TRUST POLICY FOR TELECOMMUNICATIONS DEVICE

US 20190268380A1
Filed: 05/09/2019
Published: 08/29/2019
Est. Priority Date: 07/08/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

detecting, by a telecommunication device, an attempt to access an input/output (I/O) component of the telecommunication device by an application on the telecommunication device;

determining, by the telecommunication device, that a registered permission of an operating system of the telecommunication device indicates that the application has the operating system'"'"'s permission to access the I/O component of the telecommunication device;

determining, by the telecommunication device, that a trust policy conflicts with the registered permission by denying access to the I/O component to the application; and

preventing, by the telecommunication device, the application from sending data to or receiving data from the I/O component in response to the attempt, based on the determining that the trust policy conflicts with the registered permission.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and processes that may be implemented to manage access by software applications to various resources of a user telecommunications device are disclosed. The systems and processes may implement a trust policy which reflects privacy criteria selected by a user of the user telecommunications device, wherein the trust policy overrides registered permissions of the software applications. The user telecommunication device may include a memory that stores a software application has been granted registered permissions to access a input and/or output component of the user telecommunications device as well as a trust policy has been set by the user to proscribe access by that particular software application to the input and/or output component. In implementing the trust policy, the software application may be prevented from accessing the input and/or output component notwithstanding the software application having registered permissions to access the input and/or output component.

Citations

20 Claims

1. A method comprising:
- detecting, by a telecommunication device, an attempt to access an input/output (I/O) component of the telecommunication device by an application on the telecommunication device;
  
  determining, by the telecommunication device, that a registered permission of an operating system of the telecommunication device indicates that the application has the operating system'"'"'s permission to access the I/O component of the telecommunication device;
  
  determining, by the telecommunication device, that a trust policy conflicts with the registered permission by denying access to the I/O component to the application; and
  
  preventing, by the telecommunication device, the application from sending data to or receiving data from the I/O component in response to the attempt, based on the determining that the trust policy conflicts with the registered permission.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the trust policy reflects privacy criteria selected by a user through a user interface.
  - 3. The method of claim 2, wherein the user interface is configured to allow the user to select different privacy criteria for at least one of different applications or different telecommunication devices associated with the user.
  - 4. The method of claim 1, wherein the trust policy is based at least in part on malicious application data stored at a policy server.
  - 5. The method of claim 1, wherein the telecommunication device receives the trust policy from a policy server.
  - 6. The method of claim 1, wherein the attempt is an application programming interface (API) call from the application to a driver for the I/O component.
  - 7. The method of claim 1, further comprising displaying, by the telecommunication device, a notification indicating that the application is being prevented from sending data to or receiving data from the I/O component based on the determining that the trust policy conflicts with the registered permission.
  - 8. The method of claim 7, wherein the notification includes one or more selectable options for confirming or modifying the trust policy.
  - 9. The method of claim 1, wherein the registered permission was created during installation of the application.
  - 10. The method of claim 1, wherein the detecting the attempt, the determining that the trust policy conflicts with the registered permission, and the preventing the application from sending data to or receiving data from the I/O component is performed by a secure operating system of the telecommunication device that is partitioned from the operating system.
  - 11. The method of claim 1, wherein the trust policy conditionally denies access to the I/O component to the application based on at least one of temporal or geographical criteria.

12. A telecommunication device, comprising:
- one or more processors;
  
  an input/output (I/O) component;
  
  memory storing computer-executable instructions that, when executed by the one or more processors, cause the telecommunication device to;
  
  detect an attempt to access the I/O component by an application on the telecommunication device;
  
  determine that a registered permission of an operating system of the telecommunication device indicates that the application has the operating system'"'"'s permission to access the I/O component;
  
  determine that a trust policy conflicts with the registered permission by denying access to the I/O component to the application; and
  
  prevent the application from sending data to or receiving data from the I/O component in response to the attempt, based on determining that the trust policy conflicts with the registered permission.
- View Dependent Claims (13, 14, 15)
- - 13. The telecommunication device of claim 12, wherein the trust policy reflects privacy criteria selected by a user through a user interface.
  - 14. The telecommunication device of claim 12, wherein the telecommunication device receives the trust policy from a policy server.
  - 15. The telecommunication device of claim 12, wherein the memory stores a secure operating system partitioned from the operating system, and the secure operating system includes the computer-executable instructions that cause the telecommunication device to detect the attempt, determine that the trust policy conflicts with the registered permission, and prevent the application from sending data to or receiving data from the I/O component.

16. A method comprising:
- detecting, by a secure operating system of a telecommunication device that is partitioned from a normal operating system of the telecommunication device, an attempt to access an input/output (I/O) component of the telecommunication device by an application on the telecommunication device;
  
  determining, by the secure operating system, that a trust policy does not grant access to the I/O component to the application, wherein the trust policy overrides registered permissions for the application in the normal operating system; and
  
  preventing, by the secure operating system, the application from sending data to or receiving data from the I/O component in response to the attempt, based on determining that the trust policy does not grant access to the I/O component to the application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The method of claim 16, wherein the trust policy reflects privacy criteria selected by a user through a user interface.
  - 18. The method of claim 16, wherein the trust policy is based at least in part on malicious application data stored at a policy server.
  - 19. The method of claim 16, wherein the secure operating system detects the attempt based at least in part on receiving an application programming interface (API) call from the application to a driver for the I/O component.
  - 20. The method of claim 19, wherein the secure operating system prevents the application from sending data to or receiving data from the I/O component by preventing the application from accessing the driver for the I/O component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Original Assignee
T-Mobile USA, Inc. (Deutsche Telekom AG)
Inventors
Obaidi, Ahmad Arash, Yocam, Eric W.

Granted Patent

US 10,880,333 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/102   Entity profiles

H04L 63/20   for managing network securi...

H04W 12/084   using delegated authorisati...

TRUST POLICY FOR TELECOMMUNICATIONS DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TRUST POLICY FOR TELECOMMUNICATIONS DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links