US20100242097A1 - System and method for managing application program access to a protected resource residing on a mobile device - Google Patents

System and method for managing application program access to a protected resource residing on a mobile device Download PDF

Info

Publication number
US20100242097A1
US20100242097A1 US12/728,174 US72817410A US2010242097A1 US 20100242097 A1 US20100242097 A1 US 20100242097A1 US 72817410 A US72817410 A US 72817410A US 2010242097 A1 US2010242097 A1 US 2010242097A1
Authority
US
United States
Prior art keywords
protected resource
access
application program
receiving
permission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/728,174
Inventor
Scott Hotes
Tasos Roumeliotis
David Blackston
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Smith Micro Software LLC
Original Assignee
Wavemarket Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wavemarket Inc filed Critical Wavemarket Inc
Priority to US12/728,174 priority Critical patent/US20100242097A1/en
Publication of US20100242097A1 publication Critical patent/US20100242097A1/en
Assigned to WAVEMARKET, INC. reassignment WAVEMARKET, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BLACKSTON, DAVID
Assigned to WAVEMARKET, INC. reassignment WAVEMARKET, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ROUMELIOTIS, TASOS, HOTES, SCOTT
Assigned to HERCULES TECHNOLOGY GROWTH CAPITAL, INC. reassignment HERCULES TECHNOLOGY GROWTH CAPITAL, INC. SECURITY AGREEMENT Assignors: WAVEMARKET, INC.
Assigned to WAVEMARKET, INC. reassignment WAVEMARKET, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: HERCULES TECHNOLOGY GROWTH CAPITAL, INC.
Assigned to HSBC BANK USA, N.A. reassignment HSBC BANK USA, N.A. SECURITY INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AVG Netherlands B.V., LOCATION LABS, INC.
Priority to US14/613,874 priority patent/US9542540B2/en
Assigned to LOCATION LABS, INC., AVG Netherlands B.V. reassignment LOCATION LABS, INC. RELEASE BY SECURED PARTY (SEE DOCUMENT FOR DETAILS). Assignors: HSBC BANK USA, NATIONAL ASSOCIATION, AS COLLATERAL AGENT
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/082Access security using revocation of authorisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • H04W12/084Access security using delegated authorisation, e.g. open authorisation [OAuth] protocol
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Definitions

  • location-based services As telecommunication carriers continue to invest in location infrastructure, a proliferation of location-based services is developing ranging from consumer services such as local search and mobile social networking to enterprise services such as fleet management and asset tracking.
  • the location of a mobile device is typically considered a high-value asset. Accordingly, it would be desirable to protect the process of initiating a location fix of a mobile device, receiving the location details, and disseminating this information. This process typically begins with accessing an API within the device execution environment or operating system, which in turn accesses hardware location determining resources on the device. Hardware location determining resources typically include a dedicated chipset, for example a dedicated GPS/A-GPS chipset, or a part of a multi-function chipset.
  • a data store including contents of user's address book, contents of a user's contact list, or contents of a user's electronic message inbox, such an SMS or MMS inbox, for example, are often considered private or confidential by a user and necessary to be protected from unauthorized access.
  • the invention provides a computer-implemented method for managing application program access to a protected resource residing on a mobile device.
  • the method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
  • the invention further provides a computer-implemented method for managing application program access to a protected resource residing on a mobile device, wherein the method includes providing the mobile device with a module separating an application program interface (API) layer for enabling an application program from a protected resource layer, comprising the protected resource, on the mobile device.
  • a remote server remote to the mobile device is configured for connection to the mobile device via a network.
  • the secure resource module receives from the application program via the API layer a request for a permission to access the protected resource.
  • An authentication is transmitted with the remote server to the mobile device.
  • the module receives from the remote server the authentication of the application program.
  • the module receives from at least one of the remote server and a user an authorization to provide the permission for the application program to access the protected resource.
  • the module provides to the application program the permission to access the protected resource in response to receiving the authorization.
  • the invention further provides a system for managing application program access to a protected resource residing on a mobile device comprising at least one computing device including at least one memory comprising instructions operable to enable the computing device to perform a procedure.
  • the procedure includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
  • the invention further provides computer-readable media tangibly embodying a program of instructions executable by a computing device to implement a method, the computing device being capable of interfacing with a communications network.
  • the method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
  • FIG. 1 is a schematic illustration of an exemplary operating environment in which a system for managing application program access to a protected resource residing on a mobile device according to a preferred embodiment of the invention is operable.
  • FIG. 2 is a flow chart showing a computer-implemented method for managing application program access to a protected resource residing on a mobile device according to a preferred embodiment of the invention.
  • FIG. 3 is a workflow diagram showing interactions of an authorization procedure between a remote authentication server application program interface (API) layer and a secure resource module according to a preferred embodiment of the invention.
  • API application program interface
  • FIG. 4 is a workflow diagram showing interactions of an authorization procedure between a remote authentication server application program interface (API) layer and a secure resource module according to a preferred embodiment of the invention.
  • API application program interface
  • the mobile device 12 includes a preferred system in the form of a secure resource module 20 for managing access of application programs 14 to one or more protected resources 24 residing on the mobile device 12 .
  • the mobile device 12 includes one or more computing devices and one or more memory devices, which computing devices and memory devices may be integrally constructed or connected in any suitable manner.
  • the mobile device 12 provides a platform which enables an application program interface (API) layer 16 , a privacy management layer, and a protected resource layer 22 .
  • API application program interface
  • the secure resource module 20 , a secure log file 26 , and a secure key store 28 are preferably incorporated in the privacy management layer 18 .
  • One or more protected resources 24 are preferably incorporated in the protected resource layer 22 .
  • the privacy management layer 18 is preferably a dedicated layer within the firmware or hardware of the mobile device 12 .
  • the protected resource layer 22 is preferably another dedicated layer within the firmware or hardware of the mobile device 20 .
  • the privacy management layer 18 is preferably configured to perform at least two important functions. First, access to a protected resource 24 results in the generation of a notification, and second, access to a protected resource 24 is controlled via the secure resource module 20 .
  • the protected resources 24 include resources which generate or store information which can be deemed personal or private by a user, a telecommunication carrier, or other interested party.
  • a protected resource 24 can include a resource for producing location data.
  • a location resource can include a dedicated GPS location determining chipset or a multi-function chipset enabled for GPS location determination installed on the mobile device 12 .
  • a protected resource 24 can include a data store including contents of user's address book, contents of a user's contact list, or contents of a user's electronic message inbox, such an SMS or MMS inbox.
  • the protected resource can include any resource deemed personal or private.
  • the secure resource module 20 can be installed on the mobile device 12 as one or more of a software, firmware or hardware module during manufacturer of the mobile device 12 .
  • the secure resource module 20 can be installed and or upgraded by a user as one or more of a software, firmware or hardware module, for example as a software or firmware module transmitted via a network accessible server such as a remote authentication server 40 over the Internet 60 .
  • the secure resource module 20 separates the API layer 16 from the protected resource layer 22 .
  • the secure resource module 20 can be configured for interface with one or both of a local resident application program 14 and a remote network-accessible application program 14 executed by a remote application server 50 via the API layer 16 .
  • the secure resource module 20 can be configured for interface with application program logic within the operating system of the mobile device 12 .
  • the secure resource module 20 is configured to receive from an application program 14 via the API layer 16 a request for a permission to access the protected resource 24 .
  • the secure resource module 20 is preferably configured to receive an authentication of the application program 14 from a source external to the mobile device 12 .
  • a remote authentication server 40 is provided for authenticating the application program 14 .
  • the remote authentication server 40 includes an authentication module 42 for performing authentication of the application program 14 and an API layer 44 which provides an interface between the secure resource module 20 and the authentication module 42 .
  • the authentication is preferably transmitted in the form of a cryptographically secure request token by the remote authentication server 40 .
  • the request token is received by the secure resource module 20 via an API functioning out of the API Layer 44 enabled by the remote authentication server 40 .
  • the secure resource module 20 is further configured to receive an authorization to provide a permission to access the protected resource 24 .
  • the authorization is preferably cryptographically secure and digitally signed.
  • the secure resource module 20 can receive the authorization in the form of a cryptographically secure digitally signed request, wherein the secure resource module 20 verifies the cryptographically secure digitally signed request.
  • the authorization is preferably transmitted by the remote authentication server 40 and received by the secure resource module 20 via an API functioning out of the API Layer 44 enabled by the remote authentication server 40 in the form of a cryptographically secure access token.
  • the authorization can be transmitted as a response to a password or other authenticating data entered or otherwise provided through the mobile device 12 by a user via the secure resource module 20 , and transmitted to the authentication module 42 via the API Layer 44 enabled by the remote authentication server 40 .
  • the secure resource module 20 is configured to provide the application program 14 the permission to access the protected resource 24 in response to receiving the authorization.
  • the secure resource module 20 is further configured to sign data produced by the protected resource 24 to assure authenticity of the data provided to and used by the application program 14 .
  • the mobile device 12 is preferably provided with a cryptographically secure key store 28 enabled by the privacy management layer 18 .
  • the secure resource module 20 accesses the cryptographically secure key store 28 to obtain a key for cryptographically signing data produced by the protected resource 24 .
  • the secure resource module 20 is configured to generate a notification in response to one or both of the application program 14 requesting the permission to access the protected resource 24 and the application program 14 accessing the protected resource 24 .
