Executing applications at appropriate trust levels

Description

TECHNICAL FIELD

This invention relates to executing applications.

BACKGROUND

Executing applications deployed from remote sources can be dangerous. Applications from remote sources may contain malicious code like worms or viruses that can damage or misuse a user's computer or information.

To partially combat this problem, typical Internet browsers can execute an application published to a remote location (e.g., an Internet domain) with a trust level predetermined for that location. Applications executed at a high trust level are permitted to perform riskier operations than those executed at a low trust level. Trust levels used by these Internet browsers are typically set prior to running the application based on how trustworthy the remote location is deemed to be. To execute applications with these Internet browsers, however, a user typically must have access to the remote location, such as via the Internet.

If a user wants to execute an application published to a remote location for later use when he or she will not have remote access, the user can save the application onto his or her local machine. The user can then later execute the application when he or she does not have remote access. There is a significant danger in doing so, however. The application may not execute at an appropriate trust level when executed from the user's local machine. This is because applications loaded from a local machine typically execute with a higher trust that is assigned to the local machine.

Similarly, if a user wants to execute an application that is not published to—but does originate from—a remote location, the user can save the application onto his or her local machine. The user can then execute the application but it may execute at an inappropriate trust level. One common example of this is when applications are received via email or floppy disk. While the user can run these applications, to do so the user typically saves the application to his or her local machine, often implicitly granting the application a higher trust level than it deserves.

In these and other cases where an application is received from a remote source and saved locally, the trust level at which the application is executed can be too high or too low. This is because many computer systems assume a particular level of trust (usually too high) for applications cached or executed from a local source. This potentially endangers a user's computer and, importantly, personal or corporate information.

Assume, for example, that Joe emails Jane an application and Jane saves the application onto her local machine. By so doing Jane can execute the application from her local machine. When Jane executes the application from her local machine, however, her computer typically assumes a trust level based on the location from which the application was executed (locally), which is often inappropriate. If the application contains malicious code, when Jane executes the application from her local machine it may damage her computer, steal information, and the like.

Similarly, if Jane saves locally an application from a website and later executes it, the application is typically granted too high a trust level. If it is granted too high a trust level the application is executed at the higher, inappropriate trust level, thereby endangering her computer and its information.

Further, even if the application Jane runs is not given too high a trust level, but just a different trust level than that at which it will optimally execute, the application may perform inconsistently or otherwise operate poorly.

Thus, typical trust levels granted in executing applications locally that originate from remote sources are often too high or too low, either potentially endangering a user's computer or sacrificing consistent and/or robust operation of the application.

SUMMARY

This patent application describes systems and methods (“tools”) enabling execution of applications at appropriate trust levels. These tools can determine appropriate trust levels by comparing applications' permitted trust levels with their requested trust levels.

These tools can determine and embed requested trust levels into applications. The requested trust levels can permit or minimally permit operations capable of being performed by the applications.

To determine permitted trust levels, these tools can compare applications' execution locations with their published locations. The applications can then be executed at these permitted trust levels or at lower trust levels if the applications request lower trust levels. These tools can also disallow execution of applications that will not run safely and robustly, such as when an application requests a higher trust level than is permitted.

These tools also allow applications to be executed at appropriate trust levels when those applications are received from remote sources, such as through email or floppy disks. Regardless of from where applications are received, the tools can enable execution of these applications at appropriate trust levels.

Also, these tools can execute applications at a restricted trust level. Applications executed at this restricted trust level can be prohibited from performing operations capable of endangering a user's computer or information.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an exemplary architecture having security tools.

FIG. 2 sets forth a flow diagram of an exemplary process for building requested trust levels.

FIG. 3 illustrates an exemplary table of trust levels.

FIG. 4 sets forth a flow diagram of an exemplary process for executing an application at an appropriate trust level.

FIG. 5 illustrates an exemplary table showing permitted trust levels.

FIG. 6 illustrates an exemplary table showing appropriate, permitted, and requested trust levels.

FIG. 7 sets forth a flow diagram of an exemplary process for executing or preparing for execution an application at a restricted trust level.

The same numbers are used throughout the disclosure and figures to reference like components and features.

DETAILED DESCRIPTION

Overview

This patent application describes systems and methods (“tools”) for secure execution of applications. Some of these tools can determine operations executable by an application that may damage a computer. Based on this determination or otherwise, these tools can build requested trust levels for applications.

Applications having a requested trust level can be sent from remote locations and received by tools located elsewhere, such as at a user's computer. The tools at the user's computer can determine whether or not to execute these received applications at their requested trust levels. In doing so, these tools can determine permitted trust levels for these applications as well as their requested trust levels. These tools can determine these permitted trust levels based on from where the applications are cached or executed and various information embedded into the application, for instance. In part by comparing the permitted trust levels with the requested trust levels, these tools can execute applications at an appropriate trust level, if one exists.

If, for instance, an application requests a higher trust level than the tools have determined to be permissible, the tools may not execute the application. Here, the tools potentially protect a user's computer from an application that may contain malicious code. Also for instance, if an application requests a trust level identical to that which the tools have determined permissible, the tools can execute the application at the requested trust level. Further, if an application requests a lower trust level than that determined to be permitted, the tools can execute the application at the lower, requested trust level. By so doing, the tools can execute applications at an appropriate trust level.

In cases where a very low trust level is appropriate for an application, the tools can execute the application at a restricted trust level. This trust level enables safe execution of applications that may not be trustworthy.

Exemplary Architecture

Referring to FIG. 1, an exemplary architecture 100 is shown having a computing device 102. The computing device 102 is shown capable of communicating with a remote location 104 through a communication network 106 or physical media 108. The remote location 104 can comprise locations at which accessible information is stored, such as computing devices or an Internet domain. The communication network 106 comprises devices or manners by which the computer 102 can send information to, or access information at, the remote location 104. The communication network 106 can comprise, for instance, a global Internet or an intranet. The computing device 102 can, for instance, send applications to, and receive applications from, the remote location 104 through email via the communication network 106. Applications can also be sent and received through physical media 108, such as floppy disks.

The computing device 102 is shown having access to or comprising a processor 110, an operating system 112, a memory 114, and security tools 116. The processor 110 and the operating system 112 are well known and so are not discussed here. The memory 114 can comprise volatile memory and/or non-volatile memory. The memory 114 is shown with a cache 118 and a local memory 120. To aid in discussing various embodiments of the tools 116, the tools 116 are shown having a trust-level builder 122 and a runtime 124. Also to aid in discussing various embodiments, an exemplary application 126 is shown. This application 126 can comprise any compilation of executable code, such as a form template or a word-processing document having a macro. This application 126 can originate, be executed from, and/or be cached from various locations, such as the local memory 120 or the remote location 104.

This architecture 100 and its components are shown to aid in discussing, but are not intended to limit the applicability of, the security tools 116. Other well-known computing systems, environments, and/or configurations that may be suitable for use with the tools 116 comprise, for example, personal computers, server computers, hand-held or laptop devices, multiprocessor systems, microprocessor-based systems, programmable consumer electronics, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.

The tools 116 may be described in the general context of, or implemented with, computer-executable instructions, such as program modules, executed by one or more computers or other devices. Generally, program modules include routines, programs, objects, components, data structures and etc. that perform particular tasks or implement particular abstract data types. The functionality of the program modules may be combined or distributed in various embodiments, including those described below.

These computer-executable instructions can comprise computer-readable media. The computing device 102 can, for instance, comprise computer-readable media, which can be accessed by the tools 116. Computer-readable media can comprise, for example, computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information. This stored information can comprise computer-readable instructions, data structures, program modules, and other data. Computer storage media comprise, by way of example, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVDs) or other optical storage, magnetic media storage devices, or any other medium that can be used to store the desired information and that can be accessed by the tools 116. Communication media typically embodies computer-readable instructions, data structures, program modules, or other data in a modulated data signal (e.g., a carrier wave or other transport mechanism) and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. Communication media can comprise, for example, wired media, such as a wired network or direct-wired connection, and wireless media, such as acoustic, RF, infrared, and other wireless media. Combinations of any of the above can also be included within the scope of computer-readable media.

Building Requested Trust Levels

Referring to FIG. 2, an exemplary process 200 for building requested trust levels is shown. The process 200 is illustrated as a series of blocks representing individual operations or acts performed by the tools 116 and/or the builder 122. This and other processes described herein may be implemented in any suitable hardware, software, firmware, or combination thereof. In the case of software and firmware, these processes represent sets of operations implemented as computer-executable instructions.

The tools 116, through the builder 122, can build requested trust levels for applications and, through the runtime 124, execute these or other applications at an appropriate trust level. The applications, such as the application 126, executed by the runtime 124 may be those having requested trust levels built by the builder 122 or may be received from the remote source 104. Applications received from the remote source 104 may have requested trust levels built by some other builder 122, and so may or may not be trustworthy. For purposes of this description of the process 200, the builder 122 prepares the application 126 for later use, such as by another user at a remote location, by building a requested trust level for that application 126.

Determining Potentially Dangerous Operations Performable By an Application

At block 202, potentially dangerous operations performable by an application are determined. In an ongoing embodiment, the builder 122 analyzes the application 126 to determine what types of operations it can perform that can potentially harm the computing device 102 or compromise its information. The builder 122 can analyze the application 126 by scanning its constituent parts to find links, data sources, web services, and other pieces of code that can indicate a potential compromise to security.

