公开(公告)号：US20110106948A1

公开(公告)日：2011-05-05

申请号：US12840123

申请日：2010-07-20

申请人： Roberto A. Franco ,  Anantha P. Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K. Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

发明人： Roberto A. Franco ,  Anantha P. Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K. Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

IPC分类号： G06F15/173

CPC分类号： G06F21/53

摘要： In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.

摘要翻译： 在各种实施例中，被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行，所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如，在一些实施例中，受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质（例如硬盘）的部分进行读取和写入访问。 在这些实施例中，称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。

公开(公告)号：US08161563B2

公开(公告)日：2012-04-17

申请号：US12840123

申请日：2010-07-20

申请人： Roberto A. Franco ,  Anantha P. Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K. Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

发明人： Roberto A. Franco ,  Anantha P. Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K. Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

IPC分类号： H04L29/06

CPC分类号： G06F21/53

摘要： In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.

摘要翻译： 在各种实施例中，被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行，所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如，在一些实施例中，受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质（例如硬盘）的部分进行读取和写入访问。 在这些实施例中，称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。

公开(公告)号：US07792964B2

公开(公告)日：2010-09-07

申请号：US11262316

申请日：2005-10-28

申请人： Roberto A. Franco ,  Anantha P Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

发明人： Roberto A. Franco ,  Anantha P Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K Tokumi ,  Jeremiah S. Epling ,  Daniel Sie ,  Jianrong Gu ,  Marc Silbey ,  Vidya Nallathimmayyagari ,  Bogdan Tepordei

IPC分类号： G06F15/173 ,  G06F15/16

CPC分类号： G06F21/53

摘要： In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.

摘要翻译： 在各种实施例中，被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行，所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如，在一些实施例中，受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质（例如硬盘）的部分进行读取和写入访问。 在这些实施例中，称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。

公开(公告)号：US08078740B2

公开(公告)日：2011-12-13

申请号：US11145530

申请日：2005-06-03

申请人： Roberto A. Franco ,  Anantha P Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K Tokumi

发明人： Roberto A. Franco ,  Anantha P Ganjam ,  John G. Bedworth ,  Peter T. Brundrett ,  Roland K Tokumi

IPC分类号： G06F15/16

CPC分类号： G06F21/53

摘要： In various embodiments, applications that are configured to interact with the Internet in some way are executed in a restricted process with a reduced privilege level that can prohibit the application from accessing portions of an associated computing device. For example, in some embodiments, the restricted process can prohibit applications from read and write access to portions of a system's computer-readable media, such as the hard disk, that contains administrative data and settings information and user data and settings. In these embodiments, a special portion of the disk, termed a “containment zone”, is designated and used by applications in this restricted process.

摘要翻译： 在各种实施例中，被配置为以某种方式与因特网进行交互的应用程序在具有降低的权限级别的受限进程中执行，所述权限级别可以禁止应用访问相关联的计算设备的部分。 例如，在一些实施例中，受限制的过程可以禁止应用程序对包含管理数据和设置信息以及用户数据和设置的系统的计算机可读介质（例如硬盘）的部分进行读取和写入访问。 在这些实施例中，称为“容纳区”的盘的特殊部分在该限制过程中由应用程序指定和使用。

公开(公告)号：US08108902B2

公开(公告)日：2012-01-31

申请号：US10836182

申请日：2004-04-30

申请人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

发明人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

IPC分类号： G06F17/30

CPC分类号： H04L63/20 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105 ,  H04L63/168

摘要： A method and system for locking down a local machine zone associated with a network browser is provided. Placing the local machine zone in a lockdown mode provides stricter security settings that are applied to active content attempting to publish within a local page open in the network browser. The stricter setting are provided in a new set of registry keys that correspond to the lockdown mode of the local machine zone. The original security settings remain unchanged so that other systems and applications functionality that depends on the original security settings remains unaffected for the local machine zone. A user may also selectively allow active content to render despite the local machine zone being locked down.

摘要翻译： 提供了一种用于锁定与网络浏览器相关联的本地计算机区域的方法和系统。 将本地计算机区域置于锁定模式下，将提供更严格的安全设置，适用于尝试在网络浏览器中打开的本地页面中发布的活动内容。 更严格的设置在与本地机器区域的锁定模式相对应的一组新的注册表项中提供。 原始的安全设置保持不变，这样依赖于原始安全设置的其他系统和应用程序功能对本地计算机区域不会受到影响。 即使本地机器区被锁定，用户也可以选择性地允许活动内容呈现。

公开(公告)号：US08650612B2

公开(公告)日：2014-02-11

申请号：US13361466

申请日：2012-01-30

申请人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

发明人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105 ,  H04L63/168

摘要： A method and system for locking down a local machine zone associated with a network browser is provided. Placing the local machine zone in a lockdown mode provides stricter security settings that are applied to active content attempting to publish within a local page open in the network browser. The stricter setting are provided in a new set of registry keys that correspond to the lockdown mode of the local machine zone. The original security settings remain unchanged so that other systems and applications functionality that depends on the original security settings remains unaffected for the local machine zone. A user may also selectively allow active content to render despite the local machine zone being locked down.

