Secure data container for web applications

US 9,245,144 B2
Filed: 09/27/2012
Issued: 01/26/2016
Est. Priority Date: 09/27/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

an operating system-independent and browser-independent data container including a web application interface that obtains web content and detects an attempt by the web content to access a local data store due to at least a portion of the web content being written in one or more of a runtime or a just in time (JIT) environment language;

an enforcement module in the data container to determine whether to permit the attempt based on a context-based security policy for the identified web content wherein the enforcement module is to obtain the context-based security policy from one or more of a user profile, a multi-user data source and a cloud service and wherein the context-based security policy is to identify one or more of a type of content, a content source and a browsing sequence; and

a user interface in the data container to generate a first user prompt for authorization to implement an action associated with the context-based security policy, wherein the first user prompt is to include one or more multi-user statistics.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods may provide for identifying web content and detecting an attempt by the web content to access a local data store. Additionally, a determination may be made as to whether to permit the attempt based on a context-based security policy. In one example, the context-based security policy is obtained from one or more of a user profile, a multi-user data source and a cloud service.

Citations

12 Claims

1. An apparatus comprising:
- an operating system-independent and browser-independent data container including a web application interface that obtains web content and detects an attempt by the web content to access a local data store due to at least a portion of the web content being written in one or more of a runtime or a just in time (JIT) environment language;
  
  an enforcement module in the data container to determine whether to permit the attempt based on a context-based security policy for the identified web content wherein the enforcement module is to obtain the context-based security policy from one or more of a user profile, a multi-user data source and a cloud service and wherein the context-based security policy is to identify one or more of a type of content, a content source and a browsing sequence; and
  
  a user interface in the data container to generate a first user prompt for authorization to implement an action associated with the context-based security policy, wherein the first user prompt is to include one or more multi-user statistics.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1, wherein the user interface is to receive a first user response to the first user prompt and generate a second user prompt for a reason associated with the first user prompt.
  - 3. The apparatus of claim 2, wherein the user interface is to receive a second user response to the second user prompt and transmit the first user response and the second user response to a multi-user data source.
  - 4. The apparatus of claim 1, further including the local data store positioned outside the data container.

5. At least one non-transitory computer readable storage medium comprising a set of instructions which, if executed by a processor, cause a computing device to:
- use an operating system-independent and browser-independent data container including a web application interface to identify web content;
  
  detect an attempt by the web content to access a local data store positioned outside the data container;
  
  determine whether to permit the attempt by the web content based on a context-based security policy in an enforcement module in the data container, the context-based security policy being obtainable from one or more of a user profile, a multi-user data source and a cloud service and wherein the context-based security policy is to identify one or more of a type of content, a content source and a browsing sequence; and
  
  generate a first user prompt for authorization to implement an action associated with the context-based security policy, wherein the first user prompt is to include one or more multi-user statistics.
- View Dependent Claims (6, 7)
- - 6. The at least one medium of claim 5, wherein the instructions, if executed, cause a computing device to:
    - receive a first user response to the first user prompt; and
      
      generate a second user prompt for a reason associated with the first user response.
  - 7. The at least one medium of claim 6, wherein the instructions, if executed, cause a computing device to:
    - receive a second user response to the second user prompt; and
      
      transmit the first user response and the second user response to a multi-user data source.

8. A method comprising:
- using an operating system-independent and browser-independent data container including a web application interface to identify web content;
  
  detecting an attempt by the web content to access a local data store positioned outside the data container; and
  
  determining whether to permit the attempt by the web content based on a context-based security policy in an enforcement module in the data container; and
  
  generating a first user prompt for authorization to implement an action associated with the context-based security policy, wherein the first user prompt includes one or more multi-user statistics.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The method of claim 8, further including obtaining the context-based security policy from one or more of a user profile, a multi-user data source and a cloud service.
  - 10. The method of claim 9, wherein the context-based security policy identifies one or more of a type of content, a content source and a browsing sequence.
  - 11. The method of claim 8, further including:
    - receiving a first user response to the first user prompt; and
      
      generating a second user prompt for a reason associated with the first user response.
  - 12. The method of claim 11, further including:
    - receiving a second user response to the second user prompt; and
      
      transmitting the first user response and the second user response to a multi-user data source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Li, Hong, Wouhaybi, Rita H., Kohlenberg, Tobias M., Ross, Alan D.
Primary Examiner(s)
Zee, Edward

Application Number

US13/628,502
Publication Number

US 20140090009A1
Time in Patent Office

1,216 Days
Field of Search

726/1, 726/22, 726/26, 726/29, 726/27
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

G06F 21/6218   to a system of files or obj...

G06F 21/6263   during internet communicati...

H04L 63/102   Entity profiles

Secure data container for web applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data container for web applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links