POLICY CONFIGURATION FOR MOBILE DEVICE APPLICATIONS

US 20130054962A1
Filed: 08/31/2011
Published: 02/28/2013
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining, using a processor, whether a digital certificate associated with an application executable on a mobile device has been signed by a first trusted certificate authority, the first trusted certificate authority being included in a list of trusted certificate authorities hard-coded in the mobile device; and

when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application for execution on the mobile device based on an access privilege indicating a physical interface of the mobile device the application is permitted to access, and execution configuration information associated with the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, articles of manufacture, and apparatus to perform policy configuration for mobile device applications are disclosed. A disclosed example method includes determining whether a digital certificate associated with a application executable on a mobile device has been signed by a first trusted certificate authority, the first trusted certificate authority being included in a list of trusted certificate authorities hard-coded in the mobile device, and when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application for execution on the mobile device based on an access privilege indicating a physical interface of the mobile device the application is permitted to access, and execution configuration information associated with the application.

203 Citations

20 Claims

1. A method comprising:
- determining, using a processor, whether a digital certificate associated with an application executable on a mobile device has been signed by a first trusted certificate authority, the first trusted certificate authority being included in a list of trusted certificate authorities hard-coded in the mobile device; and
  
  when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application for execution on the mobile device based on an access privilege indicating a physical interface of the mobile device the application is permitted to access, and execution configuration information associated with the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A method as defined in claim 1 wherein the access privilege and the execution configuration information associated with the application are hard-coded in the mobile device.
  - 3. A method as defined in claim 1 wherein the access privilege and the execution configuration information associated with the application are updateable via a network in communication with the mobile device if the access privilege and the execution configuration information are signed by the first trusted certificate authority.
  - 4. A method as defined in claim 1 wherein the execution configuration information includes data to at least one or activate a portion of the application, deactivate a portion of the application or change a behavior of the application.
  - 5. A method as defined in claim 1 further comprising, when the digital certificate is determined to not have been signed by any trusted certificate authority included in the list of trusted certificate authorities, determining that the application is untrusted.
  - 6. A method as defined in claim 1 wherein the access privilege indicates whether the application is permitted to access a network interface of the mobile device, whether the application is permitted to access a microphone interface of the mobile device, and whether the application is permitted to access a camera interface of the mobile device.
  - 7. A method as defined in claim 1 further comprising, when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application for execution on the mobile device based on the access privilege, the execution configuration information, and an execution privilege to indicate whether the application is permitted to be executed on the mobile device.
  - 8. A method as defined in claim 7 wherein the list of trusted certificate authorities includes the first trusted certificate authority and a second trusted certificate authority, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the access privilege of the application.

9. A tangible article of manufacture storing machine readable instructions that, when executed, cause a machine to:
- determine whether a digital certificate associated with a application executable on a mobile device has been signed by a first trusted certificate authority, the first trusted certificate authority being included in a list of trusted certificate authorities hard-coded in the mobile device; and
  
  when the digital certificate is determined to have been signed by the first trusted certificate authority, configure the application for execution on the mobile device based on an access privilege indicating a physical interface of the mobile device the application is permitted to access, and execution configuration information associated with the application.
- View Dependent Claims (10, 11, 12, 13)
- - 10. A tangible article of manufacture as defined in claim 9 wherein the access privilege and the execution configuration information associated with the application are hard-coded in the mobile device.
  - 11. A tangible article of manufacture as defined in claim 9 wherein the access privilege and the execution configuration information associated with the application are updateable via a network in communication with the mobile device if the access privilege and the execution configuration information are signed by the first trusted certificate authority.
  - 12. A tangible article of manufacture as defined in claim 9 wherein the machine readable instructions, when executed, further cause the machine to, when the digital certificate is determined to not have been signed by any trusted certificate authority included in the list of trusted certificate authorities, determine that the application is untrusted.
  - 13. A tangible article of manufacture as defined in claim 9 wherein, when the digital certificate is determined to have been signed by the first trusted certificate authority, the machine readable instructions, when executed, further cause the machine to configure the application for execution on the mobile device based on the access privilege, the execution configuration information, and an execution privilege to indicate whether the application is permitted to be executed on the mobile device, the list of trusted certificate authorities includes the first trusted certificate authority and a second trusted certificate authority, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the access privilege of the application.

14. A mobile device comprising:
- a set of physical interfaces;
  
  a policy engine to determine from a digital certificate a set of access privileges that indicate which of the set of physical interfaces of the mobile device an application executing on the mobile device is permitted to access, the policy engine to have access to a list of trusted certificate authorities authorized to sign digital certificates associated with applications executing on the mobile device; and
  
  a removable memory device to store a first trusted certificate authority for inclusion in the list of trusted certificate authorities.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A mobile device as defined in claim 14 wherein the policy engine is to:
    - determine whether the digital certificate is associated with any trusted certificate authority included in the list of trusted certificate authorities; and
      
      if the digital certificate is associated with any trusted certificate authority included in the list of trusted certificate authorities, process the digital certificate to determine the set of access privileges for the application.
  - 16. A mobile device as defined in claim 15 wherein the policy engine is further to, if the digital certificate is not associated with any trusted certificate authority included in the list of trusted certificate authorities, determine that the application is untrusted.
  - 17. A mobile device as defined in claim 14 wherein the set of access privileges indicates at least one of whether the application is permitted to access a network interface of the mobile device, whether the application is permitted to access a microphone interface of the mobile device, or whether the application is permitted to access a camera interface of the mobile device.
  - 18. A mobile device as defined in claim 14 wherein the removable memory device is to store a second trusted certificate authority for inclusion in the list of trusted certificate authorities.
  - 19. A mobile device as defined in claim 18 wherein the digital certificate further includes an execution privilege to indicate whether the application is permitted to be executed on the mobile device, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the set of access privileges of the application.
  - 20. A mobile device as defined in claim 14 wherein the removable memory device comprises at least one of a subscriber identity module card, a universal integrated circuit card or a removable user identity module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chawla, Deepak, Muller, Urs A.

Granted Patent

US 8,898,459 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/156
CPC Class Codes

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/80   Wireless network architectu...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

POLICY CONFIGURATION FOR MOBILE DEVICE APPLICATIONS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

203 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

POLICY CONFIGURATION FOR MOBILE DEVICE APPLICATIONS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

203 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links