The builder 122 can, for instance, find universal resource locators (URLs) indicating that the application 126 may attempt to communicate with remote locations, such as the remote location 104. How the application 126 intends to communicate can also be ascertained by analyzing code associated with a URL. This associated code can, for example, look information up from or send information to data sources like a database or an Internet site. Similarly, the builder 122 can find code that accesses personal information of the user (such as information stored in the memory 114) and sends it out, such as the user's credit card information sent to a bank website. The builder 122 can also determine that no code of the application 126 can compromise security.

At block 204, a minimum trust level is determined. In the ongoing embodiment, the builder 122 determines a minimum trust level at which the application 126 is permitted to perform the potentially dangerous operations determined at the block 202.

Referring to FIG. 3, an exemplary table 300 of trust levels is shown. In this embodiment, these trust levels comprise three levels: full trust level 302; location-dependent trust level 304; and restricted trust level 306. Full trust level 302 permits any operation by the application 126. Location-dependent trust level 304 permits operations not requiring full trust 302 by requiring at least one operation that can potentially compromise security. Restricted trust 306 does not permit any potentially security-compromising operations.

If, for example, the builder 122 determines that the application 126 can access, add, alter, or delete information from the memory 114, the builder 122 determines the minimum trust level to be the full trust level 302. If the builder 122 determines that the application 126 can access information from a website, the builder 122 determines the minimum trust level to be the location-dependent trust level 304. If the builder 122 determines that it cannot access any information other than the information it creates, the builder determines the minimum trust level to be the restricted trust level 306.

Setting a Requested Trust Level

At block 206, a requested trust level is set. This requested trust level can be set by a user, such as by the user manually choosing the trust level. In the ongoing embodiment, the requested trust level is the minimum trust level determined by the builder 122 at the block 204.

At block 208, the requested trust level can be embedded into an application. In the ongoing embodiment, the builder 122 embeds the requested trust level into the application 126. The builder 122 can do so by adding code into a configuration setting or another appropriate location of the application 126. If the application 126 comprises eXtensible Markup Language (XML), the builder 122 can add the XML attributes set forth for the trust levels in the table 300 of FIG. 3.

Referring to FIG. 3, the builder 122 adds the attributes shown in the table 300 to the application 126, based on the requested trust level. The builder 122 can add, for instance, a requested full trust level 302 to the application with the full-trust attribute 308. Here the attribute 308 is: “requireFullTrust=yes”. For a requested location-dependent trust level 304, the builder 122 can add the location-dependent attribute 310. Here the attribute 310 is: “trustLevel=Domain”. In some embodiments, the attribute 310 can also be “trustLevel=”, which can be assumed by the runtime 124 to equate to “trustLevel=Domain” but with “Domain” being a different location than an execution location, discussed below. For a requested restricted trust level 306, the builder 122 can add the restricted attribute 312. Here the attribute 312 is: “trustLevel=Restricted.”

At block 210, an application is published to a location. In the ongoing embodiment, if the trust level requested is the location-dependent trust level 304, the builder 122 embeds this published location (e.g., a dependent location URL) information into the application 126. The location-dependent trust level 304 can comprise varying levels of trust, depending on a published location of the application 126 and other factors. These varying levels of trust are described in greater detail as part of the discussion relating to the runtime 124, below.

A published location can be a location from which the application 126 is intended to be executed or cached. For example, if the builder 122 is building a requested trust level for an application that is to be available at a website, the published location for the application can be a URL indicating the domain from which the application can be accessed, such as that of the remote location 104. Similarly, if the builder 122 is building a requested trust level for an application that is to be accessed from a local source (such as the local memory 120), the published location for the application can be a filing system address from which the application can be accessed locally. Published locations can be used by the runtime 122 to aid it in determining appropriate trust levels at which to execute applications.

By building requested trust levels for applications, the builder 122 enhances security for computer systems. It also provides for a consistent user experience. Applications having requested trust levels can be executed at a consistent trust level regardless of where the application is executed from. By so doing, a user's experience can be consistent without regard to what computer or device from which the user executes the application. Also, applications having requested trust levels are more likely to behave robustly. These applications, because they are executed at a consistent trust level, are not subject to fluctuations due to being executed at a trust level at which they were not designed.

Executing an Application at an Appropriate Trust Level

Referring to FIG. 4, an exemplary process 400 for executing an application at an appropriate trust level is shown. The process 400 is illustrated as a series of blocks representing individual operations or acts performed by the tools 116 and/or the runtime 124. This process 400 can be implemented following the process 200 or can be implemented separately as a stand-alone process.

In the ongoing embodiment the application 126 is used for purposes of discussion. The application 126 can be received, accessed, executed, or cached from a remote source or locally, such as the remote location 104 and the local memory 120, respectively. The application 126 has a requested trust level, though that requested trust level may or may not have been built by the builder 122 as described in the process 200 above.

In some embodiments the process 400 begins when a user attempts to execute the application 126, such as by double-clicking on the application 126. When the user does so, the tools 116 can cache the application 126 to the cache 118 (shown) from an accessible location of the application 126.

Determining a Requested Trust Level

At block 402, a requested trust level for an application is determined. In the ongoing embodiment, the runtime 124 extracts from the application 126 an embedded requested trust level. The runtime 124 can determine whether or not the attributes 308, 310, or 312 are embedded in the application 126. Thus, if the runtime 124 determines that the attribute 308 of “requireFullTrust=yes” is embedded in the application 126, it determines that the application 126 requests the full trust level 302. If the runtime 124 determines that the attribute 310 of “trustLevel=Domain” is embedded in the application 126, it determines that the application 126 requests the location-dependent trust level 304. Similarly, if it determines that the attribute 312 of “trustLevel=Restricted” is embedded, the application 126 requests the restricted trust level 306.

Because the application 126 can contain malicious code, the runtime 124 does not trust the requested trust level of the application 126. For example, criminal persons might write applications having various requested trust levels using a copy of the builder 122, for instance. The requested trust level of the application 126, however, can be used by the runtime 124 to help determine an appropriate trust level for executing the application 126, if one exists.

Determining a Permitted Trust Level

At block 404, a permitted trust level for an application is determined. This permitted trust level can be independent of how an application is transmitted. Whether an application is received via email, or a floppy disk, or through other manners, the permitted trust level can be the same. Likewise, from where an application originates, such as from a website or another computer user, does not determine what trust level is permitted. Rather, a permitted trust level for an application can be determined based on from what location it is cached or executable and its published location.

In the ongoing embodiment, the runtime 124 determines the permitted trust level for the application 126. It can do so based on from what location the application 126 is executable or cached, a published location extracted from the application 126, and/or having a signed certificate. The runtime 124 can use the published location to aid in determining a permitted trust level, but the runtime 124 does not need to trust the published location or any other information extracted from the application 126, as will be apparent below.

Referring to FIG. 5, an exemplary table 500 setting forth exemplary permitted trust levels is shown. The trust levels shown are set forth as examples; other permitted levels can be used or defined. The exemplary trust levels comprise the full trust level 302, the location-dependent trust level 304, and the restricted trust level 306. The location-dependent trust level 304 can be further delineated, in this embodiment into three sublevels: a local machine trust level 502; an intranet trust level 504; and an Internet trust level 506. The local machine trust level 502 is a higher trust level than the intranet trust level 504, which is higher than the Internet trust level 506. Various potential execution locations for the application 126 are set forth at numeral 508. Whether or not the execution locations (“ELs”) 508 for the application 126 matches the published location (here shown with the attribute “LocationID=”) is shown at a column 510 of FIG. 5.

At block 404a, the location from which an application is executable or cached is determined. In the ongoing embodiment, the runtime 124 determines the execution location 508 for the application 126.

At block 404b, a published location for an application is determined. In the ongoing embodiment, the runtime 124 determines a published location for the application 126 by extracting this information from the application 126, if the application 126 contains a published location. Here the published location can be indicated with an XML attribute, such as “LocationID=Domain”, where “Domain” is a URL.

At block 404c, whether or not an application is installed or highly trusted is determined. In the ongoing embodiment, the runtime 124 determines whether or not the application 126 is installed or highly trusted. If it is, the runtime 124 follows the “Yes” path and permits local machine trust 502 or full trust 302, at block 404d. If not, it follows the “No” path to block 404e.

At block 404d, if the runtime 124 determines that the application 126 is installed and requests full trust, such as by extracting “requireFullTrust=yes”, shown in table 500 at 512, the runtime 124 permits the application 126 to be executed at full trust 302, shown in table 500 at 514. If the runtime 124 determines that the application 126 is installed but does not request full trust, such as by extracting “requireFullTrust=no”, shown in table 500 at 516, the runtime 124 permits (but not requires) the application 126 to be executed at local machine trust 502, shown at 518.

Also at block 404d, if the runtime 126 has determined that the application 126 is highly trusted, such as by being signed with a certificate (shown at numeral 520), the runtime 124 permits full trust 302, shown at 522.

At block 404e, an execution location (“EL”) and published location are compared. If the execution location and the published location match, the runtime 124 proceeds along the “Yes” path to block 404f. If not, it proceeds along the “No” path to block 404g.

At block 404f, location-dependent trust level 304 is permitted. In the ongoing embodiment, the runtime 124 permits either the machine level trust 502, the intranet level trust 504, or the Internet level trust 506, based on either the published location or the execution location. As set forth in FIG. 5, these location-dependent trust levels 502, 504, and 506 are permitted.

Assume, for example, that a user receives an email with the application 126 attached. Also assume that the user saves the application 126 to his or her local memory 120. At some later point, if the user attempts to execute the application 126, the runtime 124 will follow the process 400 to determine an appropriate trust level at which to execute the application 126, if one exists. In this example, assume that the runtime 124 determines, at block 402, that the application 126 requests location-dependent trust level 304 for a website on the Internet (e.g., the Internet level trust 506). The runtime 124 does not need the requested trust level to determine a permitted trust level, as the requested trust level is not trusted.

At block 404a, the runtime 124 determines that the execution location for the attached application 126 is the local machine memory 120. At block 404b, assume that the runtime 124 extracts the published, remote location for the website from the attached application 126. At block 404e, the runtime 124 determines that the execution location and the published location are not the same. Because of this, the runtime 124 permits only restricted trust level 306 (shown at 528). This ensures that the application 126 is not given too high a trust. In this example, the attached application 126 can contain malicious code; the attached application 126 could be built to request a trust based on a website and have a published location matching that website without either these being trustworthy. Because the application 126 did not necessarily originate at the website that it claims to have originated from, it is not trusted. Thus, the runtime 124 will not permit location-dependent trust 304 or full trust 302 (assuming the application 126 isn't highly trusted for some other reason).

In some cases, though, the runtime 126 permits location-dependent trust level 304. If an application is cached from the same location as published for the application, for instance, the runtime 126 will consider the application more trustworthy. If, for example, a user attempts to execute from a website the application 126, the runtime 124 can determine that the execution location of the application 126 is the website. If the application 126 also has a published location of this website (extracted by the runtime 124), which matches the execution location, the runtime 124 permits the application 126 to be executed at the Internet trust level 506. This is permitted because a trust level associated with that website is logical to permit; as the application 126 has been determined to actually be from that website (it has an execution location matching a published location of that website). That website can have a particular trust level associated with it that is set by an administrator or based on various factors analyzed using an algorithm, or through other well-known manners.

Determining and Executing at an Appropriate Trust Level

At block 406, an appropriate trust level is determined. The appropriate trust level can be determined based on comparing a requested trust level for an application with a permitted trust level. If an application has a requested trust level less than that of a permitted trust level, the runtime 124 can set the appropriate trust level as that of the requested trust level. If an application has a permitted trust level and requested trust level that are equal, the runtime 124 can set the appropriate trust level as that of the permitted trust level. If an application has a requested trust level higher than that of its permitted trust level, the runtime 124 can fail to set any trust level as appropriate. By failing to permit execution of an application at a lower trust level that it requests, the runtime 124 can limit inconsistent or non-robust operation of the application.

At block 408, an application is executed at an appropriate trust level, if one exists.

In the ongoing embodiment, the runtime 124 determines appropriate trust levels, which can comprise: the full trust level 302; the location-dependent trust level 304; or the restricted trust level 306. If no appropriate trust level exists, the runtime 124 will not execute the application 126 at block 408.

Referring to FIG. 6, an exemplary table 600 setting forth exemplary appropriate trust levels 602 are shown. These appropriate trust levels 602 shown are set forth as examples; other appropriate levels can be used or defined. The exemplary appropriate trust levels 602 at which an application can be executed comprise the full trust level 302, the location-dependent trust level 304, and the restricted trust level 306. The location-dependent trust level 304 is shown with further delineation, here the local machine trust level 502, the intranet trust level 504, and the Internet trust level 506. The table 600 shows one way in which the runtime 124 can determine appropriate trust levels 602 based on permitted trust levels shown in column 604 and requested trust levels of full trust, location-dependent trust, and restricted trust, shown in columns 606, 608, and 610, respectively.

If the requested trust level of the application 126 is the restricted trust level 306, the runtime executes the application 126 at that level. If the permitted trust level is higher than the restricted trust level 306, the application 126 likely can be executed and operate fully at the restricted trust level 306. As shown in the table 600, if the permitted trust level shown in column 604 is the local machine trust level 502, for instance, the runtime executes the application 126 at the restricted trust level 306 if that is requested (shown at 612). Various ways in which the runtime 124 can execute applications at the restricted trust level 306 and embodiments of this level are set forth in greater detail below in a section entitled, “Exemplary Restricted Trust Level.”

If the requested trust level is higher than the permitted trust level, the runtime 124 may not execute the application 126. Executing an application at a lower trust level that it requests can sacrifice robust and consistent operation of the application. This also can diminish a user's experience in using the application. Executing the application at above the permitted level can be dangerous, and so is not done. As shown in the table 600, if the permitted trust level shown in column 604 is restricted but the requested trust level shown at column 608 is location-dependent, the runtime 124 can fail to execute the application 126 (shown at numeral 614).

If the requested trust level is equal to the permitted trust level, the runtime 124 executes the application at the permitted/requested trust level. Examples of this are shown at numerals 616, 618, and 620.

Thus, the runtime 124 executes applications at appropriate trust levels. Applications may not be executed at higher trust levels than those at which they can be trusted. They can be executed at lower trust levels if they can be robustly and fully operated at these lower trust levels, based on a lower, requested trust level. And they can be executed at a permitted trust level if they can be trusted at this level and need to be executed at this level for full operation.

Exemplary Restricted Trust Level

Referring to FIG. 7, an exemplary process 700 for executing an application at an exemplary restricted trust level is shown. This restricted trust level permits execution of applications while prohibiting those applications from performing operations capable of endanger a user's computer or information. The process 700 is illustrated as a series of blocks representing individual operations or acts performed by the tools 116 and/or the runtime 124. This process 700 can be implemented as part of the process 400 or can be implemented separately as a stand-alone process. The restricted trust level set forth in this process is one implementation of the restricted trust level 306 described above.

At block 702, potentially damaging operations in an application are determined. In an ongoing embodiment, the runtime 124 scans the application 126 for custom code and/or any feature that requires connections to any data source outside of the application's 126 boundaries. The runtime 124 can do so by finding all URLs (e.g., links and website domains) in the application 126. These URLs can indicate that the application 126 is capable of accessing information or locations outside of the application 126 itself.

At block 704, potentially damaging operations are neutralized. In the ongoing embodiment, the runtime 124 neutralizes URLs found in the application 126, so that no data source outside the application boundaries can be contacted.

At block 706, rights potentially exercised for an application are removed. In the ongoing embodiment, the runtime 124 assigns a random execution location and/or published location to the application 126. By so doing, a trust level above restricted that potentially could be allowed for the application 126 due to its execution location or published location is removed.

At block 708, all custom code of an application is made safe. In the ongoing embodiment, the runtime 124 forbids and/or makes inaccessible all data connections (except email submittal), ActiveX controls, custom code written using managed code, roles, workflow, and the like in the application 126. Script is allowed only if it interacts exclusively with the data within the application.

At block 710, outside calls attempted during execution are intercepted and/or prevented. In the ongoing embodiment, the runtime 124 executes the application 126 but intercept and prevents any outside calls by the application 126 (such as to a URL).

If, for example, the application 126 is a form template but is to be executed at this restricted trust level, the application 126 can create information but cannot access any information other than the information that it creates. In the case of a form template, the runtime 124 executes the template and permits it to create an electronic document, receive data keyed into the electronic document from a user, and the like. The runtime 124 does not permit, however, the template from accessing or sending information outside of the application's boundaries, such as from or to a user's memory (e.g., the memory 114), an intranet site, or an Internet site.

At block 712, if the application 126 is rendering a view the runtime 124 assigns a fictitious URL to the view. This fictitious URL can have a very low level of permission. The runtime 124, following this low level, can prevent calls to external resources that the application 126's view is attempting to reach. In one embodiment, the view comprises Hyper Text Machine Language (HTML). HTML is a language that is capable of referencing URLs in many different ways, such as to script, styles, pictures, and frames. In part for this reason, the runtime 124 can perform additional operations to further secure the view, set forth at blocks 714 and 716.

At block 714, the runtime 124 traps outside calls, such as those attempted by the view that are not prohibited at block 712. In one embodiment, the runtime 124 traps outside calls by mapping all URLs through one or more particular code paths. Thus, these calls must use these code paths. The runtime 124 can, however, block these code paths, thereby prohibiting these outside calls from being made using these URLs.

In some cases, however, the application's 126 view is capable of making an outside call through a URL with a redefined interpretation.

At block 716, the runtime 124 finds and neutralizes URLs with a redefined interpretation. When URLs are interpreted in new ways, it can be difficult to prevent outside calls that use them. To aid in preventing these outside calls, the runtime 124 can scan a rendered view as it is updated to find these URLs. As the view is updated, the runtime 124 determines whether or not URLs are being interpreted in a new way. If so, the runtime 124 neutralizes these URLs, such as by deleting them from the view.

In one embodiment, the view comprises HTML. In these cases, a URL can be interpreted in a new way with a “base tag”. The runtime 124 can delete base tags that redefine how a URL is interpreted from the HTML code of the view.

