WO2016059564A1 - Partial access screen lock - Google Patents

Partial access screen lock Download PDF

Info

Publication number
WO2016059564A1
WO2016059564A1 PCT/IB2015/057863 IB2015057863W WO2016059564A1 WO 2016059564 A1 WO2016059564 A1 WO 2016059564A1 IB 2015057863 W IB2015057863 W IB 2015057863W WO 2016059564 A1 WO2016059564 A1 WO 2016059564A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
access mode
user
partial
partial access
Prior art date
Application number
PCT/IB2015/057863
Other languages
French (fr)
Inventor
Aysha ALI
Shmuel Ur
Tim Jackson
Original Assignee
Hand Me In
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hand Me In filed Critical Hand Me In
Publication of WO2016059564A1 publication Critical patent/WO2016059564A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/36User authentication by graphic or iconic representation

Definitions

  • Mobile devices retain confidential and private information. Therefore, it is customary to many such devices to have a lock screen mechanism which is only opened upon a user entering a code, providing using biometric identification, or the like.
  • a lock screen mechanism which is only opened upon a user entering a code, providing using biometric identification, or the like.
  • mobile devices which are identified with the user, once the user opens the device (e.g., provides valid certification to unlock the device), the user is provided access to the data retained on the device.
  • One exemplary embodiment of the disclosed subject matter is a computer- implemented method performed by a computerized device, comprising: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode.
  • the method may further comprise activating an unlock screen in response to activating the control for gaining full access.
  • the unlock screen optionally requires a user to provide a certificate in order to gain full access to the computerized device.
  • the applications optionally comprise an application selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device.
  • one or more of the applications may also be operated in full access mode.
  • an application comprised in the applications is optionally executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode.
  • the method is optionally activated in response to the computerized device not being in use for at least a predetermined period of time.
  • the control for each of applications accessible in partial access mode optionally requires a certificate available to an occasional user, wherein the occasional user is authorized by the selected application.
  • the certificate is optionally provided by the occasional user, or by a third party providing the certificate to the computerized device over a communication channel based on a granted request by the occasional user.
  • the method may further comprise monitoring the computerized device to prevent access to an application for which access is restricted in partial access mode.
  • said monitoring optionally comprises: detecting a current foreground application in the computerized device; and in response to the current foreground application not being in a list of accessible applications in partial access mode, invoking a lock screen to appear in front of the current foreground application thereby denying user interaction with the current foreground application.
  • said monitoring optionally comprises: intercepting a request to access data or invoke an application; determining whether the request requests access to accessible data or application in partial access mode; and denying the request in response to determination that the request is impermissible in partial access mode.
  • FIG. 1 Another exemplary embodiment of the disclosed subject matter is a computerized apparatus having a processor, the processor being adapted to perform the steps of: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode.
  • the processor is optionally further adapted to activate a lock screen in response to activating the control for gaining full access.
  • the unlock screen optionally requires a user to provide a certificate in order to gain full access to the computerized device.
  • the one or more applications optionally comprise an application selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device.
  • one or more of the applications may also be operated in full access mode.
  • an application comprised in the applications is optionally executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode.
  • the processor is optionally further adapted to monitor the computerized device to prevent access to an application for which access is restricted in partial access mode.
  • Yet another exemplary embodiment of the disclosed subject matter is a computer program product comprising a computer readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method comprising: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode.
  • a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode.
  • FIG. 1 shows a schematic exemplary screenshot of a partial access lock screen, in accordance with some exemplary embodiments of the subject matter
  • FIG. 2 shows a schematic exemplary screenshot of an unlock screen
  • FIG. 3 shows a schematic exemplary screenshot of authorization options for an application in partial access mode, in accordance with some exemplary embodiments of the subject matter
  • FIG. 4 shows a schematic exemplary screenshot of a medical application operating in a partial access mode, in accordance with some exemplary embodiments of the subject matter
  • FIG. 5 shows a schematic exemplary screenshot of a management screen for a partial access application launcher, in accordance with some exemplary embodiments of the subject matter
  • FIG. 6 shows a block diagram of a computing device providing partial access to applications, in accordance with some exemplary embodiments of the disclosed subject matter.
  • Fig. 7 shows a flowchart diagram of a method for providing partial access to applications, in accordance with some exemplary embodiments of the disclosed subject matter.
  • an owner of a mobile device would like or need to grant to another user access to some functionality or some information available thereon. However, the owner may prefer to grant only partial access rather than full control of the device. Some examples of such partial access may include: letting one's child play a game on the device; helping someone that found a lost device find alternative communication channels to return it to its owner; a medical aid personnel trying to treat a wounded person and require some basic information such as blood type; a law enforcement officer who may have a legitimate reason to see some information; letting someone from the owner's friends or organization use some of the phone's capabilities (e.g. GPS, telephone, recorder); or the like.
  • the phone's capabilities e.g. GPS, telephone, recorder
  • the smartphone is password-protected, letting a person other than the phone's owner or regular user know one's personal password is generally undesired, since that person may then assume control over all data and applications stored on or accessible through the smartphone. Beyond invading one's privacy, the other person may also cause heavy damages, for example by deleting data.
  • One technical problem handled by the disclosed subject matter is the need to grant full or partial access to one or more applications installed on a mobile device such as a smartphone, to a person (hereinafter "occasional user") other than the owner or a regular user of the device (hereinafter "owner").
  • a mobile device such as a smartphone
  • owner a person
  • the occasional user may not be allowed to access other applications or data or even restricted data or functionality of the same application, and certainly not to cause damage to the device or to any data or applications stored thereon.
  • the disclosed subject matter be applied on a personal device that is associated with a single person, such as but not limited to a smartphone of a user, a Personal Digital Assistant (PDA) of a user, a tablet computer of a user, or the like.
  • a personal device that is associated with a single person, such as but not limited to a smartphone of a user, a Personal Digital Assistant (PDA) of a user, a tablet computer of a user, or the like.
  • PDA Personal Digital Assistant
  • Another technical problem handled by the disclosed subject matter is the need to immediately locate one or more applications which may be required by the occasional user. For example, a medical emergency person may find it useful to have immediate access to some basic medical details such as blood type or allergies, without having to search through the device.
  • Yet another technical problem may relate to some partial accesses requiring identification or authorization of the occasional user, wherein the identification may have to be done by the mobile device, for example in the case of a child being granted permission to play, or by a remote computing platform when the occasional user is a- priory unknown, for example medical stuff in case of an accident.
  • Yet another technical problem may relate to the need to enforce partial access without the operating system being aware of such partial access permission.
  • one application may be allowed for access during in the partial access permission while a second application may not be allowed for access.
  • the first application may invoke the second application and the operating system which may be unaware of the partial access may not restrict such invocation.
  • Implementing such a restriction not through the operating system may prove to be a technical challenge.
  • One technical solution relates to a screen lock that comprises an application launcher, such that when the screen is locked, a multiplicity of icons or other controls are presented which enable launching of some applications, hereinafter referred to as "accessible applications".
  • the accessible applications may be activated without unlocking the screen lock, and may enable access to data or applications to an occasional user, who may not have access to a password protecting the device.
  • one or more of the icons provide access to a modified or reduced version of an accessible application, such that the occasional user does not have access to the full functionality or data associated with the accessible application. For example, occasional medical stuff may only have access to blood type and allergies of the owner, but not to her full medical history.
  • the applications that are executable from the application launcher in partial access mode may be user-defined to be executable in the partial access mode.
  • a user such as an owner of the device, may define the applications as executable in partial access mode via a configuration counsel by selecting from one or more applications, some of which may be downloaded to the device from external sources, such as an application repository.
  • the application may be user-defined to be executable in the partial access mode based on the user downloading and installing such an app which is pre-configured to be executed in partial access mode.
  • a distributer of a game application may also distribute an application to be downloaded which enables execution of the game application in partial access mode.
  • the application may be hard-coded to execute only the game application in partial access mode, the user is deemed as defining the game application to be executable in the partial access mode as the user downloaded and installed the application, and such execution is not a pre-configuration of the operating system of the device.
  • Another technical solution comprises blocking activities taken by a user of any of the accessible applications when activated from the screen lock, such that an occasional user cannot navigate to applications installed on the device other than the accessible applications, or gain access to data that is inaccessible from the accessible applications.
  • such block is implemented without the assistance of the operating system.
  • Yet another technical solution comprises the need to identify or authorize an occasional user accessing to one or more accessible applications.
  • the occasional user's identity may be authenticated by the device, for example in the case a parent wants to let her child play a game with the device.
  • the identity may be verified by a third party, optionally over a communication channel.
  • the medical application discussed above may be accessible only to medical stuff that may be authenticated by a third party, wherein authentication may take place over the network.
  • Yet another technical solution comprises providing an Application Programming Interface (API) which may be used when developing an accessible application, such that the accessible application may provide certain functionality when activated from the lock screen.
  • the application may provide other, usually richer, functionality when activated by a person having full access to the device, such as the owner or a person having a password for the device.
  • API Application Programming Interface
  • One technical effect of the disclosed subject matter relates to providing partial access to a multiplicity of applications installed on a mobile device, without granting access, and preventing such access, to the full data or functionality of the device.
