Mobile device platform for access privilege control system

US 10,587,623 B2
Filed: 07/16/2018
Issued: 03/10/2020
Est. Priority Date: 01/31/2018
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

under control of one or more processors;

receiving, from a first client device associated with a first client, a request to control access privileges of a service feature accessible with a client account, the service feature being begins by at least a second client of the client account;

retrieving, from a data store, one or more existing access privilege rules associated with the client account;

identifying a subset of the one or more existing access privilege rules that relate to the service feature, based at least in part on the request;

generating a set of updated access privilege rules for the client account, based at least in part on an analysis of the subset of the one or more existing access privilege rules;

dynamically integrating the set of updated access privilege rules with the one or more existing access privilege rules to create a set of updated access privilege rules for the client account; and

transmitting the set of updated access privilege rules to at least a second client device associated with the second client.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes techniques for facilitating a primary account holder (PAH) of a client account to control access privileges of service features that are accessible by secondary account holders (SAH), via the client account. More specifically, an Access Privilege Control (APC) system is described that enables the PAH to generate access privilege rules that control the use of service features by a SAH, that are accessible via the client device(s) associated with the client account. The APC system may associate a set of updated access privilege rules with virtual profile data for clients associated with the client account. The virtual profile data may be transmitted to client devices, or subset thereof, associated with the client account. Further, the APC system may monitor an operation of client devices associated with the client account and provide one or more recommendations to update access privilege rules based on monitored service feature usage.

Citations

20 Claims

1. A computer-implemented method, comprising:
- under control of one or more processors;
  
  receiving, from a first client device associated with a first client, a request to control access privileges of a service feature accessible with a client account, the service feature being begins by at least a second client of the client account;
  
  retrieving, from a data store, one or more existing access privilege rules associated with the client account;
  
  identifying a subset of the one or more existing access privilege rules that relate to the service feature, based at least in part on the request;
  
  generating a set of updated access privilege rules for the client account, based at least in part on an analysis of the subset of the one or more existing access privilege rules;
  
  dynamically integrating the set of updated access privilege rules with the one or more existing access privilege rules to create a set of updated access privilege rules for the client account; and
  
  transmitting the set of updated access privilege rules to at least a second client device associated with the second client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, further comprising:
    - identifying a plurality of client devices associated with the client account, andwherein, transmitting the updated access privilege rules to at least the second client device further includes transmitting the updated access privilege rules to the plurality of client devices.
  - 3. The computer-implemented method of claim 1, wherein the request further includes authentication credentials associated with the first client, and further comprising:
    - verifying an identity of the first client as a primary account holder of the client account, based at least in part on the authentication credentials; and
      
      determining that the first client is authorized to control access privileges associated with the service feature accessible by at least the second client, andwherein, generating the set of updated access privilege rules for the client account is further based at least in part on the first client having authorization to control access privileges associated with the service feature.
  - 4. The computer-implemented method of claim 1, further comprising:
    - determining that the service feature corresponds to a user application accessible by at least the second client via the second client device, based at least in part on analysis of the request, andwherein the set of updated access privilege rules are configured to control use of the user application via the second client device.
  - 5. The computer-implemented method of claim 1, further comprising:
    - determining that the service feature corresponds to an application feature of a user application accessible by at least the second client via the second client device, andwherein the set of updated access privilege rules are configured to control use of the application feature and simultaneously permit uncontrolled use of remaining application features of the user application.
  - 6. The computer-implemented method of claim 1, further comprising:
    - determining that the service feature corresponds to a communication medium accessible by the second client via the second client device, the communication medium corresponding to at least one of a voice-based communications medium, a text-based communications medium, or a data-based communications medium, andwherein the set of updated access privilege rules are configured to control use of the communication medium via the second client device.
  - 7. The computer-implemented method of claim 6, further comprising:
    - monitoring an operation of the second client device to detect an attempt to use the communication medium;
      
      intercepting receipt of an instance of communications data via the communication medium prior to delivery to the second client device;
      
      determining that delivery of the instance of communications data to the second client device violates the set of updated access privilege rules associated with the client account;
      
      transmitting, to the first client device, a message that includes one or more selectable options to permit delivery of the instance of communications data to the second client device, re-direct delivery of the instance of communications data to the first client device, or deny delivery of the instance of communications data to the second client device; and
      
      delivering the instance of communications data to one of the first client device or the second client device, based at least in part on a response to the message.
  - 8. The computer-implemented method of claim 1, further comprising:
    - monitoring an operation of the second client device to detect an attempt to use the service feature;
      
      intercepting the attempt to use the service feature on the second client device;
      
      determining that use of the service feature violates the set of updated access privilege rules associated with the client account; and
      
      preventing use of the service feature on the second client device; and
      
      causing display of a message on a user interface of at least one of the first client device or the second client device, the message indicating that use of the service feature has been intercepted.
  - 9. The computer-implemented method of claim 1, wherein the request further includes an activation parameter that triggers control of access privileges of the service feature, and further comprising:
    - determining that the activation parameter permits use of the service feature during a predetermined time interval, or allots an amount of time usage or an amount of data usage that is permissible prior to triggering control of access privileges of the service feature, andwherein, the set of updated access privilege rules for the client account are further based at least in part on the activation parameter.

