Sealing secret data with a policy that includes a sensor-based constraint
First Claim
Patent Images
1. A mobile computing device comprising:
- a sensor;
at least one processor; and
memory that has computer-readable instructions stored therein, wherein the at least one processor, when executing the computer-readable instructions, is configured to perform acts comprising;
receiving, from an application executing on the mobile computing device, a request for secret data, wherein the secret data is stored in computer-readable storage of the mobile computing device;
responsive to receiving the request for the secret data, identifying a policy that is assigned to the application, wherein the policy comprises a constraint that identifies the sensor and further identifies acceptable readings, wherein the policy prevents the application from accessing the secret data unless the sensor identified in the constraint returns a reading that is amongst the acceptable readings;
acquiring at least one reading from the sensor in response to receipt of the request for the secret data, the at least one reading being indicative of location of the mobile computing device;
based upon the at least one reading, determining that the at least one reading is amongst the acceptable readings, and thus the constraint in the policy has been satisfied; and
responsive to determining that the constraint in the policy has been satisfied, providing the secret data to the application.
2 Assignments
0 Petitions
Accused Products
Abstract
Technologies pertaining to limiting access to secret data through utilization of sensor-based constraints are described herein. A sensor-based constraint is a constraint that can only be satisfied by predefined readings that may be output by at least one sensor on a mobile computing device. If the sensor on the mobile computing device outputs a reading that satisfies the sensor-based constraint, secret data is provided to a requesting application. Otherwise, the requesting application is prevented from accessing the secret data.
57 Citations
20 Claims
-
1. A mobile computing device comprising:
-
a sensor; at least one processor; and memory that has computer-readable instructions stored therein, wherein the at least one processor, when executing the computer-readable instructions, is configured to perform acts comprising; receiving, from an application executing on the mobile computing device, a request for secret data, wherein the secret data is stored in computer-readable storage of the mobile computing device; responsive to receiving the request for the secret data, identifying a policy that is assigned to the application, wherein the policy comprises a constraint that identifies the sensor and further identifies acceptable readings, wherein the policy prevents the application from accessing the secret data unless the sensor identified in the constraint returns a reading that is amongst the acceptable readings; acquiring at least one reading from the sensor in response to receipt of the request for the secret data, the at least one reading being indicative of location of the mobile computing device; based upon the at least one reading, determining that the at least one reading is amongst the acceptable readings, and thus the constraint in the policy has been satisfied; and responsive to determining that the constraint in the policy has been satisfied, providing the secret data to the application. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method executed by at least one processor on a mobile computing device, the method comprising:
-
receiving, from an application executing on the mobile computing device, a request for secret data that is retained in computer-readable memory of the mobile computing device; in response to receipt of the request, identifying a constraint in a policy for the application, the policy prevents the application from obtaining secret data unless the constraint is satisfied, wherein the constraint identifies a sensor on the mobile computing device and acceptable readings from the sensor, wherein the constraint in the policy is satisfied only when the sensor identified in the constraint outputs a reading that is amongst the acceptable readings; upon the constraint being identified, acquiring at least one reading from the sensor identified in the constraint, wherein the at least one reading is signed to indicate that the at least one reading has not been modified subsequent to the sensor outputting the at least one reading; determining that the constraint in the policy has been satisfied based upon the at least one reading acquired from the sensor, wherein determining that the constraint in the policy has been satisfied comprises determining that the at least one reading is amongst the acceptable readings identified in the constraint; and responsive to determining that the constraint in the policy has been satisfied, providing the application with the secret data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A mobile telephone comprising a computer-readable medium, the computer-readable medium comprises instructions that, when executed by at least one processor, cause the at least one processor to perform acts comprising:
-
receiving a request for secret data from an application executing on the mobile telephone, wherein the secret data is retained in computer-readable storage of the mobile telephone; in response to receipt of the request for the secret data, identifying a policy assigned to the application, wherein the policy includes a constraint that identifies a sensor on the mobile telephone and further identifies an acceptable reading from the sensor, wherein the policy prevents the application from acquiring the secret data unless the constraint is satisfied, wherein the constraint is satisfied when the sensor identified by the constraint outputs a reading that matches the acceptable reading; responsive to identifying the policy, acquiring at least one sensor reading from the sensor identified in the constraint; determining that the constraint has been satisfied based upon the at least one sensor reading, wherein determining that the constraint has been satisfied comprises determining that the at least one reading matches the acceptable reading; and responsive to determining that the constraint has been satisfied, providing the secret data to the application. - View Dependent Claims (20)
-
Specification