Conclusion

The above-described tool enables execution of applications at appropriate trust levels. Although the invention has been described in language specific to structural features and/or methodological acts, it is to be understood that the invention defined in the appended claims is not necessarily limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the claimed invention.

Claims

1. A computer implemented method comprising: determining potentially dangerous operations of an application by finding one or more universal resource locators (URLs) in the application and analyzing code associated with each URL effective to determine whether the code is configured to communicate with one or more remote locations; andpreventing or intercepting the potentially dangerous operations of the application by embedding a requested trust level into the application, the requested trust level comprising at least one of: a full trust level that requests permission to communicate with any remote location; ora location-dependent trust level that requests permission to communicate with at least one of the one or more remote locations.
2. The method of claim 1, wherein the act of preventing or intercepting comprises preventing any information from being sent outside of, or received by, the application.
3. The method of claim 2, wherein the application comprises arbitrary HTML.
4. The method of claim 1, further comprising assigning a fictitious universal resource locator (URL) to a view being rendered by the application.
5. The method of claim 4, wherein the fictitious URL is associated with a low level of permission.
6. The method of claim 1, further comprising trapping outside calls attempted by a view being rendered by the application.
7. The method of claim 1, further comprising finding and neutralizing a universal resource locator (URL) having a redefined interpretation that is in a view being rendered by the application.
8. The method of claim 7, wherein the view comprises Hyper Text Markup Language (HTML) and the act of finding and neutralizing the URL comprising finding and neutralizing a base tag.
9. The method of claim 1, wherein the act of preventing or intercepting comprises preventing or intercepting all outside calls made by the application, and wherein the outside calls comprise a call made by the application to a universal resource locator outside the application's boundaries.
10. The method of claim 1, further comprising neutralizing the potentially dangerous operations.
11. The method of claim 1, further comprising removing rights potentially exercisable by the application.
12. The method of claim 11, wherein the act of removing rights comprises assigning a random execution location or published location to the application.
13. The method of claim 1, further comprising making safe custom code of the application.
14. The method of claim 13, wherein the act of making safe comprises forbidding or making inaccessible data connections or custom controls.
15. One or more computer storage media having computer-executable instructions for performing the method recited in claim 1.
16. A computer implemented method comprising: determining potentially dangerous operations in an application, the determining including scanning the application for universal resource locators and code that is configured to communicate with one or more remote locations associated with the universal resource locators; andpreventing or intercepting the potentially dangerous operations by embedding a requested trust level into the application, the requested trust level comprising at least one of: a full trust level that requests permission to communicate with any remote location; ora location dependent trust level that requests permission to communicate with at least one of the one or more remote locations.
17. The method of claim 16, further comprising removing rights potentially exercisable by the application.
18. The method of claim 17, wherein the act of removing rights comprises assigning a random execution location or published location to the application.
19. The method of claim 16, further comprising making safe custom code of the application.
20. The method of claim 19, wherein the act of making safe comprises forbidding or making inaccessible data connections or custom controls.
21. The method of claim 16, wherein the act of preventing or intercepting comprises preventing or intercepting all outside calls made by the application.
22. One or more computer storage media having computer-executable instructions for performing the method recited in claim 16.
23. A computer implemented method comprising: determining if an application is configured to access data outside of the applications boundaries based on one or more URL's;responsive to determining that the application is configured to access data outside of the application's boundaries based on said one or more URL's, embedding a location dependent trust level into the application that requests permission to access data outside of the application's boundaries; andresponsive to determining that the application is not configured to access data outside of the application's boundaries based on said one or more URL's, embedding a restricted trust level into the application that does not request permission to access data outside of the application's boundaries.
24. The method of claim 23, further comprising determining the operations and neutralizing the operations.
25. The method of claim 23, further comprising removing rights potentially exercisable by the application.
26. One or more computer storage media having computer-executable instructions for performing the method recited in claim 23.

CROSS REFERENCE TO RELATED PATENT APPLICATION

This is a divisional of and priority is claimed to co-pending U.S. patent application having Ser. No. 10/857,689 and a filing date of May 27, 2004 for EXECUTING APPLICATIONS AT APPROPRIATE TRUST LEVELS of Stott, et al. This co-pending United States Patent Application is commonly assigned herewith and is hereby incorporated herein by reference for all that it discloses.

US Referenced Citations (773)

