JP6238146B2 - Method, apparatus and system for operating electronic devices - Google Patents

Description

  App is a software application or application program that can be downloaded from an App distribution website to a mobile device. Since the receiving or target device is typically a mobile electronic device such as a smartphone, tablet computer or netbook, App may also be referred to as mobile App. The App may also be downloaded to a less mobile electronic device such as a laptop computer, desktop computer, or television for execution. App may be downloaded to perform various functions such as collecting news, playing games, finding parking lots, etc. The distribution website or platform is typically operated by a mobile device operating system (mobile OS) provider or licensor. A distribution platform through which a user obtains an App may be referred to as a cloud in connection with cloud computing that provides a processing or storage service that uses an electronic system located remotely from the user. The platform or cloud may include a device for storage that a user may access to obtain an App.

  App is typically in the form of executable code or object code in machine language that can be executed by a mobile device. The user may be able to use App for free if it is a limited service, or the user may be required to pay a fee to download App. Regardless of whether a fee is required, most Apps periodically collect and access user information that the user normally considers private from the mobile electronic device. This private information includes, among other things, location information such as address books, photos or other media stored on the mobile device, email, short message service (SMS) text messages, and global positioning service (GPS) information. be able to. This information can be collected by App for the purpose of providing targeted content or advertising to users.

The drawings are not necessarily drawn to scale, and like numerals are used to indicate like components in different drawings. Similar symbols with different suffix characters may represent different instances of similar components. The drawings generally depict the various embodiments described herein by way of example and not limitation.
FIG. 6 is a flow diagram illustrating an example of a method 100 for operating an electronic device in an embodiment. FIG. 2 is a block diagram illustrating portions of an example system that manages access to private information stored on one or more electronic devices in an embodiment. FIG. 3 is a flow diagram illustrating an example of a method for configuring a privacy access policy for an electronic device in an embodiment.

  As previously described, the mobile electronic device cannot allow the user to monitor access to stored private information. A software application program may be referred to as “App” and is typically designed to run on an electronic device. The inventors have particularly recognized that electronic devices such as smartphones and tablet computers do not provide users with the means to monitor or manage access by App to private information stored on mobile electronic devices. . This can be solved by providing user management of access to private information.

  FIG. 1 is a flow diagram illustrating an example of a method 100 for operating an electronic device, such as a mobile electronic device. Examples of electronic devices include mobile or mobile phones (eg, smart phones), tablet computers, netbooks, laptop computers, and desktop computers, among others.

  At block 105, access to private information stored in the memory of the electronic device is detected. Access is performed by a client application program or a client App. Detection is performed by the privacy management module. A module can be one or more combinations of hardware, firmware, and software, even software (eg, object code) or firmware running on a processor of an electronic device to perform the functions described. May be. The privacy management module may be downloadable to the electronic device as object code for execution on the electronic device.

  At block 110, the private information that the client App is accessing is tracked. The privacy management module may track access by a client App or multiple clients App in real time when an access occurs or when an access attempt occurs. In some examples, the privacy management module prepares an access history (eg, a history file) that can include client App information and the time and date of access to stored private information.

  At block 115, the electronic device is reconfigured to change access to private information by the client App in accordance with at least one privacy access policy stored on the electronic device. For example, one or more client apps specified by the privacy management module may be allowed to access only a limited amount of private information, or one or more specified client apps may be private Access to information may be prohibited. In some examples, artificial or false private information is provided to one or more designated client App.

  FIG. 2 is a block diagram illustrating certain example portions of a system that manages access to private information stored in one or more electronic devices. The system includes a server 202 that is remote from one or more electronic devices. Server 202 includes a processor 204 and a memory 206. Server 202 can provide the platform as part of a cloud application service from which App can be downloaded. In some examples, the server 202 includes a client program 207 that can be executed by the processor of the server 202 to receive a request to download executable code to a remote electronic device over a network or cloud 238. Memory 206 stores executable code that includes privacy management module 208. Privacy management module 208 includes instructions executable by the electronic device. In some examples, the privacy management module 208 can be downloaded to an electronic device as an App.

  The lower part of FIG. 2 relates to the electronic device. The electronic device includes a processor 210 and a memory 212. The processor 210 may include a graphic engine. The electronic device may further include a display controller 214 for providing a display function to the device 240. One or more communication modules or Comm 216 provides an interface to a communication network such as Bluetooth (registered trademark), 3G, 4G, WiFi (registered trademark), or WiMax (registered trademark). The electronic device platform includes a sensor hub 218 module to process input from sensors such as touch sensors, gyroscope sensors, temperature sensors, GPS, and the like. The electronic device includes an operating system (OS) to provide a software platform. The OS 220 is provided by, for example, a mobile OS such as iOS provided by APPLE and INC, Android (registered trademark) provided by GOOGLE, INC, or Windows (registered trademark) provided by MICROSOFT, INC, APPLE, INC. It may be an OS for another type of mobile device such as Mac (R) OS X (R) or Linux (R) provided by a Linux (R) distributor.

