Method and system for protecting privacy and enhancing security on an electronic device

US 9,424,409 B2
Filed: 01/10/2013
Issued: 08/23/2016
Est. Priority Date: 01/10/2013
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a delivery of sensor information to a requesting application running on an electronic device, the method comprising:

collecting, by a sensor in the electronic device hosting a plurality of applications, the sensor information associated with at least one user input action;

intercepting, by the electronic device, a request to access the sensor information from the requesting application of the plurality of applications;

determining, by the electronic device, that the requesting application is running in one of a foreground of the electronic device and a background of the electronic device; and

controlling, by the electronic device, access of the requesting application to the sensor information associated with the at least one user input action by applying a set of access rules including at least one rule based on the determination that the requesting application is running in the foreground of the electronic device and at least one rule based on the determination that the requesting application is running in the background of the electronic device, wherein the set of rules defines access control policies to permit or to prevent the delivery of the sensor information to the requesting application running on the electronic device, the access control policies being associated with the sensor information collected by the sensor in the electronic device.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting privacy and enhancing security on an electronic device is provided. When sensor information associated with at least one user input action is collected by a sensor in an electronic device hosting a plurality of applications, the method includes intercepting a request to access the sensor information from a requesting application of the plurality of applications, and controlling access to the sensor information associated with the at least one user input action based on the requesting application. By controlling access to the sensor information, leakage of sensitive or secure information to a malicious background application is minimized and privacy and security are enhanced.

317 Citations

22 Claims

1. A method for controlling access to a delivery of sensor information to a requesting application running on an electronic device, the method comprising:
- collecting, by a sensor in the electronic device hosting a plurality of applications, the sensor information associated with at least one user input action;
  
  intercepting, by the electronic device, a request to access the sensor information from the requesting application of the plurality of applications;
  
  determining, by the electronic device, that the requesting application is running in one of a foreground of the electronic device and a background of the electronic device; and
  
  controlling, by the electronic device, access of the requesting application to the sensor information associated with the at least one user input action by applying a set of access rules including at least one rule based on the determination that the requesting application is running in the foreground of the electronic device and at least one rule based on the determination that the requesting application is running in the background of the electronic device, wherein the set of rules defines access control policies to permit or to prevent the delivery of the sensor information to the requesting application running on the electronic device, the access control policies being associated with the sensor information collected by the sensor in the electronic device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1 wherein the sensor includes one of an accelerometer, a gyroscope, a camera, a biometric reader, a microphone, and a remote motion detector.
  - 3. The method of claim 1 wherein the at least one user input action includes a touching a touchpad, providing a voice command, providing biometric information, and performing at least one of a gesture.
  - 4. The method of claim 1 wherein the at least one rule based on the determination that the requesting application is running in the background of the electronic device is a rule for preventing all access by the requesting application to the sensor information.
  - 5. The method of claim 1 wherein, based on the determination that the requesting application is running in the background of the application, preventing the delivery of the sensor information by adding a random noise to the sensor information to obfuscate the sensor information.
  - 6. The method of claim 1 wherein, based on the determination that the requesting application is running in the background of the application, preventing the delivery of the sensor information by decreasing a sampling frequency of the sensor to reduce the sensor information.
  - 7. The method of claim 1 wherein, based on the determination that the requesting application is running in the background of the application, preventing the delivery of the sensor information by replacing the collected sensor information with information corresponding to a neutral object.
  - 8. The method of claim 1 wherein, when the sensor is an accelerometer, the method further comprises detecting, by the accelerometer, that the electronic device is placed on a stationary surface, and the step of preventing the requesting application from accessing the sensor information.
  - 9. The method of claim 1 further comprising:
    - displaying, by the electronic device, at least one of a window and a soft keyboard associated with a first application of the plurality of applications based on the determination that the first application is running in the foreground of the electronic device;
      
      requesting, by the first application in the electronic device, a user input action comprising at least one of an input in the window and a keystroke corresponding to at least one key on the soft keyboard displayed by the electronic device;
      
      receiving, by the electronic device, the user input action in at least one of the window and the soft keyboard; and
      
      providing, by the electronic device, access to the sensor information associated with the input action to the first application.
  - 10. The method of claim 9, further comprises, if the requesting application is not authorized to access the sensor information, controlling access to the delivery of sensor information to the requesting application, wherein controlling access includes at least one of preventing all access to the sensor information, adding random noise to the sensor information to obfuscate the sensor information, and replacing the sensor information with information corresponding to a neutral object based on the determination that the requesting application is running in the background of the electronic device.
  - 11. The method of claim 1, wherein the set of access rules further comprises at least one rule for restricting access by the requesting application to the collected sensor information during a sensitive period mode when a user is performing the at least one user input action.
  - 12. The method of claim 11 wherein the set of access rules are provided by at least one of the user, an administrator of the electronic device, and an application of the plurality of applications hosted by the electronic device.
  - 13. The method of claim 1 further comprising:
    - providing, by the electronic device, a first browser window or a first browser tab and a second browser window or a second browser tab;
      