  • Another technical effect relates to displaying to an occasional user the applications available for partial access, such that the user does not have to look among all installed applications for the required information or functionality.
  • lock screen refers to a screen displayed by a computing device when the device is in "locked” mode.
  • an operating system may have a default lock screen which enables users to unlock the device (e.g., directly in case unlocking does not require a certificate; or via an unlock screen in case a certificate is required for unlocking the device).
  • a lock screen in accordance with the disclosure may allow access to applications in partial access mode as well as to a full access mode of the computing platform.
  • unlock screen refers to a screen in which a user may provide a certificate, such as type a code, mark a pattern, provide user credentials, say one or more words or the like, in order to gain full access to the computing platform.
  • FIG. 1 showing an exemplary screenshot of a lock screen, in accordance with some embodiments of the disclosure.
  • the screen generally referenced 100, shows a lock screen that is displayed when the device is locked for usage in full access mode.
  • Screen 100 includes a user interface of application launcher 120 comprising multiplicity of icons, such as icon 104 for displaying medical data of an owner of the device; icon 108 for providing access to maps; or the like. Touching, clicking or otherwise pointing on any of the icons may activate the corresponding application.
  • the application may have different functionality when executed in a partial access mode than when executed in full access mode. Additionally or alternatively, the application may have the same functionality regardless of under which access mode it is being executed.
  • Lock screen 100 may also comprise a sliding area 112, which when the user slides her finger over it, may display and activate the desktop of the device, or displays an unlock screen. It will be appreciated that other types of controls requiring other actions may be used instead of sliding area 112.
  • Application launcher 120 may comprise icons of applications that can be launched. Applications may be added or removed from application launcher 120, such as by the owner of the device, by a user with credentials or the like. In some exemplary embodiments, application launcher 120 may allow launching of any third-party application, such as but not limited to applications downloaded from an application store, applications downloaded from the Internet, or the like. In particular, some of the applications that application launcher 120 may also launch applications that are not integral part of the operating system of the device (e.g., not the dialer of the operating system).
  • application launcher 120 may also launch applications that have no specific functionality recognized by the operating system (e.g., not a downloaded browser app that is recognized and defined as the default browser of the operating system).
  • application launcher 120 may appear similar to a desktop launcher of the computing device and may provide a similar look and feel.
  • a user may be able to delete an application from the device
  • application launcher 120 a user may not be able to delete the application from the device.
  • the user may interact with icon 104, for example, by providing a long click action thereon, to delete icon 104 from application launcher 120 but without deleting the corresponding application itself from the device nor affecting its data.
  • removing icons from application launcher 120 may only be possible in full mode or after providing adequate certificate to ensure the user performing such action is authorized.
  • application launcher 120 may be accessible after providing a certificate, such as a password.
  • a certificate such as a password.
  • no certificate is required and any user can invoke any application from application launcher 120.
  • one application launcher may be accessible to a guest user having no certificate, while another application launcher may be accessible to an occasional user having a password.
  • the password to gain access to the other launcher may be different than the password that is used to unlock the device.
  • a control such as sliding area 112 may be used in order to gain access to a different launcher or to a restricted launcher.
  • different occasional users may be granted with the option to view different launchers, such as for example medical personnel may be granted access to a launcher with medical related applications, IT personnel may be granted access to applications relating to security of the device, technical configurations, or the like, children of the owner may be granted access to certain set of allowed games, such as having a Parental Guidance (PG) rating, being free to play and not including in-app purchases, not comprising inappropriate ads, or the like.
  • PG Parental Guidance
  • an application may be available from the lock screen 100 for providing instructions to someone who happens to find the device. For example, in case a mobile device gets lost, an occasional user may pick up the device and without having to bypass the required certificate to open the device, she may be able to launch an application (e.g., using an icon such as 108).
  • the application may be used to provide instructions as to how to return the device. In some exemplary embodiments, such application may only be available from the lock screen 100, elsewhere in partial access mode and not available in full access mode.
  • the application may display the information of the owner of the device. Additionally or alternatively, the application may display the information of the service that handles the returning of the device, which may or may not offer a reward.
  • the information on what the application shows and how may be controlled remotely. For example, in case the user has moved to a city for a week and her phone is lost, she may, from the Internet, put her current residence so the screen lock will change and someone who sees it can bring it back to the current, temporary location. Additionally or alternatively, such application may allow contacting a predetermined set of contact persons, such as contact persons in the address book of the mobile device, alternative phone numbers or e-mail addresses of the owner of the device, the spouse of the owner, a call-center, or the like.
  • a predetermined set of contact persons such as contact persons in the address book of the mobile device, alternative phone numbers or e-mail addresses of the owner of the device, the spouse of the owner, a call-center, or the like.
  • Fig. 2 showing an unlock screen which may be implemented as part the lock screen of the current disclosure, provided with the operating system of the device, by a third party, or the like.
  • the user In order to open the unlock screen, the user needs to provide a certificate, such as providing a key code, a password, marking a pattern, saying a phrase, providing a biometric measurement (e.g. fingerprint), or the like.
  • a certificate such as providing a key code, a password, marking a pattern, saying a phrase, providing a biometric measurement (e.g. fingerprint), or the like.
  • biometric measurement e.g. fingerprint
  • lock screen 100 of Fig. 1 may be implemented with password protection, such that unlock screen 200 may be displayed upon sliding over area 112.
  • lock screen 100 may be implemented without password protection, such that sliding over area 112 grants a user full access to the data and applications.
  • such configuration is still beneficial over unlock screen 200, when the owner wishes to give partial access to a person she trusts not to misuse the device.
  • Another benefit of such configuration is that it provides occasional users, such as medical stuff, immediate access to the required information.
  • FIG. 3 showing an exemplary authentication screen, generally referenced 300, for authenticating an occasional user to the medical application accessed by touching icon 104 of Fig. 1.
  • the medical personnel may identify themselves using fingerprint identification area 304, entering a password on text area 308, or by touching area 312 for initiating a call using the device itself for receiving further identification options, such as through a third party. It will be appreciated that further identification manners may be provided.
  • identification may be performed by the device itself, for by example accepting or rejecting by fingerprint based on comparison to fingerprints stored on the device, or comparing an entered password to stored passwords.
  • Such scheme of verification by the device is limited to situations in which there is some preparation by the device owner, such as getting fingerprint of expected occasional users. This authentication scheme may not enable other occasional users access the data, even in emergency situations.
  • verification may be performed by a third party, for example on a remote server.
  • a third party for example on a remote server.
  • an owner of the device does not have to know a-priori all potential occasional users. Rather, an occasional user such as a medical stuff member may identify herself against a server maintaining a registration of all personnel member allowed to access such data. Such registration may be updated regularly, thus ensuring access only to currently allowed members.
  • accessible applications may be implemented in two or more modes, wherein one or more modes are intended for occasional users, who may or may not be identified, and one or more modes are intended for users having full access to the device, wherein these users also may or may not be required to identify.
  • FIG. 4 showing an exemplary display of a medical status summary of a device owner, which may be displayed to an occasional user upon touching icon 104 of Fig. 1 if there is no identification requirement, or after the occasional user has identified herself, for example with any of the options discussed in association with Fig. 3 above.
  • a display such as the display shown in Fig. 4 may contain basic details such as name, date of birth, physician, allergies, blood type, organ donation consent, or the like.
  • a game when invoked in another manner, such as when a user has full access to the device, may behave differently, for example it may display the full medical history of the device owner.
  • a game may have two modes, wherein the partial access mode does not enable purchasing of further games or features, which is enabled when the game is activated in the full access mode.
  • the disclosed launcher may be implemented on any type of device and under any operating system, such as AndroidTM, iOSTM, Windows MobileTM or any other operating system.
  • the disclosure may be implemented as part of any operating system itself.
  • Fig. 5 showing a schematic exemplary screenshot of a management screen for a partial access application launcher.
  • the management screen of the partial access may be accessed when a user of the device is in full mode.
  • the management screen of the partial access may require the user to enter additional certification in order to access or change the applications enabled by the launcher.
  • the partial access management screen may comprise a control for managing for each partial access mode, such as button 504 for managing kids partial access, button 508 for managing business partial access, and button 512 for managing utility partial access. It will be appreciated that a further control may be provided for adding further partial accesses, and that one or more partial accesses may also be deleted.
  • the user may be presented with a list of applications currently available in this mode, and whether each application is active or not, e.g. whetehr it is presented when this mode is assumed.
  • MathelyTM application 520 is currently on and may be switched off using control 524
  • QuickCalTM application 528 is also currently on and may be switched off using control 532, and so on for the further displayed applications.
  • a user may add further applications to the list, remove applications from the list, or the like.
  • the list of applications available in one or more partial access modes may be remotely controlled, for example from another computing platform being in communicating with a server that further communicates with the device.
  • remote control may provide a user with the option to remove from the partial access one or more partial access applications if the device has been stolen.
  • an owner of the device may remotely remove applications providing access to private information, but may keep an application that enables a finder of the device to communicate with the owner.
  • FIG. 6 illustrating a functional block diagram of a computing device, such as a smartphone, providing partial access to applications, in accordance with some embodiments of the disclosed subject matter.
  • Computing device 600 may comprise one or more processors 604, for executing applications, modules, libraries or other executable units associated with the disclosed subject matter.
  • Processor 604 may be a Central Processing Unit (CPU), a microprocessor, an electronic circuit, an Integrated Circuit (IC) or the like.
  • processor 604 can be implemented as firmware programmed for or ported to a specific processor such as digital signal processor (DSP) or microcontrollers, or can be implemented as hardware or configurable hardware such as field programmable gate array (FPGA) or application specific integrated circuit (ASIC).
