Cross-domain data sharing with permission control

US 10,042,680 B2
Filed: 07/17/2014
Issued: 08/07/2018
Est. Priority Date: 07/17/2014
Status: Active Grant

First Claim

Patent Images

1. A method performed on an electronic device, the method comprising:

executing a first clipboard agent in a first operating system (OS) domain of the electronic device, the first clipboard agent associated with a first clipboard service of the first OS domain;

coordinating between the first clipboard agent and a second clipboard agent of a second OS domain of the electronic device regarding clipboard commands in the first OS domain and the second OS domain;

mediating, at the first clipboard agent, cross-domain access to the first clipboard service based at least in part on permissions associated with the first OS domain;

receiving, at the first clipboard agent, a clipboard request from a first application in the first OS domain requesting to retrieve content from the first clipboard service;

determining that the second OS domain has most recently processed a store command associated with storing the content in a corresponding clipboard service of the first and second OS domains; and

sending a cross-domain request to the second clipboard agent to request the content from a second clipboard service in the second OS domain,wherein the first clipboard agent and the second clipboard agent separately enforce security parameters to limit access to content stored in the first clipboard service and the second clipboard service, respectively, the security parameters comprising at least one of;

one or more keyword-based permissions specifying that access to content from the first or second clipboard service is restricted to content that does not contain one or more specific keywords;

one or more time-specific permissions specifying that access to content from the first or second clipboard service is restricted to one or more specific days and/or times of the day;

orone or more location-specific permissions specifying that access to content stored in the first or second clipboard service is restricted to when the electronic device is at one or more specific locations.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device may maintain separate OS domains associated with security permissions. The OS domain may implement separate corresponding clipboard services. A clipboard agent or clipboard mediator service may receive a clipboard data request from a first application. The clipboard agent may determine which OS domain has most recently processed a store command associated with storing data in a corresponding clipboard service of the OS domain. The clipboard agent associated with the OS domain that most recently stored content may determine whether to send the data from the corresponding clipboard service based at least in part on permissions associated with the OS domain. Security of the clipboard access may be enforced on a per domain basis. Access to clipboard content may be mediated at the time of the request without a need to share data prior to the request.

12 Citations

View as Search Results

27 Claims

1. A method performed on an electronic device, the method comprising:
- executing a first clipboard agent in a first operating system (OS) domain of the electronic device, the first clipboard agent associated with a first clipboard service of the first OS domain;
  
  coordinating between the first clipboard agent and a second clipboard agent of a second OS domain of the electronic device regarding clipboard commands in the first OS domain and the second OS domain;
  
  mediating, at the first clipboard agent, cross-domain access to the first clipboard service based at least in part on permissions associated with the first OS domain;
  
  receiving, at the first clipboard agent, a clipboard request from a first application in the first OS domain requesting to retrieve content from the first clipboard service;
  
  determining that the second OS domain has most recently processed a store command associated with storing the content in a corresponding clipboard service of the first and second OS domains; and
  
  sending a cross-domain request to the second clipboard agent to request the content from a second clipboard service in the second OS domain,wherein the first clipboard agent and the second clipboard agent separately enforce security parameters to limit access to content stored in the first clipboard service and the second clipboard service, respectively, the security parameters comprising at least one of;
  
  one or more keyword-based permissions specifying that access to content from the first or second clipboard service is restricted to content that does not contain one or more specific keywords;
  
  one or more time-specific permissions specifying that access to content from the first or second clipboard service is restricted to one or more specific days and/or times of the day;
  
  orone or more location-specific permissions specifying that access to content stored in the first or second clipboard service is restricted to when the electronic device is at one or more specific locations.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - receiving, at the first clipboard agent, a store command from the first application, the store command directing the first clipboard service to store content from the first application;
      
      forwarding the store command to the first clipboard service; and
      
      sending, from the first clipboard agent to the second clipboard agent of the second OS domain, a notification regarding the store command.
  - 3. The method of claim 1, further comprising:
    - receiving, at the first clipboard agent, a second clipboard request from a second application in the first OS domain;
      
      determining whether the first clipboard service of the first OS domain or the second clipboard service of the second OS domain has most recently stored content;
      
      retrieving the content from the first clipboard service if the first clipboard service has most recently stored the content requested by the second application; and
      
      sending a request to the second clipboard agent of the second OS domain if the second clipboard service has most recently stored the content requested by the second application.
  - 4. The method of claim 1, further comprising:
    - receiving a notification from the second clipboard agent regarding a store command in the second OS domain; and
      
