Systems, methods and apparatus to apply permissions to applications

US 9,413,742 B2
Filed: 08/22/2014
Issued: 08/09/2016
Est. Priority Date: 12/08/2010
Status: Active Grant

First Claim

Patent Images

1. An apparatus to authorize an application, comprising:

an address trust manager to obtain a first network address having a request for address authentication from a first entity, the request including a second network address associated with a second entity, the second entity having downloaded the application from the first entity via the first network address;

an address associator to compare the first network address to addresses in a trusted address database to determine whether the first network address is trusted; and

a shadow environment communicator to generate a signed message based on the comparison, at least one of the address trust manager, the address associator, or the shadow environment communicator including a logic circuit, the address trust manager to;

in response to a match in the trusted address database, transmit the signed message with an indication of authorization to the second entity via the first network address; and

in response to a lack of a match in the trusted address database, transmit the signed message with an indication of non-authorization to the second entity via the first network address.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are disclosed to apply permissions to applications. A disclosed example apparatus includes an address trust manager to obtain a first network address having a request for address authentication from a first entity, the first network address having a second network address associated with a second entity to execute the application, an address associator to compare the first network address to a trusted address database to determine whether the first network address is trusted, and a shadow environment communicator to generate a signed message based on the comparison of the trusted address database, the address trust manager to transmit the signed message to the second entity with an indication of authorization via the first network address in response to a match in the trusted address database, and transmit the signed message to the second entity with an indication of non-authorization via the first network address in response to a lack of a match in the trusted address database.

28 Citations

20 Claims

1. An apparatus to authorize an application, comprising:
- an address trust manager to obtain a first network address having a request for address authentication from a first entity, the request including a second network address associated with a second entity, the second entity having downloaded the application from the first entity via the first network address;
  
  an address associator to compare the first network address to addresses in a trusted address database to determine whether the first network address is trusted; and
  
  a shadow environment communicator to generate a signed message based on the comparison, at least one of the address trust manager, the address associator, or the shadow environment communicator including a logic circuit, the address trust manager to;
  
  in response to a match in the trusted address database, transmit the signed message with an indication of authorization to the second entity via the first network address; and
  
  in response to a lack of a match in the trusted address database, transmit the signed message with an indication of non-authorization to the second entity via the first network address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus as defined in claim 1, wherein the shadow environment communicator is to send a third network address via the first network address, the third network address to facilitate a bypass of the first entity when communicating with the second entity.
  - 3. The apparatus as defined in claim 1, wherein the shadow environment communicator is to send the signed message to the second entity to deconstruct a shadow environment on the second entity when the address associator does not find the match in the trusted address database, the deconstruction of the shadow environment to prevent the application from executing on the second entity.
  - 4. The apparatus as defined in claim 3, wherein the shadow environment is to permit execution of the application on the second entity using virtual resources.
  - 5. The apparatus as defined in claim 1, further including a mirror host request monitor to identify whether the application was downloaded from the first entity at a first time or a second time.
  - 6. The apparatus as defined in claim 5, wherein the first entity is deemed trusted at the first time and the first entity is deemed untrusted at the second time.
  - 7. The apparatus as defined in claim 6, wherein the shadow environment communicator is to generate the signed message with the indication of authorization if the application was downloaded from the first entity at the first time, the first time indicative of the first entity being trusted.
  - 8. The apparatus as defined in claim 6, wherein the shadow environment communicator is to generate the signed message with the indication of non-authorization if the application was downloaded from the first entity at the second time, the second time indicative of the first entity being untrusted.

9. A method to authorize an application, comprising:
- obtaining, by executing an instruction with a processor, a first network address from a request for address authentication from a first entity, the request including a second network address associated with a second entity, the second entity having downloaded the application from the first entity via the first network address;
  
  comparing, by executing an instruction with the processor, the first network address to addresses in a trusted address database to determine whether the first address is trusted;
  
  generating, by executing an instruction with the processor, a signed message based on the comparison;
  
  in response to a match in the trusted address database, transmitting the signed message with an indication of authorization form the processor to the second entity via the first network address; and
  
  in response to a lack of a match in the trusted address database, transmitting the signed message with an indication of non-authorization from the processor to the second entity via the first network address.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method as defined in claim 9, wherein the first entity includes a third party mirror host to provide the application to the second entity.
  - 11. The method as defined in claim 9, wherein the second entity includes a host computer.
  - 12. The method as defined in claim 9, further including identifying whether the application was downloaded from the first entity at a first time or a second time.
  - 13. The method as defined in claim 12, wherein the first entity is deemed trusted at the first time and the first entity is deemed untrusted at the second time.
  - 14. The method as defined in claim 13, further including generating the signed message with the indication of authorization if the application was downloaded from the first entity at the first time, the first time indicative of the first entity being trusted.
  - 15. The method as defined in claim 13, further including generating the signed message with the indication of non-authorization if the application was downloaded from the first entity at the second time, the second time indicative of the first entity being untrusted.

16. A computer-readable storage device comprising instructions that, when executed, cause a machine to perform operations comprising:
- accessing a first network address from a request for address authentication from a first entity, the request including a second network address associated with a second entity, the second entity having downloaded the application from the first entity via the first network address;
  
  comparing the first network address to address in a trusted address database to determine whether the first address is trusted;
  
  generating a signed message based on the comparison;
  
  in response to a match in the trusted address database, transmitting the signed message with an indication of authorization to the second entity via the first network address; and
  
  in response to a lack of a match in the trusted address database, transmitting the signed message with an indication of non-authorization to the second entity via the first network address.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computer-readable storage device as defined in claim 16, wherein the instructions, when executed, cause the machine to send the signed message to the second entity to deconstruct a shadow environment on the second entity when the match is not found in the trusted address database, the deconstruction of the shadow environment to prevent the application from executing on the second entity.
  - 18. The computer-readable storage device as defined in claim 17, wherein the instructions, when executed, cause the machine to permit the shadow environment to execute the application on the second entity using virtual resources.
  - 19. The computer-readable storage device as defined in claim 16, wherein the instructions, when executed, cause the machine to identify whether the application was downloaded from the first entity at a first time or a second time.
  - 20. The computer-readable storage device as defined in claim 19, wherein the instructions, when executed, cause the machine to determine the first entity as trusted at the first time and determine the first entity is untrusted at the second time.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Kreiner, Barrett, Reeves, Jonathan, Schaub, Ryan
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US14/465,929
Publication Number

US 20140359729A1
Time in Patent Office

718 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2105   Dual mode as a secondary as...

H04L 2463/103   applying security measure f...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 67/34   involving the movement of s...

Systems, methods and apparatus to apply permissions to applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods and apparatus to apply permissions to applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links