Methods and systems for providing context-based outbound processing application firewalls

US 10,091,165 B2
Filed: 06/27/2016
Issued: 10/02/2018
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

Receiving an outbound message from an application executing on a hardware computing device with an application-level firewall, the outbound response being in response to a request message received from outside a system including the application-level firewall, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at the application-level firewall for the one or more portions of the outbound message comprising at least untrusted code or comprising at least untrusted data, wherein the outbound message is to be transmitted to a remote electronic device;

analyzing the outbound message based on the trustworthiness indicator and/or marking information, and context information with the application-level firewall; and

performing an action on traffic to the application based on encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and redirecting the outbound message to a designated safe URL when the outbound message is to be considered unsafe.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Outbound processing with application firewalls. An outbound message is generated with an application. The outbound message includes at least a trustworthiness indicator and/or marking information for the one or more portions of the outbound message. The outbound message is received by an application firewall. The outbound message is analyzed based on the trustworthiness indicator and/or marking information, and context information. An action is performed on the outbound message based on the trustworthiness indicator and/or marking information, and the context information.

177 Citations

18 Claims

1. A method comprising:
- Receiving an outbound message from an application executing on a hardware computing device with an application-level firewall, the outbound response being in response to a request message received from outside a system including the application-level firewall, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at the application-level firewall for the one or more portions of the outbound message comprising at least untrusted code or comprising at least untrusted data, wherein the outbound message is to be transmitted to a remote electronic device;
  
  analyzing the outbound message based on the trustworthiness indicator and/or marking information, and context information with the application-level firewall; and
  
  performing an action on traffic to the application based on encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and redirecting the outbound message to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 further comprising encoding the outbound message with the application firewall based on the trustworthiness indicator before passing the outbound message.
  - 3. The method of claim 1 wherein the action comprises marking data as unexecutable.
  - 4. The method of claim 1 wherein the action comprises encoding data based on the context information to render the data safely on the user device.
  - 5. The method of claim 1 wherein the action comprises forwarding the response message to the remote user device.
  - 6. The method of claim 1 wherein the action comprises redirecting the response message.
  - 7. The method of claim 1 wherein the host system comprises a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.

8. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
- receive an outbound message from an application executing on a hardware computing device with an application-level firewall, the outbound response being in response to a request message received from outside a system including the application-level firewall, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at the application-level firewall for the one or more portions of the outbound message comprising at least untrusted code or comprising at least untrusted data, wherein the outbound message is to be transmitted to a remote electronic device;
  
  analyze the outbound message based on the trustworthiness indicator and/or marking information, and context information with the application-level firewall; and
  
  perform an action on traffic to the application based on encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and redirecting the outbound message to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The non-transitory computer-readable medium of claim 8 further comprising instructions that, when executed by the one or more processors, cause the one or more processors to encode the outbound message with the application firewall based on the trustworthiness indicator before passing the outbound message.
  - 10. The non-transitory computer-readable medium of claim 8 wherein the action comprises marking data as unexecutable.
  - 11. The non-transitory computer-readable medium of claim 8 wherein the action comprises forwarding the response message to the remote user device.
  - 12. The non-transitory computer-readable medium of claim 8 wherein the action comprises redirecting the response message.
  - 13. The non-transitory computer-readable medium of claim 8 wherein the host system comprises a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.

14. A system comprising:
- at least one hardware computing device executing an application-level firewall, the server system to provide a multitenant environment, wherein the multitenant environment includes data for multiple client entities, each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, users of each of multiple client identities can only access data identified by a tenant ID associated with the respective client entity, and the multitenant environment is at least a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities, the server system further to receive an outbound message from an application executing on a hardware computing device with an application-level firewall, the outbound response being in response to a request message received from outside the multitenant environment, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at the application-level firewall for the one or more portions of the outbound message comprising at least untrusted code or comprising at least untrusted data, wherein the outbound message is to be transmitted to a remote electronic device, to analyze the outbound message based on the trustworthiness indicator and/or marking information, and context information with the application-level firewall, and to perform an action on traffic to the application based on encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and redirecting the outbound message to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The system of claim 14, wherein the application firewall to encode the request message based on the context information before passing the request message to the application.
  - 16. The system of claim 14 wherein the action comprises marking data as unexecutable.
  - 17. The system of claim 14 wherein the action comprises forwarding the response message to the remote user device.
  - 18. The system of claim 14 wherein the action comprises redirecting the response message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gluck, Yoel
Primary Examiner(s)
Turchen, James R

Application Number

US15/194,333
Publication Number

US 20160308830A1
Time in Patent Office

827 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Methods and systems for providing context-based outbound processing application firewalls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Methods and systems for providing context-based outbound processing application firewalls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others