Methods and apparatus to control privileges of mobile device applications
First Claim
1. A method, comprising:
- assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, the mobile device having a first network interface and a second network interface different than the first network interface;
determining via a digital certificate that the application is;
authorized to be executed on the mobile device;
authorized to access the first network interface of the mobile device; and
unauthorized to access the second network interface of the mobile device;
configuring a mandatory access control module of the mobile device to control access of the first and second network interfaces by providing the process identifier to the mandatory access control module;
enabling the application to access the first network interface, wherein enabling the application to access the first network interface includes creating a virtual private network tunnel through the mobile device to a wireless network; and
preventing the application from accessing the second network interface.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus to control privileges of mobile device applications are disclosed. A disclosed example method includes assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, determining via a digital certificate that the application is authorized to be executed on the mobile device and that the application is authorized to access a network interface of the mobile device, configuring a mandatory access control module of the mobile device to enforce access of the network interface by providing the process identifier to the mandatory access control module, and enabling the application to access the network interface.
114 Citations
17 Claims
-
1. A method, comprising:
-
assigning a process identifier to an application on a mobile device, the process identifier generated by an operating system of the mobile device, the mobile device having a first network interface and a second network interface different than the first network interface; determining via a digital certificate that the application is; authorized to be executed on the mobile device; authorized to access the first network interface of the mobile device; and unauthorized to access the second network interface of the mobile device; configuring a mandatory access control module of the mobile device to control access of the first and second network interfaces by providing the process identifier to the mandatory access control module; enabling the application to access the first network interface, wherein enabling the application to access the first network interface includes creating a virtual private network tunnel through the mobile device to a wireless network; and preventing the application from accessing the second network interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A mobile device, comprising:
-
a first network interface; a second network interface; a memory having machine readable instructions and an application stored thereon; a processor to execute the machine readable instructions to perform operations comprising; determining via a digital certificate that the application is authorized to access the first network interface of the mobile device and unauthorized to access a second network interface of the mobile device; configuring a mandatory access control module of the mobile device to restrict access of the first and second network interfaces by providing a process identifier assigned to the application to the mandatory access control module; enabling the application to access the first network interface, wherein enabling the application to access the first network interface comprises creating a virtual private network tunnel; and preventing the application from accessing the second network interface. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A tangible machine-accessible storage medium comprising instructions that, when executed, cause a machine to perform operations comprising:
-
assigning a process identifier to an application on a mobile device; determining via a digital certificate that the application is; authorized to be executed on the mobile device; authorized to access a first device interface of the mobile device; and unauthorized to access a second device interface of the mobile device, the second device interface being different from the first device interface; configuring a mandatory access control module of the mobile device to control access to the first and second device interfaces by providing the process identifier to the mandatory access control module; enabling the application to access the first device interface, wherein enabling the application to access the first network interface comprises creating a virtual private network tunnel through the mobile device via the mandatory access control module; and preventing the application from accessing the second device interface. - View Dependent Claims (16, 17)
-
Specification