Abstract: Web browser control by configuring a web browser to send to a second computer server, in response to a request by a user of the web browser to access a resource at a first computer server, an authentication token and the request to access the resource, where the second computer server is configured to determine whether the authentication token is valid, and if the authentication token is valid, whether the request to access the resource is authorized, and send to the first computer server, if the request to access the resource is authorized, the request to access the resource, and where the request sent by the second computer server is sent via an intermediary configured to block attempts to access the first computer server that are received from a sender network address that is not a predefined valid network address of the second computer server.

Abstract: Deleting web browser data by maintaining a set of Uniform Resource Locators (URL) hostnames, where a URL hostname is added to the set of hostnames responsive to the URL being accessed by a web browser and responsive to determining that predefined grouping conditions that define a logical group is met by the URL, and deleting one or more types of data maintained by the web browser in association with URLs associated with the hostnames in the set of hostnames, where the deleting is performed in accordance with a predefined deletion policy that specifies the types of data that are to be deleted and predefined deletion conditions, and where the deleting is performed responsive to determining that the predefined deletion conditions are met and determining that the web browser is not currently accessing any URL associated with the hostnames in the set of hostnames.

Abstract: Enabling a web browser extension to perform an asynchronous blocking operation by configuring the web browser to receive from a web browser extension an extension-provided callback function and an indicator, where the extension-provided callback function is configured to perform an asynchronous blocking operation, where the indicator indicates that the extension callback function relates to an asynchronous blocking operation, where the extension-provided callback function is configured to receive a web-browser-provided callback function as a parameter of the extension-provided callback function, and where the extension-provided callback function is configured to call the web-browser-provided callback function after performing the asynchronous blocking operation, and configuring the web browser to call the extension-provided callback function with the web-browser-provided callback function as a parameter of the extension-provided callback function call if the indicator indicates that the extension callback fun

Abstract: Computer security apparatus including a kernel driver configured to be executed by a computer in a kernel mode and to thereupon perform protecting a process of a first computer software application executed by the computer, where the protecting is performed in accordance with a protection policy, receiving an instruction from the process to modify the protection policy, modifying the protection policy in accordance with the instruction, and protecting the process in accordance with the protection policy after it has been modified in accordance with the instruction.

Abstract: A computer network security method implemented by configuring a web browser to determine whether a root certificate authority appears in a first list of trusted root certificate authorities that is maintained by an operating system of a host computer that hosts the web browser, determine whether the root certificate authority was included in the first list at the time that the operating system was installed on the host computer or was thereafter included in the first list by the operating system, determine whether the root certificate authority appears in a second list of trusted root certificate authorities that is provided to the web browser by an administrator, determine whether a certificate meets predefined invalidation criteria, and cease to communicate with a party that provided the certificate to the web browser responsive to the web browser determining that the certificate meets the predefined invalidation criteria.

Abstract: Enabling a web browser extension to perform an asynchronous blocking operation by configuring the web browser to receive from a web browser extension an extension-provided callback function and an indicator, where the extension-provided callback function is configured to perform an asynchronous blocking operation, where the indicator indicates that the extension callback function relates to an asynchronous blocking operation, where the extension-provided callback function is configured to receive a web-browser-provided callback function as a parameter of the extension-provided callback function, and where the extension-provided callback function is configured to call the web-browser-provided callback function after performing the asynchronous blocking operation, and configuring the web browser to call the extension-provided callback function with the web-browser-provided callback function as a parameter of the extension-provided callback function call if the indicator indicates that the extension callback fun

Abstract: Deleting web browser data by maintaining a set of Uniform Resource Locators (URL) hostnames, where a URL hostname is added to the set of hostnames responsive to the URL being accessed by a web browser and responsive to determining that predefined grouping conditions that define a logical group is met by the URL, and deleting one or more types of data maintained by the web browser in association with URLs associated with the hostnames in the set of hostnames, where the deleting is performed in accordance with a predefined deletion policy that specifies the types of data that are to be deleted and predefined deletion conditions, and where the deleting is performed responsive to determining that the predefined deletion conditions are met and determining that the web browser is not currently accessing any URL associated with the hostnames in the set of hostnames.

Abstract: A web browser including a browser and rendering engine configured to send and receive data via a computer network, and a policy engine configured to implement one or more policies configured to control any aspect of the web browser, the data, a computer that hosts the web browser, and any devices that are accessible to the computer, where the web browser is configured as an executable file that is created by compiling computer software instructions that implement the browser and rendering engine and the policy engine, and where the web browser is configured to require a user of the web browser to be authenticated and one or more policies to be validated before the web browser is allowed to perform one or more predefined operations.

