Authorizing local application activity using remotely defined security data

US 8,413,233 B1
Filed: 11/26/2007
Issued: 04/02/2013
Est. Priority Date: 11/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, from a server, a sequence of instructions executable by a virtual machine on an electronic device and at least one permission indicator associated with the sequence of instructions, a first of the at least one permission indicators associated with a protected activity on the electronic device, wherein the sequence of instructions, when executed by the virtual machine, are adapted to present, through a user interface of the electronic device, content associated with a particular information channel of a plurality of interactive information channels defined on the electronic device in response to a selection of the particular information channel through the user interface;

storing the sequence of instructions and the associated at least one permission indicator in a particular segment of a feed store of the electronic device, wherein the feed store includes a plurality of segments, with each segment corresponding to one of the plurality of information channels and the particular segment corresponds to the particular information channel;

receiving a request, through the user interface, to display the content associated with the particular information channel;

retrieving the sequence of instructions from the particular segment of the feed store in response to the request;

executing the sequence of instructions using the virtual machine;

identifying, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;

determining, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator; and

performing the protected activity if execution of the identified instruction is permitted.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods, including computer software adapted to perform certain operations, can be implemented for preventing content received from non-trusted sources from accessing protected data. A sequence of instructions and multiple permission indicators associated with the sequence of instructions are received. One or more of permission indicators are associated with a protected activity. An instruction within the sequence of instructions associated with the protected activity is identified. A determination is made whether execution of the identified instruction is permitted based, at least in part, on the one or more permission indicators, and the protected activity is performed if execution of the identified instruction is permitted.

21 Citations

View as Search Results

25 Claims

1. A method comprising:
- receiving, from a server, a sequence of instructions executable by a virtual machine on an electronic device and at least one permission indicator associated with the sequence of instructions, a first of the at least one permission indicators associated with a protected activity on the electronic device, wherein the sequence of instructions, when executed by the virtual machine, are adapted to present, through a user interface of the electronic device, content associated with a particular information channel of a plurality of interactive information channels defined on the electronic device in response to a selection of the particular information channel through the user interface;
  
  storing the sequence of instructions and the associated at least one permission indicator in a particular segment of a feed store of the electronic device, wherein the feed store includes a plurality of segments, with each segment corresponding to one of the plurality of information channels and the particular segment corresponds to the particular information channel;
  
  receiving a request, through the user interface, to display the content associated with the particular information channel;
  
  retrieving the sequence of instructions from the particular segment of the feed store in response to the request;
  
  executing the sequence of instructions using the virtual machine;
  
  identifying, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;
  
  determining, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator; and
  
  performing the protected activity if execution of the identified instruction is permitted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the sequence of instructions and the at least one permission indicator are received in a single transmission.
  - 3. The method of claim 1, wherein the electronic device comprises a mobile device and the sequence of instructions and the at least one permission indicator are received by the mobile device, the method further comprising:
    - storing, in a persistent storage device on the mobile device, the received sequence of instructions and the received at least one permission indicator.
  - 4. The method of claim 3, further comprising:
    - receiving an update to the at least one permission indicator; and
      
      storing, in the persistent storage device on the mobile device, the received update to the at least one permission indicator.
  - 5. The method of claim 3, wherein the sequence of instructions and the at least one permission indicator are received from a remote source in communication with the mobile device.
  - 6. The method of claim 5, wherein the value of the first permission indicator is set at the remote source.
  - 7. The method of claim 1, wherein the at least one permission indicator comprises a plurality of permission bits, and the first permission indicator corresponds to a first of the plurality of permission bits.
  - 8. The method of claim 7, wherein a second of the at least one permission indicators is associated with a different protected activity, and the second permission indicator corresponds to a second of the plurality of permission bits.
  - 9. The method of claim 1, wherein a SWF file comprises the sequence of instructions.

