Content viewability detection
US-10783548-B1 · Sep 22, 2020 · US
Security system and method
US11301561B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11301561-B2 |
| Application number | US-201916245671-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 11, 2019 |
| Priority date | Apr 3, 2018 |
| Publication date | Apr 12, 2022 |
| Grant date | Apr 12, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the operation to be performed based on the first indication of security privileges.
First claim
Opening claim text (preview).
What is claimed is: 1. A method performed by one or more processors, the method comprising: requesting a custom computer program by a user having a user privilege level; receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer; loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; executing the custom computer program within the iframe sandbox; initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; identifying the requested operation; using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation receiving the first indication of security privileges and the second indication of security privileges from the security server; and in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program is permitted to perform the identified operation, causing the identified operation to be performed; wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level and the second privilege level indicate the unpermitted operation should be permitted. 2. The method of claim 1 , further comprising: in response to the first indication indicating that the developer is not permitted to perform the identified operation, generating an alert based on the request from the custom computer program and causing the alert to be at least one of stored or transmitted. 3. The method of claim 1 , further comprising: in response to the second privilege level indicating the custom computer program is not permitted to perform the identified operation, generating an alert based on the request from the custom computer program and causing the alert to be at least one of stored or transmitted. 4. The method of claim 1 , wherein the custom computer program comprises code executable by a web browser. 5. The method of claim 4 , wherein the iframe sandbox is provided by the web browser. 6. The method of claim 1 , wherein the iframe sandbox is implemented using mandatory access control. 7. The method of claim 1 , wherein the identified operation comprises retrieving data, the method further comprising: communicating a response comprising at least a portion of the retrieved data to the custom computer program. 8. A computing system comprising: a hardware computer processor; a non-transitory computer readable medium having software instructions stored thereon, the software instructions executable by the hardware computer processor to cause the computing system to perform operations comprising: requesting a custom computer program by a user having a user privilege level; receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer; loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; executing the custom computer program within the iframe sandbox; initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; identifying the requested operation; using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation receiving the first indication of security privileges and the second indication of security privileges from the security server; and in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program is permitted to perform the identified operation, causing the identified operation to be performed; wherein when the operation is not permitted by the iframe sandbox, the secure request forwarder may cause the unpermitted operation to be performed outside of the iframe sandbox if the first privilege level and the second privilege level indicate the unpermitted operation should be permitted. 9. A non-transitory computer readable medium having software instructions stored thereon, the software instructions executable by a hardware computer processor to cause a computing system to perform operations comprising: requesting a custom computer program by a user having a user privilege level; receiving, in response to the request, the custom computer program including source code comprising a plurality of operations, the source code of the custom computer program being authored and provided by a developer; loading the custom computer program into an iframe sandbox to limit which of the plurality of operations that the custom computer program is able to perform; executing the custom computer program within the iframe sandbox; initiating, by the executing custom computer program, a request for performance of an operation of the plurality of operations by the iframe sandbox; in response to the iframe sandbox not permitting the requested operation, receiving the requested operation at a secure request forwarder; identifying the requested operation; using the identified operation, request a first indication of security privileges and a second indication of security privileges from a security server; wherein the first indication of security privileges is specific to the developer and the second indication of security privileges is specific to the custom computer program; and wherein the first indication includes a first privilege level specific to the identified operation and the second indication includes a second privilege level specific to the identified operation receiving the first indication of security privileges and the second indication of security privileges from the security server; and in response to determining that the first privilege level indicates that the custom computer program is permitted to perform the identified operation and the second privilege level indicates that the custom computer program
Assignees
Inventors
Classifications
at program execution time, where the protection is within the operating system · CPC title
- G06F21/53Primary
by executing in a restricted environment, e.g. sandbox or secure virtual machine · CPC title
Multi-level security, e.g. mandatory access control · CPC title
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title
Access rights, e.g. capability lists, access control lists, access tables, access matrices · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11301561B2 cover?
- A method performed by one or more processors, and an apparatus is disclosed. The method may comprise identifying a request from a custom computer program within a sandbox to perform an operation not permitted within the sandbox, and receiving a first indication of security privileges associated with a provider of the custom computer program. The method may also comprise selectively causing the …
- Who is the assignee on this patent?
- Palantir Technologies Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/53. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 12 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).