摘要翻译： 提供了一种用于锁定与网络浏览器相关联的本地计算机区域的方法和系统。 将本地计算机区域置于锁定模式下，将提供更严格的安全设置，适用于尝试在网络浏览器中打开的本地页面中发布的活动内容。 更严格的设置在与本地机器区域的锁定模式相对应的一组新的注册表项中提供。 原始的安全设置保持不变，这样依赖于原始安全设置的其他系统和应用程序功能对本地计算机区域不会受到影响。 即使本地机器区被锁定，用户也可以选择性地允许活动内容呈现。

公开(公告)号：US20120131636A1

公开(公告)日：2012-05-24

申请号：US13361466

申请日：2012-01-30

申请人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

发明人： David Andrew Ross ,  Roberto A. Franco ,  John Green Bedworth ,  Shankar Ganesh ,  Venkatraman V. Kudallur ,  Anantha P. Ganjam ,  Kurt James Schmucker

IPC分类号： G06F21/00

CPC分类号： H04L63/20 ,  G06F21/53 ,  G06F21/6218 ,  H04L63/105 ,  H04L63/168

摘要： A method and system for locking down a local machine zone associated with a network browser is provided. Placing the local machine zone in a lockdown mode provides stricter security settings that are applied to active content attempting to publish within a local page open in the network browser. The stricter setting are provided in a new set of registry keys that correspond to the lockdown mode of the local machine zone. The original security settings remain unchanged so that other systems and applications functionality that depends on the original security settings remains unaffected for the local machine zone. A user may also selectively allow active content to render despite the local machine zone being locked down.

摘要翻译： 提供了一种用于锁定与网络浏览器相关联的本地计算机区域的方法和系统。 将本地计算机区域置于锁定模式下，将提供更严格的安全设置，适用于尝试在网络浏览器中打开的本地页面中发布的活动内容。 更严格的设置在与本地机器区域的锁定模式相对应的一组新的注册表项中提供。 原始的安全设置保持不变，这样依赖于原始安全设置的其他系统和应用程序功能对本地计算机区域不会受到影响。 即使本地机器区被锁定，用户也可以选择性地允许活动内容呈现。

公开(公告)号：US20120304316A1

公开(公告)日：2012-11-29

申请号：US13570044

申请日：2012-08-08

申请人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

发明人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

IPC分类号： G06F21/00

CPC分类号： H04L63/104 ,  H04L63/102

摘要： A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

摘要翻译： 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时，组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫，使得标记域被导航到新的网页。 然而，防止未经授权的呼叫，使得不允许对新网页的导航。 标记域已导航后，与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。

公开(公告)号：US08601278B2

公开(公告)日：2013-12-03

申请号：US13570044

申请日：2012-08-08

申请人： Sundaram Ramini ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

发明人： Sundaram Ramini ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

IPC分类号： G06F21/00

CPC分类号： H04L63/104 ,  H04L63/102

摘要： A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

摘要翻译： 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时，组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫，使得标记域被导航到新的网页。 然而，防止未经授权的呼叫，使得不允许对新网页的导航。 标记域已导航后，与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。

公开(公告)号：US08245049B2

公开(公告)日：2012-08-14

申请号：US10867338

申请日：2004-06-14

申请人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

发明人： Sundaram Ramani ,  Joseph S. Beda ,  Mark Alcazar ,  Roberto A. Franco ,  Roland Katsuaki Tokumi ,  John G. Bedworth

IPC分类号： G06F21/00

CPC分类号： H04L63/104 ,  H04L63/102

摘要： A method and system for validating access to a group of related elements are described. The elements within the group access a security context associated with a markup domain when a call is made to an element. An authorized call to an element is enabled such that the markup domain is navigated to a new web page. However, an unauthorized call is prevented so that the navigation to the new web page is not permitted. After the markup domain has been navigated, the security context associated with the markup domain is invalidated. A new security context is generated and associated with the markup domain. The elements associated with the web page navigated from are inaccessible after navigation of the markup domain to the new page. The association of the new security context with the markup domain prevents an unauthorized user from accessing any element that references the previous security context.

摘要翻译： 描述用于验证对一组相关元素的访问的方法和系统。 当对元素进行调用时，组内的元素访问与标记域相关联的安全上下文。 启用对元素的授权呼叫，使得标记域被导航到新的网页。 然而，防止未经授权的呼叫，使得不允许对新网页的导航。 标记域已导航后，与标记域相关联的安全上下文将无效。 生成新的安全上下文并与标记域相关联。 与导航到网页的网页相关联的元素在标记域导航到新页面后是无法访问的。 新安全上下文与标记域的关联可防止未经授权的用户访问引用先前安全上下文的任何元素。