公开(公告)号：US07571459B2

公开(公告)日：2009-08-04

申请号：US10835909

申请日：2004-04-30

Applicant: Shankar Ganesh ,  Roberto A. Franco ,  Kurt James Schmucker

Inventor： Shankar Ganesh ,  Roberto A. Franco ,  Kurt James Schmucker

IPC: G06F17/00 ,  G06F15/16 ,  H04L29/06

CPC classification number: H04L63/168 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105

Abstract: A method and system for determining whether to allow a network browser action when a transition occurs between security zones as a result of the action is provided. Gaining access to a local machine zone may be a goal for unauthorized entities attempting to improperly access a user's content. The present invention therefore may be initiated to block transitions from the security zones with stricter security restrictions to zones with less security restrictions. In addition, a selected alternative may be commenced depending on the relative weight of the security zones involved the zone transition. Depending on the relative weight of security zones, the transition between zones may be allowed, prevented, or the user may be prompted to decide whether to allow or prevent the action that results in the zone transition.

Abstract translation: 提供了一种用于在作为结果的安全区之间发生转换时确定是否允许网络浏览器动作的方法和系统。 访问本地计算机区域可能是未经授权的实体尝试不正确访问用户内容的目标。 因此，本发明可以被启动以阻止具有更严格的安全限制的安全区域到具有较少安全限制的区域的转换。 此外，可以根据涉及区域转换的安全区域的相对权重来开始选择的替代方案。 根据安全区域的相对权重，可以允许，防止区域之间的过渡，或者可能会提示用户决定是否允许或阻止导致区域转换的动作。

公开(公告)号：US07430739B2

公开(公告)日：2008-09-30

申请号：US11117766

申请日：2005-04-27

Applicant: Kusuma P. Vellanki ,  Sujal S. Parikh ,  Lauren B. Lavoie ,  Shankar Ganesh

Inventor： Kusuma P. Vellanki ,  Sujal S. Parikh ,  Lauren B. Lavoie ,  Shankar Ganesh

IPC: G06F9/46 ,  G06F15/16

CPC classification number: G06F17/30899

Abstract: Described is a method and system by which document servers/applications (document objects) hosted by the browser may integrate with the browser's travel log. As a result, the user can use browser navigation commands, particularly forward and back commands, as well as a drop-down list of entries, to navigate among a hosted document's pages. Integration also allows the document object to add travel entries, persist relevant state, delete travel entries and update existing travel entries with new state. The browser and document object may communicate to update the browser's address bar, and to communicate various navigation events to keep each other synchronized. In one implementation, the browser limits navigation to top-level travel entries and the sub-navigation entries of the currently hosted document object, by filtering out sub-navigation entries that do not correspond to the currently-hosted document object. Frames no longer valid are also filtered from those available for navigation.

Abstract translation: 描述了由浏览器托管的文档服务器/应用（文档对象）可以与浏览器的旅行日志集成的方法和系统。 因此，用户可以使用浏览器导航命令，特别是前进和后退命令，以及条目的下拉列表，以便在托管文档的页面之间导航。 集成还允许文档对象添加旅行条目，持续相关状态，删除旅行条目，并更新具有新状态的现有旅行条目。 浏览器和文档对象可以通信以更新浏览器的地址栏，并且传达各种导航事件以保持彼此同步。 在一个实现中，浏览器通过过滤与当前托管的文档对象不对应的子导航条目来限制到顶级旅行条目的导航和当前托管的文档对象的子导航条目。 不再有效的帧也可以从可用于导航的帧中过滤掉。

公开(公告)号：US20060248444A1

公开(公告)日：2006-11-02

申请号：US11117766

申请日：2005-04-27

Applicant: Kusuma Vellanki ,  Sujal Parikh ,  Lauren Lavoie ,  Shankar Ganesh

Inventor： Kusuma Vellanki ,  Sujal Parikh ,  Lauren Lavoie ,  Shankar Ganesh

IPC: G06F17/00

CPC classification number: G06F17/30899

Abstract: Described is a method and system by which document servers/applications (document objects) hosted by the browser may integrate with the browser's travel log. As a result, the user can use browser navigation commands, particularly forward and back commands, as well as a drop-down list of entries, to navigate among a hosted document's pages. Integration also allows the document object to add travel entries, persist relevant state, delete travel entries and update existing travel entries with new state. The browser and document object may communicate to update the browser's address bar, and to communicate various navigation events to keep each other synchronized. In one implementation, the browser limits navigation to top-level travel entries and the sub-navigation entries of the currently hosted document object, by filtering out sub-navigation entries that do not correspond to the currently-hosted document object. Frames no longer valid are also filtered from those available for navigation.