  • the notification informs a user of the mobile device 12 or a remote user monitoring the activity of the mobile device 12 when an application program 14 requests access to a protected resource 24 on the mobile device 12 , or alternatively, when the application program 14 actually accesses the protected resource 24 .
  • the notification can be provided with a user-query to permit a user to provide an authorization or a portion of an authorization to provide a permission to the application program 14 to access the protected resource 24 .
  • the notification can merely notify the user of the request for permission to access the protected resource 24 or the actual access, as in a case where the authorization was provided solely by another source such as the remote authentication server 40 , or as in a case where the authorization was previously provided by the user.
  • the secure resource module 20 can transmit the notification in the form of one or more of a Short Message Service (SMS), a Multimedia Messaging Service (MMS), and an electronic mail.
  • SMS Short Message Service
  • MMS Multimedia Messaging Service
  • a cryptographically secure log file 26 is preferably provided enabled by the privacy management layer 18 .
  • the secure module 20 can further transmit the notification in the form of an addition to the cryptographically secure log file 26 stored on the mobile device 12 .
  • a computer-implemented method 100 for managing application program access to a protected resource residing on a mobile device is shown.
  • the process 100 is preferably performed via the secure resource module 20 of FIG. 1 .
  • the process 100 may alternatively be performed via any suitable system.
  • a request for a permission to access a protected resource is received from an application program (step 102 ).
  • An authentication of the application program is received from a source external to the mobile device (step 104 ).
  • An authorization to provide the permission to access the protected resource is received (step 106 ).
  • Permission to access the protected resource is provided to the application program in response to receiving the authorization (step 108 ), and data produced by the protected resource is cryptographically signed (step 110 ).
  • a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource (step 112 ).
  • the authentication module 42 is preferably configured to establish a user account using identifying information of a user.
  • the remote authentication server 40 is configured to receive the identifying information through the API layer 44 from the mobile device 12 via the secure resource module 20 , via a network connection, which network connection is preferably an Internet network connection 60 .
  • the identifying information preferably includes at least the name of the user, a telephone number associated with a user's mobile device, and a telecommunication carrier identifier associated with the user's mobile device used to establish a connection with the telecommunication carrier.
  • the API layer 44 preferably provides an interface through a client application running on the mobile device 12 , which client application is preferably a web client, WAP client, Java METM client, BREWTM client, SMS client or other suitable client.
  • the remote authentication server 40 associates a user identifier, which is preferably randomly generated, with the user account.
  • the remote authentication server 40 is preferably configured to receive from an executed application program 14 via the secure resource module 20 through the API layer 44 a request for the user identifier of the user.
  • the remote authentication server 40 is configured to receive via the API layer 44 an identifier request authorization, which, depending on the application program 14 and the preference of the user, is received from either user input or automatically from the application program 14 via the secure resource module 20 .
  • the identifier request authorization is preferably provided in the form of an element of known personal information from the user including but not limited to one or more of an email address, a physical address, and a telephone number associated with the mobile device 12 .
  • the remote authentication server 40 is configured to provide via the API layer 44 the user identifier to the application program 14 via the secure resource module 20 in response to receiving the identifier request authorization.
  • the remote authentication server 40 is preferably configured to receive from the secure resource module 20 through the API layer 44 a request for an authorization to provide an application program 14 permission to access the protected resource 24 of the user mobile device 12 associated with the pre-determined user identifier. Prior to providing the authorization to provide permission to access the protected resource 24 , an authorization is preferably received by the remote authentication server 40 from a user via the mobile device 12 or other suitable client.
  • the authorization of the user can take the form of a password, a digitally signed request, or other secure authorization protocol.
  • the remote authentication server 40 is configured to provide the authorization to provide permission to access the protected resource 24 to the secure resource module 20 in response to receiving such authorization from the user, or alternatively, other suitable source.
  • an authorization is not provided by a user or other source, no authorization to provide permission to access the protected resource 24 is provided by the remote authentication server 40 to the secure resource module 20 .
  • the authorization can be provided to the secure resource module 20 from the remote authentication server 40 as an authorization to provide permission to access the mobile device information one time, a predetermined number of times, for a specified time interval, until the authorization is revoked, or until any predetermined condition is met.
  • the authorization is preferably received by the secure resource module 20 via the API layer 44 of the remote authentication server 40 .
  • a workflow 200 of an authorization procedure for providing a user identifier implemented by the secure resource module 20 and the remote authentication server 40 via the authentication module 42 and the API layer 44 is shown.
  • the application program 14 via the secure resource module 20 directs a request for a request token (step 202 ) through a request token URL 204 provided by the authentication module 42 via the API layer 44 .
  • the remote authentication server 40 via the authentication module 42 , creates a request token (step 206 ) which is provided to the secure resource module 20 in response to the application program's request.
  • a user agent is redirected by the secure resource module 20 to the remote authentication server 40 (step 208 ) through a user authorization URL 210 provided via the API layer 44 which implements a suitable web interface or other interface to permit the user to enter a required authorization.
  • the remote authentication server 40 via the API layer 44 preferably authenticates the user, shows the user the user's privacy settings, receives the identifier request authorization from the user, and redirects the user agent back to the secure resource module 20 (step 212 ).
  • the secure resource module 20 receives the redirected user agent (step 214 ) and provides the request token, as associated with the identifier request authorization from the user, to the remote authentication server 40 through an access token URL 218 provided by the authentication module 42 (step 216 ).
  • the remote authentication server 40 provides an access token to the secure resource module 20 in exchange for receiving the authorized request token (step 220 ).
  • the secure resource module 20 saves the access token and presents the access token to the remote authentication server 40 (step 222 ) through an identity URL 224 , and the remote authentication server 40 provides the user identifier to the application program 14 via the secure resource module 20 in response to receiving the access token (step 226 ).
  • the access token is preferably revoked immediately or within a predetermined time period after the user identifier is provided to the third party application program.
  • the secure resource module 20 is preferably configured to securely store the request and access tokens such that they are not directly accessible by the application program 14 .
  • steps 202 , 206 , 208 , 212 , 214 , 216 and 220 are omitted.
  • the application program 14 via the secure resource module 20 preferably provides an application-specific access token in the step 222 which includes identifying information previously provided to the application program 14 by the user in order to retrieve the user's user identifier.
  • the authorization procedure shown by the workflow 200 can be omitted entirely.
  • a workflow 300 of an authorization procedure for authorizing access to a protected resource 24 implemented by the secure resource module 20 and the remote authentication server 40 via the authentication module 42 and the API layer 44 according to a preferred embodiment of the present invention is shown.
  • the application program 14 via the secure resource module 20 directs a request for a request token (step 302 ), including the user identifier if a user identifier is applicable, through a request token URL 304 provided by the authentication module 42 via the API layer 44 .
  • the remote authentication server 40 via the authentication module 42 creates a request token (step 306 ) which is provided to the secure resource module 20 in response to the application program's request.
  • the user agent is redirected by the secure resource module 20 to the remote authentication server 40 (step 308 ) through a user authorization URL 310 provided via the API layer 44 which implements a suitable web interface or other consent user interface (UI) to permit the user to enter required authorization.
  • the remote authentication server 40 via the authentication module 42 and the API layer 44 preferably authenticates the user and the application program, shows the user the user's privacy settings, receives the protected resource authorization from the user, and redirects the user agent back to the secure resource module (step 312 ).
  • the application program can be authenticated without authenticating a user, and further, the application program can be authenticated without a user authorization and redirection of a user agent.
  • the secure resource module 20 receives the redirected user agent (step 314 ) and provides the request token to the remote authentication server 40 through an access token URL 318 provided by the authentication module 42 via the API layer 44 (step 316 ).
  • the remote authentication server 40 provides an access token to the secure resource module 20 in exchange for receiving the authorized request token (step 320 ).
  • the secure resource module 20 saves the access token and presents the access token to the remote authentication server 40 (step 322 ) through a secure resource URL 324 .
  • the remote authentication server 40 provides the secure resource module 20 the authorization to provide a permission to the application program 14 to access the protected resource 24 in response to receiving the access token (step 326 ).
  • the access token is preferably revoked immediately or within a predetermined time period after the authorization to provide permission to the application program 14 to access the protected resource 24 is provided.
  • the secure resource module 20 is preferably configured to securely store the request and access tokens such that they are not directly accessible by the application program 14 .
  • the secure resource module 20 is preferably configured to use the access token to check for existing authorizations, and the remote authentication server 40 is preferably configured to notify the secure resource module 20 of the existing authorizations, from prior user authorizations stored by the remote authentication server 40 . If there are no existing authorizations, the secure resource module 20 preferably prompts a user for authorization. If existing authorizations exist, the secure resource module 20 preferably updates the authorization status including the authorization access history stored on the remote authentication server 40 . The secure resource module 20 is preferably configured to use the access token to manage authorizations on the remote authentication server 40 for a particular combination of user and application program 14 . The secure resource module 20 can be additionally configured to use the access token in a process of submitting data generated and stored on the user mobile device to the remote authentication server 40 .

