Computer device and method for isolating untrusted content on a clipboard

1 . A computer device comprising a processor and a memory, wherein the computer device is configured to: provide a primary clipboard accessible from a primary user account, wherein the primary clipboard enables content to be temporarily stored therein and retrieved therefrom; programmatically create a secondary user account derived from the primary user account, wherein the secondary user account isolates an untrusted process; provision a secondary clipboard associated with the secondary user account; intercept a clipboard operation request from the secondary user account for a cut, copy or paste type clipboard operation which is directed toward the primary clipboard; and satisfy the clipboard operation request using the secondary clipboard associated with the secondary user account. 2 . The computer device of claim 1 , wherein the computer device is further configured to provision the secondary clipboard in response to intercepting the clipboard operation request. 3 . The computer device of claim 1 , wherein the computer device is further configured to selectively determine to permit or deny the clipboard operation request from the secondary user account. 4 . The computer device of claim 1 , wherein the computer device is further configured to share an item of clipboard content between the primary clipboard and the secondary clipboard. 5 . The computer device of claim 4 , wherein the computer device is further configured to selectively determine to permit or deny sharing of the item of clipboard content between the primary clipboard and the secondary clipboard. 6 . The computer device of claim 4 , wherein the item of clipboard content is taken from the secondary clipboard, wherein the computer device is further configured to modify the item of clipboard content to create a modified clipboard content item, and wherein the computer device is further configured to provide the modified clipboard content item onto the primary clipboard. 7 . The computer device of claim 6 , wherein the computer device is further configured to determine whether to modify content shared between the primary clipboard and the secondary clipboard associated with the secondary user account. 8 . The computer device of claim 1 , wherein the computer device further comprises an agent module, wherein the agent module is configured to: provision the secondary clipboard associated with the secondary user account; intercept the request from the secondary user account which is directed toward the primary clipboard; and satisfy the request using the secondary clipboard. 9 . The computer device of claim 8 , wherein the agent module is further configured to: provision a secondary window station object comprising the secondary clipboard associated with the secondary user account. 10 . The computer device of claim 9 , wherein the agent module is further configured to: control the computer device to switch between a primary workstation object comprising the primary clipboard associated with the primary user account and the secondary window station object comprising the secondary clipboard associated with the secondary user account. 11 . A method for isolating untrusted content on a computer device, the method being implemented by hardware of the computer device including at least a processor and a memory, the method comprising: providing a primary clipboard accessible from a primary user account, wherein the primary clipboard enables content to be temporarily stored therein and retrieved therefrom; creating programmatically a secondary user account derived from the primary user account, wherein the secondary user account isolates an untrusted process; provisioning a secondary clipboard associated with the secondary user account; intercepting a clipboard operation request from the secondary user account which is directed toward the primary clipboard; and satisfying the request using the secondary clipboard associated with the secondary user account. 12 . The method of claim 11 , wherein provisioning the secondary clipboard comprises provisioning the secondary clipboard in response to intercepting the clipboard operation request. 13 . The method of claim 11 , wherein the method further comprises selectively determining to permit or deny the clipboard operation request from the secondary user account. 14 . The method of claim 11 , wherein the method further comprises sharing an item of clipboard content between the primary clipboard and the secondary clipboard. 15 . The method of claim 14 , wherein the method further comprises selectively determining to permit or deny sharing of the item of clipboard content between the primary clipboard and the secondary clipboard. 16 . The method of claim 14 , wherein the item of clipboard content is taken from the secondary clipboard, wherein the method further comprises modifying the item of clipboard content to create a modified clipboard content item, and providing the modified clipboard content item onto the primary clipboard. 17 . The method of claim 16 , wherein the method further comprises determining whether to modify content shared between the primary clipboard and the secondary clipboard associated with the secondary user account. 18 . The method of claim 11 , wherein provisioning the secondary clipboard comprises provisioning a secondary window station object comprising the secondary clipboard associated with the secondary user account. 19 . The method of claim 11 , wherein the method further comprises switching between a primary workstation object comprising the primary clipboard associated with the primary user account and the secondary window station object comprising the secondary clipboard associated with the secondary user account. 20 . A non-transitory computer readable storage medium having recorded thereon instructions which, when implemented by a computer device, cause one or more of the computer device to perform the method of claim 11 and the computer device to be arranged as set forth in claim 1 .