Method and system for protecting content of sensitive web applications
First Claim
Patent Images
1. A method comprising:
- detecting, by a client computing device running a local application, that the local application has accessed a web application hosted by a remote server and received data from the web application, wherein the detecting comprises intercepting universal resource identifiers (URIs) or universal resource locators (URLs) used by the local application to detect that the local application has accessed the web application;
determining, by the client computing device, whether the web application is a sensitive web application identified by a data loss prevention (DLP) policy, wherein the sensitive web application has access to sensitive information identified by and protected by the DLP policy, wherein the DLP policy comprises a set of identifiers of a set of web applications to protect and a set of one or more operations to restrict for the set of web applications, wherein the determining comprises;
comparing the URIs or URLs against the set of identifiers specified in the DLP policy; and
identifying the web application as a sensitive web application when the respective URI or URL matches one of the set of identifiers specified in the DLP policy; and
in response to determining that the web application is a sensitive web application identified by the DLP policy, restricting a capability of at least one of the local application or the client computing device to perform the set of one or more operations on the data received from the web application.
2 Assignments
0 Petitions
Accused Products
Abstract
A web page running on a client computing device accesses a web application hosted by a remote server. The local application receives data from the web application. The client computing device uses a data loss prevention (DLP) policy to determine whether the web application is a sensitive web application. In response to determining that the web application is a sensitive web application, the client computing device restricts a capability of at least one of the local application or the client computing device to perform one or more operations associated with the data received from the web application.
34 Citations
18 Claims
-
1. A method comprising:
-
detecting, by a client computing device running a local application, that the local application has accessed a web application hosted by a remote server and received data from the web application, wherein the detecting comprises intercepting universal resource identifiers (URIs) or universal resource locators (URLs) used by the local application to detect that the local application has accessed the web application; determining, by the client computing device, whether the web application is a sensitive web application identified by a data loss prevention (DLP) policy, wherein the sensitive web application has access to sensitive information identified by and protected by the DLP policy, wherein the DLP policy comprises a set of identifiers of a set of web applications to protect and a set of one or more operations to restrict for the set of web applications, wherein the determining comprises; comparing the URIs or URLs against the set of identifiers specified in the DLP policy; and identifying the web application as a sensitive web application when the respective URI or URL matches one of the set of identifiers specified in the DLP policy; and in response to determining that the web application is a sensitive web application identified by the DLP policy, restricting a capability of at least one of the local application or the client computing device to perform the set of one or more operations on the data received from the web application. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An endpoint device comprising:
-
a memory to store instructions for a data loss prevention (DLP) policy; and a processing device coupled with the memory, wherein the processing device is configured to; access a web application, hosted by a remote server, using a local application that uses a universal resource identifier (URI) or universal resource locator (URL) to access the web application; receive data from the web application using the local application; determine whether the web application is a sensitive web application identified by the DLP policy, wherein the sensitive web application has access to sensitive information identified by and protected by the DLP policy, wherein the DLP policy comprises a set of identifiers of a set of web applications to protect and a set of one or more operations to restrict for the set of web applications, wherein the processing device is further configured to; compare the URI or URL against the set of identifiers specified in the DLP policy; and identify the web application as a sensitive web application when the URI or URL matches one of the set of identifiers specified in the DLP policy; and in response to determining that the web application is a sensitive web application identified by the DLP policy, restrict a capability of at least one of the local application or the endpoint device to perform the set of one or more operations on the data received from the web application. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
detecting, by a client computing device running a local application, that the local application has accessed a web application hosted by a remote server and received data from the web application, wherein the detecting comprises intercepting universal resource identifiers (URIs) or universal resource locators (URLs) used by the local application to detect that the local application has accessed the web application; determining, by the client computing device, whether the web application is a sensitive web application identified by a data loss prevention (DLP) policy, wherein the sensitive web application has access to sensitive information identified by and protected by the DLP wherein the DLP policy comprises a set of identifiers of a set of web applications to protect and a set of one or more operations to restrict for the set of web applications, wherein the determining comprises; comparing the URIs or URLs against the set of identifiers specified in the DLP policy; and identifying the web application as a sensitive web application when the respective URI or URL matches one of the set of identifiers specified in the DLP policy; and in response to determining that the web application is a sensitive web application identified by the DLP policy, restricting a capability of at least one of the local application or the client computing device to perform the set of one or more operations on the data received from the web application. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification