System and method for application program operation on a wireless device

US 8,699,999 B2
Filed: 07/30/2012
Issued: 04/15/2014
Est. Priority Date: 11/21/2005
Status: Active Grant

First Claim

Patent Images

1. A method for providing security features for a mobile device, wherein the method comprises:

providing a security management module with one or more security features;

providing a connect module for updating the one or more security features;

interfacing the connect module and the security management module with an operating system of the mobile device, by integrating application programming interfaces of the connect module with host environment application programming interfaces and providing security services to the mobile device via the application programming interfaces of the connect module to augment the behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;

providing access information to the security management module, the access information comprising information specifying whether applications on the mobile device can access a sensitive function of one of the host application programming interfaces; and

when a given application being executed on the mobile device makes a function call to an application program interface that provides access to a sensitive function, allowing execution of the function call to the sensitive function when the access information indicates that function calls to the sensitive function by the given application are allowed, and otherwise not allowing execution of the function call to the sensitive function.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein address mobile devices with non-secure operating systems that do not provide a sufficient security framework. More particularly, the embodiments described herein provide a set of applications to the device for providing security features to the non-secure operating system.

Citations

22 Claims

1. A method for providing security features for a mobile device, wherein the method comprises:
- providing a security management module with one or more security features;
  
  providing a connect module for updating the one or more security features;
  
  interfacing the connect module and the security management module with an operating system of the mobile device, by integrating application programming interfaces of the connect module with host environment application programming interfaces and providing security services to the mobile device via the application programming interfaces of the connect module to augment the behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  providing access information to the security management module, the access information comprising information specifying whether applications on the mobile device can access a sensitive function of one of the host application programming interfaces; and
  
  when a given application being executed on the mobile device makes a function call to an application program interface that provides access to a sensitive function, allowing execution of the function call to the sensitive function when the access information indicates that function calls to the sensitive function by the given application are allowed, and otherwise not allowing execution of the function call to the sensitive function.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the method further comprises contacting an administrator if security information is not provided for the given application.
  - 3. The method of claim 1, wherein the method further comprises overriding user authentication features provided by the operating system with user authentication features provided by the security management module.
  - 4. The method of claim 1, wherein the method further comprises using the security management module to provide application feature-specific security.
  - 5. The method of claim 1, wherein the method further comprises configuring the connect module to provide secure communication with a host system.

6. A method for providing security features for a mobile device, wherein the method comprises:
- providing a security management module with one or more security features;
  
  providing a connect module for updating the one or more security features;
  
  interfacing the connect module and the security management module with an operating system of the mobile device, by integrating application programming interfaces of the connect module with host environment application programming interfaces and providing security services to the mobile device via the application programming interfaces of the connect module to augment the behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  providing execution information to the security management module, the execution information comprising information on whether an application on the mobile device is allowed to be executed by the operating system; and
  
  when a given application is to be executed on the mobile device, allowing execution of the given application when the execution information indicates that the given application is an allowable application, and otherwise not allowing execution of the given application.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the method further comprises contacting an administrator if security information is not provided for the given application.
  - 8. The method of claim 6, wherein the method further comprises overriding user authentication features provided by the operating system with user authentication features provided by the security management module.
  - 9. The method of claim 6, wherein the method further comprises using the security management module to provide application feature-specific security.
  - 10. The method of claim 6, wherein the method further comprises configuring the connect module to provide secure communication with a host system.

11. A mobile device comprising:
- a main processor that controls operations of the mobile device;
  
  a communication subsystem connected to the main processor,wherein the communication subsystem is configured to send and receive data; and
  
  a set of applications for providing security features for an operating system of the mobile device, the set of applications implementing;
  
  a security management module for providing security features to the operating system of the mobile device;
  
  a connect module for updating the security features provided by the security management module; and
  
  an integration module for interfacing the connect module and the security management module with the operating system, wherein the integration module integrates application programming interfaces of the connect module with host environment application programming interfaces and provides security services to the mobile device via the application programming interfaces of the connect module to augment behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  wherein the mobile device further comprises access information, the access information comprising information specifying whether applications on the mobile device can access a sensitive function of one of the host environment application programming interfaces; and
  
  wherein the security management module is arranged to allow execution of a function call to a sensitive function when a given application being executed on the mobile device makes a function call to the at least one application program interface that provides access to the sensitive function when the access information indicates that function calls to the sensitive function by the given application are allowed, and otherwise not to allow execution of the function call to the sensitive function.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The device of claim 11, wherein the security management module is adapted to override user authentication features provided by the operating system with user authentication features provided by the security management module.
  - 13. The device of claim 11, wherein the security management module provides application feature-specific security.
  - 14. The device of claim 11, wherein the connect module is configured to provide secure communication with a host.
  - 15. The device of claim 11, wherein the security management module is adapted to contact an administrator if security information is not provided for the given application.

16. A mobile device comprising:
- a main processor that controls operations of the mobile device;
  
  a communication subsystem connected to the main processor, wherein the communication subsystem is configured to send and receive data; and
  
  a set of applications for providing security features for an operating system of the mobile device, the set of applications implementing;
  
  a security management module for providing security features to the operating system of the mobile device;
  
  a connect module for updating the security features provided by the security management module; and
  
  an integration module for interfacing the connect module and the security management module with the operating system, wherein the integration module integrates application programming interfaces of the connect module with host environment application programming interfaces and provides security services to the mobile device via the application programming interfaces of the connect module to augment behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  wherein the mobile device further comprises execution information, the execution information comprises information on whether an application on the mobile device is allowed to be executed by the operating system; and
  
  wherein the security management module is arranged to allow execution of a given application when a given application is to be executed on the mobile device when the execution information indicates that the given application is an allowable application, and otherwise the security management module is arranged not to allow execution of the given application.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The device of claim 16, wherein the security management module is adapted to override user authentication features provided by the operating system with user authentication features provided by the security management module.
  - 18. The device of claim 16, wherein the security management module provides application feature-specific security.
  - 19. The device of claim 16, wherein the connect module is configured to provide secure communication with a host.
  - 20. The device of claim 16, wherein the security management module is adapted to contact an administrator if security information is not provided for the given application.

21. A non-transitory computer-readable medium comprising instructions, which when executed by a processor of a mobile device, configures the processor to perform a method for providing security features for the mobile device, wherein the method comprises:
- providing a security management module with one or more security features;
  
  providing a connect module for updating the one or more security features;
  
  interfacing the connect module and the security management module with an operating system of the mobile device, by integrating application programming interfaces of the connect module with host environment application programming interfaces and providing security services to the mobile device via the application programming interfaces of the connect module to augment the behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  providing access information to the security management module, the access information comprising information specifying whether applications on the mobile device can access a sensitive function of one of the host application programming interfaces; and
  
  when a given application being executed on the mobile device makes a function call to an application program interface that provides access to a sensitive function, allowing execution of the function call to the sensitive function when the access information indicates that function calls to the sensitive function by the given application are allowed, and otherwise not allowing execution of the function call to the sensitive function.

22. A non-transitory computer-readable medium comprising instructions, which when executed by a processor of a mobile device, configures the processor to perform a method for providing security features for the mobile device, wherein the method comprises:
- providing a security management module with one or more security features;
  
  providing a connect module for updating the one or more security features;
  
  interfacing the connect module and the security management module with an operating system of the mobile device, by integrating application programming interfaces of the connect module with host environment application programming interfaces and providing security services to the mobile device via the application programming interfaces of the connect module to augment the behavior of the host environment application programming interfaces and the mobile device in order to affect the security capabilities of the operating system;
  
  providing execution information to the security management module, the execution information comprising information on whether an application on the mobile device is allowed to be executed by the operating system; and
  
  when a given application is to be executed on the mobile device, allowing execution of the given application when the execution information indicates that the given application is an allowable application, and otherwise not allowing execution of the given application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Kahandaliyanage, Shawn
Primary Examiner(s)
NGUYEN, KHAI MINH

Application Number

US13/561,374
Publication Number

US 20120297443A1
Time in Patent Office

624 Days
Field of Search

455/410, 455/411, 455/418, 455/419, 455/420, 455/550.1, 726/1, 726/4, 726/11, 726/21, 726/26, 726/27, 709/203, 709/223
US Class Current

455/410
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/62   Protecting access to data v...

G06F 21/6281   at program execution time, ...

G06F 9/468   Specific access rights for ...

H04L 63/08   for authentication of entit...

H04L 63/20   for managing network securi...

System and method for application program operation on a wireless device

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for application program operation on a wireless device

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links