System and method of operation control on an electronic device

US 7,546,956 B2
Filed: 04/29/2005
Issued: 06/16/2009
Est. Priority Date: 04/30/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method of application control for use on an electronic device, the method comprising:

receiving an operation request from an application;

determining whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;

wherein the authorization record and the application identifier are provided by an external source for storage on the electronic device;

allowing the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;

storing source authentication information onto the device; and

using the source authentication information to prevent any party other than the external source from altering the stored authorization record;

wherein the source authentication information comprises a digital signature public key that corresponds to a digital signature private key used by the external source to digitally sign the source authentication information with a digital signature, and wherein using the source authentication information to prevent any party other than the external source from altering the stored authorization record comprises decrypting the digital signature with the digital signature public key.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of application control for use on an electronic device. A device can be configured to receive an operation request from an application. The device can determine whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application. The application is allowed to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application.

Citations

30 Claims

1. A method of application control for use on an electronic device, the method comprising:
- receiving an operation request from an application;
  
  determining whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the authorization record and the application identifier are provided by an external source for storage on the electronic device;
  
  allowing the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  storing source authentication information onto the device; and
  
  using the source authentication information to prevent any party other than the external source from altering the stored authorization record;
  
  wherein the source authentication information comprises a digital signature public key that corresponds to a digital signature private key used by the external source to digitally sign the source authentication information with a digital signature, and wherein using the source authentication information to prevent any party other than the external source from altering the stored authorization record comprises decrypting the digital signature with the digital signature public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the application is allowed to perform the requested operation only if the requested operation is determined to be allowed to be performed by the application.
  - 3. The method of claim 1, wherein the authorization record and the application identifier are provided by the external source to the electronic device through a wireless communication channel.
  - 4. The method of claim 1, wherein the authorization record related to determining whether the requested operation is to be allowed is provided by an external computer that is used to enforce policies for operating electronic devices within an organization.
  - 5. The method of claim 1, wherein an update to the authorization record is provided by the external source for storage on the electronic device.
  - 6. The method of claim 1, wherein a plurality of authorization records associated with a plurality of application identifiers are stored on the electronic device, said method further comprising:
    - receiving operation requests from a plurality of applications operating on the electronic device;
      
      determining whether the requested operations are allowed to be performed by their respective applications based upon the stored authorization records and the application identifiers that are respectively associated with the plurality of applications; and
      
      allowing the plurality of applications to perform their respective requested operations based upon whether the requested operations are determined to be allowed to be performed.
  - 7. The method of claim 6, wherein a group containing two or more of the applications is associated with one of the authorization records.
  - 8. The method of claim 1, wherein the requested operation is selected from the group consisting of:
    - opening a connection;
      
      accessing a telephone API;
      
      accessing local memory;
      
      or communicating with another executing application.
  - 9. The method of claim 1, wherein the requested operation is selected from the group consisting of:
    - opening network connections inside a firewall;
      
      opening network connections outside the firewall;
      
      opening local connections;
      
      interacting with other processes;
      
      accessing a runtime store or a persistent store;
      
      or accessing a telephone API in order to make a phone call through the electronic device.
  - 10. The method of claim 1, wherein the stored authorization record is associated with data indicative of whether the application is required, allowed, or excluded.
  - 11. The method of claim 1, wherein the authorization record is stored in a protected data store thereby preventing alteration or deletion to the authorization record unless permitted.
  - 12. The method of claim 1, wherein the electronic device is a wireless mobile communications device or a personal digital assistant (PDA).
  - 13. One or more computer readable media storing instructions that upon execution by the electronic device cause the electronic device perform the steps of claim 1.
  - 14. A data signal that is transmitted using a communication channel, wherein the data signal includes the authorization record of claim 1 for use by the electronic device for determining whether a requested operation is allowed to be performed.
  - 15. The method of claim 1, wherein the application operates upon the electronic device.
  - 16. The method of claim 1, wherein the application identifier associated with the application comprises a hash value of the application.

