WO2014134516A1 - Gestion de données et/ou de services destinés à des dispositifs - Google Patents

Gestion de données et/ou de services destinés à des dispositifs Download PDF

Info

Publication number
WO2014134516A1
WO2014134516A1 PCT/US2014/019562 US2014019562W WO2014134516A1 WO 2014134516 A1 WO2014134516 A1 WO 2014134516A1 US 2014019562 W US2014019562 W US 2014019562W WO 2014134516 A1 WO2014134516 A1 WO 2014134516A1
Authority
WO
WIPO (PCT)
Prior art keywords
agent
access
particular device
protected portions
module
Prior art date
Application number
PCT/US2014/019562
Other languages
English (en)
Inventor
Edward K.Y. Jung
Royce A. Levien
Richard T. Lord
Robert W. Lord
Mark A. Malamud
Original Assignee
Elwha Llc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US13/781,194 external-priority patent/US10216957B2/en
Application filed by Elwha Llc filed Critical Elwha Llc
Priority to EP14757393.5A priority Critical patent/EP2962211A4/fr
Priority to CN201480024191.3A priority patent/CN105190590B/zh
Publication of WO2014134516A1 publication Critical patent/WO2014134516A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • This application is related to data sen ices.
  • a method includes but is not limited to acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, detecting that the application has completed at l east one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • one or more related systems may be any one or more related systems.
  • the one or more related systems may include, but are not limited to, circuitry and/or programming for effecting the herein-referenced method aspects.
  • the circuitry and/or programming may be virtually any combination of hardware, software, and/or firmware configured to effect the herein- referenced method aspects depending upon the design choices of the system designer, and limited to patentable subject matter under 35 USC 101.
  • a system includes, but is not limited to, means for acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more sen'ices, means for detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, means for presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and means for facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • a system includes, but is not limited to, circuitry for acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more sen'ices, circuitry for detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, circuitry for presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • a computer program product comprising a signal bearing medium, bearing one or more instructions including, but not limited to, one or more instructions for acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, one or more instructions for detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, and one or more instructions for presenting information indicating that the one or more services are
  • a device is defined by a computational language, such that the device comprises one or more interchained physical machines ordered for acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, one or more interchained physical machines ordered for detecting that the application has completed at least one of the one or more sendees and that the application maintains access to the one or more protected portions of the particular device, one or more interchained physical machines ordered for presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and one or more interchained physical machines ordered for facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • FIG. 1A shows a high-level block diagram of an exemplary environment 100, according to an embodiment.
  • Fig. IB shows a high-level block diagram of a personal device 120 operating in an exemplary environment 100, according to an embodiment.
  • FIG. 1C shows a high level block diagram of a personal device 120 and a computing device 130A operating in an exemplary embodiment 100', according to an embodiment.
  • Fig, ID shows a high-level block diagram of a personal device 120 and a computing device 130B operating in an exemplary embodiment 100", according to an embodiment.
  • Fig. IE shows a high-level block diagram of a personal device 120 and a computing device 130C operating in an exemplary embodiment 100"', according to an embodiment.
  • Fig, IF shows a high-level block diagram of a personal device 120 and a computing device 130D operating in an exemplary embodiment 100" ", according to an embodiment.
  • Fig, 2 shows a particular perspective of a data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152 of processing module 150 of personal device 120 of Fig. IB, according to an embodiment.
  • Fig, 3 shows a particular perspective of an agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154 of processing module 150 of personal device 120 of Fig. I B, according to an embodiment.
  • Fig, 4 including Figs. 4A-4C, shows a particular perspective of an indicator of continued agent access to one or more particular device protected portions and stoppage of the one or more services presenting module 156 of processing module 150 of personal device 120 of Fig, IB, according to an embodiment.
  • Fig, 5 shows a particular perspective of a presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions facilitation module 158 of processing module 150 of personal device 120 of Fig. IB, according to an embodiment.
  • Fig, 6 is a high-level logic flowchart of a process, e.g., operational flow 600, according to an embodiment.
  • Fig, 7 A is a high-level logic flow chart of a process depicting alternate implementations of an acquiring data operation 602, according to one or more embodiments.
  • Fig. 7B is a high-level logic flow chart of a process depicting alternate implementations of an acquiring data operation 602, according to one or more embodiments.
  • Fig, 7C is a high-level logic flow chart of a process depicting alternate implementations of an acquiring data operation 602, according to one or more embodiments.
  • Fig, 8 is a high-level logic flow chart of a process depicting alternate implementations of a detecting completion and continued access operation 604, according to one or more embodiments.
  • Fig. 8B is a high-level logic flow chart of a process depicting alternate implementations of a detecting completion and continued access operation 604, according to one or more embodiments.
  • Fig, 8C is a high-level logic flow chart of a process depicting alternate implementations of a detecting completion and continued access operation 604, according to one or more embodiments.
  • Fig, 8D is a high-level logic flow chart of a process depicting alternate implementations of a detecting completion and continued access operation 604, according to one or more embodiments.
  • Fig. 9A is a high-level logic flow chart of a process depicting alternate implementations of a presenting information operation 606, according to one or more embodiments.
  • Fig. 9B is a high-level logic flow chart of a process depicting alternate implementations of a presenting information operation 606, according to one or more embodiments.
  • Fig, 9C is a high-level logic flow chart of a process depicting alternate implementations of a presenting information operation 606, according to one or more embodiments.
  • Fig, 10A is a high-level logic flow chart of a process depicting alternate implementations of facilitating presentation operation 608, according to one or more embodiments.
  • Fig, 10B is a high-level logic flow chart of a process depicting alternate implementations of facilitating presentation operation 608, according to one or more embodiments.
  • Fig, IOC is a high-level logic flow chart of a process depicting alternate implementations of facilitating presentation operation 608, according to one or more embodiments.
  • Fig, 10D is a high-level logic flow chart of a process depicting alternate implementations of facilitating presentation operation 608, according to one or more embodiments.
  • computationally implemented methods, systems, circuitry, articles of manufacture, ordered chains of matter, and computer program products are designed to, among other things, provide an interface for acquiring data, regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services, detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, and facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • VHDL Very high speed Hardware Description Language
  • software is a shorthand for a massively complex interchaining/specification of ordered-matter elements.
  • ordered-matter elements may refer to physical components of computation, such as assemblies of electronic logic gates, molecular computing logic constituents, quantum computing mechanisms, etc.
  • a high-level programming language is a programming language with strong abstraction, e.g., multiple levels of abstraction, from the details of the sequential organizations, states, inputs, outputs, etc., of the machines that a high-level programming language actually specifies.
  • strong abstraction e.g., multiple levels of abstraction, from the details of the sequential organizations, states, inputs, outputs, etc., of the machines that a high-level programming language actually specifies.
  • the hardware used in the computational machines typically consists of some type of ordered matter (e.g., traditional electronic devices (e.g., transistors), deoxyribonucleic acid (DNA), quantum devices, mechanical switches, optics, fluidics, pneumatics, optical devices (e.g., optical interference devices), molecules, etc.) that are arranged to form logic gates.
  • Logic gates are typically physical devices that may be electrically, mechanically, chemically, or otherwise driven to change physical state in order to create a. physical reality of Boolean logic.
  • Logic gates may be arranged to form logic circuits, which are typically physical devices that may be electrically, mechanically, chemically, or otherwise driven to create a physical reality of certain logical functions.
  • Types of logic circuits include such devices as multiplexers, registers, arithmetic logic units (ALUs), computer memory, etc., each type of which may be combined to form yet other types of physical devices, such as a central processing unit (CPU)— the best known of which is the microprocessor.
  • CPU central processing unit
  • a modern microprocessor will often contain more than one hundred million logic gates in its many logic circuits (and often more than a billion transistors). See, e.g., Wikipedia, Logic gates, http://en.wikipedia.org/vviki/Logic__gates (as of June 5, 2012, 21 :03 GMT).
  • the logic circuits forming the microprocessor are arranged to provide a microarchitecture that will carry out the instructions defined by that microprocessor's defined Instruction Set Architecture.
  • the Instruction Set Architecture is the part of the microprocessor architecture related to programming, including the native data types, instructions, registers, addressing modes, memory architecture, interrupt and exception handling, and external Input/Output. See, e.g., Wikipedia, Computer architecture, http://en.wikipedia.org/wi1d/Computer_architecture (as of June 5, 2012, 21 :03 GMT).
  • the Instruction Set, Architecture includes a specification of the machine language that can be used by programmers to use/control the microprocessor. Since the machine language instructions are such that they may be executed directly by the microprocessor, typically they consist of strings of binary digits, or bits. For example, a typical machine language instruction might be many bits long (e.g., 32, 64, or 128 bit, strings are currently common). A typical machine language instruction might take the form "1 1 1 1000010505 1 1 100001 1 1 1001 1 1 1 1” (a 32 bit instruction). [0050] It is significant here that, although the machine language instructions are written as sequences of binary digits, in actuality those binary digits specify physical reality.
  • the binary number "1 " (e.g., logical "1") in a machine language instmction specifies around +5 volts applied to a specific "wire” (e.g., metallic traces on a printed circuit board) and the binary number "0" (e.g., logical "0") in a machine language instmction specifies around -5 volts applied to a specific "wire.”
  • machine language instructions also select out and activate specific groupings of logic gates from the millions of logic gates of the more general machine.
  • Machine language is typically incomprehensible by most humans (e.g., the above example was just ONE instruction, and some personal computers execute more than two billion instructions every second). See, e.g., Wikipedia, Instructions per second, hl ⁇ ://en.wMpedia.org/wiki/Instractions_per_second (as of June 5, 2012, 21 :04 GMT). Thus, programs written in machine language - ⁇ which may be tens of millions of machine language instructions long - ⁇ are incomprehensible.
  • a compiler is a device that takes a statement that is more comprehe sible to a human than either machine or assembly language, such as "add 2 + 2 and output the result," and translates that human understandable statement into a complicated, tedious, and immense machine language code (e.g., millions of 32, 64, or 128 bit length strings). Compilers thus translate high-level programming language into machine language.
  • any such operational/functional technical descriptions - in view of the disclosures herein and the knowledge of those skilled in the art - may be understood as operations made into physical reality by (a) one or more interchained physical machines, (b) interchained logic gates configured to create one or more physical machine(s) representative of sequential/combinatorial logic(s), (c) interchained ordered matter making up logic gates (e.g., interchained electronic devices (e.g., transistors), DNA, quantum devices, mechanical switches, optics, fSuidics, pneumatics, molecules, etc.) that create physical reality representative of logic(s), or (d) virtually any combination of the foregoing.
  • logic gates e.g., interchained electronic devices (e.g., transistors), DNA, quantum devices, mechanical switches, optics, fSuidics, pneumatics, molecules, etc.
  • any physical object which has a stable, measurable, and changeable state may be used to construct a machine based on the above technical description.
  • Charles Babbage for example, constructed the first computer out of wood and powered by cranking a handle.
  • the logical operations/functions set forth in the present technical description are representative of static or sequenced specifications of various ordered-matter elements, in order that such specifications may be comprehensible to the human mind and adaptable to create many various hardware configurations.
  • the logical operations/functions disclosed herein should be treated as such, and should not be disparagingly characterized as abstract ideas merely because the specifications they represent are presented in a manner that one of skill in the art can readily understand and apply in a manner independent of a specific vendor's hardware implementation.
  • an implementer may opt for a mainly hardware and/or firmware vehicle; alternatively, if flexibility is paramount, the implementer may opt for a mainly software implementation; or, yet again alternatively, the implementer may opt for some combination of hardware, software, and/or firmware in one or more machines, compositions of matter, and articles of manufacture, limited to patentable subject matter under 35 IJSC 101.
  • logic and similar implementations may include software or other control structures.
  • Electronic circuitry may have one or more paths of electrical current constructed and arranged to implement various functions as described herein.
  • one or more media may be configured to bear a device-detectable implementation when such media hold or transmit, device detectable instructions operable to perform as described herein.
  • implementations may include an update or modification of existing software or firmware, or of gate arrays or programmable hardware, such as by performing a reception of or a transmission of one or more instructions in relation to one or more operations described herein.
  • an implementation may include special-purpose hardware, software, firmware components, and'Or general-purpose components executing or otherwise invoking special-purpose components. Specifications or other implementations may be transmitted by one or more instances of tangible transmission media as described herein, optionally by packet transmission or otherwise by assing through distributed media at various times,
  • implementations may include executing a special- purpose instruction sequence or invoking circuitry for enabling, triggering, coordinating, requesting, or otherwise causing one or more occurrences of virtually any functional operations described herein.
  • operational or other logical descriptions herein may be expressed as source code and compiled or otherwise invoked as an executable instruction sequence.
  • implementations may be provided, in whole or in part, by source code, such as C++, or other code sequences.
  • source or other code implementation may be compiled/ /implemented'translated/converted into a high-level descriptor language (e.g., initially implementing described technologies in C or C++ programming language and thereafter converting the programming language implementation into a logie-synthesizable language implementation, a hardware description language implementation, a hardware design simulation implementation, and/or other such similar mode(s) of expression).
  • a high-level descriptor language e.g., initially implementing described technologies in C or C++ programming language and thereafter converting the programming language implementation into a logie-synthesizable language implementation, a hardware description language implementation, a hardware design simulation implementation, and/or other such similar mode(s) of expression.
  • a logical expression e.g., computer programming language implementation
  • a Verilog-type hardware description e.g., via Hardware Description Language (HDL) and/or Very High Speed Integrated Circuit Hardware Descriptor Language (VHDL)
  • VHDL Very High Speed Integrated Circuit Hardware Descriptor Language
  • Those skilled in the art will recognize how to obtain, configure, and optimize suitable transmission or computational elements, material supplies, actuators, or other structures in light of these teachings.
  • examples of such other devices and/or processes and/or systems might include - as appropriate to context and application— all or part of devices and/or processes and'or systems of (a) an air conveyance (e.g., an airplane, rocket, helicopter, etc.) , (b) a ground conveyance (e.g., a car, truck, locomotive, tank, armored personnel carrier, etc.), (c) a building (e.g., a home, warehouse, office, etc.), (d) an appliance (e.g., a refrigerator, a washing machine, a dryer, etc.), (e) a communications system (e.g., a networked system, a telephone system, a Voice over IP system, etc.), (f) a business entity (e.g., an Internet Service Provider (ISP) entity such as Comcast Cable, Qwest, Southwestern Bell, etc.), or (g) a wired/wireless services entity (e.g., Sprint, Cingular,
  • ISP Internet Service Provider
  • use of a system or method may occur in a territory even if components are located outside the territory.
  • use of a distributed computing system may occur in a territory even though parts of the system may be located outside of the territory (e.g., relay, server, processor, signal- bearing medium, transmitting computer, receiving computer, etc. located outside the territory).
  • a sale of a system or method may likewise occur in a territory even if components of the system or method are located and'or used outside the territory.
  • implementation of at least part of a system for performing a method in one territory does not preclude use of the system in another territory
  • electro-mechanical system includes, but is not limited to, electrical circuitry operably coupled with a transducer (e.g., an actuator, a motor, a piezoelectric crystal, a Micro Electro Mechanical System (MEMS), etc.), electrical circuitry having at least one discrete electrical circuit, electrical circuitry having at least one integrated circuit, electrical circuitry having at, least one application specific integrated circuit, electrical circuitry forming a general purpose computing device configured by a computer program (e.g., a general purpose computer configured by a computer program which at least partially carries out processes and'or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein), electrical circuitry forming a memory device (e.g., forms of memory (e.g., random access, flash, read only, etc,)), electrical circuitry forming a communications device (e.g., a modern,
  • a transducer e.g., an actuator, a motor, a piezoelectric crystal,
  • electro-mechanical systems include but are not limited to a. variety of consumer electronics systems, medical devices, as well as other systems such as motorized transport systems, factory automation systems, security systems, and/or communication/ computing systems.
  • electro-mechanical as used herein is not necessarily limited to a system, that has both electrical and mechanical actuation except as context may dictate otherwise.
  • electrical circuitry includes, but is not, limited to, electrical circuitry having at least one discrete electrical circuit, electrical circuitry having at least one integrated circuit, electrical circuitry having at least one application specific integrated circuit, electrical circuitry forming a general purpose computing device configured by a computer program (e.g., a general purpose computer configured by a computer program which at least partially carries out processes and'Or devices described herein, or a microprocessor configured by a computer program which at least partially carries out processes and/or devices described herein), electrical circuitry forming a memory device (e.g., forms of memory (e.g., random access, flash, read only, etc.)), and/or electrical circuitry forming a communications device (
  • a typical image processing system generally includes one or more of a system unit housing, a video display device, memory such as volatile or non-volatile memory, processors such as microprocessors or digital signal processors, computational entities such as operating systems, drivers, applications programs, one or more interaction devices (e.g., a touch pad, a touch screen, an antenna, etc.), control systems including feedback loops and control motors (e.g., feedback for sensing lens position and/or velocity; control motors for moving/distorting lenses to give desired focuses).
  • An image processing system may be implemented utilizing suitable commercially available components, such as those typically found in digital still systems and/or digital motion systems.
  • a data, processing system generally includes one or more of a system unit housing, a video display device, memory such as volatile or nonvolatile memory, processors such as microprocessors or digital signal processors, computational entities such as operating systems, drivers, graphical user interfaces, and applications programs, one or more interaction devices (e.g., a touch pad, a touch screen, an antenna, etc.), and/or control systems including feedback loops and control motors (e.g., feedback for sensing position and/or velocity; control motors for moving and/or adjusting components and/or quantities).
  • a data processing system may be implemented utilizing suitable commercially available components, such as those typicall found in data computing/communication and/or network computing/communication systems.
  • a typical mote system generally includes one or more memories such as volatile or non-volatile memories, processors such as microprocessors or digital signal processors, computational entities such as operating systems, user interfaces, drivers, sensors, actuators, applications programs, one or more interaction devices (e.g., an antenna USB ports, acoustic ports, etc.), control systems including feedback loops and control motors (e.g., feedback for sensing or estimating position and/or velocity; control motors for moving and/or adjusting components and/or quantities).
