-
公开(公告)号:US08782797B2
公开(公告)日:2014-07-15
申请号:US12175264
申请日:2008-07-17
申请人: Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
发明人: Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
IPC分类号: G06F7/04
CPC分类号: G06F21/55 , H04L63/1416
摘要: Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
摘要翻译: 提供了管理在计算环境中发生的相同来源策略(SOP)故障的系统和方法。 在说明性实现中,示例性计算环境包括锁箱模块,以及指令集,其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令,以及根据 一个选定的SOP管理模式。 在说明性实现中,SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令,允许管理,监视和控制可在相同原始策略下操作的计算应用特征/操作。
-
公开(公告)号:US10019570B2
公开(公告)日:2018-07-10
申请号:US11762900
申请日:2007-06-14
IPC分类号: H04L12/859 , G06F21/53 , G06F9/455 , H04L29/06
CPC分类号: G06F21/53 , G06F2009/45587 , G06F2221/2119 , H04L63/1441
摘要: Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.
-
公开(公告)号:US20090070663A1
公开(公告)日:2009-03-12
申请号:US11851309
申请日:2007-09-06
申请人: Xiaofeng Fan , Jiahe Helen Wang
发明人: Xiaofeng Fan , Jiahe Helen Wang
IPC分类号: G06F3/00
CPC分类号: G06F21/566 , G06F21/562
摘要: Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.
摘要翻译: 描述了用于保护网络用户免受恶意可执行代码的过程和技术。 实现了拦截Web浏览器和脚本引擎之间的通信的代理引擎。 代理引擎可以调用各种定制事件处理程序,其被配置为处理在web内容的处理中发生的特定类型的事件(例如,脚本事件)。 脚本屏蔽事件处理程序在预定义的无脚本区域中检测脚本的存在,并防止脚本在用户设备上执行。
-
公开(公告)号:US09906549B2
公开(公告)日:2018-02-27
申请号:US11851303
申请日:2007-09-06
申请人: Xiaofeng Fan , Jiahe Helen Wang
发明人: Xiaofeng Fan , Jiahe Helen Wang
CPC分类号: H04L63/1441 , G06F21/51 , G06F2221/2119 , H04L63/0281 , H04L67/2819
摘要: Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.
-
公开(公告)号:US20080313648A1
公开(公告)日:2008-12-18
申请号:US11762900
申请日:2007-06-14
IPC分类号: G06F9/44
CPC分类号: G06F21/53 , G06F2009/45587 , G06F2221/2119 , H04L63/1441
摘要: Systems and methodologies for accessing resources associated with a Web-based application in accordance with one or more embodiments disclosed herein may include a browser that obtains at least first resources from a first domain and second resources from a second domain and a resource management component that facilitates controlled communication between the first resources and the second resources and prevents the first resources and the second resources from accessing other resources that the first resources and the second resources are not permitted to access. The resource management component may be further operable to contain restricted services in a sandbox containment structure and/or to isolate access-controlled resources in a service instance. In addition, the resource management component may be operable to facilitate the flexible display of resources from disparate domains and/or controlled communication therebetween.
摘要翻译: 根据本文公开的一个或多个实施例,用于访问与基于Web的应用相关联的资源的系统和方法可以包括从第一域获得至少第一资源的浏览器和从第二域获得第二资源的资源管理组件 控制第一资源和第二资源之间的通信,并且防止第一资源和第二资源访问第一资源和第二资源不被允许访问的其他资源。 资源管理组件可以进一步可操作以在沙盒容纳结构中包含受限服务和/或隔离服务实例中的访问控制资源。 此外,资源管理组件可以可操作以便于来自不同域的资源的灵活显示和/或其间的受控通信。
-
公开(公告)号:US20100017883A1
公开(公告)日:2010-01-21
申请号:US12175264
申请日:2008-07-17
申请人: Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
发明人: Jiahe Helen Wang , Xiaofeng Fan , Shuo Chen
IPC分类号: G06F21/00
CPC分类号: G06F21/55 , H04L63/1416
摘要: Systems and methods to manage same-origin-policy (SOP) failures that occur in a computing environment are provided. In an illustrative implementation, an exemplary computing environment comprises a lockbox module, and an instruction set comprising at least one instruction directing the lockbox module to process data and/or computing application execution commands representative of and a request for a selected operation/feature according to a selected SOP management paradigm. In the illustrative implementation, the SOP management paradigm comprises one or more instructions to deploy a “lockbox” computing application element allowing for the management, monitoring, and control of computing application features/operations operable under a same origin policy.