Abstract

A computer-implemented method for managing application program access to a protected resource residing on a mobile device is provided. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization. Data produced by the protected resource is cryptographically signed, and a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource. A system for managing application program access to a protected resource residing on a mobile device is further provided.

Description

    CROSS REFERENCE TO RELATED APPLICATION(S)
  • This application claims the benefit of U.S. Provisional Application No. 61/161,879, filed Mar. 20, 2009, which is incorporated by reference as if fully set forth.
    • BACKGROUND
  • As telecommunication carriers continue to invest in location infrastructure, a proliferation of location-based services is developing ranging from consumer services such as local search and mobile social networking to enterprise services such as fleet management and asset tracking.
  • The location of a mobile device is typically considered a high-value asset. Accordingly, it would be desirable to protect the process of initiating a location fix of a mobile device, receiving the location details, and disseminating this information. This process typically begins with accessing an API within the device execution environment or operating system, which in turn accesses hardware location determining resources on the device. Hardware location determining resources typically include a dedicated chipset, for example a dedicated GPS/A-GPS chipset, or a part of a multi-function chipset.
  • Further, it would be desirable to protect other resources available on a mobile device. A data store including contents of user's address book, contents of a user's contact list, or contents of a user's electronic message inbox, such an SMS or MMS inbox, for example, are often considered private or confidential by a user and necessary to be protected from unauthorized access.
    • SUMMARY
  • The invention provides a computer-implemented method for managing application program access to a protected resource residing on a mobile device. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
  • The invention further provides a computer-implemented method for managing application program access to a protected resource residing on a mobile device, wherein the method includes providing the mobile device with a module separating an application program interface (API) layer for enabling an application program from a protected resource layer, comprising the protected resource, on the mobile device. A remote server remote to the mobile device is configured for connection to the mobile device via a network. The secure resource module receives from the application program via the API layer a request for a permission to access the protected resource. An authentication is transmitted with the remote server to the mobile device. The module receives from the remote server the authentication of the application program. The module receives from at least one of the remote server and a user an authorization to provide the permission for the application program to access the protected resource. The module provides to the application program the permission to access the protected resource in response to receiving the authorization.
  • The invention further provides a system for managing application program access to a protected resource residing on a mobile device comprising at least one computing device including at least one memory comprising instructions operable to enable the computing device to perform a procedure. The procedure includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
  • The invention further provides computer-readable media tangibly embodying a program of instructions executable by a computing device to implement a method, the computing device being capable of interfacing with a communications network. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization.
    • BRIEF DESCRIPTION OF THE DRAWING(S)
  • The foregoing Summary as well as the following detailed description will be readily understood in conjunction with the appended drawings which illustrate preferred embodiments of the invention. In the drawings:
  • FIG. 1 is a schematic illustration of an exemplary operating environment in which a system for managing application program access to a protected resource residing on a mobile device according to a preferred embodiment of the invention is operable.
  • FIG. 2 is a flow chart showing a computer-implemented method for managing application program access to a protected resource residing on a mobile device according to a preferred embodiment of the invention.
  • FIG. 3 is a workflow diagram showing interactions of an authorization procedure between a remote authentication server application program interface (API) layer and a secure resource module according to a preferred embodiment of the invention.
  • FIG. 4 is a workflow diagram showing interactions of an authorization procedure between a remote authentication server application program interface (API) layer and a secure resource module according to a preferred embodiment of the invention.
    •  DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT(S)
  • The preferred embodiments of the present invention are described below with reference to the drawing figures in which like numerals represent like elements throughout.
  • Referring to FIG. 1, a schematic illustration of an exemplary operating environment 10 is shown in which a mobile device 12 operates. The mobile device 12 includes a preferred system in the form of a secure resource module 20 for managing access of application programs 14 to one or more protected resources 24 residing on the mobile device 12. The mobile device 12 includes one or more computing devices and one or more memory devices, which computing devices and memory devices may be integrally constructed or connected in any suitable manner. The mobile device 12 provides a platform which enables an application program interface (API) layer 16, a privacy management layer, and a protected resource layer 22. The secure resource module 20, a secure log file 26, and a secure key store 28 are preferably incorporated in the privacy management layer 18. One or more protected resources 24 are preferably incorporated in the protected resource layer 22. The privacy management layer 18 is preferably a dedicated layer within the firmware or hardware of the mobile device 12. The protected resource layer 22 is preferably another dedicated layer within the firmware or hardware of the mobile device 20. The privacy management layer 18 is preferably configured to perform at least two important functions. First, access to a protected resource 24 results in the generation of a notification, and second, access to a protected resource 24 is controlled via the secure resource module 20.
  • The protected resources 24 include resources which generate or store information which can be deemed personal or private by a user, a telecommunication carrier, or other interested party. In a preferred embodiment, a protected resource 24 can include a resource for producing location data. Such a location resource can include a dedicated GPS location determining chipset or a multi-function chipset enabled for GPS location determination installed on the mobile device 12. Alternatively, a protected resource 24 can include a data store including contents of user's address book, contents of a user's contact list, or contents of a user's electronic message inbox, such an SMS or MMS inbox. Alternatively, the protected resource can include any resource deemed personal or private.
  • The secure resource module 20 can be installed on the mobile device 12 as one or more of a software, firmware or hardware module during manufacturer of the mobile device 12. Alternatively, the secure resource module 20 can be installed and or upgraded by a user as one or more of a software, firmware or hardware module, for example as a software or firmware module transmitted via a network accessible server such as a remote authentication server 40 over the Internet 60. The secure resource module 20 separates the API layer 16 from the protected resource layer 22. The secure resource module 20 can be configured for interface with one or both of a local resident application program 14 and a remote network-accessible application program 14 executed by a remote application server 50 via the API layer 16. Alternatively, the secure resource module 20 can be configured for interface with application program logic within the operating system of the mobile device 12.
  • The secure resource module 20 is configured to receive from an application program 14 via the API layer 16 a request for a permission to access the protected resource 24. The secure resource module 20 is preferably configured to receive an authentication of the application program 14 from a source external to the mobile device 12. Preferably, a remote authentication server 40 is provided for authenticating the application program 14. The remote authentication server 40 includes an authentication module 42 for performing authentication of the application program 14 and an API layer 44 which provides an interface between the secure resource module 20 and the authentication module 42. The authentication is preferably transmitted in the form of a cryptographically secure request token by the remote authentication server 40. The request token is received by the secure resource module 20 via an API functioning out of the API Layer 44 enabled by the remote authentication server 40.
  • The secure resource module 20 is further configured to receive an authorization to provide a permission to access the protected resource 24. The authorization is preferably cryptographically secure and digitally signed. The secure resource module 20 can receive the authorization in the form of a cryptographically secure digitally signed request, wherein the secure resource module 20 verifies the cryptographically secure digitally signed request. The authorization is preferably transmitted by the remote authentication server 40 and received by the secure resource module 20 via an API functioning out of the API Layer 44 enabled by the remote authentication server 40 in the form of a cryptographically secure access token. The authorization can be transmitted as a response to a password or other authenticating data entered or otherwise provided through the mobile device 12 by a user via the secure resource module 20, and transmitted to the authentication module 42 via the API Layer 44 enabled by the remote authentication server 40.
  • The secure resource module 20 is configured to provide the application program 14 the permission to access the protected resource 24 in response to receiving the authorization. The secure resource module 20 is further configured to sign data produced by the protected resource 24 to assure authenticity of the data provided to and used by the application program 14. The mobile device 12 is preferably provided with a cryptographically secure key store 28 enabled by the privacy management layer 18. The secure resource module 20 accesses the cryptographically secure key store 28 to obtain a key for cryptographically signing data produced by the protected resource 24.
  • The secure resource module 20 is configured to generate a notification in response to one or both of the application program 14 requesting the permission to access the protected resource 24 and the application program 14 accessing the protected resource 24. The notification informs a user of the mobile device 12 or a remote user monitoring the activity of the mobile device 12 when an application program 14 requests access to a protected resource 24 on the mobile device 12, or alternatively, when the application program 14 actually accesses the protected resource 24. The notification can be provided with a user-query to permit a user to provide an authorization or a portion of an authorization to provide a permission to the application program 14 to access the protected resource 24. Alternatively, the notification can merely notify the user of the request for permission to access the protected resource 24 or the actual access, as in a case where the authorization was provided solely by another source such as the remote authentication server 40, or as in a case where the authorization was previously provided by the user. The secure resource module 20 can transmit the notification in the form of one or more of a Short Message Service (SMS), a Multimedia Messaging Service (MMS), and an electronic mail. A cryptographically secure log file 26 is preferably provided enabled by the privacy management layer 18. The secure module 20 can further transmit the notification in the form of an addition to the cryptographically secure log file 26 stored on the mobile device 12.
  • Referring to FIG. 2, a computer-implemented method 100 for managing application program access to a protected resource residing on a mobile device is shown. The process 100 is preferably performed via the secure resource module 20 of FIG. 1. The process 100 may alternatively be performed via any suitable system. In the process 100, a request for a permission to access a protected resource is received from an application program (step 102). An authentication of the application program is received from a source external to the mobile device (step 104). An authorization to provide the permission to access the protected resource is received (step 106). Permission to access the protected resource is provided to the application program in response to receiving the authorization (step 108), and data produced by the protected resource is cryptographically signed (step 110). A notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource (step 112).
  • The authentication module 42 is preferably configured to establish a user account using identifying information of a user. The remote authentication server 40 is configured to receive the identifying information through the API layer 44 from the mobile device 12 via the secure resource module 20, via a network connection, which network connection is preferably an Internet network connection 60. The identifying information preferably includes at least the name of the user, a telephone number associated with a user's mobile device, and a telecommunication carrier identifier associated with the user's mobile device used to establish a connection with the telecommunication carrier. The API layer 44 preferably provides an interface through a client application running on the mobile device 12, which client application is preferably a web client, WAP client, Java ME™ client, BREW™ client, SMS client or other suitable client. The remote authentication server 40 associates a user identifier, which is preferably randomly generated, with the user account. The remote authentication server 40 is preferably configured to receive from an executed application program 14 via the secure resource module 20 through the API layer 44 a request for the user identifier of the user.
  • The remote authentication server 40 is configured to receive via the API layer 44 an identifier request authorization, which, depending on the application program 14 and the preference of the user, is received from either user input or automatically from the application program 14 via the secure resource module 20. In the case where authorization is provided automatically via the application program 14, the identifier request authorization is preferably provided in the form of an element of known personal information from the user including but not limited to one or more of an email address, a physical address, and a telephone number associated with the mobile device 12. The remote authentication server 40 is configured to provide via the API layer 44 the user identifier to the application program 14 via the secure resource module 20 in response to receiving the identifier request authorization.
  • The remote authentication server 40 is preferably configured to receive from the secure resource module 20 through the API layer 44 a request for an authorization to provide an application program 14 permission to access the protected resource 24 of the user mobile device 12 associated with the pre-determined user identifier. Prior to providing the authorization to provide permission to access the protected resource 24, an authorization is preferably received by the remote authentication server 40 from a user via the mobile device 12 or other suitable client. The authorization of the user can take the form of a password, a digitally signed request, or other secure authorization protocol. The remote authentication server 40 is configured to provide the authorization to provide permission to access the protected resource 24 to the secure resource module 20 in response to receiving such authorization from the user, or alternatively, other suitable source. Preferably, if an authorization is not provided by a user or other source, no authorization to provide permission to access the protected resource 24 is provided by the remote authentication server 40 to the secure resource module 20. Depending on preference of the user, the authorization can be provided to the secure resource module 20 from the remote authentication server 40 as an authorization to provide permission to access the mobile device information one time, a predetermined number of times, for a specified time interval, until the authorization is revoked, or until any predetermined condition is met. The authorization is preferably received by the secure resource module 20 via the API layer 44 of the remote authentication server 40.
  • Referring to FIG. 3, a workflow 200 of an authorization procedure for providing a user identifier implemented by the secure resource module 20 and the remote authentication server 40 via the authentication module 42 and the API layer 44 according to a preferred embodiment of the present invention is shown. The application program 14 via the secure resource module 20 directs a request for a request token (step 202) through a request token URL 204 provided by the authentication module 42 via the API layer 44. The remote authentication server 40, via the authentication module 42, creates a request token (step 206) which is provided to the secure resource module 20 in response to the application program's request. If required by a user or a user's telecommunication carrier, or if necessitated by a particular application, a user agent is redirected by the secure resource module 20 to the remote authentication server 40 (step 208) through a user authorization URL 210 provided via the API layer 44 which implements a suitable web interface or other interface to permit the user to enter a required authorization. The remote authentication server 40, via the API layer 44 preferably authenticates the user, shows the user the user's privacy settings, receives the identifier request authorization from the user, and redirects the user agent back to the secure resource module 20 (step 212). The secure resource module 20 receives the redirected user agent (step 214) and provides the request token, as associated with the identifier request authorization from the user, to the remote authentication server 40 through an access token URL 218 provided by the authentication module 42 (step 216). The remote authentication server 40 provides an access token to the secure resource module 20 in exchange for receiving the authorized request token (step 220). The secure resource module 20 saves the access token and presents the access token to the remote authentication server 40 (step 222) through an identity URL 224, and the remote authentication server 40 provides the user identifier to the application program 14 via the secure resource module 20 in response to receiving the access token (step 226). The access token is preferably revoked immediately or within a predetermined time period after the user identifier is provided to the third party application program. The secure resource module 20 is preferably configured to securely store the request and access tokens such that they are not directly accessible by the application program 14.
  • In the case where user authorization is not required as a prerequisite for providing the user identifier to the third party application program, for example in instances where a user has already provided identifying information to the application program 14, steps 202, 206, 208, 212, 214, 216 and 220 are omitted. In such case, the application program 14 via the secure resource module 20 preferably provides an application-specific access token in the step 222 which includes identifying information previously provided to the application program 14 by the user in order to retrieve the user's user identifier. Alternatively, in cases where a user identifier is not applicable, the authorization procedure shown by the workflow 200 can be omitted entirely.
  • Referring to FIG. 4, a workflow 300 of an authorization procedure for authorizing access to a protected resource 24, implemented by the secure resource module 20 and the remote authentication server 40 via the authentication module 42 and the API layer 44 according to a preferred embodiment of the present invention is shown. The application program 14 via the secure resource module 20 directs a request for a request token (step 302), including the user identifier if a user identifier is applicable, through a request token URL 304 provided by the authentication module 42 via the API layer 44. The remote authentication server 40, via the authentication module 42 creates a request token (step 306) which is provided to the secure resource module 20 in response to the application program's request. If a user authorization is required, the user agent is redirected by the secure resource module 20 to the remote authentication server 40 (step 308) through a user authorization URL 310 provided via the API layer 44 which implements a suitable web interface or other consent user interface (UI) to permit the user to enter required authorization. The remote authentication server 40, via the authentication module 42 and the API layer 44 preferably authenticates the user and the application program, shows the user the user's privacy settings, receives the protected resource authorization from the user, and redirects the user agent back to the secure resource module (step 312). Alternatively, the application program can be authenticated without authenticating a user, and further, the application program can be authenticated without a user authorization and redirection of a user agent. The secure resource module 20 receives the redirected user agent (step 314) and provides the request token to the remote authentication server 40 through an access token URL 318 provided by the authentication module 42 via the API layer 44 (step 316). The remote authentication server 40 provides an access token to the secure resource module 20 in exchange for receiving the authorized request token (step 320). The secure resource module 20 saves the access token and presents the access token to the remote authentication server 40 (step 322) through a secure resource URL 324. The remote authentication server 40 provides the secure resource module 20 the authorization to provide a permission to the application program 14 to access the protected resource 24 in response to receiving the access token (step 326). The access token is preferably revoked immediately or within a predetermined time period after the authorization to provide permission to the application program 14 to access the protected resource 24 is provided. The secure resource module 20 is preferably configured to securely store the request and access tokens such that they are not directly accessible by the application program 14.
  • In communicating with the remote authentication server 40, the secure resource module 20 is preferably configured to use the access token to check for existing authorizations, and the remote authentication server 40 is preferably configured to notify the secure resource module 20 of the existing authorizations, from prior user authorizations stored by the remote authentication server 40. If there are no existing authorizations, the secure resource module 20 preferably prompts a user for authorization. If existing authorizations exist, the secure resource module 20 preferably updates the authorization status including the authorization access history stored on the remote authentication server 40. The secure resource module 20 is preferably configured to use the access token to manage authorizations on the remote authentication server 40 for a particular combination of user and application program 14. The secure resource module 20 can be additionally configured to use the access token in a process of submitting data generated and stored on the user mobile device to the remote authentication server 40.
  • While the preferred embodiments of the invention have been described in detail above, the invention is not limited to the specific embodiments described above, which should be considered as merely exemplary. Further modifications and extensions of the present invention may be developed, and all such modifications are deemed to be within the scope of the present invention as defined by the appended claims.

