Authorizing local application activity using remotely defined security data

US 9,384,344 B2
Filed: 04/01/2013
Issued: 07/05/2016
Est. Priority Date: 11/26/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method comprising:

executing a sequence of instructions using a virtual machine on a mobile device, the sequence of instructions including at least one permission indicator associated with a protected activity on the mobile device, the executing causing presentation of content associated with a particular information channel on a user interface, the at least one permission indicator and the sequence of instructions being received from a remote server, the at least one permission indicator being delivered from the remote server with the sequence of instructions;

identifying, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;

determining, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator received from the remote server; and

in response a determination that execution of the identified instruction is permitted, performing the protected activity.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods, including computer software adapted to perform certain operations, can be implemented for preventing content received from non-trusted sources from accessing protected data. A sequence of instructions and multiple permission indicators associated with the sequence of instructions are received. One or more of permission indicators are associated with a protected activity. An instruction within the sequence of instructions associated with the protected activity is identified. A determination is made whether execution of the identified instruction is permitted based, at least in part, on the one or more permission indicators, and the protected activity is performed if execution of the identified instruction is permitted.

Citations

19 Claims

1. A computer implemented method comprising:
- executing a sequence of instructions using a virtual machine on a mobile device, the sequence of instructions including at least one permission indicator associated with a protected activity on the mobile device, the executing causing presentation of content associated with a particular information channel on a user interface, the at least one permission indicator and the sequence of instructions being received from a remote server, the at least one permission indicator being delivered from the remote server with the sequence of instructions;
  
  identifying, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;
  
  determining, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator received from the remote server; and
  
  in response a determination that execution of the identified instruction is permitted, performing the protected activity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - the sequence of instructions and at least one permission indicator stored in a particular segment of a file system on the mobile device, the file system including a plurality of segments, each segment corresponding to one of a plurality of information channels.
  - 3. The method of claim 1, further comprising:
    - storing, in a persistent storage device on the mobile device, the received sequence of instructions and the received one permission indicator.
  - 4. The method of claim 3, further comprising:
    - receiving an update to the at least one permission indicator; and
      
      storing, in the persistent storage device on the mobile device, the received update to the at least one permission indicator.
  - 5. The method of claim 3, wherein the sequence of instructions and the at least one permission indicator are received from the remote server in communication with the mobile device.
  - 6. The method of claim 5, wherein the value of the first permission indicator is set at the remote server.
  - 7. The method of claim 1, wherein the at least one permission indicator comprises a plurality of permission bits, and the first permission indicator corresponds to a first of the plurality of permission bits.
  - 8. The method of claim 7, wherein a second of the at least one permission indicators is associated with a different protected activity, and the second permission indicator corresponds to a second of the plurality of permission bits.
  - 9. The method of claim 1, wherein a SWF file comprises the sequence of instructions.

10. A non-transitory computer-readable storage medium comprising instructions that, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
- executing a sequence of instructions using a virtual machine on an electronic device, the sequence of instructions including at least one permission indicator, a first of the at least one permission indicators associated with a protected activity on the electronic device, the executing causing presentation of content associated with a particular information channel on a user interface, the sequence of instructions and at least one permission indicator stored in a particular segment of a file system on the electronic device, the file system including a plurality of segments, each segment corresponding to one of a plurality of information channels, the at least one permission indicator being received from a remote server with the sequence of instructions;
  
  receiving an updated value for the permission indicator from the remote source;
  
  storing, in the particular segment of the file system, the received updated value for the permission indicator;
  
  identifying, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;
  
  determining, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator received from the remote server; and
  
  in response a determination that execution of the identified instruction is permitted, performing the protected activity.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The non-transitory computer-readable storage medium of claim 10, wherein the received updated value for the permission indicator replaces the permission indicator in the persistent storage device.
  - 12. The non-transitory computer-readable storage medium of claim 10, the operations further comprising:
    - receiving, prior to receiving the request to display the content for the information source, the plurality of instructions;
      
      storing, in the persistent storage device, the plurality of instructions; and
      
      retrieving the plurality of instructions in response to a stimulus from a user of the mobile device.
  - 13. The non-transitory computer-readable storage medium of claim 12, wherein a SWF file comprises the plurality of instructions.
  - 14. The non-transitory computer-readable storage medium of claim 13, wherein the value of the permission indicator is set at the remote source.
  - 15. The non-transitory computer-readable storage medium of claim 13, wherein the permission indicator occupies one of a plurality of permission indicator positions within a permissions data structure, and the permission indicator is assigned to the one permission indicator position at the remote source.
  - 16. The non-transitory computer-readable storage medium of claim 12, wherein the permission indicator and the plurality of instructions are received from a remote source in communication with the mobile device.

17. A system comprising:
- a user interface device;
  
  a persistent storage device; and
  
  one or more processors operable to interact with the user interface device and the persistent storage device, the one or more processors further operable to;
  
  receive a sequence of instructions and at least one permission indicator at a virtual machine on an electronic device, the sequence of instructions and the at least one permission indicator provided to the virtual machine from a remote server;
  
  execute the sequence of instructions using the virtual machine on the electronic device, the sequence of instructions including the at least one permission indicator, a first of the at least one permission indicators associated with a protected activity on the electronic device, the executing causing presentation of content associated with a particular information channel on a user interface, the sequence of instructions and at least one permission indicator stored in a particular segment of a file system on the electronic device, the file system including a plurality of segments, each segment corresponding to one of a plurality of information channels, the at least one permission indicator being received from the remote source with the sequence of instructions;
  
  identify, using the virtual machine, an instruction within the sequence of instructions as being associated with the protected activity;
  
  determine whether the instruction is implemented in a custom extension expanding functionality of a runtime component;
  
  reviewing custom extension permissions for the custom extension;
  
  determine, using the virtual machine, whether execution of the identified instruction is permitted based, at least in part, on the first permission indicator and the custom extension permissions; and
  
  in response a determination that execution of the identified instruction is permitted, perform the protected activity.
- View Dependent Claims (18, 19)
- - 18. The system of claim 17, wherein the one or more processors comprise a client operable to interact with the remote source through a data communication network, and the remote source is operable to interact with the client as a server.
  - 19. The system of claim 18, wherein the value of the at least one permission indicator is set at the remote source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Zheng, Jian, Shah, Rishit, Chanda, Rupen
Primary Examiner(s)
MOORTHY, ARAVIND K

Application Number

US13/854,803
Publication Number

US 20130232572A1
Time in Patent Office

1,191 Days
Field of Search

726/21, 726/22, 726/27, 713/165, 713/168, 713/187, 713/189, 380/201, 380/203, 380/211, 380/242, 725/1, 725/9, 725/25, 725/56, 725/62, 725/86, 725/104
US Class Current

1/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/50   Monitoring users, programs ...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

Authorizing local application activity using remotely defined security data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Authorizing local application activity using remotely defined security data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links