  • DSP digital signal processor
  • FPGA field programmable gate array
  • ASIC application specific integrated circuit
  • Processor 604 may be operative to execute any program instruction retained in a storage 612 of the device, such as included in an executable file of an application.
  • Computing device 600 may comprise a storage 612 for storing one or more applications, data, configurations, or the like.
  • Storage 612 may comprise one or more flash disk, Random Access Memory (RAM), memory chip, optical storage device such as a CD, a DVD, or laser disk; magnetic storage device such as a tape, a hard dis; a semiconductor storage device such as flash device, memory stick, or the like.
  • RAM Random Access Memory
  • Computing device 600 may comprise one or more I/O devices such as a display, a touch screen, a microphone, a speaker, or the like.
  • Storage 612 may comprise partial access application 616, for enabling partial access to a multiplicity of applications without granting full control of the device to an occasional user.
  • Partial access application 616 may comprise lockscreen module 620 which may be activated when the device locks itself, for example when a predetermined period of time has elapsed since the device has last been used, or upon the user explicitly locking the device (e.g., pressing the "power" button).
  • Lockscreen module 620 causes a lock screen in accordance with the disclosure to be displayed, such as the screen shown in Fig. 1 discussed above.
  • lockscreen module 620 may be implemented by listening to specific broadcasting of the operating system. Using required flags when starting lockscreen module 620, a lock screen in association with the disclosure may replace the default lock screen of the computing platform, for example the lock screen that is defined internally by the operating system.
  • the unlocking mechanism may be implemented by the operating system itself and unlocking the device may require providing the certificate using the unlock screen of the embedded locking mechanism of the operating system.
  • lockscreen module 620 may be configured to display the lock screen in front of/on top of the unlock screen. Upon the lock screen of lockscreen module 620 being removed, the unlock screen is displayed to the user which can interact with it.
  • Partial access application 616 may comprise a monitoring module 624, for preventing other controls from unlocking the screen or accessing applications other than those appearing on the lock screen. Prevention may refer, for example to pressing the "home” button, touching a “back” button, clicking on a navigation bar, having an application invoke another impermissible application, or the like.
  • activating any functionality of the device may be enabled only by touching or otherwise activating any of the icons associated with accessible applications, or swiping the unlock area, which may lead to the unlock screen of the device, if one is activated.
  • An application started from the lock screen is prevented from navigating away from the lock screen. In AndroidTM system this may be achieved by comparing the name of the application to a name of the application it is trying to navigate to. If the names differ, the lock screen is displayed in the front of the display, thus preventing the user to view or interact with the restricted application. Such a method may prevent access to non-accessible applications. Additionally or alternatively, there may be a set of allowed packages thereby allowing the user to navigate between different applications that are accessible in partial access mode.
  • Partial access application 616 may comprise application launcher 628, for launching any of the applications appearing on the lock screen. The applications are launched in response to touching the corresponding icon or another action of the occasional user.
  • the application may be launched in partial access mode by using specific flags set by the launcher and identifying that the application is being executed in partial access mode. If no such flags are set, the application may be started in unrestricted mode.
  • application launching module 628 may start application 1 (632) which may have been developed in correspondence with partial access application 616.
  • Application 1 (632) may provide partial access when activated by launching module 628, and may provide different, optionally richer, functionality when operated in the usual manner when the device is unlocked.
  • application 1 may utilize an API of partial access application 616 that can be used to determine whether application 1 (632) is currently being executed in partial access mode or full unrestricted mode.
  • the application when the application is launched from application launcher 628, it may be provided with a command line argument, an environment variable or a similar construct that is used to pass information to the executed application from the invocation, generally referred to as an execution argument.
  • the execution argument may be used to indicate that the application is executed in partial access mode.
  • Application 1 (532) may be invoked by the API which may view the execution argument and determine whether or not the application is being executed in partial access mode.
  • the API may also be used to set flags for the application.
  • the flag FLAG_SHOW_WHEN_LOCKED may be set to ensure that the window of the application is shown on top of a lock screen.
  • the flag FL AG DISMIS S KE YGUARD may be set to dismiss the internal keyguard in a non-secured lock screen (i.e., lock screen that does not require a certificate for unlocking).
  • Application launcher 628 may also start application 2 (636) which has not been developed in accordance with the disclosed subject matter, and provides the full functionality when activated either in partial access mode or in full access mode.
  • application launcher 628 may be configured to set appropriate flags to the executed applications so as to cause them to appear in front of the lock screen if the lock screen is not dismissed and the general lock of the device is maintained.
  • FIG. 7 showing a flowchart of steps in a method for providing partial access to applications, in accordance with some embodiments of the disclosed subject matter.
  • step 700 it is identified that a lock screen is to be displayed, for example by listening to corresponding messages broadcasted.
  • the lock screen may have to be displayed, for example, after the device has not been used for a predetermined period of time or after the user locks the device.
  • the lock screen may be displayed, with an icon or another control for each application registered to provide partial (or full) functionality for an occasional user. If the computing platform is operated with a password-protected keyguard, then the lock screen is displayed so as it hides the unlock screen associated with the keyguard such that when it is removed, the unlock screen is visible and operative.
  • access to the application launcher may be restricted to users having certificates. Additionally or alternatively, there may be several alternative application launchers for occasional users.
  • an indication to an application selected to be invoked may be received.
  • the user may utilize any input device to select the application, such as but not limited to using a pointing device or touch screen to point or click on an icon corresponding to the specific application, using a microphone to obtain user's speech that is analyzed for commands, or the like.
  • the selected application is launched in partial access mode.
  • the launched application may not be aware that it is being executed in partial access mode and it may not function differently than in full access mode.
  • the application may be externally manipulated to be executed in front of the unlock screen..
  • the launched application may implement an authorization process to be performed by the device or by a third party over a communication channel. Any authorization of identification scheme currently known or that will become known in the future may be used.
  • the device On monitoring step 716, the device is monitored to prevent navigation from the accessible application or from the lock screen to another application, or to functionality of the activated application which is disabled in the partial access mode. In some exemplary embodiments, the monitoring is performed repeatedly as long as the device is locked, as long as the device is executed in partial access mode, or the like.
  • a current executed foreground application in the computerized device may be detected.
  • a poll service may be used to listen if the package of the foreground activity being executed by the operating system changes.
  • the executed foreground application may be compared to a list of applications authorized in partial access mode.
  • the list may comprise all applications that are directly executable from a launcher, such as 120 of Figure 1. Additionally or alternatively, the list may comprise additional applications that are not directly executable from the partial access launcher.
  • the executed foreground application may be compared to the application that was launched by the partial access launcher to prevent switching to any other application, regardless of whether it is permissible to be executed in partial access mode.
  • the partial access lock screen (e.g. lock screen 100 of Fig. 1) may be invoked to appear in front of the current foreground application.
  • the lock screen may reappear and prevent her from interacting with the restricted application.
  • the restricted application may be shut down, such as by sending a kill signal to the application.
  • requests to access data or to invoke an application may be intercepted.
  • the requests may be intercepted before reaching the operating system or within an internal portion of the operating system.
  • the requests may be analyzed to determine whether the request is in line with the partial access permissions, e.g., whether the requested data is available in the partial access mode, or whether the requested application is permitted to be executed in the partial access mode.
  • the request may be allowed to continue and be performed (e.g., passing the request to the operating system or continue handling the request by the operating system).
  • the request may be denied.
  • a response to the request may be returned which provides an error code indicating the request was not performed.
  • the error code may indicate a partial access impermissible operation.
  • the request may be denied externally to the operating system without the operating system being aware of the request ever being made.
  • some applications may comprise banners, pop-up ads, or other advertisements. Such ads, when clicked, may be configured to send the user to view a different webpage, an application purchase form, or the like.
  • the ads may not be blocked within the application that is being executed in partial access mode. However, clicking on the ads may not lead the user to the target landing page, as reaching the landing page may require opening another application (e.g., a browser for reaching a URL, an application store app for reaching an application purchase form, or the like).
  • a specific application is defined for partial access
  • activation of that type of application by another application may operate the specific application. For example, if a specific browser is available in partial access mode, then if another application active in partial access mode tries to access a web page, then the partial access browser may be activated instead of the regular browser.
  • the lock screen may be terminated, for example when full control of the device is resumed responsive to a user swiping over the appropriate area of the screen, and possibly entering PIN code, pattern, or providing other certificate in the unlock screen.
  • the parts of the disclosed subject matter may be embodied as a system, method or computer program product. Accordingly, the disclosed subject matter may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit,” "module” or “system.” Furthermore, the present disclosure may take the form of a computer program product embodied in any tangible medium of expression having computer-usable program code embodied in the medium.
  • the computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium.
  • the computer-readable medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CDROM), an optical storage device, a transmission media such as those supporting the Internet or an intranet, or a magnetic storage device.
  • the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory.
  • a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
  • the computer- usable medium may include a propagated data signal with the computer-usable program code embodied therewith, either in baseband or as part of a carrier wave.
  • the computer usable program code may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, and the like.
  • Computer program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages.
  • the program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
  • the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
  • LAN local area network
  • WAN wide area network
  • Internet Service Provider an Internet Service Provider