Abstract translation: 描述了由浏览器托管的文档服务器/应用（文档对象）可以与浏览器的旅行日志集成的方法和系统。 因此，用户可以使用浏览器导航命令，特别是前进和后退命令，以及条目的下拉列表，以便在托管文档的页面之间导航。 集成还允许文档对象添加旅行条目，持续相关状态，删除旅行条目，并更新具有新状态的现有旅行条目。 浏览器和文档对象可以通信以更新浏览器的地址栏，并且传达各种导航事件以保持彼此同步。 在一个实现中，浏览器通过过滤与当前托管的文档对象不对应的子导航条目来限制到顶级旅行条目的导航和当前托管的文档对象的子导航条目。 不再有效的帧也可以从可用于导航的帧中过滤掉。

公开(公告)号：US20050246761A1

公开(公告)日：2005-11-03

申请号：US10836182

申请日：2004-04-30

Applicant: David Ross ,  Roberto Franco ,  John Bedworth ,  Shankar Ganesh ,  Venkatraman Kudallur ,  Anantha Ganjam ,  Kurt Schmucker

Inventor： David Ross ,  Roberto Franco ,  John Bedworth ,  Shankar Ganesh ,  Venkatraman Kudallur ,  Anantha Ganjam ,  Kurt Schmucker

IPC: H04L9/00 ,  H04L29/06

CPC classification number: H04L63/20 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105 ,  H04L63/168

Abstract: A method and system for locking down a local machine zone associated with a network browser is provided. Placing the local machine zone in a lockdown mode provides stricter security settings that are applied to active content attempting to publish within a local page open in the network browser. The stricter setting are provided in a new set of registry keys that correspond to the lockdown mode of the local machine zone. The original security settings remain unchanged so that other systems and applications functionality that depends on the original security settings remains unaffected for the local machine zone. A user may also selectively allow active content to render despite the local machine zone being locked down.

Abstract translation: 提供了一种用于锁定与网络浏览器相关联的本地计算机区域的方法和系统。 将本地计算机区域置于锁定模式下，将提供更严格的安全设置，适用于尝试在网络浏览器中打开的本地页面中发布的活动内容。 更严格的设置在与本地机器区域的锁定模式相对应的一组新的注册表项中提供。 原始的安全设置保持不变，这样依赖于原始安全设置的其他系统和应用程序功能对本地计算机区域不会受到影响。 即使本地机器区被锁定，用户也可以选择性地允许活动内容呈现。

公开(公告)号：US20150193215A1

公开(公告)日：2015-07-09

申请号：US11261953

申请日：2005-10-28

Applicant: Sorin Jianu ,  Sundar Pichai ,  Jocelyn Lin ,  Ann Mei Chang ,  Othman Laraki ,  Joerg Heilig ,  John Fu ,  Shankar Ganesh ,  Jian Li ,  Jesse Savage ,  Carl Schedvin

Inventor： Sorin Jianu ,  Sundar Pichai ,  Jocelyn Lin ,  Ann Mei Chang ,  Othman Laraki ,  Joerg Heilig ,  John Fu ,  Shankar Ganesh ,  Jian Li ,  Jesse Savage ,  Carl Schedvin

IPC: G06F9/445 ,  H04L29/08

CPC classification number: G06F8/61 ,  G06F8/65 ,  H04L63/123 ,  H04L67/02 ,  H04L67/34

Abstract: Systems and techniques to provide for software installation. In general, in one implementation, the technique includes detecting selection of one or more applications by a user; creating a manifest for the one or more applications, the manifest including a reference to the one or more applications and a reference to one or more installers, where each of the one or more applications is associated with a unique one of the one or more installers; and providing the manifest to a target system where each of the one or more applications can be installed, none of the applications or installers being provided in the manifest.