Claims (20)

1. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method comprising:
receiving from an application program a request for a permission to access the protected resource;
receiving from a source external to the mobile device an authentication of the application program;
receiving an authorization to provide the permission to access the protected resource; and
providing the permission to access the protected resource to the application program in response to receiving the authorization.
2. The method of claim 1, wherein receiving the authorization comprises receiving a cryptographically secure access token via an API.
3. The method of claim 1, wherein receiving the authorization comprises receiving a password and receiving a cryptographically secure access token via an API after receiving the password.
4. The method of claim 1, wherein receiving the request for the permission to access the protected resource comprises receiving a request for a permission to access a resource for producing location data.
5. The method of claim 1, wherein receiving the request for the permission to access the protected resource comprises receiving a request for a permission to access at least one of a dedicated GPS location determining chipset and a multi-function chipset enabled for GPS location determination.
6. The method of claim 1, wherein receiving the request for the permission to access the protected resource comprises receiving a request for a permission to access at least one of contents of an address book of the mobile device, contents of a contact list of the mobile device, and contents of an SMS inbox of the mobile device.
7. The method of claim 1, wherein receiving the authentication from the source external to the mobile device comprises receiving a cryptographically secure request token via an API.
8. The method of claim 1, further comprising:
cryptographically signing data produced by the protected resource; and
generating a notification in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource.
9. The method of claim 8, further comprising transmitting the notification in the form of at least one of an SMS, an MMS, and an electronic mail.
10. The method of claim 8, further comprising transmitting the notification in the form of an addition to a cryptographically secure log file stored on the mobile device.
11. The method of claim 8, further comprising providing the device with a cryptographically secure key store, wherein cryptographically signing data produced by the protected resource comprises accessing the cryptographically secure key store.
12. The method of claim 8, further comprising providing the device with a device-unique cryptographically secure key store, wherein cryptographically signing data produced by the protected resource comprises accessing the device-unique cryptographically secure key store.
13. The method of claim 1, wherein receiving the authorization comprises receiving a password.
14. The method of claim 1, wherein receiving the authorization comprises receiving a cryptographically secure digitally signed request, and wherein the method further comprises verifying the cryptographically secure digitally signed request.
15. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method comprising:
providing the mobile device with a module separating an application program interface (API) layer for enabling an application program from a protected resource layer, comprising the protected resource, on the mobile device;
providing a remote server remote to the mobile device configured for connection to the mobile device via a network;
receiving with the secure resource module from the application program via the API layer a request for a permission to access the protected resource;
transmitting an authentication with the remote server to the mobile device;
receiving from the remote server with the module the authentication of the application program;
receiving from at least one of the remote server and a user with the module an authorization to provide the permission for the application program to access the protected resource; and
providing with the module to the application program the permission to access the protected resource in response to receiving the authorization.
16. The method of claim 15, further comprising:
cryptographically signing with the module data produced by the protected resource; and
generating with the module a notification in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource.
17. A system for managing application program access to a protected resource residing on a mobile device comprising at least one computing device including at least one memory comprising instructions operable to enable the computing device to perform a procedure comprising:
receiving from an application program a request for a permission to access the protected resource;
receiving from a source external to the mobile device an authentication of the application program;
receiving an authorization to provide the permission to access the protected resource; and
providing the permission to access the protected resource in response to receiving the authorization.
18. The system of claim 17, wherein the at least one memory further comprises instructions operable to enable the computing device to perform a procedure comprising:
cryptographically signing data produced by the protected resource; and
generating a notification in response to the application program accessing the protected resource.
19. Computer-readable media tangibly embodying a program of instructions executable by a computing device to implement a method, the computing device being capable of interfacing with a communications network, the method comprising:
receiving from an application program a request for a permission to access the protected resource;
receiving from a source external to the mobile device an authentication of the application program;
receiving an authorization to provide the permission to access the protected resource; and
providing the permission to access the protected resource in response to receiving the authorization.
20. The computer-readable media of claim 19, embodying the program of instructions executable by a computing device to implement the method further comprising:
cryptographically signing data produced by the protected resource; and
generating a notification in response to the application program accessing the protected resource.
US12/728,174 2009-03-20 2010-03-19 System and method for managing application program access to a protected resource residing on a mobile device Abandoned US20100242097A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US12/728,174 US20100242097A1 (en) 2009-03-20 2010-03-19 System and method for managing application program access to a protected resource residing on a mobile device
US14/613,874 US9542540B2 (en) 2009-03-20 2015-02-04 System and method for managing application program access to a protected resource residing on a mobile device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US16187909P 2009-03-20 2009-03-20
US12/728,174 US20100242097A1 (en) 2009-03-20 2010-03-19 System and method for managing application program access to a protected resource residing on a mobile device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/613,874 Division US9542540B2 (en) 2009-03-20 2015-02-04 System and method for managing application program access to a protected resource residing on a mobile device

Publications (1)

Publication Number Publication Date
US20100242097A1 true US20100242097A1 (en) 2010-09-23

Family

ID=42738803

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/728,174 Abandoned US20100242097A1 (en) 2009-03-20 2010-03-19 System and method for managing application program access to a protected resource residing on a mobile device
US14/613,874 Active US9542540B2 (en) 2009-03-20 2015-02-04 System and method for managing application program access to a protected resource residing on a mobile device

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/613,874 Active US9542540B2 (en) 2009-03-20 2015-02-04 System and method for managing application program access to a protected resource residing on a mobile device

Country Status (1)

Country Link
US (2) US20100242097A1 (en)

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100240398A1 (en) * 2009-03-18 2010-09-23 Wavemarket, Inc. System for aggregating and disseminating location information
US20100251340A1 (en) * 2009-03-27 2010-09-30 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (api)
US20110137817A1 (en) * 2009-06-01 2011-06-09 Wavemarket, Inc. System and method for aggregating and disseminating personal data
US20110154436A1 (en) * 2009-12-21 2011-06-23 Mediatek Inc. Provider Management Methods and Systems for a Portable Device Running Android Platform
US20110231649A1 (en) * 2010-03-19 2011-09-22 F5 Networks, Inc. Aggressive rehandshakes on unknown session identifiers for split ssl
US20120079582A1 (en) * 2010-09-27 2012-03-29 Research In Motion Limited Authenticating an auxiliary device from a portable electronic device
WO2012109751A1 (en) 2011-02-15 2012-08-23 Research In Motion Limited System and method for identity management for mobile devices
CN102938043A (en) * 2011-12-01 2013-02-20 微软公司 Access of authorized application to secure resources
US20130054406A1 (en) * 2011-08-25 2013-02-28 Gary Ritts Method of sending memorabilia containing text messages
US20130097517A1 (en) * 2011-10-18 2013-04-18 David Scott Reiss Permission Control for Applications
US20130167250A1 (en) * 2011-12-22 2013-06-27 Abbvie Inc. Application Security Framework
US20140007195A1 (en) * 2012-06-27 2014-01-02 Vikas Gupta User Authentication of Applications on Third-Party Devices Via User Devices
US20140007258A1 (en) * 2012-07-02 2014-01-02 International Business Machines Corporation Systems and methods for governing the disclosure of restricted data
US20140026193A1 (en) * 2012-07-20 2014-01-23 Paul Saxman Systems and Methods of Using a Temporary Private Key Between Two Devices
US8650550B2 (en) 2011-06-07 2014-02-11 Blackberry Limited Methods and devices for controlling access to computing resources
US20140106703A1 (en) * 2011-05-27 2014-04-17 Ralph K. Williamson Methods and apparatus to associate a mobile device with a panelist profile
US8751800B1 (en) 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US8763080B2 (en) 2011-06-07 2014-06-24 Blackberry Limited Method and devices for managing permission requests to allow access to a computing resource
US8782393B1 (en) 2006-03-23 2014-07-15 F5 Networks, Inc. Accessing SSL connection data by a third-party
US20140201816A1 (en) * 2013-09-23 2014-07-17 Sky Socket, Llc Securely Authorizing Access to Remote Resources
US20140245461A1 (en) * 2013-02-28 2014-08-28 Edward Kenneth O'Neill Techniques for in-app user data authorization
CN104077540A (en) * 2013-03-27 2014-10-01 富士通株式会社 Terminal device and data processing method
US20140380496A1 (en) * 2012-05-11 2014-12-25 Verizon Patent And Licensing Inc. Methods and systems for determining a compliance level of an application with respect to a privacy profile associated with a user
US8954736B2 (en) 2012-10-04 2015-02-10 Google Inc. Limiting the functionality of a software program based on a security model
US20150046588A1 (en) * 2013-08-08 2015-02-12 Phantom Technologies, Inc. Switching between networks
US9053337B2 (en) 2011-06-07 2015-06-09 Blackberry Limited Methods and devices for controlling access to a computing resource by applications executable on a computing device
WO2015103058A1 (en) * 2013-12-31 2015-07-09 Google Inc. Notification of application permissions
US20150244686A1 (en) * 2014-02-23 2015-08-27 Samsung Electronics Co., Ltd. Apparatus, method, and system for accessing and managing security libraries
US20150288692A1 (en) * 2014-04-02 2015-10-08 D2L Corporation Method and system for digital rights enforcement
US20150286838A1 (en) * 2011-06-27 2015-10-08 Google Inc. Persistent key access to a resources in a collection
US9160751B2 (en) 2013-09-17 2015-10-13 Iboss, Inc. Mobile device management profile distribution
US9210170B1 (en) * 2012-12-21 2015-12-08 Mobile Iron, Inc. Secure access to mobile applications
US9215548B2 (en) 2010-09-22 2015-12-15 Ncc Group Security Services, Inc. Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms
WO2016025256A1 (en) * 2014-08-11 2016-02-18 Vivint, Inc. One-time access to an automation system
US9280679B2 (en) 2013-12-31 2016-03-08 Google Inc. Tiered application permissions
EP3040899A1 (en) * 2014-12-30 2016-07-06 Facebook, Inc. Methods and systems for managing permissions to access mobile device resources
WO2016108911A1 (en) * 2014-12-30 2016-07-07 Facebook, Inc. Methods and systems for managing permissions to access mobile device resources
CN106295391A (en) * 2015-06-09 2017-01-04 联想(北京)有限公司 A kind of information processing method and electronic equipment
US9542540B2 (en) 2009-03-20 2017-01-10 Location Labs, Inc. System and method for managing application program access to a protected resource residing on a mobile device
US9692752B2 (en) * 2014-11-17 2017-06-27 Bank Of America Corporation Ensuring information security using one-time tokens
US20180288616A1 (en) * 2017-03-28 2018-10-04 The Fin Exploration Company Predictive permissioning for mobile devices
US10120734B1 (en) * 2016-08-29 2018-11-06 Equinix, Inc. Application programming interface and services engine with application-level multi-tenancy
US10754967B1 (en) * 2014-12-15 2020-08-25 Marvell Asia Pte, Ltd. Secure interrupt handling between security zones
US11038894B2 (en) * 2015-04-07 2021-06-15 Hewlett-Packard Development Company, L.P. Providing selective access to resources
US11366789B2 (en) * 2017-06-29 2022-06-21 Microsoft Technology Licensing, Llc Content access
US11379621B2 (en) * 2016-10-14 2022-07-05 Huawei Technologies Co., Ltd. Apparatus and method for tracking access permissions over multiple execution environments
US11520864B2 (en) 2006-06-02 2022-12-06 The Nielsen Company (Us), Llc Digital rights management systems and methods for audience measurement
US20230019627A1 (en) * 2018-11-14 2023-01-19 Visa International Service Association Cloud token provisioning of multiple tokens
US11637831B2 (en) 2019-10-09 2023-04-25 Salesforce, Inc. Application programmer interface platform with direct data center access

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10032044B2 (en) 2015-08-08 2018-07-24 Airwatch Llc Multi-party authentication and authorization

Citations (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2007913A (en) * 1932-05-20 1935-07-09 Zeppelin Luftschiffbau End connection for wires, cables, and the like
US6138003A (en) * 1997-11-26 2000-10-24 Ericsson Inc. System and method for authorization of location services
US20020016173A1 (en) * 2000-06-21 2002-02-07 Hunzinger Jason F. Communication of location information in a wireless communication system
US20020035556A1 (en) * 1999-12-20 2002-03-21 Shah Ajit S. Information exchange engine providing a critical infrastructure layer and methods of use thereof
US20020177449A1 (en) * 2000-05-24 2002-11-28 Mcdonnell James Thomas Edward Location-based data access control
US20030035544A1 (en) * 2001-08-15 2003-02-20 Samsung Electronics Co., Ltd. Apparatus and method for secure distribution of mobile station location information
US20030051169A1 (en) * 2001-08-13 2003-03-13 Sprigg Stephen A. Using permissions to allocate device resources to an application
US20030060214A1 (en) * 2001-07-18 2003-03-27 Geoffrey Hendrey System and method for initiating responses to location-based events
US6594483B2 (en) * 2001-05-15 2003-07-15 Nokia Corporation System and method for location based web services
US20040025022A1 (en) * 2000-09-21 2004-02-05 Yach David P Code signing system and method
US20040143457A1 (en) * 2001-03-14 2004-07-22 Vasken Demirian Method and system for sharing personal health data
US20040198374A1 (en) * 2002-06-27 2004-10-07 Bajikar Sundeep M. Location control and configuration system
US20040266457A1 (en) * 1997-08-20 2004-12-30 Dupray Dennis J. Wireless location gateway and applications therefor
US20050010780A1 (en) * 2003-07-09 2005-01-13 Kane John Richard Method and apparatus for providing access to personal information
US20050048948A1 (en) * 1999-07-29 2005-03-03 Bryan Holland Locator system
US6961855B1 (en) * 1999-12-16 2005-11-01 International Business Machines Corporation Notification of modifications to a trusted computing base
US6963748B2 (en) * 2001-12-26 2005-11-08 Autodesk, Inc. Mobile device locator adapter system for location based services
US20050282557A1 (en) * 2004-06-17 2005-12-22 Nokia Corporation System and method for implementing a remote location acquisition application program interface
US7054648B2 (en) * 2001-10-22 2006-05-30 Telefonaktiebolaget Lm Ericsson (Publ) Location privacy proxy server and method in a telecommunication network
US20060137007A1 (en) * 2004-12-16 2006-06-22 Nokia Corporation Revoking a permission for a program
US20060135177A1 (en) * 2004-10-29 2006-06-22 James Winterbottom Relating to internet protocol (IP) location, privacy and presence
US20060167816A1 (en) * 2001-01-17 2006-07-27 Contentgaurd Holdings, Inc. Method and apparatus for distributing enforceable property rights
US7096029B1 (en) * 2000-04-05 2006-08-22 Microsoft Corporation Context aware computing devices having a common interface and related methods
US20060189328A1 (en) * 2000-06-22 2006-08-24 Openwave Systems, Inc. Anonymous positioning of a wireless unit for data network location-based services
US7145898B1 (en) * 1996-11-18 2006-12-05 Mci Communications Corporation System, method and article of manufacture for selecting a gateway of a hybrid communication system architecture
US7190960B2 (en) * 2002-06-14 2007-03-13 Cingular Wireless Ii, Llc System for providing location-based services in a wireless network, such as modifying locating privileges among individuals and managing lists of individuals associated with such privileges
US20070060171A1 (en) * 2005-09-09 2007-03-15 Loc-Aid Technologies, Inc. Method and apparatus for developing location-based applications utilizing a location-based portal
US7210121B2 (en) * 2003-02-07 2007-04-24 Sun Microsystems, Inc. Method and system for generating first class citizen application implementing native software application wrapper
US7213048B1 (en) * 2000-04-05 2007-05-01 Microsoft Corporation Context aware computing devices and methods
US20070105565A1 (en) * 2000-12-19 2007-05-10 Bellsouth Intellectual Property Corporation Third party location query for wireless networks
US7221947B2 (en) * 2005-07-12 2007-05-22 Qwest Communications International Inc. Location related keyword monitoring on a mobile communications device systems and methods
US7224987B1 (en) * 2002-06-27 2007-05-29 Microsoft Corporation System and method for controlling access to location information
US20070287473A1 (en) * 1998-11-24 2007-12-13 Tracbeam Llc Platform and applications for wireless location and other complex services
US20080004043A1 (en) * 2002-06-14 2008-01-03 Cingular Wireless Ii, Llc Apparatus and Systems for Providing Location-Based Services Within a Wireless Network
US7333820B2 (en) * 2001-07-17 2008-02-19 Networks In Motion, Inc. System and method for providing routing, mapping, and relative position information to users of a communication network
US20080071686A1 (en) * 2002-02-27 2008-03-20 Amad Tayebi Method for allowing a customer to preview, acquire and/or pay for information and a system therefor
US20080113671A1 (en) * 2006-11-13 2008-05-15 Kambiz Ghozati Secure location session manager
US7461385B2 (en) * 2003-05-06 2008-12-02 Qad Corporation Method for establishing a new user interface via an intermingled user interface
US20080299989A1 (en) * 2007-05-31 2008-12-04 Yahoo! Inc. Centralized location broker
US20090047972A1 (en) * 2007-08-14 2009-02-19 Chawla Neeraj Location based presence and privacy management
US20090046677A1 (en) * 2007-08-16 2009-02-19 Samsung Electronics Co., Ltd. Portable cellular enhancer
US7536437B2 (en) * 2002-02-14 2009-05-19 Avaya Inc. Presence tracking and name space interconnection techniques
US20090138198A1 (en) * 2007-11-23 2009-05-28 Samsung Electronics Co. Ltd. Apparatus and method for sharing the landmark information of the location service using a java record management system in a wireless communication terminal
US20090157693A1 (en) * 2007-12-17 2009-06-18 Palahnuk Samuel Louis Dynamic social network system
US20100162370A1 (en) * 2008-12-23 2010-06-24 Ahmet Altay Managing host application privileges
US7784087B2 (en) * 2005-08-04 2010-08-24 Toshiba Corporation System and method for securely sharing electronic documents
US20100251340A1 (en) * 2009-03-27 2010-09-30 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (api)
US20110022834A1 (en) * 2009-07-21 2011-01-27 Cellco Partnership D/B/A Verizon Wireless Systems and methods for shared secret data generation
US20110137817A1 (en) * 2009-06-01 2011-06-09 Wavemarket, Inc. System and method for aggregating and disseminating personal data
US7992195B2 (en) * 2003-03-26 2011-08-02 International Business Machines Corporation Efficient browser-based identity management providing personal control and anonymity
US8818412B2 (en) * 2009-03-18 2014-08-26 Wavemarket, Inc. System for aggregating and disseminating location information