  The electronic device may further include a security engine 222 or a secure storage 224. Secure storage 224 may include fraud prevention memory and may include flash memory (eg, NAND flash memory or multimedia card (MMC) flash memory). The secure storage 224 may store a key for encryption. Security engine 222 may be hardware based and may include a second processor that is transparent to OS 220. The security engine 222 along with the secure storage 224 provides an execution environment for cryptographic processing and unauthorized use prevention. The security engine 222 may implement logic that implements policies for users of electronic devices. In the illustrated example, the processor 210 hosts the downloaded privacy management module 208, but the security engine 222 may host the privacy management module 208 to provide additional system security.

  When running on the electronic device, privacy management module 208 detects that client App is accessing or attempting to access private information stored in memory 212 of the electronic device. The privacy management module 208 tracks the private information being accessed. An example of private information that can be stored in an electronic device is provided in the previous portion of this specification. Further examples of stored private information include the user's address (eg, home or work), the user's email address, information about online shopping performed using the electronic device, the user's birthday, and the user's social A security number or part of a social security number, information about a financial account, information contained in a calendar application of a mobile electronic device, information about a user's health (eg, medical information, lifestyle information, etc.). In a further example, the private information may “break jailbreak” the smartphone OS by removing restrictions imposed by third party App (eg, electronic device manufacturers or OS licensors) installed on the electronic device. (Jail breaking) ”may be included in the downloaded information.

  In some examples, privacy management module 208 tracks access by client App in real time as access occurs. In some examples, the privacy management module 208 performs historical tracking to determine access after that fact. As described previously herein, privacy management module 208 may generate an access history file that can be stored in secure storage 224 and reviewed at a later time. The privacy management module 208 further reconfigures the electronic device to change access to private information by the client App in accordance with at least one privacy access policy stored on the electronic device. The privacy access policy may be stored in secure storage 224.

  To generate an access policy, the system of FIG. 2 includes cloud-based real-time App privacy management or CBRTAPM 226. CBRTAPM 226 allows a user to configure a privacy access policy to manage the behavior of App running on the electronic device. In some examples, CBRTAPM 226 is invoked as part of a cloud-provided service, and in some examples, CBRTAPM 226 is invoked and executed on an electronic device. CBRTAPM 226 may be a software component, and when CBRTAPM 226 is invoked in the cloud, at least a portion of the CBRTAPM 226 functionality may be provided by one or more client programs running on server 202. If CBRTAPM 226 is invoked on an electronic device, CBRTAPM 226 may be included in privacy management module 208 running on the electronic device. CBRTAPM 226 may be a software component (eg, App) downloaded to an electronic device, or CBRTAPM 226 may be installed on CBRTAPM 226 by a manufacturer or service provider.

  In the example shown in FIG. 2, the function of CBRTAPM 226 is invoked on the electronic device. CBRTAPM 226 may include an authentication agent 228 subcomponent and a policy storage / enforcement agent 230 subcomponent. The authentication agent 228 can use the security engine 222 to authenticate the user and the user device as an initial check as to whether the user is authorized to perform the requested action. Policy storage / enforcement agent 230 manages access policies. This may include obtaining a policy and storing it in the secure storage 224. The policy storage / enforcement agent 230 may further enforce a contract between the user and the service provider, such as whether the user is permitted by an explicit or implicit license contract to execute a particular App. . CBRTAPM 226 may further include a logging agent 232 subcomponent and a communication agent 234 subcomponent. The logging agent 232 may record all transactions or accesses by the client App based on the configured privacy access policy. The communication agent 234 provides secure communication between the electronic device and the remote server 202, for example, by encrypting the communication.

  As previously described herein, CBRTAPM 226 can be included in privacy management module 208, which includes instructions for generating a privacy access policy. In some examples, providing a user interface (UI) or dashboard to CBRTAPM facilitates user interaction with CBRTAPM 226 in creating a privacy access policy. The privacy management module 208 includes instructions for displaying an access privacy policy UI (eg, a graphic user interface) on the electronic device, eg, via the display controller 214. The user may select an access policy option and fill in the UI fields, and the input received via the UI is incorporated into the generated privacy access policy.

  In FIG. 2, the CBRTAPM UI 236 allows the user to configure his privacy access policy and manage access by App running on the electronic device. In some examples, the privacy management module 208 includes instructions to display the type of information accessed by the client App via the CBRTAPM UI 236. In some examples, the CBRTAPM UI 236 displays real-time privacy data or historical privacy data being accessed by one or more client App. This can be useful when the user is trying to identify an App that accesses the privacy data that the user most wants to restrict access to. In some examples, CBRTAPM 226 generates an access policy that restricts or prevents access to private information by client App. The policy is implemented by the privacy management module 208 using instructions for preventing access to at least a portion of the stored private information according to a privacy access policy. For example, the privacy management module 208 may include instructions for implementing logic to prevent access to private information that is generated and stored in the secure storage 224.

  In some examples, the privacy management module 208 includes instructions for changing private information provided to the client App in accordance with a privacy access policy. For example, as a result of an access policy generated using CBRTAPM 226, the privacy management module 208 returns a fake name to App, returns a fake email address to App, or returns fake GPS coordinates to App. You can do it. In the latter case, the user may want to provide the same GPS coordinates to App to prevent App from sending further advertisements to the user's mobile electronic device.

