SANDBOXING THIRD PARTY COMPONENTS

US 20150347747A1
Filed: 09/11/2014
Published: 12/03/2015
Est. Priority Date: 05/28/2014
Status: Active Grant

First Claim

Patent Images

1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method of security management for a data processing system, the method comprising:

determining whether a third-party component supports network access, wherein the third-party component provides input data to a user application; and

when the third-party component supports network access, constructing a sandbox for the third-party component to restrict network access of the third-party component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus of a device for security management by sandboxing third-party components is described. The device can determine whether a third-party component supports network access. If the third-party component supports network access, the device can request a user input regarding whether to restrict the network access of the component. The device can receive a user input to restrict network access of the third-party component. Upon receiving the user input to restrict network access, the device can construct a sandbox for the third-party component to restrict network access of the component and prevent the component from performing data exfiltration. Other embodiments are also described and claimed.

22 Citations

View as Search Results

20 Claims

1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method of security management for a data processing system, the method comprising:
- determining whether a third-party component supports network access, wherein the third-party component provides input data to a user application; and
  
  when the third-party component supports network access, constructing a sandbox for the third-party component to restrict network access of the third-party component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The non-transitory machine-readable medium of claim 1, wherein the third-party component is a third-party keyboard application.
  - 3. The non-transitory machine-readable medium of claim 1, wherein the third-party component is a third-party voice input application.
  - 4. The non-transitory machine-readable medium of claim 1, wherein the third-party component is a third-party drawing application or a third-party motion sensing application.
  - 5. The non-transitory machine-readable medium of claim 1, wherein when the third-party component supports network access, the method further comprises requesting an input regarding whether to restrict the network access of the third-party component.
  - 6. The non-transitory machine-readable medium of claim 5, wherein the method further comprises receiving the input to restrict network access of the third-party component.
  - 7. The non-transitory machine-readable medium of claim 1, wherein the third-party component is a third-party optical instrument application, wherein the third-party optical instrument application is a third-party camera application or a third-party image scanner application.
  - 8. The non-transitory machine-readable medium of claim 1, wherein the constructing of the sandbox for the third-party component further comprises preventing data exfiltration by the third-party component.

9. A computer-implemented method for security management of a data processing system, the method comprising:
- determining whether a third-party component supports network access;
  
  when the third-party component supports network access, requesting an input regarding whether to restrict the network access of the third-party component;
  
  receiving the input to restrict network access of the third-party component; and
  
  constructing a sandbox for the third-party component to restrict network access of the third-party component.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, wherein the third-party component provides input data to a user application.
  - 11. The method of claim 9, wherein the third-party component is a third-party keyboard application.
  - 12. The method of claim 9, wherein the third-party component is a third-party voice input application.
  - 13. The method of claim 9, wherein the third-party component is a third-party drawing application or a third-party motion sensing application.
  - 14. The method of claim 9, wherein the third-party component is a third-party optical instrument application, wherein the third-party optical instrument application is a third-party camera application or a third-party image scanner application.
  - 15. The method of claim 9, wherein the constructing of the sandbox for the third-party component further comprises preventing data exfiltration of the third-party component.

16. A device to perform security management, the device comprising:
- a processing system;
  
  a memory coupled to the processing system though a bus; and
  
  a process executed from the memory by the processing system that causes the processing system to determine whether a third-party component supports network access, when the third-party component supports network access, request an input regarding whether to restrict the network access of the third-party component, receive the input to restrict network access of the third-party component, and construct a sandbox for the third-party component to restrict network access of the third-party component.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The device of claim 16, wherein the third-party component is a third-party keyboard application or a third-party voice input application.
  - 18. The device of claim 16, wherein the third-party component is a third-party drawing application or a third-party motion sensing application.
  - 19. The device of claim 16, wherein the third-party component is a third-party output application.
  - 20. The device of claim 16, wherein the third-party component is a third-party optical instrument application, wherein the third-party optical instrument application is a third-party camera application or a third-party image scanner application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Yancey, Kelly B., Martel, Pierre-Olivier J.

Granted Patent

US 9,959,405 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/62   Protecting access to data v...

H04L 63/145   the attack involving the pr...

SANDBOXING THIRD PARTY COMPONENTS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SANDBOXING THIRD PARTY COMPONENTS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links