      storing an indication of the store command responsive to receiving the notification.
  - 5. The method of claim 4, wherein the indication comprises a dummy reference clip stored in the first clipboard service.
  - 6. The method of claim 1, further comprising:
    - receiving, at the first clipboard agent, another clipboard request from the first application in the first OS domain requesting to retrieve content from the first clipboard service;
      
      determining that the first OS domain has most recently processed a store command associated with storing content in a corresponding clipboard service of the first and second OS domains; and
      
      sending the clipboard request to the first clipboard service responsive to determining that the first OS domain has most recently processed the store command.
  - 7. The method of claim 1, further comprising, prior to sending the cross-domain request to the second clipboard agent:
    - determining whether to send the cross-domain request to the second clipboard agent based at least in part on whether the security parameters enforced by the first clipboard agent allow incoming data from the second OS domain.
  - 8. The method of claim 1, further comprising:
    - receiving the content from the second clipboard agent responsive to the cross-domain request; and
      
      sending the content to the first application.
  - 9. The method of claim 1, further comprising:
    - receiving an indication from the second clipboard agent that the cross-domain request was rejected; and
      
      presenting a notice of the rejection via a user interface if the first application is active in the user interface.
  - 10. The method of claim 9, wherein the indication that the cross-domain request was rejected comprises receiving null content in response to the cross-domain request.
  - 11. The method of claim 1, further comprising:
    - receiving a second cross-domain request from the second clipboard agent, the second cross-domain request associated with a request from a second application in the second OS domain to access content from the first clipboard service; and
      
      determining whether the second application in the second domain has permission to access content from the first clipboard service based on the security parameters enforced by the first clipboard agent, the security parameters further comprising;
      
      application-specific permissions specifying that access to content from the first or second clipboard service is permitted only for specific types of applications;
      
      wherein the one or more time-specific permissions further specify that content-sharing between the first clipboard and second services is permitted during a work shift of a user of the electronic device; and
      
      wherein the one or more location-specific permissions further specify that content-sharing between the first and second clipboard services is permitted when the electronic device is at a work location of the user.
  - 12. The method of claim 11, further comprising:
    - providing the content to the second clipboard agent responsive to the first clipboard agent determining that the second application has permission to access the content based on the security parameters; and
      
      providing a rejection to the second clipboard agent responsive to the first clipboard agent determining that the second application does not have permission to access the content based on the security parameters.

13. An electronic device, comprising:
- one or more processors; and
  
  one or more memory units configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to,execute a first clipboard agent in a first operating system (OS) domain of the electronic device, the first clipboard agent associated with a first clipboard service of the first OS domain,coordinate between the first clipboard agent and a second clipboard agent of a second OS domain of the electronic device regarding clipboard commands in the first OS domain and the second OS domain,mediate, at the first clipboard agent, cross-domain access to the first clipboard service based at least in part on permissions associated with the first OS domain,receive, at the first clipboard agent, a clipboard request from a first application in the first OS domain requesting to retrieve content from the first clipboard service,determine that the second OS domain has most recently processed a store command associated with storing the content in a corresponding clipboard service of the first and second OS domains, andsend a cross-domain request to the second clipboard agent to request the content from a second clipboard service in the second OS domain,wherein the first clipboard agent and the second clipboard agent separately enforce security parameters to limit access to content stored in the first clipboard service and the second clipboard service, respectively, the security parameters comprising at least one of;
  
  one or more keyword-based permissions specifying that access to content from the first or second clipboard service is restricted to content that does not contain one or more specific keywords;
  
  one or more time-specific permissions specifying that access to content from the first or second clipboard service is restricted to one or more specific days and/or times of the day;
  
  orone or more location-specific permissions specifying that access to content stored in the first or second clipboard service is restricted to when the electronic device is at one or more specific locations.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 27)
- - 14. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive, at the first clipboard agent, a store command from the first application, the store command directing the first clipboard service to store content from the first application;
      
      forward the store command to the first clipboard service; and
      
      send, from the first clipboard agent to the second clipboard agent of the second OS domain, a notification regarding the store command.
  - 15. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive, at the first clipboard agent, a clipboard request from a second application in the first OS domain;
      
      determine whether the first clipboard service of the first OS domain or the second clipboard service of the second OS domain has most recently stored content;
      
      retrieve the content from the first clipboard service if the first clipboard service has most recently stored the content; and
      
      send a request to the second clipboard agent of the second OS domain if the second clipboard service has most recently stored the content.
  - 16. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive a notification from the second clipboard agent regarding a store command in the second OS domain; and
      
      store an indication of the store command responsive to receiving the notification.
  - 17. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive, at the first clipboard agent, a clipboard request from a second application in the first OS domain requesting to retrieve content from the first clipboard service; and
      
