Methods and systems for providing context-based outbound processing application firewalls

US 9,407,603 B2
Filed: 12/30/2010
Issued: 08/02/2016
Est. Priority Date: 06/25/2010
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating an outbound message with an application provided by a computing environment having one or more computing devices, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at an application-level firewall for the one or more portions of the outbound message, wherein the outbound message is to be transmitted to a remote electronic device by at least one of the one or more computing devices;

encoding the outbound message with an outbound traffic engine having the application-level firewall executing on one or more computing devices within the computing environment, the encoding based on the trustworthiness indicator and the encoding to be performed before passing the outbound message, wherein the application-level firewall is configurable to inspect network traffic specific to an application based on logic of the application;

analyzing the outbound message based on encoded user data and context information with the application-level firewall to determine when the outbound message is to be considered safe or unsafe; and

performing an action on traffic to the application based on the encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and to redirect the traffic to a designated safe URL when the outbound message is to be considered unsafe.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Outbound processing with application firewalls. An outbound message is generated with an application. The outbound message includes at least a trustworthiness indicator and/or marking information for the one or more portions of the outbound message. The outbound message is received by an application firewall. The outbound message is analyzed based on the trustworthiness indicator and/or marking information, and context information. An action is performed on the outbound message based on the trustworthiness indicator and/or marking information, and the context information.

Citations

15 Claims

1. A method comprising:
- generating an outbound message with an application provided by a computing environment having one or more computing devices, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at an application-level firewall for the one or more portions of the outbound message, wherein the outbound message is to be transmitted to a remote electronic device by at least one of the one or more computing devices;
  
  encoding the outbound message with an outbound traffic engine having the application-level firewall executing on one or more computing devices within the computing environment, the encoding based on the trustworthiness indicator and the encoding to be performed before passing the outbound message, wherein the application-level firewall is configurable to inspect network traffic specific to an application based on logic of the application;
  
  analyzing the outbound message based on encoded user data and context information with the application-level firewall to determine when the outbound message is to be considered safe or unsafe; and
  
  performing an action on traffic to the application based on the encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and to redirect the traffic to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the action comprises marking data as unexecutable.
  - 3. The method of claim 1 wherein the action comprises encoding data based on the context information to render the data safely on a user device.
  - 4. The method of claim 1 further comprising forwarding the outbound message to a remote user device.
  - 5. The method of claim 1 further comprising redirecting the outbound message.
  - 6. The method of claim 1 wherein the application-level firewall is part of a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.

7. An article comprising a non-transitory computer-readable medium having stored thereon instructions that, when executed, are configurable to cause one or more processors to:
- generate an outbound message with an application provided by a computing environment having one or more computing devices, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at an application level firewall for the one or more portions of the outbound message, wherein the outbound message is to be transmitted to a remote electronic device by at least one of the one or more computing devices;
  
  encode the outbound message with an outbound traffic engine having an application-level firewall executing on one or more computing devices within the computing environment, the encoding based on the trustworthiness indicator and the encoding to be performed before passing the outbound message, wherein the application-level firewall is configurable to inspect network traffic specific to an application based on logic of the application;
  
  analyze the outbound message based on encoded user data and context information with the application-level firewall to determine when the outbound message is to be considered safe or unsafe; and
  
  perform an action on traffic to the application based on the encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and to redirect the traffic to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The article of claim 7 wherein the action comprises marking data as unexecutable.
  - 9. The article of claim 7 further comprising instructions that, when executed, cause the one or more processors to forward a response message to a remote user device.
  - 10. The article of claim 7 further comprising instructions that, when executed, cause the one or more processors to redirect a response message.
  - 11. The article of claim 7 wherein application-level firewall is part of a multitenant database environment, wherein the multitenant database environment stores data for multiple client entities each identified by a tenant identifier (ID) having one or more users associated with the tenant ID, wherein users of each of multiple client entities can only access data identified by a tenant ID associated with the respective client entity, and wherein the multitenant database is a hosted database provided by an entity separate from the client entities, and provides on-demand database service to the client entities.

12. A system comprising:
- an application-level firewall configured to receive a request message from a remote user device via a network connection, the application-level firewall provided by a server computing system having one or more computing devices;
  
  the server computing system, the server system to provide an on-demand database service to the client entities, the server system further configurable to provide an application to communicate with the application-level firewall and generate an outbound message with an application provided by a computing environment having one or more computing devices, wherein the outbound message includes at least a trustworthiness indicator and marking information based on inbound processing at the application-level firewall for the one or more portions of the outbound message, wherein the outbound message is to be transmitted to a remote electronic device by at least one of the one or more computing devices, to encode the outbound message with an outbound traffic engine having an application-level firewall executing on one or more computing devices within the computing environment, the encoding based on the trustworthiness indicator and the encoding to be performed before passing the outbound message, wherein the application-level firewall is configurable to inspect network traffic specific to an application based on logic of the application, to analyze the outbound message based on encoded user data and context information with the application-level firewall to determine when the outbound message is to be considered safe or unsafe, and to perform an action on traffic to the application based on the encoded user data and the context information with one of the application-level firewall and the application by forwarding without modification when the outbound message is to be considered safe and to redirect the traffic to a designated safe URL when the outbound message is to be considered unsafe.
- View Dependent Claims (13, 14, 15)
- - 13. The system of claim 12 wherein the action comprises marking data as unexecutable.
  - 14. The system of claim 12 further comprising forwarding a response message to the remote user device.
  - 15. The system of claim 12 further comprising redirecting a response message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Gluck, Yoel
Primary Examiner(s)
TURCHEN, JAMES R

Application Number

US12/982,769
Publication Number

US 20110321151A1
Time in Patent Office

2,042 Days
Field of Search

726/11
US Class Current

1/1
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/102   Entity profiles

H04L 63/1408   by monitoring network traff...

H04L 63/1433   Vulnerability analysis

Methods and systems for providing context-based outbound processing application firewalls

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for providing context-based outbound processing application firewalls

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links