Cloud suffix proxy and a method thereof

US 10,642,600 B2
Filed: 05/01/2019
Issued: 05/05/2020
Est. Priority Date: 09/12/2014
Status: Active Grant

First Claim

Patent Images

1. A method for securing a cloud application, comprising:

receiving a webpage sent to a client device from at least one cloud application;

injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device;

intercepting at least one encrypted text field inserted into the DOM; and

modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for securing a cloud application are provided. The method includes receiving a webpage sent to a client device from at least one cloud application; injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device; intercepting at least one encrypted text field inserted into the DOM; and modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.

Citations

19 Claims

1. A method for securing a cloud application, comprising:
- receiving a webpage sent to a client device from at least one cloud application;
  
  injecting a piece of code into the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code allows encryption of any text field in the webpage when executed by the client device;
  
  intercepting at least one encrypted text field inserted into the DOM; and
  
  modifying the DOM by decrypting each of the intercepted at least one encrypted text field and inserting each decrypted text field into the DOM.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - monitoring access to the DOM; and
      
      preventing at least one operation that can modify the DOM.
  - 3. The method of claim 2, wherein the at least one operation is at least one of:
    - loading plugins to the client device, a cross domain access, and an asynchronous request between the webpage and a web server.
  - 4. The method of claim 1, wherein the webpage designates at least one script loaded to the client device during runtime of the at least one script.
  - 5. The method of claim 4, further comprising:
    - executing, in a sandbox, the at least one script; and
      
      monitoring execution of the at least one script to detect any attempts to change the DOM of the webpage at runtime.
  - 6. The method of claim 5, further comprising:
    - suffixing, at runtime, at least one write of a network address to the DOM; and
      
      un-suffixing, at runtime, at least one read of the network address from the DOM.
  - 7. The method of claim 6, wherein the network address is at least a uniform resource locator (URL), wherein the script is at least one of:
    - a JavaScript code and a Cascading Style Sheets (CSS) file.
  - 8. The method of claim 1, wherein the method is performed without modifying a default client device configuration.
  - 9. The method of claim 1, wherein the method is performed by a suffix proxy device connected between the client device and a cloud platform hosting the at least one cloud application.

10. A non-transitory computer readable medium having stored thereon instructions for causing at least one processor to execute a process for securing a cloud application, the process comprising:
- receiving a webpage sent to a client device from the at least one cloud application;
  
  injecting a piece of code to the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code when executed by the client device allows encryption of any text field in the webpage;
  
  intercepting any encrypted text field inserted into the DOM; and
  
  modifying the DOM by decrypting each intercepted encrypted text field and inserting each decrypted text field into the DOM.

11. A system for process for securing a cloud application, comprising:
- a processor; and
  
  a memory containing instructions that, when executed by the processor, configure the system to;
  
  receive a webpage sent to a client device from the at least one cloud application;
  
  inject a piece of code to the webpage, wherein the piece of code maintains an encryption key in a document object model (DOM) of the webpage, wherein the piece of code when executed by the client device allows encryption of any text field in the webpage;
  
  intercept any encrypted text field inserted into the DOM; and
  
  modify the DOM by decrypting each intercepted encrypted text field and inserting each decrypted text field into the DOM.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the system is further configured to:
    - monitor access to the DOM; and
      
      prevent at least one operation that can modify the DOM.
  - 13. The system of claim 12, wherein the at least one operation is any one of:
    - loading plugins to the client device, a cross domain access, and an asynchronous request between the webpage and the web server.
  - 14. The system of claim 11, wherein the webpage designates at least one script loaded to the client device during runtime.
  - 15. The system of claim 14, wherein the system is further configured to:
    - cause execution of the at least one script to monitor any attempts to change the DOM of the webpage at runtime.
  - 16. The system of claim 15, wherein the system is further configured to:
    - suffix, at runtime, any write of a network address to the DOM; and
      
      un-suffix, at runtime, any read of a network address from the DOM.
  - 17. The system of claim 16, wherein the network address is at least a uniform resource locator (URL), and wherein the at least script is any one of:
    - a JavaScript code and a Cascading Style Sheets (CSS) file.
  - 18. The system of claim 11, wherein the method is performed without requiring any modification of a default client device configuration.
  - 19. The system of claim 11, wherein the system is connected between the client device and a cloud platform hosting the cloud application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Vishnepolsky, Gregory, Moysi, Liran
Primary Examiner(s)
Kang, Insun

Application Number

US16/400,478
Publication Number

US 20190258473A1
Time in Patent Office

370 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/958   Organisation or management ...

G06F 21/53   by executing in a restricte...

G06F 40/143   Markup, e.g. Standard Gener...

G06F 8/65   Updates security arrangemen...

H04L 2101/355   containing special suffixes

H04L 61/301   Name conversion

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/563   Data redirection of data ne...

Cloud suffix proxy and a method thereof

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Cloud suffix proxy and a method thereof

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links