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

A computer-implemented method performed by a computerized device, a computerized apparatus and a computer program product, the method comprising: displaying on a display device of the computerized device a lock screen comprising: a control an application accessible in partial access mode, wherein the application is user defined to be executable in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to invoke the application; and launching the application in partial access mode.

Description

PARTIAL ACCESS SCREEN LOCK
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims the benefit of U.S. provisional Application No. 62/065,147 filed October 17, 2014, titled "Method for granting Partial Temporary Access to a Device for a Specific Pre-determined Purpose" which is hereby incorporated by reference in its entirety.
TECHNICAL FIELD
[0002] In recent years, electronic technology, including communication technology, has revolutionized our everyday lives. Electronic communication devices such as mobile phones, tablet computers or others have changed the lives of almost every person living in the developed world, and quite a number of people living in undeveloped countries. Mobile communication and computing devices, and smartphones in particular, have become an object many people carry with them all the time and use for countless needs, including communicating with other people or entities in a variety of channels, and managing their personal and professional life. Practically, smartphones have often become inseparable from their owners.
[0003] Mobile devices retain confidential and private information. Therefore, it is customary to many such devices to have a lock screen mechanism which is only opened upon a user entering a code, providing using biometric identification, or the like. In mobile devices which are identified with the user, once the user opens the device (e.g., provides valid certification to unlock the device), the user is provided access to the data retained on the device. BRIEF SUMMARY
[0004] One exemplary embodiment of the disclosed subject matter is a computer- implemented method performed by a computerized device, comprising: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode. The method may further comprise activating an unlock screen in response to activating the control for gaining full access. Within the method, the unlock screen optionally requires a user to provide a certificate in order to gain full access to the computerized device. Within the method, the applications optionally comprise an application selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device. Within the method, one or more of the applications may also be operated in full access mode. Within the method, an application comprised in the applications is optionally executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode. The method is optionally activated in response to the computerized device not being in use for at least a predetermined period of time. Within the method, the control for each of applications accessible in partial access mode optionally requires a certificate available to an occasional user, wherein the occasional user is authorized by the selected application. Within the method, the certificate is optionally provided by the occasional user, or by a third party providing the certificate to the computerized device over a communication channel based on a granted request by the occasional user. The method may further comprise monitoring the computerized device to prevent access to an application for which access is restricted in partial access mode. Within the method, said monitoring optionally comprises: detecting a current foreground application in the computerized device; and in response to the current foreground application not being in a list of accessible applications in partial access mode, invoking a lock screen to appear in front of the current foreground application thereby denying user interaction with the current foreground application. Within the method, said monitoring optionally comprises: intercepting a request to access data or invoke an application; determining whether the request requests access to accessible data or application in partial access mode; and denying the request in response to determination that the request is impermissible in partial access mode.
[0005] Another exemplary embodiment of the disclosed subject matter is a computerized apparatus having a processor, the processor being adapted to perform the steps of: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode. Within the apparatus, the processor is optionally further adapted to activate a lock screen in response to activating the control for gaining full access. Within the apparatus, the unlock screen optionally requires a user to provide a certificate in order to gain full access to the computerized device. Within the apparatus, the one or more applications optionally comprise an application selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device. Within the apparatus, one or more of the applications may also be operated in full access mode. Within the apparatus, an application comprised in the applications is optionally executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode. Within the apparatus, the processor is optionally further adapted to monitor the computerized device to prevent access to an application for which access is restricted in partial access mode.
[0006] Yet another exemplary embodiment of the disclosed subject matter is a computer program product comprising a computer readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method comprising: displaying on a display device of the computerized device a lock screen comprising: a control for each of one or more applications accessible in partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication to a selected application to be invoked, the application selected from the one or more applications; and launching the selected application in partial access mode. THE BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
[0007] The present disclosed subject matter will be understood and appreciated more fully from the following detailed description taken in conjunction with the drawings in which corresponding or like numerals or characters indicate corresponding or like components. Unless indicated otherwise, the drawings provide exemplary embodiments or aspects of the disclosure and do not limit the scope of the disclosure. In the drawings:
[0008] Fig. 1 shows a schematic exemplary screenshot of a partial access lock screen, in accordance with some exemplary embodiments of the subject matter;
[0009] Fig. 2 shows a schematic exemplary screenshot of an unlock screen;
[0010] Fig. 3 shows a schematic exemplary screenshot of authorization options for an application in partial access mode, in accordance with some exemplary embodiments of the subject matter;
[0011] Fig. 4 shows a schematic exemplary screenshot of a medical application operating in a partial access mode, in accordance with some exemplary embodiments of the subject matter;
[0012] Fig. 5 shows a schematic exemplary screenshot of a management screen for a partial access application launcher, in accordance with some exemplary embodiments of the subject matter;
[0013] Fig. 6 shows a block diagram of a computing device providing partial access to applications, in accordance with some exemplary embodiments of the disclosed subject matter; and
[0014] Fig. 7 shows a flowchart diagram of a method for providing partial access to applications, in accordance with some exemplary embodiments of the disclosed subject matter. DETAILED DESCRIPTION
[0015] In some situations, an owner of a mobile device would like or need to grant to another user access to some functionality or some information available thereon. However, the owner may prefer to grant only partial access rather than full control of the device. Some examples of such partial access may include: letting one's child play a game on the device; helping someone that found a lost device find alternative communication channels to return it to its owner; a medical aid personnel trying to treat a wounded person and require some basic information such as blood type; a law enforcement officer who may have a legitimate reason to see some information; letting someone from the owner's friends or organization use some of the phone's capabilities (e.g. GPS, telephone, recorder); or the like.
[0016] Some partial accesses may be required for just one time, while in other cases it may be required multiple times.
[0017] If the smartphone is password-protected, letting a person other than the phone's owner or regular user know one's personal password is generally undesired, since that person may then assume control over all data and applications stored on or accessible through the smartphone. Beyond invading one's privacy, the other person may also cause heavy damages, for example by deleting data.
[0018] One technical problem handled by the disclosed subject matter is the need to grant full or partial access to one or more applications installed on a mobile device such as a smartphone, to a person (hereinafter "occasional user") other than the owner or a regular user of the device (hereinafter "owner"). However, the occasional user may not be allowed to access other applications or data or even restricted data or functionality of the same application, and certainly not to cause damage to the device or to any data or applications stored thereon.
[0019] In some exemplary embodiments, the disclosed subject matter be applied on a personal device that is associated with a single person, such as but not limited to a smartphone of a user, a Personal Digital Assistant (PDA) of a user, a tablet computer of a user, or the like.
[0020] Another technical problem handled by the disclosed subject matter is the need to immediately locate one or more applications which may be required by the occasional user. For example, a medical emergency person may find it useful to have immediate access to some basic medical details such as blood type or allergies, without having to search through the device.
[0021] Yet another technical problem may relate to some partial accesses requiring identification or authorization of the occasional user, wherein the identification may have to be done by the mobile device, for example in the case of a child being granted permission to play, or by a remote computing platform when the occasional user is a- priory unknown, for example medical stuff in case of an accident.
[0022] Yet another technical problem may relate to the need to enforce partial access without the operating system being aware of such partial access permission. In some cases, one application may be allowed for access during in the partial access permission while a second application may not be allowed for access. However, the first application may invoke the second application and the operating system which may be unaware of the partial access may not restrict such invocation. Implementing such a restriction not through the operating system may prove to be a technical challenge.
[0023] One technical solution relates to a screen lock that comprises an application launcher, such that when the screen is locked, a multiplicity of icons or other controls are presented which enable launching of some applications, hereinafter referred to as "accessible applications". The accessible applications may be activated without unlocking the screen lock, and may enable access to data or applications to an occasional user, who may not have access to a password protecting the device. Optionally, one or more of the icons provide access to a modified or reduced version of an accessible application, such that the occasional user does not have access to the full functionality or data associated with the accessible application. For example, occasional medical stuff may only have access to blood type and allergies of the owner, but not to her full medical history.
[0024] By the mere presence of the icons on the lock screen, an occasional user can realize what applications or what data are available without full access to the device. For example, emergency medical stuff may immediately realize that basic medical information is available.
[0025] In some exemplary embodiments, the applications that are executable from the application launcher in partial access mode may be user-defined to be executable in the partial access mode. A user, such as an owner of the device, may define the applications as executable in partial access mode via a configuration counsel by selecting from one or more applications, some of which may be downloaded to the device from external sources, such as an application repository. Additionally or alternatively, the application may be user-defined to be executable in the partial access mode based on the user downloading and installing such an app which is pre-configured to be executed in partial access mode. For example, a distributer of a game application may also distribute an application to be downloaded which enables execution of the game application in partial access mode. Though the application may be hard-coded to execute only the game application in partial access mode, the user is deemed as defining the game application to be executable in the partial access mode as the user downloaded and installed the application, and such execution is not a pre-configuration of the operating system of the device.
[0026] Another technical solution comprises blocking activities taken by a user of any of the accessible applications when activated from the screen lock, such that an occasional user cannot navigate to applications installed on the device other than the accessible applications, or gain access to data that is inaccessible from the accessible applications. Optionally, such block is implemented without the assistance of the operating system.
[0027] Yet another technical solution comprises the need to identify or authorize an occasional user accessing to one or more accessible applications. The occasional user's identity may be authenticated by the device, for example in the case a parent wants to let her child play a game with the device. In some embodiments, the identity may be verified by a third party, optionally over a communication channel. For example, the medical application discussed above may be accessible only to medical stuff that may be authenticated by a third party, wherein authentication may take place over the network.
[0028] Yet another technical solution comprises providing an Application Programming Interface (API) which may be used when developing an accessible application, such that the accessible application may provide certain functionality when activated from the lock screen. Optionally, the application may provide other, usually richer, functionality when activated by a person having full access to the device, such as the owner or a person having a password for the device. [0029] One technical effect of the disclosed subject matter relates to providing partial access to a multiplicity of applications installed on a mobile device, without granting access, and preventing such access, to the full data or functionality of the device.
[0030] Another technical effect relates to displaying to an occasional user the applications available for partial access, such that the user does not have to look among all installed applications for the required information or functionality.
[0031] The term "lock screen" refers to a screen displayed by a computing device when the device is in "locked" mode. In some exemplary embodiments, an operating system may have a default lock screen which enables users to unlock the device (e.g., directly in case unlocking does not require a certificate; or via an unlock screen in case a certificate is required for unlocking the device). In some exemplary embodiments, a lock screen in accordance with the disclosure, may allow access to applications in partial access mode as well as to a full access mode of the computing platform.
[0032] The term "unlock screen" refers to a screen in which a user may provide a certificate, such as type a code, mark a pattern, provide user credentials, say one or more words or the like, in order to gain full access to the computing platform.
[0033] Referring now to Fig. 1, showing an exemplary screenshot of a lock screen, in accordance with some embodiments of the disclosure. The screen, generally referenced 100, shows a lock screen that is displayed when the device is locked for usage in full access mode. Screen 100 includes a user interface of application launcher 120 comprising multiplicity of icons, such as icon 104 for displaying medical data of an owner of the device; icon 108 for providing access to maps; or the like. Touching, clicking or otherwise pointing on any of the icons may activate the corresponding application. In some exemplary embodiments, the application may have different functionality when executed in a partial access mode than when executed in full access mode. Additionally or alternatively, the application may have the same functionality regardless of under which access mode it is being executed.
[0034] Lock screen 100 may also comprise a sliding area 112, which when the user slides her finger over it, may display and activate the desktop of the device, or displays an unlock screen. It will be appreciated that other types of controls requiring other actions may be used instead of sliding area 112.
[0035] User interface of an application launcher, for simplicity referred to as application launcher 120 may comprise icons of applications that can be launched. Applications may be added or removed from application launcher 120, such as by the owner of the device, by a user with credentials or the like. In some exemplary embodiments, application launcher 120 may allow launching of any third-party application, such as but not limited to applications downloaded from an application store, applications downloaded from the Internet, or the like. In particular, some of the applications that application launcher 120 may also launch applications that are not integral part of the operating system of the device (e.g., not the dialer of the operating system). Additionally or alternatively, application launcher 120 may also launch applications that have no specific functionality recognized by the operating system (e.g., not a downloaded browser app that is recognized and defined as the default browser of the operating system). In some exemplary embodiments, application launcher 120 may appear similar to a desktop launcher of the computing device and may provide a similar look and feel. In some exemplary embodiments, while in the desktop launcher a user may be able to delete an application from the device, in application launcher 120 a user may not be able to delete the application from the device. In some cases, the user may interact with icon 104, for example, by providing a long click action thereon, to delete icon 104 from application launcher 120 but without deleting the corresponding application itself from the device nor affecting its data. In some exemplary embodiments, removing icons from application launcher 120 may only be possible in full mode or after providing adequate certificate to ensure the user performing such action is authorized.
[0036] In some exemplary embodiments, application launcher 120 may be accessible after providing a certificate, such as a password. In some exemplary embodiments, no certificate is required and any user can invoke any application from application launcher 120. In some exemplary embodiments, there may be two or more application launchers, such as 120, each accessible for a different occasional user. As an example, one application launcher may be accessible to a guest user having no certificate, while another application launcher may be accessible to an occasional user having a password. The password to gain access to the other launcher may be different than the password that is used to unlock the device. In some exemplary embodiments, in order to gain access to a different launcher or to a restricted launcher, a control, such as sliding area 112, may be used. In some exemplary embodiments, different occasional users may be granted with the option to view different launchers, such as for example medical personnel may be granted access to a launcher with medical related applications, IT personnel may be granted access to applications relating to security of the device, technical configurations, or the like, children of the owner may be granted access to certain set of allowed games, such as having a Parental Guidance (PG) rating, being free to play and not including in-app purchases, not comprising inappropriate ads, or the like.
[0037] In some exemplary embodiments, an application may be available from the lock screen 100 for providing instructions to someone who happens to find the device. For example, in case a mobile device gets lost, an occasional user may pick up the device and without having to bypass the required certificate to open the device, she may be able to launch an application (e.g., using an icon such as 108). The application may be used to provide instructions as to how to return the device. In some exemplary embodiments, such application may only be available from the lock screen 100, elsewhere in partial access mode and not available in full access mode. In some exemplary embodiments, the application may display the information of the owner of the device. Additionally or alternatively, the application may display the information of the service that handles the returning of the device, which may or may not offer a reward. The information on what the application shows and how may be controlled remotely. For example, in case the user has moved to a city for a week and her phone is lost, she may, from the Internet, put her current residence so the screen lock will change and someone who sees it can bring it back to the current, temporary location. Additionally or alternatively, such application may allow contacting a predetermined set of contact persons, such as contact persons in the address book of the mobile device, alternative phone numbers or e-mail addresses of the owner of the device, the spouse of the owner, a call-center, or the like.
[0038] Referring now to Fig. 2, showing an unlock screen which may be implemented as part the lock screen of the current disclosure, provided with the operating system of the device, by a third party, or the like. In order to open the unlock screen, the user needs to provide a certificate, such as providing a key code, a password, marking a pattern, saying a phrase, providing a biometric measurement (e.g. fingerprint), or the like. After verification of the certificate, the device may be unlocked and the user is provided with full access to the data and applications installed on the device. It will be appreciated that lock screen 100 of Fig. 1 may be implemented with password protection, such that unlock screen 200 may be displayed upon sliding over area 112. Alternatively, lock screen 100 may be implemented without password protection, such that sliding over area 112 grants a user full access to the data and applications. However, such configuration is still beneficial over unlock screen 200, when the owner wishes to give partial access to a person she trusts not to misuse the device. Another benefit of such configuration is that it provides occasional users, such as medical stuff, immediate access to the required information.