Abstract: Webpage rendering using a remotely generated layout node tree. In one embodiment, a method may include generating, at a remote network device, a layout tree based on webpage data received from a webserver, translating, at the remote network device, the layout tree into a layout node tree, serializing, at the remote network device, the layout node tree, sending, from the remote network device, the serialized layout node tree to a local network device, receiving, at the local network device, the serialized layout node tree, deserializing, at the local network device, the serialized layout node tree to obtain the layout node tree, constructing, at the local network device, a webpage using the layout node tree, and rendering, at the local network device, the webpage in a browser, the webpage being rendered to appear substantially the same as if the webpage were rendered on the remote network device using the layout tree.

Abstract: Webpage rendering using a remotely generated layout node tree. In one embodiment, a method may include generating, at a remote network device, a layout tree based on webpage data received from a webserver, translating, at the remote network device, the layout tree into a layout node tree, serializing, at the remote network device, the layout node tree, sending, from the remote network device, the serialized layout node tree to a local network device, receiving, at the local network device, the serialized layout node tree, deserializing, at the local network device, the serialized layout node tree to obtain the layout node tree, constructing, at the local network device, a webpage using the layout node tree, and rendering, at the local network device, the webpage in a browser, the webpage being rendered to appear substantially the same as if the webpage were rendered on the remote network device using the layout tree.

Abstract: Remotely validating a webpage video stream. In one embodiment, a method may include a remote isolation server receiving webpage data that includes a reference to a video stream from a webserver, modifying the webpage data to change a source of the video stream in the reference from the webserver to the remote isolation server, sending the modified webpage data to a local browser on a local network device, receiving a first request for the video stream from the local browser, sending a second request for the video stream to the webserver, receiving the video stream from the webserver, performing security validation on the video stream, and sending the validated video stream for display in the local browser in a webpage rendered based on the modified webpage data.

Abstract: Processing computer network requests by receiving from a requesting computer an encoded value in a domain name resolution request, where the encoded value has a valid domain name syntax, decoding the encoded value into a Uniform Resource Locator having a host portion and a non-host portion, determining that the host portion of the Uniform Resource Locator in combination with the non-host portion of the Uniform Resource Locator meets a predefined routing criterion associated with a computer network address that is associated with a proxy server, and sending the computer network address to the requesting computer in response to the domain name resolution request.

Abstract: Processing a web page by receiving from a client software application a request to retrieve a web page, processing the web page at a surrogate software application, thereby representing the web page in a model that is maintained by the surrogate software application in association with the web page, serializing a copy of any portion of the model that is maintained by the surrogate software application, thereby creating serialized data, and sending the serialized data to a mediation agent executed by the client software application, where the mediation agent is configured to deserialize the serialized data, thereby creating deserialized data, and inject the deserialized data into a model that is maintained by the client software application in association with the web page.

Abstract: A system and method for prevention of data leakage, the system comprising: a server configured to receive and transmit user activity commands; a protection module configured to validate and reconstruct commands received from the server and to transmit the validated reconstructed commands, the protection module further configured to create a security image associated with a specific user; and a secured transmission module configured to transmit the security image to the server while ensuring that the security image is sent securely to the associated user, wherein the server is further configured to receive the security image via the secured transmission module and to present the security image to the associated user.

Abstract: A system and method for prevention of malware infections, the system comprising: a secured server configured to authenticate a user and issue an identifier (ID) uniquely associated with the user, to receive a user input and to send commands based on the received input; a protection module configured to validate transmissions from the secured server, to reconstruct commands based on the commands sent from the secured server, and send the reconstructed commands comprising the unique user ID and a rendering processor configured to receive the reconstructed command from the protection module, to execute the reconstructed command, to acquire data from another machine based on the reconstructed command and to generate an image to represent the acquired data, the image comprising a stamp relating the image to the unique ID, wherein the protection module is placed in a transmission channel connecting between the secured server and the rendering processor.

Abstract: A system and method for prevention of malware infections, the system comprising: a secured server configured to authenticate a user and issue an identifier (ID) uniquely associated with the user, to receive a user input and to send commands based on the received input; a protection module configured to validate transmissions from the secured server, to reconstruct commands based on the commands sent from the secured server, and send the reconstructed commands comprising the unique user ID and a rendering processor configured to receive the reconstructed command from the protection module, to execute the reconstructed command, to acquire data from another machine based on the reconstructed command and to generate an image to represent the acquired data, the image comprising a stamp relating the image to the unique ID, wherein the protection module is placed in a transmission channel connecting between the secured server and the rendering processor.

Abstract: A system and method for prevention of data leakage, the system comprising: a server configured to receive and transmit user activity commands; a protection module configured to validate and reconstruct commands received from the server and to transmit the validated reconstructed commands, the protection module further configured to create a security image associated with a specific user; and a secured transmission module configured to transmit the security image to the server while ensuring that the security image is sent securely to the associated user, wherein the server is further configured to receive the security image via the secured transmission module and to present the security image to the associated user.