Mobile application access control list security system

US 20030009675A1
Filed: 07/02/2002
Published: 01/09/2003
Est. Priority Date: 07/06/2001
Status: Active Grant

First Claim

Patent Images

1. A mobile application security system, comprising:

one or more hosts between which a mobile application jumps during the execution of the mobile application, the one or more hosts comprising a current host and a next host; and

a management and security console which ensures the security of the execution of the mobile application wherein the mobile application is sent to the management and security console between the jump from the current host to the next host, the management and security console further comprising means for calculating the access control list of the mobile application based on the current host to determine a computed access control list;

means for comparing the computed access control list to the actual access control list of the mobile application and means for adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mobile application security system and method, in the preferred embodiment, ensures the integrity of a mobile application'"'"'s multi-jump access control list (ACL) by either (a) checking the compatibility of a mobile application '"'"'s multi-jump ACL with a known accurate multi-jump ACL, or (b) overwriting a mobile application '"'"'s multijump ACL with an ACL which is known to be accurate, depending on whether the host dispatching the mobile application is trusted or not trusted to modify a mobile application'"'"'s multi-jump ACL, respectively.

Citations

28 Claims

1. A mobile application security system, comprising:
- one or more hosts between which a mobile application jumps during the execution of the mobile application, the one or more hosts comprising a current host and a next host; and
  
  a management and security console which ensures the security of the execution of the mobile application wherein the mobile application is sent to the management and security console between the jump from the current host to the next host, the management and security console further comprising means for calculating the access control list of the mobile application based on the current host to determine a computed access control list;
  
  means for comparing the computed access control list to the actual access control list of the mobile application and means for adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The mobile application security system of claim 1, wherein the management and security console further comprises means for assigning a trust level to each host in the mobile application system indicating whether or not the host is able to modify the access control list of the mobile application.
  - 3. The system of claim 2, wherein the mobile application jumps is programmed to jump to a third host and wherein the computed access control list comprises the access control list based on the first and next hosts.
  - 4. The system of claim 3, wherein the mobile application jumps to a plurality of hosts during its execution and wherein the access control list for the mobile application prior to any jump comprises an access control list computed based on all prior hosts to which the mobile application has jumped during its execution.
  - 5. The system of claim 2, wherein the adjusting means further comprises means, if the current host is trusted to modify the access control list, for leaving the access control list unaltered if the actual access control list of the mobile application is as restrictive as or more restrictive than the computed access control list.
  - 6. The system of claim 5, wherein the adjusting means further comprises means, if the current host is not trusted to modify the access control list, for overwriting the access control list of the mobile application if the actual access control list of the mobile application is different than the computed access control list.

7. A mobile application security method executed for a mobile application which jumps between at least a current host and a next host during its execution, the method comprising:
- providing a management and security console which ensures the security of the execution of the mobile application wherein the mobile application is sent to the management and security console between the jump from the current host to the next host;
  
  calculating the access control list of the mobile application based on the current host to determine a computed access control list;
  
  comparing the computed access control list to the actual access control list of the mobile application; and
  
  adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.
- View Dependent Claims (8, 9, 10, 11, 12, 14, 15, 16, 17, 18, 20, 21, 22, 23, 24, 26, 27, 28)
- - 8. The mobile application security method of claim 7 further comprising assigning a trust level to each host in the mobile application system indicating whether or not the host is able to modify the access control list of the mobile application.
  - 9. The method of claim 8, wherein the mobile application jumps is programmed to jump to a third host and wherein the computed access control list comprises the access control list based on the first and next hosts.
  - 10. The method of claim 9, wherein the mobile application jumps to a plurality of hosts during its execution and wherein the access control list for the mobile application prior to any jump comprises an access control list computed based on all prior hosts to which the mobile application has jumped during its execution.
  - 11. The method of claim 8, wherein the adjusting further comprises, not altering, if the current host is trusted to modify the access control list, the access control list if the actual access control list of the mobile application is as restrictive as or more restrictive than the computed access control list.
  - 12. The method of claim 11, wherein the adjusting further comprises overwriting, if the current host is not trusted to modify the access control list, the access control list of the mobile application if the actual access control list of the mobile application is different than the computed access control list.
  - 14. The mobile application security system of claim 13, wherein the management and security console further comprises means for assigning a trust level to each host in the mobile application system indicating whether or not the host is able to modify the access control list of the mobile application.
  - 15. The system of claim 14, wherein the mobile application jumps is programmed to jump to a third host and wherein the computed access control list comprises the access control list based on the first and next hosts.
  - 16. The system of claim 15, wherein the mobile application jumps to a plurality of hosts during its execution and wherein the access control list for the mobile application prior to any jump comprises an access control list computed based on all prior hosts to which the mobile application has jumped during its execution.
  - 17. The system of claim 14, wherein the adjusting means further comprises means, if the current host is trusted to modify the access control list, for leaving the access control list unaltered if the actual access control list of the mobile application is as restrictive as or more restrictive than the computed access control list.
  - 18. The system of claim 17, wherein the adjusting means further comprises means, if the current host is not trusted to modify the access control list, for overwriting the access control list of the mobile application if the actual access control list of the mobile application is different than the computed access control list.
  - 20. The mobile application security method of claim 19 further comprising assigning a trust level to each host in the mobile application system indicating whether or not the host is able to modify the access control list of the mobile application.
  - 21. The method of claim 20, wherein the mobile application jumps is programmed to jump to a third host and wherein the computed access control list comprises the access control list based on the first and next hosts.
  - 22. The method of claim 21, wherein the mobile application jumps to a plurality of hosts during its execution and wherein the access control list for the mobile application prior to any jump comprises an access control list computed based on all prior hosts to which the mobile application has jumped during its execution.
  - 23. The method of claim 20, wherein the adjusting further comprises unaltering, if the current host is trusted to modify the access control list, the access control list if the actual access control list of the mobile application is as restrictive as or more restrictive than the computed access control list.
  - 24. The method of claim 23, wherein the adjusting further comprises overwriting, if the current host is not trusted to modify the access control list, the access control list of the mobile application if the actual access control list of the mobile application is different than the computed access control list.
  - 26. The console of claim 25 further comprising means for assigning a trust level to each host in the mobile application system indicating whether or not the host is able to modify the access control list of the mobile application.
  - 27. The console of claim 26, wherein the adjusting means further comprises means, if the current host is trusted to modify the access control list, for leaving the access control list unaltered if the actual access control list of the mobile application is as restrictive as or more restrictive than the computed access control list.
  - 28. The console of claim 26, wherein the adjusting means further comprises means, if the current host is not trusted to modify the access control list, for overwriting the access control list of the mobile application if the actual access control list of the mobile application is different than the computed access control list.

13. A mobile application security system, comprising:
- one or more hosts between which a mobile application jumps during the execution of the mobile application, the one or more hosts comprising a current host and a next host;
  
  a management and security console which ensures the security of the execution of the mobile application wherein the mobile application is sent to the management and security console between the jump from the current host to the next host, the management and security console being connected to each host to form a hub and spoke arrangement; and
  
  the management and security console further comprising means for calculating the access control list of the mobile application based on the current host to determine a computed access control list;
  
  means for comparing the computed access control list to the actual access control list of the mobile application and means for adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.

19. A method for managing the access control list of a mobile application which jumps between a current host and a next host during the execution of the mobile application, the method comprising:
- calculating the access control list of the mobile application based on the current host to determine a computed access control list comparing the computed access control list to the actual access control list of the mobile application; and
  
  adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.

25. A mobile application management and security console for a mobile application system having one or more hosts between which a mobile application jumps during the execution of the mobile application, the one or more hosts comprising a current host and a next host wherein the mobile application is sent to the management and security console between the jump from the current host to the next host, the mobile application management and security console comprising:
- means for calculating the access control list of the mobile application based on the current host to determine a computed access control list;
  
  means for comparing the computed access control list to the actual access control list of the mobile application; and
  
  means for adjusting the actual access control list of the mobile application based on the computed access control list and a trust level associated with the current host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aramira Corporation
Original Assignee
Aramira Corporation
Inventors
Rygaard, Christopher A.

Granted Patent

US 7,065,783 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/54 by adding security routines...

G06F 2221/2101 Auditing as a secondary aspect

Mobile application access control list security system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile application access control list security system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links