| CPC G06F 21/6245 (2013.01) [G06F 21/53 (2013.01); G06F 21/604 (2013.01); G06F 2221/2115 (2013.01)] | 20 Claims |
|
1. A system comprising:
a private data storage configured to provide:
read and write data access to one or more private software environments within a container software application; and
write-only data access to all public software environments within the container software application;
a protected data storage configured to provide:
read and write data access to the container software application;
read data access to the one or more private software environments within the container software application; and
deny data access to all public software environments within the container software application;
one or more hardware processors; and
one or more machine-readable media storing instructions that, when executed by the one or more hardware processors, cause the system to perform operations comprising:
causing execution of the container software application;
causing the container software application to execute a third-party software application in a public software environment within the container software application, the public software environment being a first HyperText Markup Language (HTML) inline frame (iframe) element; and
causing the third-party software application to execute a private software component in a private software environment within the third-party software application, the container software application being configured to write first protected data to the protected data storage and to read second protected data from the protected data storage, the private software component being a second HTML iframe element embedded in the first HTML iframe element, the private software component being configured to read third protected data from the protected data storage while preventing the third-party software application from accessing the third protected data being read by the private software component, the private software component being configured to write first private data to and read second private data from the private data storage, and the third-party software application being configured to write third private data to the private data storage.
|