Methods and systems for implementing a secure application execution environment using derived user accounts for internet content
First Claim
Patent Images
1. A method comprising:
- intercepting a request for a resource using a mediator at an application layer;
determining, using the mediator, whether the resource is trusted or untrusted;
when the resource is determined to be trusted, accessing the resource in a derived user account (DUA); and
when the resource is determined to be untrusted;
creating, using the mediator at the application layer, a protected DUA, wherein the protected DUA and the DUA are dynamically invoked within a same integrated user environment of a same user,redirecting, using the mediator at the application layer, the intercepted request to the protected DUA, andaccessing the resource that is determined to be untrusted in the protected DUA, wherein the protected DUA provides unrestricted access to the resource.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
46 Citations
17 Claims
-
1. A method comprising:
-
intercepting a request for a resource using a mediator at an application layer; determining, using the mediator, whether the resource is trusted or untrusted; when the resource is determined to be trusted, accessing the resource in a derived user account (DUA); and when the resource is determined to be untrusted; creating, using the mediator at the application layer, a protected DUA, wherein the protected DUA and the DUA are dynamically invoked within a same integrated user environment of a same user, redirecting, using the mediator at the application layer, the intercepted request to the protected DUA, and accessing the resource that is determined to be untrusted in the protected DUA, wherein the protected DUA provides unrestricted access to the resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A device comprising:
at least one processor configured to; receive a request for a resource using a mediator at an application layer; determine whether the resource is trusted or untrusted; when the resource is determined to be trusted, provide access to the resource in a derived user account (DUA); and when the resource is determined to be untrusted; create, using the mediator, a protected DUA, redirect, using the mediator, the request to the protected DUA, provide access to the resource in the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and provide the resource for contemporaneous display with at least one trusted resource that is accessed through the DUA, wherein the resource is provided for display with a visible marker that visually distinguishes the resource as being accessed through the protected DUA. - View Dependent Claims (13, 14, 15)
-
16. A computer program product comprising instructions stored in a non-transitory computer-readable storage medium, the instructions comprising:
-
instructions to receive a request for a resource at an application layer; instructions to determine whether the resource is trusted or untrusted; when the resource is determined to be trusted, instructions to provide access to the resource in a derived user account (DUA) at the application layer; and when the resource is determined to be untrusted; instructions to create a protected DUA at the application layer, instructions to redirect the request to the protected DUA, and instructions to provide unrestricted access to the resource in the protected DUA, wherein the protected DUA and the DUA are both associated with a same user and the protected DUA and the DUA are dynamically invoked within a same integrated user environment of the same user. - View Dependent Claims (17)
-
Specification