Application security framework

US 9,824,194 B2
Filed: 06/26/2015
Issued: 11/21/2017
Est. Priority Date: 12/22/2011
Status: Active Grant

First Claim

Patent Images

1. A method for providing secure access to a software application on a computing device, the method comprising:

executing the software application, including a security framework having a set of predetermined security requirements, on the computing device, wherein the security framework and the set of predetermined security requirements are generated using at least one of i) a preapproved security framework template or ii) a preapproved security framework template and a set of security modules installed on the computing device from a security framework library;

verifying, by the security framework, installation of a device security configuration profile on the computing device prior to enabling access to the software application by a user, wherein the device security configuration profile includes a certification that the software application includes the set of predetermined security requirements, wherein the device security configuration profile is installed by a certification authority, wherein the device security configuration profile provides a set of predetermined security restrictions corresponding to the set of predetermined security requirements, and wherein the verifying of the installation further includes verifying that the device security configuration profile is stored at an appropriate secure location of the computing device;

providing access to the software application on the computing device for a specified period; and

continuously monitoring the set of predetermined security restrictions included within the device security configuration profile until the set of predetermined security restrictions is altered or disabled, and disabling access to the software application on the computing device when any one of the set of predetermined security restrictions included within the device security configuration profile is altered or disabled.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with the teaching described herein, systems and methods are provided for providing secure access to a software application on a computing device. The software application may include a security framework having a set of predetermined security requirements. Prior to enabling access to the software application by a user, the computing device may, (i) verify installation of a device security configuration profile on the computing device, wherein the device security configuration profile certifies that the software application includes the set of predetermined security requirements, (ii) receive identifying information from the user via a user interface, (iii) verify the identifying information with an authentication server, and (iv) based on a successful verification of the identifying information, receive and store a security token. Access to the software application on the computing device may be provided for a specified period identified by the security token.

Citations

24 Claims

1. A method for providing secure access to a software application on a computing device, the method comprising:
- executing the software application, including a security framework having a set of predetermined security requirements, on the computing device, wherein the security framework and the set of predetermined security requirements are generated using at least one of i) a preapproved security framework template or ii) a preapproved security framework template and a set of security modules installed on the computing device from a security framework library;
  
  verifying, by the security framework, installation of a device security configuration profile on the computing device prior to enabling access to the software application by a user, wherein the device security configuration profile includes a certification that the software application includes the set of predetermined security requirements, wherein the device security configuration profile is installed by a certification authority, wherein the device security configuration profile provides a set of predetermined security restrictions corresponding to the set of predetermined security requirements, and wherein the verifying of the installation further includes verifying that the device security configuration profile is stored at an appropriate secure location of the computing device;
  
  providing access to the software application on the computing device for a specified period; and
  
  continuously monitoring the set of predetermined security restrictions included within the device security configuration profile until the set of predetermined security restrictions is altered or disabled, and disabling access to the software application on the computing device when any one of the set of predetermined security restrictions included within the device security configuration profile is altered or disabled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the device security configuration profile is installed on the computing device by the certification authority based, at least in part, on a determination by the certification authority that the software application installed on the computing device includes the set of predetermined security requirements and satisfies one or more security guidelines or tests.
  - 3. The method of claim 1, wherein the set of predetermined security requirements includes (i) user authentication to restrict access to the software application, (ii) data encryption to protect stored data and data communications associated with the software application, and (iii) restrictions on access to online content.
  - 4. The method of claim 3, wherein access to the software application is terminated based upon the user authentication.
  - 5. The method of claim 1, wherein the set of security modules is configured for installation in a plurality of types of computing devices.
  - 6. The method of claim 1, wherein the set of security modules includes application programming interfaces (APIs) that are configured to enable use of the set of security modules with a plurality of types of software applications.
  - 7. The method of claim 1, further comprising:
    - prior to enabling access to the software application,storing a licensing key on the computing device, andvalidating the licensing key with an authentication server;
      
      wherein access to the software application is conditioned upon a successful validation of the licensing key.
  - 8. The method of claim 7, further comprising:
    - receiving an instruction to revoke the licensing key; and
      
      in response to the instruction, disabling access to the software application.
  - 9. The method of claim 1, wherein the software application is an application selected from the group consisting of a glucose measurement application, a sales training tool, an inventory management application, an application used to track a user'"'"'s compliance to prescription compliance, an application that reminds the user to take medication, an application to view x-rays, an application to view ultrasounds, an application to view CT images, an application to view MR images, an application to assist a health care provider to prescribe medication, an application to calculate medical formulations based on a patient'"'"'s parameters, a pregnancy tracking application, a nutritional supplement tracking application, a baby formula tracking application, an electrocardiogram application, and a sleep apnea tracking application.
  - 10. The method of claim 1, wherein the device security configuration profile provides predetermined security restrictions that regulate access to a user interface of the computing device by the user.
  - 11. The method of claim 10, wherein the predetermined security restrictions include (i) password protection to restrict the access to the user interface, and (ii) a screen lock feature to restrict the access to the user interface.
  - 12. The method of claim 1, wherein the verifying of the installation of the device security configuration profile includes:
    - verifying that the device security configuration profile includes a valid digital signature from the certification authority, the device security configuration profile being installed on the computing device by the certification authority based on a determination by the certification authority that the software application (i) includes the set of predetermined security requirements, and (ii) satisfies one or more security guidelines or tests; and
      
      verifying that an expiration period for the device security configuration profile has not expired.

13. An application security system for a computing device, comprising;
- one or more processors;
  
  a non-transitory computer readable medium; and
  
  a software application stored in the computer readable medium and executable by the one or more processor, the software application including a security framework having a set of predetermined security requirements, wherein the security framework and the set of predetermined security requirements are generated using at least one of i) a preapproved security framework template or ii) a preapproved security framework template and a set of security modules installed on the computing device from a security framework library,wherein the security framework is configured to;
  
  verify installation of a device security configuration profile on the computing device prior to enabling access to the software application by a user, wherein the device security configuration profile includes a certification that the software application includes the set of predetermined security requirements, wherein the device security configuration profile is installed by a certification authority, wherein the device security configuration profile provides a set of predetermined security restrictions corresponding to the set of predetermined security requirements, and wherein the verifying of the installation further includes verifying that the device security configuration profile is stored at an appropriate secure location of the computing device;
  
  provide access to the software application on the computing device for a specified period; and
  
  continuously monitor the set of predetermined security restrictions included within the device security configuration profile until the set of predetermined security restrictions is altered or disabled, and disable access to the software application when any one of the set of predetermined security restrictions included within the device security configuration profile is altered or disabled.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein the device security configuration profile is installed on the computing device by the certification authority based, at least in part, on a determination by the certification authority that the software application installed on the computing device includes the set of predetermined security requirements and satisfies one or more security guidelines or tests.
  - 15. The system of claim 13, wherein the set of predetermined security requirements includes (i) user authentication to restrict access to the software application, (ii) data encryption to protect stored data and data communications associated with the software application, and (iii) restrictions on access to online content.
  - 16. The system of claim 15, wherein access to the software application is terminated based upon the user authentication.
  - 17. The system of claim 13, wherein the set of security modules is configured for installation in a plurality of types of computing devices.
  - 18. The system of claim 13, wherein the set of security modules includes application programming interfaces (APIs) that are configured to enable use of the set of security modules with a plurality of types of software applications.
  - 19. The system of claim 13, wherein the security framework is further configured to:
    - prior to enabling access to the software application,store a licensing key on the computing device, andvalidate the licensing key with an authentication server;
      
      wherein access to the software application is conditioned upon a successful validation of the licensing key.
  - 20. The system of claim 19, wherein the security framework is further configured to:
    - receive an instruction to revoke the licensing key; and
      
      in response to the instruction, disable access to the software application.
  - 21. The system of claim 13, wherein the software application is an application selected from the group consisting of a glucose measurement application, a sales training tool, an inventory management application, an application used to track a user'"'"'s compliance to prescription compliance, an application that reminds the user to take medication, an application to view x-rays, an application to view ultrasounds, an application to view CT images, an application to view MR images, an application to assist a health care provider to prescribe medication, an application to calculate medical formulations based on a patient'"'"'s parameters, a pregnancy tracking application, a nutritional supplement tracking application, a baby formula tracking application, an electrocardiogram application, and a sleep apnea tracking application.
  - 22. The system of claim 13, wherein the computing device is configured to be coupled with an external display, and wherein the security framework prevents password information from being displayed on the external display.
  - 23. The system of claim 13, wherein a security token is configured to provide access to a plurality of software applications, each of the plurality of software applications including the security framework.
  - 24. The system of claim 13, wherein the security framework is configured to store offline data and, upon obtaining network access, communicate with a server to verify credentials for the stored offline data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Abbvie Incorporated
Original Assignee
Abbvie Incorporated
Inventors
Balasubramanian, Sembian
Primary Examiner(s)
Lynch, Sharon

Application Number

US14/751,779
Publication Number

US 20150294092A1
Time in Patent Office

879 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/1064   Restricting content process...

G06F 21/1076   Revocation

G06F 21/12   Protecting executable software

G06F 21/121   Restricting unauthorised ex...

G06F 21/30   Authentication, i.e. establ...

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/60   Protecting data

G06F 21/629   to features or functions of...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/00   Network architectures or ne...

Application security framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Application security framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links