Possible prior art on Patent 7,743,336 and Patent Application 20070101146

This page is a collection of statements and findings around prior art on the patent 5,764,992 as disclosed by Apple Inc.: Method and apparatus for automatic software replacement

What is the goal of this page?

Apple Inc. participates in the Web Application Working Group. In application of the exclusion rights they have according to the W3C Patent Policy, Apple Inc. excluded Patent Nr. 7,743,336 and Patent Application 20070101146 from its Royalty Free commitment given upon joining the Web Applications Working Group. According to Apple Inc., both read on the Widget Access Request Policy Specification. Apple Inc.'s exclusion triggered a Patent Advisory Group (PAG). The PAG is using this page to collect links and hints to technology that may help to circumvent the patent. This information may be useful to help the Web Applications Working Group to design around the excluded patent and allow for a Royalty Free Widget Access Request Policy Specification.

Does Apple participate in the PAG?

Apple Inc. does not participate in the Patent Advisory Group.

Does Work on the Widget Updates Specification have to stop now?

No. The work on the Widget Updates Specification can continue in parallel to the Patent Advisory Group. Nevertheless, Widget Updates will not be able to enter the status of Proposed Recommendation as long as the PAG is running.

Hints to Prior Art received from the call for prior art

1. SymbianOS (formerly EPOC32) Security Model introduced by SymbianOS v9.0 and definitely were used before the mentioned patents were submitted.
2. In regard to prior art for US-20070101433 (issued Patent #7,743,336), managed access to resources for applications (including device/application functions and content) is covered by a variety of standards and products going back to the 1990’s, including in the specific scope of the WARP Specification (managed access to Web resources/content).

   From the detailed description, there may be overlap between US-20070101433 and US-20070101146 (application), and specifications for application security and deployed products such as the following:

   • Dec 6, 1998: Website Netscape Object Signing Establishing Trust for Downloaded Software
   • Nov 5, 2002: JSR-000118 Mobile Information Device Profile Specification 2.0 Final Release (Release: November 5, 2002) See in particular Chapter 3 “Security for MIDP Applications” and Chapter 4 “Trusted MIDlet Suites using X.509 PKI”
   • March 1996: Release of Netscape Navigator 2.0, which included the same-origin policy for network access by Javascript applications Netscape also supported the ability to bypass the same-origin policy using a Javascript API: netscape.security.PrivilegeManager.enablePrivilege(“UniversalBrowserRead”).

   All to be found in the 20 September 2011 email to public-widgets-pag

3. Openwindows on Trusted Solaris
4. An overview of Web Services security by P Kearney, J Chapman, N Edwards, M Gifford and L He (Jan 2004)
5. A Context-Aware Security Architecture for Emerging Applications by Michael J. Covington Prahlad Fogla, Zhiyuan Zhan, Mustaque Ahamad (not dated)
6. A touchscreen widget framework for the purpose of operating a body of point of sale software (1986) also available in Wikipedia and Overview by Viewtouch
7. Java Applets (1995)
8. A security model for Aglets (1997)

   Mobile agents offer a new paradigm for distributed computation, but their potential benefits must be weighed against the very real security threats they pose. These threats originate not just in malicious agents but in malicious hosts as well. For example, if there is no mechanism to prevent attacks, a host can implant its own tasks into an agent or modify the agent's state. This can lead in turn to theft of the agent's resources if it has to pay for the execution of tasks, or to loss of the agent's reputation if its state changes from one host to another in ways that alter its behavior in negative ways. Aglets are mobile agents developed at IBM's Tokyo Research Laboratory. The article describes a security model for the Aglets development environment that supports flexible architectural definition of security policies.

9. Hash validation sent over the internet (HTTP spec, 1999) RFC 2616

   The Content-MD5 entity-header field, as defined in RFC 1864, is an MD5 digest of the entity-body for the purpose of providing an end-to-end message integrity check (MIC) of the entity-body.

10. HTML Applications (HTAs), 1999

    The power to build HTML Applications (HTAs) brings Windows Internet Explorer to the fore as a viable Windows development platform. HTAs are full-fledged applications. These applications are trusted and display only the menus, icons, toolbars, and title information that the web developer creates. In short, HTAs pack all the power of Internet Explorer—its object model, performance, rendering power and protocol support—without enforcing the strict security model and user interface of the browser.

    See security model

11. The Konfabulator
12. Why US Patent Application 20070101146: Safe distribution and use of content is orthogonal to the WARP Specification
13. A list of widget definitions from 2004-2005
14. Marcomedia Central - 2004
15. Apple Dashboard - 2004

    The "WARPish" feature from Dashboard is the following bit of XML, which either enables or disables network access to a widget (included in the info.plist of a widget) [0] (2004):

    <key>AllowNetworkAccess</key> <true/>

    Including a demonstration on 28th of June 2004

The Widgets Access Control Policy Patent Advisory Group (WARP PAG) is chartered to study issues and propose solutions related to a patent disclosure from Apple, Inc., concerning the Widget Access Request Policy Working Draft.

Rigo Wenning (W3C) is Chair of the PAG. The W3C Staff Contact for the Widgets Access Control Policy PAG is Doug Schepers.