  • a mote system may be implemented utilizing suitable components, such as those found in mote computing/communication systems. Specific examples of such components entail such as Intel Corporation's and/or Crossbow Corporation's mote components and supporting hardware, software, and/or firmware.
  • cloud computing may be understood as described in the cloud computing literature.
  • cloud computing may be methods and/or systems for the delivery of computational capacity and'or storage capacity as a service.
  • the "cloud” may refer to one or more hardware and'or software components that deliver or assist in the delivery of computational and'or storage capacity, including, but not limited to, one or more of a client, an application, a platform, an infrastructure, and ' or a server
  • the cloud may refer to any of the hardware and'or software associated with a client, an application, a platform, an infrastructure, and'or a server.
  • cloud and cloud computing may refer to one or more of a computer, a processor, a storage medium, a router, a switch, a modem, a virtual machine (e.g., a virtual server), a data center, an operating system, a middleware, a firmware, a hardware back-end, a software back-end, and/or a software application.
  • a cloud may refer to a private cloud, a public cloud, a hybrid cloud, and/or a community cloud.
  • a cloud may be a shared pool of configurable computing resources, which may be public, private, semi- private, distributable, scaleable, flexible, temporary, virtual, and/or physical.
  • A. cloud or cloud service may be delivered over one or more types of network, e.g., a mobile communication network, and the Internet.
  • a cloud or a cloud service may include one or more of infrastructure-as-a-service (“laaS”), platform-as-a-service (“PaaS”), software-as-a- service (“SaaS”), and ' or desktop ⁇ as ⁇ a-service (“DaaS”).
  • laaS may include, e.g., one or more virtual server instantiations that may start, stop, access, and/or configure virtual servers and/or storage centers (e.g., providing one or more processors, storage space, and/or network resources on-demand, e.g., EMC and Rackspace).
  • PaaS may include, e.g., one or more software and/or development tools hosted on an infrastructure (e.g., a computing platform and/or a solution stack from which the client can create software interfaces and applications, e.g., Microsoft Azure).
  • SaaS may include, e.g., software hosted by a service provider and accessible over a network (e.g., the software for the application and ' or the data associated with that software application may be kept on the network, e.g., Google Apps, SaiesForce).
  • DaaS may include, e.g., providing desktop, applications, data, and/or services for the user over a network (e.g., providing a multi-application framework, the applications in the framework, the data associated with the applications, and/or services related to the applications and/or the data over the network, e.g., Citrix).
  • a network e.g., providing a multi-application framework, the applications in the framework, the data associated with the applications, and/or services related to the applications and/or the data over the network, e.g., Citrix.
  • the foregoing is intended to be exemplary of the types of systems and/or methods referred to in this appl ication as "cloud” or “cloud computing” and should not be considered complete or exhaustive.
  • any two components so associated can also be viewed as being “operably connected”, or “operably coupled,” to each other to achieve the desired functionality, and any two components capable of being so associated can also be viewed as being “operably couplable,” to each other to achieve the desired functionality.
  • operably couplable include but are not limited to physically mateable and/or physically interacting components, and/or wirelessly interactable, and'Or wirelessly interacting components, and'Or logically interacting, and/or logically interactable components.
  • deviee(s)/structure(s) may be described under process(es)/operations heading(s) and/or process(es)/operations may be discussed under stracture(s)/process(es) headings: and/or descriptions of single topics may span two or more topic headings).
  • any use of formal outline headings in this application is for presentation purposes, and is not intended to be in any way limiting.
  • user 105 may be representative of one or more human users, robotic users (e.g., computational entity), and/or substantially any combination thereof (e.g., a user may be assisted by one or more robotic agents) unless context dictates otherwise.
  • robotic users e.g., computational entity
  • substantially any combination thereof e.g., a user may be assisted by one or more robotic agents
  • Those skilled in the art will appreciate that, in general, the same may be said of "sender” and/or other entity-oriented terms as such terms are used herein unless context dictates otherwise.
  • one or more components may be referred to herein as “configured to,” “configured by,” “configurable to,” “operable/operative to,”
  • devices that are associated with one or more users may collect data regarding the user. This data may be desired by third parties.
  • the following describes, among other implementations, methods and systems of managing user data collected by one or more devices that, may also be useful to entities that are not, the user, and which entities may not necessarily have access to the data.
  • Fig. 1 illustrates an example environment 100 in which the methods, systems, circuitry, articles of manufacture, and computer program products and architecture, in accordance with various embodiments, may be implemented by one or more personal devices 20.
  • one or more personal devices 120, one or more service providers 170, one or more sendee developers 160, and one or more computing devices 30 may communicate via one or more communication networks 140.
  • service provider 170 may have one or more services that personal device 120 may want.
  • computing device 130 which may be a remote or local server, or distributed set of servers, may manage data that is gathered, stored, controlled, accessed, restricted, monitored, under the control of, checked, examined, verified, authenticated, authorized, manipulated, updated, altered, filtered, or otherwise acted upon, whether passively or actively, by personal device 120.
  • computing device 130 may have access to some or all of the data on personal device 120.
  • computing device 130 may have access to only a portion of the data on personal device 120.
  • computing device 130 may have access to a modified version of the data on personal device 120, Specifically, in an embodiment, computing device 130 may have access to the data stored on personal device 120, but in anonymous form..
  • computing device 130 may offer one or more services to personal device 120.
  • the offer of one or more services may be conditional on a grant of access to part or all of the data stored and/or collected by personal device 120.
  • computing device 30 may receive one or more services from service provider 170 and/or service developer 160, and may select one or more of the received services for presentation to the personal device 120.
  • the data from, personal device 120 may be shared with one or more of service provider 170 and service developer 160.
  • the data from, personal device 120 may be anonymized prior to sharing with service developer .160 and/or service developer 170.
  • Fig. 1 A shows a personal device 120
  • Personal device 120 may be any electronic device, portable or not, that may be operated by or associated with one or more users. Personal device 120 is shown as interacting with a user 105.
  • user 105 may be a person, or a group of people, or another entity that mimics the operations of a user.
  • user 105 may be a computer or a computer-controlled device.
  • Personal device 120 may be, but is not limited to, a cellular phone, a network phone, a smartphone, a tablet, a music player, a walkie-talkie, a radio, a USB drive, a portable solid state drive, a portable disc-type hard drive, an augmented reality device (e.g., augmented reality glasses and/or headphones), earphones, headphones, audio/visual equipment, media player, television, projection screen, fiat screen, monitor, clock, appliance (e.g., microwave, convection oven, stove, refrigerator, freezer), a navigation system (e.g., a Global Positioning System ("GPS”) system), a medical alert device, a remote control, a peripheral, an electronic safe, an electronic lock, an electronic security system, a video camera, a personal video recorder, a personal audio recorder, and the like.
  • GPS Global Positioning System
  • personal device 120 may include an operating system 124.
  • operating system 124 refers to any hardware, software, firmware, and combination thereof which is considered at the core or baseline of a device.
  • applications that interact directly with hardware may be considered to be part of an operating system.
  • operating system 124 may be an FPGA, printed circuit board, or other wired device.
  • operating system 124 may include one or more of Google's Android, Apple's iOS, Microsoft's Windows, various implementations of Linux, and the like.
  • operating system 124 may include a root menu for one or more televisions, stereo systems, media players, and the like.
  • operating system 124 may be a ''home" screen of a device.
  • personal device 120 may include a user interface 123.
  • User interface 123 may include any hardware, software, firmware, and combination thereof that allow a user 105 to interact with a personal device 120, and for a personal device 120 to interact, with a user 105.
  • user interface 123 may include a monitor, screen, touchscreen, liquid crystal display (“LCD”) screen, light emitting diode (“LED”) screen, speaker, handset, earpiece, keyboard, keypad, touchpad, mouse, trackball, remote control, button set, microphone, video camera, still camera, a charge-coupled device (“CCD”) element, a photovoltaic element, and the like.
  • LCD liquid crystal display
  • LED light emitting diode
  • personal device 120 may include a device memory 126.
  • device memory 126 may include memory, random access memory (“RAM”), read only memory (“RDM”), flash memory, hard drives, disk-based media, disc-based media, magnetic storage, optical storage, volatile memory, nonvolatile memory, and any combination thereof.
  • device memory 126 may be separated from the device, e.g., available on a different device on a network, or over the air. For example, in a networked system, there may be many personal devices 120 whose device memo ry 126 is located at a central server that may be a few feet away or located across an ocean,
  • device memory 126 may include one or more of protected data 126 A and unprotected data 126B. Not all embodiments include each or both of these, but protected data 126A and unprotected data 126B may be present in one or more embodiments.
  • Protected data 126A may include any data., including data stored on personal device 120 , data for which personal device 120 maintains at least partial control of, data for which personal device 120 monitors or provides the ability to monitor, and the like, for which some form of authorization is required to access the data.
  • the authorization may take any form and relate to any sub- unit, including both internally and externally to the device.
  • protected data 126A may include data which is not available to at least one application running on a computing device.
  • protected data 126A may be available to one application at, any time, and to another application at specific times, or at times when the first application is not using the data.
  • protected data 26A includes data for which an application must be authenticated (e.g., a Microsoft operating system certification, or a user flag set to true) in order to access the protected data 126A.
  • protected data 126A includes data that a user, e.g., user 105, cannot view until the user 105 verifies their identity, e.g., through a password input or biometric identification.
  • protected data 126 A is limited to the device, and is not transmitted to any other system not under the direct control of the personal device 120.
  • protected data 126 A is limited to the personal device 120, and only applications originating at the personal device 120, or originating with the user 105, are allowed to read protected data 126A.
  • personal device 120 modifies or directs to be modified protected data I26A, so at least a portion of the protected data 126 A is altered or obscured.
  • personal device 120 allows protected data 126 A. to be transmitted to an external entity under the condition that the external entity will alter or obscure at least a portion of the protected data 126A.
  • personal device 120 may include device memory 126, which, in some embodiments, may include unprotected data 26B.
  • unprotected data 126B may have no protections or limitations.
  • unprotected data 126B may have protections and limitations, but be less protected and/or less limited than protected data 126B,
  • unprotected data 126B is broadcasted or otherwise transmitted upon request.
  • unprotected data 126B cannot be accessed by an entity external to personal device 120 due to device design or other factors, but there is no specific protection on unprotected data 126B from, access by one or more entities external to personal device 20.
  • device interface component 128 includes any component that allows the device to interact, with its environment.
  • device interface component 128 includes one or more sensors, e.g., a camera, a microphone, an accelerometer, a thermometer, a satellite positioning system (SPS) sensor, a barometer, a humidity sensor, a compass, a gyroscope, a magnetometer, a pressure sensor, an oscillation detector, a light sensor, an inertial measurement unit (IMU), a tactile sensor, a touch sensor, a flexibility sensor, a microelectromechanical system (MEMS), a radio, including a wireless radio, a transmitter, a receiver, an emitter, a broadcaster, and the like.
  • sensors e.g., a camera, a microphone, an accelerometer, a thermometer, a satellite positioning system (SPS) sensor, a barometer, a humidity sensor, a compass, a gyroscope, a magnetometer, a pressure sensor, an oscil
  • device interface component 128 also may include one or more user interface components, e.g., user interface 122 (e.g., although they are drawn separately, in some embodiments, user interface 122 may be a type of device interface component 128), and in some
  • embodiments including one or more user input receiving components and output presenting components.
  • device interface component 128 may include protected component 128A.
  • Protected component I28A may include any device interface component 128, of which some non-limiting examples previously were enumerated, for which some form of authorization and/or authentication is required to access the data.
  • the authorization may take any form and relate to any sub-unit, including both internally and externally to the device.
  • protected component 128 A is similar to protected data 126A.
  • a personal device 120 e.g., a smart phone, may have twelve applications running on the smartphone. In an embodiment, six of those applications may have access to a protected component 128A, e.g., a positioning sensor, and the other six may not.
  • data collected by a protected component 128A is part of the protected component 128 A. In some embodiments, data collected by a protected component 128A becomes protected data 126 A. In some embodiments, data collected by a protected component 128 A becomes protected data 126A some of the time, or none of the time. In some embodiments, data collected by a protected component 128 A may be part of protected component 128A for a particular amount of time, e.g., two weeks, and then may transition to unprotected data or data that is not considered protected or unprotected. In some embodiments, a protected component 128 A may be accessible to everyone at particular times and/or circumstances.
  • a protected component 528 A e.g., a wireless radio
  • a protected component 128A e.g., an image capturing component
  • a protected component 128A may be accessible to any entity when one or more conditions are met, which conditions may or may not be related to the protected component 128A or the personal device 120, e.g., when the persona! device 120 is at a particular location.
  • computing device 30 may include personal device interface module 132, In some embodiments, personal device interface module 532 may communicate with one or more persona! devices 520. In some embodiments, personal device interface module 132 may receive data 131 received from a personal device 120. Acquired personal device data 131 may include any data gathered from personal device 120, in any manner. In some embodiments, computing device 30 may request data from personal device 520. In some embodiments, computing device 30 may receive data from personal device 120 on a schedule. In some embodiments, computing device 130 may retrieve data from personal device 120 when certain conditions are met. In some embodiments, personal device 120 is broadcasting data, and computing device 130 gathers the broadcasted data.
  • personal device 120 broadcasts data that only computing device 130 can use (e.g., decrypt, interpret, or the like). In some embodiments, personal device 120 may transmit acquired personal device data 131 to computing device 30 using one or more communication networks 140, which will be described in more detail herein.
  • the acquired personal device data 131 may be anonymous data 131 A.
  • anonymous data refers to data, from which the origin of the data cannot be uniquely identified.
  • the origin of the data may refer to the personal device 120, e.g., a unique identifier, e.g., a MAC address.
  • the origin of the data may refer to a user 105 associated with the data, either through ownership, use, or other relationship with the device, e.g., a username, a user's name, or a user's social security or other identifying number, or network address or identification.
  • the device may be able to recognize the origin of the data, e.g., an identity of personal device 120, that is transmitting the data due to the nature of the data transmission, but be unable to deduce the origin of the data through the data itself, in which case, in some embodiments, this data is still considered anonymous data 131 A.
  • the origin of the data e.g., an identity of personal device 120
  • this data is still considered anonymous data 131 A.
  • Anonymous data 131 A may include data for which uniquely identifying information has been removed, or data for which uniquely identifying information has been concealed, obscured, made uncertain, made ambiguous, screened, camouflaged, masked, veiled, shrouded, hidden, encoded, encrypted, or otherwise altered.
  • the received anonymous data 131 A never included uniquely identifying information.
  • anonymous data 131 A may partially or non- uniquely identify its origin, e.g., the user 105 or the personal device 120 from which the anonymous data came.
  • uniquely identifying information may be extracted from anonymous data 535 A using additional information, e.g., a lookup table, hash, or other known algorithm.
  • uniquely identifying information may be deduced from anonymous data 531 A without additional information. In some embodiments, uniquely identifying information may not be retrieved from anonymous data 131 A once the data is in its anonymous format.
  • acquired personal device data 131 may include non- anonymous data 13 IB.
  • non-anonymous data 13 IB may identify, either explicitly or implicitly, the origin of the data. In some embodiments, the origin of the data may refer to the personal device 120, e.g., a unique identifier, e.g., a MAC address.
  • the origin of the data may refer to a user 105 associated with the data, either through ownership, use, or other relationship with the device, e.g., a username, a user's name, or a user's social security or other identifying number, or network address or identification.
  • Figs. 1 A- ID data anonymization systems and methods are illustrated. Although these systems and methods are illustrated as part of computing device 130, this is merely for convenience of drawing.
  • one or more of data de-anonymization information storing module 135, data anonymizer module 134A, and data obscuring module 134B may be located within personal device 120. In an embodiment, these modules may interact directly with device memory 126.
  • computing device 130 may include a data anonymizer module 134A that converts non-anonymous data 13 I B into anonymized data, in a process described in more detail with respect to Figs. 1C and 1 D.
  • the additional data may be stored in data de- anonymization information storing module 135,
  • computing device 130 may include a data obscuring module 134B.
  • data obscuring module 134B may obscure the non-anonymous data 131 B, similarly to the data anonymizer module 134A.
  • data obscuring module 134B may apply data masking.
  • data obscuring module 134B may obscure by addition, e.g., by adding false identification information to the true identification information, so that the false identification information may not be distinguished from the true identification information.
  • Data de-anonymization information storing module 135, data, anonymizer module 134A, and data obscuring module 134B may be absent in some embodiments.
  • computing device 130 may include service developer interface module 136.
  • Service developer interface module 136 may communicate with service developer 160, e.g., via communication network 140.
  • service developer interface module 136 may provide limited information regarding the acquired personal device data 131.
  • sendee developer interface module 136 may provide information to service developer 160 regarding the type of data collected.
  • service developer interface module 136 may provide information to service developer 160 regarding an aggregate synopsis of the data collected.
  • service developer 160 may receive such information and make a decision about what, types of services to develop, e.g., using development decision module 162.
  • computing device 130 may include service provider interface module 138.
  • service provider interface module 138 may communicate with service provider 170, e.g., via
  • service provider interface module 138 may include data rights management module 138A.
  • data, rights management module 138 A may keep track of which services have rights to which personal device data.
  • service 172 A may have rights to certain anonymous data 131 A.
  • service 172B may have rights to data that has been processed through the data anonymizer 134 A.
  • service provider interface module 138 may include service information module 138B.
  • Service information module I38B may include a list of services that are provided from sendee provider 170, so that such information may be delivered to personal device 120, in an embodiment.
  • computing device 130 may present one or more of the services listed in service information module 138B to personal device 120, either upon request, or upon detecting that personal device 120 may be interested in one or more of the services.
  • sendee provider 170 may provide services to a personal device 120. In an embodiment, these sendees may be delivered to directly to personal device 120. In an embodiment, service provider 170 has limited or no communication with personal device 120, and communication is handled through an intermediary, e.g., computing device 130. In an embodiment, computing device 130 handles the delivery of sendees and data between sendee provider 170 and personal device 120 such that protected data 126A and protected component 128A are protected from service provider 170, but that sendee provider 170 can still provide services, e.g., service 172A and service 172B, to personal device 120. In an embodiment, sendee provider 170 includes a list of services management module 174 that maintains a list of services to present to computing device 130, e.g., to allow service information module 138B of computing device 130 to maintain information about various services.
