Protecting Data From Unauthorized Access

US 20170012982A1
Filed: 07/10/2015
Published: 01/12/2017
Est. Priority Date: 07/10/2015
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method, comprising:

identifying, by a computing system, that an application program does not have permission to access a first type of data that is provided by a first application program;

identifying, by the computing system, that a second application program has permission to access the first type of data that is provided by the first application program, wherein the second application program provides a second type of data and is able to modify the second type of data to include the first type of data;

identifying, by the computing system, that the application program has permission to access the second type of data that is provided by the second application program;

determining, by the computing system, that the second type of data that is provided by the application program and that the application program has permission to access, includes the first type of data; and

performing, by the computing system as a result of having determined that the second type of data includes the first type of data, an action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program, without user authorization.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, the subject matter described in this disclosure can be embodied in methods, systems, and program products for identifying that an application program does not have permission to access a first type of data that is provided by a first application program. A computing system identifies that a second application program has permission to access the first type of data. The second application program provides a second type of data and is able to modify the second type of data to include the first type of data. The computing system identifies that the application program has permission to access the second type of data. The computing system determines that the second type of data includes the first type of data. The computing system performs an action to prevent the first type of data from being provided from the second application program to the application program without user authorization.

Citations

20 Claims

1. A computer-implemented method, comprising:
- identifying, by a computing system, that an application program does not have permission to access a first type of data that is provided by a first application program;
  
  identifying, by the computing system, that a second application program has permission to access the first type of data that is provided by the first application program, wherein the second application program provides a second type of data and is able to modify the second type of data to include the first type of data;
  
  identifying, by the computing system, that the application program has permission to access the second type of data that is provided by the second application program;
  
  determining, by the computing system, that the second type of data that is provided by the application program and that the application program has permission to access, includes the first type of data; and
  
  performing, by the computing system as a result of having determined that the second type of data includes the first type of data, an action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program, without user authorization.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, further comprising:
    - providing, by the computing system, a user interface with which user input is able to specify whether the application program is to have permission to access the first type of data; and
      
      receiving, by the computing system, user input that specifies that the application program is to not have permission to access the first type of data.
  - 3. The computer-implemented method of claim 2, further comprising:
    - providing, by the computing system, a second user interface with which user input is able to specify whether the second application program is to have permission to access the first type of data; and
      
      receiving, by the computing system, user input that specifies that the second application program is to have permission to access the first type of data.
  - 4. The computer-implemented method of claim 1, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - preventing, by the computing system, the application program from receiving the second type of data that includes the first type of data from the second application program.
  - 5. The computer-implemented method of claim 1, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - removing, by the computing system, the first type of data from the second type of data; and
      
      providing, by the computing system, the second type of data from the second application program to the application program with the first type of data removed.
  - 6. The computer-implemented method of claim 1, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - providing, by the computing system, a user interface that indicates that the second type of data that is provided by the second application program includes the first type of data; and
      
      receiving, by the computing system, user input that specifies whether the second type of data is to be provided from the second application program to the application program despite the second type of data including the first type of data.
  - 7. The computer-implemented method of claim 1, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - replacing, by the computing system, the first type of data with an identifier that is not of the first type of data and from which the computing system is able to later access the first type of data in response to user input that indicates that the application program has permission to access the first type of data.
  - 8. The computer-implemented method of claim 1, further comprising:
    - receiving, by the computing system, user input that specifies that the application program is to have permission to access the first type of data; and
      
      permitting, by the computing system as a result of having identified that the application program has permission to access the first type of data, the second type of data to be provided from the second application program to the application program without user authorization, other than the user input that specifies that the application program is to have the permission to access the first type of data.
  - 9. The computer-implemented method of claim 1, wherein:
    - the first type of data is geographical location data and the second type of data is a picture or video.
  - 10. The computer-implemented method of claim 1, wherein:
    - the first type of data is a time of day that a file was generated and the second type of data is the file;
      
      the first type of data is an author of a document and the second type of data is the document;
      
      orthe first type of data is a geographical location and the second type of data is calendar event information.

11. One or more computer-readable devices including instructions that, when executed by one or more processors, cause performance of operations that include:
- identifying, by a computing system, that an application program does not have permission to access a first type of data that is provided by a first application program;
  
  identifying, by the computing system, that a second application program has permission to access the first type of data that is provided by the first application program, wherein the second application program provides a second type of data and is able to modify the second type of data to include the first type of data;
  
  identifying, by the computing system, that the application program has permission to access the second type of data that is provided by the second application program;
  
  determining, by the computing system, that the second type of data that is provided by the application program and that the application program has permission to access, includes the first type of data; and
  
  performing, by the computing system as a result of having determined that the second type of data includes the first type of data, an action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program, without user authorization.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The one or more computer-readable devices of claim 11, wherein the operations further comprise:
    - providing, by the computing system, a user interface with which user input is able to specify whether the application program is to have permission to access the first type of data; and
      
      receiving, by the computing system, user input that specifies that the application program is to not have permission to access the first type of data.
  - 13. The one or more computer-readable devices of claim 12, wherein the operations further comprise:
    - providing, by the computing system, a second user interface with which user input is able to specify whether the second application program is to have permission to access the first type of data; and
      
      receiving, by the computing system, user input that specifies that the second application program is to have permission to access the first type of data.
  - 14. The one or more computer-readable devices of claim 11, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - preventing, by the computing system, the application program from receiving the second type of data that includes the first type of data from the second application program.
  - 15. The one or more computer-readable devices of claim 11, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - removing, by the computing system, the first type of data from the second type of data; and
      
      providing, by the computing system, the second type of data from the second application program to the application program with the first type of data removed.
  - 16. The one or more computer-readable devices of claim 11, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - providing, by the computing system, a user interface that indicates that the second type of data that is provided by the second application program includes the first type of data; and
      
      receiving, by the computing system, user input that specifies whether the second type of data is to be provided from the second application program to the application program despite the second type of data including the first type of data.
  - 17. The one or more computer-readable devices of claim 11, wherein performing the action to prevent the first type of data from being provided, in the second type of data, from the second application program to the application program without user authorization includes:
    - replacing, by the computing system, the first type of data with an identifier that is not of the first type of data and from which the computing system is able to later access the first type of data in response to user input that indicates that the application program has permission to access the first type of data.
  - 18. The one or more computer-readable devices of claim 11, wherein the operations further comprise:
    - receiving, by the computing system, user input that specifies that the application program is to have permission to access the first type of data; and
      
      permitting, by the computing system as a result of having identified that the application program has permission to access the first type of data, the second type of data to be provided from the second application program to the application program without user authorization, other than the user input that specifies that the application program is to have the permission to access the first type of data.
  - 19. The one or more computer-readable devices of claim 11, wherein:
    - the first type of data is geographical location data and the second type of data is a picture or video.
  - 20. The one or more computer-readable devices of claim 11, wherein:
    - the first type of data is a time of day that a file was generated and the second type of data is the file;
      
      the first type of data is an author of a document and the second type of data is the document;
      
      orthe first type of data is a geographical location and the second type of data is calendar event information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Carter, Bernadette Alexia

Application Number

US14/795,960
Publication Number

US 20170012982A1
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/556   involving covert channels, ...

G06F 21/604   Tools and structures for ma...

G06F 21/6227   where protection concerns t...

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/6281   at program execution time, ...

G06F 9/54   Interprogram communication

H04L 63/102   Entity profiles

H04W 12/08   Access security

Protecting Data From Unauthorized Access

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Protecting Data From Unauthorized Access

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links