System and method for privilege management and revocation
First Claim
1. A method for managing privileges associated with applications in an electronic system, comprising:
- monitoring devices in the electronic system to detect use of privileges by applications being run by the device;
recording which applications have accessed which privileges;
detecting a change in privileges of the system;
comparing recorded privileges previously accessed by applications with a set of privilege changes;
identifying any privileges to be revoked based on a result of said comparing step;
when a privilege to be revoked is identified, shutting down an application that has previously accessed the revoked privilege; and
restarting any application that was shut down for having accessed a revoked privilege.
2 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure relates generally to the management of privileges associated with certain applications that are accessible by users of electronic equipment, such as, for example, networked computers, mobile wireless communications devices, and the like. In particular, the disclosure is directed to systems and methods for managing privileges associated with particular applications and for revoking these privileges in a timely and robust manner. For example, the device keeps track of which applications get access to which privileges. When policies or application control changes, the system detects which privileges have been revoked for which applications. This can be accomplished by simply comparing the old set of privileges with the new set of privileges. For each revoked privilege for a given application, the system determines if the application has ever accessed that privilege in the past. If an application has accessed a privilege that is now revoked at any time in the past, the device is reset. To ensure that privileges that may be passed between applications are not overlooked, the device is arranged to perform a reset if any revoked privilege accessible by the device is one that may be passed between applications.
-
Citations
22 Claims
-
1. A method for managing privileges associated with applications in an electronic system, comprising:
-
monitoring devices in the electronic system to detect use of privileges by applications being run by the device;
recording which applications have accessed which privileges;
detecting a change in privileges of the system;
comparing recorded privileges previously accessed by applications with a set of privilege changes;
identifying any privileges to be revoked based on a result of said comparing step;
when a privilege to be revoked is identified, shutting down an application that has previously accessed the revoked privilege; and
restarting any application that was shut down for having accessed a revoked privilege. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for managing privileges in a system comprising electronic devices having applications resident on said devices, comprising:
-
monitoring electronic devices that are present in the system;
detecting a change in privileges available to said electronic devices; and
resetting said electronic devices in response to detection of a change in privileges. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for managing privileges in a system comprising a plurality of electronic devices, said method comprising:
-
monitoring, by each device of the system, which applications on each device have access to which privileges;
recording privileges accessible via applications resident on each device of the system;
detecting a change in privileges available to said devices in said system;
comparing an old set of privileges with a new set of privileges, said new set of privileges corresponding to said change in privileges;
determining if any privileges are to be revoked based on said comparison;
resetting each device that has access to a privilege that is to be revoked;
determining whether any privileges to be revoked are able to be passed between applications; and
when a privilege to be revoked is able to be passed between applications, resetting each device that has access to said privilege. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A system for managing privileges in a network comprising a plurality of electronic devices, said system comprising:
-
a processor resident in each device of the system, for monitoring which applications on each device have access to which privileges;
a memory for recording privileges accessible via applications resident on each device of the system; and
wherein said processor is operable to;
detect a change in privileges available to said devices in said system;
compare an old set of privileges with a new set of privileges, said new set of privileges corresponding to said change in privileges;
determine if any privileges are to be revoked based on said comparison;
reset each device that has access to a privilege that is to be revoked; and
determine whether any privileges to be revoked are able to be passed between applications, and when a privilege to be revoked is able to be passed between applications, resetting each device that has access to said privilege.
-
Specification