  • the communication network 140 may include one or more of a local area network (LAN), a wide area network (WAN), a metropolitan area network (MAN), a wireless local area network (WLAN), a personal area network (PAN), a Worldwide Interoperability for Microwave Access (WiMAX), public switched telephone network (PTSN), a general packet radio sendee (GPRS) network, a cellular network, and so forth.
  • the communication networks 140 may be wired, wireless, or a combination of wired and wireless networks.
  • communication network refers to one or more communication networks, which may or may not interact with each other and which, in some embodiments, may work in concert, wittingly or unwittingly, to facilitate communication between one or more entities.
  • an embodiment may include a personal device 120A and a personal device 120B.
  • Personal device 120 A may generate non-anonymous data 144 A
  • personal device 120B may generate non-anonymous data 144B.
  • Non anonymous data I44A and non-anonymous data 144B may be transmitted to computing device 130A, which may be a non-exclusive and non-limiting example of computing device 130.
  • computing device 130A may include a data anonymizer module 134A.
  • data anonymizer module 134A may include irreversible anonymizer module 137A, which generates anonymous data that is irreversible, e.g., in an example, the identifying data has been removed.
  • data anonymizer module 134A may include collective anonymizer module 137B, which may take the non-anonymous data 144 A and the non-anonymous data 144B and create an aggregated, general anonymous data, as shown Fig. 1C.
  • data anonymizer module 134 A may include reversible anonymizer module 137C, which may use a private lookup table 135 A to convert the non-anonymous data into anonymous data.
  • that private lookup table 135 A may be stored in the data- deanonymization information storing module 135.
  • a computing device 130B may have a data anonymizer 134 A that may apply an anonymizing function 132 A, as shown in Fig. ID.
  • an anonymizing function may use a cryptographic method, a perturbation method, a DataFly algorithm, top-down specialization, and/or Mondarian multi-dimensional k-anonymity, as non-limiting and non-exclusive examples.
  • a data obscuring module 134B obscures the non-anonymous data.
  • the obscuring may be accomplished by adding similar-looking and plausible "false" data to the actual identifying data, so that later, the true data cannot be determined merely by looking at the data.
  • the anonymized data may be used by the service pro vider interface module 38 to give data to the service provider 170, either to carry out a portion of a service, or to determine which services may be useful to one or more personal devices 120.
  • Fig. IE shows an embodiment of the invention focusing on a sendee provider 170 and a computing device 130C.
  • Computing device 130C may receive data from one or more devices, and that data may be anonymized already, or may not be anonymized, or may already be obscured.
  • computing device 130C may generate obscured data, from the data received from one or more devices, whether received directly from the one or more devices, or indirectly from another source.
  • Computing device 130C may obscure received data, even if the received data is already anonymized.
  • computing device 130C may not perform additional steps on previously anonymized or obscured data.
  • computing device 130C may request one or more services 190 that may be executed on one or more devices.
  • the one or more services may be performed independently by the one or more devices, or may be performed with facilitation of one or more portions of the services by computing device I30C.
  • Computing device 130C may request that service provider 170 provide one or more services that can be presented to the one or more devices.
  • computing device 130C may transmit, obscured data 185 to service provider 170. This transmission may take place via any form of network, e.g., communication network 140 (not pictured in Fig. IE).
  • service provider 170 may be integral with computing device 130C.
  • service provider 170 and computing device 130C may be under the control of a single entity.
  • service provider 170 may receive the obscured data 185.
  • the obscured data 185 may be in any format, as described in several examples herein.
  • the examples illustrated in Fig. IE and in the following figures are intended for ease of understanding only, and should not be considered an exhaustive or an exclusive enumeration of ways that data may be obscured.
  • irreversible anonymous data 1 85A may be obscured by deleting the device origin information from the data, such that the data cannot be recovered using the irreversible anonymous data 185 A.
  • a copy of the original data may be retrieved.
  • computing device 130C may store a separate copy of the data that resulted in the irreversible anonymous data 185A, with uniquely identifying device information present in the copy kept by computing device 130C,
  • obscured data 185 may include reversible anonymous data 185B
  • Data 185B is not limited to a particular type of format, but a simple example is shown.
  • the device identifiers of the one or more personal devices 120A and 120B e.g., 00123 and 00124, are converted to new identifiers XYZ and YYZ (e.g., as shown in Fig. 1C), which, in an embodiment, may prevent service provider 170 from learning the identity of devices 00123 and 00124.
  • reversible anonymous data 185B may be converted into data that uniquely identifies one or more devices, through the providing of one or more algorithms, lookup tables, keys, encryption keys, hash functions, and the like.
  • obscured data 185 may include general anonymous data 185C.
  • this ty e of data may include any format of aggregated data which gives information about one or more devices, but does not particularly identify the one or more devices that led to the aggregate information.
  • general anonymous data I85C may include such data as "thirty- five devices with more than twenty contacts in a contact list found," or more specific data, such as "thirty-five s ariphones, e.g., Apple iPhone 4S running iOS 6.0, with more than 2.0 gigabytes of space remaining, with more than twenty contacts in a contact list found.”
  • service provider 170 may receive obscured data 185, as shown in Fig. IE.
  • service provider 170 may include an obscured data analyzer module 173.
  • Obscured data analyzer module 173 may receive the obscured data 185 and use the obscured data 185 to determine one or more services or types of services that may be useful to the devices referenced in the obscured data 185.
  • Obscured data analyzer module 173 may be completely automated, or may have some human intervention in the process.
  • obscured data analyzer 173 may obtain obscured data 185 from several different computing devices 130C, which may allow service pro vider 170 to provide one or more services more efficiently.
  • service provider 170 may include service management module 174.
  • Service management module 174 may include existing service analyzing module 174A and new service generation module 174B.
  • Existing service analyzing module 174A and new service generation module 174B may work together or separately, and with or without obscured data analyzer module 173, to determine if a. service exists that meets the needs determined based on the received obscured data. If such a service does not exist, then new service generation module 174B may generate a new service, either by requesting from a third party, requesting human intervention, e.g., human programming of a new service, or may generate a new service automatically.
  • service provider 170 may include a se dee transmission module 175, which may transmit one or more se dees 186 back to the computing device 130C, e.g., to sendee receiving module 138B, which, in an embodiment, may be a portion of service provider interface module 138.
  • deobscuring data 187 which may be data that can deobscure the obscured data 185, may be transmitted to the sendee provider 170, e.g., to data deobscuring module 176 of service provider 170.
  • deobscuring data 187 is combined with obscured data 185 to result in deobscured data.
  • deobscuring data 187 does not need to be combined with obscured data 185 in order to result in the deobscured data.
  • deobscuring data 587 may be transmitted upon receipt of one or more sendees 186.
  • one or more actions related to one or more sendees 1 86 e.g., proposing the one or more services to one or more devices, may be carried out prior to transmitting the deobscuring data 587.
  • computing device 130C may not transfer deobscuring data 187 if a particular number of users do not use one or more services 186.
  • Fig. I F shows an embodiment of the invention as shown in exemplary embodiment 100"".
  • Fig, IF shows computing device 130D interacting with personal device 120.
  • computing device 130D receives device data 588 from personal device 120.
  • Fig, I F shows this transfer as coming directly from personal device 120, in an embodiment, computing device 130D may receive device data 188 from any source, including a third device, a communication network, a. social networking site, a device manufacturer, and the like.
  • a third device including a third device, a communication network, a. social networking site, a device manufacturer, and the like.
  • computing device 130D monitors one or more personal devices 120 for device data 188. In an embodiment, computing device 130D monitors one or more other sources for device data 188 regarding personal devices 120.
  • device data 188 may include data that personal device 120 has collected. In an embodiment, the device data 188 may be modified to obscure an identity of the device 120 or a user of the device 120. In an embodiment, the device data 188 is not obscured. In an embodiment, device data 188 may be about data that is stored on device 120 or otherwise under the control of personal device 120, rather than being the actual data under the control of personal device 120. For example, as shown in Fig. IF, personal device 120 may include protected data 126A, which, in an embodiment, may mclude the last thirty locations visited by personal device 120. In an embodiment, device data 188 may include the last thirty locations visited by personal device 120.
  • device data 188 may include an indication that personal device 120 has thirty device locations stored in its memory. In an embodiment, device data 188 may include an indication that personal device 120 has thirty device locations stored in its memory, and 20 of those locations are locations for which an interest has been expressed by an entity in communicatio with computing device 130D.
  • computing device 130D may mclude personal device interface module 132.
  • Personal device interface module 132 may include data value monitoring module 132 A.
  • data value monitoring module 132A may receive information regarding which types of data are valuable (e.g., location data, or location data indicating that a device is inside Times Square on Ne Years' Eve, and the like), and may monitor one or more devices and other locations for one or more indications that a personal device 120 has data estimated to be valuable, and whether that data is protected.
  • personal device interface module may include device information receiving module 132B configured to receive device data 188.
  • Device data 188 may have any number of formats, as described above, and as shown by way of non-limiting example in the examples given further herein.
  • computing device 130D may include device monitoring module 132C.
  • device monitoring module 132C may monitor one or more personal devices 120 through any monitoring technique.
  • device monitoring module 132C may include software, hardware, or firmware associated with personal device 120, that may be configured to report back to device monitoring module 132C at particular intervals.
  • device monitoring module 132C may monitor personal device 120 through one or more communication networks 140 (not pictured), and may communicate directly with personal device 120.
  • device monitoring module 132C may monitor personal device 120 through indirect means, e.g., through other devices or systems that may be used by personal device 120.
  • personal device interface module 132 may include service offering module 132D.
  • computing device 130D may acquire one or more services. These services may be presented to personal device 120, either for presentation to a user, or for an automated decision regarding whether to accept the services.
  • the one or more services 188 may require access to protected data, e.g., protected data 126A of the personal device 120, or one or more protected components, e.g., protected component 128 A of personal device 120, or both.
  • computing device 130D may facilitate the presentation of the one or more services to a user 105 of the personal device 120, via the personal device 120.
  • Fig. IB shows a more detailed description of personal device 120.
  • personal device 120 may include a processor
  • Processor 1 10 may include one or more microprocessors, Central Processing Units ("CPU"), a Graphics Processing Units ("GPU"), Physics Processing Units, Digital Signal Processors, Network Processors, Floating Point Processors, and the like.
  • processor 1 10 may be a server.
  • processor 1 10 may be a distributed-core processor.
  • processor 1 10 is as a single processor that is part of a single personal device 120, processor 1 10 may be multiple processors distributed over one or many devices 120, which may or may not be configured to operate together.
  • Processor 110 is illustrated as being co figured to execute computer readable instructions in order to execute one or more operations described above, and as illustrated in Figs.
  • processor 110 is designed to be configured to operate as processing module 150, which may include one or more of data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152, agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154, indicator of continued agent, access to one or more particular device protected portions and stoppage of the one or more services presenting module 156, and presentation of an optional choice for discontinuation of agent access to the one or more particul ar device protected portions facilitation module 158.
  • processing module 150 may include one or more of data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152, agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154, indicator of continued agent, access to one or more particular device protected portions and stoppage of the one or more services presenting module 156, and presentation of an optional choice for discontinuation of agent access to the one or more particul ar device protected portions
  • personal device 120 may include a device memory 126.
  • memory 126 may comprise of one or more of one or more mass storage devices, read-only memory (ROM), programmable readonly memory (PROM), erasable programmable read-only memory (E.PROM), cache memory such as random access memory (RAM), flash memory, synchronous random access memory (SRAM), dynamic random access memory (DRAM), and/or other types of memory devices.
  • ROM read-only memory
  • PROM programmable readonly memory
  • E.PROM erasable programmable read-only memory
  • cache memory such as random access memory (RAM), flash memory, synchronous random access memory (SRAM), dynamic random access memory (DRAM), and/or other types of memory devices.
  • RAM random access memory
  • SRAM synchronous random access memory
  • DRAM dynamic random access memory
  • memory 126 may be located at a single network site. In some embodiments, memory 126 may be located at multiple network sites, including sites that are distant from each other.
  • personal device 120 may include protected component 128A and unprotected component 128B, as also referenced in Fig. 1 A.
  • protected component 128A may include one or more components, and each component may be hardware, software, firmware, data structure, class, API, data in any format, links, pointers, or references to other data or locations, interfaces, or any combination of the foregoing and the like.
  • unprotected component 128B may include one or more components.
  • interface component 128 also may include one or more optional components, including component monitoring module 128C, device monitoring module 128D, application monitoring module 128E, and/or security module 128F.
  • component monitoring module 128C may be present, and may track which entities are accessing various protected components 128 A. In another embodiment, component monitoring module 128C may be omitted.
  • interface component 128 may include device monitoring module 128D.
  • Device monitoring module 128D may monitor one or more conditions of the device, e.g., which applications are loaded in memory, which resources of the device are being used by which applications, or may track usage statistics, utilization statistics, and the like.
  • Device monitoring module 128D may monitor the device at various levels of detail, e.g., at the whole-device level, at the application level, at the process level, at the resource level, or at the interface level, or any combination of those or similar levels of detail.
  • interface component 128 may include application monitoring module 128E.
  • Application monitoring module 128E may be part of an application, part of an operating system, hard-coded or hard-wired into the device, or may be a separate application that runs in the foreground or in the background of the device.
  • Application monitoring module 128E may monitor one application, a set of applications, or all applications on the device.
  • Application monitoring module 128E may monitor various aspects of one or more applications, e.g., usage, utilization, resources used, and the like.
  • interface component 128 may include security module 128F.
  • Security module 128F may monitor one or more access levels of various portions of the device, e.g., applications, components, interfaces, memory blocks, modules, and the like. In an embodiment, security module 128F may monitor security levels only and report. In another embodiment, security module 128F may perform other functions, such as modifying security levels or removing security access to one or more portions or from one or more portions.
  • Each of compone t monitoring module 128C, device monitoring module 128D, application monitoring module 128E, and security module 128F may be included individually or in any combination, or may be excluded entirely, in various embodiments.
  • Fig. 2 illustrates an exemplar ⁇ ' implementation of the data, regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152.
  • the data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152 may include one or more sub-logic modules in various alternative implementations and embodiments. For example, as shown in Fig. 2, e.g.. Fig.
  • module 152 may include one or more of data regarding presence of the Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 202, data regarding installation status of Agent that, is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 204, data regarding user activation of Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 206, data regarding agent that is configured to provide one or more services requiring access to one or more particular device protected portions and to selectively access the one or more particular device protected portions obtaining module 208 (e.g., which, in some embodiments, may include data regarding bicycle efficiency monitoring agent that is configured to provide one or more cycling efficiency displaying services requiring access to one or more particular device protected portions and to selectively access the one or more particular device protected portions obtaining module 210), data regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions receiving from the particular device module 212
  • module 152 may include one or more of data regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining from operating system module 216, data, regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions monitoring via one or more transmissions to and/or from the one or more particular device protected portions module 218, data from one or more particular device logs regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 220, and detectable indicator that the agent has carried one or more services and continues access to one or more particular device protected portions detecting module 222.
  • module 152 may include detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting module 224.
  • module 224 may include one or more of detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting by analyzing at least a portion of the particular device module 226, detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially using a report issued by the particular device module 228, detectable indicator that the agent has terminated activity directed to carrying one or more sendees and continues access to one or more particular device protected portions after terminated acti vity detecting by analyzing data flow of the one or more particular device protected portions module 230, and detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially
  • module 232 may include detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially using a report issued by a kernel-based monitoring agent for the one or more particular device protected portions module 234.
  • Fig. 3 illustrates an exemplary implementation of agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154
  • the agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154 may include one or more sub- logic modules in various alternative implementations and embodiments.
  • module 154 may include one or more of notification of stoppage of the one or more services receiving module 302 and notification of agent continuing access to the one or more particular device protected portions receiving module 304.
  • module 302 may include one or more of notification of stoppage of the one or more services receiving from agent, module 306 and notification of stoppage of the one or more services receiving from particular device operating system module 308.
  • module 304 may include one or more of notification of agent continuing access to the one or more particular device protected portions receiving from the one or more particular device protected portions module 310, notification of agent continuing access to the one or more particular device protected portions receiving from a protected device component module 312, and notification of agent continuing access to the one or more particular device protected portions receiving from a notification agent module 316.
  • module 312 may include notification of agent continuing access to the one or more particular device protected portions receiving from a protected device component that is a part of the one or more particular device protected portions module 314.
  • module 154 may include one or more of termination of one or more agent actions to carry out the one or more sendees detecting module 318 and agent prevention of stoppage of access to the one or more particular device protected portions detecting module 320.
  • module 320 may include one or more of agent prevention of stoppage of access to the one or more particular device protected portions detection by particular device monitoring module 3222 and agent prevention of stoppage of access to the one or more particular device protected portions detection by particular device outputs presented to a particular device user monitoring module 324,
  • module 154 may include one or more of indicator of agent stoppage of the o e or more services obtaining module 326 and indicator of agent continuing access to one or more particular device protected portions obtaining module 328.
