Remotely defining security data for authorization of local application activity

US 9,727,705 B2
Filed: 08/21/2015
Issued: 08/08/2017
Est. Priority Date: 11/26/2007
Status: Active Grant

First Claim

Patent Images

1. A mobile device comprising:

one or more processors; and

a memory having stored thereon computer readable instructions that are executable by the one or more processors to implement a client component and a runtime component, wherein;

the client component is integral with one or more applications of the mobile device and configured to facilitate display and management of content for an application into which the client component is integrated, including;

managing content that is associated with permissions specified to indicate whether protected activities are allowed to be performed in conjunction with rendering the content, andobtaining the content from storage to provide to the runtime component for rendering;

the runtime component is integral with the one or more applications to render the content for an application into which the runtime component is integrated, the rendering including passing to the client component attempts made by the content to perform the protected activities, the attempts being passed to the client component without the runtime component processing the specified permissions, wherein the client component enforces the specified permissions relative to each of the attempts by;

retrieving the specified permissions from the storage,allowing the runtime component to perform one or more of the protected activities if permitted by the specified permissions, andrestricting the runtime component from performing said one or more of the protected activities if said one or more of the protected activities are not permitted by the specified permissions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods, including computer software adapted to perform certain operations, can be implemented for remotely defining security data for authorizing access to data on a client device. Permission indicators are associated with a sequence of instructions, and a protected activity is associated with one or more of the permission indicators and with an instruction within the sequence of instructions. The one or more permission indicators and the sequence of instructions are provided to a remote device. The remote device determines whether execution of the instruction is permitted based, at least in part, on the one or more permission indicators, and the remote device performs the protected activity if execution of the instruction is permitted.

39 Citations

20 Claims

1. A mobile device comprising:
- one or more processors; and
  
  a memory having stored thereon computer readable instructions that are executable by the one or more processors to implement a client component and a runtime component, wherein;
  
  the client component is integral with one or more applications of the mobile device and configured to facilitate display and management of content for an application into which the client component is integrated, including;
  
  managing content that is associated with permissions specified to indicate whether protected activities are allowed to be performed in conjunction with rendering the content, andobtaining the content from storage to provide to the runtime component for rendering;
  
  the runtime component is integral with the one or more applications to render the content for an application into which the runtime component is integrated, the rendering including passing to the client component attempts made by the content to perform the protected activities, the attempts being passed to the client component without the runtime component processing the specified permissions, wherein the client component enforces the specified permissions relative to each of the attempts by;
  
  retrieving the specified permissions from the storage,allowing the runtime component to perform one or more of the protected activities if permitted by the specified permissions, andrestricting the runtime component from performing said one or more of the protected activities if said one or more of the protected activities are not permitted by the specified permissions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The mobile device of claim 1, wherein the runtime component does not attempt to process the specified permissions associated with the content that the runtime component renders.
  - 3. The mobile device of claim 1, wherein enforcement of the specified permissions by the client component includes:
    - obtaining data describing a protected activity that the content attempts to perform during the rendering; and
      
      using the data describing the protected activity to determine whether the specified permissions associated with the content permit the protected activity.
  - 4. The mobile device of claim 1, further comprising a custom extension that extends functionality of the runtime component, the custom extension configured to, responsive to an attempt made by the content being rendered to perform activities enabled by the extended functionality, determine whether the specified permissions associated with the content permit the content to perform the activities enabled by the extended functionality.
  - 5. The mobile device of claim 4, wherein the custom extension enforces the specified permissions associated with the content being rendered relative to attempts to perform the activities enabled by the extended functionality by:
    - allowing the content to perform the activities enabled by the extended functionality if permitted by the specified permissions; and
      
      restricting the content from performing the activities enabled by the extended functionality if the activities enabled by the extended functionality are not permitted by the specified permissions.
  - 6. The mobile device of claim 4, wherein the runtime component does not attempt to process the specified permissions associated with the content being rendered responsive to the attempt made by the content to perform the activities enabled by the extended functionality.
  - 7. The mobile device of claim 4, wherein a command that causes the content being rendered to attempt the activities enabled by the extended functionality is not recognized by an unextended runtime component.
  - 8. The mobile device of claim 4, wherein the client component does not attempt to process the specified permissions associated with the content being rendered responsive to the attempt made by the content to perform the activities enabled by the extended functionality.
  - 9. The mobile device of claim 1, wherein the runtime component comprises a media player that supports rendering at least one of vector graphics, bitmaps, frame-based animation, text input, or dynamic text.
  - 10. The mobile device of claim 1, wherein the client component is further configured to communicate with a remote server system to receive the content and the specified permissions.
  - 11. The mobile device of claim 10, wherein the client component is further configured to store the content and the specified permissions in storage of the mobile device, the content and the specified permissions being accessible from the storage responsive to a user request to access the content.

12. A method implemented by a computing device to control performance of protected activities in conjunction with rendering content, the method comprising:
- responsive to a request by a user to access content, employing a client component of the computing device to retrieve the requested content and permissions specified for the requested content to indicate whether protected activities are allowed to be performed in conjunction with rendering the requested content;
  
  employing the client component to provide the requested content to a runtime component of the computing device that renders content;
  
  employing the runtime component to render the requested content;
  
  responsive to attempts made by the requested content to perform the protected activities in conjunction with being rendered, employing the runtime component to pass the attempts to the client component without processing the specified permissions, wherein the client component enforces the specified permissions relative to each of the attempts by;
  
  allowing the runtime component to perform one or more of the protected activities if permitted by the specified permissions, andrestricting the runtime component from performing said one or more of the protected activities if said one or more of the protected activities are not permitted by the specified permissions.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The method of claim 12, wherein the runtime component is not employed to enforce the specified permissions associated with the requested content.
  - 14. The method of claim 12, further comprising employing a custom extension that extends functionality of the runtime component to determine whether the specified permissions associated with the requested content allow the requested content to perform activities enabled by the extended functionality.
  - 15. The method of claim 14, wherein the client component is not employed to enforce the specified permissions associated with the requested content responsive to an attempt made by the requested content to perform the activities enabled by the extended functionality.
  - 16. The method of claim 12, wherein the specified permissions include custom extension permissions that are configurable to govern protected activities associated with custom extensions to the runtime component.
  - 17. The method of claim 12, further comprising receiving the specified permissions from a service provider configured to specify the permissions to indicate that the requested content is permitted to perform the protected activities or is restricted from performing the protected activities.

18. A method implemented by a computing device to control performance of protected activities at a remote device in conjunction with rendering content, the method comprising:
- retrieving a permissions data structure for a channel of content, the permissions data structure comprising at least one permission indicator that is indicative of whether at least one protected activity is allowed to be performed by a sequence of instructions that correspond to the channel;
  
  associating the permissions data structure with a particular sequence of instructions that include an instruction, which when executed causes the at least one protected activity to be performed;
  
  communicating the sequence of instructions and the permissions data structure to the remote device, which enables the remote device to;
  
  employ a runtime component to execute the sequence of instructions in association with rendering the content of the channel, andemploy a client component to enforce permissions indicated by the at least one permission indicator responsive to an attempt made to perform the at least one protected activity in conjunction with execution of the sequence of instructions, the attempt made having been passed to the client component by the runtime component to enforce the indicated permissions without the runtime component having processed the indicated permissions relative to the attempt.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising interacting with the remote device through a data communication network, interactions with the remote device involving interacting with the remote device as a client.
  - 20. The method of claim 18, further comprising setting the value of the at least one permission indicator prior to communicating the sequence of instructions and the permissions data structure to the remote device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Kesti-Helia, Anssi, Shah, Rishit, Zheng, Jian, Chanda, Rupen
Primary Examiner(s)
Moorthy, Aravind

Application Number

US14/832,209
Publication Number

US 20150363577A1
Time in Patent Office

718 Days
Field of Search

726 26, 726 27, 726 29, 713165, 713166, 717127
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

H04L 63/101   Access control lists [ACL]

H04N 21/2541   Rights Management protectin...

H04N 21/4437   Implementing a Virtual Mach...

H04N 21/4627   Rights management associate...

H04N 21/8193   dedicated tools, e.g. video...

H04W 12/08   Access security

H04W 4/60   Subscription-based services...

Remotely defining security data for authorization of local application activity

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Remotely defining security data for authorization of local application activity

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others