  In some examples, the CBRTAPM UI 236 displays a privacy access policy determined according to a license agreement for the client App (eg, an implicit license agreement or an explicit license agreement resulting from downloading the App). As a result, the user can easily compare information accessed by the client App with all accesses agreed upon by downloading and using the App. The user may then create a privacy access policy that reduces access to private information by App, but this is still within the scope of the license agreement. In some examples, CBRTAPM 226 incorporates license information into the privacy access policy. The privacy access policy restricts access to private information according to the license information.

  As previously described herein, CBRTAPM 226 may be invoked as part of the service that cloud 238 provides. In this case, the privacy access policy can be generated by a client program that executes instructions on the remote server 202. The client program of the server is configured so that the user can access CBRTAPM by downloading the CBRTAPM UI 236 to an electronic device or a separate computing device and displaying it. In some examples, the CBRTAPM UI 236 is implemented by downloading and executing a thin client program on an electronic device or a separate computing device. Input entered by the user into the CBRTAPM UI 236 can be communicated to the client program of the server 202, which incorporates the input received via the CBRTAPM UI 236 into the privacy access policy generated by the client program. A privacy access policy configured by the user is generated at the server 202, and the privacy access policy can be stored in the server memory 206 and downloaded by the user at any point in the electronic device or devices. In some examples, CBRTAPM UI 236 can be utilized to synchronize the activation of privacy access policies generated within multiple devices. Activation may be configured to be activated immediately, on demand, periodically, etc. Thus, by calling the cloud's CBRTAPM, the user can generate one privacy access policy for multiple electronic devices. In some examples, privacy access data (eg, one or more history files) is collected from multiple electronic devices by a cloud-based service and presented to a user for use in configuring a policy.

  When CBRTAPM 226 is invoked in the cloud, the CBRTAPM 226 functionality described with respect to FIG. 2 may be divided between a client program running on server 202 and a privacy management module 208 running on the electronic device. . For example, an input input by the user to the CBRTAPM UI 236 can be transmitted to the client program 207 using the communication agent 234. The policy storage / enforcement agent 230 may obtain the generated access policy and store it in the secure storage 224 of the electronic device. Some functions of the authentication agent 228 and policy storage / enforcement agent 230 may be performed on the server 202 (for example, a contract between a user and a service provider when generating a privacy access policy). Execution, etc.).

  By preventing the client App from accessing the private information, side effects may occur in the electronic device, and performance or power consumption may be degraded. For example, if a client App is simply prevented from accessing private information, the client App may continue trying to access it. As a result, the function of the electronic device to quickly perform other tasks may deteriorate, and the user may be dissatisfied with the electronic device. In another example, suppose a client App receives a request from an App provider to record private information (poll) and send the accessed information to a target (eg, a remote server of the App provider). If the client App does not provide information, it is envisaged that the recording and transmission cycle will continue or be started more frequently. This increases the normal power consumption of the electronic device and may lead to more frequent charging. This will also reduce user satisfaction with electronic devices. In addition, electronic devices may have to be used with limited data plans. Repeated transmission by the client App may lead to unjustly using up the used capacity of data before the user is aware of data access. As a result, it is considered that the recording of privacy data is expensive for the user.

  In general, it is envisaged that the client App may not be able to handle exceptional scenario types or perform actions intended as a result of constraints on privacy data. In these situations, the privacy management module 208 may provide artificial data (in this case, configured as a policy by the user) to the client App. The user may be aware that the output data of the client App is based on artificial private information and that the output may not be accurate because actual privacy is not provided. (Eg by warning or by UI).

  After the user provides a new setting via the CBRTAPM UI 236 and generates a privacy access policy, the CBRTAPM works with the platform power and performance manager to make the new setting a platform power and performance setting or device. Monitor and ensure that no restrictions are violated. If the power setting is violated, CBRTAPM makes a recommendation to the user. These recommendations may include a recommendation to provide artificial data to the client App. The user configures a suitable privacy access policy to be generated when CBRTAPM is invoked on the device and stored in any secure storage 224 and stored on the server when CBRTAPM is invoked in the cloud. . The policy can then be downloaded to the secure storage 224 of one or more electronic devices. The policy may then be activated immediately, periodically, on demand, etc. according to policy synchronization settings.

  Based on the resulting privacy access policy configured by the user, the privacy management module 208 may provide artificial private information to the client App to reduce attempts to access the private information where the App is stored. This artificial information may include, in particular, a fake phone number, a fake email address, a fake social security number or a fake part of a social security number. Providing this fake private information rather than simply preventing access to the information may reduce the power consumption resulting from the functions that the client App can perform.

  In some examples, these functions may include transmission of information from the electronic device. Reducing the frequency with which these functions are performed may reduce the energy demand of the device, may reduce the amount of battery loss in the mobile electronic device, and may reduce the data transmission of the electronic device. is there.

  FIG. 3 is a flow diagram illustrating an example of a method 300 for configuring a privacy access policy for an electronic device. At block 305, it is determined whether CBRTAPM has been invoked on the electronic device, and at block 315, it has been determined whether CBRTAPM has been invoked by the cloud-based service. If invoked at the electronic device, at block 310, the current privacy access policy is loaded from the secure storage and presented to the user via the CBRTAPM UI.

  If invoked with a cloud-based service, at block 320, the current privacy access policy is downloaded using the CBRTAPM UI and, if configured, the user-managed multiples Privacy data collected from other electronic devices is downloaded. At block 325, utilizing the CBRTAPM UI provides policy configuration options for multiple devices.

  At block 330, the CBRTAPM UI presents private information collected by one or more client apps of one or more electronic devices. At block 335, the user imposes a privacy access policy on the client App that restricts the collection of private information without compromising the performance observed by the user of the client App and prevents or restricts it. Configure to add. The user optionally configures the privacy management of the electronic device to provide artificial private information to a client App that needs some private information to operate normally.

  At block 340, privacy management determines whether the newly configured policy violates any of the electronic device's platform power constraints, performance constraints, or other device constraints. If the determination is positive, at block 345, privacy management determines an alternative by utilizing or monitoring the power and performance manager of the electronic device. At block 350, the newly configured privacy access policy may be stored in a secure storage of the electronic device, causing an action to be initiated within the electronic device based on the policy.

  The methods, devices, and systems described herein provide a user with multiple options for managing access or access attempts to private information stored on an electronic device. The privacy manager places information management under the control of the user, which increases the user's satisfaction with the electronic device.

  <Further Notes and Examples> Example 1 includes subject matter such as a server (eg, an apparatus, method, means for performing an action, or instructions that, when executed on a machine, cause the machine to perform an action) Machine-readable medium). The server can include a processor and memory for storing executable code as a privacy management module. The executable code includes instructions executable by the remote electronic device and includes instructions for detecting access to private information stored in the memory of the electronic device, wherein the access is a client executing on the electronic device. Executed by an application program (client App) to track private information being accessed and modify access to private information by the client App in accordance with at least one privacy access policy stored on the electronic device Includes instructions for reconfiguring the mobile electronic device.

  Example 2 is executable by a server processor and may include a client program that receives a request to download executable code to a remote electronic device over a network. It can also be combined.

  Example 3 downloads a user interface for display to an electronic device or at least one of separate computing devices (the user interface provides input to the client program) and receives input received via the user interface. Can include a server client program configured to download the privacy access policy to one or more remote electronic devices, embedded in a privacy access policy generated by the server client program, one of examples 1 and 2 It can also be combined with one or any combination of themes.

  Example 4 includes a privacy management module including instructions for generating a privacy access policy, displaying a privacy access policy user interface on an electronic device, and incorporating input received via the user interface into the generated privacy access policy It can also be combined with one of Examples 1 to 3 or any combination of themes.

  Example 5 can also include a privacy management module that includes instructions for displaying the type of information accessed by the client App via the user interface, combined with the subject matter of one or any combination of examples 1-4. You can also.

  Example 6 may include a privacy management module that includes instructions to modify private information provided to the client App in accordance with a privacy access policy, or may be combined with one or any combination of the subjects of Examples 1-5. it can.

  Example 7 displays the access policy determined according to the license agreement for the client application program via the user interface, incorporates the license information into the privacy access policy stored in the electronic device, and accesses the private information according to the license information. A privacy management module configured to limit the above may be included, or may be combined with one of Examples 1-6 or any combination of themes.

  Example 8 can also include a privacy management module that includes instructions for preventing access to at least a portion of private information by a client App according to a privacy access policy, or combined with one or any combination of themes of Examples 1-7 You can also.

  Example 9 includes a privacy management module that includes instructions to provide artificial private information to a client App in accordance with a privacy access policy to reduce attempts by the client App to access private information stored on an electronic device. It can also be combined with one of Examples 1 to 8 or any combination of themes.

  Example 10 includes a privacy management module that includes instructions to provide artificial private information to a client App in accordance with a privacy access policy to reduce the performance of functions that the client App can execute, including sending information from an electronic device. It can also be combined with one of Examples 1 to 9 or any combination of themes.

  Example 11 can include a privacy management module that includes executable code that can be executed by a mobile phone processor, or can be combined with one or any combination of the subjects of Examples 1-10.

  Example 12 can include a subject, or one or any combination of examples 1 to 11 to include a subject (eg, when performed on an apparatus, method, means, or machine that performs an operation) A machine-readable medium containing instructions that cause the machine to perform an operation), the subject matter is detecting access to private information stored in a memory of the electronic device, the detection comprising: In addition, the access is performed by the privacy management module downloadable as object code for execution in the electronic device, and the access is performed by the client App. Trackin private information being accessed Comprising the steps of, using the privacy management module, a step or the like to reconstruct the electronic device to change access to private information by the client App according to at least one privacy access policy stored in the electronic device.