Number	Name	Date	Kind
4201978	Nally	May 1980	A
4498147	Agnew et al.	Feb 1985	A
4514800	Gruner et al.	Apr 1985	A
4564752	Lepic et al.	Jan 1986	A
4641274	Swank	Feb 1987	A
4674040	Barker et al.	Jun 1987	A
4723211	Barker et al.	Feb 1988	A
4739477	Barker et al.	Apr 1988	A
4815029	Barker et al.	Mar 1989	A
4847749	Collins et al.	Jul 1989	A
4910663	Bailey	Mar 1990	A
4926476	Covey	May 1990	A
4933880	Borgendal et al.	Jun 1990	A
4962475	Hernandez et al.	Oct 1990	A
5025484	Yamanari et al.	Jun 1991	A
5072412	Henderson, Jr. et al.	Dec 1991	A
5140563	Thinesen	Aug 1992	A
5179703	Evans	Jan 1993	A
5182709	Makus	Jan 1993	A
5187786	Densmore et al.	Feb 1993	A
5191645	Carlucci et al.	Mar 1993	A
5195183	Miller et al.	Mar 1993	A
5204947	Bernstein et al.	Apr 1993	A
5206951	Khoyi et al.	Apr 1993	A
5218672	Morgan et al.	Jun 1993	A
5220649	Forcier	Jun 1993	A
5222160	Sakai et al.	Jun 1993	A
5228100	Takeda et al.	Jul 1993	A
5237680	Adams et al.	Aug 1993	A
5249275	Srivastava	Sep 1993	A
5251273	Betts et al.	Oct 1993	A
5274803	Dubin et al.	Dec 1993	A
5297249	Bernstein et al.	Mar 1994	A
5297283	Kelly, Jr. et al.	Mar 1994	A
5313631	Kao	May 1994	A
5313646	Hendricks et al.	May 1994	A
5317686	Salas et al.	May 1994	A
5333317	Dann	Jul 1994	A
5339423	Beitel et al.	Aug 1994	A
5339424	Fushimi	Aug 1994	A
5341478	Travis, Jr. et al.	Aug 1994	A
5369766	Nakano et al.	Nov 1994	A
5369778	San Soucie et al.	Nov 1994	A
5371675	Greif et al.	Dec 1994	A
5377323	Vasudevan	Dec 1994	A
5379419	Heffeman et al.	Jan 1995	A
5381547	Flug et al.	Jan 1995	A
5390325	Miller	Feb 1995	A
5396623	McCall et al.	Mar 1995	A
5408665	Fitzgerald	Apr 1995	A
5410646	Tondevold et al.	Apr 1995	A
5410688	Williams et al.	Apr 1995	A
5412772	Monson	May 1995	A
5434975	Allen	Jul 1995	A
5436637	Gayraud et al.	Jul 1995	A
5438659	Notess et al.	Aug 1995	A
5440744	Jacobson et al.	Aug 1995	A
5446842	Schaeffer et al.	Aug 1995	A
5455875	Chevion et al.	Oct 1995	A
5459865	Heninger et al.	Oct 1995	A
5481722	Skinner	Jan 1996	A
5497489	Menne	Mar 1996	A
5504898	Klein	Apr 1996	A
5517655	Collins et al.	May 1996	A
5535389	Elder et al.	Jul 1996	A
5542070	LeBlanc et al.	Jul 1996	A
5550976	Henderson et al.	Aug 1996	A
5551035	Arnold et al.	Aug 1996	A
5555325	Burger	Sep 1996	A
5566330	Sheffield	Oct 1996	A
5572643	Judson	Nov 1996	A
5572648	Bibayan	Nov 1996	A
5577252	Nelson et al.	Nov 1996	A
5581686	Koppolu et al.	Dec 1996	A
5581760	Atkinson et al.	Dec 1996	A
5600789	Parker et al.	Feb 1997	A
5602996	Powers, III et al.	Feb 1997	A
5608720	Biegel et al.	Mar 1997	A
5625783	Ezekiel et al.	Apr 1997	A
5627979	Chang et al.	May 1997	A
5630126	Redpath	May 1997	A
5634121	Tracz et al.	May 1997	A
5634124	Khoyi et al.	May 1997	A
5640544	Onodera et al.	Jun 1997	A
5644738	Goldman et al.	Jul 1997	A
5649099	Theimer et al.	Jul 1997	A
5659729	Nielsen	Aug 1997	A
5664133	Malamud et al.	Sep 1997	A
5664178	Sinofsky	Sep 1997	A
5668966	Ono et al.	Sep 1997	A
5669005	Curbow et al.	Sep 1997	A
5682536	Atkinson et al.	Oct 1997	A
5689667	Kurtenbach	Nov 1997	A
5689703	Atkinson et al.	Nov 1997	A
5704029	Wright, Jr.	Dec 1997	A
5706501	Horikiri et al.	Jan 1998	A
5717939	Bricklin et al.	Feb 1998	A
5721824	Taylor	Feb 1998	A
5740439	Atkinson et al.	Apr 1998	A
5742504	Meyer et al.	Apr 1998	A
5745683	Lee et al.	Apr 1998	A
5745712	Turpin et al.	Apr 1998	A
5748807	Lopresti et al.	May 1998	A
5758184	Lucovsky et al.	May 1998	A
5758358	Ebbo	May 1998	A
5761408	Kolawa et al.	Jun 1998	A
5761683	Logan et al.	Jun 1998	A
5764984	Loucks	Jun 1998	A
5764985	Smale	Jun 1998	A
5778372	Cordell et al.	Jul 1998	A
5778402	Gipson	Jul 1998	A
5784555	Stone	Jul 1998	A
5790796	Sadowsky	Aug 1998	A
5798757	Smith	Aug 1998	A
5801701	Koppolu et al.	Sep 1998	A
5802304	Stone	Sep 1998	A
5806079	Rivette et al.	Sep 1998	A
5815830	Anthony	Sep 1998	A
5826031	Nielsen	Oct 1998	A
5826265	Van Huben et al.	Oct 1998	A
5835777	Staelin	Nov 1998	A
5838906	Doyle et al.	Nov 1998	A
5842018	Atkinson et al.	Nov 1998	A
5845077	Fawcett	Dec 1998	A
5845090	Collins, III et al.	Dec 1998	A
5845122	Nielsen et al.	Dec 1998	A
5854630	Nielsen	Dec 1998	A
5859973	Carpenter et al.	Jan 1999	A
5862372	Morris et al.	Jan 1999	A
5862379	Rubin et al.	Jan 1999	A
5864819	De Armas et al.	Jan 1999	A
5873088	Hayashi et al.	Feb 1999	A
5905492	Straub et al.	May 1999	A
5907621	Bachman et al.	May 1999	A
5907704	Gudmundson et al.	May 1999	A
5910895	Proskauer et al.	Jun 1999	A
5911776	Guck	Jun 1999	A
5915112	Boutcher	Jun 1999	A
5922072	Hutchinson et al.	Jul 1999	A
5928363	Ruvolo	Jul 1999	A
5929858	Shibata et al.	Jul 1999	A
5940075	Mutschler, III et al.	Aug 1999	A
5950010	Hesse et al.	Sep 1999	A
5953731	Glaser	Sep 1999	A
5956481	Walsh et al.	Sep 1999	A
5960199	Brodsky et al.	Sep 1999	A
5963964	Nielsen	Oct 1999	A
5973696	Agranat et al.	Oct 1999	A
5974454	Apfel et al.	Oct 1999	A
5982370	Kamper	Nov 1999	A
5983348	Ji	Nov 1999	A
5987480	Donohue et al.	Nov 1999	A
5991710	Papineni et al.	Nov 1999	A
5991731	Colon et al.	Nov 1999	A
5991877	Luckenbaugh	Nov 1999	A
5995103	Ashe	Nov 1999	A
5999740	Rowley	Dec 1999	A
6005570	Gayraud et al.	Dec 1999	A
6012066	Discount et al.	Jan 2000	A
6014135	Fernandes	Jan 2000	A
6016520	Facq et al.	Jan 2000	A
6018743	Xu	Jan 2000	A
6021403	Horvitz et al.	Feb 2000	A
6026379	Haller et al.	Feb 2000	A
6026416	Kanerva et al.	Feb 2000	A
6031989	Cordell	Feb 2000	A
6035297	Van Huben et al.	Mar 2000	A
6035309	Dauerer et al.	Mar 2000	A
6044205	Reed et al.	Mar 2000	A
6052531	Waldin et al.	Apr 2000	A
6052710	Saliba et al.	Apr 2000	A
6054987	Richardson	Apr 2000	A
6057837	Hatakeda et al.	May 2000	A
6058413	Flores et al.	May 2000	A
6065043	Domenikos et al.	May 2000	A
6069626	Cline et al.	May 2000	A
6070184	Blount et al.	May 2000	A
6072870	Nguyen et al.	Jun 2000	A
6078326	Kilmer et al.	Jun 2000	A
6078327	Liman et al.	Jun 2000	A
6078924	Ainsbury et al.	Jun 2000	A
6081610	Dwork et al.	Jun 2000	A
6084585	Kraft et al.	Jul 2000	A
6088679	Barkley	Jul 2000	A
6088708	Burch et al.	Jul 2000	A
6091417	Lefkowitz	Jul 2000	A
6094657	Hailpern et al.	Jul 2000	A
6096096	Murphy et al.	Aug 2000	A
6097382	Rosen et al.	Aug 2000	A
6098081	Heidorn et al.	Aug 2000	A
6105012	Chang et al.	Aug 2000	A
6108637	Blumenau	Aug 2000	A
6108783	Krawczyk et al.	Aug 2000	A
6115646	Fiszman et al.	Sep 2000	A
6121965	Kenney et al.	Sep 2000	A
6122647	Horowitz et al.	Sep 2000	A
6144969	Inokuchi et al.	Nov 2000	A
6151624	Teare et al.	Nov 2000	A
6154128	Wookey et al.	Nov 2000	A
6163772	Kramer et al.	Dec 2000	A
6167521	Smith et al.	Dec 2000	A
6167523	Strong	Dec 2000	A
6182094	Humpleman et al.	Jan 2001	B1
6182095	Leymaster et al.	Jan 2001	B1
6188401	Peyer	Feb 2001	B1
6191797	Politis	Feb 2001	B1
6192367	Hawley et al.	Feb 2001	B1
6195661	Filepp et al.	Feb 2001	B1
6199204	Donohue	Mar 2001	B1
6209128	Gerard et al.	Mar 2001	B1
6216152	Wong et al.	Apr 2001	B1
6219423	Davis	Apr 2001	B1
6219698	Iannucci et al.	Apr 2001	B1
6225996	Gibb et al.	May 2001	B1
6235027	Herzon	May 2001	B1
6243088	McCormack et al.	Jun 2001	B1
6253366	Mutschler, III	Jun 2001	B1
6253374	Dresevic et al.	Jun 2001	B1
6263313	Milsted et al.	Jul 2001	B1
6266810	Tanaka et al.	Jul 2001	B1
6268852	Lindhorst et al.	Jul 2001	B1
6272506	Bell	Aug 2001	B1
6275227	DeStefano	Aug 2001	B1
6275599	Adler et al.	Aug 2001	B1
6279042	Ouchi	Aug 2001	B1
6281896	Alimpich et al.	Aug 2001	B1
6282709	Reha et al.	Aug 2001	B1
6282711	Halpern et al.	Aug 2001	B1
6286033	Kishinsky et al.	Sep 2001	B1
6292897	Gennaro et al.	Sep 2001	B1
6292941	Jollands	Sep 2001	B1
6297819	Furst	Oct 2001	B1
6300948	Geller et al.	Oct 2001	B1
6307955	Zank et al.	Oct 2001	B1
6308179	Petersen et al.	Oct 2001	B1
6308273	Goertzel et al.	Oct 2001	B1
6311221	Raz et al.	Oct 2001	B1
6311271	Gennaro et al.	Oct 2001	B1
6314415	Mukherjee	Nov 2001	B1
6321259	Ouellette et al.	Nov 2001	B1
6321334	Jerger et al.	Nov 2001	B1
6327628	Anuff et al.	Dec 2001	B1
6331864	Coco et al.	Dec 2001	B1
6336214	Sundaresan	Jan 2002	B1
6342907	Petty et al.	Jan 2002	B1
6343149	Motoiwa	Jan 2002	B1
6343302	Graham	Jan 2002	B1
6343377	Gessner et al.	Jan 2002	B1
6344862	Williams et al.	Feb 2002	B1
6345256	Milsted et al.	Feb 2002	B1
6345278	Hitchcock et al.	Feb 2002	B1
6345361	Jerger et al.	Feb 2002	B1
6347323	Garber et al.	Feb 2002	B1
6349408	Smith	Feb 2002	B1
6351574	Yair et al.	Feb 2002	B1
6353851	Anupam et al.	Mar 2002	B1
6353926	Parthesarathy et al.	Mar 2002	B1
6356906	Lippert et al.	Mar 2002	B1
6357038	Scouten	Mar 2002	B1
6366907	Fanning et al.	Apr 2002	B1
6366912	Wallent et al.	Apr 2002	B1
6367013	Bisbee et al.	Apr 2002	B1
6369840	Barnett et al.	Apr 2002	B1
6369841	Salomon et al.	Apr 2002	B1
6374402	Schmeidler et al.	Apr 2002	B1
6381742	Forbes et al.	Apr 2002	B2
6381743	Mutschler, III	Apr 2002	B1
6389434	Rivette et al.	May 2002	B1
6393456	Ambler et al.	May 2002	B1
6393469	Dozier et al.	May 2002	B1
6396488	Simmons et al.	May 2002	B1
