Methods and systems for implementing a secure application execution environment using derived user accounts for internet content
First Claim
Patent Images
1. A method for providing resource content use comprising:
- requesting a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application;
intercepting the request for the resource using a mediator at an application layer;
determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction;
if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and
if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are disclosed for implementing a secure application execution environment using Derived User Accounts (SAE DUA) for Internet content. Content is received and a determination is made if the received content is trusted or untrusted content. The content is accessed in a protected derived user account (DUA) such as a SAE DUA if the content is untrusted otherwise the content is accessed in a regular DUA if the content is trusted.
38 Citations
21 Claims
-
1. A method for providing resource content use comprising:
-
requesting a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application; intercepting the request for the resource using a mediator at an application layer; determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction; if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computing system for providing secure content comprising:
-
at least one memory hosting a protected derived user account (DUA) and a first DUA; and at least one processor configured to; request a resource at a computing system, wherein the resource is associated with an application layer abstraction in an application; intercept the request for the resource using a mediator at an application layer; determine, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction; if the resource is determined to be trusted, access the resource in the first derived user account (DUA); and if the resource is determined to be untrusted, create a protected DUA, access the resource in the protected DUA, redirect the intercepted request to the protected DUA, wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium containing instructions for controlling a computing system having at least one processor, to perform a method comprising:
-
requesting a resource at the computing system, wherein the resource is associated with an application layer abstraction in an application; intercepting the request for the resource using a mediator at an application layer; determining, using the mediator, if the resource is trusted or untrusted to enable application layer semantics for the application layer abstraction; if the resource is determined to be trusted, accessing the resource in a first derived user account (DUA); and if the resource is determined to be untrusted, create a protected DUA, accessing the resource in the protected DUA, redirect the intercepted request to the protected DUA wherein the protected DUA provides unrestricted access to the resource, and wherein the protected DUA and the first DUA are both associated with a same user and are dynamically invoked based on the resource within a same integrated user environment of the same user to enable an integrated execution environment for both trusted and untrusted resources. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification