Enhancing container security by performing container vulnerability reduction based on static analysis of dynamically loaded symbols and system call blocking
US-2024220632-A1 · Jul 4, 2024 · US
Remote permissions monitoring and control
US11487866B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11487866-B2 |
| Application number | US-201916655181-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 16, 2019 |
| Priority date | Jul 4, 2016 |
| Publication date | Nov 1, 2022 |
| Grant date | Nov 1, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A security application may monitor applications attempting to be installed on a user device. In one example, various steps may include at least one of: receiving an application access operation on a computing device, identifying at least one application action associated with the application access operation, retrieving an application security profile stored in memory, identifying at least one application security restriction in the application security profile related to the at least one application action, restricting the at least one application action from occurring based on the at least one application security restriction and notifying a pre-registered device responsive to restricting the at least one application action.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: initiating an install procedure of an application on a computing device; detecting application permissions requested by the application from the computing device during the install procedure; determining a flag has been set on an application permission from among the detected application permissions based on an application security profile; temporarily blocking the install procedure of the application from continuing on the computing device based on the flagged application permission; identifying, by a security module installed on the computing device where the application is temporarily blocked, a phone number of a remote user device stored within a security profile of the computing device; and transmitting, via a network, a request to the remote user device based on the identified phone number, the request comprising an identification of the flagged application permission and a request for a user input via the remote user device to resume the temporarily blocked install procedure; receiving, by the security module installed on the computing device where the application is temporarily blocked, a response from the remote user device indicating whether or not to allow the application to access to the flagged application permission. 2. The method of claim 1 , comprising receiving an application access operation on the computing device which comprises receiving an install request message. 3. The method of claim 1 , wherein the flagged application permission comprises one or more of permission for in-app purchases and permission to access a contacts list stored on the computing system. 4. The method of claim 1 , wherein the transmitting the request comprises transmitting a prompt to a user interface of the remote user device which requests a user input from a guardian. 5. The method of claim 1 , wherein the flagged application permission comprises one or more of access to location information, access to contacts, access to an e-mail account, access to an instant message account, access to a social network profile, access to photographs, access to multi-media, and access to documents. 6. The method of claim 1 , wherein the method further comprises displaying a list of the detected application permissions requested during the install procedure via a user interface of the computing device. 7. The method of claim 1 , wherein the detecting comprises intercepting the application permissions requested by the application via a security module that is installed locally on the computing device. 8. The method of claim 4 , wherein the input from the guardian overrides the temporarily blocked install procedure on the computing device. 9. An apparatus, comprising: a processor configured to: initiate an install procedure of an application on a computing device; detect application permissions requested by the application from the computing device daring the install procedure; determine a flag has been set on an application permission from among the detected application permissions based on an application security profile; temporarily block the install procedure of the application from continuing on the computing device based on the flagged application permission; identify, by a security module installed on the computing device where the application is temporarily blocked, a phone number of a remote user device stored within the application security profile; and a network interface configured to transmit, via a network, a request to the remote user device based on the identified phone number, the request comprising an identification of the flagged application permission and a request for a user input via the remote user device to resume the temporarily install procedure; receiving, by the security module installed on the computing device where the application is temporarily blocked, a response from the remote user device indicating whether or not to allow the application to access to the flagged application permission. 10. The apparatus of claim 9 , wherein the processor is further configured to receive an application access operation on the computing device which comprises receipt of an install request message. 11. The apparatus of claim 9 , wherein the flagged application permission comprises one or more of permission for in-app purchases and permission to access a contacts list stored on the computing system. 12. The apparatus of claim 9 , wherein the request comprises a prompt transmitted to a user interface of the remote user device which requests a user input from a guardian. 13. The apparatus of claim 9 , wherein the flagged application permission comprises one or more of access to location information, access to contacts, access to an e-mail account, access to an instant message account, access to a social network profile, access to photographs, access to multi-media, and access to documents. 14. The apparatus of claim 9 , wherein the processor is further configured to display a list of the detected application permissions requested during the install procedure via a user interface of the computing device. 15. The apparatus of claim 12 , wherein the input from the guardian overrides the temporarily blocked install procedure on the computing device. 16. A non-transitory computer readable storage medium configured to store instructions that when executed causes a processor to perform: initiating an install procedure of an application on a computing device; detecting application permissions requested by the application from the computing device during the install procedure; determining a flag has been set on an application permission from among the detected application permissions based on an application security profile; temporarily blocking the install procedure of the application from continuing on the computing device based on the flagged application permission; identifying, by a security module installed on the computing device where the application is temporarily blocked, a phone number of a remote user device stored within a security profile of the computing device; and transmitting, via a network, a request to the remote user device based on the identified phone number, the request comprising an identification of the flagged application permission and a request for a user input via the remote user device to resume the temporarily blocked install procedure; receiving, by the security module installed on the computing device where the application is temporarily blocked, a response from the remote user device indicating whether or not to allow the application to access to the flagged application permission. 17. The non-transitory computer readable storage medium of claim 16 , comprising receiving an application access operation on the computing device which comprises receiving an install request message. 18. The non-transitory computer readable storage medium of claim 16 , wherein the flagged application permission comprises one or more of permission for in-app purchases and permission to access a contacts list stored on the computing system. 19. The non-transitory computer readable storage medium of claim 16 , wherein the transmitting the request comprises transmitting a prompt to a user interface of the remote user device which requests a user input from a guardian. 20. The non-transitory computer readable storage medium of claim 16 , wherein the flagged application permission comprises one or more of access to location information, access to contacts, access to a
Assignees
Inventors
Classifications
Test or assess software · CPC title
- G06F21/51Primary
at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability · CPC title
Software deployment · CPC title
to features or functions of an application · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11487866B2 cover?
- A security application may monitor applications attempting to be installed on a user device. In one example, various steps may include at least one of: receiving an application access operation on a computing device, identifying at least one application action associated with the application access operation, retrieving an application security profile stored in memory, identifying at least one …
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/51. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Nov 01 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).