System and method for managing application program access to a protected resource residing on a mobile device

US 9,542,540 B2
Filed: 02/04/2015
Issued: 01/10/2017
Est. Priority Date: 03/20/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:

associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;

receiving from an application residing on the mobile device via a network a request for the user identifier of the user via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;

receiving from the user by redirection of a user agent by the module an identifier request authorization to provide the user identifier to the application;

redirecting the user agent back to the module;

providing the user identifier to the application via the module in response to receiving the identifier request authorization;

receiving a request via the module for an authorization to provide the application permission to access a protected resource of the particular mobile device associated with the user identifier;

receiving via the mobile device a resource access authorization from the user to transmit the authorization to provide the application permission to access the protected resource of the particular mobile device; and

providing the authorization via the module to provide the application permission to access the protected resource of the particular mobile device responsive to receiving the resource access authorization from the user.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for managing application program access to a protected resource residing on a mobile device is provided. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization. Data produced by the protected resource is cryptographically signed, and a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource. A system for managing application program access to a protected resource residing on a mobile device is further provided.

59 Citations

View as Search Results

10 Claims

1. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
- associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;
  
  receiving from an application residing on the mobile device via a network a request for the user identifier of the user via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;
  
  receiving from the user by redirection of a user agent by the module an identifier request authorization to provide the user identifier to the application;
  
  redirecting the user agent back to the module;
  
  providing the user identifier to the application via the module in response to receiving the identifier request authorization;
  
  receiving a request via the module for an authorization to provide the application permission to access a protected resource of the particular mobile device associated with the user identifier;
  
  receiving via the mobile device a resource access authorization from the user to transmit the authorization to provide the application permission to access the protected resource of the particular mobile device; and
  
  providing the authorization via the module to provide the application permission to access the protected resource of the particular mobile device responsive to receiving the resource access authorization from the user.
- View Dependent Claims (2, 3, 4)
- - 2. The computer-implemented method of claim 1, further comprising establishing the user account by receiving identifying information of the user comprising at least one of the name of the user, a telephone number associated with the mobile device, or a telecommunication carrier identifier associated with the mobile device.
  - 3. The computer-implemented method of claim 1, further comprising receiving the identifier request authorization in the form of at least one of an email address, a physical address, or a telephone number associated with the mobile device.
  - 4. The computer-implemented method of claim 1, further comprising:
    - receiving the resource access authorization from the user by another redirection of the user agent; and
      
      again redirecting the user agent back to the module.

5. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
- associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;
  
  receiving from an application residing on the mobile device through a network a request for a user identifier via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;
  
  providing a request token to the module residing on the mobile device;
  
  receiving from at least one of the user or the application via the module an identifier request authorization to provide the user identifier to the application;
  
  associating the user identifier request authorization with the request token to authorize the request token;
  
  receiving the authorized request token from the module;
  
  providing an access token to the module in response to receiving the authorized request token from the module;
  
  receiving the access token from the module; and
  
  providing the user identifier to the application in response to receiving the access token from the module;
  
  receiving a request for an authorization to provide the application permission to access a protected resource of the mobile device associated with the user identifier;
  
  receiving via the mobile device a resource access authorization from the user to transmit the authorization to provide the application permission to access the protected resource of the mobile device; and
  
  providing the authorization to provide the application permission to access the protected resource of the mobile device responsive to receiving the resource access authorization from the user.
- View Dependent Claims (6, 7)
- - 6. The computer-implemented method of claim 5, further comprising:
    - receiving the identifier request authorization from the user by redirection of a user agent; and
      
      redirecting the user agent back to the module.
  - 7. The computer-implemented method of claim 5, further comprising:
    - providing an additional request token to the remote application server in response to receiving the user identifier;
      
      receiving the resource access authorization from the user by redirection of a user agent;
      
      redirecting the user agent back to the module;
      
      associating the resource access authorization from the user with the additional request token to authorize the additional request token;
      
      receiving the authorized additional request token from the module;
      
      providing an additional access token to the module in response to receiving the authorized additional request token;
      
      receiving the additional access token from the module; and
      
      providing the module the authorization to provide the application permission to access the protected resource in response to receiving the additional access token.

8. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
- associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;
  
  receiving through a network from an application residing on the mobile device a request for the user identifier of the user via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;
  
  receiving from at least one of the user or the application an identifier request authorization to provide the user identifier to the application;
  
  providing the user identifier to the application via the module;
  
  receiving from the application via the module a token request including the user identifier;
  
  providing a request token to the module in response to receiving the user identifier;
  
  receiving a resource access authorization from the user by redirection of a user agent;
  
  redirecting the user agent back to the module;
  
  associating the resource access authorization from the user with the request token to authorize the request token;
  
  receiving the authorized request token from the module;
  
  providing an access token to the module in response to receiving the authorized request token;
  
  receiving the access token from the module; and
  
  providing the module an authorization to provide the application permission to access the protected resource in response to receiving the access token.

9. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
- associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;
  
  receiving from an application residing on the mobile device through a network a request for a user identifier via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;
  
  providing a first request token to the module residing on the mobile device;
  
  receiving from at least one of the user or the application via the module an identifier request authorization to provide the user identifier to the application;
  
  associating the user identifier request authorization with the first request token to authorize the first request token;
  
  receiving the authorized first request token from the module;
  
  providing a first access token to the module in response to receiving the authorized first request token from the module;
  
  receiving the first access token from the module;
  
  providing the user identifier to the application in response to receiving the first access token from the module;
  
  receiving from the application via the module a request for authorization to provide the application permission to access the protected resource, the request including the user identifier;
  
  providing a second request token to the module in response to receiving the user identifier;
  
  receiving a resource access authorization from the user by redirection of a user agent;
  
  redirecting the user agent back to the module;
  
  associating the resource access authorization from the user with the second request token to authorize the second request token;
  
  receiving the authorized second request token from the module;
  
  providing a second access token to the module in response to receiving the authorized second request token;
  
  receiving the second access token from the module; and
  
  providing the module the authorization to provide the application permission to access the protected resource in response to receiving the second access token.

10. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
- associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device;
  
  receiving from an application residing on the mobile device via a network a request for the user identifier of the user via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device;
  
  receiving from at least one of the user and the application an identifier request authorization to provide the user identifier to the application;
  
  providing the user identifier to the application via the module in response to receiving the identifier request authorization;
  
  receiving a request via the module for an authorization to provide the application permission to access a protected resource of the particular mobile device associated with the user identifier;
  
  receiving via the mobile device by redirection of a user agent by the module a resource access authorization from the user to transmit the authorization to provide the application permission to access the protected resource of the particular mobile device;
  
  redirecting the user agent back to the module; and
  
  providing the authorization via the module to provide the application permission to access the protected resource of the particular mobile device responsive to receiving the resource access authorization from the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Smith Micro Software Incorporated
Original Assignee
Location Labs (Gen Digital Inc.)
Inventors
Hotes, Scott, Roumeliotis, Tasos, Blackston, David
Primary Examiner(s)
ZAIDI, SYED A

Application Number

US14/613,874
Publication Number

US 20150154389A1
Time in Patent Office

706 Days
Field of Search

726/4
US Class Current

1/1
CPC Class Codes

G06F 21/31   User authentication

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2115   Third party

G06F 9/468   Specific access rights for ...

H04L 9/3213   using tickets or tokens, e....

H04L 9/3271   using challenge-response

H04W 12/082   using revocation of authori...

H04W 12/084   using delegated authorisati...

System and method for managing application program access to a protected resource residing on a mobile device

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing application program access to a protected resource residing on a mobile device

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links