  • module 328 may include one or more of indicator of agent continuing access to one or more particular device protected portions obtaining by particular device state monitoring module 330, indicator of agent continuing access to one or more particular device protected portions obtaining by monitoring agent access level data module 332, indicator of agent continuing access to one or more particular device protected portions obtaining by monitoring particular device access data module 334, indicator of agent continuing access to one or more particular device protected portions obtaining by monitoring attempts to access the one or more particular device protected portions module 336, and indicator of agent continuing access to one or more particular device protected portions obtaining by carrying out agent analysis module 338.
  • module 154 may include one or more of agent stoppage of the one or m ore services and agent continued access to one or more particular device protected portions detection module 340, friend- finding agent stoppage of the one or more friend- finding services and friend- fin ding agent continuing access to a particular device contact list detection module 342, and agent-based notification of stoppage of the one or more services and notification of agent continuing access to one or more particular device protected portions receiving module 346.
  • module 342 may include friend- finding agent location of one or more entities listed in the particular device contact list completed and stoppage of the one or more friend-finding services and friend-finding agent continuing access to the particular device contact list after location and identification of the one or more entities detection module 344.
  • module 346 may include one or more of age t-based notification of stoppage of the one or more services and a gent-based notification of continuing access to one or more particular device protected portions receiving module 348 and agent-based notification of stoppage of the one or more services and particular device protected portion-based notification of agent continuing access to one or more particular device protected portions receiving module 350.
  • Fig. 4 illustrates an exemplary implementation of indicator of continued agent access to one or more particular device protected portions and stoppage of the one or more services presenting module 156.
  • the indicator of continued agent access to one or more particular device protected portions and stoppage of the one or more services presenting module 156 may include one or more sub-logic modules in various alternative implementations and embodiments. For example, as shown in Fig. 4, e.g., Fig.
  • module 156 may include one or more of visual representation of continued agent access to one or more particular device protected portions and stoppage of the one or more services presenting on a particular device output component module 402, indicator of continued agent access to one or more particular device pro tected portions and stoppage of the one or more services presenting, to an entity related to the particular device, module 408, notification of continued agent access to one or more particular device protected portions and stoppage of the one or more services presenting module 410, and visual notification of continued agent access to one or more particular device protected portions and stoppage of the one or more services displ aying via the particular device module 412.
  • module 402 may include visual representation of continued agent access to a tablet device positioning sensor and stoppage of the one or more services presenting on a particular device output component module 404.
  • module 404 may include visual representation of continued agent access to a tablet device positioning sensor and stoppage of a child's road trip assistance service presenting on a particular device output component module 406.
  • module 412 may include notification icon of continued agent access to one or more particular device protected portions and stoppage of the one or more services displaying via a particular device screen module 414.
  • module 156 may include one or more of list of one or more agents that ha ve continued agent access to one or more particular device protected portions and one or more indicators of one or more of the one or more agents that have stopped the one or more services presenting module 416, report describing continued agent access to one or more particular device protected portions and the report indicating whether the one or more services have been stopped obtaining module 418, instructing the particular device to present the indicator of continued agent access to one or more particular device protected portions and stoppage of the one or more services module 420, and altering an agent presentation to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 422.
  • module 422 may include one or more of changing a color of a visual representation of the agent, to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 424 and altering one or more steps to be carried out for a user to select an agent to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 426.
  • module 426 may include adding one or more steps required to be carried out by the user to select an agent to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 428.
  • module 156 may include relative location within an operating system of an agent presentation altering to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 430.
  • Fig. 5 illustrates an exemplary implementation of agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 158.
  • the agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 158 may include one or more sub- logic modules in various alternative implementations and embodiments.
  • module 158 may include one or more of presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions device instruction module 502 and optional choice for discontinuation of agent access to the one or more particular device protected portions presenting module 508.
  • module 502 may include presentation of an optional choice for instructing a module of the particular device to discontinue agent access to the one or more particular device protected portions device instruction module 504.
  • module 504 may include presentation of an optional user-selectable choice for instructing a module of the particular device to discontinue agent access to the one or more particular device protected portions device instruction module 506.
  • module 508 may include optional choice for discontinuation of agent access to the one or more particular device protected portions presenting to a protected portion access control portion of the particular device mod le 510.
  • module 158 may include one or more of presentation of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 512 and presentation, to an entity related to the particular device, of an optional choice for discontinuation of agent access to the one or more particular device protected portions facilitation module 51 8.
  • module 512 may include one or more of presentation, prior to agent operation, of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 514 and presentation, prior to agent acquisition, of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 516.
  • module 158 may include one or more of selectable choice for discontinuation of agent access to the one or more particular device protected portions displaying module 520, agent access to the one or more particular device protected portions terminating module 522, presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions by disabling the agent facilitation module 530, and presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions by removing the agent facilitation module 532.
  • module 520 may include selectable choice for discontinuation of access of multiple agents, including the agent, to the one or more particular device protected portions displaying module 524.
  • module 522 may include one or more of class of one or more agents, including the agent, access to the one or more particular device protected portions terminating module 526 and each of one or more agents access to the one or more particular device protected portions terminating module 528.
  • module 158 may include one or more of presentation of an optional choice for establishing limitations for agent access to the one or more particular device protected portions facilitation module 534 and presentation of an optional choice for requiring an anonymization of data used for continued agent access to the one or more particular device protected portions facilitation module 546.
  • module 534 may include one or more of presentation of an optional choice for requiring explicit grant, of access for
  • module 538 may include presentation of an optional choice for setting a limit on a number of times during a particular time period that the agent is permitted to reestablish access to the one or more particular device protected portions facilitation module 540.
  • module 542 may include presentation of an optional choice for establishing a particular location as a prerequisite condition for allowing reestablishment of agent access to the one or more particular device protected portions facilitation module 544.
  • module 542 may include presentation of an optional choice for establishing a particular location as a prerequisite condition for allowing reestablishment of agent access to the one or more particular device protected portions facilitation module 544.
  • FIG. 6 various operations may be depicted in a box-within-a-box manner. Such depictions may indicate that an operation in an internal box may comprise an optional example embodiment of the operational step illustrated in one or more external boxes. However, it should be understood that internal box operations may be viewed as independent, operations separate from any associated external boxes and may be performed in any sequence with respect to all other illustrated operations, or may be performed concurrently. Still further, these operations illustrated in Fig. 6-10 as well as the other operations to be described herein may be performed by at least one of a machine, an article of manufacture, or a composition of matter.
  • Fig. 6 shows operation 600, which may include operation 602 depicting acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services.
  • operation 602 depicting acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services.
  • Fig. 1 e.g., Fig.
  • IB shows data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 152 acquiring (obtaining, receiving, calculating, selecting from a list or other data structure, receiving, retrieving, or receiving information regarding, performing calculations to find out, retrieving data that indicates, receiving notification, receiving information that leads to an inference, whether by human or automated process, or being party to any action or transaction that, results in informing, inferring, or deducting, including but not, limited to circumstances without absolute certainty, including more-likely-than-not and/or other thresholds) data regarding (e.g., a name of an application, a type of application, any characteristic or attribute of an application, whether defined by the application, the device, or a third party, whether universal or local, and the like) an application (e.g., a collection of one or more of hardware, software, firm ware, APIs, networked resources, libraries, and the like) configured to access (e.g., one or more of sending and recei ving
  • operation 600 may include operation 604 depicting detecting that the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 1 e.g.. Fig.
  • I B shows agent stoppage of the one or more services and agent continuing access to one or more particular device protected portions detection module 154 detecting that the application (e.g., a collection of one or more of hardware, software, firmware, APIs, networked resources, libraries, and the like) has completed (e.g., the application has reached a point at which an observer would conclude that at least one task has been carried to completion, with assistance from the application, either in whole or in part) at least one of the one or more services and that the application maintains (e.g., the application's access level does not change upon the aforementioned completion) access to the one or more protected portions (e.g., any structure, whether virtual, physical, relative, absolute, dynamically or statically defined, programmable, changeable, and the like, for which there is a requirement imposed on at least one entity in order to access the portion, regardless of whether the requirement, is onerous or taxing, and regardless of whether the requirement is consistently applied, always applied, or applied in a particular pattern) of the particular device.
  • operation 600 may include operation 606 depicting presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 1 e.g., Fig. I B
  • operation 600 may include operation 608 depicting facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • operation 608 depicting facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 1 e.g., Fig.
  • I B shows presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions facilitation modulel 58 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show , through any combination of visual and non-visual interfaces) of an option (e.g., a nonrequired selectable interface) to discontinue (e.g., stop, or being the process of stopping, or attempting to stop, regardless of the success, regardless of whether said stop is temporary or permanent) the access of the application to the one or more protected portions of the particular device,
  • an option e.g., a nonrequired selectable interface
  • Figs. 7A-7C depict various implementations of operation 602, depicting acquiring data, regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services according to embodiments.
  • operation 602 may include operation 702 depicting acquiring data, regarding a. presence of the application configured to access one or more protected portions of a particular device, said application configured to provide one or more services.
  • Fig. 2 e.g., Fig.
  • FIG. 2A shows data regarding presence of an agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining niodule202 acquiring data regarding a presence of the application (e.g., a report from the device operating system) configured to access one or more protected portions (e.g., picture data) of a particular device (e.g., a network-enabled digital camera), said application configured to provide one or more services (e.g., a picture tagging sendee).
  • a presence of the application e.g., a report from the device operating system
  • protected portions e.g., picture data
  • a particular device e.g., a network-enabled digital camera
  • operation 602 may include operation 704 depicting acquiring data regarding an installation of the application configured to access one or more protected portions of the particular device, said application configured to provide one or more services.
  • Fig. 2 e.g., Fig. 2A
  • operation 602 may include operation 706 depicting acquiri g data, regarding a. user activation of the application configured to access one or more protected portions of the particular device, said application configured to provide one or more services.
  • Fig. 7 A may include operation 706 depicting acquiri g data, regarding a. user activation of the application configured to access one or more protected portions of the particular device, said application configured to provide one or more services.
  • Fig. 2 A shows data regarding user activation of agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 206 acquiring data regarding a user activation (e.g., a user executing, e.g., a user giving an instruction to an operating system of a device, e.g., a smart television, to run the program., e.g., an internet usage monitoring service) of the application (an internet usage application) configured to access one or more protected portions (e.g., the network communication component) of the particular device (e.g., the smart television), said application configured to provide one or more services (e.g., a sendee that monitors content that is viewed online).
  • a user activation e.g., a user executing, e.g., a user giving an instruction to an operating system of a device, e.g., a smart television, to run the program., e.g., an internet usage monitoring service
  • the application
  • operation 602 may include operation 708 depicting acquiring data regarding an application configured to access one or more protected portions of a particular device, said application configured to provide one or more services that require access to the one or m ore protected portions of the particular device.
  • Fig. 2 e.g., Fig.
  • FIG. 2A shows data regarding agent that is configured to provide one or more services requiring access to one or more particular device protected portions and to selecti vely access the one or more particular device protected portions obtaining module 208 acquiring data regarding an application (e.g., a picture uploading application) configured to access one or more protected portions (e.g., a picture depository stored in cloud network storage) of a particular device (e.g., a smartphone, and the picture depository is a part of the particular de vice because the particular device has control o ver it, e.g., the ability to perform one or more of viewing, modifying, altering, adding to, subtracting from, and deleting one or more files that are part of the depository), said application configured to provide one or more services (e.g., a picture uploading service) that require access to the one or more protected portions of the particular device.
  • an application e.g., a picture uploading application
  • protected portions e.g., a picture depository stored in cloud network storage
  • operation 708 may include operation 710 depicting acquiring data regarding a bicycle efficiency application configured to access a positioning sensor of a. particular device, said bicycle efficiency application configured to provide one or more cycling efficiency statistics after a user of the particular device carries the device on a bicycle ride, said cycling efficiency statistics requiring use of the positioning sensor.
  • Fig, 2, e.g.. Fig, 2A shows data regarding bicycle efficiency monitoring agent that is configured to provide one or more cycling efficiency displaying services requiring access to one or more particular device protected portions and to selectively access the one or more particular device protected portions obtaining module210 acquiring data (e.g.
  • a bicycle efficiency application configured to access a positioning sensor of a particular device (e.g., a monitoring device that gets strapped to the handlebars of a bicycle), said bicycle efficiency application configured to provide one or more cycling efficiency statistics (e.g., elevatio change per ho ur) after a use of the particular device carries the device (e.g., rides a bicycle to which the device is attached) on a bicycle ride, said cycling efficiency statistics requiring use of the positioning sensor (e.g., the device may be able to use three-dimensional trianguladon, and it is noted that there may be other ways of measuring elevation changes, e.g., through an altimeter, but the device may not have an altimeter, or may choose to use three-dimensional position triangulation).
  • a positioning sensor of a particular device e.g., a monitoring device that gets strapped to the handlebars of a bicycle
  • said bicycle efficiency application configured to provide one or more cycling efficiency statistics (e.g., elevatio change per ho ur
  • operation 602 may include operation 712 depicting receiving data from the particular device, indicating a presence of the application configured to access one or more protected portions of the particular device, said application configured to provide one or more services.
  • Fig. 2 e.g., Fig.
  • FIG. 2A shows data regarding agent that is configured to provide one or more services and to selectively access one or more particular device protected portions receiving from the particular device module 212 receiving data (e.g., an indicator generated by the device operating system that the application is consuming one or more device resources, e.g., processor po was, fixed or random access memory, network resources, or use of one or more sensors and/or input/output interfaces) from the particular device (e.g., a cellular smartphone), indicating a presence of the application (e.g., an existence of the application, or a link or other relative indicator of the application) configured to access one or more protected portions of a particular device (e.g., a list of numbers called by the device's telephone function in the last seven days), said application configured to provide one or more services (e.g., a usage graph generator sendee).
  • data e.g., an indicator generated by the device operating system that the application is consuming one or more device resources, e.g., processor po was, fixed or random access
  • operation 602 may include operation 714 depicting scanning the particular device to determine an identity of an application configured to access one or more protected portions of the particular device, said application configured to provide one or more services.
  • Fig. 2 e.g., Fig.
  • Agent configured to provide one or more services and to selectively access one or more particular device protected portions obtaining by scanning the particular device module 214 scanning (e.g., performing any type of analysis on one or more portions of the device, including memory, whether fixed or removable, and other scans, e.g., of circuitry, sensors, input/output interfaces, and the like, and also including scans of data collected about the device, e.g., registry files, or remote log files) the particular device to determine an identity (e.g., a name of, or information about, or an internal designator, e.g., a process identification number) of an application (e.g., a picture enhancement sendee) configured to access one or more protected portions (e.g., a particular directory of pictures designated by the user as "private") of a particular device (e.g., a Wi-Fi enabled video camera), said application configured to provide one or more sendees (e.g., picture color enhancement).
  • an application e.g., a picture enhancement
  • operation 602 may include operation 716 depicting acquiring data regarding an application configured to access one or more protected portions of the particular device, from an operating system of the particular device, said application configured to provide one or more services.
  • Fig. 2 e.g., Fig.
  • Agent 2B shows data regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining from operating system module 216 acquiring data regarding an application (e.g., an ATM finding application) configured to access one or more protected portions of a particular de vice (e.g., a tablet device, e.g., an iPad), from an operating system (e.g., iOS) of the particular device (e.g., the tablet, e.g., the iPad), said application configured to provide one or more services (e.g., find the nearest ATM to the user's current location).
  • an application e.g., an ATM finding application
  • a particular de vice e.g., a tablet device, e.g., an iPad
  • an operating system e.g., iOS
  • the particular device e.g., the tablet, e.g., the iPad
  • said application configured to provide one or more services (e.g., find the nearest ATM to the user's current location).
  • operation 602 may include operation 718 depicting monitoring data, transmitted to and/ ' or from the one or more protected portions of the particular device, including data transmitted to and/'or from the application configured to access the one or more protected portions of the particular device.
  • Fig. 2 e.g., Fig.
  • Agent 2B shows data regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions monitoring via one or more transmissions to and/or from the one or more particular device protected portions module 218 monitoring (e.g., receiving all or a portion of, e.g., one data packet out of every ten, for example) data transmitted to and/or from the one or more protected portions (e.g., the GPS positioning tracker) of the particular device (e.g., a vehicle-mounted navigation system), including data transmitted to and/or from the application (e.g., a gas station gasoline price comparing application) configured to access the one or more protected portions of the particular device (e.g., the vehicle-mounted navigation system).