6397264	Stasnick et al.	May 2002	B1
6405221	Levine et al.	Jun 2002	B1
6405238	Votipka	Jun 2002	B1
6408311	Baisley et al.	Jun 2002	B1
6414700	Kurtenbach et al.	Jul 2002	B1
6421070	Ramos et al.	Jul 2002	B1
6421656	Cheng et al.	Jul 2002	B1
6421777	Pierre-Louis	Jul 2002	B1
6425125	Fries et al.	Jul 2002	B1
6429885	Saib et al.	Aug 2002	B1
6434563	Pasquali et al.	Aug 2002	B1
6434564	Ebert	Aug 2002	B2
6442563	Bacon et al.	Aug 2002	B1
6442755	Lemmons et al.	Aug 2002	B1
6446110	Lection et al.	Sep 2002	B1
6449617	Quinn et al.	Sep 2002	B1
6457009	Bollay	Sep 2002	B1
6460058	Koppolu et al.	Oct 2002	B2
6463419	Kluss	Oct 2002	B1
6470349	Heninger et al.	Oct 2002	B1
6473800	Jerger et al.	Oct 2002	B1
6476828	Burkett et al.	Nov 2002	B1
6476833	Moshfeghi	Nov 2002	B1
6477544	Bolosky et al.	Nov 2002	B1
6480860	Monday	Nov 2002	B1
6487566	Sundaresan	Nov 2002	B1
6490601	Markus et al.	Dec 2002	B1
6493702	Adar et al.	Dec 2002	B1
6501864	Eguchi et al.	Dec 2002	B1
6502101	Verprauskus et al.	Dec 2002	B1
6502103	Frey et al.	Dec 2002	B1
6505200	Ims et al.	Jan 2003	B1
6505230	Mohan et al.	Jan 2003	B1
6505300	Chen et al.	Jan 2003	B2
6507856	Chen et al.	Jan 2003	B1
6516322	Meredith	Feb 2003	B1
6519617	Wanderski et al.	Feb 2003	B1
6535229	Kraft	Mar 2003	B1
RE38070	Spies et al.	Apr 2003	E
6546546	Van Doorn et al.	Apr 2003	B1
6546554	Schmidt et al.	Apr 2003	B1
6549221	Brown et al.	Apr 2003	B1
6549878	Lowry et al.	Apr 2003	B1
6549922	Srivastava et al.	Apr 2003	B1
6553402	Makarios et al.	Apr 2003	B1
6560616	Garber	May 2003	B1
6560620	Ching	May 2003	B1
6560640	Smethers	May 2003	B2
6563514	Samar	May 2003	B1
6571253	Thompson et al.	May 2003	B1
6578144	Gennaro et al.	Jun 2003	B1
6581061	Graham	Jun 2003	B2
6584469	Chiang et al.	Jun 2003	B1
6584548	Bourne et al.	Jun 2003	B1
6585778	Hind et al.	Jul 2003	B1
6589290	Maxwell et al.	Jul 2003	B1
6594686	Edwards et al.	Jul 2003	B1
6598219	Lau	Jul 2003	B1
6603489	Edlund et al.	Aug 2003	B1
6604099	Chung et al.	Aug 2003	B1
6606606	Starr	Aug 2003	B2
6609200	Anderson et al.	Aug 2003	B2
6611822	Beams et al.	Aug 2003	B1
6611840	Baer et al.	Aug 2003	B1
6611843	Jacobs	Aug 2003	B1
6613098	Sorge et al.	Sep 2003	B1
6615276	Mastrianni et al.	Sep 2003	B1
6629109	Koshisaka	Sep 2003	B1
6631357	Perkowski	Oct 2003	B1
6631379	Cox	Oct 2003	B2
6631497	Jamshidi et al.	Oct 2003	B1
6631519	Nicholson et al.	Oct 2003	B1
6632251	Rutten et al.	Oct 2003	B1
6633315	Sobeski et al.	Oct 2003	B1
6635089	Burkett et al.	Oct 2003	B1
6636845	Chau et al.	Oct 2003	B2
6643633	Chau et al.	Nov 2003	B2
6643652	Helgeson et al.	Nov 2003	B2
6643684	Malkin et al.	Nov 2003	B1
6651217	Kennedy et al.	Nov 2003	B1
6654737	Nunez	Nov 2003	B1
6654932	Bahrs et al.	Nov 2003	B1
6658417	Stakutis et al.	Dec 2003	B1
6658622	Aiken et al.	Dec 2003	B1
6661920	Skinner	Dec 2003	B1
6668369	Krebs et al.	Dec 2003	B1
6671805	Brown et al.	Dec 2003	B1
6675202	Perttunen	Jan 2004	B1
6678717	Schneider	Jan 2004	B1
6681370	Gounares et al.	Jan 2004	B2
6691230	Bardon	Feb 2004	B1
6691281	Sorge et al.	Feb 2004	B1
6697944	Jones et al.	Feb 2004	B1
6701434	Rohatgi	Mar 2004	B1
6701486	Weber et al.	Mar 2004	B1
6704906	Yankovich et al.	Mar 2004	B1
6711679	Guski et al.	Mar 2004	B1
6720985	Silverbrook et al.	Apr 2004	B1
6725426	Pavlov	Apr 2004	B1
6728755	de Ment	Apr 2004	B1
6735721	Morrow et al.	May 2004	B1
6745367	Bates et al.	Jun 2004	B1
6748385	Rodkin et al.	Jun 2004	B1
6748569	Brooke et al.	Jun 2004	B1
6751777	Bates et al.	Jun 2004	B2
6754874	Richman	Jun 2004	B1
6757826	Paltenghe	Jun 2004	B1
6757868	Glaser et al.	Jun 2004	B1
6760723	Oshinsky et al.	Jul 2004	B2
6763343	Brooke et al.	Jul 2004	B1
6772139	Smith, III	Aug 2004	B1
6772165	O'Carroll	Aug 2004	B2
6774926	Ellis et al.	Aug 2004	B1
6779154	Nussbaum et al.	Aug 2004	B1
6781609	Barker et al.	Aug 2004	B1
6782144	Bellavita et al.	Aug 2004	B2
6799299	Li et al.	Sep 2004	B1
6801929	Donoho et al.	Oct 2004	B1
6816849	Halt, Jr.	Nov 2004	B1
6828992	Freeman et al.	Dec 2004	B1
6845380	Su et al.	Jan 2005	B2
6845499	Srivastava et al.	Jan 2005	B2
6847387	Roth	Jan 2005	B2
6848078	Birsan et al.	Jan 2005	B1
6850895	Brodersen et al.	Feb 2005	B2
6862689	Bergsten et al.	Mar 2005	B2
6871220	Rajan et al.	Mar 2005	B1
6871345	Crow et al.	Mar 2005	B1
6874130	Baweja, et al.	Mar 2005	B1
6876996	Czajkowski et al.	Apr 2005	B2
6883168	James et al.	Apr 2005	B1
6889359	Conner et al.	May 2005	B1
6901403	Bata et al.	May 2005	B1
6915454	Moore et al.	Jul 2005	B1
6925609	Lucke	Aug 2005	B1
6931532	Davis et al.	Aug 2005	B1
6941510	Ozzie et al.	Sep 2005	B1
6941511	Hind et al.	Sep 2005	B1
6941521	Lin et al.	Sep 2005	B2
6948129	Loghmani	Sep 2005	B1
6948133	Haley	Sep 2005	B2
6948135	Ruthfield et al.	Sep 2005	B1
6950980	Malcolm	Sep 2005	B1
6957395	Jobs et al.	Oct 2005	B1
6961897	Peel, Jr. et al.	Nov 2005	B1
6963875	Moore et al.	Nov 2005	B2
6968503	Chang et al.	Nov 2005	B1
6968505	Stoll et al.	Nov 2005	B2
6993714	Kaler et al.	Jan 2006	B2
6993722	Greer et al.	Jan 2006	B1
6996776	Makely et al.	Feb 2006	B1
6996781	Myers et al.	Feb 2006	B1
7000179	Yankovich et al.	Feb 2006	B2
7002560	Graham	Feb 2006	B2
7003548	Barck et al.	Feb 2006	B1
7003722	Rothchiller et al.	Feb 2006	B2
7010580	Fu et al.	Mar 2006	B1
7020869	Abriari et al.	Mar 2006	B2
7024417	Russakovsky et al.	Apr 2006	B1
7032170	Poulose	Apr 2006	B2
7036072	Sulistio et al.	Apr 2006	B1
7039875	Khalfay et al.	May 2006	B2
7043687	Knauss et al.	May 2006	B2
7051273	Holt et al.	May 2006	B1
7058663	Johnston et al.	Jun 2006	B2
7062764	Cohen et al.	Jun 2006	B2
7065493	Homsi	Jun 2006	B1
7076728	Davis et al.	Jul 2006	B2
7080083	Kim et al.	Jul 2006	B2
7080325	Treibach-Heck et al.	Jul 2006	B2
7086009	Resnick et al.	Aug 2006	B2
7086042	Abe et al.	Aug 2006	B2
7088374	David et al.	Aug 2006	B2
7100147	Miller et al.	Aug 2006	B2
7103611	Murthy et al.	Sep 2006	B2
7106888	Silverbrook et al.	Sep 2006	B1
7107282	Yalamanchi	Sep 2006	B1
7107521	Santos	Sep 2006	B2
7107539	Abbott et al.	Sep 2006	B2
7120863	Wang	Oct 2006	B1
7124167	Bellotti et al.	Oct 2006	B1
7130885	Chandra et al.	Oct 2006	B2
7143341	Kohli	Nov 2006	B1
7146564	Kim et al.	Dec 2006	B2
7152205	Day et al.	Dec 2006	B2
7168035	Bell et al.	Jan 2007	B1
7178166	Taylor et al.	Feb 2007	B1
7190376	Tonisson	Mar 2007	B1
7191394	Ardeleanu et al.	Mar 2007	B1
7200665	Eshghi et al.	Apr 2007	B2
7200816	Falk et al.	Apr 2007	B2
7213200	Abe et al.	May 2007	B2
7236982	Zlatanov et al.	Jun 2007	B2
7249328	Davis	Jul 2007	B1
7281018	Begun et al.	Oct 2007	B1
7284208	Matthews	Oct 2007	B2
7287218	Knotz et al.	Oct 2007	B1
7296017	Larcheveque et al.	Nov 2007	B2
7313758	Kozlov	Dec 2007	B2
7316003	Dulepet et al.	Jan 2008	B1
7318237	Moriconi et al.	Jan 2008	B2
7334178	Stanciu et al.	Feb 2008	B1
7337391	Clarke et al.	Feb 2008	B2
7337392	Lue	Feb 2008	B2
7346610	Ruthfield et al.	Mar 2008	B2
7346840	Ravishankar et al.	Mar 2008	B1
7346848	Ruthfield et al.	Mar 2008	B1
7350141	Kotler et al.	Mar 2008	B2
7373595	Jones et al.	May 2008	B2
7412649	Emek et al.	Aug 2008	B2
7424671	Elza et al.	Sep 2008	B2
7428699	Kane et al.	Sep 2008	B1
7441200	Savage	Oct 2008	B2
7496632	Chapman et al.	Feb 2009	B2
7496837	Larcheveque et al.	Feb 2009	B1
7543228	Kelkar	Jun 2009	B2
7549115	Kotler	Jun 2009	B2
7584417	Friend	Sep 2009	B2
7613996	Dallett et al.	Nov 2009	B2
20010007109	Lange	Jul 2001	A1
20010016880	Cai et al.	Aug 2001	A1
20010022592	Alimpich et al.	Sep 2001	A1
20010024195	Hayakawa	Sep 2001	A1
20010037345	Kiernan et al.	Nov 2001	A1
20010044850	Raz et al.	Nov 2001	A1
20010051928	Brody	Dec 2001	A1
20010054004	Powers	Dec 2001	A1
20010056429	Moore et al.	Dec 2001	A1
20010056460	Sahota et al.	Dec 2001	A1
20020010700	Wotring	Jan 2002	A1
20020010743	Ryan et al.	Jan 2002	A1
20020010746	Jilk, Jr. et al.	Jan 2002	A1
20020010855	Reshef et al.	Jan 2002	A1
20020013788	Pennell et al.	Jan 2002	A1
20020019941	Chan et al.	Feb 2002	A1
20020023113	Hsing et al.	Feb 2002	A1
20020026441	Kutay et al.	Feb 2002	A1
20020026461	Kutay et al.	Feb 2002	A1
20020032590	Anand et al.	Mar 2002	A1
20020032692	Suzuki et al.	Mar 2002	A1
20020032706	Perla et al.	Mar 2002	A1
20020032768	Voskuil	Mar 2002	A1
20020035579	Wang et al.	Mar 2002	A1
20020035581	Reynar et al.	Mar 2002	A1
20020040469	Pramberger	Apr 2002	A1
20020052769	Navani et al.	May 2002	A1
20020053021	Rice et al.	May 2002	A1
20020054126	Gamon	May 2002	A1
20020057297	Grimes et al.	May 2002	A1
20020065798	Bostleman et al.	May 2002	A1
20020065847	Furukawa et al.	May 2002	A1
20020070973	Croley	Jun 2002	A1
20020078074	Cho et al.	Jun 2002	A1
20020078103	Gorman et al.	Jun 2002	A1
20020083145	Perinpanathan	Jun 2002	A1
20020083148	Shaw et al.	Jun 2002	A1
20020083318	Larose	Jun 2002	A1
20020099952	Lambert et al.	Jul 2002	A1
20020100027	Binding et al.	Jul 2002	A1
20020107885	Brooks et al.	Aug 2002	A1
20020111699	Melli et al.	Aug 2002	A1
20020111932	Roberge et al.	Aug 2002	A1