摘要翻译: 提供了管理在计算环境中发生的相同来源策略(SOP)故障的系统和方法。 在说明性实现中,示例性计算环境包括锁箱模块,以及指令集,其包括指示锁箱模块处理数据和/或计算代表所选择的操作/特征的应用执行命令的至少一个指令,以及根据 一个选定的SOP管理模式。 在说明性实现中,SOP管理范例包括部署“锁箱”计算应用元件的一个或多个指令,允许管理,监视和控制可在相同原始策略下操作的计算应用特征/操作。
-
公开(公告)号:US20090070869A1
公开(公告)日:2009-03-12
申请号:US11851303
申请日:2007-09-06
申请人: Xiaofeng Fan , Jiahe Helen Wang
发明人: Xiaofeng Fan , Jiahe Helen Wang
IPC分类号: G06F21/00
CPC分类号: H04L63/1441 , G06F21/51 , G06F2221/2119 , H04L63/0281 , H04L67/2819
摘要: Processes and techniques for protecting web users from malicious executable code are described. A proxy engine is implemented that intercepts communications between a web browser and a script engine. The proxy engine can invoke a variety of custom event handlers that are configured to handle specific types of events (e.g., script events) that occur in the processing of web content. A script shield event handler detects the presence of script in pre-defined script-free zones and prevents the script from being executed on a user's device.
-
公开(公告)号:US08613096B2
公开(公告)日:2013-12-17
申请号:US11948681
申请日:2007-11-30
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , G06F21/577
摘要: The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要翻译: 所要求保护的主题提供了生成用于漏洞的数据补丁的系统和/或方法。 该系统可以包括检查从数据流接收或获取的漏洞的设备和组件,构建探测并确定探针是否利用漏洞。 至少部分地基于这样的确定,动态地产生数据补丁以补救迄今为止的漏洞。
-
公开(公告)号:US08225392B2
公开(公告)日:2012-07-17
申请号:US11183329
申请日:2005-07-15
申请人: Opher Dubrovsky , Boaz Ein-Gil , Jiahe Helen Wang
发明人: Opher Dubrovsky , Boaz Ein-Gil , Jiahe Helen Wang
IPC分类号: H04L29/06
CPC分类号: H04L63/1433 , H04L63/145 , H04L67/02
摘要: An exemplary computer-implementable method (300) transforms or “immunizes” information to reduce or eliminate risk of exploitation of a known vulnerabilty of a software service and includes receiving information (304) in response to a request, transforming the information (308) to produce transformed information and sending the transformed information (312). An exemplary firewall server (112) includes server software (144, 148) that allows the firewall server (112) to receive information from a resource (104, 108) via a network and to send information to a client computer (114) and an immunization component (264, 268) for immunizing the information to prevent exploitation of a vulnerabilty of browser software (154) on the client computer (114). Various other exemplary methods, devices, systems, etc., are also disclosed.
摘要翻译: 示例性的可计算机可实现的方法(300)转换或“免疫”信息以减少或消除利用软件服务的已知脆弱性的风险,并且包括响应于请求接收信息(304),将信息(308)变换为 产生变换后的信息并发送变换后的信息(312)。 示例性防火墙服务器(112)包括服务器软件(144,148),其允许防火墙服务器(112)经由网络从资源(104,108)接收信息,并将信息发送到客户端计算机(114)和 用于免疫所述信息以防止利用所述客户端计算机(114)上的浏览器软件(154)的脆弱性的免疫组件(264,268)。 还公开了各种其它示例性方法,装置,系统等。
-
公开(公告)号:US07856100B2
公开(公告)日:2010-12-21
申请号:US11311916
申请日:2005-12-19
申请人: Jiahe Helen Wang , Qiang Huang , David Jao
发明人: Jiahe Helen Wang , Qiang Huang , David Jao
IPC分类号: H04K1/00 , H04L9/00 , H04L9/30 , H04L29/06 , B41K3/38 , G06F7/04 , G06F17/30 , G06F7/00 , G06F15/00 , H04N7/16
摘要: A method and system for collecting data from devices using a homomorphic encryption of the data is provided. A collection system of a device adds contributions to homomorphically encrypted data and forwards the requests to another device. When the device receives a reply to the request, it uncombines its contribution to the homomorphic encryption of the data. The device then forwards the reply to the previous device. The initiator device ultimately removes its contribution to the encryption and identifies the data.
摘要翻译: 提供了一种使用数据的同态加密从设备收集数据的方法和系统。 设备的收集系统对同态加密的数据添加贡献,并将请求转发到另一个设备。 当设备收到对请求的回复时,它将其贡献与数据的同态加密相结合。 然后,设备将回复转发到以前的设备。 启动器设备最终消除其对加密的贡献并识别数据。
-
-
-
-
-
-
-
-
-
搜索结果
48 条记录 (耗时 0.021 秒)