[0039] Referring now to Fig. 3, showing an exemplary authentication screen, generally referenced 300, for authenticating an occasional user to the medical application accessed by touching icon 104 of Fig. 1. The medical personnel may identify themselves using fingerprint identification area 304, entering a password on text area 308, or by touching area 312 for initiating a call using the device itself for receiving further identification options, such as through a third party. It will be appreciated that further identification manners may be provided.
[0040] It will be appreciated that identification may be performed by the device itself, for by example accepting or rejecting by fingerprint based on comparison to fingerprints stored on the device, or comparing an entered password to stored passwords. Such scheme of verification by the device is limited to situations in which there is some preparation by the device owner, such as getting fingerprint of expected occasional users. This authentication scheme may not enable other occasional users access the data, even in emergency situations.
[0041] In alternative embodiments, verification may be performed by a third party, for example on a remote server. In such implementation, an owner of the device does not have to know a-priori all potential occasional users. Rather, an occasional user such as a medical stuff member may identify herself against a server maintaining a registration of all personnel member allowed to access such data. Such registration may be updated regularly, thus ensuring access only to currently allowed members.
[0042] It will be appreciated that accessible applications may be implemented in two or more modes, wherein one or more modes are intended for occasional users, who may or may not be identified, and one or more modes are intended for users having full access to the device, wherein these users also may or may not be required to identify.
[0043] Referring now to Fig. 4, showing an exemplary display of a medical status summary of a device owner, which may be displayed to an occasional user upon touching icon 104 of Fig. 1 if there is no identification requirement, or after the occasional user has identified herself, for example with any of the options discussed in association with Fig. 3 above.
[0044] A display such as the display shown in Fig. 4 may contain basic details such as name, date of birth, physician, allergies, blood type, organ donation consent, or the like.
[0045] It will be appreciated that the same application, when invoked in another manner, such as when a user has full access to the device, may behave differently, for example it may display the full medical history of the device owner. In another example, a game may have two modes, wherein the partial access mode does not enable purchasing of further games or features, which is enabled when the game is activated in the full access mode.
[0046] It will be appreciated that the displays of Figs. 1-4 are exemplary only and are not intended to limit the scope of the disclosure.
[0047] It will be appreciated that the disclosed launcher may be implemented on any type of device and under any operating system, such as Android™, iOS™, Windows Mobile™ or any other operating system. In further embodiments, the disclosure may be implemented as part of any operating system itself.
[0048] Attention is now drawn to Fig. 5, showing a schematic exemplary screenshot of a management screen for a partial access application launcher. In some exemplary embodiments, the management screen of the partial access may be accessed when a user of the device is in full mode. In some exemplary embodiments, the management screen of the partial access may require the user to enter additional certification in order to access or change the applications enabled by the launcher.
[0049] The partial access management screen, generally referenced 500, may comprise a control for managing for each partial access mode, such as button 504 for managing kids partial access, button 508 for managing business partial access, and button 512 for managing utility partial access. It will be appreciated that a further control may be provided for adding further partial accesses, and that one or more partial accesses may also be deleted.
[0050] When the user selects one of the partial access modes, for example kids partial access mode, the user may be presented with a list of applications currently available in this mode, and whether each application is active or not, e.g. whetehr it is presented when this mode is assumed. For example, Mathely™ application 520 is currently on and may be switched off using control 524, QuickCal™ application 528 is also currently on and may be switched off using control 532, and so on for the further displayed applications.
[0051] A user may add further applications to the list, remove applications from the list, or the like.
[0052] In some exemplary embodiments, the list of applications available in one or more partial access modes may be remotely controlled, for example from another computing platform being in communicating with a server that further communicates with the device. For example, such remote control may provide a user with the option to remove from the partial access one or more partial access applications if the device has been stolen. Thus, an owner of the device may remotely remove applications providing access to private information, but may keep an application that enables a finder of the device to communicate with the owner.
[0053] Attention is now drawn to Fig. 6, illustrating a functional block diagram of a computing device, such as a smartphone, providing partial access to applications, in accordance with some embodiments of the disclosed subject matter.
[0054] Computing device 600 may comprise one or more processors 604, for executing applications, modules, libraries or other executable units associated with the disclosed subject matter. Processor 604 may be a Central Processing Unit (CPU), a microprocessor, an electronic circuit, an Integrated Circuit (IC) or the like. Alternatively, processor 604 can be implemented as firmware programmed for or ported to a specific processor such as digital signal processor (DSP) or microcontrollers, or can be implemented as hardware or configurable hardware such as field programmable gate array (FPGA) or application specific integrated circuit (ASIC). Processor 604 may be operative to execute any program instruction retained in a storage 612 of the device, such as included in an executable file of an application.
[0055] Computing device 600 may comprise a storage 612 for storing one or more applications, data, configurations, or the like. Storage 612 may comprise one or more flash disk, Random Access Memory (RAM), memory chip, optical storage device such as a CD, a DVD, or laser disk; magnetic storage device such as a tape, a hard dis; a semiconductor storage device such as flash device, memory stick, or the like.
[0056] Computing device 600 may comprise one or more I/O devices such as a display, a touch screen, a microphone, a speaker, or the like. [0057] Storage 612 may comprise partial access application 616, for enabling partial access to a multiplicity of applications without granting full control of the device to an occasional user.
[0058] Partial access application 616 may comprise lockscreen module 620 which may be activated when the device locks itself, for example when a predetermined period of time has elapsed since the device has last been used, or upon the user explicitly locking the device (e.g., pressing the "power" button). Starting or otherwise activating lockscreen module 620 causes a lock screen in accordance with the disclosure to be displayed, such as the screen shown in Fig. 1 discussed above. In Android™ systems, for example, lockscreen module 620 may be implemented by listening to specific broadcasting of the operating system. Using required flags when starting lockscreen module 620, a lock screen in association with the disclosure may replace the default lock screen of the computing platform, for example the lock screen that is defined internally by the operating system. In some exemplary embodiments, the unlocking mechanism may be implemented by the operating system itself and unlocking the device may require providing the certificate using the unlock screen of the embedded locking mechanism of the operating system. In such an embodiment, lockscreen module 620 may be configured to display the lock screen in front of/on top of the unlock screen. Upon the lock screen of lockscreen module 620 being removed, the unlock screen is displayed to the user which can interact with it.
[0059] Partial access application 616 may comprise a monitoring module 624, for preventing other controls from unlocking the screen or accessing applications other than those appearing on the lock screen. Prevention may refer, for example to pressing the "home" button, touching a "back" button, clicking on a navigation bar, having an application invoke another impermissible application, or the like.
[0060] In some exemplary embodiments, activating any functionality of the device may be enabled only by touching or otherwise activating any of the icons associated with accessible applications, or swiping the unlock area, which may lead to the unlock screen of the device, if one is activated. An application started from the lock screen is prevented from navigating away from the lock screen. In Android™ system this may be achieved by comparing the name of the application to a name of the application it is trying to navigate to. If the names differ, the lock screen is displayed in the front of the display, thus preventing the user to view or interact with the restricted application. Such a method may prevent access to non-accessible applications. Additionally or alternatively, there may be a set of allowed packages thereby allowing the user to navigate between different applications that are accessible in partial access mode.
