SECURING USER DATA IN CLOUD COMPUTING ENVIRONMENTS

US 20130179985A1
Filed: 01/04/2013
Published: 07/11/2013
Est. Priority Date: 01/05/2012
Status: Active Grant

First Claim

Patent Images

1. A method for obfuscating user data in a remote web-based application, the method comprising:

receiving user inputs to a displayed web page of the remote web-based application at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application;

transmitting the user inputs to a management component that is configured to interact with a second web browser that communicates with the web-based application ;

obfuscating at least a portion of the user-inputted data at the management component; and

forwarding the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for obfuscating user data in a remote web-based application are disclosed. According to one method, user inputs to a displayed web page of the remote web-based application are received at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application. The user inputs are transmitted to a management component that is configured to interact with a second web browser that communicates with the web-based application. The management component obfuscates at least a portion of the user-inputted data and forwards the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.

38 Citations

View as Search Results

20 Claims

1. A method for obfuscating user data in a remote web-based application, the method comprising:
- receiving user inputs to a displayed web page of the remote web-based application at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application;
  
  transmitting the user inputs to a management component that is configured to interact with a second web browser that communicates with the web-based application ;
  
  obfuscating at least a portion of the user-inputted data at the management component; and
  
  forwarding the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the management component is a daemon configured to communicate updates to the document object models (DOMs) of both the first web browser and the second web browser.
  - 3. The method of claim 1, wherein the first web browser is configured to enable the user to annotate particular portions of the user-inputted data for obfuscation by the management component.
  - 4. The method of claim 1, wherein the management component is configured to automatically obfuscate certain portions of the user-inputted data in accordance with an enterprise-set policy.
  - 5. The method of claim 1, wherein the step of obfuscating comprises replacing the portion of the user-inputted data with a unique identifier and persistently storing a mapping of the unique identifier and the portion of the user-inputted data in a data structure accessible by the management component.
  - 6. The method of claim 1, wherein the first web browser is configured to prevent access to local storage and network resources.
  - 7. The method of claim 1, wherein the display capabilities of the second web browser are suppressed.
  - 8. The method of claim 1, wherein the first web browser is configured to prevent execution of third party runtime components and the second web browser is configured to allow execution of third party runtime components.
  - 9. The method of claim 1, further comprising the steps of:
    - receiving, from the second web browser and at the management component, web page data originating from the remote web-based application, wherein at least a portion of the web page data includes previously obfuscated data;
      
      un-obfuscating the obfuscated data at the management component; and
      
      substituting the obfuscated data in the web page data with the un-obfuscated data; and
      
      forwarding the web page data to the first web browser for display to the user.

10. A computer readable storage medium containing a program which, when executed, obfuscates user data in a remote web-based application by performing the steps of:
- receiving user inputs to a displayed web page of the remote web-based application at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application;
  
  transmitting the user inputs to a management component that is configured to interact with a second web browser that communicates with the web-based application ;
  
  obfuscating at least a portion of the user-inputted data at the management component; and
  
  forwarding the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The computer readable storage medium of claim 10, wherein the management component is a daemon configured to communicate updates to the document object models (DOMs) of both the first web browser and the second web browser.
  - 12. The computer readable storage medium of claim 10, wherein the first web browser is configured to enable the user to annotate particular portions of the user-inputted data for obfuscation by the management component.
  - 13. The computer readable storage medium of claim 10, wherein the step of obfuscating comprises replacing the portion of the user-inputted data with a unique identifier and persistently storing a mapping of the unique identifier and the portion of the user-inputted data in a data structure accessible by the management component.
  - 14. The computer readable storage medium of claim 13, wherein the program is further configured to perform the steps of:
    - receiving, from the second web browser and at the management component, web page data originating from the remote web-based application, wherein at least a portion of the web page data includes previously obfuscated data;
      
      un-obfuscating the obfuscated data at the management component; and
      
      substituting the obfuscated data in the web page data with the un-obfuscated data; and
      
      forwarding the web page data to the first web browser for display to the user.

15. A computer system for user data in a remote web-based application, the computer system comprising a processor configured to perform the steps of:
- receiving user inputs to a displayed web page of the remote web-based application at a first web browser that is used by the user, wherein at least a portion of the user inputs comprise user-inputted data intended to be stored at the web-based application;
  
  transmitting the user inputs to a management component that is configured to interact with a second web browser that communicates with the web-based application ;
  
  obfuscating at least a portion of the user-inputted data at the management component; and
  
  forwarding the obfuscated and un-obfuscated portions of the user inputs to the second web browser, which correspondingly transmits the obfuscated and un-obfuscated portions of the user inputs to the remote web-based application.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer system of claim 15, wherein the management component is a daemon configured to communicate updates to the document object models (DOMs) of both the first web browser and the second web browser.
  - 17. The computer system of claim 15, wherein the first web browser is configured to enable the user to annotate particular portions of the user-inputted data for obfuscation by the management component.
  - 18. The computer system of claim 15, wherein the step of obfuscating comprises replacing the portion of the user-inputted data with a unique identifier and persistently storing a mapping of the unique identifier and the portion of the user-inputted data in a data structure accessible by the management component.
  - 19. The system of claim 15, wherein the first web browser is configured to prevent access to local storage and network resources.
  - 20. The computer system of claim 19, wherein the process is further configured perform the steps of:
    - receiving, from the second web browser and at the management component, web page data originating from the remote web-based application, wherein at least a portion of the web page data includes previously obfuscated data;
      
      un-obfuscating the obfuscated data at the management component; and
      
      substituting the obfuscated data in the web page data with the un-obfuscated data; and
      
      forwarding the web page data to the first web browser for display to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
STRASSMANN, Steven Henry, SHEPHERD, Zachary James

Granted Patent

US 8,910,297 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

G06F 21/60   Protecting data

G06F 21/6218   to a system of files or obj...

G06F 21/6263   during internet communicati...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/101   Access control lists [ACL]

H04L 63/168   above the transport layer

H04L 67/2871   Implementation details of s...

SECURING USER DATA IN CLOUD COMPUTING ENVIRONMENTS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURING USER DATA IN CLOUD COMPUTING ENVIRONMENTS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links