  These subjects can include means for detecting access to private information stored in the memory of an electronic device, examples of which include electronic devices (smartphones, tablet computers, netbooks, laptop computers, desktop computers or Privacy management module downloaded to be executed on a television or the like). These subjects can include means for tracking private information accessed by the client App, examples of which include a privacy management module that is downloaded to be executed on the electronic device, and remote from the electronic device. And a client program running on the server. The subject matter can include means for reconfiguring an electronic device to change access to private information by a client App, examples of which include a user interface on the electronic device that interfaces to a privacy management module, and an electronic device And a user interface on the electronic device that interfaces with a client program running on a remote server.

  Example 13 can include changing the private information provided to the client App according to the access policy, or it can be combined with the subject matter of Example 12.

  Example 14 may include preventing access to at least a portion of the private information by the client App according to the access policy, or may be combined with one of Examples 11-13 or any combination of themes.

  Example 15 can include generating a privacy access policy utilizing a privacy management module and an electronic device, or can be combined with one or any combination of the subjects of examples 11-14.

  Example 16 includes executing a privacy management module to display a policy creation user interface on an electronic device and incorporating input received via the user interface into a privacy access policy stored on the electronic device. It can also be included and can be combined with one of Examples 11 to 15 or any combination of themes.

  Example 17 may include displaying an access policy determined in accordance with a license agreement for client App, or may be combined with one or any combination of the subjects of examples 11-16.

  Example 18 downloads a remote server user interface to at least one of an electronic device or a separate computing device, incorporates the input received via the user interface into a privacy access policy generated by the remote server, It may include downloading the policy to one or more electronic devices, and may be combined with one or any combination of themes of Examples 11-17.

  Example 19 may include providing artificial private information to the client App to reduce attempts by the client App to access the private information, or any one of examples 11 to 18 or any combination thereof It can also be combined with the theme.

  Example 20 can also include providing artificial private information to the client App to reduce the performance of functions that the client App can execute, including sending information from the electronic device, or examples 11-19 It can also be combined with one or any combination of themes.

  Example 21 may include detecting access to private information stored in a cell phone memory, or may be combined with one of Examples 11-20 or any combination of themes.

  Example 23 can include a subject matter (eg, a system) comprising a server. The server can include memory and a processor that store executable code as a privacy management module. The executable code includes instructions executable by the remote electronic device, the instructions are instructions for detecting access to private information stored in the memory of the electronic device, the access being executed on the electronic device Executed by a client application program (client App) according to at least one privacy access policy stored in the electronic device and instructions for detecting access, tracking private information being accessed Reconfiguring the mobile electronic device to change access to private information. The server further includes a client program that is executable by the processor and that receives a request to download executable code to a remote electronic device over a network.

  Example 24 may include a server that includes at least one of an authentication agent and a policy storage / enforcement agent, or may be combined with the subject matter of Example 23.

  Example 25 can include an electronic device or can be combined with the subject matter of Example 23. The electronic device can include at least one of an authentication agent and a policy storage / enforcement agent.

  Example 26 can also include an electronic device that includes a logging agent configured to record access by a client application program based on a configured privacy access policy, or one or any of examples 23-25 It can also be combined with a combination theme.

  Example 27 downloads a user interface for display to at least one of an electronic device or a separate computing device, the user interface provides input to the client program, and the input received via the user interface The client program may include a client program configured to incorporate into a privacy access policy generated and download the privacy access policy to one or more remote electronic devices, or one or any combination of examples 23-26 It can also be combined with the theme.

  Example 28 can also include an electronic device that includes a secure storage for storing privacy access policies and a security engine that implements the policy, and subject matter of one or any combination of examples 23-27 It can also be combined.

  Example 29 is optionally a means for performing any one or more of the functions of Examples 1 to 28, or, when executed by a machine, causes the machine to have any one or more of the functions of Examples 1 to 28. Can include a subject matter that can include a machine-readable medium that includes instructions to perform the above, or can be combined with one or any portion or combination of any portion of Examples 1-28.

  Each of these non-limiting examples can stand independently, or can be combined in any substitution or combination with any one or more of the other examples.

  The above detailed description includes references to the accompanying drawings, which form a part of the detailed description. The drawings show, by way of illustration, specific embodiments in which the invention can be practiced. These embodiments may also be referred to herein as “examples”. These examples may include elements other than those shown or described. However, the inventors of the present application may assume an example in which only the elements shown or described are provided. Further, the inventors of the present application may make any combination or replacement of the elements shown or described (or one or more aspects thereof) for a particular example (or one or more aspects thereof), or In some cases, examples may be envisaged for other examples (or one or more aspects thereof) shown or described herein.

  If there is a contradiction in usage between this document and a document incorporated as a reference, the usage in this document takes precedence.

  In this document, as commonly used in patent documents, the terms “a”, “an”, including one or more than one, are referred to as “at least one” or “one or more” other examples or uses. May be used independently. In this document, the term “or” means “A or B” is “A and not B”, “B and not A”, and It is used to indicate a non-exclusive OR to include the case of “A and B”. In this document, terms such as “including” and “in which” are used as plain English equivalents of the terms “comprising” and “wherein”, respectively. Has been. Further, in the following claims, the terms “comprising” and “comprising” are open-ended, ie, a system, device, article, composition, formulation, or method is as such in a claim. The inclusion of elements in addition to those listed after a term is meant to be included within the scope of the claims. Furthermore, in the following claims, terms such as “first”, “second” and “third” are used as signs only, but these are not intended to impose numerical requirements on the corresponding objects .