  • the application e.g., a gas station gasoline price comparing application
  • operation 602 may include operation 720 depicting receiving one or more usage logs of the particular device that include usage information regarding one or more applications configured to access the one or more protected portions of the particular device.
  • Fig. 2 e.g., Fig.
  • FIG. 2B shows data from one or more particular device logs regarding Agent that is configured to provide one or more services and to selectively access one or more particular device protected portions obtaining module 220 receiving one or more usage logs (e.g., a log of each time that a friend-finder application accessed a device contact list) of the particular device (e.g., a user's smartphone) that include usage information regarding one or more applications (e.g., logs of how often a friend finder application, as well as zero or more other applications that may be associated with the device, was used, and/or how often the friend finder application accessed various parts of the user's smartphone, e.g., the contact list stored on the smartphone or accessible to the smartphone) configured to access the one or more protected portions (e.g., the user's contact list) of the particular device (e.g., the user's smartphone).
  • usage logs e.g., a log of each time that a friend-finder application accessed a device contact list
  • the particular device
  • operation 602 may include operation 722 depicting detecting that the application has executed at least one of the o e or more services and that the application maintains access to the o e or more protected portions of the particular device.
  • operation 722 depicting detecting that the application has executed at least one of the o e or more services and that the application maintains access to the o e or more protected portions of the particular device.
  • Fig. 2 e.g., Fig.
  • FIG. 2B shows detectable indicator that the age t has carried one or more services and continues access to one or more particular device protected portions detecting module 222 detecting that the application (e.g., a voice synthesizing application) has executed at least one of the one or more services (e.g., disguising a user's voice while communicating with a telephone device) and that the application maintains access to the one or more protected portions (e.g., the microphone of the device) of the particular device (e.g., a VoIP-enabled telephone system).
  • the application e.g., a voice synthesizing application
  • the application maintains access to the one or more protected portions (e.g., the microphone of the device) of the particular device (e.g., a VoIP-enabled telephone system).
  • operation 602 may include operation 724 depicting detecting that, the appl ication has been terminated after executing at least, a portion of at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device after termination.
  • operation 724 depicting detecting that, the appl ication has been terminated after executing at least, a portion of at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device after termination.
  • Fig. 2 e.g., Fig.
  • the agent shows detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting module 224 detecting that the application (e.g., an internet usage monitoring service) has been terminated (e.g., stopped, either temporarily or until reactivated, and the like) after executing at least a portion of at least one of the one or more services (e.g., an internet usage monitoring service installed on a home computer to keep an eye on what the children are looking at online) and that the application (e.g., the internet usage monitoring service) maintains access to the one or more protected portions (e.g., a listing of the websites visited by a browser operating on the computer) of the particular device (e.g., the home computer) after termination.
  • the application e.g., an internet usage monitoring service
  • operation 724 may include operation 726 depicting detecting that the application has been terminated, by examining at least one portion of a memory of the particular de v ice, after executing at least a portion of at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device after termination.
  • Fig, 2 e.g., Fig.
  • FIG. 2B shows detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting by analyzing at least a portion of the particular device module 226 detecting that the application (e.g., a calories consumed tracker) has been terminated, by examining at least one portion of a memory (e.g., a portion of the memory where running applications reside) of the particular device (e.g., a home computer), after executing at least, a portion of the one or more services (e.g., allowing a user to enter in a meal eaten) and that the application maintains access to the one or more protected portions (e.g., a database of how many calories are in various foods) of the particular device after termination.
  • the application e.g., a calories consumed tracker
  • operation 724 may include operation 728 depicting detecting that the application has been terminated, by receiving a report from a memory monitoring application, after executing at least a portion of at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device after termination.
  • Fig. 2 e.g., Fig.
  • FIG. 2C shows detectable indicator that, the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially using a report, issued by the particular device module 228 detecting that the application has been terminated, by receiving a report form a memory monitoring application, after executing at least a portion of at least one of the one or more services (e.g., a soda pop vending machine locating service) and that the application maintains access to the one or more protected portions (e.g., positioning sensor) of the particular device after termination.
  • a report issued by the particular device module 228 detecting that the application has been terminated, by receiving a report form a memory monitoring application, after executing at least a portion of at least one of the one or more services (e.g., a soda pop vending machine locating service) and that the application maintains access to the one or more protected portions (e.g., positioning sensor) of the particular device after termination.
  • the one or more services e.g
  • operation 724 may include operation 730 depicting detecting that the application has been terminated after executing at least a portion of at least one of the one or more services and detecting, by monitoring data flow to and/or from the one or more protected portions of the particul ar device, that the application maintains access to the one or more protected portions of the particular de vice after termination.
  • Fig. 2 e.g., Fig.
  • 2C shows detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting by analyzing data flow of the one or more particular device protected portions module 230 detecting that the application has been terminated after executing at least a portion of at least one of the one or more services and detecting, by monitoring data flow to and/or from the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the particular device (e.g., a user's tablet device) after termination.
  • the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting by analyzing data flow of the one or more particular device protected portions module 230 detecting that the application has been terminated after executing at least a portion of at least one of the one or more services and detecting, by monitoring data flow to and/or from the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the
  • operation 724 may include operation 732 depicting detecting that the application has been terminated after executing at least a portion of at least one of the one or more services and detecting, by receiving a report from a. protected portion monitoring application, that the application maintains access to the one or more protected portions of the particular device after termination.
  • Fig, 2 e.g., Fig.
  • FIG. 2C shows detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially using a report issued by a monitoring agent for the one or more particular device protected portions module 232 detecting that the application (e.g., an application that, collects concert information and selects concerts a user of a device might be interested in, based on music listened to by a user of a device, e.g., a media player, or a device that includes a media player) has been terminated after executing at least a portion of at, least one of the one or more sendees (e.g., selecting concerts a user of a device might be interested in, based on music listened to by a user of a device) and detecting, by receiving a report from a protected portion monitoring application (e.g., which may be a part of the operating system, or may be a separate application), that the application maintains access to the one or more protected portions (
  • operation 732 may include operation 734 depicting detecting that the appl ication has been terminated after executing at least a portion of at least one of the one or more services and detecting, by receiving a report from a device operating system that monitors the one or more protected portions, that the application maintains access to the one or more protected portions of the particular device a fter termination.
  • Fig. 2 e.g., Fig.
  • FIG. 2C shows detectable indicator that the agent has terminated activity directed to carrying one or more services and continues access to one or more particular device protected portions after terminated activity detecting at least partially using a report issued by a kernel-based monitoring agent for the one or more particular device protected portions module 234 detecting that the application has been terminated after executing at least, a portion of at least one of the one or more services (e.g., a service that monitors body conditions to detect medical emergencies) and detecting, by receiving a report from a device operating system (e.g., an Android operating system, modified by a device vendor, running on a device manufactured by that vendor) that monitors the one or more protected portions, that the application maintains access to the one or more protected portions of the particular device after termination.
  • a device operating system e.g., an Android operating system, modified by a device vendor, running on a device manufactured by that vendor
  • Figs. 8A-8D depict various implementations of operation 604, depicting detecting that, the application has completed at least one of the one or more services and that the application maintains access to the one or more protected portions of the particular device, according to embodiments.
  • operation 604 may include operation 802 depicting receiving notification that, the application has completed at least one of the one or more services.
  • Fig. 3 e.g., Fig.
  • 3A shows notification of stoppage of the one or more services receiving module 302 receiving notification (e.g., receiving a packet of data that informs) that the application (e.g., a road trip planning application) has completed at least one of the one or more services (e.g., assisting in planning a road trip).
  • notification e.g., receiving a packet of data that informs
  • the application e.g., a road trip planning application
  • operation 604 may include operation 804 depicting receiving notification that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3, e.g., Fig. 3A shows notification of agent continuing access to the one or more particular device protected portions receiving module 304 receiving notification (e.g., an electrical impulse that causes a change of machine state) that the application (e.g., a video game enhancement application) maintains access to the one or more protected portions (e.g., a video card buffer memory) of the particular device (e.g., a video game system, e.g., a Nintendo Wii).
  • notification e.g., an electrical impulse that causes a change of machine state
  • the application e.g., a video game enhancement application
  • the particular device e.g., a video game system, e.g., a Nintendo Wii.
  • operation 802 may include operatio 806 depicting receiving notification, from the application, that the application has completed at least one of the one or more services.
  • Fig. 3, e.g., Fig. 3A shows notification of stoppage of the one or more services receiving from agent module 306 receiving notification (e.g., receiving an indicator), from the application, that the application (e.g., a wireless network strength analyzer) has completed at least one of the one or more services (e.g., analyzing the available wireless networks for a user to connect to).
  • operation 802 may include operation 808 depicting receiving notification, from a device operating system, that the application has completed at least one of the one or more services.
  • Fig. 3, e.g., Fig. 3A shows notification of stoppage of the one or more services receiving from particular device operating system module 308 receiving notification, from a device operating system (e.g., a customized operating system modified by a device vendor), that the application (e.g., a voice processing application) has completed at least one of the one or more services (e.g., preprocessing of received voice commands from a user).
  • a device operating system e.g., a customized operating system modified by a device vendor
  • the application e.g., a voice processing application
  • operation 804 may include operation 810 depicting receiving notification, from the one or more protected portions of the particular device, that the application m aintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig.
  • 3A shows notification of agent continuing access to the one or more particular device protected portions receiving from the one or more particular device protected portions module 310 receiving notification, from the one or more protected portions (e.g., an accelerometer of a device) of the particular device (e.g., a Windows phone, e.g., a Nokia Lumia), that the application (e.g., an impact-warning application that protects the device when it senses imminent impact) maintains access to the one or more protected portions (e.g., the accelerometer) of the particular device (e.g., the Windows phone).
  • the application e.g., an impact-warning application that protects the device when it senses imminent impact
  • operation 804 may include operation 812 depicting receiving notification, from a device component, that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig. 3A
  • a device component e.g., from a hardware-implemented application monitoring component
  • operation 812 may include operation 814 depicting receiving notification, from a device component that is part of the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the particular device.
  • a device component that is part of the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig.
  • 3A shows notification of agent continuing access to the one or more particular device protected portions receiving from a protected device component that is a part of the one or more particular device protected portions module 314 receiving notification, from a device component that is part of the one or more protected portions (e.g., a protected portion of the device includes a sensor and a monitor for that sensor that determines what entities are accessing the sensor, or, in another embodiment, a protected portion of the device includes a segment of memory, and an application designated to watch that segment of memory and identify one or more entities that are accessing or attempting to access that segment of memory) of the particular device (e.g., a laptop computer), that the application maintains access to the one or more protected portions of the particular device.
  • a protected portion of the device includes a sensor and a monitor for that sensor that determines what entities are accessing the sensor, or, in another embodiment, a protected portion of the device includes a segment of memory, and an application designated to watch that segment of memory and identify one or more entities that are accessing or attempting to access that
  • operation 804 may include operation 816 depicting receiving notification, from a notifying application that has access to the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the particular device.
  • a notifying application that has access to the one or more protected portions of the particular device, that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g.. Fig.
  • FIG. 3A shows notification of agent continuing access to the one or more particular device protected portions receiving from a notification agent module 316 receiving notification, from a notifying application (e.g., an application which has at least one purpose that is to determine what entities are accessing which portions of the device, for at least one entity and at least one portion of the device) that has access to the one or m ore protected portions of the particular device (e.g., a tablet device), that the application (e.g., a picture facial recognition service) maintains access to the one or more protected portions of the particular device (e.g., the image capturing sensor).
  • a notifying application e.g., an application which has at least one purpose that is to determine what entities are accessing which portions of the device, for at least one entity and at least one portion of the device
  • the application e.g., a picture facial recognition service
  • operation 604 may include operation 818 depicting detecting that the application has completed at least one of the one or more services.
  • Fig. 3 e.g., Fig. 3B, shows termination of one or more agent actions to carry out the one or more sendees detecting module 318 detecting that the application (e.g., a miles-run tracking application) has completed at lea st one of the one or more services (e.g., a service to track how many miles are ran as part of a training program)
  • operation 604 may include operation 820 depicting receiving notification that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3, e.g., Fig. 3B shows agent prevention of stoppage of access to the one or more particular device protected portions detecting module 320 receiving notification that the application (e.g., the miles-run tracking application) maintains access (e.g., after the user has indicated that the run is over, the application is still accessing the positioning sensor) to the one or more protected portions (e.g., the positioning sensor) of the particular device (e.g., an exercise assisting device).
  • the application e.g., the miles-run tracking application
  • the one or more protected portions e.g., the positioning sensor
  • the particular device e.g., an exercise assisting device.
  • operation 820 may include operation 822 depicting observing one or more states of one or more portions of the particular device to determine that the application has completed at least one of the one or more services.
  • Fig, 3, e.g., Fig, 3B shows agent prevention of stoppage of access to the one or more particular device protected portions detection by particular device monitoring module 322 observing (e.g., receiving data regarding, or receiving a report regarding, or being inserted in a communication line between two components, or a virtual insertion between two applications, or acting as a liaison or as an interface between two or more components, sensors, interfaces, users, and the like) one or more states (e.g., status information, e.g., environment dependent, and/or environment independent information) of one or more portions of the particular device (e.g., a smartphone) to determine that the application (e.g., a processor utilization monitoring service) has completed at least one of the one or more services.
  • the application e.g., a processor utilization monitoring service
  • operation 820 may include operation 824 depicting observing one or more outputs presented to a user via one or more output components of the particular device.
  • Fig. 3 e.g., Fig 3B
  • the particular device e.g., a video
  • operation 604 may include operation 826 depicting receiving notification that the application has completed at least one of the one or more services.
  • Fig. 3, e.g.. Fig. 3C shows indicator of agent stoppage of the one or more services obtaining module 326 receiving notification that, the application (e.g., has completed receiving notification that the application (e.g., a network connection management application) has completed at least one of the one or more services (e.g., has found an efficient network for a user who requested to download a movie).
  • the application e.g., has completed receiving notification that the application (e.g., a network connection management application) has completed at least one of the one or more services (e.g., has found an efficient network for a user who requested to download a movie).
  • operation 604 may include operation 828 depicting detecting that, the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig. 3C
  • the application e.g., the network connection management application
  • the protected portions e.g., the input/output stream of the network controller
  • operation 828 may include operation 830 depicting observing one or more states of one or more portions of the particular device to determine that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig. 3C
  • operation 828 may include operation 832 depicting reading one or more access level data related to the particular device, said access level data indicating one or more access levels of the application.
  • Fig. 3 e.g., Fig.
  • 3C shows indicator of agent, continuing access to one or more particular device protected portions obtaining by monitoring agent access level data module 332 reading one or more access level data related to the particular device (e.g., a listing of the access levels allowed for various applications, or a listing of the access levels required for various sensors and/or segments, and the like), said access level data indicating one or more access levels of the application (e.g., whether from the application side or the protected portion side, and whether referring to the application specifically or as part, of a group or classification of applications).
  • access level data e.g., a listing of the access levels allowed for various applications, or a listing of the access levels required for various sensors and/or segments, and the like
  • operation 828 may include operation 834 depicting reading access data related to the one or more protected portions of the particular device, said access data indicating one or more entities, including one or more applications, that have access to the protected portion.
  • Fig. 3 e.g.. Fig.
  • FIG. 3C shows indicator of agent continuing access to one or more particular device protected portions obtaining by monitoring particular device access data module 334 reading access data (e.g., data regarding access to one or more components, applications, segments of memory, sections, and the like) related to the one or more protected portions of the particular device (e.g., a desktop computer), said access data indicating one or more entities (e.g., persons, applications, application classes, developers, operating systems, and the like), including one or more applications, that have access to the protected portion.
  • access data e.g., data regarding access to one or more components, applications, segments of memory, sections, and the like
  • the particular device e.g., a desktop computer
  • said access data indicating one or more entities (e.g., persons, applications, application classes, developers, operating systems, and the like), including one or more applications, that have access to the protected portion.
  • operation 828 may include operation 836 depicting monitoring one or more accesses of the one or more protected portions of the particular device to determine that the application maintains access to the one or more protected portions of the particular device.
