US 12,455,937 B2
Theft prevention for sensitive information
Darren Remington, Mesa, AZ (US); Michael Conrad, Monroe, WA (US); Killian Koenig, Seattle, WA (US); Trevor Sundberg, Kirkland, WA (US); and David Harnett, Seattle, WA (US)
Assigned to CLOUDFLARE, INC., San Francisco, CA (US)
Filed by CLOUDFLARE, INC., San Francisco, CA (US)
Filed on Jan. 22, 2024, as Appl. No. 18/419,307.
Application 18/419,307 is a continuation of application No. 16/389,879, filed on Apr. 19, 2019, granted, now 11,880,422.
Claims priority of provisional application 62/800,948, filed on Feb. 4, 2019.
Claims priority of provisional application 62/800,937, filed on Feb. 4, 2019.
Prior Publication US 2024/0160683 A1, May 16, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/957 (2019.01); G06F 9/451 (2018.01); G06F 16/958 (2019.01); G06F 21/62 (2013.01); G06F 21/71 (2013.01); G06F 40/14 (2020.01); H04L 67/131 (2022.01)
CPC G06F 16/9574 (2019.01) [G06F 9/452 (2018.02); G06F 16/9577 (2019.01); G06F 16/972 (2019.01); G06F 16/986 (2019.01); G06F 21/6245 (2013.01); G06F 21/6281 (2013.01); G06F 21/629 (2013.01); G06F 21/71 (2013.01); G06F 40/14 (2020.01); H04L 67/131 (2022.05)] 20 Claims
OG exemplary drawing
 
1. A non-transitory machine-readable storage medium that provides instructions that, when executed by a processor causes operations to be performed including:
instantiating an instance of a remote application in an executing computing device;
intercepting, at the remote application instance in the executing computing device, a first set of one or more draw commands associated with output of the remote application instance;
providing, by the executing computing device, the first set of one or more draw commands to a rendering computing device for rendering a display of a first web page, wherein the rendering computing device is remotely located, separate, and distinct from the executing computing device;
receiving, by the executing computing device, user inputs representing an action of a user of an instance of a local application on the rendering computing device with the first web page, the local application instance and the remote application instance cooperatively providing an application isolation session isolating the local application instance from malicious changes to the remote application;
determining that the user inputs include a trigger event;
responsive to determining that the user inputs include the trigger event, evaluating one or more characteristics of one or more fields in a rendering output of the remote application instance to detect a candidate sensitive information field;
determining that the candidate sensitive information field includes verified sensitive information; and
responsive to determining that the candidate sensitive information field includes the verified sensitive information, preventing the verified sensitive information from being provided from the local application instance or the remote application instance to another application or computing device.