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6317837B1 (en) 1998-09-01 2001-11-13 Applianceware, Llc Internal network node with dedicated firewall
US20050240763A9 (en) * 2001-08-06 2005-10-27 Shivaram Bhat Web based applications single sign on system and method
US7640006B2 (en) 2001-10-03 2009-12-29 Accenture Global Services Gmbh Directory assistance with multi-modal messaging
US20070100981A1 (en) * 2005-04-08 2007-05-03 Maria Adamczyk Application services infrastructure for next generation networks including one or more IP multimedia subsystem elements and methods of providing the same
US7995756B1 (en) 2005-10-12 2011-08-09 Sprint Communications Company L.P. Mobile device playback and control of media content from a personal media host device
JP2007164449A (en) 2005-12-13 2007-06-28 Fujitsu Ltd Personal information management device, personal information providing method using personal information management device, program for personal information management device and personal information providing system
US20100242097A1 (en) 2009-03-20 2010-09-23 Wavemarket, Inc. System and method for managing application program access to a protected resource residing on a mobile device

Patent Citations (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US2007913A (en) * 1932-05-20 1935-07-09 Zeppelin Luftschiffbau End connection for wires, cables, and the like
US7145898B1 (en) * 1996-11-18 2006-12-05 Mci Communications Corporation System, method and article of manufacture for selecting a gateway of a hybrid communication system architecture
US20040266457A1 (en) * 1997-08-20 2004-12-30 Dupray Dennis J. Wireless location gateway and applications therefor
US6138003A (en) * 1997-11-26 2000-10-24 Ericsson Inc. System and method for authorization of location services
US20070287473A1 (en) * 1998-11-24 2007-12-13 Tracbeam Llc Platform and applications for wireless location and other complex services
US20050048948A1 (en) * 1999-07-29 2005-03-03 Bryan Holland Locator system
US6961855B1 (en) * 1999-12-16 2005-11-01 International Business Machines Corporation Notification of modifications to a trusted computing base
US20020035556A1 (en) * 1999-12-20 2002-03-21 Shah Ajit S. Information exchange engine providing a critical infrastructure layer and methods of use thereof
US7213048B1 (en) * 2000-04-05 2007-05-01 Microsoft Corporation Context aware computing devices and methods
US7096029B1 (en) * 2000-04-05 2006-08-22 Microsoft Corporation Context aware computing devices having a common interface and related methods
US20020177449A1 (en) * 2000-05-24 2002-11-28 Mcdonnell James Thomas Edward Location-based data access control
US20020016173A1 (en) * 2000-06-21 2002-02-07 Hunzinger Jason F. Communication of location information in a wireless communication system
US20060189328A1 (en) * 2000-06-22 2006-08-24 Openwave Systems, Inc. Anonymous positioning of a wireless unit for data network location-based services
US20040025022A1 (en) * 2000-09-21 2004-02-05 Yach David P Code signing system and method
US20070105565A1 (en) * 2000-12-19 2007-05-10 Bellsouth Intellectual Property Corporation Third party location query for wireless networks
US20060167816A1 (en) * 2001-01-17 2006-07-27 Contentgaurd Holdings, Inc. Method and apparatus for distributing enforceable property rights
US20040143457A1 (en) * 2001-03-14 2004-07-22 Vasken Demirian Method and system for sharing personal health data
US6594483B2 (en) * 2001-05-15 2003-07-15 Nokia Corporation System and method for location based web services
US7333820B2 (en) * 2001-07-17 2008-02-19 Networks In Motion, Inc. System and method for providing routing, mapping, and relative position information to users of a communication network
US20030060214A1 (en) * 2001-07-18 2003-03-27 Geoffrey Hendrey System and method for initiating responses to location-based events
US20030051169A1 (en) * 2001-08-13 2003-03-13 Sprigg Stephen A. Using permissions to allocate device resources to an application
US20030035544A1 (en) * 2001-08-15 2003-02-20 Samsung Electronics Co., Ltd. Apparatus and method for secure distribution of mobile station location information
US7054648B2 (en) * 2001-10-22 2006-05-30 Telefonaktiebolaget Lm Ericsson (Publ) Location privacy proxy server and method in a telecommunication network
US6963748B2 (en) * 2001-12-26 2005-11-08 Autodesk, Inc. Mobile device locator adapter system for location based services
US7536437B2 (en) * 2002-02-14 2009-05-19 Avaya Inc. Presence tracking and name space interconnection techniques
US20080071686A1 (en) * 2002-02-27 2008-03-20 Amad Tayebi Method for allowing a customer to preview, acquire and/or pay for information and a system therefor
US7190960B2 (en) * 2002-06-14 2007-03-13 Cingular Wireless Ii, Llc System for providing location-based services in a wireless network, such as modifying locating privileges among individuals and managing lists of individuals associated with such privileges
US20080004043A1 (en) * 2002-06-14 2008-01-03 Cingular Wireless Ii, Llc Apparatus and Systems for Providing Location-Based Services Within a Wireless Network
US20040198374A1 (en) * 2002-06-27 2004-10-07 Bajikar Sundeep M. Location control and configuration system
US7224987B1 (en) * 2002-06-27 2007-05-29 Microsoft Corporation System and method for controlling access to location information
US7210121B2 (en) * 2003-02-07 2007-04-24 Sun Microsystems, Inc. Method and system for generating first class citizen application implementing native software application wrapper
US7992195B2 (en) * 2003-03-26 2011-08-02 International Business Machines Corporation Efficient browser-based identity management providing personal control and anonymity
US7461385B2 (en) * 2003-05-06 2008-12-02 Qad Corporation Method for establishing a new user interface via an intermingled user interface
US20050010780A1 (en) * 2003-07-09 2005-01-13 Kane John Richard Method and apparatus for providing access to personal information
US20050282557A1 (en) * 2004-06-17 2005-12-22 Nokia Corporation System and method for implementing a remote location acquisition application program interface
US20060135177A1 (en) * 2004-10-29 2006-06-22 James Winterbottom Relating to internet protocol (IP) location, privacy and presence
US20060137007A1 (en) * 2004-12-16 2006-06-22 Nokia Corporation Revoking a permission for a program
US7221947B2 (en) * 2005-07-12 2007-05-22 Qwest Communications International Inc. Location related keyword monitoring on a mobile communications device systems and methods
US7784087B2 (en) * 2005-08-04 2010-08-24 Toshiba Corporation System and method for securely sharing electronic documents
US20070060171A1 (en) * 2005-09-09 2007-03-15 Loc-Aid Technologies, Inc. Method and apparatus for developing location-based applications utilizing a location-based portal
US20080113671A1 (en) * 2006-11-13 2008-05-15 Kambiz Ghozati Secure location session manager
US20080299989A1 (en) * 2007-05-31 2008-12-04 Yahoo! Inc. Centralized location broker
US20090047972A1 (en) * 2007-08-14 2009-02-19 Chawla Neeraj Location based presence and privacy management
US20090046677A1 (en) * 2007-08-16 2009-02-19 Samsung Electronics Co., Ltd. Portable cellular enhancer
US20090138198A1 (en) * 2007-11-23 2009-05-28 Samsung Electronics Co. Ltd. Apparatus and method for sharing the landmark information of the location service using a java record management system in a wireless communication terminal
US20090157693A1 (en) * 2007-12-17 2009-06-18 Palahnuk Samuel Louis Dynamic social network system
US20100162370A1 (en) * 2008-12-23 2010-06-24 Ahmet Altay Managing host application privileges
US8818412B2 (en) * 2009-03-18 2014-08-26 Wavemarket, Inc. System for aggregating and disseminating location information
US20100251340A1 (en) * 2009-03-27 2010-09-30 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (api)
US8683554B2 (en) * 2009-03-27 2014-03-25 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (API)
US20110137817A1 (en) * 2009-06-01 2011-06-09 Wavemarket, Inc. System and method for aggregating and disseminating personal data
US20110022834A1 (en) * 2009-07-21 2011-01-27 Cellco Partnership D/B/A Verizon Wireless Systems and methods for shared secret data generation

Cited By (132)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9742806B1 (en) 2006-03-23 2017-08-22 F5 Networks, Inc. Accessing SSL connection data by a third-party
US8782393B1 (en) 2006-03-23 2014-07-15 F5 Networks, Inc. Accessing SSL connection data by a third-party
US11520864B2 (en) 2006-06-02 2022-12-06 The Nielsen Company (Us), Llc Digital rights management systems and methods for audience measurement
US20100240398A1 (en) * 2009-03-18 2010-09-23 Wavemarket, Inc. System for aggregating and disseminating location information
US8818412B2 (en) 2009-03-18 2014-08-26 Wavemarket, Inc. System for aggregating and disseminating location information
US9542540B2 (en) 2009-03-20 2017-01-10 Location Labs, Inc. System and method for managing application program access to a protected resource residing on a mobile device
US20100251340A1 (en) * 2009-03-27 2010-09-30 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (api)
US8683554B2 (en) 2009-03-27 2014-03-25 Wavemarket, Inc. System and method for managing third party application program access to user information via a native application program interface (API)
US20110137817A1 (en) * 2009-06-01 2011-06-09 Wavemarket, Inc. System and method for aggregating and disseminating personal data
US20110154436A1 (en) * 2009-12-21 2011-06-23 Mediatek Inc. Provider Management Methods and Systems for a Portable Device Running Android Platform
US20110231923A1 (en) * 2010-03-19 2011-09-22 F5 Networks, Inc. Local authentication in proxy ssl tunnels using a client-side proxy agent
US9210131B2 (en) 2010-03-19 2015-12-08 F5 Networks, Inc. Aggressive rehandshakes on unknown session identifiers for split SSL
US9705852B2 (en) 2010-03-19 2017-07-11 F5 Networks, Inc. Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion
US9178706B1 (en) 2010-03-19 2015-11-03 F5 Networks, Inc. Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion
US9667601B2 (en) 2010-03-19 2017-05-30 F5 Networks, Inc. Proxy SSL handoff via mid-stream renegotiation
US9172682B2 (en) * 2010-03-19 2015-10-27 F5 Networks, Inc. Local authentication in proxy SSL tunnels using a client-side proxy agent
US9509663B2 (en) 2010-03-19 2016-11-29 F5 Networks, Inc. Secure distribution of session credentials from client-side to server-side traffic management devices
US8700892B2 (en) 2010-03-19 2014-04-15 F5 Networks, Inc. Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion
US20110231655A1 (en) * 2010-03-19 2011-09-22 F5 Networks, Inc. Proxy ssl handoff via mid-stream renegotiation
US9100370B2 (en) 2010-03-19 2015-08-04 F5 Networks, Inc. Strong SSL proxy authentication with forced SSL renegotiation against a target server
US9166955B2 (en) 2010-03-19 2015-10-20 F5 Networks, Inc. Proxy SSL handoff via mid-stream renegotiation
US20110231653A1 (en) * 2010-03-19 2011-09-22 F5 Networks, Inc. Secure distribution of session credentials from client-side to server-side traffic management devices
US20110231649A1 (en) * 2010-03-19 2011-09-22 F5 Networks, Inc. Aggressive rehandshakes on unknown session identifiers for split ssl
US9215548B2 (en) 2010-09-22 2015-12-15 Ncc Group Security Services, Inc. Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms
US20120079582A1 (en) * 2010-09-27 2012-03-29 Research In Motion Limited Authenticating an auxiliary device from a portable electronic device
US8578461B2 (en) * 2010-09-27 2013-11-05 Blackberry Limited Authenticating an auxiliary device from a portable electronic device
US9059984B2 (en) 2010-09-27 2015-06-16 Blackberry Limited Authenticating an auxiliary device from a portable electronic device
US8644800B2 (en) 2011-02-15 2014-02-04 Blackberry Limited System and method for identity management for mobile devices
US9363272B2 (en) 2011-02-15 2016-06-07 Blackberry Limited System and method for identity management for mobile devices
CN103535090A (en) * 2011-02-15 2014-01-22 黑莓有限公司 System and method for identity management for mobile devices
US9729537B2 (en) 2011-02-15 2017-08-08 Blackberry Limited System and method for identity management for mobile devices
EP2676497A4 (en) * 2011-02-15 2016-03-02 Blackberry Ltd System and method for identity management for mobile devices
WO2012109751A1 (en) 2011-02-15 2012-08-23 Research In Motion Limited System and method for identity management for mobile devices
US20140106703A1 (en) * 2011-05-27 2014-04-17 Ralph K. Williamson Methods and apparatus to associate a mobile device with a panelist profile
US9220008B2 (en) * 2011-05-27 2015-12-22 The Nielsen Company (Us), Llc Methods and apparatus to associate a mobile device with a panelist profile
US20140109085A1 (en) * 2011-06-07 2014-04-17 Blackberry Limited Methods and devices for controlling access to computing resources
US8763080B2 (en) 2011-06-07 2014-06-24 Blackberry Limited Method and devices for managing permission requests to allow access to a computing resource
US8650550B2 (en) 2011-06-07 2014-02-11 Blackberry Limited Methods and devices for controlling access to computing resources
US9053337B2 (en) 2011-06-07 2015-06-09 Blackberry Limited Methods and devices for controlling access to a computing resource by applications executable on a computing device
US9112866B2 (en) * 2011-06-07 2015-08-18 Blackberry Limited Methods and devices for controlling access to computing resources
US10043025B2 (en) * 2011-06-27 2018-08-07 Google Llc Persistent key access to a resources in a collection
US20150286838A1 (en) * 2011-06-27 2015-10-08 Google Inc. Persistent key access to a resources in a collection
US20130054406A1 (en) * 2011-08-25 2013-02-28 Gary Ritts Method of sending memorabilia containing text messages
US20130097517A1 (en) * 2011-10-18 2013-04-18 David Scott Reiss Permission Control for Applications
JP2015505391A (en) * 2011-12-01 2015-02-19 マイクロソフト コーポレーション Granting application access to secure resources
US9015807B2 (en) * 2011-12-01 2015-04-21 Microsoft Technology Licensing, Llc Authorizing application access to secure resources
US20130145427A1 (en) * 2011-12-01 2013-06-06 Microsoft Corporation Authorizing application access to secure resources
CN102938043A (en) * 2011-12-01 2013-02-20 微软公司 Access of authorized application to secure resources
US8891765B1 (en) 2011-12-12 2014-11-18 Google Inc. Method, manufacture, and apparatus for content decryption module
US9697185B1 (en) 2011-12-12 2017-07-04 Google Inc. Method, manufacture, and apparatus for protection of media objects from the web application environment
US9110902B1 (en) * 2011-12-12 2015-08-18 Google Inc. Application-driven playback of offline encrypted content with unaware DRM module
US9686234B1 (en) 2011-12-12 2017-06-20 Google Inc. Dynamically changing stream quality of protected content based on a determined change in a platform trust
US9129092B1 (en) 2011-12-12 2015-09-08 Google Inc. Detecting supported digital rights management configurations on a client device
US9697363B1 (en) 2011-12-12 2017-07-04 Google Inc. Reducing time to first encrypted frame in a content stream
US9003558B1 (en) 2011-12-12 2015-04-07 Google Inc. Allowing degraded play of protected content using scalable codecs when key/license is not obtained
US8984285B1 (en) 2011-12-12 2015-03-17 Google Inc. Use of generic (browser) encryption API to do key exchange (for media files and player)
US9785759B1 (en) 2011-12-12 2017-10-10 Google Inc. Method, manufacture, and apparatus for configuring multiple content protection systems
US9875363B2 (en) 2011-12-12 2018-01-23 Google Llc Use of generic (browser) encryption API to do key exchange (for media files and player)
US10102648B1 (en) 2011-12-12 2018-10-16 Google Llc Browser/web apps access to secure surface
US9183405B1 (en) 2011-12-12 2015-11-10 Google Inc. Method, manufacture, and apparatus for content protection for HTML media elements
US9542368B1 (en) 2011-12-12 2017-01-10 Google Inc. Method, manufacture, and apparatus for instantiating plugin from within browser
US10212460B1 (en) 2011-12-12 2019-02-19 Google Llc Method for reducing time to first frame/seek frame of protected digital content streams
US8751800B1 (en) 2011-12-12 2014-06-10 Google Inc. DRM provider interoperability
US10452759B1 (en) 2011-12-12 2019-10-22 Google Llc Method and apparatus for protection of media objects including HTML
US10572633B1 (en) 2011-12-12 2020-02-25 Google Llc Method, manufacture, and apparatus for instantiating plugin from within browser
US10645430B2 (en) 2011-12-12 2020-05-05 Google Llc Reducing time to first encrypted frame in a content stream
US9223988B1 (en) 2011-12-12 2015-12-29 Google Inc. Extending browser functionality with dynamic on-the-fly downloading of untrusted browser components
US9239912B1 (en) 2011-12-12 2016-01-19 Google Inc. Method, manufacture, and apparatus for content protection using authentication data
US9326012B1 (en) 2011-12-12 2016-04-26 Google Inc. Dynamically changing stream quality when user is unlikely to notice to conserve resources
US9311459B2 (en) 2011-12-12 2016-04-12 Google Inc. Application-driven playback of offline encrypted content with unaware DRM module
US9824194B2 (en) 2011-12-22 2017-11-21 Abbvie Inc. Application security framework
US20130167250A1 (en) * 2011-12-22 2013-06-27 Abbvie Inc. Application Security Framework
US9098680B2 (en) * 2011-12-22 2015-08-04 Abbvie Inc. Application security framework
US9665709B2 (en) * 2012-05-11 2017-05-30 Verizon Patent And Licensing Inc. Methods and systems for determining a compliance level of an application with respect to a privacy profile associated with a user
US20140380496A1 (en) * 2012-05-11 2014-12-25 Verizon Patent And Licensing Inc. Methods and systems for determining a compliance level of an application with respect to a privacy profile associated with a user
US20140007195A1 (en) * 2012-06-27 2014-01-02 Vikas Gupta User Authentication of Applications on Third-Party Devices Via User Devices
US9055050B2 (en) * 2012-06-27 2015-06-09 Facebook, Inc. User authentication of applications on third-party devices via user devices
US9027155B2 (en) * 2012-07-02 2015-05-05 International Business Machines Corporation System for governing the disclosure of restricted data
US20140007258A1 (en) * 2012-07-02 2014-01-02 International Business Machines Corporation Systems and methods for governing the disclosure of restricted data
US9355232B2 (en) 2012-07-02 2016-05-31 International Business Machines Corporation Methods for governing the disclosure of restricted data
US9256722B2 (en) * 2012-07-20 2016-02-09 Google Inc. Systems and methods of using a temporary private key between two devices
US20140026193A1 (en) * 2012-07-20 2014-01-23 Paul Saxman Systems and Methods of Using a Temporary Private Key Between Two Devices
US9602503B2 (en) 2012-07-20 2017-03-21 Google Inc. Systems and methods of using a temporary private key between two devices
US8954736B2 (en) 2012-10-04 2015-02-10 Google Inc. Limiting the functionality of a software program based on a security model
US9848001B2 (en) * 2012-12-21 2017-12-19 Mobile Iron, Inc. Secure access to mobile applications
US20160057153A1 (en) * 2012-12-21 2016-02-25 Mobile Iron, Inc. Secure access to mobile applications
US9210170B1 (en) * 2012-12-21 2015-12-08 Mobile Iron, Inc. Secure access to mobile applications
US9210157B1 (en) * 2012-12-21 2015-12-08 Mobile Iron, Inc. Secure access to mobile applications
US9003556B2 (en) * 2013-02-28 2015-04-07 Facebook, Inc. Techniques for in-app user data authorization
US20140245461A1 (en) * 2013-02-28 2014-08-28 Edward Kenneth O'Neill Techniques for in-app user data authorization
CN104077540A (en) * 2013-03-27 2014-10-01 富士通株式会社 Terminal device and data processing method
US10200354B2 (en) 2013-08-08 2019-02-05 Iboss, Inc. Switching between networks
US9380077B2 (en) * 2013-08-08 2016-06-28 Iboss, Inc. Switching between networks
US20150046588A1 (en) * 2013-08-08 2015-02-12 Phantom Technologies, Inc. Switching between networks
US9160751B2 (en) 2013-09-17 2015-10-13 Iboss, Inc. Mobile device management profile distribution
US9769141B2 (en) 2013-09-23 2017-09-19 Airwatch Llc Securely authorizing access to remote resources
US11570160B2 (en) 2013-09-23 2023-01-31 Airwatch, Llc Securely authorizing access to remote resources
US10257180B2 (en) 2013-09-23 2019-04-09 Airwatch Llc Securely authorizing access to remote resources
US20140201816A1 (en) * 2013-09-23 2014-07-17 Sky Socket, Llc Securely Authorizing Access to Remote Resources
US9185099B2 (en) * 2013-09-23 2015-11-10 Airwatch Llc Securely authorizing access to remote resources
US10798076B2 (en) 2013-09-23 2020-10-06 Airwatch, Llc Securely authorizing access to remote resources
US9990508B1 (en) 2013-12-31 2018-06-05 Google Llc Notification of application permissions
US9280679B2 (en) 2013-12-31 2016-03-08 Google Inc. Tiered application permissions
US10019592B2 (en) 2013-12-31 2018-07-10 Google Llc Tiered application permissions
US9256755B2 (en) 2013-12-31 2016-02-09 Google Inc. Notification of application permissions
WO2015103058A1 (en) * 2013-12-31 2015-07-09 Google Inc. Notification of application permissions
CN105874462A (en) * 2013-12-31 2016-08-17 谷歌公司 Notification of application permissions
US20150244686A1 (en) * 2014-02-23 2015-08-27 Samsung Electronics Co., Ltd. Apparatus, method, and system for accessing and managing security libraries
US10277560B2 (en) * 2014-02-23 2019-04-30 Samsung Electronics Co., Ltd. Apparatus, method, and system for accessing and managing security libraries
US11032281B2 (en) * 2014-04-02 2021-06-08 D2L Corporation Method and system for digital rights enforcement
US11658974B2 (en) 2014-04-02 2023-05-23 D2L Corporation Method and system for digital rights enforcement
US20150288692A1 (en) * 2014-04-02 2015-10-08 D2L Corporation Method and system for digital rights enforcement
US9860242B2 (en) 2014-08-11 2018-01-02 Vivint, Inc. One-time access to an automation system
WO2016025256A1 (en) * 2014-08-11 2016-02-18 Vivint, Inc. One-time access to an automation system
US10554653B2 (en) 2014-08-11 2020-02-04 Vivint, Inc. One-time access to an automation system
US9692752B2 (en) * 2014-11-17 2017-06-27 Bank Of America Corporation Ensuring information security using one-time tokens
US10754967B1 (en) * 2014-12-15 2020-08-25 Marvell Asia Pte, Ltd. Secure interrupt handling between security zones
KR20170104145A (en) * 2014-12-30 2017-09-14 페이스북, 인크. Method and system for managing rights to access mobile device resources
EP3040899A1 (en) * 2014-12-30 2016-07-06 Facebook, Inc. Methods and systems for managing permissions to access mobile device resources
US9977911B2 (en) 2014-12-30 2018-05-22 Facebook, Inc. Methods and systems for managing permissions to access mobile device resources
KR102291201B1 (en) * 2014-12-30 2021-08-20 페이스북, 인크. Methods and systems for managing access to mobile device resources
WO2016108911A1 (en) * 2014-12-30 2016-07-07 Facebook, Inc. Methods and systems for managing permissions to access mobile device resources
US11038894B2 (en) * 2015-04-07 2021-06-15 Hewlett-Packard Development Company, L.P. Providing selective access to resources
CN106295391A (en) * 2015-06-09 2017-01-04 联想(北京)有限公司 A kind of information processing method and electronic equipment
US10120734B1 (en) * 2016-08-29 2018-11-06 Equinix, Inc. Application programming interface and services engine with application-level multi-tenancy
US11379621B2 (en) * 2016-10-14 2022-07-05 Huawei Technologies Co., Ltd. Apparatus and method for tracking access permissions over multiple execution environments
US20180288616A1 (en) * 2017-03-28 2018-10-04 The Fin Exploration Company Predictive permissioning for mobile devices
US20220318196A1 (en) * 2017-06-29 2022-10-06 Microsoft Technology Licensing, Llc Content access
US11366789B2 (en) * 2017-06-29 2022-06-21 Microsoft Technology Licensing, Llc Content access
US20230019627A1 (en) * 2018-11-14 2023-01-19 Visa International Service Association Cloud token provisioning of multiple tokens
US11870903B2 (en) * 2018-11-14 2024-01-09 Visa International Service Association Cloud token provisioning of multiple tokens
US11637831B2 (en) 2019-10-09 2023-04-25 Salesforce, Inc. Application programmer interface platform with direct data center access