[0061] Partial access application 616 may comprise application launcher 628, for launching any of the applications appearing on the lock screen. The applications are launched in response to touching the corresponding icon or another action of the occasional user. In some exemplary embodiments, the application may be launched in partial access mode by using specific flags set by the launcher and identifying that the application is being executed in partial access mode. If no such flags are set, the application may be started in unrestricted mode. Thus, application launching module 628 may start application 1 (632) which may have been developed in correspondence with partial access application 616. Application 1 (632) may provide partial access when activated by launching module 628, and may provide different, optionally richer, functionality when operated in the usual manner when the device is unlocked. In order to enable partial access, application 1 (632) may utilize an API of partial access application 616 that can be used to determine whether application 1 (632) is currently being executed in partial access mode or full unrestricted mode. In some exemplary embodiments, when the application is launched from application launcher 628, it may be provided with a command line argument, an environment variable or a similar construct that is used to pass information to the executed application from the invocation, generally referred to as an execution argument. The execution argument may be used to indicate that the application is executed in partial access mode. Application 1 (532) may be invoked by the API which may view the execution argument and determine whether or not the application is being executed in partial access mode. In some exemplary embodiments, the API may also be used to set flags for the application. As an example, in Android™, the flag FLAG_SHOW_WHEN_LOCKED may be set to ensure that the window of the application is shown on top of a lock screen. As another example and still in regards to Android™, the flag FL AG DISMIS S KE YGUARD may be set to dismiss the internal keyguard in a non-secured lock screen (i.e., lock screen that does not require a certificate for unlocking).
[0062] Application launcher 628 may also start application 2 (636) which has not been developed in accordance with the disclosed subject matter, and provides the full functionality when activated either in partial access mode or in full access mode. In some exemplary embodiments, application launcher 628 may be configured to set appropriate flags to the executed applications so as to cause them to appear in front of the lock screen if the lock screen is not dismissed and the general lock of the device is maintained.
[0063] Referring now to Fig. 7, showing a flowchart of steps in a method for providing partial access to applications, in accordance with some embodiments of the disclosed subject matter.
[0064] On step 700 it is identified that a lock screen is to be displayed, for example by listening to corresponding messages broadcasted. The lock screen may have to be displayed, for example, after the device has not been used for a predetermined period of time or after the user locks the device.
[0065] On step 704, the lock screen may be displayed, with an icon or another control for each application registered to provide partial (or full) functionality for an occasional user. If the computing platform is operated with a password-protected keyguard, then the lock screen is displayed so as it hides the unlock screen associated with the keyguard such that when it is removed, the unlock screen is visible and operative. In some exemplary embodiments, access to the application launcher may be restricted to users having certificates. Additionally or alternatively, there may be several alternative application launchers for occasional users.
[0066] On step 708, an indication to an application selected to be invoked may be received. In some exemplary embodiments, the user may utilize any input device to select the application, such as but not limited to using a pointing device or touch screen to point or click on an icon corresponding to the specific application, using a microphone to obtain user's speech that is analyzed for commands, or the like.
[0067] On step 712 the selected application is launched in partial access mode. In some exemplary embodiments, the launched application may not be aware that it is being executed in partial access mode and it may not function differently than in full access mode. In some exemplary embodiments, the application may be externally manipulated to be executed in front of the unlock screen..
[0068] It will be appreciated that the launched application may implement an authorization process to be performed by the device or by a third party over a communication channel. Any authorization of identification scheme currently known or that will become known in the future may be used. [0069] On monitoring step 716, the device is monitored to prevent navigation from the accessible application or from the lock screen to another application, or to functionality of the activated application which is disabled in the partial access mode. In some exemplary embodiments, the monitoring is performed repeatedly as long as the device is locked, as long as the device is executed in partial access mode, or the like.
[0070] In some exemplary embodiments, during monitoring step 716, a current executed foreground application in the computerized device may be detected. In some exemplary embodiments, a poll service may be used to listen if the package of the foreground activity being executed by the operating system changes.
[0071] The executed foreground application may be compared to a list of applications authorized in partial access mode. In some exemplary embodiments, the list may comprise all applications that are directly executable from a launcher, such as 120 of Figure 1. Additionally or alternatively, the list may comprise additional applications that are not directly executable from the partial access launcher. In some exemplary embodiments, the executed foreground application may be compared to the application that was launched by the partial access launcher to prevent switching to any other application, regardless of whether it is permissible to be executed in partial access mode.
[0072] In case the detected currently executed application is not allowed to be executed (e.g., not in the list, different than the launched application, or the like), the partial access lock screen (e.g. lock screen 100 of Fig. 1) may be invoked to appear in front of the current foreground application. Hence, the user may not be able to interact or even view the unauthorized application, although such application may continue to be executed. In some exemplary embodiments, whenever the user attempts to leave the allowed application and invoke a restricted application, the lock screen may reappear and prevent her from interacting with the restricted application.
[0073] Additionally or alternatively, the restricted application may be shut down, such as by sending a kill signal to the application.
[0074] In some exemplary embodiments, during monitoring step 716, requests to access data or to invoke an application may be intercepted. The requests may be intercepted before reaching the operating system or within an internal portion of the operating system. The requests may be analyzed to determine whether the request is in line with the partial access permissions, e.g., whether the requested data is available in the partial access mode, or whether the requested application is permitted to be executed in the partial access mode. In case the request is in line with the partial access permissions, it may be allowed to continue and be performed (e.g., passing the request to the operating system or continue handling the request by the operating system). In case the request is impermissible in the partial access mode, the request may be denied. In some exemplary embodiments, a response to the request may be returned which provides an error code indicating the request was not performed. The error code may indicate a partial access impermissible operation. In some exemplary embodiments, the request may be denied externally to the operating system without the operating system being aware of the request ever being made.
[0075] In some exemplary embodiments, some applications may comprise banners, pop-up ads, or other advertisements. Such ads, when clicked, may be configured to send the user to view a different webpage, an application purchase form, or the like. In some exemplary embodiments, the ads may not be blocked within the application that is being executed in partial access mode. However, clicking on the ads may not lead the user to the target landing page, as reaching the landing page may require opening another application (e.g., a browser for reaching a URL, an application store app for reaching an application purchase form, or the like).
[0076] However, in some embodiments, if a specific application is defined for partial access, then activation of that type of application by another application may operate the specific application. For example, if a specific browser is available in partial access mode, then if another application active in partial access mode tries to access a web page, then the partial access browser may be activated instead of the regular browser.
[0077] On step 720, the lock screen may be terminated, for example when full control of the device is resumed responsive to a user swiping over the appropriate area of the screen, and possibly entering PIN code, pattern, or providing other certificate in the unlock screen.
[0078] The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It will be further understood that the terms "comprises" and/or "comprising," when used in this specification, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
[0079] As will be appreciated by one skilled in the art, the parts of the disclosed subject matter may be embodied as a system, method or computer program product. Accordingly, the disclosed subject matter may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a "circuit," "module" or "system." Furthermore, the present disclosure may take the form of a computer program product embodied in any tangible medium of expression having computer-usable program code embodied in the medium.
[0080] Any combination of one or more computer usable or computer readable medium(s) may be utilized. The computer-usable or computer-readable medium may be, for example but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, device, or propagation medium. More specific examples (a non-exhaustive list) of the computer-readable medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CDROM), an optical storage device, a transmission media such as those supporting the Internet or an intranet, or a magnetic storage device. Note that the computer-usable or computer-readable medium could even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via, for instance, optical scanning of the paper or other medium, then compiled, interpreted, or otherwise processed in a suitable manner, if necessary, and then stored in a computer memory. In the context of this document, a computer-usable or computer-readable medium may be any medium that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The computer- usable medium may include a propagated data signal with the computer-usable program code embodied therewith, either in baseband or as part of a carrier wave. The computer usable program code may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, and the like. [0081] Computer program code for carrying out operations of the present disclosure may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
[0082] The corresponding structures, materials, acts, and equivalents of all means or step plus function elements in the claims below are intended to include any structure, material, or act for performing the function in combination with other claimed elements as specifically claimed. The description of the present disclosure has been presented for purposes of illustration and description, but is not intended to be exhaustive or limited to the disclosure in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the disclosure. The embodiment was chosen and described in order to best explain the principles of the disclosure and the practical application, and to enable others of ordinary skill in the art to understand the disclosure for various embodiments with various modifications as are suited to the particular use contemplated.

