PERMISSION-BASED ADMINISTRATIVE CONTROLS
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission;
generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission;
receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission;
determining, by the security application, that the installed application is identified in the whitelist for the permission; and
allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing.
223 Citations
51 Claims
-
1. A computer-implemented method comprising:
-
receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission; generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission; receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission; determining, by the security application, that the installed application is identified in the whitelist for the permission; and allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist. - View Dependent Claims (5, 6, 7, 8, 9, 30, 47)
-
-
2-4. -4. (canceled)
-
10-29. -29. (canceled)
-
31. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission; generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission; receiving, by the security app cation and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission; determining, by the security application, that the installed application is identified in the whitelist for the permission; and allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
38. A computer-readable storage device storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
-
receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission; generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission; receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission; determining, by the security application, that the installed application is identified in the whitelist for the permission; and allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist. - View Dependent Claims (49)
-
-
39. A computer-implemented method comprising:
-
receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are not authorized to perform one or more operations that are associated with the permission; generating or updating, by the security application, a blacklist for the permission based on the pairing, wherein the blacklist for the permission identifies the one or more applications as applications that are not authorized to perform the one or more operations that are associated with the permission; receiving, by the security application and during runtime of an application installed on the mobile device, a request from the installed application to perform the one or more operations that are associated with the permission; determining, by the security application, that the installed application is identified in the blacklist for the permission; and preventing, by the security application, the installed application from performing the one or more operations that are associated with the permission based on determining that the installed application is identified in the blacklist. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 50)
-
-
48. The system of 31, the operations comprising after receiving the pairing that identifies the permission, installing one or more applications that are not authorized to perform the one or more operations that are associated with the permission.
-
51. A system comprising:
one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising; receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are not authorized to perform one or more operations that are associated with the permission; generating or updating, by the security application, a blacklist for the permission based on the pairing, wherein the blacklist for the permission identifies the one or more applications as applications that are not authorized to perform the one or more operations that are associated with the permission; receiving, by the security application and during runtime of an application installed on the mobile device, a request from the installed application to perform the one or more operations that are associated with the permission; determining, by the security application, that the installed application is identified in the blacklist for the permission; and preventing, by the security application, the installed application from performing the one or more operations that are associated with the permission based on determining that the installed application is identified in the blacklist.
Specification