SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS

US 20140359729A1
Filed: 08/22/2014
Published: 12/04/2014
Est. Priority Date: 12/08/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus to authorize an application, comprising:

an address trust manager to obtain a first network address having a request for address authentication from a first entity, the first network address including a second network address associated with a second entity to execute the application;

an address associator to compare the first network address to a trusted address database to determine whether the first network address is trusted;

anda shadow environment communicator to generate a signed message based on the comparison of the trusted address database, the address trust manager to;

transmit the signed message to the second entity via the first network, the signed message to be transmitted with an indication of authorization in response to a match in the trusted address database;

andtransmit the signed message to the second entity via the first network, the signed message to be transmitted with an indication of non-authorization in response to a lack of a match in the trusted address database.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are disclosed to apply permissions to applications. A disclosed example apparatus includes an address trust manager to obtain a first network address having a request for address authentication from a first entity, the first network address having a second network address associated with a second entity to execute the application, an address associator to compare the first network address to a trusted address database to determine whether the first network address is trusted, and a shadow environment communicator to generate a signed message based on the comparison of the trusted address database, the address trust manager to transmit the signed message to the second entity with an indication of authorization via the first network address in response to a match in the trusted address database, and transmit the signed message to the second entity with an indication of non-authorization via the first network address in response to a lack of a match in the trusted address database.

Citations

28 Claims

1. An apparatus to authorize an application, comprising:
- an address trust manager to obtain a first network address having a request for address authentication from a first entity, the first network address including a second network address associated with a second entity to execute the application;
  
  an address associator to compare the first network address to a trusted address database to determine whether the first network address is trusted;
  
  anda shadow environment communicator to generate a signed message based on the comparison of the trusted address database, the address trust manager to;
  
  transmit the signed message to the second entity via the first network, the signed message to be transmitted with an indication of authorization in response to a match in the trusted address database;
  
  andtransmit the signed message to the second entity via the first network, the signed message to be transmitted with an indication of non-authorization in response to a lack of a match in the trusted address database.
- View Dependent Claims (2, 3, 4, 7, 8, 9, 10)
- - 2. An apparatus as defined in claim 1, wherein the shadow environment communicator is to send a third network address via the first network address, the third network address to facilitate a bypass of the first entity when communicating with the second entity.
  - 3. An apparatus as defined in claim 1, wherein the shadow environment communicator is to send the signed message to the second entity to deconstruct a shadow environment on the second entity when the address associator does not find the match in the trusted address database, the deconstruction of the shadow environment to prevent the application from executing on the second entity.
  - 4. An apparatus as defined in claim 3, wherein the shadow environment is to permit execution of the application on the second entity using virtual resources.
  - 7. An apparatus as defined in claim 1, further comprising a mirror host request monitor to identify whether the application was downloaded from the first entity at a first time or a second time.
  - 8. An apparatus as defined in claim 7, wherein the first entity is deemed trusted at the first time and the first entity is deemed untrusted at the second time.
  - 9. An apparatus as defined in claim 8, wherein the shadow environment communicator is to generate the signed message with the indication of authorization if the application is downloaded from the first entity at the first time, the first time indicative of the first entity being trusted.
  - 10. An apparatus as defined in claim 8, wherein the shadow environment communicator is to generate the signed message with the indication of non-authorization if the application is downloaded from the first entity at the second time, the second time indicative of the first entity being untrusted.

5. (canceled)

6. (canceled)

11. A method to authorize an application, comprising:
- obtaining, with a processor, a first network address having a request for address authentication from a first entity, the first network address including a second network address associated with a second entity to execute the application;
  
  comparing the first network address to addresses in a trusted address database to determine whether the first address is trusted;
  
  generating a signed message;
  
  transmitting the signed message to the second entity with an indication of authorization via the first network address in response to a match between the first network address and an address in the trusted address database; and
  
  transmitting the signed message to the second entity with an indication of non-authorization via the first network address in response to a lack of a match between the first network address and an address in the trusted address database.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. A method as defined in claim 11, wherein the first entity comprises a third party mirror host to provide the application to the second entity.
  - 16. A method as defined in claim 11, wherein the second entity comprises a host computer.
  - 17. A method as defined in claim 11, further comprising identifying whether the application was downloaded from the first entity at a first time or a second time.
  - 18. A method as defined in claim 17, wherein the first entity is deemed trusted at the first time and the first entity is deemed untrusted at the second time.
  - 19. A method as defined in claim 18, further comprising generating the signed message with the indication of authorization if the application was downloaded from the first entity at the first time, the first time indicative of the first entity being trusted.
  - 20. A method as defined in claim 18, further comprising generating the signed message with the indication of non-authorization if the application was downloaded from the first entity at the second time, the second time indicative of the first entity being untrusted.

12. (canceled)

13. (canceled)

14. (canceled)

21. A computer-readable storage device comprising instructions that, when executed, cause a machine to perform operations comprising:
- accessing a first network address having a request for address authentication from a first entity, the first network address having a second network address associated with a second entity to execute the application;
  
  comparing the first network address to a trusted address database to determine whether the first address is trusted;
  
  generating a signed message based on the comparison of the trusted address database;
  
  transmitting the signed message to the second entity via the first network address, the signed message to be transmitted with an indication of authorization in response to a match in the trusted address database; and
  
  transmitting the signed message to the second entity via the first network address, the signed message to be transmitted with an indication of non-authorization in response to a lack of a match in the trusted address database.
- View Dependent Claims (23, 24, 25, 26)
- - 23. A computer-readable storage device as defined in claim 21 having instructions stored thereon that, when executed, cause a machine to send the signed message to the second entity to deconstruct a shadow environment on the second entity when the match is not found in the trusted address database, the deconstruction of the shadow environment to prevent the application from executing on the second entity.
  - 24. A computer-readable storage device as defined in claim 23 having instructions stored thereon that, when executed, cause a machine to permit the shadow environment to execute the application on the second entity using virtual resources.
  - 25. A computer-readable storage device as defined in claim 21 having instructions stored thereon that, when executed, cause a machine to identify whether the application was downloaded from the first entity at a first time or a second time.
  - 26. A computer-readable storage device as defined in claim 25 having instructions stored thereon that, when executed, cause a machine to determine the first entity as trusted at the first time and determine the first entity is untrusted at the second time.

22. (canceled)

27. (canceled)

28. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Kreiner, Barrett, Reeves, Jonathan, Schaub, Ryan

Granted Patent

US 9,413,742 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/5
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2105   Dual mode as a secondary as...

H04L 2463/103   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/34   involving the movement of s...

SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS, METHODS AND APPARATUS TO APPLY PERMISSIONS TO APPLICATIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links