  • operation 836 depicting monitoring one or more accesses of the one or more protected portions of the particular device to determine that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig.
  • 3C shows indicator of agent continuing access to one or more particular device protected portions obtaining by monitoring attempts to access the one or more particular device protected portions module 336 monitoring one or more accesses of the protected portion (e.g., a velocity sensor) of the particular device (e.g., a cellular communication device) to determine that, the application (e.g., a location tracking device) maintains access to the one or more protected portions (e.g., the velocity sensor) of the particular device.
  • the protected portion e.g., a velocity sensor
  • the particular device e.g., a cellular communication device
  • operation 828 may include operation 838 depicting analyzing one or more features of the application to determine that the application maintains access to the one or more protected portions of the particul ar device.
  • Fig. 3 e.g., Fig. 3C
  • analysis module 338 analyzing one or more features of the application (e.g., at the source code level, the API level, the interface level, and the like, whether directly processing the application or processing related information about the application maintains access to the one or more protected portions of the particular device (e.g., a smartphone).
  • operation 604 may include operation 840 depicting detecting that, the application accesses the one or more protected portions of the particular device after completing at least one of the one or more services.
  • operation 840 depicting detecting that, the application accesses the one or more protected portions of the particular device after completing at least one of the one or more services.
  • Fig. 3 e.g., Fig.
  • 3D shows agent stoppage of the one or more services and agent particular access to one or more particular device protected portions detection modu!e.340 detecting that the applicatio (e.g., a soda pop vending machine locating sendee) accesses the one or more protected portions (e.g., the positioning sensor) of the particular device (e.g., a smartphone) after completing the one or more services (e.g., locating and/or providing directions to the user to the nearest soda pop vending machine with Sunkist Orange in stock).
  • the applicatio e.g., a soda pop vending machine locating sendee
  • the particular device e.g., a smartphone
  • operation 604 may include operation 842 depicting detecting that a. friend-finding application has completed a friend-finding service and that the friend-finding application maintains access to a contact list stored on the particular device.
  • Fig. 3 e.g.. Fig, 3D, shows friend-finding agent stoppage of the one or more friend-finding services and friend-finding agent continuing access to a.
  • particular device contact list detection module 342 detecting that a friend-finding application has completed a friend-finding service and that, the friend-finding application maintains access to a contact list stored on the particular device (e.g., a smartphone with a shared contact list, shared across several devices, including a laptop, a desktop, a tablet device, and a smartphone).
  • a contact list stored on the particular device (e.g., a smartphone with a shared contact list, shared across several devices, including a laptop, a desktop, a tablet device, and a smartphone).
  • operation 842 may include operation 844 depicting detecting that the friend-finding application has located one or more entities listed in the contact list stored on the particular device and identified the located one or more entities to a user of the particular device, and that the friend finding application accesses the contact list after the one or more entities listed in the contact, list have been located and identified to the user.
  • operation 844 depicting detecting that the friend-finding application has located one or more entities listed in the contact list stored on the particular device and identified the located one or more entities to a user of the particular device, and that the friend finding application accesses the contact list after the one or more entities listed in the contact, list have been located and identified to the user.
  • Fig. 3 e.g.. Fig.
  • 3D shows friend-finding agent, location of one or more entities listed in the particular device contact list completed and stoppage of the one or more friend-finding services and friend-finding agent, continuing access to the particular device contact list after location and identification of the one or more entities detection module 344 detecting that the friend-finding application has located one or more entities listed in the contact list stored on the particular device and identified the located one or more entities to a user of the device, and that the friend- finding application accesses the contact list after the one or more entities listed in the contact list have been located and identified to the user.
  • operation 604 may include operation 846 depicting receiving notification, from the application, that the application has completed at least one of the one or more services, and receiving notification that the application maintains access to the one or more protected portions of the particular device.
  • operation 846 depicting receiving notification, from the application, that the application has completed at least one of the one or more services, and receiving notification that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig.
  • 3D shows agent-based notification of stoppage of the one or more services and notification of agent continuing access to one or more particular device protected portions receiving module 346 receiving notification, from the application (e.g., a music categorizing application), that the application has completed at least one of the one or more services (e.g., classifying a iece of music recorded by the device or downloaded from, a website), and receiving notification (e.g., from the operating system, or from the protected portion, or from another application) that the application (e.g., the music categorizing application) maintains access to the one or more protected portions (e.g., the portion of memory where music is stored, or the microphone used to record the music) of the particular device,
  • the application e.g., a music categorizing application
  • operation 846 may include operation 848 depicting receiving notification, from the application, that the application has completed at least one of the one or more sendees, and receiving notification, from the application, that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 3 e.g., Fig.
  • 3D shows agent-based notification of stoppage of the one or more services and agent-based notification of continuing access to one or more particular device protected portions receiving module 348 receiving notification, from the application (e.g., a miles walked tracker), that the application has completed at least one of the one or more services (e.g., the application indicates that it is closing down, or that it has completed a discrete task), and receiving notification, from the application (e.g., the miles run tracker), that the application maintains access to the one or more protected portions (e.g., a pedometer) of the particular device (e.g., a portable pedometer device).
  • the application e.g., a miles walked tracker
  • the application e.g., the application indicates that it is closing down, or that it has completed a discrete task
  • the application e.g., the miles run tracker
  • the application maintains access to the one or more protected portions (e.g., a pedometer) of the particular device (e.g.
  • operation 846 may include operation 850 depicting receiving notification, from the application, that the application has completed at least one of the one or more services, and receiving notification, from the one or more protected portions of the particul ar device, that the application maintains access to the one or more protected portions of the particular device.
  • operation 850 depicting receiving notification, from the application, that the application has completed at least one of the one or more services, and receiving notification, from the one or more protected portions of the particul ar device, that the application maintains access to the one or more protected portions of the particular device.
  • 3D shows agent-based notification of stoppage of the one or more services and particular device protected portion-based notification of agent continuing access to one or more particular device protected portions receiving module 350 receiving notification, from the application (e.g., a hiking trail status tracking application that tracks a usability of a particular hiking trail in the current climate condition), that the application (e.g., the hiking trail status tracking application that tracks a usability of a particular hiking trail in the current climate condition) has completed at least one of the one or more services, and receiving notification, from the one or more protected portions of the particular device.
  • the application e.g., a hiking trail status tracking application that tracks a usability of a particular hiking trail in the current climate condition
  • the application e.g., the hiking trail status tracking application that tracks a usability of a particular hiking trail in the current climate condition
  • Figs. 9A-9C depict various implementations of operation 606 depicting presenting information indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device, according to embodiments.
  • operation 606 may include operation 902 depicting presenting a visual representation on a display of the particular device that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig.
  • FIG. 4A shows visual representation of continued agent, access to one or more particular device protected portions and stoppage of the one or more services presenting on a particular device output component module 402 presenting a visual representation (e.g., a notification graphic icon) on a display (e.g., a screen) of the particular device that the one or more services are completed and that the application (e.g., the wireless network strength analyzer) maintains access to the one or more protected portions of the particular device (e.g., a tablet device).
  • a visual representation e.g., a notification graphic icon
  • operation 902 may include operation 904 depicting presenting the visual representation on the display of the particular device that the one or more sendees are completed and that the application configured to provide the one or more services maintains access to a positioning sensor of a tablet device.
  • operation 904 depicting presenting the visual representation on the display of the particular device that the one or more sendees are completed and that the application configured to provide the one or more services maintains access to a positioning sensor of a tablet device.
  • Fig. 4 e.g., Fig.
  • FIG. 4A shows visual representation of continued agent access to a tablet device positioning sensor and stoppage of the one or more services presenting on a particular device output component module 404 presenting the visual representation (e.g., a stop sign with a representation of the sensor, e.g., the letters "GPS" for a positioning sensor, inside the stop sign)on the display of the particiilar device (e.g., a smartphone) that the one or more services are completed and that the application configured to provide the one or more services maintains access to a positioning sensor of a tablet device
  • the visual representation e.g., a stop sign with a representation of the sensor, e.g., the letters "GPS" for a positioning sensor, inside the stop sign
  • operation 904 may include operation 906 depicting presenting the visual representation on the display of the particular device that a child 's road trip assistance service is completed and that an application configured to provide the child's road trip assistance service maintains access to a positioning sensor of a tablet device.
  • Fig. 4 e.g., Fig. 4A
  • operation 606 may include operation 908 depicting presenting information, to a user of the device, indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig. 4A
  • module 408 presenting information, to a user of the device, indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • operation 606 may include operation 910 depicting presenting a notification that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig. 4A
  • the one or more services e.g., a public restroom finder service
  • operation 606 may include operation 912 depicting displaying, on the particular device, a notification that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • operation 912 depicting displaying, on the particular device, a notification that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig.
  • FIG. 4A shows visual notification of continued agent access to one or more particular device protected portions and stoppage of the one or more services displaying via the particular device module 412 displaying, on the particular device (e.g., a tablet device), a notification that the one or more services (e.g., a picture sorting into directories service) are completed and that, the application maintains access to the one or more protected portions (e.g., the image data of the pictures) of the particular device (e.g., the tablet device).
  • the particular device e.g., a tablet device
  • operation 912 may include operation 914 depicting displaying an icon on a screen of the particular device that indicates that the one or more services are completed and that, the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig.
  • FIG. 4A shows notification icon of continued agent access to one or more particular device protected portions and stoppage of the one or more services displaying via a particular device screen module 414 displaying an icon on a screen of the particular device (e.g., a laptop device) that indicates that the one or more services (e.g., a service designed to find concerts in a user's area based on the music played by the device and the device location) are completed and that the application maintains access to the one or more protected portions (e.g., titles of the songs stored on the user's device, and play frequency tracked by the device) of the particular device (e.g., the laptop computer).
  • the one or more services e.g., a service designed to find concerts in a user's area based on the music played by the device and the device location
  • the application maintains access to the one or more protected portions (e.g., titles of the songs stored on the user's device, and play frequency tracked by the device) of the particular device (e.g., the laptop computer).
  • operation 606 may include operation 916 depicting presenting a list of one or more applications that maintain access to the one or more protected portions of the particular device, and indicating which of the one or more applications has completed the one or more services.
  • Fig. 4 e.g..
  • Fig, 4B shows list of one or more agents that have continued agent access to one or more particular device protected portions and one or more indicators of one or more of the one or more agents that have stopped the one or more services presenting module 416 presenting a list of one or more applications (e.g., a picture enhancement service (e.g., redeye removal) and a picture facial recognition sendee) that maintain access to the one or more protected portions (e.g., the picture database) of the particular device (e.g., a tablet device), and indicating which of the one or more applications has completed the one or more services (e.g., enhancing one or more pictures and performing facial recognition on one or more pictures).
  • applications e.g., a picture enhancement service (e.g., redeye removal) and a picture facial recognition sendee
  • the particular device e.g., a tablet device
  • indicating which of the one or more applications has completed the one or more services e.g., enhancing one or more pictures and performing facial recognition on one or more
  • operation 606 may include operation 918 depicting generating a report, of one or more applications that, maintain access to the one or more protected portions of the particular device, wherein the report shows whether the application is accessing the one or more protected portions of the particular device to carry out the one or more services.
  • Fig. 4 e.g., Fig.
  • FIG. 4B shows report, describing continued agent access to one or more particular device protected portions and the report indicating whether the one or more sendees have been stopped obtaining module 418 generating a report of one or more applications (e.g., a contact locating service) that maintain access to the one or more protected portions (e.g., the device contact list) of the particular device (e.g., a user's cellular phone), wherein the report shows whether the application is accessing the one or more protected portions (e.g., the device contact list) of the particular device (e.g., the user ' s cellular telephone) to carry out the one or more services (e.g., identify whether any of the user's contacts are at a particular location).
  • applications e.g., a contact locating service
  • operation 606 may include operation 920 depicting instructing the partic ular device to indicate to a user of the device that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g.. Fig. 4B, shows instructing the particular device to present the indicator of continued agent access to one or more particular device protected portions and stoppage of the one or more sendees module 420 instructing (e.g., providing instructions, or setting a.
  • the particular device to indicate to a user of the device that the one or more services (e.g., a music categorize! service) are completed and that the application maintains access to the one or more protected portions of the particular device.
  • the one or more services e.g., a music categorize! service
  • operation 606 may include operation 922 depicting altering a presentation of the application to indicate that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig, 4B, shows altering an agent presentation to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 422 altering a.
  • presentation e.g., changing the appearance of, to the user
  • application e.g., graying out the selection as an option, or changing a color of the text when the icon is hovered over, or on a touchscreen, giving tactile feedback when the application is selected
  • presentation e.g., changing the appearance of, to the user
  • the application e.g., graying out the selection as an option, or changing a color of the text when the icon is hovered over, or on a touchscreen, giving tactile feedback when the application is selected
  • the particular device e.g., a tablet device
  • operation 922 may include operation 924 depicting changing a color of an icon associated with executio of the application, to indicate that the application maintains access to the one or more protected portions of the device.
  • Fig. 4 e.g., Fig. 4B
  • operation 922 may include operation 926 depicting configuring execution of the application to require one or more additional steps, to indicate to a user that the application maintains access to the one or more protected portions of the device.
  • operation 926 depicting configuring execution of the application to require one or more additional steps, to indicate to a user that the application maintains access to the one or more protected portions of the device.
  • Fig. 4 e.g., Fig.
  • FIG. 4B shows altering one or more steps to be carried out for a user to select an agent to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 426 configuring execution of the application (e.g., an application that performs a picture facial recognition service) to require one or more additional steps (e.g., clicking through an additional "are you sure you want to run this application” dialog box), to indicate to a user that the application maintains access to the one or more protected portions of the particular device (e.g., a tablet device).
  • the application e.g., an application that performs a picture facial recognition service
  • additional steps e.g., clicking through an additional "are you sure you want to run this application” dialog box
  • operation 926 may include operation 928 depicting configuring execution of the application to require the user to interact with the particular device an additional time in order to activate the application, to indicate to the user that the application maintains access to the one or more protected portions of the particular device.
  • operation 928 depicting configuring execution of the application to require the user to interact with the particular device an additional time in order to activate the application, to indicate to the user that the application maintains access to the one or more protected portions of the particular device.
  • FIG. 4 shows adding one or more steps required to be carried out by the user to select an agent, to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more services module 428 configuring execution of the application to require the user to interact with the particular device an additional time (e.g., clicking again, or dragging a pattern with a finger across a touchscreen) in order to activate the application (e.g., an exercise tracker application), to indicate to the user that the application maintains access to the one or more protected portions of the device.
  • the application e.g., an exercise tracker application
  • operation 606 may include operation 930 depicting changing a relative location within an operating system of one or more icons that represent the application, indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device.
  • Fig. 4 e.g., Fig.
  • FIG. 4B shows relative location within an operating system of an agent presentation altering to indicate continued agent access to one or more particular device protected portions and stoppage of the one or more sendees module 430 changing a relative location within an operating system (e.g., moving to a different window, or menu, or to a dedicated menu) of one or more icons that represent the application, indicating that the one or more services are completed and that the application maintains access to the one or more protected portions of the particular device (e.g., the tablet device).
  • Figs. 10A-10D depict various implementations of operation 608 depicting facilitating presentation of an option to discontinue the access of the application to the one or more protected portions of the particular device, according to embodiments.
  • operation 608 may include operation 1002 depicting instructing the particular device to present the option to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5, e.g., Fig. 5 A shows presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions device instruction module 502 instructing the particular device (e.g., a smartphone device) to present, the option to discontinue the access of the application (e.g., a friend location tracker) to the one or more protected portions (e.g., a Faeebook friend list, either stored locally on the phone device or retrieved from, a server) of the particular device (e.g., the smartphone device).
  • the particular device e.g., a smartphone device
  • operation 1002 may include operation 1004 depicting instructing the particular device to present the option to instruct the particular device to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5, e.g., Fig. 5A shows presentation of an optional choice for instructing a module of the particular device to discontinue agent access to the one or more particular device protected portions device instruction module 504 instructing the particular device (e.g., a laptop computing device) to present the option to instruct the particular device to discontinue the access of the application to the one or more protected portions (e.g., the web-cam) of the particular device (e.g., the laptop computing device).