  The example methods described herein can be machine or computer-implemented at least in part. Some examples can include a computer-readable or machine-readable medium encoded with instructions that can configure an electronic device to perform the methods described in the examples described above. Implementations of these methods can include code such as microcode, assembly language code, high level language code, and the like. These codes can include computer readable instructions for performing various methods. The code may form part of a computer program product. Further, in certain examples, code may be tangibly stored on one or more volatile, non-tangible, or non-volatile, tangible computer-readable media, such as during execution or at other times. Examples of these tangible computer readable media include, but are not limited to, hard disks, removable magnetic disks, removable optical disks (eg, compact disks and digital video disks), magnetic cassettes, memory cards or sticks, random access memory (RAM). ), Read only memory (ROM), and the like. In some examples, the carrier medium may carry code that implements the method. The term “carrier medium” can be used to represent a carrier wave for transmitting a code.

The descriptions above are intended to be illustrative, not limiting. For example, the above-described examples (or one or more aspects thereof) may be utilized in combination with each other. Other embodiments are available to those skilled in the art who have read the above description. The abstract is intended to allow the reader to quickly inform the nature of the technical disclosure so that US 37 CFR 37C. F. Provided in accordance with R section 1.72 (b). It is provided with the understanding that it will not be used to interpret or limit the scope or meaning of the claims. Furthermore, in the detailed description above, various features may be classified to organize the disclosure. This should not be interpreted as intending that an unclaimed disclosed feature is essential to any claim. Rather, the inventive subject matter may reside in less than all features of a particular disclosed embodiment. Thus, the following claims are hereby incorporated into the detailed description as examples or embodiments, and it is envisaged that each claim will stand on its own as a separate embodiment, It is envisioned that they can be combined with each other in various combinations and substitutions. The scope of the invention should be determined with reference to the appended claims, along with the full scope of equivalents to which such claims are entitled.
Examples of this embodiment are shown as the following items.
[Item 1]
Detecting access to private information stored in a memory of an electronic device, wherein the detection is performed by the privacy management module downloadable to the electronic device as object code for execution in the electronic device Detecting the access performed by the client application program; and
Tracking the private information accessed by the client application program using the privacy management module;
Reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored in the electronic device utilizing the privacy management module. How to operate an electronic device.
[Item 2]
Changing the access to the private information by the client application program comprises:
The method of operating an electronic device according to item 1, comprising changing private information provided to the client application program according to the access policy.
[Item 3]
Changing the access to the private information by the client application program comprises:
3. A method of operating an electronic device according to item 1 or 2, comprising preventing access to at least a part of the private information by the client application program according to the access policy.
[Item 4]
4. The method of operating an electronic device according to any one of items 1 to 3, comprising generating the privacy access policy using the privacy management module and the electronic device.
[Item 5]
The step of generating the privacy access policy includes:
Executing the privacy management module to display a policy creation user interface on the electronic device;
The method of operating an electronic device according to any one of items 1 to 3, comprising: incorporating input received via the user interface into the privacy access policy stored in the electronic device.
[Item 6]
Displaying an access policy determined according to a license agreement for the client application program on a policy creation user interface;
Incorporating license information into the privacy access policy stored in the electronic device;
The method of operating an electronic device according to any one of user items 1 to 5, comprising: restricting access to the private information according to the license information.
[Item 7]
Downloading a user interface to at least one of the electronic device or a separate computing device, the user interface providing input to a remote server;
Incorporating the input received via the user interface into a privacy access policy generated by a client program executable by the remote server;
The method of operating an electronic device according to any one of items 1 to 6, comprising: downloading the privacy access policy to one or more electronic devices.
[Item 8]
8. The electronic device of any one of items 1 to 7, wherein the privacy access policy provides artificial private information to the client application program to reduce attempts by the client application program to access the private information. How to operate the device.
[Item 9]
The privacy access policy provides artificial private information to the client application program so that the client application program can execute a plurality of functions including transmission of information from the electronic device. The method for operating the electronic device according to any one of items 1 to 8, wherein the electronic device is reduced.
