Method and apparatus for differentiated access control

US 9,519,765 B2
Filed: 06/01/2015
Issued: 12/13/2016
Est. Priority Date: 09/24/2010
Status: Active Grant

First Claim

Patent Images

1. A method for providing differentiated access control to individual applications on a computing device, the method comprising:

forming a plurality of application subsets;

setting an expiry time on the computing device for each of the plurality of application subsets, the expiry time for each of the plurality of application subsets being independently configurable;

resetting the expiry time for at least one of the application subsets if activity occurs on the computing device prior to the expiry time for the at least one application subset; and

locking each application associated with an application subset to prevent each application associated with that application subset from being launched or enabled if the expiry time for that application subset is reached.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for differentiated access control on a computing device, and the computing device, the method including starting a timer on the computing device; resetting the timer if activity occurs on the computing device prior to the expiration of the timer; and preventing a subset of applications from being launched or enabled on expiry of the timer.

123 Citations

21 Claims

1. A method for providing differentiated access control to individual applications on a computing device, the method comprising:
- forming a plurality of application subsets;
  
  setting an expiry time on the computing device for each of the plurality of application subsets, the expiry time for each of the plurality of application subsets being independently configurable;
  
  resetting the expiry time for at least one of the application subsets if activity occurs on the computing device prior to the expiry time for the at least one application subset; and
  
  locking each application associated with an application subset to prevent each application associated with that application subset from being launched or enabled if the expiry time for that application subset is reached.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising providing first and second separate memory areas within application memory of the device and storing each of the plurality of application subsets in different portions of the application memory of the computing device.
  - 3. The method of claim 1, wherein the locking comprises changing a graphical representation of an application thumbnail or icon present on the computing device.
  - 4. The method of claim 3, wherein the graphical representation is a grid style and the changing replaces the application thumbnail with an obscured or locked graphic;
    - wherein the locked graphic has a lock icon displayed over the application thumbnail.
  - 5. The method of claim 4, wherein selection of the obscured graphic initiates a password prompt.
  - 6. The method of claim 1, wherein one of the plurality of application subsets is designated as corporate applications.
  - 7. The method of claim 6, wherein the designating is based on an enterprise information technology policy.
  - 8. The method of claim 1, wherein activity occurring on the computing device includes only interaction with any one of the subset of applications.
  - 9. The method of claim 1, further comprising unlocking each application associated with the at least one of the plurality of application subsets in response to successful authentication.
  - 10. The method of claim 1, further comprising preventing each application associated with the at least one of the plurality of application subsets after the expiry time for the at least one of the plurality of application subsets from being launched or enabled, while allowing the launching or enablement of one or more applications associated with another of the plurality of application subsets.

11. A computing device comprising:
- a processor;
  
  a user interface; and
  
  memory,wherein the computing device is configured to;
  
  form a plurality of application subsets;
  
  set an expiry time on the computing device for each of the plurality of application subsets, the expiry time for each of the plurality of application subsets being independently configurable;
  
  reset the expiry time for at least one of the application subsets if activity occurs on the computing device prior to the expiry time for the at least one application subset; and
  
  lock each application associated with an application subset to prevent each application associated with that application subset from being launched or enabled if the expiry time for that application subset is reached.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computing device of claim 11, wherein the computing device is further configured to provide first and second separate memory areas within application memory of the device and storing each of the plurality of application subsets in different portions of the application memory of the computing device.
  - 13. The computing device of claim 11, wherein the computing device is configured to lock by changing a graphical representation of an application thumbnail or icon present on the computing device.
  - 14. The computing device of claim 13, wherein the graphical representation is a grid style and the changing replaces the application thumbnail with an obscured or locked graphic;
    - wherein the locked graphic has a lock icon displayed over the application thumbnail.
  - 15. The computing device of claim 14, wherein selection of the obscured graphic initiates a password prompt.
  - 16. The computing device of claim 11, wherein one of the plurality of application subsets is designated as corporate applications.
  - 17. The computing device of claim 16, wherein the designating is based on an enterprise information technology policy.
  - 18. The computing device of claim 11, wherein activity occurring on the computing device includes only interaction with any one of the subset of applications.
  - 19. The computing device of claim 11, wherein the computing device is further configured to unlock each application associated with the at least one of the plurality of application subsets in response to successful authentication.
  - 20. The computing device of claim 11, wherein the computing device is further configured to prevent each application associated with the at least one of the plurality of application subsets after the expiry time for the at least one of the plurality of application subsets from being launched or enabled, while allowing the launching or enablement of one or more applications associated with another of the plurality of application subsets.

21. A non-transitory computer readable medium having stored thereon executable code for execution by processor of a computing device, the executable code comprising instructions for:
- forming a plurality of application subsets;
  
  setting an expiry time on the computing device for each of the plurality of application subsets, the expiry time for each of the plurality of application subsets being independently configurable;
  
  resetting the expiry time for at least one of the application subsets if activity occurs on the computing device prior to the expiry time for the at least one application subset; and
  
  locking each application associated with an application subset to prevent each application associated with that application subset from being launched or enabled if the expiry time for that application subset is reached.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Brown, Michael Kenneth, Bender, Christopher Lyle, Little, Herbert Anthony
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/727,357
Publication Number

US 20150339469A1
Time in Patent Office

561 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/50   Monitoring users, programs ...

G06F 21/88   Detecting or preventing the...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2137   Time limited access, e.g. t...

G06F 3/04817   using icons graphical or vi...

G06F 3/0482   Interaction with lists of s...

H04L 63/083   using passwords cryptograph...

H04L 63/108   when the policy decisions a...

Method and apparatus for differentiated access control

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

123 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for differentiated access control

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

123 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links