      determine that the first OS domain has most recently processed a store command associated with storing content in a corresponding clipboard service of the first and second OS domains; and
      
      send the clipboard request to the first clipboard service.
  - 18. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to, prior to sending the cross-domain request to the second clipboard agent:
    - determine whether to send the cross-domain request to the second clipboard agent based at least in part on whether permissions of the first OS domain allow incoming data from the second OS domain.
  - 19. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive the content from the second clipboard agent responsive to the cross-domain request; and
      
      send the content to the first application.
  - 20. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive an indication from the second clipboard agent that the cross-domain request was rejected; and
      
      present a notice of the rejection via a user interface if the first application is active in the user interface.
  - 21. The electronic device of claim 13, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - receive a cross-domain request from the second clipboard agent, the cross-domain request associated with a paste command from a second application in the second OS domain; and
      
      determine whether the second application in the second domain has permission to access content from the first clipboard service.
  - 22. The electronic device of claim 21, wherein the one or more memory units are further configured to store instructions, which when executed by at least one of the one or more processors, cause the electronic device to:
    - provide the content to the second clipboard agent responsive to determining that the second application has permission to paste the content; and
      
      provide a rejection to the second clipboard agent responsive to determining that the second application does not have permission to paste the content.
  - 27. The electronic device of claim 13, further comprising a clipboard mediator service implemented by the electronic device to perform the coordinating between the first clipboard agent and the second clipboard agent, wherein the clipboard mediator service is implemented in a central domain that is separate from the first and second OS domains.

23. A non-transitory machine readable medium having stored thereon executable instructions for causing one or more processors to perform operations comprising:
- executing a first clipboard agent in a first operating system (OS) domain of an electronic device, the first clipboard agent associated with a first clipboard service of the first OS domain;
  
  coordinating between the first clipboard agent and a second clipboard agent of a second OS domain of the electronic device regarding clipboard commands in the first OS domain and the second OS domain;
  
  mediating, at the first clipboard agent, cross-domain access to the first clipboard service based at least in part on permissions associated with the first OS domain;
  
  receiving, at the first clipboard agent, a clipboard request from a first application in the first OS domain requesting to retrieve content from the first clipboard service;
  
  determining that the second OS domain has most recently processed a store command associated with storing the content in a corresponding clipboard service of the first and second OS domains; and
  
  sending a cross-domain request to the second clipboard agent to request the content from a second clipboard service in the second OS domain,wherein the first clipboard agent and the second clipboard agent separately enforce security parameters to limit access to content stored in the first clipboard service and the second clipboard service, respectively, the security parameters comprising at least one of;
  
  one or more keyword-based permissions specifying that access to content from the first or second clipboard service is restricted to content that does not contain one or more specific keywords;
  
  one or more time-specific permissions specifying that access to content from the first or second clipboard service is restricted to one or more specific days and/or times of the day;
  
  orone or more location-specific permissions specifying that access to content stored in the first or second clipboard service is restricted to when the electronic device is at one or more specific locations.
- View Dependent Claims (24, 25, 26)
- - 24. The non-transitory machine readable medium of claim 23, said operations further comprising:
    - receiving, at the first clipboard agent, a store command from the first application, the store command directing the first clipboard service to store content from the first application;
      
      forwarding the store command to the first clipboard service; and
      
      sending, from the first clipboard agent to the second clipboard agent of the second OS domain, a notification regarding the store command.
  - 25. The non-transitory machine readable medium of claim 23, said operations further comprising:
    - receiving, at the first clipboard agent, a clipboard request from a second application in the first OS domain requesting to retrieve content from the first clipboard service; and
      
      determining that the first OS domain has most recently processed a store command associated with storing content in a corresponding clipboard service of the first and second OS domains; and
      
      sending the clipboard request to the first clipboard service.
  - 26. The non-transitory machine readable medium of claim 23, said operations further comprising:
    - receiving a second cross-domain request from the second clipboard agent, the second cross-domain request associated with a paste command from a second application in the second OS domain; and
      
      determining whether the second application in the second domain has permission to access content from the first clipboard service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
2236008 Ontario Inc. (Blackberry Limited), Blackberry Limited
Inventors
Major, Daniel Jonas, Peters, Ian David, Wurster, Glenn Daniel, Tapuska, David Francis
Primary Examiner(s)
Augustine, Nicholas

Application Number

US14/334,360
Publication Number

US 20160019104A1
Time in Patent Office

1,482 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218 to a system of files or obj...

G06F 9/543 User-generated data transfe...

Cross-domain data sharing with permission control

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Cross-domain data sharing with permission control

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links