10. A computer program product, encoded on a non-transitory computer-readable medium, operable to cause data processing apparatus to perform operations comprising:
- receiving, from a server, a permission indicator associated with an information source and further associated with a protected activity;
  
  storing, in a persistent storage device on a mobile device, the permission indicator, wherein the persistent storage device includes a plurality of segments with each segment storing content received from the information source for one of a plurality of information channels and one of the segments storing content and the permission indicator for the information source, with the content for the information source including a plurality of instructions executable by a virtual machine player on the mobile device;
  
  receiving, through a user interface on the mobile device, a request to display the content for the information source on a user interface of the mobile device;
  
  retrieving the plurality of instructions for execution on a virtual machine player;
  
  identifying an instruction of the plurality of instructions associated with the protected activity;
  
  determining that the protected activity is permitted based, at least in part, on the permission indicator stored in the persistent storage device; and
  
  executing the instruction using the virtual machine player in response to determining that the protected activity is permitted, wherein executing the instruction comprises performing the protected activity.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The computer program product of claim 10, the operations further comprising:
    - receiving an updated value for the permission indicator; and
      
      storing, in the persistent storage device, the received updated value for the permission indicator.
  - 12. The computer program product of claim 11, wherein the received updated value for the permission indicator replaces the permission indicator in the persistent storage device.
  - 13. The computer program product of claim 10, the operations further comprising:
    - receiving, prior to receiving the request to display the content for the information source, the plurality of instructions;
      
      storing, in the persistent storage device, the plurality of instructions; and
      
      retrieving the plurality of instructions in response to a stimulus from a user of the mobile device.
  - 14. The computer program product of claim 13, wherein a SWF file comprises the plurality of instructions.
  - 15. The computer program product of claim 13, wherein the permission indicator and the plurality of instructions are received from a remote source in communication with the mobile device.
  - 16. The computer program product of claim 15, wherein the value of the permission indicator is set at the remote source.
  - 17. The computer program product of claim 15, wherein the permission indicator occupies one of a plurality of permission indicator positions within a permissions data structure, and the permission indicator is assigned to the one permission indicator position at the remote source.

18. A system comprising:
- a user interface device;
  
  a persistent storage device; and
  
  one or more processors operable to interact with the user interface device and the persistent storage device, the one or more processors further operable to;
  
  receive a transmission from a remote source, the transmission comprising a sequence of instructions executable by a virtual machine on the user interface device and a permissions data structure associated with the sequence of instructions, the permissions data structure comprising at least one permission indicator, the at least one permission indicator associated with at least one protected activity on the user interface device, wherein the sequence of instructions, when executed by the virtual machine, are adapted to present content associated with a particular information channel of a plurality of interactive information channels defined in the persistent storage device in response to a selection of the particular information channel through a user interface of the electronic device;
  
  store the sequence of instructions and the permissions data structure in a particular segment of the persistent storage device, wherein the persistent storage device includes a plurality of segments, with each segment corresponding to one of the plurality of information channels and the particular segment corresponds to the particular information channel;
  
  retrieve the sequence of instructions and the permissions data structure from the persistent storage device in response to a stimulus received through the user interface device, the stimulus indicating a request to display the content associated with the particular information channel;
  
  execute the sequence of instructions using the virtual machine;
  
  determine, using the virtual machine, that a first protected activity is prohibited based, at least in part, on the at least one permission indicator; and
  
  block the first protected activity based on the determination that the first protected activity is prohibited.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
- - 19. The system of claim 18, wherein the one or more processors comprise a client operable to interact with the remote source through a data communication network, and the remote source is operable to interact with the client as a server.
  - 20. The system of claim 18, wherein the value of the at least one permission indicator is set at the remote source.
  - 21. The system of claim 18, wherein the permissions data structure comprises a plurality of permission bits, and each permission indicator corresponds to a permission bit.
  - 22. The system of claim 21, wherein the number of permission bits is greater than the number of permission indicators.
  - 23. The system of claim 18, wherein the at least one permission indicator comprises a first permission indicator and a second permission indicator, and wherein the determination that the first protected activity is prohibited is based on the first permission indicator.
  - 24. The system of claim 23, the one or more processors further operable to determine that a second protected activity is permitted based on the second permission indicator, wherein executing the sequence of instructions further comprises performing the second protected activity.
  - 25. The system of claim 18, wherein a SWF file comprises the sequence of instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Zheng, Jian, Shah, Rishit, Chanda, Rupen
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US11/945,235
Time in Patent Office

1,954 Days
Field of Search

726/21, 726/22, 726/27, 713/165, 713/168, 713/187, 713/189, 380/201, 380/203, 380/211, 380/242, 725/1, 725/9, 725/25, 725/56, 725/62, 725/86, 725/104
US Class Current

726/21
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/50   Monitoring users, programs ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

Authorizing local application activity using remotely defined security data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing local application activity using remotely defined security data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links