20020112224	Cox	Aug 2002	A1
20020129056	Conant	Sep 2002	A1
20020133484	Chau et al.	Sep 2002	A1
20020152222	Holbrook	Oct 2002	A1
20020152244	Dean et al.	Oct 2002	A1
20020156772	Chau et al.	Oct 2002	A1
20020156846	Rawat et al.	Oct 2002	A1
20020156929	Hekmatpour	Oct 2002	A1
20020169752	Kusama et al.	Nov 2002	A1
20020169789	Kutay et al.	Nov 2002	A1
20020174147	Wang et al.	Nov 2002	A1
20020174417	Sijacic et al.	Nov 2002	A1
20020178187	Rasmussen et al.	Nov 2002	A1
20020178380	Wolf et al.	Nov 2002	A1
20020184188	Mandyam et al.	Dec 2002	A1
20020184219	Preisig et al.	Dec 2002	A1
20020184485	Dray et al.	Dec 2002	A1
20020188597	Kern et al.	Dec 2002	A1
20020188613	Chakraborty et al.	Dec 2002	A1
20020194219	Bradley et al.	Dec 2002	A1
20020196281	Audleman et al.	Dec 2002	A1
20020196288	Emrani	Dec 2002	A1
20020198891	Li et al.	Dec 2002	A1
20020198935	Crandall, Sr. et al.	Dec 2002	A1
20030004951	Chokshi	Jan 2003	A1
20030007000	Carlson et al.	Jan 2003	A1
20030014397	Chau et al.	Jan 2003	A1
20030018668	Britton et al.	Jan 2003	A1
20030020746	Chen et al.	Jan 2003	A1
20030023641	Gorman et al.	Jan 2003	A1
20030025732	Prichard	Feb 2003	A1
20030026507	Zlotnick	Feb 2003	A1
20030028550	Lee et al.	Feb 2003	A1
20030037303	Bodlaender et al.	Feb 2003	A1
20030038788	Demartines et al.	Feb 2003	A1
20030038846	Hori et al.	Feb 2003	A1
20030043986	Creamer et al.	Mar 2003	A1
20030046665	Ilin	Mar 2003	A1
20030048301	Menninger	Mar 2003	A1
20030051243	Lemmons et al.	Mar 2003	A1
20030055811	Stork et al.	Mar 2003	A1
20030055828	Koch et al.	Mar 2003	A1
20030056198	Al-Azzawe et al.	Mar 2003	A1
20030061386	Brown	Mar 2003	A1
20030061567	Brown et al.	Mar 2003	A1
20030084424	Reddy et al.	May 2003	A1
20030093755	O'Carroll	May 2003	A1
20030110443	Yankovich et al.	Jun 2003	A1
20030120578	Newman	Jun 2003	A1
20030120651	Bernstein et al.	Jun 2003	A1
20030120659	Sridhar	Jun 2003	A1
20030120671	Kim et al.	Jun 2003	A1
20030120686	Kim et al.	Jun 2003	A1
20030126555	Aggarwal et al.	Jul 2003	A1
20030128196	Lapstun et al.	Jul 2003	A1
20030135825	Gertner et al.	Jul 2003	A1
20030140132	Champagne et al.	Jul 2003	A1
20030140160	Raz et al.	Jul 2003	A1
20030142072	Lapstun et al.	Jul 2003	A1
20030149934	Worden	Aug 2003	A1
20030158897	Ben-Natan et al.	Aug 2003	A1
20030163285	Nakamura et al.	Aug 2003	A1
20030167277	Hejlsberg et al.	Sep 2003	A1
20030182268	Lal	Sep 2003	A1
20030182327	Ramanujam et al.	Sep 2003	A1
20030187756	Klivington et al.	Oct 2003	A1
20030187930	Ghaffar et al.	Oct 2003	A1
20030188260	Jensen et al.	Oct 2003	A1
20030189593	Yarvin	Oct 2003	A1
20030192008	Lee	Oct 2003	A1
20030200506	Abe et al.	Oct 2003	A1
20030204481	Lau	Oct 2003	A1
20030204511	Brundage	Oct 2003	A1
20030204814	Elo et al.	Oct 2003	A1
20030205615	Marappan	Nov 2003	A1
20030210428	Bevlin et al.	Nov 2003	A1
20030212664	Breining et al.	Nov 2003	A1
20030212902	van der Made	Nov 2003	A1
20030217053	Bachman et al.	Nov 2003	A1
20030220930	Milleker et al.	Nov 2003	A1
20030225469	DeRemer et al.	Dec 2003	A1
20030225768	Chaudhuri	Dec 2003	A1
20030225829	Pena et al.	Dec 2003	A1
20030226132	Tondreau et al.	Dec 2003	A1
20030233374	Spinola et al.	Dec 2003	A1
20030233644	Cohen et al.	Dec 2003	A1
20030236859	Vaschillo et al.	Dec 2003	A1
20030236903	Piotrowski	Dec 2003	A1
20030237046	Parker et al.	Dec 2003	A1
20030237047	Borson	Dec 2003	A1
20040002939	Arora	Jan 2004	A1
20040002950	Brennan et al.	Jan 2004	A1
20040003031	Brown et al.	Jan 2004	A1
20040003353	Rivera et al.	Jan 2004	A1
20040003389	Reynar et al.	Jan 2004	A1
20040010752	Chan et al.	Jan 2004	A1
20040015783	Lennon et al.	Jan 2004	A1
20040024842	Witt	Feb 2004	A1
20040030991	Hepworth et al.	Feb 2004	A1
20040039881	Shoebridge et al.	Feb 2004	A1
20040039990	Bakar et al.	Feb 2004	A1
20040039993	Kougiouris et al.	Feb 2004	A1
20040044961	Pesenson	Mar 2004	A1
20040044965	Toyama et al.	Mar 2004	A1
20040046789	Inanoria	Mar 2004	A1
20040054966	Busch et al.	Mar 2004	A1
20040059754	Barghout et al.	Mar 2004	A1
20040073565	Kaufman et al.	Apr 2004	A1
20040073868	Easter et al.	Apr 2004	A1
20040078756	Napper et al.	Apr 2004	A1
20040083426	Sahu	Apr 2004	A1
20040088647	Miller et al.	May 2004	A1
20040088652	Abe et al.	May 2004	A1
20040093596	Koyano	May 2004	A1
20040107367	Kisters	Jun 2004	A1
20040117769	Lauzon et al.	Jun 2004	A1
20040123277	Schrader et al.	Jun 2004	A1
20040146199	Berkner et al.	Jul 2004	A1
20040148178	Brain	Jul 2004	A1
20040148514	Fee et al.	Jul 2004	A1
20040148571	Lue	Jul 2004	A1
20040162741	Flaxer et al.	Aug 2004	A1
20040163041	Engel	Aug 2004	A1
20040163046	Chu et al.	Aug 2004	A1
20040172442	Ripley	Sep 2004	A1
20040181543	Wu et al.	Sep 2004	A1
20040181711	Johnson et al.	Sep 2004	A1
20040186762	Beaven et al.	Sep 2004	A1
20040189708	Larcheveque et al.	Sep 2004	A1
20040189716	Paoli et al.	Sep 2004	A1
20040194035	Chakraborty	Sep 2004	A1
20040205473	Fisher et al.	Oct 2004	A1
20040205525	Murren et al.	Oct 2004	A1
20040205534	Koelle	Oct 2004	A1
20040205571	Adler et al.	Oct 2004	A1
20040205592	Huang	Oct 2004	A1
20040205605	Adler et al.	Oct 2004	A1
20040205653	Hadfield et al.	Oct 2004	A1
20040205671	Sukehiro et al.	Oct 2004	A1
20040210599	Friedman et al.	Oct 2004	A1
20040210645	Kouznetsov et al.	Oct 2004	A1
20040216084	Brown et al.	Oct 2004	A1
20040221238	Cifra et al.	Nov 2004	A1
20040221245	Chickles et al.	Nov 2004	A1
20040237030	Malkin	Nov 2004	A1
20040260593	Abraham-Fuchs et al.	Dec 2004	A1
20040261019	Imamura et al.	Dec 2004	A1
20040268229	Paoli et al.	Dec 2004	A1
20050004893	Sangroniz	Jan 2005	A1
20050005248	Rockey et al.	Jan 2005	A1
20050015279	Rucker	Jan 2005	A1
20050015732	Vedula et al.	Jan 2005	A1
20050022115	Baumgartner et al.	Jan 2005	A1
20050027757	Kiessig et al.	Feb 2005	A1
20050028073	Henry et al.	Feb 2005	A1
20050033626	Kruse et al.	Feb 2005	A1
20050033728	James	Feb 2005	A1
20050038711	Marlelo	Feb 2005	A1
20050050066	Hughes	Mar 2005	A1
20050055627	Lloyd et al.	Mar 2005	A1
20050060324	Johnson et al.	Mar 2005	A1
20050060647	Doan et al.	Mar 2005	A1
20050060721	Choudhary et al.	Mar 2005	A1
20050065933	Goering	Mar 2005	A1
20050065936	Goering	Mar 2005	A1
20050066287	Tattrie et al.	Mar 2005	A1
20050071752	Marlatt	Mar 2005	A1
20050076049	Qubti et al.	Apr 2005	A1
20050091285	Krishnan et al.	Apr 2005	A1
20050091305	Lange et al.	Apr 2005	A1
20050097536	Bernstein et al.	May 2005	A1
20050102370	Lin et al.	May 2005	A1
20050102612	Allan et al.	May 2005	A1
20050108104	Woo	May 2005	A1
20050108624	Carrier	May 2005	A1
20050114757	Sahota et al.	May 2005	A1
20050114764	Gudenkauf et al.	May 2005	A1
20050132043	Wang et al.	Jun 2005	A1
20050132196	Dietl	Jun 2005	A1
20050138031	Wefers	Jun 2005	A1
20050138086	Pecht-Seibert	Jun 2005	A1
20050138539	Bravery et al.	Jun 2005	A1
20050149375	Wefers	Jul 2005	A1
20050149726	Joshi et al.	Jul 2005	A1
20050160398	Bjornson et al.	Jul 2005	A1
20050171746	Thalhammer-Reyero	Aug 2005	A1
20050198086	Moore et al.	Sep 2005	A1
20050198125	Beck et al.	Sep 2005	A1
20050198247	Perry et al.	Sep 2005	A1
20050210263	Levas et al.	Sep 2005	A1
20050223063	Chang et al.	Oct 2005	A1
20050223320	Brintzenhofe et al.	Oct 2005	A1
20050246304	Knight et al.	Nov 2005	A1
20050262112	Moore	Nov 2005	A1
20050268217	Garrison	Dec 2005	A1
20050268222	Cheng	Dec 2005	A1
20060010386	Khan	Jan 2006	A1
20060020586	Prompt et al.	Jan 2006	A1
20060026534	Ruthfield et al.	Feb 2006	A1
20060031757	Vincent, III	Feb 2006	A9
20060036995	Chickles et al.	Feb 2006	A1
20060041838	Khan	Feb 2006	A1
20060059107	Elmore et al.	Mar 2006	A1
20060059434	Boss et al.	Mar 2006	A1
20060069605	Hatoun	Mar 2006	A1
20060069985	Friedman et al.	Mar 2006	A1
20060080657	Goodman	Apr 2006	A1
20060085409	Rys et al.	Apr 2006	A1
20060101037	Brill et al.	May 2006	A1
20060101051	Carr et al.	May 2006	A1
20060107206	Koskimies	May 2006	A1
20060129583	Catorcini et al.	Jun 2006	A1
20060129978	Abriani et al.	Jun 2006	A1
20060143220	Spencer, Jr.	Jun 2006	A1
20060155857	Feenan et al.	Jul 2006	A1
20060161559	Bordawekar et al.	Jul 2006	A1
20060161837	Kelkar et al.	Jul 2006	A1
20060173865	Fong	Aug 2006	A1
20060200754	Kablesh et al.	Sep 2006	A1
20070005611	Takasugi et al.	Jan 2007	A1
20070036433	Teutsch	Feb 2007	A1
20070050719	Lui et al.	Mar 2007	A1
20070061467	Essey	Mar 2007	A1
20070061706	Cupala	Mar 2007	A1
20070074106	Ardeleanu	Mar 2007	A1
20070088554	Harb et al.	Apr 2007	A1
20070094589	Paoli	Apr 2007	A1
20070100877	Paoli	May 2007	A1
20070101280	Paoli	May 2007	A1
20070118803	Walker et al.	May 2007	A1
20070130500	Rivers-Moore et al.	Jun 2007	A1
20070130504	Betancourt et al.	Jun 2007	A1
20070186157	Walker et al.	Aug 2007	A1
20070208606	MacKay et al.	Sep 2007	A1
20070208769	Boehm et al.	Sep 2007	A1
20070276768	Pallante	Nov 2007	A1
20080028340	Davis	Jan 2008	A1
20080126402	Sitchi et al.	May 2008	A1
20080134162	James	Jun 2008	A1
20090177961	Fortini	Jul 2009	A1

