Browse Prior Art Database

Method And Apparatus to Protect Personnel Privacy Information for Web Browser

IP.com Disclosure Number: IPCOM000182352D
Original Publication Date: 2009-Apr-28
Included in the Prior Art Database: 2009-Apr-28
Document File: 6 page(s) / 31K

Publishing Venue

IBM

Abstract

This article disclosed a new method to protect personnel information leaking when user browses internet by web browser. The problem targeted by this article is that personal web browsing history may be tracked and leaked. And the leaking will happen even you are in a secure environment, since user browses all kinds of web sites, and a lot of scripts are executing while browsing. These scripts may be used to track your personal information. The solution provided in this article provides a way to create different cookie sandboxes and use different cookie sandbox when browsing different web sites. By this way, the linkages among different web sites through cookie are broken, and the web site content provider cannot track personal browsing information anymore. Compared with as-is solutions, this solution doesn’t disable cookie, and can still maintain the same browsing experiences as originals. And it only modifies the browser a little with few efforts.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 54% of the total text.

Page 1 of 6

Method And Apparatus to Protect Personnel Privacy Information for Web Browser

1. Background and Problem

Personal web browsing history includes the websitesa person browsed and the sequence of browsing these websites. One person's web browsing history is his/her personal privacy. But this information may be tracked by some web content provider companies through web browser.

Web browser is one of a major personnel information leaking channel. User personal information may be leaked even he/she are in a secure environments, since the user are browsing all kinds of web sites, and a lot of scripts are executing while the user are browsing. Figure 1 shows one case

1

Page 2 of 6

Master.com

Unknown part

Normal Scripts

Service Scripts

xxx.com

Service scripts

yyy.com

Service scripts

6

 Executing with parameter yyy.com

4

 Executing with parameter xxx.com

Access cookie

3

Browsing

2

Access cookie Create ID

Web Browser

Cookie of master.com

1

Browsing

5

Browsing

Identity in master.com

Figure 1, Leak personal browsing history to Master.com by service scripts.

The leaking process is
(1) User browses a website, which we call it Master.com.
(2) Master.com creates cookie in user's web browser and set his/her ID.
(3) User browses another website, which we call it xxx.com
(4) xxx.com contains service script from Master.com,and xxx.com call the service script with parameter

xxx.com

                                                                    . The script is in Master.com, and it can access Master.com's cookie, so Master.com knows user (from cookie) is browsing xxx.com (from parameter), and recorded.
(5) User browses the third website, which we call ityyy.com

2

Page 3 of 6

(6) yyy.com contains service script from Master.com,too. The same thing happens, and master.com knows user is browsing yyy.com, and recorded.
(7) Master.com knows all the browsing history of this user, and user's browsing history is leaked.

Because of this mechanism, one user's browsing history could be tracked by master.com. In fact, there is master.com in our internet, which provides all kinds of service scripts to most of the website allover the world. Service scripts including advertisements, maps, gadgets, mash up, etc.

Personal privacy information protection is becominga very important topic in IT industry. More and more people start being aware of personnel privacy protection. But current technologies cannotsolve the problem mentioned before.
(1) Privacy Mode in Web Browser.

The mechanism is that web browser cleans temporary files, cookies and other information when user closes web browser. However, in one browsing procedure, the website e.g. Master.com can still track user's browsing history since the cookies are there.
(2) Disable cookie


The mechanism is all scripts cannot access cookies in local computer.

However, most of the websites are highly dependent on cookie. Disable cookie will impact the browsing e...