[Item 10]
10. The method for operating an electronic device according to any one of items 1 to 9, wherein the electronic device is a mobile phone.
[Item 11]
A program that causes a computer to execute the method according to any one of items 1 to 10.
[Item 12]
A device for managing access to stored information,
A server having a processor and a memory;
The memory stores machine executable code that, when executed by a remote electronic device, implements a privacy management module, the privacy management module comprising:
Detecting access to private information stored in a memory of the electronic device, the access being performed by a client application program running on the electronic device;
Tracking the private information being accessed,
An apparatus for reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored on the electronic device.
[Item 13]
13. The apparatus of item 12, comprising a client program for receiving a request to download the executable code to the remote electronic device over a network, executable by the processor of the server.
[Item 14]
The server client program is:
Downloading a user interface for display to at least one of the electronic device or a separate computing device, the user interface providing input to the client program;
The client program of the server is
Incorporating the input received via the user interface into a privacy access policy generated by the client program of the server;
14. Apparatus according to item 12 or 13, wherein the privacy access policy is downloaded to one or more remote electronic devices.
[Item 15]
The privacy management module
Generating the privacy access policy;
Displaying a privacy access policy user interface on the electronic device;
14. An apparatus according to item 12 or 13, comprising instructions for incorporating input received via the user interface into the generated privacy access policy.
[Item 16]
16. The apparatus according to any one of items 12 to 15, wherein the privacy management module includes instructions for displaying a type of information accessed by the client application program via a user interface.
[Item 17]
The privacy management module
An access policy determined according to a license agreement for the client application program is displayed via a user interface;
Incorporating license information into the privacy access policy stored in the electronic device;
The apparatus according to any one of items 12 to 16, comprising instructions for restricting access to the private information according to the license information.
[Item 18]
18. An apparatus according to any one of items 12 to 17, wherein the privacy management module includes instructions to change the private information provided to the client application program in accordance with the privacy access policy.
[Item 19]
The privacy management module
19. Apparatus according to any one of items 12 to 18, comprising instructions for preventing access to at least a portion of the private information by the client application program in accordance with the privacy access policy.
[Item 20]
The privacy management module
Item 12 comprising instructions to provide artificial private information to the client application program in accordance with the privacy access policy to reduce attempts by the client application program to access the private information stored on the electronic device. The apparatus according to any one of 1 to 19.
[Item 21]
The privacy management module
Item 12 comprising instructions to provide artificial private information to the client application program in accordance with the privacy access policy to reduce execution of functions that the client application program can execute, including sending information from the electronic device. 21. The apparatus according to any one of 1 to 20.
[Item 22]
The privacy management module
Item 22. The device of any of items 12 to 21, comprising executable code that can be executed by a mobile phone processor.
[Item 23]
A system for managing access to stored information,
A server having a processor;
Memory,
A client program and
The memory stores machine-executable code that, when executed by a remote electronic device, implements a privacy management module;
The privacy management module
Detecting access to private information stored in a memory of the electronic device, the access being performed by a client application program running on the electronic device;
Tracking the private information being accessed,
Reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored on the electronic device;
The client program is executable by the processor and receives a request to download the executable code to the remote electronic device via a network.
[Item 24]
24. The system of item 23, wherein the server includes at least one of an authentication agent and a policy storage / enforcement agent.
[Item 25]
Comprising the electronic device;
24. The system of item 23, wherein the electronic device includes at least one of an authentication agent and a policy storage / enforcement agent.
[Item 26]
26. A system according to any one of items 23 to 25, wherein the electronic device includes a logging agent that records access by a client application program based on the configured privacy access policy.
[Item 27]
The client program is
Downloading a user interface for display to at least one of the electronic device or a separate computing device, the user interface providing input to the client program;
The client program is
Incorporating the input received via the user interface into a privacy access policy generated by the client program of the server;
27. A system according to any one of items 23 to 26, wherein the privacy access policy is downloaded to one or more remote electronic devices.
[Item 28]
28. A system according to any one of items 23 to 27, wherein the electronic device includes a secure storage for storing the privacy access policy and a security engine that implements the policy.

