The present invention relates to the field of network browsing software and, in particular, to methods and systems for providing security when accessing network sites.
In recent years, there has been a tremendous proliferation of computers connected to a global network known as the Internet. A xe2x80x9cclientxe2x80x9d computer connected to the Internet can download digital information from xe2x80x9cserverxe2x80x9d computers connected to the Internet. Client application and operating system software executing on client computers typically accept commands from a user and obtain data and services by sending requests to server applications running on server computers connected to the Internet. A number of protocols are used to exchange commands and data between computers connected to the Internet. The protocols include the File Transfer Protocol (FTP), the Hyper Text Transfer Protocol (HTTP), the Simple Mail Transfer Protocol (SMTP), and the xe2x80x9cGopherxe2x80x9d document protocol.
The HTTP protocol is used to access data on the World Wide Web, often referred to as xe2x80x9cthe Web.xe2x80x9d The World Wide Web is an information service on the Internet providing documents and links between documents. The World Wide Web is made up of numerous Web sites around the world that maintain and distribute Web documents. A Web site may use one or more Web server computers that are able to store and distribute documents in one of a number of formats including the Hyper Text Markup Language (HTML). An HTML document can contain text, graphics, audio clips, and video clips, as well as metadata or commands providing formatting information. HTML documents also include embedded xe2x80x9clinksxe2x80x9d that reference other data or documents located on the local computer or network server computers.
A Web browser is a client application, software component, or operating system utility that communicates with server computers via FTP, HTTP, and Gopher protocols. Web browsers receive Web documents from the network and present them to a user. Internet Explorer, available from Microsoft Corporation, of Redmond, Washington, is an example of a popular Web browser.
An intranet is a local area network containing Web servers and client computers operating in a manner similar to the World Wide Web described above. Additionally, on an intranet a Web browser can retrieve files from a file system server executing on the same computer as the Web browser, or on a remote computer on the local area network. A Web browser can retrieve files on the local area network using the xe2x80x9cFILExe2x80x9d protocol, which comprises file system commands. Typically, all of the computers on an intranet are contained within a company or organization. Many intranets include a xe2x80x9cfirewallxe2x80x9d that functions as a gateway between the intranet and the Internet, and prevents outside people from breaking into the computers of an organization. A xe2x80x9cproxy serverxe2x80x9d is one well-known type of firewall.
In addition to data and metadata, HTML documents can contain embedded software components containing program code that perform a wide variety of operations. These software components expand the interactive ability of an HTML document""s user interface. The components can perform other operations, such as manipulating data and playing audio or video clips. ActiveX is a specification developed by Microsoft Corporation for creating software components that can be embedded into an HTML document. Java is a well-known programming language that can be used to develop components called xe2x80x9capplets,xe2x80x9d which are transmitted with HTML documents from Web servers to client computers. JavaScript and VBScript are scripting languages that are also used to extend the capabilities of HTML. JavaScript and VBScript scripts are embedded in HTML documents. A browser executes each script as it reaches the position in the script during interpretation of the HTML document.
Some software components transferred over the World Wide Web perform operations that are not desired by a user. This may occur either because a component developer intentionally programmed the component to perform a malicious operation, or because a xe2x80x9cbugxe2x80x9d in the software causes the component to perform a malicious operation. In addition to components that are transferred with an HTML document, files transferred to a client computer utilizing other protocols, such as FTP, may include commands that perform malicious operations.
One way in which browsers have addressed the problem of undesirable operations being performed as a result of Web transfers is to notify the user prior to performing a xe2x80x9criskyxe2x80x9d operation. The user is permitted to determine, prior to each operation, whether to allow the specified operation. For example, prior to installing an ActiveX control, a browser may display a dialog window specifying the source of the ActiveX control and allowing the user to decide whether or not to install the specified control. Similarly, the browser may present a dialog window to the user prior to downloading a file, executing a program, or executing a script.
This security procedure can result in a user repeatedly being presented with dialog windows asking for permission to perform certain operations, interrupting the user""s browsing session. Faced with frequent interruptions, a user may respond hastily and improperly.
It is desirable to have a mechanism that allows a user to specify desired security information in order to avoid repetitive and unnecessary queries from the Web browser. Preferably, such a mechanism will provide a browser user with a way to categorize different Web servers according to a level of trust, and allow the performance of operations based on the level of trust corresponding to a source location. Additionally, a preferable mechanism will allow an administrator or an end user to specify, for each category of source locations, a corresponding set of operations that are allowed or disallowed. Further, a preferable mechanism will provide sets of predetermined security settings that can be associated with each category of trust level. The present invention is directed to providing such a mechanism.
In accordance with this invention, a system and a computer based method of providing security when browsing one or more Web sites from a client computer is disclosed. The method includes configuring a Web browser to establish multiple security zones, each zone corresponding to a set of Web sites. Each zone has a corresponding set of security settings that specify actions to be taken when a corresponding protected operation to be performed in response to receiving a Web document. During a Web browsing session, the mechanism of the invention determines the security zone corresponding to the Web site currently being browsed. Prior to performing a protected operation, the mechanism of the invention determines the action to perform, based on the current Web site""s security zone, the requested operation, and the security setting corresponding to the requested operation and the Web site""s zone.
In accordance with other aspects of this invention, during a Web browsing session between a client computer and a server computer, upon receiving, at the client computer, a Web document from a server computer, the Web browser determines whether a protected operation is to be performed in response to receiving the Web document. If a protected operation is to be performed, the Web browser determines a security setting corresponding to the protected operation and the server computer. The Web browser may perform the protected operation or prevent the performance of the protected operation. It may also query a user whether to perform the protected operation and selectively perform the protected operation based on the user response.
In accordance with still other aspects of this invention, the Web browser displays visual information indicating the security zone corresponding to a server computer when a Web document from the server computer is being displayed.
In accordance with yet still other aspects of this invention, the client computer may be located behind a firewall, and receive Web documents from server computers behind the firewall and remote server computers external to, or outside of, the firewall. The Web browser may be configured so that one security zone does not include any server computers that are external to the firewall and so that another security zone includes only server computers that are behind the firewall. Preferably, the browser is configured so that the security zone corresponding to the server computers external to the firewall specifies a higher level of security than the security zone corresponding to server computers behind the firewall.
As will be readily appreciated from the foregoing description, a system and method of providing security when browsing Web sites formed in accordance with the invention provides a way of selectively restricting operations that can be performed during a Web browsing session, such that the restrictions may vary according to the level of trust that a user has for each Web site. The invention allows the user to configure a Web browser so that the different security zones reflect different levels of trust for each corresponding group of Web sites. Default security settings corresponding to each security zone and a default distribution of Web sites among the security zones simplifies the process of configuring a Web browser. Allowing a user to modify the default settings provides users with customizable security to allow for differing situations or concerns. The invention minimizes the amount of disruption that may occur during a Web browsing session in order to determine the user""s preferences. By allowing a user to configure the security settings at a time convenient to the user, the invention increases the likelihood that the user will carefully consider the choices involved in security configurations.