Security protection method and system for widget application

A safe and secure technology, applied in the field of Internet applications, can solve problems such as user terminal interface security, user personal data security and network security risks, and achieve the effect of ensuring interface security

Active Publication Date: 2011-02-16
HUAWEI TEHCHNOLOGIES CO LTD
View PDF4 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

If a widget application containing malicious JS scripts uses these APIs to perform malicious operations, it will cause great hidden dangers to the interface security of user terminals, user personal data security, and network security.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Security protection method and system for widget application
  • Security protection method and system for widget application
  • Security protection method and system for widget application

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0026] Follow the widget system framework defined by standards such as W3C, JIL and BONDI, and add a sub-system for security classification of JavaScript API to the widget engine under the framework defined by the standards. Such as figure 1 As shown, this subsystem contains JS API security classification setting module and JS API security control module, among which:

[0027] ●JS API security level setting sub-module, used to configure the security level of JS API, and save the configuration results in the security configuration file;

[0028] The configured security level can be: no trust, partial trust, and full trust. The specific meaning of each security level is as follows:

[0029] A. No trust: At this time, every JS API related to the terminal's local function is unavailable, that is, it is invalid to call the terminal's local function through the JS API in the widget application;

[0030] Part B trust: At this time, set whether the JS API related to the terminal local functi...

Embodiment 2

[0037] This embodiment introduces a security protection method for widget applications, including:

[0038] Step 1: Configure the security level of the JS API and save the configuration result in the security configuration file;

[0039] Step 2: Read the security configuration file when the widget engine starts. When the widget application calls the terminal local functions through the JS API, control the JS API according to the configuration in the security configuration file, that is, determine whether the JS API can call the terminal local Features.

[0040] The following is a step-by-step introduction.

[0041] Such as figure 2 As shown, the above step one specifically includes the following steps:

[0042] Step 1: The user starts the security policy setting;

[0043] Step 2: The user sets the security level, and can set the JS API to be fully trusted or partially trusted or not trusted;

[0044] In this step, if the user chooses a fully trusted security level, all JS APIs that call...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a security protection method for widget application and a system, and guarantees the interface security of a user terminal, personal data security of a user and the network security. The method comprises the following steps: performing security level configuration for a JavaScript application programming interface (JS API), and storing the configuration result in a security configuration file; when a widget engine is started, reading the security configuration file; and when the widget application calls the local functions of the terminal through the JS API, controlling the JS API according to the configuration in the security configuration file.

Description

Technical field [0001] The invention relates to the field of Internet applications, in particular to a widget (microtechnology) application security protection method and system. Background technique [0002] A widget is a small piece of code that can be executed on any web page based on HTML or JavaScript. It is a small Internet application, and its manifestation may be videos, maps, news, small games, etc. Widget originated from the inspiration of an engineer from Apple and was originally implemented on MAC OS. It is composed of widget engine and widget applications, which can greatly improve desktop applications and network operations. Widget engine is the platform on which widget applications run, and it also provides network access capabilities through ajax technology. After installing widget UA (User Agent), you can run widget applications with various functions on the widget engine. With the development of widgets, it has cross-platform capabilities. At present, widgets...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/08H04L29/06
CPCH04L63/168H04L63/102
Inventor 肖非
Owner HUAWEI TEHCHNOLOGIES CO LTD
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap