Methods and systems for implementing a secure application execution environment using derived user accounts for internet content

US 9,171,149 B2
Filed: 10/24/2014
Issued: 10/27/2015
Est. Priority Date: 06/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method for providing resource content use comprising:

requesting a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application;

intercepting the request for the resource using a mediator at an application layer;

determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction;

if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and

if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.

38 Citations

View as Search Results

21 Claims

1. A method for providing resource content use comprising:
- requesting a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application;
  
  intercepting the request for the resource using a mediator at an application layer;
  
  determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction;
  
  if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and
  
  if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the determining further comprises:
    - receiving content from the resource at the computing system.
  - 3. The method of claim 2, wherein the determining further comprises:
    - determining, using the mediator, if the resource is trusted or untrusted based on a partition of the resource.
  - 4. The method of claim 3, wherein the determining further comprises:
    - identifying the resource based on a characteristic of the resource; and
      
      partitioning the resource as trusted or untrusted based on the identified characteristic.
  - 5. The method of claim 1, further comprising:
    - creating the first DUA when the resource is trusted; and
      
      redirecting the intercepted request to the first DUA when the resource is trusted.
  - 6. The method of claim 1, wherein the protected DUA is different than an original user account (OUA) or a DUA associated with the application.
  - 7. The method of claim 1, wherein the application layer abstraction is an email message, instant message, uniform resource locator (URL), cookie, certificate, or template.

8. A computing system for providing secure content comprising:
- at least one memory hosting a protected derived user account (DUA) and a first DUA; and
  
  at least one processor configured to;
  
  request a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application;
  
  intercept the request for the resource using a mediator at an application layer;
  
  determine, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction;
  
  if the resource is determined to be trusted, access the resource in the first derived user account (DUA); and
  
  if the resource is determined to be untrusted, create a protected DUA, access the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computing system of claim 8, wherein the processor is further configured to receive content from the resource at the computing system.
  - 10. The computing system of claim 9, wherein the processor is further configured to:
    - determine, using the mediator, if the resource is trusted or untrusted based on a partition of the resource.
  - 11. The computing system of claim 10, wherein the processor is further configured to:
    - identify the resource based on a characteristic of the resource; and
      
      partition the resource as trusted or untrusted based on the identified characteristic.
  - 12. The computing system of claim 8, wherein the processor is further configured to:
    - create the first DUA when the resource is trusted; and
      
      redirect the intercepted request to the first DUA when the resource is trusted.
  - 13. The computing system of claim 8, wherein the protected DUA is different than an original user account (OUA) or a DUA associated with the application.
  - 14. The computing system of claim 8, wherein the application layer abstraction is an email message, instant message, uniform resource locator (URL), cookie, certificate, or template.

15. A non-transitory computer-readable medium containing instructions for controlling a computing system having at least one processor, to perform a method comprising:
- requesting a resource at the computing system, wherein the resource is associated with an application layer abstraction in an application;
  
  intercepting the request for the resource using a mediator at an application layer;
  
  determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction;
  
  if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and
  
  if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The non-transitory computer-readable medium of claim 15, wherein the instructions further control the computing system to perform a method comprising:
    - receiving content from the resource at the computing system.
  - 17. The non-transitory computer-readable medium of claim 16, wherein the instructions further control the computing system to perform a method comprising:
    - determining, using the mediator, if the resource is trusted or untrusted based on a partition of the resource.
  - 18. The non-transitory computer-readable medium of claim 17, wherein the instructions further control the computing system to perform a method comprising:
    - identifying the resource based on a characteristic of the resource; and
      
      partitioning the resource as trusted or untrusted based on the identified characteristic.
  - 19. The non-transitory computer-readable medium of claim 15, wherein the instructions further control the computing system to perform a method comprising:
    - creating the first DUA when the resource is trusted; and
      
      redirecting the intercepted request to the first DUA when the resource is trusted.
  - 20. The computer-readable medium of claim 15, wherein the protected DUA is different than an original user account (OUA) or a DUA associated with the application.
  - 21. The non-transitory computer-readable medium of claim 15, wherein the application layer abstraction is an email message, instant message, uniform resource locator (URL), cookie, certificate, or template.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Erlingsson, lfar
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US14/522,882
Publication Number

US 20150047030A1
Time in Patent Office

368 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

H04L 63/1483   service impersonation, e.g....

Methods and systems for implementing a secure application execution environment using derived user accounts for internet content

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

38 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for implementing a secure application execution environment using derived user accounts for internet content

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

38 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links