Managing permission settings applied to applications

US 9,075,955 B2
Filed: 10/24/2012
Issued: 07/07/2015
Est. Priority Date: 10/24/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources;

determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter;

applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises;

determining that the first management policy conflicts with the second management policy; and

applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy;

determining that a source from which a management policy was received has rescinded the management policy; and

in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some aspects of what is described here relate to managing permission settings applied to applications on a mobile device. Multiple management policies that apply to an application associated with a perimeter on a device are identified. A priority ranking for each management policy is determined for the application based on the perimeter with which the application is associated. A permission setting based on the priority rankings is applied to the application.

Citations

17 Claims

1. A computer-implemented method comprising:
- identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources;
  
  determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter;
  
  applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises;
  
  determining that the first management policy conflicts with the second management policy; and
  
  applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy;
  
  determining that a source from which a management policy was received has rescinded the management policy; and
  
  in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the plurality of management policies includes at least two of:
    - an enterprise policy, a personal policy, an application policy, a parental policy, or a device policy.
  - 3. The method of claim 1, wherein the plurality of management policies includes at least two management policies provided by different policy providers.
  - 4. The method of claim 1, wherein the permission setting is based on a management policy having the highest priority ranking.
  - 5. The method of claim 4, wherein the management policy having the highest priority ranking is the most restrictive management policy of the plurality of management policies.
  - 6. The method of claim 4, wherein the management policy having the highest priority ranking is the least restrictive management policy of the plurality of management policies.
  - 7. The method of claim 1, further comprising determining the priority ranking for each of the plurality of management policies based in part on data requested by the application.
  - 8. The method of claim 1, wherein the priority rankings are determined for an instance of the application being launched on the device, and new priority rankings are re-determined for each new instance of the application being launched on the device.
  - 9. The method of claim 1, further comprising:
    - providing, on the device, a perimeter manager interface; and
      
      providing, in the perimeter manager interface, functionalities for editing a management policy.

10. A device comprising:
- data processing hardware apparatus; and
  
  a computer-readable medium storing instructions executable by the data processing hardware apparatus to perform operations comprising;
  
  identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources;
  
  determining, for the application, a priority ranking for each of the plurality of management policies, the priority ranking for at least one of the management policies determined based on the association of the application with the first perimeter;
  
  applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises;
  
  determining that the first management policy conflicts with the second management policy; and
  
  applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy;
  
  determining that a source from which a management policy was received has rescinded the management policy; and
  
  in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies.
- View Dependent Claims (11, 12, 13)
- - 11. The device of claim 10, wherein the plurality of management policies includes at least two of:
    - an enterprise policy, a personal policy, an application policy, a parental policy, or a device policy.
  - 12. The device of claim 10, wherein the permission setting is based on a management policy having the highest priority ranking.
  - 13. The device of claim 12, wherein the management policy having the highest priority ranking is the most restrictive management policy of the plurality of management policies.

14. A non-transitory computer-readable medium storing instructions executable by data processing hardware apparatus to perform operations comprising:
- identifying a plurality of management policies that apply to an application associated with a first perimeter of a plurality of perimeters on a device, each perimeter being associated with a separate file system on the device, wherein each of the plurality of management policies determines whether a resource on the device can be accessed, the plurality of management policies includes a first management policy and a second management policy and the plurality of management policies are received from one or more sources;
  
  determining, for the application, a priority ranking for each of the plurality of management policies, wherein the priority ranking for at least one of the management policies is determined based on the association of the application with the first perimeter; and
  
  applying a permission setting to the application based on the priority rankings for the plurality of management policies, wherein applying the permission setting comprises;
  
  determining that the first management policy conflicts with the second management policy; and
  
  applying the second management policy in response to determining that the second management policy has a higher priority ranking than the first management policy;
  
  determining that a source from which a management policy was received has rescinded the management policy; and
  
  in response to determining that the source has rescinded the management policy, re-calculating a new priority ranking for each of remaining management policies.
- View Dependent Claims (15, 16, 17)
- - 15. The non transitory computer-readable medium of claim 14, wherein the permission setting is based on a management policy having the highest priority ranking, and wherein the management policy having the highest priority ranking is the least restrictive management policy of the plurality of management policies.
  - 16. The non transitory computer-readable medium of claim 14, the operations further comprising determining the priority ranking for each of the plurality of management policies based in part on data requested by the application.
  - 17. The non transitory computer-readable medium of claim 14, wherein the priority rankings are determined for an instance of the application being launched on the device, and new priority rankings are re-determined for each new instance of the application being launched on the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
2236008 Ontario Inc. (Blackberry Limited), Blackberry Limited
Inventors
Schieman, Adam Richard, Major, Daniel Jonas, Goodman, Kevin, Nagarajan, Sivakumar
Primary Examiner(s)
Armouche, Hadi
Assistant Examiner(s)
HO, DAO Q

Application Number

US13/659,561
Publication Number

US 20140115693A1
Time in Patent Office

986 Days
Field of Search

726/17, 726/25
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/53   by executing in a restricte...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/6218   to a system of files or obj...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2149   Restricted operating enviro...

H04L 63/20   for managing network securi...

Managing permission settings applied to applications

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Managing permission settings applied to applications

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links