Systems and methods for secure client applications
First Claim
1. A method for providing transparent isolation from untrusted content on an enterprise network, comprising:
- identifying the origin of all content;
persisting the knowledge of the origin by tagging the content with an indication of whether the content is trusted content or untrusted content;
creating a restricted execution environment, for the isolated execution of untrusted content;
creating a virtual environment, wherein untrusted content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources;
determining whether an action performed on a resource is initiated with the intent of the user; and
consolidating user interfaces between the restricted execution environment and the local environment to allow users to seamlessly work with untrusted content.
3 Assignments
0 Petitions
Accused Products
Abstract
An innovative security solution which separates a client into a Protected Context, which is the real files and resources of the client, and an Isolated Context, which is a restricted execution environment which makes use of virtualized resources to execute applications and modify content in the Isolated Context, without allowing explicit access to the resources in the Protected Context. The solution further consolidates user interfaces to allow users to seamlessly work with content in both contexts, and provide a visual indication of which display windows are rendered from content executed in the Isolated Context.
-
Citations
60 Claims
-
1. A method for providing transparent isolation from untrusted content on an enterprise network, comprising:
-
identifying the origin of all content;
persisting the knowledge of the origin by tagging the content with an indication of whether the content is trusted content or untrusted content;
creating a restricted execution environment, for the isolated execution of untrusted content;
creating a virtual environment, wherein untrusted content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources;
determining whether an action performed on a resource is initiated with the intent of the user; and
consolidating user interfaces between the restricted execution environment and the local environment to allow users to seamlessly work with untrusted content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A system for maintaining the security of an enterprise network by providing transparent isolation from untrusted content, comprising:
-
a content origin identifying means;
a means for tagging the content;
means for creating a restricted execution environment for the isolated execution of untrusted content;
means for creating a virtual environment, wherein content executed in the restricted execution environment is able to access resources needed for successful execution without allowing actual access to local resources. means for determining user intent; and
means for consolidating user interfaces between the restricted execution environment and the local environment. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification