Method of preventing access to sensitive data of a computing device

US 10,410,004 B2
Filed: 03/05/2014
Issued: 09/10/2019
Est. Priority Date: 03/28/2013
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access by an application to data or a service supported by a computing system, said method comprising:

identifying, by said computing system, a request from said application for access to said data or said service supported by said computing system;

determining, by said computing system, whether said access has been restricted to said data or said service, wherein said access to said data or said service is requesting-application specific; and

, if so,indicating to said application, by said computing system, that said request for said access has been granted by said computing system; and

automatically emulating, by said computing system, said data or said service when said data or said service is accessed by said application,wherein if said service being accessed is;

a microphone, a camera, a video camera, or a GPS location service, a response to the request comprises;

an audio file, an image, a movie, or location data, respectively; and

wherein if said service being accessed is permission to perform calls, said response to the request comprises emulating a fake phone call with a non-responding number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique is provided for controlling access by an application to data or a service supported by a computing system, a computer program product and an access control unit. The technique includes identifying a request from an application for access to data or a service supported by the system, determining whether access has been restricted to the data or service, and, if so, indicating to the application that the request for access has been granted by the system and emulating the data or service when the data or service is accessed by the application.

18 Citations

15 Claims

1. A method of controlling access by an application to data or a service supported by a computing system, said method comprising:
- identifying, by said computing system, a request from said application for access to said data or said service supported by said computing system;
  
  determining, by said computing system, whether said access has been restricted to said data or said service, wherein said access to said data or said service is requesting-application specific; and
  
  , if so,indicating to said application, by said computing system, that said request for said access has been granted by said computing system; and
  
  automatically emulating, by said computing system, said data or said service when said data or said service is accessed by said application,wherein if said service being accessed is;
  
  a microphone, a camera, a video camera, or a GPS location service, a response to the request comprises;
  
  an audio file, an image, a movie, or location data, respectively; and
  
  wherein if said service being accessed is permission to perform calls, said response to the request comprises emulating a fake phone call with a non-responding number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method according to claim 1, wherein said automatically emulating comprises determining which data or service is being accessed by said application and creating said response to said application in dependence upon said data or said service being accessed.
  - 3. The method according to claim 1, wherein said automatically emulating comprises determining which data or service is being accessed by said application and seeking an indication of a suitable response from a user before creating said response to said application in dependence upon said data or said service being accessed together with said indicated suitable response.
  - 4. The method according to claim 3, wherein said creating comprises:
    - assessing whether said user has indicated that at least one response associated with said data or said service being accessed is to remain accessible to said application, and, if so,creating said response based on said accessible response.
  - 5. The method according to claim 3, wherein if said service being accessed is:
    - the microphone, the camera, the video camera, the GPS location service, a contact list, or a local file system, said created response comprises;
      
      the audio file, the image, the movie, the location data, contact details, or an appropriate folder structure, respectively.
  - 6. The method according to claim 3, wherein if said service being accessed is cellular Internet access, said created response comprises determining whether a free wireless network is accessible and routing a request for Internet access via said free wireless network.
  - 7. The method according to claim 3, wherein if said service being accessed is Internet access, said created response comprises return of a cached webpage or return of an appropriate error webpage.
  - 8. The method according to claim 1, further comprising seeking, at said computing system, an indication from a user regarding an appropriate response to an access request before emulating a response.
  - 9. The method according to claim 1, wherein said determining, at said computing system, comprises seeking an indication of whether a user wishes to restrict access to said data or said service.
  - 10. The method according to claim 1, wherein said determining, by said computing system, comprises assessing whether a default restriction of said access to said data or said service has been set.
  - 11. The method according to claim 1, wherein said computing system comprises a mobile device that has an open source operating system.
  - 12. The method according to claim 1, wherein if said service being accessed is local file-system access, said response to the request comprises a fake file-system service showing empty folders.
  - 13. The method according to claim 1, wherein if said service being accessed is local file-system access, said response to the request comprises a filter which shows contents which are a subset of actual contents of a file system.

14. A non-transitory computer readable medium of a computing system having computer readable instructions encoded therein, said computer readable instructions adapted to be executed to implement steps comprising:
- identifying, by said computing system, a request from said application for access to said data or said service supported by said computing system;
  
  determining, by said computing system, whether said access has been restricted to said data or said service, wherein said access to said data or said service is requesting-application specific; and
  
  , if so,indicating to said application, by said computing system, that said request for said access has been granted by said computing system; and
  
  automatically emulating, by said computing system, said data or said service when said data or said service is accessed by said application,wherein if said service being accessed is;
  
  a microphone, a camera, a video camera, or a GPS location service, a response to the request comprises;
  
  an audio file, an image, a movie, or location data, respectively; and
  
  wherein if said service being accessed is permission to perform calls, said response to the request comprises emulating a fake phone call with a non-responding number.

15. A method, consisting of:
- identifying, by a computing system, a request from an application for access to data or a service supported by said computing system;
  
  determining, by said computing system, whether said access has been restricted to said data or said service, wherein said access to said data or said service is requesting-application specific; and
  
  , if so,indicating to said application, by said computing system, that said request for said access has been granted by said computing system; and
  
  automatically emulating, by said computing system, said data or said service when said data or said service is accessed by said application;
  
  wherein if said service being accessed is permission to perform calls, said response to the request comprises emulating a fake phone call with a non-responding number.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Alcatel-Lucent SA (Nokia Corporation)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Cucinotta, Tommaso
Primary Examiner(s)
Pearson, David J

Application Number

US14/779,378
Publication Number

US 20160048695A1
Time in Patent Office

2,015 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/57   Certifying or maintaining t...

G06F 21/60   Protecting data

G06F 21/62   Protecting access to data v...

G06F 2221/2141   Access rights, e.g. capabil...

Method of preventing access to sensitive data of a computing device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Method of preventing access to sensitive data of a computing device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links