The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Mar. 18, 2014
Filed:
Nov. 23, 2007
Ulfar Erlingsson, San Francisco, CA (US);
Yinglian Xie, Cupertino, CA (US);
Ben Livshits, Kirkland, WA (US);
Cedric Fournet, Cambridge, GB;
Ulfar Erlingsson, San Francisco, CA (US);
Yinglian Xie, Cupertino, CA (US);
Ben Livshits, Kirkland, WA (US);
Cedric Fournet, Cambridge, GB;
Microsoft Corporation, Redmond, WA (US);
Abstract
A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.