Abstract translation: 提供软件安装的系统和技术。 通常，在一个实现中，该技术包括检测用户对一个或多个应用的​​选择; 为所述一个或多个应用创建清单，所述清单包括对所述一个或多个应用的​​引用以及对一个或多个安装者的引用，其中所述一个或多个应用中的每一个与所述一个或多个安装者中的唯一的一个或多个安装者相关联 ; 并将清单提供给可以安装一个或多个应用程序中的每一个的目标系统，清单中没有提供任何应用程序或安装程序。

公开(公告)号：US08261258B1

公开(公告)日：2012-09-04

申请号：US11262056

申请日：2005-10-28

Applicant: Sorin Jianu ,  Sundar Pichai ,  Jocelyn Lin ,  Ann Mei Chang ,  Othman Laraki ,  Joerg Heilig ,  John Fu ,  Shankar Ganesh ,  Jian Li ,  Jesse Savage

Inventor： Sorin Jianu ,  Sundar Pichai ,  Jocelyn Lin ,  Ann Mei Chang ,  Othman Laraki ,  Joerg Heilig ,  John Fu ,  Shankar Ganesh ,  Jian Li ,  Jesse Savage

IPC: G06F9/445 ,  G06F9/44

CPC classification number: G06F8/61

Abstract: Systems and techniques to provide for software installation. In general, in one implementation, the technique includes receiving a manifest, the manifest including a reference to one or more applications to be installed, obtaining an installer associated with an application, and using the associated installer to install the application on a target system, the application and the associated installer not being provided in the manifest.

Abstract translation: 提供软件安装的系统和技术。 通常，在一个实现中，该技术包括接收清单，该清单包括对要安装的一个或多个应用程序的引用，获得与应用程序相关联的安装程序，以及使用相关联的安装程序将应用程序安装在目标系统上， 应用程序和相关的安装程序不在清单中提供。

公开(公告)号：US07735094B2

公开(公告)日：2010-06-08

申请号：US11150869

申请日：2005-06-10

Applicant: Govind Varshney ,  Marc A. Silbey ,  Shankar Ganesh ,  Robert Impollonia ,  Venkatraman V Kudallur

Inventor： Govind Varshney ,  Marc A. Silbey ,  Shankar Ganesh ,  Robert Impollonia ,  Venkatraman V Kudallur

IPC: G06F9/44

CPC classification number: H04L63/1408 ,  G06F17/30887 ,  G06F17/30902

Abstract: Various embodiments pertain to ascertaining domain contexts. In one embodiment, an application receives content that may contain a script (i.e. code). In this case, the domain context is ascertained and the script is executed in the context of the domain associated with the received content, rather than requiring the application or some other component to navigate to a location, such as a web location, to attempt to ascertain the domain context of the script. In another embodiment, third party objects or code are required to provide their domain context to an application in order for the application to make a security-based decision.

Abstract translation: 各种实施例涉及确定域上下文。 在一个实施例中，应用程序接收可能包含脚本（即代码）的内容。 在这种情况下，确定域上下文并且在与所接收的内容相关联的域的上下文中执行脚本，而不是要求应用程序或某个其他组件导航到诸如web位置的位置，以尝试 确定脚本的域上下文。 在另一个实施例中，需要第三方对象或代码将其域上下文提供给应用，以便应用进行基于安全的决策。

公开(公告)号：US20050246772A1

公开(公告)日：2005-11-03

申请号：US10835909

申请日：2004-04-30

Applicant: Shankar Ganesh ,  Roberto Franco ,  Kurt Schmucker

Inventor： Shankar Ganesh ,  Roberto Franco ,  Kurt Schmucker

IPC: G06F21/00 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L63/168 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105

Abstract: A method and system for determining whether to allow a network browser action when a transition occurs between security zones as a result of the action is provided. Gaining access to a local machine zone may be a goal for unauthorized entities attempting to improperly access a user's content. The present invention therefore may be initiated to block transitions from the security zones with stricter security restrictions to zones with less security restrictions. In addition, a selected alternative may be commenced depending on the relative weight of the security zones involved the zone transition. Depending on the relative weight of security zones, the transition between zones may be allowed, prevented, or the user may be prompted to decide whether to allow or prevent the action that results in the zone transition.