      receiving, by the electronic device, the at least one user input action in the first browser window/tab, wherein the first browser window/tab is running in the foreground of the electronic device;
      
      providing, by the electronic device, access to the sensor information associated with the least one user input action to the first browser window/tab; and
      
      restricting access to the sensor information by the second browser window/tab when the second browser window/tab is not running in the foreground of the electronic device.
  - 14. The method of claim 1 further comprising:
    - collecting, by the sensor, real time sensor information associated with a real time motion of the electronic device; and
      
      classifying, by the sensor, the real time sensor information associated with the real time motion of the electronic device into a first of a plurality of motion categories, wherein controlling access to the sensor information associated with the at least one user input action includes providing preconfigured sensor information corresponding to the first motion category.

15. A non-transitory computer-readable medium carrying one or more sequences of instructions for controlling access to the delivery of sensor information to a requesting application running on an electronic device, which instructions, when executed by one or more processors, cause the one or more processors to perform operations comprising:
- collecting, by a sensor in the electronic device hosting a plurality of applications, the sensor information associated with at least one user input action;
  
  intercepting, by the electronic device, a request to access the sensor information from the requesting application of the plurality of applications;
  
  determining, by the electronic device, that the requesting application is running in one of a foreground of the electronic device and a background of the electronic device; and
  
  controlling, by the electronic device, access of the requesting application to the sensor information associated with the at least one user input action by applying a set of access rules including at least one rule based on the determination that the requesting application is running in the foreground of the electronic device and at least one rule based on the determination that the requesting application is running in the background of the electronic device, wherein the set of rules defines access control policies to permit or to prevent the delivery of the sensor information to the requesting application running on the electronic device, the access control policies being associated with the sensor information collected by the sensor in the electronic device.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The computer-readable medium of claim 15 wherein the set of access rules includes a rule for preventing all access to the sensor information by the requesting application based on the determination that the requesting application is running in the background of the electronic device.
  - 17. The computer-readable medium of claim 15 wherein preventing the delivery of the sensor information includes adding a random noise to the sensor information to obfuscate the sensor information based on the determination that the requesting application is running in the background of the electronic device.
  - 18. The computer-readable medium of claim 15 wherein preventing the delivery of the sensor information includes decreasing a sampling frequency of the sensor to reduce the sensor information based on the determination that the requesting application is running in the background of the electronic device.
  - 19. The computer-readable medium of claim 15 wherein preventing the delivery of the sensor information includes replacing the sensor information with information corresponding to a neutral object based on the determination that the requesting application is running in the background of the electronic device.
  - 20. The computer-readable medium of claim 15 wherein the set of access rules further comprise at least one rule for restricting access by the requesting application to the collected sensor information during a sensitive period mode when a user is performing the at least one user input action.
  - 21. The computer-readable medium of claim 15 wherein the instructions cause the one or more processors to perform further operations comprising:
    - providing, by the electronic device, a first browser window or a first browser tab and a second browser window or a second browser tab;
      
      receiving, by the electronic device, the at least one user input action in the first browser window/tab, wherein the first browser window/tab is running in the foreground of the electronic device;
      
      providing, by the electronic device, access to the sensor information associated with the least one user input action to the first browser window/tab; and
      
      restricting access to the sensor information by the second browser window/tab when the second browser window/tab is not running in the foreground of the electronic device.
  - 22. The computer-readable medium of claim 15 wherein the instructions cause the one or more processors to perform further operations comprising:
    - collecting, by the sensor, real time sensor information associated with a real time motion of the electronic device; and
      
      classifying, by the sensor, the real time sensor information associated with the real time motion of the electronic device into a first of a plurality of motion categories, wherein controlling access to the sensor information associated with the at least one user input action includes providing preconfigured sensor information corresponding to the first motion category.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lookout Incorporated
Original Assignee
Lookout Incorporated
Inventors
Buck, Brian James
Primary Examiner(s)
Siddiqi, Mohammad A

Application Number

US13/738,850
Publication Number

US 20140196158A1
Time in Patent Office

1,321 Days
Field of Search

726/30, 713/178, 713/186
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/60   Protecting data

G06F 2221/031   Protect user input by softw...

G06F 2221/2141   Access rights, e.g. capabil...

Method and system for protecting privacy and enhancing security on an electronic device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

317 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting privacy and enhancing security on an electronic device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

317 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links