17. A system of application control for use on an electronic device, comprising:
- an authorization record store configured to store operation authorization data records and application identifiers that are associated with the operation authorization data records;
  
  software instructions that are configured to operate on the electronic device and to consult the operation authorization data in the authorization record store in order to determine whether an operation requested by an application operating on the electronic device is allowed to be performed by the application;
  
  wherein the application identifiers associated with the operation authorization data records are used to determine which of the operation authorization data records is to be used by the software instructions in determining whether to permit the requested operation;
  
  wherein the operation authorization data records and the application identifiers are provided by an external source for storage on the electronic device;
  
  a source authentication information store that is contained on the electronic device; and
  
  software instructions that arc configured to operate on the electronic device and to consult the source authentication information store in order to prevent any party other than the external source from altering the stored authorization record.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The system of claim 17, wherein the application identifier associated with the application comprises a hash value of the application.
  - 19. The system of claim 17, wherein the source authentication information store comprises a digital signature public key that corresponds to a digital signature private key used by the external source to digitally sign the source authentication information with a digital signature, and wherein the software instructions that are configured to consult the source authentication information to prevent any party other than the external source from altering the stored authorization record are configured to decrypt the digital signature with the digital signature public key.
  - 20. The system of claim 17, wherein the application is allowed to perform the requested operation only if the requested operation is determined to be allowed to be performed by the application.
  - 21. The system of claim 17, wherein an update to the authorization data record records is provided by the external source for storage on the electronic device.
  - 22. The system of claim 17, wherein the requested operation is selected from the group consisting of:
    - opening a connection;
      
      accessing a telephone API;
      
      accessing local memory;
      
      or communicating with another executing application.

23. A system of application control for use on wireless mobile communications device, comprising:
- means for receiving an operation request from an application;
  
  wherein the requested operation is selected from the group consisting of;
  
  opening a connection, accessing a telephone API, accessing local memory and communicating with another executing application;
  
  means for determining whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the stored authorization record is associated with data indicative of whether the application is required, allowed, or excluded;
  
  wherein the authorization record related to determining whether the requested operation is to be allowed is provided by an external computer that is used to enforce policies for operating electronic devices within an organization;
  
  means for allowing the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  a source authentication information store, andmeans for consulting the source authentication information store in order to prevent any party other than the external computer from altering the stored authorization record;
  
  wherein the source authentication information store comprises a digital signature public key that corresponds to a digital signature private key used by the external computer to digitally sign the source authentication information with a digital signature, and wherein the means for consulting the source authentication information to prevent any party other than the external computer from altering the stored authorization record operate by decrypting the digital signature with the digital signature public key.
- View Dependent Claims (24)
- - 24. The system of claim 23, wherein an update to the authorization record is provided by the external computer for storage on the wireless mobile communications device.

25. A system of application control for use on an electronic device, wherein an operation request is received from an application, the system comprising:
- software instructions configured to operate on the electronic device and to determine whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the authorization record and the application identifier are provided by an external source for storage on the electronic device; and
  
  software instructions configured to operate on the electronic device and to allow the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  wherein the source authentication information is stored on the device;
  
  wherein the source authentication information is used to prevent any party other than the external source from altering the stored authorization record;
  
  wherein the source authentication information comprises a digital signature public key that corresponds to a digital signature private key used by the external source to digitally sign the source authentication information with a digital signature, and wherein the use of the source authentication information to prevent any party other than the external source from altering the stored authorization record comprises decrypting the digital signature with the digital signature public key.

26. A mobile device with application control, comprising:
- means for receiving an operation request from an application;
  
  means configured to operate on the electronic device and to determine whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the authorization record and the application identifier are provided by an external source for storage on the electronic device; and
  
  means configured to operate on the electronic device and to allow the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  wherein the source authentication information is stored on the device;
  
  wherein the source authentication information is used to prevent any party other than the external source from altering the stored authorization record;
  
  wherein the source authentication information comprises a digital signature public key that corresponds to a digital signature private key used by the external source to digitally sign the source authentication information with a digital signature, and wherein the use of the source authentication information to prevent any party other than the external source from altering the stored authorization record comprises decrypting the digital signature with the digital signature public key.

27. A method of application control for use on an electronic device, comprising:
- storing, in an authorization record store that is on the electronic device, operation authorization data records and application identifiers that are associated with the operation authorization data records;
  
  wherein the electronic device consults the operation authorization data in the authorization record store in order to determine whether an operation requested by an application operating on the electronic device is allowed to be performed by the application;
  
  wherein the application identifiers associated with the operation authorization data records are used to determine which of the operation authorization data records is to be used by the software instructions in determining whether to permit the requested operation;
  
  wherein the operation authorization data records and the application identifiers are provided by an external source for storage on the electronic device;
  
  wherein a source authentication information store is contained on the electronic device; and
  
  using a processor of the electronic device to consult the source authentication information store in order to prevent any party other than the external source from altering the stored authorization record.