10. One or more non-transitory computer-readable media storing computer-executable instructions that, when executed on one or more processors, cause the one or more processors to perform acts comprising:
- receiving, from a client device associated with a primary account holder (PAH), a request to control access privileges of a service feature accessible with a client account, the service feature being accessible by at least a secondary account holder (SAH) via one of a plurality of client devices;
  
  parsing through the request to identify an activation parameter that triggers control of the access privileges relating to the service feature;
  
  retrieving, from a data store, one or more existing access privilege rules associated with the client account;
  
  analyzing a subset of the one or more existing access privilege rules that relate to service feature, based at least in part on the request;
  
  generating a set of updated access privilege rules for the client account, based at least in part on analysis of the subset of the one or more existing access privilege rules and the activation parameter; and
  
  transmitting the set of update access privilege rules to the plurality of client devices associated with the client account.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The one or more non-transitory computer-readable media of claim 10, wherein the activation parameter corresponds to a context of operation that triggers control of access privileges of the service feature, the context of operation corresponding to an indication, via one of the plurality of client devices, that a disposition of the SAH is a running motion, a motion within a moving vehicle, or an indication that the SAH is within a predetermined proximity of a predetermined geographic location.
  - 12. The one or more non-transitory computer-readable media of claim 11, further storing instructions that when executed cause the one or more processors to perform acts comprising:
    - determining that the SAH has established an authenticated session with a second client device of the plurality of client devices;
      
      monitoring an operation of the second client device to detect an attempt to use the service feature;
      
      determining a current context of operation of the second client device;
      
      intercepting the attempt to use the service feature on the second client device;
      
      determining that use of the service feature violates the set of updated access privilege rules associated with the client account, based at least in part on the current context of operation of the second client device; and
      
      preventing use of the service feature on the second client device.
  - 13. The one or more non-transitory computer-readable media of claim 10, wherein the request further includes an indication of a duration for control of access privileges associated with the service feature, and further storing instructions that when executed cause the one or more processors to perform acts comprising:
    - determining that the service feature associated with the request is a core-service feature of the client account; and
      
      retrieving, from the data store, a time-limit parameter that imposes a duration-limit on control of access privileges associated with core-service features, andwherein, generating the set of updated access privilege rules for the client account is further based at least in part on the time-limit parameter.
  - 14. The one or more non-transitory computer-readable media of claim 10, further comprising:
    - prior to receipt of the request, receiving, from the PAH via the client device, one of an impermissible-list of contacts that the SAH is not permitted to contact, or a permissible-list of contacts that the SAH is only permitted to contact;
      
      determining that the service feature relates to a voice-based communications channel or a text-based communications channel;
      
      determining that the activation parameter identifies at least one of an impermissible-list of contacts or a permissible-list of contacts; and
      
      retrieving, from the data store, one of the impermissible-list of contacts or the permissible-list of contacts, based at least in part on the service feature, andwherein, generating the set of updated access privilege rules for the client account is further based at least in part on one of the impermissible-list of contacts or the permissible-list of contacts.
  - 15. The one or more non-transitory computer-readable media of claim 10, wherein, integrating the set of updated access privilege rules with the one or more existing access privilege rules includes at least one of modifying a subset of the one or more existing access privilege rules or deleting a subset of the one or more existing access privilege rules.

16. A system comprising:
- one or more processors;
  
  memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to;
  
  receive, from a first client device associated with a first client, a request to control access privileges of at least a second client, the access privileges relating to a service feature accessible with a client account, the service feature being accessible by a plurality of client devices associated with the client account;
  
  determine whether the first client is authorized to control access privileges of at least the second client and access privileges relating to the service feature of the client account;
  
  retrieve, from a data store, existing access privilege rules associated with the client account;
  
  analyze a subset of the one or more existing access privilege rules that relate to the second client and the service feature;
  
  generate a set of updated access privilege rules, based at least in part on analysis of the subset of the one or more existing access privilege rules; and
  
  transmit the set of updated access privilege rules to the plurality of client devices associated with the client account.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the one or more modules are further executable by the one or more processors to:
    - transmit a message to the first client device indicating that the request to control access privileges of at least the second client is not authorization, in response to a determination that the first client is not authorized to control access privileges of at least the second client or the service feature.
  - 18. The system of claim 16, wherein the one or more modules are further executable by the one or more processors to:
    - prior to receipt of the request, receive, from the first client via the first client device, an impermissible-list of geographic locations where the second client is not permitted to access a subset of service features accessible via the client account or a permissible-list of geographic locations where the second client is only permitted to access the subset of service features; and
      
      determine whether the service feature associated with the request is included within the subset of service features, andwherein, to generate the set of updated access privilege rules is further based at least in part on one or more the impermissible-list of geographic locations or the permissible-list of geographic locations.
  - 19. The system of claim 16, wherein the service feature identified within the request corresponds to one of a voice-based communications channel, a text-based communications channel, data-based communications channel, a user application native to at least one of the plurality of client devices associated with the client account, or an application feature associated with the user application.
  - 20. The system of claim 16, wherein the one or more modules are further executable by the one or more processors to:
    - parse through the request to identify an activation parameter that triggers control of the access privileges relating to the service feature, andwherein the activation parameter corresponds to one or more of a time of day, a week-day of week, an allotment of time usage for a service feature, an allotment of data usage for a service feature, a permissible-list of contacts, or an impermissible-list of contacts.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Chauhan, Kanakrai
Primary Examiner(s)
Nguyen, David Q

Application Number

US16/036,839
Publication Number

US 20190239076A1
Time in Patent Office

603 Days
Field of Search

726 4, 726 5, 715716, 705 37
US Class Current
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/083   using passwords cryptograph...

H04L 63/0861   using biometrical features,...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 63/107   wherein the security polici...

H04L 63/108   when the policy decisions a...

H04L 67/306   User profiles

H04L 67/34   involving the movement of s...

H04M 1/67   by electronic means

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 8/18   Processing of user or subsc...

Mobile device platform for access privilege control system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile device platform for access privilege control system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links