  • the particular device e.g., a laptop computing device
  • operation 1004 may include operation 1004 may include operation 1006 instructing the particular device to present the option, selectable by a user of the dev ice, to instruct a portion of the particular device that controls access to the one or more protected portions of the particular device, to discontinue the access of the application to the one or more protected portions of the particular device.
  • operation 1006 instructing the particular device to present the option, selectable by a user of the dev ice, to instruct a portion of the particular device that controls access to the one or more protected portions of the particular device, to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • 5A shows presentation of an optional user-selectable choice for instructing a module of the particular device to discontinue agent access to the one or more particular device protected portions device instruction module 506 instructing the particular device to present the option, selectable by a user of the device, to instruct a portion of the particular device that controls access to the one or more protected portions (e.g., the positioning sensor) of the particular device, to discontinue the access of the application to the one or more protected portions of the particular device (e.g., a smartphone).
  • the one or more protected portions e.g., the positioning sensor
  • operation 608 may include operation 1008 depicting presenting an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5, e.g., Fig. 5A shows optional choice for discontinuation of agent access to the one or more particular device protected portions presenting module 508 presenting an option to discontinue the access of the application (e.g., the calorie tracker application) to the one or more protected portions of the particular device (e.g., a tablet device).
  • operation 1008 may include operation 1010 depicting presenting the option, to a portion of the particular device that controls access to the one or more protected portions of the particular device, to discontinue the access of the application to the one or more protected portions of the particular device.
  • operation 1010 depicting presenting the option, to a portion of the particular device that controls access to the one or more protected portions of the particular device, to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • FIG. 5 A shows optional choice for discontinuation of agent access to the one or more particular device protected portions presenting to a protected portion access control portion of the particular device module 5 0 presenting the option, to a portion of the particular device that, controls access to the one or more protected portions of the particular device (e.g., the device operating system, or the device kernel layer, or to a device hardware interface layer), to discontinue the access of the application (e.g., a voice synthesizer) to the one or more protected portions of the particular device (e.g., a smartphone).
  • the application e.g., a voice synthesizer
  • operation 608 may include operation 1012 depicting facilitating presentation of a setting configurable by a user of the particular device that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services.
  • operation 1012 depicting facilitating presentation of a setting configurable by a user of the particular device that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services.
  • Fig, 5B shows presentation of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 512 facilitating presentation of a setting (e.g., a menu setting facilitated by the operating system of the device) configurable by a user of the device that discontinues access of the application (e.g., a related-music finding service) to the one or more protected portions of the particular device (e.g., the homemade playlist section) after completion of the one or more services (e.g., after finding five related songs that it is calculated that the user might enjoy, based on the user's playlists.
  • a setting e.g., a menu setting facilitated by the operating system of the device
  • the application e.g., a related-music finding service
  • operation 608 may include operation 1014 depicting facilitating presentation of a setting configurable by a. user of the particular device, prior to operating the application, that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services.
  • operation 1014 depicting facilitating presentation of a setting configurable by a. user of the particular device, prior to operating the application, that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services.
  • FIG. 5B shows presentation, prior to agent operation, of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 514 facilitating presentation of a setting configurable by a user of the device (e.g., a physical switch, e.g., a soft key, or a hard-wired button, switch, key, knob, and the like) that controls access to a sensor, e.g., an image capturing sensor, or a positioning sensor), prior to operating the application (e.g., a picture facial recognition service) to the one or more protected portions (e.g., the image capturing sensor) of the particular device (e.g., a computer, smartphone, or tablet device) after completion of the one or more services.
  • a user of the device e.g., a physical switch, e.g., a soft key, or a hard-wired button, switch, key, knob, and the like
  • a sensor e.g., an
  • operation 608 may include operation 1016 depicting facilitating presentation of a setting configurable by a user of the particular device, prior to receiving the application on the particular device, that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services.
  • Fig, 5, e.g., Fig, 5B presentation, prior to agent acquisition, of an optional choice for a user setting that instructs the device to discontinue agent access to the one or more particular device protected portions facilitating module 516 facilitating presentation of a setting (e.g., a radio box that's checked in a "user options" screen of the device operating system) configurable by a user of the particular device (e.g., a tablet device), that discontinues access of the application to the one or more protected portions of the particular device after completion of the one or more services (e.g., a friend finder service).
  • a setting e.g., a radio box that's checked in a "user options" screen of the device operating system
  • a user of the particular device e.g., a tablet device
  • operation 608 may include operation 1018 facilitating presentation, to a user of the particular device, of an option to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • FIG. 5B shows presentation, to an entity related to the particular device, of an optional choice for discontinuation of agent access to the one or more particular device protected portions facilitation module 518 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces ), to a user of the particular device (e.g., a smartphone), of an option to discontinue the access of the application (e.g., a miles biked tracking application) to the one or more protected portions of the particular device (e.g., the smartphone).
  • a user of the particular device e.g., a smartphone
  • an option to discontinue the access of the application e.g., a miles biked tracking application
  • operation 608 may include operation 1020 depicting displaying a selectable option to discontinue the access of the application to the one or more protected portions of the particular device.
  • operation 1020 depicting displaying a selectable option to discontinue the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • 5C shows selectable choice for discontinuation of agent access to the one or more particular device protected portions displaying module 520 displaying a selectable option (e.g., speaking a verbal "would you like to discontinue access" to the user through the speaker, and waiting for a response from the user through the microphone) to discontinue the access of the application (e.g., miles run tracker) to the one or more protected portions (e.g., a positioning sensor) of the particular device (e.g., wearable smart clothes, e.g., a pair of socks that can track mileage and/or detect blisters forming).
  • a selectable option e.g., speaking a verbal "would you like to discontinue access" to the user through the speaker, and waiting for a response from the user through the microphone
  • the application e.g., miles run tracker
  • the particular device e.g., wearable smart clothes, e.g., a pair of socks that can track mileage and/or detect blisters forming.
  • operation 608 may include operation 1022 depicting discontinuing access of the application to the one or more protected portions of the particular device upon receipt of a selection of the option to discontinue access.
  • Fig. 5, e.g., Fig. 5C shows agent access to the one or more particular device protected portions terminating module 522 discontinuing access of the application (e.g., a glucose level monitor application) to the one or more protected portions of the particular device (e.g., the blood/sweat sampler of a probe taped to the body and attached to a smartphone) upon receipt of a selection of the option to discontinue access.
  • the application e.g., a glucose level monitor application
  • the particular device e.g., the blood/sweat sampler of a probe taped to the body and attached to a smartphone
  • operation 1020 may include operation 1024 depicting displaying a. selectable option to discontinue the access of more than one application, including the application that carried out the one or more services, to the one or more protected portions of the particular device.
  • operation 1024 depicting displaying a. selectable option to discontinue the access of more than one application, including the application that carried out the one or more services, to the one or more protected portions of the particular device.
  • Fig, 5 e.g...
  • Fig, 5C shows selectable choice for discontinuation of access of multiple agents, including the agent, to the one or more particular device protected portions displaying module 524 displaying a selectable option (e.g., displaying a dialog box with the text "would you like to discontinue access, Yes/No") of more than one application, including the application that carried out the one or more services (e.g., the ATM finding service), to the one or more protected portions (e.g., bank account information) of the particular device (e.g., an ATM interface device given out by the bank).
  • a selectable option e.g., displaying a dialog box with the text "would you like to discontinue access, Yes/No
  • the application that carried out the one or more services e.g., the ATM finding service
  • the one or more protected portions e.g., bank account information
  • operation 1022 may include operation 1026 depicting discontinuing access to an application class, that includes the application, to the one or more protected portions of the particular device, upon receipt, of the selection of the option to discontinue access.
  • an application class that includes the application
  • Fig. 5 e.g., Fig.
  • 5C shows class of one or more agents, including the agent, access to the one or more particular device protected portions terminating module 526 discontinuing access to an application class (e.g., "all applications made by Apple, Inc.,” or “all weight-loss applications,” or “all applications over fifty megabytes,” or “all applications designated by a user as security level five,” or “all applications designated by a device manufacturer as security level five,” or “all applications that access the positioning sensor,” or “all applications that, access the device contact list,” or “all applications that were acquired in the last fifty days,” and the like), that includes the application, to the one or more protected portions of the particular device, upon receipt of the selection of the option to discontinue access.
  • an application class e.g., "all applications made by Apple, Inc.,” or “all weight-loss applications,” or “all applications over fifty megabytes,” or “all applications designated by a user as security level five,” or “all applications designated by a device manufacturer as security level five,” or “all applications that access the positioning sensor,” or “all applications that,
  • operation 1022 may include operation 1 028 depicting discontinuing access of all applications present on the particular device, to the one or more protected portions of the particular device, upon receipt of the selection of the option to discontinue application access to the one or more protected portions of the particular device.
  • operation 1 028 depicting discontinuing access of all applications present on the particular device, to the one or more protected portions of the particular device, upon receipt of the selection of the option to discontinue application access to the one or more protected portions of the particular device.
  • 5C shows each of one or more agents access to the one or more particular device protected portions terminating module 528 discontinuing access of all applications present on the particular device (e.g., a tablet device) to the one or more protected portions (e.g., positioning sensor) of the particular device (e.g., the tablet device), upon receipt of the selection of the option to discontinue application access (e.g., access to the protected portion, e.g., the positioning sensor).
  • the particular device e.g., a tablet device
  • protected portions e.g., positioning sensor
  • operation 608 may include operation 1030 depicting facilitating presentation of an option to disable the application, thereby discontinuing the access of the application to the one or more protected portions of the particular device.
  • operation 1030 depicting facilitating presentation of an option to disable the application, thereby discontinuing the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • 5C shows presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions by disabling the agent facilitation module 530 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an optio to disable (e.g., prevent a user or another application or component of the device from operating) the application (e.g., a 4G network speed measuring application) to the one or more protected portions (e.g., a 4G radio ) of the particular device (e.g., a pair of augmented-rea!ity glasses).
  • the application e.g., a 4G network speed measuring application
  • operation 608 may include operation 1032 depicting facilitating presentation of an option to remove the application, thereby discontinuing the access of the application to the one or more protected portions of the particular device.
  • operation 1032 depicting facilitating presentation of an option to remove the application, thereby discontinuing the access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • FIG. 5C shows presentation of an optional choice for discontinuation of agent access to the one or more particular device protected portions by removing the agent facilitation module 532 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to remove the application (e.g., remove the application from memory, or remove one or more links and/or pointers to the application's place in memory), thereby discontinuing the access of the application to the one or more protected portions (e.g., the speaker output) of the particular device (e.g., a smartphone).
  • the agent facilitation module 532 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to remove the application (e.g., remove the application from memory, or remove one or more links and/or pointers to the application's place in memory), thereby discontinuing the access
  • operation 608 may include operation 1034 depicting facilitating presentation of an option to implement one or more limitations regarding access of the application to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig. 5D
  • presentation of an optional choice for establishing limitations for agent access to the one or more particular device protected portions facilitation module 534 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any
  • operation 1034 may include operation 1036 depicting facilitating presentation of an option to require a grant of access to the one or more protected portions of the particular device when the application attempts to access the one or more protected portions of the particular device.
  • operation 1036 depicting facilitating presentation of an option to require a grant of access to the one or more protected portions of the particular device when the application attempts to access the one or more protected portions of the particular device.
  • Fig. 5 e.g.. Fig.
  • 5D shows presentation of an optional choice for requiring explicit grant of access for reestablishrnent of agent access to the one or more particular device protected portions facilitation module 536 facilitating (e.g., performing one or more actions that, assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to require a grant of access (e.g., an action that results in changing an access level to a level that permits access) to the one or more protected portions (e.g., a barometer) of the particular de vice (e.g., a home weather station) when the application (e.g., a garden planning application) attempts to access the one or more protected portions of the particular device (e.g., the home weather station).
  • a grant of access e.g., an action that results in changing an access level to a level that permits access
  • the one or more protected portions e.g., a barometer
  • the application e.g., a garden planning application
  • operation 1034 may include operation 1038 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device.
  • operation 1038 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • 5D shows presentation of an optional choice for setting a limit on a number of times the agent is permitted to reestablish access to the one or more particular device protected portions facilitation module 538 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device (e.g., a tablet, device).
  • facilitating e.g., performing one or more actions that assist in the execution or completion of
  • presentation e.g., show, through any combination of visual and non-visual interfaces
  • operation 1038 may include operation 1040 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device during a particular time period.
  • operation 1040 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device during a particular time period.
  • Fig. 5 e.g.. Fig.
  • 5 ⁇ shows presentation of an optional choice for setting a limit on a number of times during a particular time period that the agent is permitted to reestablish access to the one or more particular device protected portions facilitation module 540 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to limit a number of times that the application (e.g., an exercise tracker) is permitted to access the one or more protected portions (e.g., stored calorie-burning data) of the particular device during a particular time period (e.g., during a time period that the user designates as workout time).
  • the application e.g., an exercise tracker
  • operation 1034 may include operation 1042 depicting facilitating presentation of an option to set one or more conditions regarding when the application is permitted to access the one or more protected portions of the particular device.
  • operation 1042 depicting facilitating presentation of an option to set one or more conditions regarding when the application is permitted to access the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • one or more conditions e.g., position data can only be accessed when the device is traveling over 30 miles per hour, e.g., indicating that the device is in a motor vehicle
  • the application is permitted to access the one or more protected portions (e.g., position data) of the particular device (e.g.,
  • operation 1042 may include operation 1044 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device when the particular device is located at a particular location.
  • operation 1044 depicting facilitating presentation of an option to limit a number of times that the application is permitted to access the one or more protected portions of the particular device when the particular device is located at a particular location.
  • Fig. 5 e.g., Fig.
  • 5D shows presentation of an optional choice for establishing a particular location as a prerequisite condition for allowing reestablisliment of agent access to the one or more particular device protected portions facilitation module 544 facilitating (e.g., performing one or more actions that assist in the execution or completion of) presentation (e.g., show, through any combination of visual and non-visual interfaces) of an option to limit a number of times that the application (e.g., an open wireless network detector) is permitted to access the one or more protected portions (e.g., a wireless radio) of the particular device (e.g., a portable hotspot device, or a cellular telephone device with a Wi-Fi radio) when the particular device is located at a particular location (e.g., Times Square).
  • the application e.g., an open wireless network detector
  • operation 608 may include operation 1046 depicting facilitating presentation of an option to require the application to anonymize data retrieved from the one or more protected portions of the particular device, in order to maintain access to the one or more protected portions of the particular device.
  • operation 1046 depicting facilitating presentation of an option to require the application to anonymize data retrieved from the one or more protected portions of the particular device, in order to maintain access to the one or more protected portions of the particular device.
  • Fig. 5 e.g., Fig.
  • 5D shows presentation of an optional choice for requiring an anonymization of data used for continued agent access to the one or more particular device protected portions facilitation module 546 facilitating presentation (e.g., taking one or more steps (e.g., actions, subroutines, physical changes, and the like) to assist in the carrying out of) of an option to require the application to anonymize (e.g., obscure, remove, alter, and the like an origin of) data retrieved from the one or more protected portions (e.g., positioning sensor data) of the particular device (e.g., a smartphone), in order to maintain access (e.g., without anonymization, access would be cut off) to the one or more protected portions of the particular device).
  • steps e.g., actions, subroutines, physical changes, and the like
  • trademarks e.g., a word, letter, symbol, or device adopted by one manufacturer or merchant and used to identify and/or distinguish his or her product from those of others.
  • Trademark names used herein are set forth in such language that makes clear their identity, that distinguishes them from common descriptive nouns, that have fixed and definite meanings, or, in many if not all cases, are accompanied by other specific identification using terms not covered by trademark.
  • trademark names used herein have meanings that are well- known and defined in the literature, or do not refer to products or compounds for which knowledge of one or more trade secrets is required in order to divine their meaning.
  • trademarks referenced in this appl ication are the property of their respective owners, and the appearance of one or more trademarks in this application does not diminish or otherwise adversely affect, the validity of the one or more trademarks. All trademarks, registered or unregistered, that appear in this application are assumed to include a proper trademark symbol, e.g., the circle R or bracketed capitalization (e.g., [trademark name]), even when such trademark symbol does not explicitly appear next to the trademark. To the extent, a trademark is used in a descriptive manner to refer to a product or process, that trademark should be interpreted, to represent the corresponding prod ct or process as of the date of the filing of this patent application,