Claims (32)

Detecting access to private information stored in a memory of an electronic device, wherein the detection is performed by the privacy management module downloadable to the electronic device as object code for execution in the electronic device Detecting the access performed by the client application program; and
Tracking the private information accessed by the client application program using the privacy management module;
Reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored in the electronic device utilizing the privacy management module; Prepared,
To change the access to the private information by the client application program, only including to provide the private information of false to the client application program in accordance with the privacy access policy,
A method of operating an electronic device, wherein the fake private information includes at least one of a fake phone number, a fake email address, a fake social security number, and a fake name . Incorporating license information relating to the client application program into the privacy access policy stored in the electronic device;
The method of operating an electronic device according to claim 1, comprising restricting access to the private information according to the license information. Changing the access to the private information by the client application program comprises:
The method of operating an electronic device according to claim 1 or 2, comprising changing private information provided to the client application program according to the privacy access policy. Changing the access to the private information by the client application program comprises:
4. A method of operating an electronic device according to any one of claims 1 to 3, comprising preventing access to at least a portion of the private information by the client application program according to the privacy access policy.   The method for operating an electronic device according to any one of claims 1 to 4, comprising generating the privacy access policy using the privacy management module and the electronic device. The step of generating the privacy access policy includes:
Executing the privacy management module to display a policy creation user interface on the electronic device;
5. Operating the electronic device according to claim 1, comprising: incorporating the input received via the policy creation user interface into the privacy access policy stored in the electronic device. Method. Downloading a user interface to at least one of the electronic device or a separate computing device, the user interface providing input to a remote server;
Incorporating the input received via the user interface into a privacy access policy generated by a client program executable by the remote server;
The method of operating an electronic device according to any one of claims 1 to 6, comprising: downloading the privacy access policy to one or more electronic devices.   8. The privacy access policy according to any one of claims 1 to 7, wherein the privacy access policy provides artificial private information to the client application program to reduce attempts by the client application program to access the private information. How to operate an electronic device.   The privacy access policy provides artificial private information to the client application program so that the client application program can execute a plurality of functions including transmission of information from the electronic device. A method of operating an electronic device according to any one of the preceding claims, wherein the electronic device is reduced.   The method for operating an electronic device according to claim 1, wherein the electronic device is a mobile phone.   The program which makes a computer perform the method as described in any one of Claim 1 to 10. A device for managing access to stored information,
A server having a processor and a memory;
Wherein the memory stores machine-executable code, the machine-executable code, when executed by the remote electronic device, implements a privacy management module, the privacy management module,
Detecting access to private information stored in a memory of the electronic device, the access being performed by a client application program running on the electronic device;
Tracking the private information being accessed,
Reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored on the electronic device;
To change the access to the private information by the client application program, only including to provide the private information of false to the client application program in accordance with the privacy access policy,
The device, wherein the fake private information includes at least one of a fake phone number, a fake email address, a fake social security number, and a fake name . The privacy management module
Incorporating license information regarding the client application program into the privacy access policy stored in the electronic device;
13. The apparatus of claim 12, comprising instructions for restricting access to the private information according to the license information. Comprising a client program for receiving said executable by the processor of the server, the request with the case downloading said executable code to said remote electronic device via a network, according to claim 12 or 13 . The server client program is:
Downloading a user interface for display to at least one of the electronic device or a separate computing device, the user interface providing input to the client program;
The client program of the server is
Incorporating the input received via the user interface into a privacy access policy generated by the client program of the server;
Downloading the privacy access policy to one or more remote electronic devices, apparatus according to any one of claims 12 to 14. The privacy management module
Generating the privacy access policy;
Displaying a privacy access policy user interface on the electronic device;
15. The apparatus according to any one of claims 12 to 14, comprising instructions for incorporating input received via the privacy access policy user interface into the generated privacy access policy.   The apparatus according to any one of claims 12 to 16, wherein the privacy management module includes instructions for displaying a type of information accessed by the client application program via a user interface.   18. The apparatus according to any one of claims 12 to 17, wherein the privacy management module includes instructions to change the private information provided to the client application program according to the privacy access policy. The privacy management module
19. Apparatus according to any one of claims 12 to 18, comprising instructions for preventing access to at least a portion of the private information by the client application program in accordance with the privacy access policy. The privacy management module
And instructions for providing artificial private information to the client application program in accordance with the privacy access policy to reduce attempts by the client application program to access the private information stored on the electronic device. The apparatus according to any one of 12 to 19. The privacy management module
12. Instructions for providing artificial private information to the client application program in accordance with the privacy access policy to reduce execution of functions that the client application program can execute, including sending information from the electronic device. The apparatus according to any one of 12 to 20. The privacy management module
22. Apparatus according to any one of claims 12 to 21 comprising executable code executable by a mobile phone processor. A system for managing access to stored information,
A server having a processor;
Memory,
A client program and
Wherein the memory stores the available machine executable code, said machine executable code, when executed by the remote electronic device, implements a privacy management module,
The privacy management module
Detecting access to private information stored in a memory of the electronic device, the access being performed by a client application program running on the electronic device;
Tracking the private information being accessed,
Reconfiguring the electronic device to change the access to the private information by the client application program according to at least one privacy access policy stored on the electronic device;
The client program is one that can be executed by the processor to receive a request for the case downloading said executable code to said remote electronic device via a network,
To change the access to the private information by the client application program, only including to provide the private information of false to the client application program in accordance with the privacy access policy,
The fake private information includes at least one of a fake phone number, a fake email address, a fake social security number, and a fake name . The privacy management module
Incorporating license information regarding the client application program into the privacy access policy stored in the electronic device;
24. The system of claim 23, wherein access to the private information is restricted according to the license information.   The system according to claim 23 or 24, wherein the server includes at least one of an authentication agent and a policy storage / enforcement agent. Comprising the electronic device;
25. The system of claim 23 or 24, wherein the electronic device includes at least one of an authentication agent and a policy storage / enforcement agent.   27. A system according to any one of claims 23 to 26, wherein the electronic device includes a logging agent that records accesses by client application programs based on the configured privacy access policy. The client program is
Downloading a user interface for display to at least one of the electronic device or a separate computing device, the user interface providing input to the client program;
The client program is
Incorporating the input received via the user interface into a privacy access policy generated by the client program of the server;
The privacy access policy download to one or more remote electronic device, according to any one of claims 23 27 system. 29. A system according to any one of claims 23 to 28, wherein the electronic device includes a secure storage for storing the privacy access policy and a security engine that implements the privacy access policy.   11. The method of operating an electronic device according to any one of claims 1 to 10, comprising displaying on a policy creation user interface a privacy access policy determined according to a license agreement for the client application program.   The privacy management module
  23. The apparatus according to any one of claims 12 to 22, comprising instructions for displaying via a user interface a privacy access policy determined in accordance with a license agreement for the client application program.   The privacy management module
  30. A system according to any one of claims 23 to 29, wherein a privacy access policy determined according to a license agreement for the client application program is displayed via a user interface.

Images