SECURITY MODEL FOR LIVE APPLICATIONS IN A CLOUD COLLABORATION PLATFORM

US 20200133650A1
Filed: 01/31/2019
Published: 04/30/2020
Est. Priority Date: 10/26/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

instantiating, by a cloud collaboration platform, a live application comprising a type and a developer in a document in the cloud collaboration platform within a frame;

associating, by the cloud collaboration platform, the live application with a subdomain based on the type and the developer; and

serving, by the cloud collaboration platform, the frame from a different domain than the document, wherein the different domain includes the subdomain;

wherein the instantiating, associating, and serving are performed by one or more computers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are system, method, and computer program product embodiments for providing a security model to customizable live applications in a cloud collaboration platform. The security approach may dedicate a frame to each live application, serving the frame from a different domain than a document in which the live application is embedded. This approach ensures that more stringent security requirements may be required of the live application and allows the data presented to the live application to be narrowly tailored. The security model may further leverage sandbox attributes and content-security policies to restrict the behavior of sandboxed and non-sandboxed live applications in accordance with best security practices.

Citations

20 Claims

1. A computer-implemented method, comprising:
- instantiating, by a cloud collaboration platform, a live application comprising a type and a developer in a document in the cloud collaboration platform within a frame;
  
  associating, by the cloud collaboration platform, the live application with a subdomain based on the type and the developer; and
  
  serving, by the cloud collaboration platform, the frame from a different domain than the document, wherein the different domain includes the subdomain;
  
  wherein the instantiating, associating, and serving are performed by one or more computers.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - applying, by the cloud collaboration platform, a sandbox attribute in the frame, wherein the sandbox attribute limits actions performable by the live application within the frame.
  - 3. The method of claim 1, further comprising:
    - applying, by the cloud collaboration platform, a content-security policy to the frame, wherein the content-security policy limits content outside of the cloud collaboration platform that the live application can access.
  - 4. The method of claim 1, further comprising:
    - employing, by the cloud collaboration platform, a bridge application programming interface to facilitate communication between the frame and the document.
  - 5. The method of claim 1, further comprising:
    - receiving, by the cloud collaboration platform, an input in the live application in the frame;
      
      processing, by the cloud collaboration platform, the input to determine auto-complete values; and
      
      rendering, by the cloud collaboration platform, a response to the input in the frame including the auto-complete values.
  - 6. The method of claim 1, further comprising:
    - sharing, by the cloud collaboration platform, account information and document information with the live application; and
      
      restricting, by the cloud collaboration platform, access to other data used by the cloud collaboration platform.
  - 7. The method of claim 1, further comprising:
    - receiving, by the cloud collaboration platform, an exception for an external resource for the live application;
      
      adding, by the cloud collaboration platform, the exception to a content-security policy applied to the frame; and
      
      accessing, by the cloud collaboration platform, the external resource to retrieve the resource.

8. A system, comprising:
- a memory; and
  
  at least one processor coupled to the memory and configured to;
  
  instantiate a live application comprising a type and a developer in a document in a cloud collaboration platform within a frame;
  
  associate the live application with a subdomain based on the type and the developer; and
  
  serve the frame from a different domain than the document, wherein the different domain includes the subdomain.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, the at least one processor further configured to:
    - apply a sandbox attribute in the frame, wherein the sandbox attribute limits actions performable by the live application within the frame.
  - 10. The system of claim 8, the at least one processor further configured to:
    - apply a content-security policy to the frame, wherein the content-security policy limits content outside of the cloud collaboration platform that the live application can access.
  - 11. The system of claim 8, the at least one processor further configured to:
    - employ a bridge application programming interface to facilitate communication between the frame and the document.
  - 12. The system of claim 8, the at least one processor further configured to:
    - receive an input in the live application in the frame;
      
      process the input to determine auto-complete values; and
      
      render a response to the input in the frame including the auto-complete values.
  - 13. The system of claim 8, the at least one processor further configured to:
    - receive an input in the live application in the frame;
      
      process the input to determine auto-complete values; and
      
      render a response to the input in the frame including the auto-complete values.
  - 14. The system of claim 8, the at least one processor further configured to:
    - receive an exception for an external resource for the live application;
      
      add the exception to a content-security policy applied to the frame; and
      
      access the external resource to retrieve the resource.

15. A non-transitory computer-readable device having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform operations comprising:
- instantiating a live application comprising a type and a developer in a document in a cloud collaboration platform within a frame;
  
  associating the live application with a subdomain based on the type and the developer; and
  
  serving the frame from a different domain than the document, wherein the different domain includes the subdomain.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable device of claim 15, the operations further comprising:
    - applying a sandbox attribute in the frame, wherein the sandbox attribute limits actions performable by the live application within the frame.
  - 17. The non-transitory computer-readable device of claim 15, the operations further comprising:
    - applying a content-security policy to the frame, wherein the content-security policy limits content outside of the cloud collaboration platform that the live application can access.
  - 18. The non-transitory computer-readable device of claim 15, the operations further comprising:
    - employing a bridge application programming interface to facilitate communication between the frame and the document.
  - 19. The non-transitory computer-readable device of claim 15, the operations further comprising:
    - receiving an input in the live application in the frame;
      
      processing the input to determine auto-complete values; and
      
      rendering a response to the input in the frame including the auto-complete values.
  - 20. The non-transitory computer-readable device of claim 15, the operations further comprising:
    - receiving an input in the live application in the frame;
      
      processing the input to determine auto-complete values; and
      
      rendering a response to the input in the frame including the auto-complete values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
TUNG, Julie, NAYAK, Rajeev, GIBBS, Kevin, TAYLOR, Bret, SU, Yang, BOTWICK, Nate, RAZAVI, Pedram, GOODFRIEND, Scott, MAHDI, Nikrad, CHUNG, Andy, HAMLIN, Drew, LINEHAN, Patrick, WESTWOOD, Sophia, SIMON, Lindsey, BANGA, Shrey, BERLIN, Diana

Granted Patent

US 10,809,991 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 12/0871   Allocation or management of...

G06F 16/172   Caching, prefetching or hoa...

G06F 16/1734   Details of monitoring file ...

G06F 16/1774   Locking methods, e.g. locki...

G06F 16/252   between a Database Manageme...

G06F 16/901   Indexing; Data structures t...

G06F 16/93   Document management systems

G06F 21/31   User authentication

G06F 21/53   by executing in a restricte...

G06F 21/563   by source code analysis

G06F 40/166   Editing, e.g. inserting or ...

G06F 8/34   Graphical or visual program...

G06F 8/36   Software reuse

G06F 8/60   Software deployment

G06F 8/71   Version control security ar...

G06F 9/451   Execution arrangements for ...

G06F 9/5072   Grid computing

G06F 9/5077   Logical partitioning of res...

G06F 9/54   Interprogram communication

G06F 9/541   via adapters, e.g. between ...

H04L 63/08 : for authentication of entit...

H04L 63/10 : for controlling access to d...

H04L 63/104 : Grouping of entities

H04L 63/168 : above the transport layer

H04L 63/20 : for managing network securi...

H04L 65/4015 : where at least one of the a...

H04L 67/02 : based on web technology, e....

H04L 67/34 : involving the movement of s...

View All

SECURITY MODEL FOR LIVE APPLICATIONS IN A CLOUD COLLABORATION PLATFORM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY MODEL FOR LIVE APPLICATIONS IN A CLOUD COLLABORATION PLATFORM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links