System and method for privilege management and revocation

US 8,522,321 B2
Filed: 09/17/2009
Issued: 08/27/2013
Est. Priority Date: 06/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method for managing privileges in a system comprising electronic devices having applications resident on the electronic devices, comprising:

monitoring a plurality of electronic devices that are present in the system;

detecting a change in privileges associated with one or more applications resident on the plurality of electronic devices, wherein the change in privileges comprises an indication that privileges are to be revoked; and

in response to a detection of the change in privileges, resetting all of the plurality of electronic devices such that for each of the plurality of electronic devices that is reset, each application of the one or more applications resident on the electronic device no longer has access to any revoked privileges upon a restart of the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates generally to the management of privileges associated with certain applications that are accessible by users of electronic equipment, such as, for example, networked computers, mobile wireless communications devices, and the like. In particular, the disclosure is directed to systems and methods for managing privileges associated with particular applications and for revoking these privileges in a timely and robust manner. For example, the device keeps track of which applications get access to which privileges. When policies or application control changes, the system detects which privileges have been revoked for which applications. This can be accomplished by simply comparing the old set of privileges with the new set of privileges. For each revoked privilege for a given application, the system determines if the application has ever accessed that privilege in the past. If an application has accessed a privilege that is now revoked at any time in the past, the device is reset. To ensure that privileges that may be passed between applications are not overlooked, the device is arranged to perform a reset if any revoked privilege accessible by the device is one that may be passed between applications.

Citations

18 Claims

1. A method for managing privileges in a system comprising electronic devices having applications resident on the electronic devices, comprising:
- monitoring a plurality of electronic devices that are present in the system;
  
  detecting a change in privileges associated with one or more applications resident on the plurality of electronic devices, wherein the change in privileges comprises an indication that privileges are to be revoked; and
  
  in response to a detection of the change in privileges, resetting all of the plurality of electronic devices such that for each of the plurality of electronic devices that is reset, each application of the one or more applications resident on the electronic device no longer has access to any revoked privileges upon a restart of the application.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the change in privileges is a result of a change in system IT policy.
  - 3. The method of claim 1, wherein a system administrator determines when the resetting is performed.
  - 4. The method of claim 1, wherein the resetting all of the plurality of electronic devices brings the system to a known state.
  - 5. The method of claim 4, further comprising restarting all of the plurality of electronic devices after the devices have been reset.
  - 6. The method of claim 1, wherein each of the electronic devices comprises a mobile wireless communications device.

7. A system for managing privileges for a plurality of electronic devices having applications resident thereon, the system comprising at least one processor configured to:
- monitor the plurality of electronic devices;
  
  detect a change in privileges associated with one or more applications resident on the plurality of electronic devices, wherein the change in privileges comprises an indication that privileges are to be revoked; and
  
  in response to a detection of the change in privileges, resetting all of the plurality of electronic devices such that for each of the plurality of electronic devices that is reset, each application of the one or more applications resident on the electronic device no longer has access to any revoked privileges upon a restart of the application.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the change in privileges is a result of a change in system IT policy.
  - 9. The system of claim 7, wherein a system administrator determines when to reset each of the electronic devices.
  - 10. The system of claim 7, wherein the at least one processor is configured to reset each of the electronic devices by bringing each of the electronic devices to a known state.
  - 11. The system of claim 10, wherein the at least one processor is further configured to, for each of the electronic devices, restart the electronic device after the electronic device has been reset.
  - 12. The system of claim 7, wherein each of the electronic devices comprises a mobile wireless communications device.

13. A non-transitory computer-readable medium comprising instructions executable by a processor, wherein the instructions cause the process to perform acts of a method for managing privileges in a system comprising electronic devices having applications resident on the electronic devices, the acts comprising:
- monitoring a plurality of electronic devices that are present in the system;
  
  detecting a change in privileges associated with one or more applications resident on the plurality of electronic devices, wherein the change in privileges comprises an indication that privileges are to be revoked; and
  
  in response to a detection of the change in privileges, resetting all of the plurality of electronic devices such that for each of the plurality of electronic devices that is reset, each application of the one or more applications resident on the electronic device no longer has access to any revoked privileges upon a restart of the application.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The medium of claim 13, wherein the change in privileges is a result of a change in system IT policy.
  - 15. The medium of claim 13, wherein a system administrator determines when the resetting is performed.
  - 16. The medium of claim 13, wherein the resetting all of the plurality of electronic devices brings the system to a known state.
  - 17. The medium of claim 16, the acts further comprising restarting the electronic devices after the devices have been reset.
  - 18. The medium of claim 13, wherein each of the electronic devices comprises a mobile wireless communications device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Little, Herbert
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US12/561,370
Publication Number

US 20100011417A1
Time in Patent Office

1,440 Days
Field of Search

None
US Class Current

726/5
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/1408   by monitoring network traff...

H04L 63/20   for managing network securi...

System and method for privilege management and revocation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for privilege management and revocation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links