Abstract translation: 提供了一种用于在作为结果的安全区之间发生转换时确定是否允许网络浏览器动作的方法和系统。 访问本地计算机区域可能是未经授权的实体尝试不正确访问用户内容的目标。 因此，本发明可以被启动以阻止具有更严格的安全限制的安全区域到具有较少安全限制的区域的转换。 此外，可以根据涉及区域转换的安全区域的相对权重来开始选择的替代方案。 根据安全区域的相对权重，可以允许，防止区域之间的过渡，或者可能会提示用户决定是否允许或阻止导致区域转换的动作。

公开(公告)号：US08646078B2

公开(公告)日：2014-02-04

申请号：US12685528

申请日：2010-01-11

Applicant: Venkatraman V Kudallur ,  Shankar Ganesh ,  Roberto A Franco ,  Vishu Gupta ,  John G Bedworth

Inventor： Venkatraman V Kudallur ,  Shankar Ganesh ,  Roberto A Franco ,  Vishu Gupta ,  John G Bedworth

IPC: G06F12/14 ,  G08B23/00

CPC classification number: G06F21/60 ,  G06F21/56 ,  G06F21/562 ,  G06F21/566

Abstract: A model restricts un-trusted data/objects from running on a user's machine without permission. The data is received by a protocol layer that reports a MIME type associated with the DATA, and caches the data and related cache file name (CFN). A MIME sniffer is arranged to identify a sniffed MIME type based on the cached data, the CFN, and the reported MIME type. Reconciliation logic evaluates the sniffed MIME type and the CFN to determine a reconciled MIME type, and to update the CFN. A class ID sniffer evaluates the updated CFN, the cached data, and the reconciled MIME type to determine an appropriate class ID. Security logic evaluates the updated CFN, the reported class ID, and other related system parameters to build a security matrix. Parameters from the security matrix are used to intercept data/objects before an un-trusted data/object can create a security breach on the machine.

Abstract translation: 模型限制不受信任的数据/对象在未经许可的情况下在用户计算机上运行。 数据由报告与DATA关联的MIME类型的协议层接收，并缓存数据和相关缓存文件名（CFN）。 安排MIME嗅探器根据缓存的数据，CFN和报告的MIME类型来识别嗅探的MIME类型。 调和逻辑评估嗅探的MIME类型和CFN以确定对帐的MIME类型，并更新CFN。 类ID嗅探器评估更新的CFN，缓存数据和已对帐的MIME类型，以确定适当的类ID。 安全逻辑评估更新的CFN，报告的类ID和其他相关系统参数以构建安全性矩阵。 来自安全矩阵的参数用于在不可信数据/对象可能在机器上创建安全漏洞之前拦截数据/对象。

公开(公告)号：US08429756B2

公开(公告)日：2013-04-23

申请号：US12777565

申请日：2010-05-11

Applicant: Shankar Ganesh ,  John G. Bedworth

Inventor： Shankar Ganesh ,  John G. Bedworth

IPC: H04L29/06

CPC classification number: H04L63/105

Abstract: A security model restricts binary behaviors on a machine based on identified security zones. Binary behaviors can be attached to an element of a document, web-page, or email message. The binary behavior potentially threatens security on the local machine. A security manager intercepts download requests and/or execution requests, identifies a security zone for the requested binary behavior, and restricts access based on the security zone. The binary behavior can identify a security zone according to the related URL. In one example, all binary behaviors associated with a security zone are handled identically. In another example, a list of permissible binary behaviors is associated with a security zone such that only specified binary behaviors are granted access. In still another example, a list of impermissible binary behaviors is associated with a security zone such that binary behaviors that are found in the list cannot initiate access.