METHOD AND APPARATUS FOR PROTECTING AGAINST ATTACKS FROM OUTSIDE CONTENT

US 20120272292A1
Filed: 04/19/2011
Published: 10/25/2012
Est. Priority Date: 12/02/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a request from a user to access content from a second domain;

searching for an active session for the user with the second domain;

if no active session is found, then searching for an active session with a related first domain;

if an active session is found with the first domain, then establishing a session with the second domain based on the active session with the first domain; and

providing the requested content to the user based on the established session with the second domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for protecting against attacks from outside content is described. In one example, a request is received from a user to access content from a second domain. An active session for the user with the second domain is searched for. If no active session is found, then an active session with a related first domain is searched for. If an active session is found with the first domain, then a session is established with the second domain based on the active session with the first domain. The requested content is then provided to the user based on the established session with the second domain.

26 Citations

View as Search Results

21 Claims

1. A method comprising:
- receiving a request from a user to access content from a second domain;
  
  searching for an active session for the user with the second domain;
  
  if no active session is found, then searching for an active session with a related first domain;
  
  if an active session is found with the first domain, then establishing a session with the second domain based on the active session with the first domain; and
  
  providing the requested content to the user based on the established session with the second domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein establishing a session comprises establishing a sub-session dependent on the active session with the first domain.
  - 3. The method of claim 1, wherein establishing a session comprises a child session.
  - 4. The method of claim 1, wherein searching for an active session comprises searching for a valid session cookie.
  - 5. The method of claim 1, further comprising retrieving permissions of the user on the second domain and wherein providing the requested content comprises providing the requested content if the content is allowed by the retrieved permissions.
  - 6. The method of claim 5, wherein retrieving permissions comprises retrieving permissions only if the there is an active session with the second domain.
  - 7. The method of claim 1, further comprising:
    - receiving an authentication of the user to the first domain;
      
      establishing a session for the user with the first domain based on the authentication; and
      
      establishing a session for the user with a second domain based on the session with the first domain.
  - 8. The method of claim 1, wherein the second domain contains content uploaded from users other than the user and a system administrator.
  - 9. The method of claim 1, wherein the second domain contains content, available to authenticated users, that is not available on the first domain.

10. An apparatus comprising:
- an application server coupled to a first and a second database domain to receive a request from a user to access content from the second domain, the application server having a servlet to search for an active session for the user with the second domain, if no active session is found, then to search for an active session with a related first domain, and if an active session is found with the first domain, then to establishing a session with the second domain based on the active session with the first domain, the application server to provide the requested content to the user based on the established session with the second domain.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The apparatus of claim 10, wherein the servlet comprises a cookie storage to store cookies for valid sessions with the first and second domains.
  - 12. The apparatus of claim 10, further comprising a permissions storage and wherein the application server retrieves permissions of the user on the second domain from the permissions storage provides the requested content if the content is allowed by the retrieved permissions.
  - 13. The apparatus of claim 10, wherein the first domain comprises content accessible to users and pointers to content in the second domain.
  - 14. The apparatus of claim 13, wherein the second domain content comprises content that is not available on the first domain.

15. A machine-readable medium carrying one or more sequences of instructions for providing content of a second domain from a first domain, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
- receiving a request from a user to access content from a second domain;
  
  searching for an active session for the user with the second domain;
  
  if no active session is found, then searching for an active session with a related first domain;
  
  if an active session is found with the first domain, then establishing a session with the second domain based on the active session with the first domain; and
  
  providing the requested content to the user based on the established session with the second domain.
- View Dependent Claims (16, 17, 18)
- - 16. The machine-readable medium of claim 15, wherein the second domain session is a sub-session dependent on the active session with the first domain.
  - 17. The machine-readable medium of claim 15, the second domain session comprises a child session.
  - 18. The machine-readable medium of claim 15, wherein the second domain contains content uploaded from users other than the user and a system administrator.

19. An apparatus for providing content of a second domain from a first domain, the apparatus comprising:
- a processor; and
  
  one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of;
  
  receiving a request from a user to access content from a second domain;
  
  searching for an active session for the user with the second domain;
  
  if no active session is found, then searching for an active session with a related first domain;
  
  if an active session is found with the first domain, then establishing a session with the second domain based on the active session with the first domain; and
  
  providing the requested content to the user based on the established session with the second domain.
- View Dependent Claims (20, 21)
- - 20. The apparatus of claim 19, wherein the steps further comprise retrieving permissions of the user on the second domain only if the there is an active session with the second domain and wherein providing the requested content comprises providing the requested content if the content is allowed by the retrieved permissions.
  - 21. The apparatus of claim 19, wherein the steps further comprise:
    - receiving an authentication of the user to the first domain;
      
      establishing a session for the user with the first domain based on the authentication; and
      
      establishing a session for the user with a second domain based on the session with the first domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Vangpat, Alan, Mortimore, William Charles Jr., Chabbewal, Harsimranjit Singh

Granted Patent

US 8,533,786 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/41   where a single sign-on prov...

H04L 63/08   for authentication of entit...

H04L 63/1466   Active attacks involving in...

METHOD AND APPARATUS FOR PROTECTING AGAINST ATTACKS FROM OUTSIDE CONTENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND APPARATUS FOR PROTECTING AGAINST ATTACKS FROM OUTSIDE CONTENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links