Remotely defining security data for authorization of local application activity
US-9148700-B2 · Sep 29, 2015 · US
Remotely defining security data for authorization of local application activity
US9727705B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9727705-B2 |
| Application number | US-201514832209-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 21, 2015 |
| Priority date | Nov 26, 2007 |
| Publication date | Aug 8, 2017 |
| Grant date | Aug 8, 2017 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Systems and methods, including computer software adapted to perform certain operations, can be implemented for remotely defining security data for authorizing access to data on a client device. Permission indicators are associated with a sequence of instructions, and a protected activity is associated with one or more of the permission indicators and with an instruction within the sequence of instructions. The one or more permission indicators and the sequence of instructions are provided to a remote device. The remote device determines whether execution of the instruction is permitted based, at least in part, on the one or more permission indicators, and the remote device performs the protected activity if execution of the instruction is permitted.
First claim
Opening claim text (preview).
What is claimed is: 1. A mobile device comprising: one or more processors; and a memory having stored thereon computer readable instructions that are executable by the one or more processors to implement a client component and a runtime component, wherein: the client component is integral with one or more applications of the mobile device and configured to facilitate display and management of content for an application into which the client component is integrated, including: managing content that is associated with permissions specified to indicate whether protected activities are allowed to be performed in conjunction with rendering the content, and obtaining the content from storage to provide to the runtime component for rendering; the runtime component is integral with the one or more applications to render the content for an application into which the runtime component is integrated, the rendering including passing to the client component attempts made by the content to perform the protected activities, the attempts being passed to the client component without the runtime component processing the specified permissions, wherein the client component enforces the specified permissions relative to each of the attempts by: retrieving the specified permissions from the storage, allowing the runtime component to perform one or more of the protected activities if permitted by the specified permissions, and restricting the runtime component from performing said one or more of the protected activities if said one or more of the protected activities are not permitted by the specified permissions. 2. The mobile device of claim 1 , wherein the runtime component does not attempt to process the specified permissions associated with the content that the runtime component renders. 3. The mobile device of claim 1 , wherein enforcement of the specified permissions by the client component includes: obtaining data describing a protected activity that the content attempts to perform during the rendering; and using the data describing the protected activity to determine whether the specified permissions associated with the content permit the protected activity. 4. The mobile device of claim 1 , further comprising a custom extension that extends functionality of the runtime component, the custom extension configured to, responsive to an attempt made by the content being rendered to perform activities enabled by the extended functionality, determine whether the specified permissions associated with the content permit the content to perform the activities enabled by the extended functionality. 5. The mobile device of claim 4 , wherein the custom extension enforces the specified permissions associated with the content being rendered relative to attempts to perform the activities enabled by the extended functionality by: allowing the content to perform the activities enabled by the extended functionality if permitted by the specified permissions; and restricting the content from performing the activities enabled by the extended functionality if the activities enabled by the extended functionality are not permitted by the specified permissions. 6. The mobile device of claim 4 , wherein the runtime component does not attempt to process the specified permissions associated with the content being rendered responsive to the attempt made by the content to perform the activities enabled by the extended functionality. 7. The mobile device of claim 4 , wherein a command that causes the content being rendered to attempt the activities enabled by the extended functionality is not recognized by an unextended runtime component. 8. The mobile device of claim 4 , wherein the client component does not attempt to process the specified permissions associated with the content being rendered responsive to the attempt made by the content to perform the activities enabled by the extended functionality. 9. The mobile device of claim 1 , wherein the runtime component comprises a media player that supports rendering at least one of vector graphics, bitmaps, frame-based animation, text input, or dynamic text. 10. The mobile device of claim 1 , wherein the client component is further configured to communicate with a remote server system to receive the content and the specified permissions. 11. The mobile device of claim 10 , wherein the client component is further configured to store the content and the specified permissions in storage of the mobile device, the content and the specified permissions being accessible from the storage responsive to a user request to access the content. 12. A method implemented by a computing device to control performance of protected activities in conjunction with rendering content, the method comprising: responsive to a request by a user to access content, employing a client component of the computing device to retrieve the requested content and permissions specified for the requested content to indicate whether protected activities are allowed to be performed in conjunction with rendering the requested content; employing the client component to provide the requested content to a runtime component of the computing device that renders content; employing the runtime component to render the requested content; responsive to attempts made by the requested content to perform the protected activities in conjunction with being rendered, employing the runtime component to pass the attempts to the client component without processing the specified permissions, wherein the client component enforces the specified permissions relative to each of the attempts by: allowing the runtime component to perform one or more of the protected activities if permitted by the specified permissions, and restricting the runtime component from performing said one or more of the protected activities if said one or more of the protected activities are not permitted by the specified permissions. 13. The method of claim 12 , wherein the runtime component is not employed to enforce the specified permissions associated with the requested content. 14. The method of claim 12 , further comprising employing a custom extension that extends functionality of the runtime component to determine whether the specified permissions associated with the requested content allow the requested content to perform activities enabled by the extended functionality. 15. The method of claim 14 , wherein the client component is not employed to enforce the specified permissions associated with the requested content responsive to an attempt made by the requested content to perform the activities enabled by the extended functionality. 16. The method of claim 12 , wherein the specified permissions include custom extension permissions that are configurable to govern protected activities associated with custom extensions to the runtime component. 17. The method of claim 12 , further comprising receiving the specified permissions from a service provider configured to specify the permissions to indicate that the requested content is permitted to perform the protected activities or is restricted from performing the protected activities. 18. A method implemented by a computing device to control performance of protected activities at a remote device in conjunction with rendering content, the method comprising: retrieving a permissions data structure for a channel of content, the permissions data structure comprising at least one permission indicator that is indicative of whether at least one protected activity is allowed to be pe
Assignees
Inventors
Classifications
Implementing a Virtual Machine [VM] (virtual machines in general G06F9/45533) · CPC title
Rights Management (protecting software against unauthorised usage in a vending or licensing environment G06F21/10; security in data switching network management H04L41/28; security management or policies for network security H04L63/20; access security in wireless networks H04W12/08) · CPC title
Subscription-based services using application servers or record carriers, e.g. SIM application toolkits · CPC title
Rights management {associated to the content (security in data switching network management H04L41/28; security management or policies for network security H04L63/20; access security in wireless networks H04W12/08)} · CPC title
Access control lists [ACL] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9727705B2 cover?
- Systems and methods, including computer software adapted to perform certain operations, can be implemented for remotely defining security data for authorizing access to data on a client device. Permission indicators are associated with a sequence of instructions, and a protected activity is associated with one or more of the permission indicators and with an instruction within the sequence of i…
- Who is the assignee on this patent?
- Adobe Systems Inc
- What technology area does this patent fall under?
- Primary CPC classification H04W12/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 08 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).