Foreign Referenced Citations (27)

Number	Date	Country
0841615	May 1998	EP
0841615	Nov 1999	EP
0961197	Dec 1999	EP
1076290	Feb 2001	EP
1221661	Jul 2002	EP
63085960	Apr 1988	JP
401173140	Jul 1989	JP
401173140	Jul 1989	JP
3191429	Aug 1991	JP
4225466	Aug 1992	JP
5314152	Nov 1993	JP
406014105	Jan 1994	JP
6139241	May 1994	JP
6180697	Jun 1994	JP
6180698	Jun 1994	JP
10171662	Jun 1998	JP
10-2207805	Aug 1998	JP
10207805	Aug 1998	JP
2000132436	May 2000	JP
2002183652	Jun 2002	JP
2003173288	Jun 2003	JP
WO 9924945	May 1999	WO
WO9924945	May 1999	WO
WO 9956207	Nov 1999	WO
WO9956207	Nov 1999	WO
WO 0144934	Jun 2001	WO
WO0157720	Aug 2001	WO

Divisions (1)

	Number	Date	Country
Parent	10857689	May 2004	US
Child	10876433		US

Executing applications at appropriate trust levels

Information

Patent Number

Date Filed

Date Issued

Inventors

Original Assignees

Examiners

CPC

US Classifications

Field of Search

US

International Classifications