Also Published As

Publication number Publication date
US20150154389A1 (en) 2015-06-04
US9542540B2 (en) 2017-01-10

Similar Documents

Publication Publication Date Title
US9542540B2 (en) System and method for managing application program access to a protected resource residing on a mobile device
US8561172B2 (en) System and method for virtual information cards
EP2441208B1 (en) Access control to secured application features using client trust levels
US9374369B2 (en) Multi-factor authentication and comprehensive login system for client-server networks
RU2475840C2 (en) Providing digital credentials
EP2109955B1 (en) Provisioning of digital identity representations
US8079069B2 (en) Cardspace history validator
KR101130405B1 (en) Method and system for identity recognition
US20100088753A1 (en) Identity and authentication system using aliases
US8719904B2 (en) Method and system for user access to at least one service offered by at least one other user
US20150180870A1 (en) Authorization Authentication Method And Apparatus
US20110072502A1 (en) Method and Apparatus for Identity Verification
CN111355726B (en) Identity authorization login method and device, electronic equipment and storage medium
US20130269007A1 (en) Authentication system, authentication server, service providing server, authentication method, and computer-readable recording medium
US11658963B2 (en) Cooperative communication validation
US8595497B2 (en) Electronic file sending method
CN102739708A (en) System and method for accessing third party application based on cloud platform
US11611551B2 (en) Authenticate a first device based on a push message to a second device
WO2011083867A1 (en) Authentication device, authentication method, and program
JP5353298B2 (en) Access authentication system, information processing apparatus, access authentication method, program, and recording medium
US20110307939A1 (en) Account issuance system, account server, service server, and account issuance method
Chae et al. A study on secure user authentication and authorization in OAuth protocol
JP2023155626A (en) Information notification system, information notification method, and information notification application program
KR100900812B1 (en) System and method for user authentication to prevent phishing
US20100175118A1 (en) Access to service

Legal Events

Date Code Title Description
AS Assignment

Owner name: WAVEMARKET, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ROUMELIOTIS, TASOS;HOTES, SCOTT;SIGNING DATES FROM 20101117 TO 20101130;REEL/FRAME:025740/0199

Owner name: WAVEMARKET, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BLACKSTON, DAVID;REEL/FRAME:025739/0835

Effective date: 20100915

AS Assignment

Owner name: HERCULES TECHNOLOGY GROWTH CAPITAL, INC., CALIFORN

Free format text: SECURITY AGREEMENT;ASSIGNOR:WAVEMARKET, INC.;REEL/FRAME:027727/0340

Effective date: 20120217

AS Assignment

Owner name: WAVEMARKET, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:HERCULES TECHNOLOGY GROWTH CAPITAL, INC.;REEL/FRAME:034009/0176

Effective date: 20141010

AS Assignment

Owner name: HSBC BANK USA, N.A., NEW YORK

Free format text: SECURITY INTEREST;ASSIGNORS:AVG NETHERLANDS B.V.;LOCATION LABS, INC.;REEL/FRAME:034012/0721

Effective date: 20141015

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: LOCATION LABS, INC., CALIFORNIA

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:HSBC BANK USA, NATIONAL ASSOCIATION, AS COLLATERAL AGENT;REEL/FRAME:040205/0406

Effective date: 20160930

Owner name: AVG NETHERLANDS B.V., NETHERLANDS

Free format text: RELEASE BY SECURED PARTY;ASSIGNOR:HSBC BANK USA, NATIONAL ASSOCIATION, AS COLLATERAL AGENT;REEL/FRAME:040205/0406

Effective date: 20160930