引擎
公开(公告)号：US20090070663A1
公开(公告)日：2009-03-12
申请号：US11851309
申请日：2007-09-06
申请人： Xiaofeng Fan , Jiahe Helen Wang
发明人： Xiaofeng Fan , Jiahe Helen Wang
IPC分类号： G06F3/00
CPC分类号： G06F21/566 , G06F21/562
摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.
摘要翻译：描述了用于保护网络用户免受恶意可执行代码的过程和技术。实现了拦截Web浏览器和脚本引擎之间的通信的代理引擎。代理引擎可以调用各种定制事件处理程序，其被配置为处理在web内容的处理中发生的特定类型的事件（例如，脚本事件）。脚本屏蔽事件处理程序在预定义的无脚本区域中检测脚本的存在，并防止脚本在用户设备上执行。

5. 发明授权

US09906549B2 Proxy engine for custom handling of web content 有权
公开(公告)号：US09906549B2
公开(公告)日：2018-02-27
申请号：US11851303
申请日：2007-09-06
申请人： Xiaofeng Fan , Jiahe Helen Wang
发明人： Xiaofeng Fan , Jiahe Helen Wang
IPC分类号： G06F11/00 , H04L29/06 , G06F21/51 , G06F12/14 , H04L29/08
CPC分类号： H04L63/1441 , G06F21/51 , G06F2221/2119 , H04L63/0281 , H04L67/2819
摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

6. 发明申请

US20080313648A1 PROTECTION AND COMMUNICATION ABSTRACTIONS FOR WEB BROWSERS 有权
标题翻译： WEB浏览器的保护和通信摘要
公开(公告)号：US20080313648A1
公开(公告)日：2008-12-18
申请号：US11762900
申请日：2007-06-14
申请人： Jiahe Helen Wang , Xiaofeng Fan , Collin Edward Jackson , Jonathan Ryan Howell , Zhenbin Xu
发明人： Jiahe Helen Wang , Xiaofeng Fan , Collin Edward Jackson , Jonathan Ryan Howell , Zhenbin Xu
IPC分类号： G06F9/44
CPC分类号： G06F21/53 , G06F2009/45587 , G06F2221/2119 , H04L63/1441
摘要： Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.
摘要翻译：根据本文公开的一个或多个实施例，用于访问与基于Web的应用相关联的资源的系统和方法可以包括从第一域获得至少第一资源的浏览器和从第二域获得第二资源的资源管理组件控制第一资源和第二资源之间的通信，并且防止第一资源和第二资源访问第一资源和第二资源不被允许访问的其他资源。资源管理组件可以进一步可操作以在沙盒容纳结构中包含受限服务和/或隔离服务实例中的访问控制资源。此外，资源管理组件可以可操作以便于来自不同域的资源的灵活显示和/或其间的受控通信。

7. 发明申请

US20090070869A1 PROXY ENGINE FOR CUSTOM HANDLING OF WEB CONTENT 有权
公开(公告)号：US20090070869A1
公开(公告)日：2009-03-12
申请号：US11851303
申请日：2007-09-06
申请人： Xiaofeng Fan , Jiahe Helen Wang
发明人： Xiaofeng Fan , Jiahe Helen Wang
IPC分类号： G06F21/00
CPC分类号： H04L63/1441 , G06F21/51 , G06F2221/2119 , H04L63/0281 , H04L67/2819
摘要： Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.

8. 发明申请

US20080127341A1 Systematic Approach to Uncover GUI Logic Flaws 有权
标题翻译：揭示GUI逻辑缺陷的系统方法
公开(公告)号：US20080127341A1
公开(公告)日：2008-05-29
申请号：US11772085
申请日：2007-06-29
申请人： Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
发明人： Shuo Chen , Jiahe Helen Wang , Yi-Min Wang
IPC分类号： H04L9/32 , G06F3/00
CPC分类号： G06F11/3608 , G06F21/577 , G06F21/83
摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译：为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。这里描述的发明是使用系统推理方法揭露这些缺陷的技术。该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

9. 发明授权

US08125669B2 Systematic approach to uncover GUI logic flaws 有权
标题翻译：发现GUI逻辑缺陷的系统方法
公开(公告)号：US08125669B2
公开(公告)日：2012-02-28
申请号：US11772085
申请日：2007-06-29
申请人： Shuo Chen , Yi-Min Wang , Jiahe Helen Wang
发明人： Shuo Chen , Yi-Min Wang , Jiahe Helen Wang
IPC分类号： G06F15/00 , G06F11/00
CPC分类号： G06F11/3608 , G06F21/577 , G06F21/83
摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译：为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。这里描述的发明是使用系统推理方法揭露这些缺陷的技术。该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

10. 发明授权

US08539585B2 Systematic approach to uncover visual ambiguity vulnerabilities 有权
标题翻译：发现视觉模糊漏洞的系统方法
公开(公告)号：US08539585B2
公开(公告)日：2013-09-17
申请号：US11768134
申请日：2007-06-25
申请人： Shuo Chen , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
发明人： Shuo Chen , Ralf Sasse , Jiahe Helen Wang , Yi-Min Wang
IPC分类号： G06F21/00
CPC分类号： G06F11/3608 , G06F21/577 , G06F21/83
摘要： To achieve end-to-end security, traditional machine-to-machine security measures are insufficient if the integrity of the graphical user interface (GUI) is compromised. GUI logic flaws are a category of software vulnerabilities that result from logic flaws in GUI implementation. The invention described here is a technology for uncovering these flaws using a systematic reasoning approach. Major steps in the technology include: (1) mapping a visual invariant to a program invariant; (2) formally modeling the program logic, the user actions and the execution context, and systematically exploring the possibilities of violations of the program invariant; (3) finding real spoofing attacks based on the exploration.
摘要翻译：为了实现端到端的安全性，如果图形用户界面（GUI）的完整性受到损害，则传统的机器对机器的安全措施是不够的。 GUI逻辑缺陷是由GUI实现中的逻辑缺陷引起的一类软件漏洞。这里描述的发明是使用系统推理方法揭露这些缺陷的技术。该技术的主要步骤包括：（1）将视觉不变量映射到程序不变; （2）对程序逻辑，用户动作和执行上下文进行正式建模，并系统地探索违反程序不变的可能性; （3）根据探索找到真正的欺骗攻击。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式