28. A mobile device with application control, comprising:
- means for storing applications on the mobile device;
  
  a processor for executing software instructions on the mobile device;
  
  an authorization record store configured to store operation authorization data records and application identifiers that are associated with the operation authorization data records;
  
  software instructions that are configured to operate on the mobile device and to consult the operation authorization data in the authorization record store in order to determine whether an operation requested by an application operating on the mobile device is allowed to be performed by the application;
  
  wherein the application identifiers associated with the operation authorization data records are used to determine which of the operation authorization data records is to be used by the software instructions in determining whether to permit the requested operation;
  
  wherein the operation authorization data records and the application identifiers are provided by an external source for storage on the mobile device;
  
  a source authentication information store that is contained on the mobile device; and
  
  software instructions that are configured to operate on the mobile device and to consult the source authentication information store in order to prevent any party other than the external source from altering the stored authorization record.

29. A method of application control for use on wireless mobile communications device, comprising:
- receiving through the wireless mobile communications device an operation request from an application;
  
  wherein the requested operation is selected from the group consisting of;
  
  opening a connection, accessing a telephone API, accessing local memory and communicating with another executing application;
  
  determining through the wireless mobile communications device whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the stored authorization record is associated with data indicative of whether the application is required, allowed, or excluded;
  
  wherein the authorization record related to determining whether the requested operation is to be allowed is provided by an external computer that is used to enforce policies for operating electronic devices within an organization;
  
  wherein the wireless mobile communications device allows the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  wherein a source authentication information store is contained on the wireless mobile communications device, andwherein the wireless mobile communications device consults the source authentication information store in order to prevent any party other than the external computer from altering the stored authorization record;
  
  wherein the source authentication information store comprises a digital signature public key that corresponds to a digital signature private key used by the external computer to digitally sign the source authentication information with a digital signature, and wherein the means for consulting the source authentication information to prevent any party other than the external computer from altering the stored authorization record operate by decrypting the digital signature with the digital signature public key.

30. A wireless mobile communication device with application control, wherein an operation request is received from an application, wherein the requested operation is selected from the group consisting of:
- opening a connection, accessing a telephone API, accessing local memory and communicating with another executing application, said wireless mobile communication device comprising;
  
  means for determining whether the requested operation is allowed to be performed by the application based upon a stored authorization record and an application identifier associated with the application;
  
  wherein the stored authorization record is associated with data indicative of whether the application is required, allowed, or excluded;
  
  wherein the authorization record related to determining whether the requested operation is to be allowed is provided by an external computer that is used to enforce policies for operating electronic devices within an organization;
  
  means for allowing the application to perform the requested operation based upon whether the requested operation is determined to be allowed to be performed by the application;
  
  a source authentication information store, andmeans for consulting the source authentication information store in order to prevent any party other than the external computer from altering the stored authorization record;
  
  wherein the source authentication information store comprises a digital signature public key that corresponds to a digital signature private key used by the external computer to digitally sign the source authentication information with a digital signature, and wherein the means for consulting the source authentication information to prevent any party other than the external computer from altering the stored authorization record operate by decrypting the digital signature with the digital signature public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Research In Motion Limited (Blackberry Limited)
Inventors
Adams, Neil P., Kirkup, Michael G., Little, Herbert A., Owen, Russell N.
Primary Examiner(s)
ST CYR, DANIEL

Application Number

US11/118,748
Publication Number

US 20050252963A1
Time in Patent Office

1,509 Days
Field of Search

235/472.01, 235/472.02, 235/462.01, 235/462, 235/462.44, 235/462.45
US Class Current

235/472.01
CPC Class Codes

G06F 12/1458   by checking the subject acc...

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/53   by executing in a restricte...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 21/71   to assure secure computing ...

G06F 2221/2149   Restricted operating enviro...

G06F 8/61   Installation

H04L 63/102   Entity profiles

H04L 67/34   involving the movement of s...

H04M 1/72406   by software upgrading or do...

System and method of operation control on an electronic device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of operation control on an electronic device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links