Abstract

L'invention concerne des systèmes et des procédés implémentés de manière informatique comprenant les étapes consistant à acquérir des données concernant une application conçue pour accéder à au moins une partie protégée d'un dispositif donné, ladite application étant conçue pour fournir au moins un service, détecter que l'application a terminé au moins un service parmi lesdits services et que l'application maintient l'accès à l'au moins une partie protégée du dispositif donné, présenter des informations indiquant que l'au moins un service est terminé et que l'application maintient l'accès à l'au moins une partie protégée du dispositif donné, et des circuits pour faciliter la présentation d'une option pour interrompre l'accès de l'application à l'au moins une partie protégée du dispositif donné. En plus de ce qui précède, d'autres aspects sont décrits dans les revendications, les dessins et le texte.
PCT/US2014/019562 2013-02-28 2014-02-28 Gestion de données et/ou de services destinés à des dispositifs WO2014134516A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP14757393.5A EP2962211A4 (fr) 2013-02-28 2014-02-28 Gestion de données et/ou de services destinés à des dispositifs
CN201480024191.3A CN105190590B (zh) 2013-02-28 2014-02-28 用于管理数据的方法和系统和/或用于设备的服务

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US13/781,456 2013-02-28
US13/781,194 US10216957B2 (en) 2012-11-26 2013-02-28 Methods and systems for managing data and/or services for devices
US13/781,194 2013-02-28
US13/781,456 US20140123325A1 (en) 2012-11-26 2013-02-28 Methods and systems for managing data and/or services for devices

Publications (1)

Publication Number Publication Date
WO2014134516A1 true WO2014134516A1 (fr) 2014-09-04

Family

ID=51428860

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2014/019562 WO2014134516A1 (fr) 2013-02-28 2014-02-28 Gestion de données et/ou de services destinés à des dispositifs

Country Status (3)

Country Link
EP (1) EP2962211A4 (fr)
CN (1) CN105190590B (fr)
WO (1) WO2014134516A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190263339A1 (en) * 2018-02-23 2019-08-29 The Boeing Company Sensing systems and methods

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105785957B (zh) * 2016-04-29 2019-06-28 广东美的制冷设备有限公司 一种物联网家电控制方法、装置、系统及路由器
DK201670581A1 (en) * 2016-06-12 2018-01-08 Apple Inc Device-level authorization for viewing content
US11966560B2 (en) 2016-10-26 2024-04-23 Apple Inc. User interfaces for browsing content from multiple content applications on an electronic device
CN107491538B (zh) * 2017-08-23 2021-01-29 成都安恒信息技术有限公司 一种db2数据库的存储过程命令及参数值提取方法
US10721360B2 (en) * 2017-10-25 2020-07-21 Idriss YOUSFI Method and device for reducing telephone call costs
JP7202916B2 (ja) * 2019-02-08 2023-01-12 シャープ株式会社 音声出力装置、電気機器
CN113906419A (zh) 2019-03-24 2022-01-07 苹果公司 用于媒体浏览应用程序的用户界面
CN111562951B (zh) * 2020-05-11 2022-05-03 电子科技大学 一种雷达应用组件服务化实现方法
US11934640B2 (en) 2021-01-29 2024-03-19 Apple Inc. User interfaces for record labels
CN113032491B (zh) * 2021-04-07 2023-01-06 工银科技有限公司 实现静态数据同步的方法、装置、电子设备及介质
CN114912122A (zh) * 2022-05-27 2022-08-16 国家计算机网络与信息安全管理中心 一种基于双向推理的固件接口变量追踪方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060010047A1 (en) * 2004-07-06 2006-01-12 Oculus Inc Sarbanes-Oxley Anonymous Reporting System
US20070232268A1 (en) * 2006-04-03 2007-10-04 Samsung Electronics, Co., Ltd. Apparatus for restricting access to application module in mobile wireless device and method of restricting access to application module using the same
US20120096080A1 (en) * 2006-06-16 2012-04-19 Michel Levesque Method for activating and deactivating client-side services from a remote server

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1412879B1 (fr) * 2001-06-29 2012-05-30 Secure Systems Limited Procede et systeme de securite pour ordinateurs
CN101002180B (zh) * 2004-07-30 2012-09-05 捷讯研究有限公司 用于协调客户和主机安全模块的方法和系统
US7873957B2 (en) * 2006-07-27 2011-01-18 Microsoft Corporation Minimizing user disruption during modification operations
US8555335B2 (en) * 2006-11-01 2013-10-08 Microsoft Corporation Securing distributed application information delivery
US8949421B2 (en) * 2009-07-29 2015-02-03 Teradata Us, Inc. Techniques for discovering database connectivity leaks

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060010047A1 (en) * 2004-07-06 2006-01-12 Oculus Inc Sarbanes-Oxley Anonymous Reporting System
US20070232268A1 (en) * 2006-04-03 2007-10-04 Samsung Electronics, Co., Ltd. Apparatus for restricting access to application module in mobile wireless device and method of restricting access to application module using the same
US20120096080A1 (en) * 2006-06-16 2012-04-19 Michel Levesque Method for activating and deactivating client-side services from a remote server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP2962211A4 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190263339A1 (en) * 2018-02-23 2019-08-29 The Boeing Company Sensing systems and methods
US11867533B2 (en) * 2018-02-23 2024-01-09 The Boeing Company Sensing systems and methods

Also Published As

Publication number Publication date
EP2962211A4 (fr) 2016-11-16
EP2962211A1 (fr) 2016-01-06
CN105190590A (zh) 2015-12-23
CN105190590B (zh) 2019-04-19

Similar Documents

Publication Publication Date Title
US10216957B2 (en) Methods and systems for managing data and/or services for devices
EP2962211A1 (fr) Gestion de données et/ou de services destinés à des dispositifs
US9626503B2 (en) Methods and systems for managing services and device data
US9749206B2 (en) Methods and systems for monitoring and/or managing device data
US9619497B2 (en) Methods and systems for managing one or more services and/or device data
US9736004B2 (en) Methods and systems for managing device data
US20140123308A1 (en) Methods and systems for managing data and/or services for devices
KR102347562B1 (ko) 보안 제어 방법 및 컴퓨터 시스템
US10375105B2 (en) Blockchain web browser interface
US8484721B2 (en) Locked-down computing environment
US11647086B2 (en) System and method for maintaining user session continuity across multiple devices and/or multiple platforms
US9262646B1 (en) Systems and methods for managing web browser histories
US11062129B2 (en) Systems and methods for enabling search services to highlight documents
CN107408115A (zh) web站点访问控制
US9292678B2 (en) Unlocking a computing device via images
US10341858B1 (en) Systems and methods for obscuring user location
US10839066B1 (en) Distinguishing human from machine input using an animation
US9842219B1 (en) Systems and methods for curating file clusters for security analyses
US20200169528A1 (en) Device identification and reconfiguration in a network
CN113206855B (zh) 数据访问异常的检测方法、装置、电子设备及存储介质
US20190220485A1 (en) Methods and Systems for Managing Data
US20230421576A1 (en) Highly collaborative deceptive network alliance
Zhang EARLY DETECTION OF INTRUSIONS AND MALWARE FOR LINUX BASED SYSTEMS
Richmond COMPUTER OPERATING SYSTEM
Bettany et al. Manually removing malware

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 201480024191.3

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14757393

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2014757393

Country of ref document: EP