Methods and systems for aggregated multi-application behavioral analysis of mobile device behaviors
US-9710752-B2 · Jul 18, 2017 · US
System, method and apparatus for fine-grained privacy specification and verification
US10250642B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10250642-B2 |
| Application number | US-201615223848-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2016 |
| Priority date | Jul 29, 2016 |
| Publication date | Apr 2, 2019 |
| Grant date | Apr 2, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes receiving from a user via a user interface an activation of at least one element to set a privacy policy specifying the maximum amount of confidential data that is authorized to be leaked to a sink, tracking movement of confidential data through an application, determining based on the tracked movement of the confidential data that the confidential data is leaked to the sink by the application, comparing the confidential data that is leaked to the sink to the specified maximum amount of confidential data that is authorized to be leaked to the sink, and presenting to the user via the user interface an indication of whether the application complies with the privacy policy set by the user based on the comparison.
First claim
Opening claim text (preview).
What is claimed is: 1. A method performed by at least one hardware processor, comprising: presenting a user interface via a display of a computing device, the user interface including at least one element that is activatable by a user to set a privacy policy, the privacy policy specifying a maximum amount of confidential data that is authorized to be leaked to a sink; receiving from the user via the user interface an activation of the at least one element to set the privacy policy, the activation of at least one element comprising a selecting a category of fine-grain confidential data and specifying the maximum amount of fine-grain confidential data that is authorized to be leaked to the sink; tracking movement of confidential data through an application, said tracking comprising tracking said fine-grain confidential data originating at a source and being transferred into a sink; determining based on the tracked movement of the confidential data that the confidential data is leaked to the sink by the application; comparing the confidential data that is leaked to the sink to the specified maximum amount of confidential data that is authorized to be leaked to the sink; and presenting to the user via the user interface an indication that the application complies with the privacy policy set by the user upon determining that fine-grain confidential data that is leaked to the sink is below the specified maximum amount of confidential data that is authorized to be leaked to the sink, or presenting to the user via the user interface an indication that the application does not comply with the privacy policy set by the user upon determining that the fine-grain confidential data that is leaked to the sink is above the specified maximum amount of fine-grain confidential data that is authorized to be leaked to the sink. 2. The method of claim 1 , wherein the activating of at least one element comprises a selecting a category of coarse-grain confidential data, the category of fine-grain confidential data or coarse-grain confidential data comprises at least one of fine-grain location, coarse-grain location, and identifiers. 3. The method of claim 1 , wherein the activation of the at least one element by the user includes a selection by the user of a category of sinks including the sink, wherein the maximum amount of confidential data is authorized to be leaked to the category of sinks. 4. The method of claim 3 , wherein the category of sinks comprises at least one of internal sinks and external sinks. 5. The method of claim 1 , wherein the tracking of the fine-grain confidential data originating at a source and being transferred to a sink comprises: tracking a logging or writing of data to a file, or tracking a writing confidential data to a socket using an API method, tracking a storing of data to a memory, or tracking a transmission of information outside of the computing device. 6. The method of claim 5 , wherein a category of the fine-grain confidential data or coarse-grain confidential data is ranked according to a hierarchy based on a level of confidentiality, said maximum amount of confidential data set for a higher ranking category that may be leaked including confidential data of a lower ranking confidential data category. 7. The method of claim 1 , further comprising: preventing an application from performing an unauthorized leakage of said fine-grain confidential data when the unauthorized leakage fails to comply with the user's privacy policy setting. 8. A system comprising: at least one processor comprising hardware; and a display coupled to the at least one processor, the at least one processor configured to: present a user interface via the display, the user interface including at least one element that is activatable by a user to set a privacy policy, the privacy policy specifying a maximum amount of confidential data that is authorized to be leaked to a sink; receive from the user via the user interface an activation of the at least one element to set the privacy policy, the activation of at least one element comprising a selecting a category of fine-grain confidential data and specifying the maximum amount of fine-grain confidential data that is authorized to be leaked to the sink; track movement of confidential data through an application by tracking fine-grain confidential data originating at a source and being transferred into a sink; determine based on the tracked movement of the confidential data that the confidential data is leaked to the sink by the application; compare the confidential data that is leaked to the sink to the specified maximum amount of confidential data that is authorized to be leaked to the sink; and present to the user via the user interface an indication that the application complies with the privacy policy set by the user upon determining that fine-grain confidential data that is leaked to the sink is below the specified maximum amount of confidential data that is authorized to be leaked to the sink, or present to the user via the user interface an indication that the application does not comply with the privacy policy set by the user upon determining that the fine-grain confidential data that is leaked to the sink is above the specified maximum amount of fine-grain confidential data that is authorized to be leaked to the sink. 9. The system of claim 8 , wherein the activating of at least one element comprises a selecting a category of coarse-grain confidential data, the category of fine-grain confidential data or coarse-grain confidential data comprises at least one of fine-grain location, coarse-grain location, and identifiers. 10. The system of claim 8 , wherein the activation of the at least one element by the user includes a selection by the user of a category of sinks including the sink, wherein the maximum amount of confidential data is authorized to be leaked to the category of sinks. 11. The system of claim 10 , wherein the category of sinks comprises at least one of internal sinks and external sinks. 12. The system of claim 8 , wherein to track the fine-grain confidential data originating at a source and being transferred to a sink, the at least one processor is further configured to: track a logging or writing of data to a file, or track a writing confidential of data to a socket using an API method, track a storing of data to a memory, or track a transmission of information outside of the computing device. 13. The system of claim 9 , wherein a category of the fine-grain confidential data or coarse-grain confidential data is ranked according to a hierarchy based on a level of confidentiality, said maximum amount of confidential data set for a higher ranking category that may be leaked including confidential data of a lower ranking confidential data category. 14. The system of claim 8 , wherein the at least one processor is further configured to: prevent an application from performing an unauthorized leakage of said fine-grain confidential data when the unauthorized leakage fails to comply with the user's privacy policy setting. 15. A non-transitory computer readable medium storing instructions that, when executed by at least one processor, configure the at least one processor to: present a user interface via a display of a computing device, the user interface including at least one element that is activatable by a user to set a privacy policy, the privacy policy specifying a maximum amount of confidential data that is authorized to be leaked to a sink; receive from the user via the user interface an activation of the at least one element to set the privacy policy, the a
Assignees
Inventors
Classifications
- H04L63/20Primary
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
for providing a confidential data exchange among entities communicating through data packet networks · CPC title
Protecting personal data, e.g. for financial or medical purposes · CPC title
Vulnerability analysis · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10250642B2 cover?
- A method includes receiving from a user via a user interface an activation of at least one element to set a privacy policy specifying the maximum amount of confidential data that is authorized to be leaked to a sink, tracking movement of confidential data through an application, determining based on the tracked movement of the confidential data that the confidential data is leaked to the sink b…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification H04L63/20. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 02 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).