What technology area does this patent fall under?

Primary CPC classification H04L67/02. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Nov 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Securely serving results of dynamic user-provided code over the web

US9826017B1 · US · B1

Patent metadata
Field	Value
Publication number	US-9826017-B1
Application number	US-201313791231-A
Country	US
Kind code	B1
Filing date	Mar 8, 2013
Priority date	May 3, 2012
Publication date	Nov 21, 2017
Grant date	Nov 21, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The disclosure relates to a system and method where a first user may submit untested or unverified code to a first server, which code may be accessed by a user via a browser. The first server provides results of the executed code to a second server via a redirect request. The redirected output is then sent from the second server back to the user's browser. For example, the results of the executed code can be returned to the user immediately without storage, such that malicious code embedded in a result of the executed code cannot access domain resources from the same domain as a URL associated with the executed code, and only the user requesting execution of the code can see the result.

First claim

Opening claim text (preview).

What is claimed is: 1. A method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising: receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code; executing the code at the first server at the first network domain to produce an output that includes the requested result; sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device. 2. The method of claim 1 , wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item. 3. The method of claim 1 , wherein the redirection instruction includes redirection data that indicates a redirect along with information about where and how to access the requested result; and wherein the step of delivering includes processing the redirection data and receiving the requested result based on the redirection data. 4. The method of claim 1 , wherein the step of delivering is performed by the second server, and wherein the step of delivering includes examining the provided produced output before sending the provided produced output to the requesting device. 5. The method of claim 1 , wherein the requesting device is equipped with a local storage; and the step of sending the produced output includes sending a script that includes a representation of the produced output from the first server to the local storage; and the step of delivering the provided produced output to the requesting device includes retrieving the produced output from the local storage for presentation on the requesting device. 6. The method of claim 1 , the method further comprising: determining whether the requesting device is equipped with a local storage to store the produced output, wherein the step of determining is performed before the step of delivering; in response to a determination that the requesting device is equipped with the local storage to store the produced output, performing the step of sending by sending a script that includes a representation of the produced output from the first server to the local storage; and performing the step of delivering the provided produced output to the requesting device by retrieving the produced output from the local storage for presentation on the requesting device. 7. The method of claim 2 , wherein the step of sending the produced output is accomplished by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server. 8. The method of claim 6 , wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item; and in response to a determination that the requesting device is not equipped with the local storage to store the produced output, performing the step of sending the produced output by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server. 9. The method of claim 2 , wherein the step of sending is accomplished by posting the requested result of the executed code in a payload at the first server and redirecting the posted payload to the second server. 10. The method of claim 9 , wherein the second server examines the payload and returns the produced output to the requesting device as a response from the second network domain. 11. A non-transitory computer-readable medium having embodied thereon instructions which, when executed by a processor, cause the processor to perform a method of providing a result of executing unverified, potentially malicious, or untested code from a first server at a first network domain to a requesting device over an information-exchange network, the method comprising: receiving, at the first server at the first network domain, a content request from the requesting device, the content request including a request for the result of executing the unverified, potentially malicious, or untested code; executing the code at the first server at the first network domain to produce an output that includes the requested result; sending the produced output to a second server at a second network domain by providing, to the requesting device, the produced output as part of a redirection instruction to the second server to prevent the executed code from accessing domain resources from the first network domain; and delivering the provided produced output to the requesting device via the second server, wherein the second server processes the provided produced output and delivers the processed produced output to the requesting device to prevent harmful or unexpected results from being accessed by the requesting device. 12. The medium of claim 11 , wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item. 13. The medium of claim 11 , the method further comprising: determining whether the requesting device is equipped with a local storage to store the produced output, wherein the step of determining is performed before the step of delivering; in response to a determination that the requesting device is equipped with the local storage to store the produced output, performing the step of sending by sending a script that includes a representation of the produced output from the first server to the local storage; and performing the step of delivering the provided produced output to the requesting device by retrieving the produced output from the local storage for presentation on the requesting device. 14. The medium of claim 12 , wherein the step of sending the produced output is accomplished by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server. 15. The medium of claim 13 , wherein the content request is an HTTP (hypertext transfer protocol) request for a URL (uniform resource locator) associated with a particular content item; and in response to a determination that the requesting device is not equipped with the local storage to store the produced output, performing the step of sending the produced output by producing an HTML page at the first server and including a Meta-Refresh tag in the produced HTML page, the Meta-Refresh tag redirecting the requesting device to the second server. 16. The medium of claim 12 , wherein the step of sending is accomplished by posting the requested result of the executed code in a payload at the first server and redirecting the posted payload to the second server. 17. The medium

Assignees

Inventors

Goldfeder Corey

Classifications

H04L67/02Primary
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
G06F21/563
by source code analysis · CPC title
H04L63/145Primary
the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms · CPC title
G06F21/56
Computer malware detection or handling, e.g. anti-virus arrangements · CPC title
G06F21/566
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title

Patent family

Related publications grouped by family.

View patent family 60303360

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9826017B1 cover?: The disclosure relates to a system and method where a first user may submit untested or unverified code to a first server, which code may be accessed by a user via a browser. The first server provides results of the executed code to a second server via a redirect request. The redirected output is then sent from the second server back to the user's browser. For example, the results of the execut…
Who is the assignee on this patent?: Goldfeder Corey, Google Inc
What technology area does this patent fall under?: Primary CPC classification H04L67/02. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Nov 21 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).