PERMISSION-BASED ADMINISTRATIVE CONTROLS

US 20120291102A1
Filed: 05/20/2011
Published: 11/15/2012
Est. Priority Date: 05/09/2011
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission;

generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission;

receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission;

determining, by the security application, that the installed application is identified in the whitelist for the permission; and

allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing permission-based administrative controls. In one aspect, a method includes receiving an administrator-defined pairing that identifies a permission and one or more applications, and receiving a request from a requesting application to perform one or more operations that are associated with the permission. The method also includes determining whether the requesting application is identified in the pairing, and selectively allowing the requesting application to perform the operations based on determining whether the requesting application is identified in the pairing.

223 Citations

51 Claims

1. A computer-implemented method comprising:
- receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission;
  
  generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission;
  
  receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission;
  
  determining, by the security application, that the installed application is identified in the whitelist for the permission; and
  
  allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist.
- View Dependent Claims (5, 6, 7, 8, 9, 30, 47)
- - 5. The method of claim 1, wherein one or more of the operations that are associated with the permission comprises an operation to access a particular process on the mobile device, an operation to access particular functionality of the mobile device, or an operation to access particular data stored on the mobile device.
  - 6. The method of claim 1, wherein the pairing is received over the network from a corporate information technology (IT) server.
  - 7. The method of claim 1, wherein the pairing is received from a vendor associated with the requesting application.
  - 8. The method of claim 1, wherein the pairing identifies the one or more applications by package name, application type, cryptographic signature, vendor name, or market-provided certification indicia.
  - 9. The method of claim 1, wherein the whitelist for the permission is generated in part using crowdsourced data.
  - 30. The method of claim 1, wherein the pairing further identifies a particular user from a group of users that shares the mobile device that is authorized to perform the one or more operations that are associated with the permission.
  - 47. The method of claim 1, comprising after receiving the pairing that identifies the permission, installing one or more applications that are not authorized to perform the one or more operations that are associated with the permission.

2-4. -4. (canceled)

10-29. -29. (canceled)

31. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission;
  
  generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission;
  
  receiving, by the security app cation and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission;
  
  determining, by the security application, that the installed application is identified in the whitelist for the permission; and
  
  allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The system of claim 31, wherein one or more of the operations that are associated with the permission comprises an operation to access a particular process on the mobile device, an operation to access particular functionality of the mobile device, or an operation to access particular data stored on the mobile device.
  - 33. The system of claim 31, wherein the pairing is received over the network from a corporate information technology (IT) server.
  - 34. The system of claim 31, wherein the pairing is received from a vendor associated with the requesting application.
  - 35. The system of claim 31, wherein the pairing identifies the one or more applications by package name, application type, cryptographic signature, vendor name, or market-provided certification indicia.
  - 36. The system of claim 31, wherein the whitelist for the permission is generated in part using crowdsourced data.
  - 37. The system of claim 31, wherein the pairing further identifies a particular user from a group of users that shares the mobile device that is authorized to perform the one or more operations that are associated with the permission.

38. A computer-readable storage device storing software comprising instructions executable by one or more computers which, upon such execution, cause the one or more computers to perform operations comprising:
- receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are authorized to perform one or more operations that are associated with the permission;
  
  generating or updating, by the security application, a whitelist for the permission based on the pairing, wherein the whitelist for the permission identifies the one or more applications as applications that are authorized to perform the one or more operations that are associated with the permission;
  
  receiving, by the security application and during runtime of an application installed on the mobile device, a request from the application to perform the one or more operations that are associated with the permission;
  
  determining, by the security application, that the installed application is identified in the whitelist for the permission; and
  
  allowing, by the security application, the installed application to perform the one or more operations that are associated with the permission based on determining that the installed application is identified in the whitelist.
- View Dependent Claims (49)
- - 49. The computer-readable storage device of claim 38, the operations comprising after receiving the pairing that identifies the permission, installing one or more applications that are not authorized to perform the one or more operations that are associated with the permission.

39. A computer-implemented method comprising:
- receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are not authorized to perform one or more operations that are associated with the permission;
  
  generating or updating, by the security application, a blacklist for the permission based on the pairing, wherein the blacklist for the permission identifies the one or more applications as applications that are not authorized to perform the one or more operations that are associated with the permission;
  
  receiving, by the security application and during runtime of an application installed on the mobile device, a request from the installed application to perform the one or more operations that are associated with the permission;
  
  determining, by the security application, that the installed application is identified in the blacklist for the permission; and
  
  preventing, by the security application, the installed application from performing the one or more operations that are associated with the permission based on determining that the installed application is identified in the blacklist.
- View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 50)
- - 40. The method of claim 39, wherein one or more of the operations that are associated with the permission comprises an operation to access a particular process on the mobile device, an operation to access particular functionality of the mobile device, or an operation to access particular data stored on the mobile device.
  - 41. The method of claim 39, wherein the pairing is received over the network from a corporate information technology (IT) server.
  - 42. The method of claim 39, wherein the pairing is received from a vendor associated with the requesting application.
  - 43. The method of claim 39, wherein the pairing identifies the one or more applications by package name, application type, cryptographic signature, vendor name, or market-provided certification indicia.
  - 44. The method of claim 39, wherein the blacklist for the permission is generated in part using crowdsourced data.
  - 45. The method of claim 39, wherein denying the requesting application to perform the one or more operations that are associated with the permission comprises uninstalling the requesting application based on determining that the requesting application is identified in the blacklist.
  - 46. The method of claim 39, wherein the pairing further identifies a particular user from a group of users that shares the mobile device that is not authorized to perform the one or more operations that are associated with the permission.
  - 50. The method of claim 39, comprising after receiving the pairing that identifies the permission, installing one or more applications that are not authorized to perform the one or more operations that are associated with the permission.

48. The system of 31, the operations comprising after receiving the pairing that identifies the permission, installing one or more applications that are not authorized to perform the one or more operations that are associated with the permission.

51. A system comprising:
- one or more computers and one or more storage devices storing instructions that are operable, when executed by the one or more computers, to cause the one or more computers to perform operations comprising;
  
  receiving, from over a network and by a security application on a mobile device, a pairing that identifies a permission predefined in a permission manifest that is specified by an operating system of the mobile device, and one or more applications that are not authorized to perform one or more operations that are associated with the permission;
  
  generating or updating, by the security application, a blacklist for the permission based on the pairing, wherein the blacklist for the permission identifies the one or more applications as applications that are not authorized to perform the one or more operations that are associated with the permission;
  
  receiving, by the security application and during runtime of an application installed on the mobile device, a request from the installed application to perform the one or more operations that are associated with the permission;
  
  determining, by the security application, that the installed application is identified in the blacklist for the permission; and
  
  preventing, by the security application, the installed application from performing the one or more operations that are associated with the permission based on determining that the installed application is identified in the blacklist.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google Inc. (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Cohen, Gabriel A.

Application Number

US13/112,097
Publication Number

US 20120291102A1
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

G06F 21/629 to features or functions of...

PERMISSION-BASED ADMINISTRATIVE CONTROLS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

223 Citations

51 Claims

Specification

Solutions

Use Cases

Quick Links

PERMISSION-BASED ADMINISTRATIVE CONTROLS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

223 Citations

51 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links