Policy configuration for mobile device applications

US 8,898,459 B2
Filed: 08/31/2011
Issued: 11/25/2014
Est. Priority Date: 08/31/2011
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

retrieving, using a processor, an access privilege associated with an application that is executable on a mobile device, and a list of trusted certificate authorities, from a removable memory device communicatively coupled with the mobile device, the access privilege indicating whether the application is permitted to access a network interface of the mobile device;

determining, using the processor, whether a digital certificate associated with the application has been signed by a first trusted certificate authority, the first trusted certificate authority being included in the list of trusted certificate authorities; and

when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application based on at least the access privilege to have restricted access to the network interface of the mobile device, the access restricted to be through a virtual private network client that is on the mobile device and in communication with the network interface of the mobile device via a virtual private network tunnel established on the mobile device between the virtual private network client and the network interface.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, articles of manufacture, and apparatus to perform policy configuration for mobile device applications are disclosed. A disclosed example method includes determining whether a digital certificate associated with a application executable on a mobile device has been signed by a first trusted certificate authority, the first trusted certificate authority being included in a list of trusted certificate authorities hard-coded in the mobile device, and when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application for execution on the mobile device based on an access privilege indicating a physical interface of the mobile device the application is permitted to access, and execution configuration information associated with the application.

111 Citations

20 Claims

1. A method comprising:
- retrieving, using a processor, an access privilege associated with an application that is executable on a mobile device, and a list of trusted certificate authorities, from a removable memory device communicatively coupled with the mobile device, the access privilege indicating whether the application is permitted to access a network interface of the mobile device;
  
  determining, using the processor, whether a digital certificate associated with the application has been signed by a first trusted certificate authority, the first trusted certificate authority being included in the list of trusted certificate authorities; and
  
  when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application based on at least the access privilege to have restricted access to the network interface of the mobile device, the access restricted to be through a virtual private network client that is on the mobile device and in communication with the network interface of the mobile device via a virtual private network tunnel established on the mobile device between the virtual private network client and the network interface.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as defined in claim 1, further comprising, when the digital certificate is determined to not have been signed by any trusted certificate authority included in the list of trusted certificate authorities, determining that the application is untrusted.
  - 3. The method as defined in claim 1, further comprising retrieving a second access privilege that indicates at least one of whether the application is permitted to access a microphone interface of the mobile device, and whether the application is permitted to access a camera interface of the mobile device.
  - 4. The method as defined in claim 1, wherein the application is a first application, the access privilege is a first access privilege, the digital certificate is a first certificate, and further comprising:
    - retrieving a second access privilege associated with a second application that is executable on the mobile device from the removable memory device;
      
      determining whether a second digital certificate associated with the second application has been signed by the first trusted certificate authority; and
      
      when the second digital certificate is determined to have been signed by the first trusted certificate authority, configuring the second application for execution on the mobile device based on the second access privilege, and based on an execution privilege that is to indicate whether the second application is permitted to be executed on the mobile device.
  - 5. The method as defined in claim 4, wherein the list of trusted certificate authorities includes the first trusted certificate authority and a second trusted certificate authority, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the second application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the second access privilege associated with the second application.
  - 6. The method as defined in claim 1, wherein the removable memory device comprises a subscriber identity module card.
  - 7. The method as defined in claim 1, wherein the digital certificate is stored in the removable memory device, and the access privilege is specified in the digital certificate.

8. A mobile device comprising:
- a set of physical interfaces including a network interface;
  
  a first memory having machine readable instructions stored thereon;
  
  a processor to execute the instructions to perform operations comprising retrieving a set of access privileges that indicate which ones of the set of physical interfaces a first application executing on the mobile device is permitted to access, the processor to have access to a list of trusted certificate authorities authorized to sign digital certificates associated with applications, a first one of the access privileges to indicate that the first application is to have restricted access to the network interface, the access to be restricted to be through a virtual private network client that is on the mobile device and in communication with the network interface via a virtual private network tunnel established on the mobile device between the virtual private network client and the network interface; and
  
  a removable memory device to store the list of trusted certificate authorities and the set of access privileges, the processor to retrieve the list of trusted certificate authorities and the set of access privileges from the removable memory device.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The mobile device as defined in claim 8, wherein the operations further comprise:
    - determining whether a first digital certificate is associated with any trusted certificate authority included in the list of trusted certificate authorities, the first digital certificate being associated with the first application; and
      
      if the digital certificate is associated with any trusted certificate authority included in the list of trusted certificate authorities, processing the digital certificate to determine the set of access privileges for the first application.
  - 10. The mobile device as defined in claim 9, wherein the operations further comprise, if the digital certificate is not associated with any trusted certificate authority included in the list of trusted certificate authorities, determining that the first application is untrusted.
  - 11. The mobile device as defined in claim 8, wherein the set of access privileges further indicates at least one of whether the first application is permitted to access a microphone interface of the mobile device, and whether the first application is permitted to access a camera interface of the mobile device.
  - 12. The mobile device as defined in claim 8, wherein the set of access privileges is a first set of access privileges, and the operations further comprise:
    - retrieving a second set of access privileges associated with a second application that is executable on the mobile device; and
      
      obtaining an execution privilege that is to indicate whether the second application is permitted to be executed on the mobile device, the list of trusted certificate authorities including a first trusted certificate authority and a second trusted certificate authority, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the second application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the second set of access privileges associated with the second application.
  - 13. The mobile device as defined in claim 8, wherein the removable memory device comprises at least one of a subscriber identity module card, a universal integrated circuit card or a removable user identity module.
  - 14. The mobile device as defined in claim 8, wherein the set of access privileges is specified in a first digital certificate stored in the removable memory device.

15. A tangible computer readable storage device comprising machine readable instructions that, when executed, cause a machine to perform operations comprising:
- retrieving an access privilege associated with an application that is executable on a mobile device, and a list of trusted certificate authorities, from a removable memory device communicatively coupled with the mobile device, the access privilege indicating whether the application is permitted to access a network interface of the mobile device;
  
  determining whether a digital certificate associated with the application has been signed by a first trusted certificate authority, the first trusted certificate authority being included in the list of trusted certificate authorities; and
  
  when the digital certificate is determined to have been signed by the first trusted certificate authority, configuring the application based on at least the access privilege to have restricted access to the network interface of the mobile device, the access restricted to be through a virtual private network client that is on the mobile device and in communication with the network interface of the mobile device via a virtual private network tunnel established on the mobile device between the virtual private network client and the network interface.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The tangible computer readable storage device as defined in claim 15, wherein the operations further comprise, when the digital certificate is determined to not have been signed by any trusted certificate authority included in the list of trusted certificate authorities, determining that the application is untrusted.
  - 17. The tangible computer readable storage device as defined in claim 15, wherein the application is a first application, the access privilege is a first access privilege, the digital certificate is a first certificate, and the operations further comprise:
    - retrieving a second access privilege associated with a second application that is executable on the mobile device from the removable memory device;
      
      determining whether a second digital certificate associated with the second application has been signed by the first trusted certificate authority; and
      
      when the second digital certificate is determined to have been signed by the first trusted certificate authority, configuring the second application for execution on the mobile device based on the second access privilege, and based on an execution privilege that is to indicate whether the second application is permitted to be executed on the mobile device, wherein the list of trusted certificate authorities includes the first trusted certificate authority and a second trusted certificate authority, the first trusted certificate authority and the second trusted certificate authority are each permitted to authenticate the execution privilege for the second application, and the first trusted certificate authority, but not the second trusted certificate authority, is permitted to authenticate the second access privilege associated with the second application.
  - 18. The tangible computer readable storage device as defined in claim 15, wherein the operations further comprise retrieving a second access privilege that indicates at least one of whether the application is permitted to access a microphone interface of the mobile device, and whether the application is permitted to access a camera interface of the mobile device.
  - 19. The tangible computer readable storage device as defined in claim 15, wherein the removable memory device comprises a subscriber identity module card.
  - 20. The tangible computer readable storage device as defined in claim 15, wherein the digital certificate is stored in the removable memory device, and the access privilege is specified in the digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Chawla, Deepak, Muller, Urs A.
Primary Examiner(s)
Shiferaw, Eleni
Assistant Examiner(s)
GIDDINS, NELSON S

Application Number

US13/222,189
Publication Number

US 20130054962A1
Time in Patent Office

1,182 Days
Field of Search

713/156
US Class Current

713/156
CPC Class Codes

G06F 2221/2141   Access rights, e.g. capabil...

H04L 2209/80   Wireless network architectu...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/37   Managing security policies ...

Policy configuration for mobile device applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

111 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Policy configuration for mobile device applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links