SYSTEMS AND METHODS FOR REGULATING ACCESS TO RESOURCES AT APPLICATION RUN TIME
First Claim
1. A device comprising:
- one or more processing units;
a memory, coupled to at least one of the one or more processing units, the memory storing;
an operating system having an application installation module, wherein the application installation module comprises instructions for forming a catalog of the resources requested by a first application thereby installing the first application on the device;
a permissions application, the permissions application having electronic access to an information store that comprises a plurality of permissions, each permission in the plurality of permissions associated with a corresponding resource in a plurality of resources associated with the device, wherein the information store specifies, for each respective resource in the plurality of resources of the device, which applications in a plurality of applications have run-time access permission to use the respective resource, the plurality of applications including the first application;
the memory further comprising instructions that are executed by at least one of the one or more processing units, the instructions comprising instructions for;
(A) executing the first application on the device;
(B) receiving a request for a resource in the catalog of resources from the first application while the first application is executing on the device; and
(C) using, responsive to the request, the permissions application and the information store to determine whether the first application has a run-time access permission to use the resource, wherein,when the first application has the run-time access permission to use the resource, the first application is granted run-time access to the resource; and
when the first application does not have the run-time access permission to use the resource, the first application is not granted run-time access to the resource and the first application is permitted to continue to execute on the device without run-time access to the requested resource.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods are provided for regulating access to resources at application run-time. A permissions application is invoked. The permissions application accesses an information store comprising a plurality of permissions. Each such permission is associated with a corresponding resource in a plurality of device resources. The information store specifies which applications have permission to access which device resources. An application is executed on the device and makes a request for a resource while the application is executing. Responsive to the request, the permissions application determines whether the application has run-time access permission to use the resource. When the application has run-time access permission to use the resource, it is granted run-time access to the resource. When the application does not have run-time access permission to use the resource, it is not granted run-time access to the resource but is permitted to continue executing on the device without the requested resource.
-
Citations
31 Claims
-
1. A device comprising:
-
one or more processing units; a memory, coupled to at least one of the one or more processing units, the memory storing; an operating system having an application installation module, wherein the application installation module comprises instructions for forming a catalog of the resources requested by a first application thereby installing the first application on the device; a permissions application, the permissions application having electronic access to an information store that comprises a plurality of permissions, each permission in the plurality of permissions associated with a corresponding resource in a plurality of resources associated with the device, wherein the information store specifies, for each respective resource in the plurality of resources of the device, which applications in a plurality of applications have run-time access permission to use the respective resource, the plurality of applications including the first application; the memory further comprising instructions that are executed by at least one of the one or more processing units, the instructions comprising instructions for; (A) executing the first application on the device; (B) receiving a request for a resource in the catalog of resources from the first application while the first application is executing on the device; and (C) using, responsive to the request, the permissions application and the information store to determine whether the first application has a run-time access permission to use the resource, wherein, when the first application has the run-time access permission to use the resource, the first application is granted run-time access to the resource; and when the first application does not have the run-time access permission to use the resource, the first application is not granted run-time access to the resource and the first application is permitted to continue to execute on the device without run-time access to the requested resource. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A central device comprising:
-
one or more processing units; a memory, coupled to at least one of the one or more processing units, the memory storing; a permissions management module, the permissions management module having electronic access to a plurality of information stores, each respective information store in the plurality of information stores corresponding to a remote device in a plurality of remote devices, each respective information store in the plurality of information stores comprising a corresponding plurality of permissions associated with the corresponding remote device, each permission in the corresponding plurality of permissions associated with a corresponding resource in a plurality of resources associated with the corresponding remote device, wherein the respective information store specifies, for each respective resource in the corresponding plurality of resources, which applications in a plurality of applications installed on the corresponding remote device have run-time access permission to use the respective resource; the memory further comprising instructions that are executed by at least one of the one or more processing units, the instructions comprising instructions for; (A) establishing an electronic communication with a first remote device in the plurality of remote devices; and (B) making electronically available all or a portion of the information store in the plurality of information stores that is associated with the first remote device to the first remote device so that, when a first application is run on the first remote device, the information store enforces a run-time permissions policy that determines which resources on the first remote device may be accessed by the first application at run-time and permits the first application to continue running when the first application is denied a first resource on the basis that the run-time permissions policy did not grant the first application run-time permission to use the first resource. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
(A) forming a catalog of resources requested by a first application thereby installing the first application on a device; (B) installing a permissions application on the device, the permissions application having electronic access to an information store that comprises a plurality of permissions, each permission in the plurality of permissions associated with a corresponding resource in a plurality of resources associated with the device, wherein the information store specifies, for each respective resource in the plurality of resources, which applications in a plurality of applications installed on the device have run-time access permission to use the respective resource, the plurality of applications including the first application; (C) executing the first application on the device; (D) receiving a request for a resource in the catalog of resources from the first application while the first application is executing on the device; and (E) using, responsive to the request, the permissions application and the information store to determine whether the first application has a run-time access permission to use the resource, wherein, when the first application has the run-time access permission to use the resource, the first application is granted run-time access to the resource; and when the first application does not have the run-time access permission to use the resource, the first application is not granted run-time access to the resource and the first application is permitted to continue to execute on the device without run-time access to the requested resource. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A method comprising:
-
(A) installing a permissions management module on a central device, the permissions management module having electronic access to a plurality of information stores, each respective information store in the plurality of information stores corresponding to a remote device in a plurality of remote devices, each respective information store in the plurality of information stores comprising a corresponding plurality of permissions associated with the remote device corresponding to the respective information store, each permission in the corresponding plurality of permissions associated with a corresponding resource in a plurality of resources associated with the remote device corresponding to the respective information store, wherein the respective information store specifies, for each respective resource in the corresponding plurality of resources, which applications in a plurality of applications installed on the remote device corresponding to the respective information store have run-time access permission to use the respective resource; (B) establishing an electronic communication with a first remote device in the plurality of remote devices; and (C) making electronically available all or a portion of the information store in the plurality of information stores that is associated with the first remote device to the first remote device so that, when a first application is run on the first remote device, a run-time permissions policy is enforced, the run-time permissions policy determining which resources on the first remote device may be accessed by the first application at run-time and permits the first application to continue running when the first application is denied a resource on the basis that the run-time permissions policy did not grant the first application run-time permission to the resource. - View Dependent Claims (28, 29, 30, 31)
-
Specification