Claims

CLAIMS What is claimed is:
1. A computer- implemented method performed by a computerized device, comprising: displaying on a display device of the computerized device a lock screen comprising: a control for an application accessible in partial access mode, wherein the application was user-defined to be executable in the partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication, via the control, to invoke the application ; and launching the application in partial access mode.
2. The computer-implemented method of Claim 1, further comprising, in response to activating the control for gaining full access, activating an unlock screen.
3. The computer- implemented method of Claim 2, wherein the unlock screen requires a user to provide a certificate in order to gain full access to the computerized device.
4. The computer-implemented method of Claim 1, wherein the application is selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device.
5. The computer-implemented method of Claim 1, wherein the application can also be operated in full access mode.
6. The computer-implemented method of Claim 1, wherein the application comprised is executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode.
7. The computer- implemented method of Claim 1, wherein the method is activated in response to the computerized device not being in use for at least a predetermined period of time.
8. The computer- implemented method of Claim 1, wherein the control for the application accessible in partial access mode requires a certificate available to an occasional user, wherein the occasional user is authorized by the application.
9. The computer- implemented method of Claim 8, wherein the certificate is provided by the occasional user, or by a third party providing the certificate to the computerized device over a communication channel based on a granted request by the occasional user.
10. The computer-implemented method of Claim 1 further comprising monitoring the computerized device to prevent access to an application for which access is restricted in partial access mode.
11. The computer-implemented method of Claim 10, wherein said monitoring comprises: detecting a current foreground application in the computerized device; and in response to the current foreground application not being in a list of accessible applications in partial access mode, invoking a lock screen to appear in front of the current foreground application thereby denying user interaction with the current foreground application.
12. The computer-implemented method of Claim 10, wherein said monitoring comprises: intercepting a request to access data or invoke an application; determining whether the request requests access to accessible data or application in partial access mode; and in response to determination that the request is impermissible in partial access mode, denying the request.
13. A computerized apparatus having a processor, the processor being adapted to perform the steps of: displaying on a display device of the computerized device a lock screen comprising: a control for an application accessible in partial access mode, wherein the application was user-defined to be executable in the partial access mode; and a control for gaining full access to the computerized device in full receiving an indication, via the control, to invoke the application; and launching the application in partial access mode.
14. The apparatus of Claim 13, wherein the processor is further adapted to activate a lock screen in response to activating the control for gaining full access.
15. The apparatus of Claim 14, wherein the unlock screen requires a user to provide a certificate in order to gain full access to the computerized device.
16. The apparatus of Claim 13, wherein the application is selected from the group consisting of: an application providing medical information of a user of the device; a game to be played; and an application for retrieving communication details of a user of the device.
17. The apparatus of Claim 13, wherein the application can also be operated in full access mode.
18. The apparatus of Claim 13, wherein the application is executable in partial access mode and in full access mode, wherein the application is configured to provide different functionality in the partial access mode and in the full access mode.
19. The apparatus of Claim 13, wherein the processor is further adapted to monitor the computerized device to prevent access to an application for which access is restricted in partial access mode.
20. A computer program product comprising a computer readable storage medium retaining program instructions, which program instructions when read by a processor, cause the processor to perform a method comprising: displaying on a display device of the computerized device a lock screen comprising: a control for an application accessible in partial access mode, wherein the application was user-defined to be executable in the partial access mode; and a control for gaining full access to the computerized device in full access mode; receiving an indication, via the control, to invoke the application; and launching the application in partial access mode.
PCT/IB2015/057863 2014-10-17 2015-10-14 Partial access screen lock WO2016059564A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201462065147P 2014-10-17 2014-10-17
US62/065,147 2014-10-17

Publications (1)

Publication Number Publication Date
WO2016059564A1 true WO2016059564A1 (en) 2016-04-21

Family

ID=54548215

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2015/057863 WO2016059564A1 (en) 2014-10-17 2015-10-14 Partial access screen lock

Country Status (1)

Country Link
WO (1) WO2016059564A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018048217A1 (en) * 2016-09-07 2018-03-15 Samsung Electronics Co., Ltd. Electronic apparatus and operating method thereof
WO2018056755A1 (en) * 2016-09-23 2018-03-29 Youngtack Shim Mobile communication terminals, their directional input units, and methods thereof
CN110895473A (en) * 2018-08-24 2020-03-20 山东华软金盾软件股份有限公司 Self-starting keep-alive system and method based on android mobile device
US10762225B2 (en) 2018-01-11 2020-09-01 Microsoft Technology Licensing, Llc Note and file sharing with a locked device
CN112015488A (en) * 2020-08-31 2020-12-01 中移(杭州)信息技术有限公司 Implementation method of special terminal, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007070749A2 (en) * 2005-12-12 2007-06-21 Motorola, Inc. Method and system for accessible contact information on a locked electronic device
US20070243853A1 (en) * 2006-04-18 2007-10-18 George Baldwin Bumiller System and method of providing information access on a portable device
US20140148120A1 (en) * 2012-11-28 2014-05-29 Lookout, Inc. Method and system for managing an emergency for enhanced user security using a mobile communication device

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2007070749A2 (en) * 2005-12-12 2007-06-21 Motorola, Inc. Method and system for accessible contact information on a locked electronic device
US20070243853A1 (en) * 2006-04-18 2007-10-18 George Baldwin Bumiller System and method of providing information access on a portable device
US20140148120A1 (en) * 2012-11-28 2014-05-29 Lookout, Inc. Method and system for managing an emergency for enhanced user security using a mobile communication device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
EIJI HAYASHI ET AL: "Goldilocks and the two mobile devices", USABLE PRIVACY AND SECURITY, ACM, 2 PENN PLAZA, SUITE 701 NEW YORK NY 10121-0701 USA, 11 July 2012 (2012-07-11), pages 1 - 11, XP058018236, ISBN: 978-1-4503-1532-6, DOI: 10.1145/2335356.2335359 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018048217A1 (en) * 2016-09-07 2018-03-15 Samsung Electronics Co., Ltd. Electronic apparatus and operating method thereof
US11061698B2 (en) 2016-09-07 2021-07-13 Samsung Electronics Co., Ltd. Electronic apparatus and operating method thereof
WO2018056755A1 (en) * 2016-09-23 2018-03-29 Youngtack Shim Mobile communication terminals, their directional input units, and methods thereof
US10855832B2 (en) 2016-09-23 2020-12-01 Youngtack Shim Mobile communication terminals, their directional input units, and methods thereof
US11223719B2 (en) 2016-09-23 2022-01-11 Youngtack Shim Mobile communication terminals, their directional input units, and methods thereof
US11743376B2 (en) 2016-09-23 2023-08-29 Youngtack Shim Mobile communication terminals, their directional input units, and methods thereof
US10762225B2 (en) 2018-01-11 2020-09-01 Microsoft Technology Licensing, Llc Note and file sharing with a locked device
CN110895473A (en) * 2018-08-24 2020-03-20 山东华软金盾软件股份有限公司 Self-starting keep-alive system and method based on android mobile device
CN110895473B (en) * 2018-08-24 2023-05-02 山东华软金盾软件股份有限公司 Self-starting keep-alive system and method based on android mobile equipment
CN112015488A (en) * 2020-08-31 2020-12-01 中移(杭州)信息技术有限公司 Implementation method of special terminal, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US9910973B2 (en) Fingerprint gestures
US9301139B2 (en) System and method for multifactor authentication and login through smart wrist watch using near field communication
JP5154436B2 (en) Wireless authentication
JP6198231B2 (en) Security policy for device data
US9275221B2 (en) Context-aware permission control of hybrid mobile applications
US8931081B2 (en) Device identification for externalizing password from device coupled with user control of external password service
WO2016023367A1 (en) Method, apparatus and system for access verification
EP3610404B1 (en) Methods and apparatus to monitor permission-controlled hidden sensitive application behavior at run-time
WO2016059564A1 (en) Partial access screen lock
US9740846B2 (en) Controlling user access to electronic resources without password
KR20160030838A (en) Method of controlling lock state of applications and electronic device supporting the same
KR20170096116A (en) Security and permission architecture in a multi-tenant computing system
CN106203011B (en) Method and device for entering operating system desktop
US10110578B1 (en) Source-inclusive credential verification
JP6068328B2 (en) Information processing apparatus and information processing method
CN101444095A (en) Rights elevator
WO2016126668A1 (en) External resource control of mobile devices
JP2014519674A (en) Trusted platform based open ID authentication method, apparatus and system therefor
JP2020504356A (en) Payment application separation method and device, and terminal
KR20140128081A (en) System and method for recognizing and verifying iris for web site login and protection of private information
Vecchiato et al. The perils of android security configuration
US20150223056A1 (en) Mobile survey tools with added security
EP3729320A1 (en) Consolidated identity
US9473936B2 (en) Method and device for protecting privacy information
Chen et al. Sharing without scaring: enabling smartphones to become aware of temporary sharing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15795223

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15795223

Country of ref document: EP

Kind code of ref document: A1