公开(公告)号：US10735964B2

公开(公告)日：2020-08-04

申请号：US15218776

申请日：2016-07-25

Applicant: BlackBerry Limited

Inventor： Christopher Lyle Bender ,  Graham Russell ,  Natalie Michelle Silvanovich

IPC: G06F15/173 ,  H04W12/08 ,  H04L29/06 ,  H04L29/08 ,  H04W76/14 ,  H04W84/12

Abstract: In some implementations, a method includes receiving, from a user of a first device, a request to enable access, through a second device, to a server resource account of an enterprise. The first device includes a first enterprise perimeter including an internal resource and a first enterprise identifier and configured to prevent external resources from accessing the internal resource. A request is wirelessly transmit, to the second device, to the second device for a second enterprise identifier assigned to a second enterprise perimeter included in the second device. Whether to grant access to the internal resource is determined based on a first enterprise identifier assigned to the first device and a second enterprise identifier assigned to the second device.

公开(公告)号：US10318764B2

公开(公告)日：2019-06-11

申请号：US15193614

申请日：2016-06-27

Applicant: BlackBerry Limited

Inventor： Michael Kenneth Brown ,  Christopher Lyle Bender ,  Herbert Anthony Little ,  Michael Stephen Brown

IPC: G06F21/62 ,  G06F3/0481 ,  G06F3/0482 ,  H04W12/08

Abstract: A method for differentiated access control on a computing device having a connection with a second device, the method checking whether a timer has expired on the second device or if a connection is lost to the second device; and preventing at least one of the plurality of application subsets from being launched or enabled if the timer has expired on the second device or the connection is lost to the second device.

公开(公告)号：US09531731B2

公开(公告)日：2016-12-27

申请号：US14867517

申请日：2015-09-28

Applicant: BlackBerry Limited

Inventor： Christopher Lyle Bender ,  Herbert Anthony Little ,  Michael Kenneth Brown ,  Michael Stephen Brown

IPC: G06F21/12 ,  H04W12/08 ,  H04L29/06 ,  G06F21/62 ,  G06F21/60 ,  G06F21/53 ,  H04W88/02

CPC classification number: H04L63/105 ,  G06F21/121 ,  G06F21/53 ,  G06F21/60 ,  G06F21/629 ,  H04L63/20 ,  H04W12/08 ,  H04W88/02

Abstract: A method, device and system for establishing plural modes of operation on a mobile device, including: associating each application on the mobile device with one of a plurality of modes; and restricting access to data on the mobile device to only a subset of applications based on the mode associated for the each application. A system includes connection of an untrusted device to a trusted device and restricting data access for restricted data to a subset of trusted applications on the untrusted device.

公开(公告)号：US20140373155A1

公开(公告)日：2014-12-18

申请号：US14473485

申请日：2014-08-29

Applicant: BlackBerry Limited

Inventor： Oliver Whitehouse ,  Michael Grant Kirkup ,  Christopher Lyle Bender ,  MIchael Kenneth Brown

IPC: H04L29/06 ,  G06F21/56

CPC classification number: H04L63/145 ,  G06F21/53 ,  G06F21/56 ,  H04L63/14

Abstract: Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

Abstract translation: 公开了用于减轻恶意软件应用的影响的方法和系统。 计算设备上的专用模块从恶意软件检测器接收指示该应用是恶意的还是具有恶意组件的消息。 专用模块获得要授予应用程序的一组权限，并指示控制应用程序权限的计算设备上的软件授予该权限集。

公开(公告)号：USRE49194E1

公开(公告)日：2022-08-30

申请号：US15982921

申请日：2018-05-17

Applicant: BLACKBERRY LIMITED

Inventor： Roger Paul Bowman ,  Sivakumar Nagarajan ,  Christopher Lyle Bender ,  Timothy Lee Segato

IPC: G06F12/14 ,  G06F21/60 ,  G11B20/00

Abstract: A method and apparatus for controlling access to encrypted data is provided. The device comprises: a processor and a memory, the processor configured to: control access to encrypted data, stored at the memory, the encrypted data categorized according to a plurality of categories, using a respective encryption key for each category in the plurality of categories; and, control access to a given encryption key according to given criteria associated with a given category, respective criteria different for each respective category, access to the given encryption key including one or more of, when the respective criteria are met, generating the given encryption key and decrypting the given encryption key.

公开(公告)号：US10791413B2

公开(公告)日：2020-09-29

申请号：US16376682

申请日：2019-04-05

Applicant: BlackBerry Limited

Inventor： Christopher Lyle Bender ,  Michael Grant Kirkup ,  Michael Kenneth Brown ,  Radu Alexandru Manea ,  Brian Alexander Zubert

IPC: H04W4/02 ,  H04L29/08 ,  H04M1/725 ,  H04W4/029 ,  G06F21/55 ,  G06F21/62 ,  H04W48/14 ,  G08B5/36 ,  H04M3/42 ,  H04M1/663 ,  H04W12/08 ,  H04W12/00

Abstract: A communication device includes a display screen upon which information is displayed. A microprocessor configured to execute at least one notification program is provided that displays a notification descriptive of an access control request on the display screen. The at least one notification program is programmed to receive data indicative of an access control request and to receive data descriptive of the access control request. Additionally, the at least one notification program is further programmed to display a notification indicative of the access control request and comprising an explanation of the access control request based on the received descriptive data.

公开(公告)号：US10292007B2

公开(公告)日：2019-05-14

申请号：US15845489

申请日：2017-12-18

Applicant: BlackBerry Limited

Inventor： Christopher Lyle Bender ,  Michael Grant Kirkup ,  Michael Kenneth Brown ,  Radu Alexandru Manea ,  Brian Alexander Zubert

IPC: H04W24/00 ,  H04W4/02 ,  H04L29/08 ,  H04M1/725 ,  G06F21/55 ,  G06F21/62 ,  H04W48/14 ,  G08B5/36 ,  H04M3/42 ,  H04M1/663 ,  H04W12/08

Abstract: A communication device includes a display screen upon which information is displayed. A microprocessor configured to execute at least one notification program is provided that displays a notification descriptive of an access control request on the display screen. The at least one notification program is programmed to receive data indicative of an access control request and to receive data descriptive of the access control request. Additionally, the at least one notification program is further programmed to display a notification indicative of the access control request and comprising an explanation of the access control request based on the received descriptive data.

公开(公告)号：US20160373452A1

公开(公告)日：2016-12-22

申请号：US15180911

申请日：2016-06-13

Applicant: BlackBerry Limited

Inventor： Christopher RYERSON ,  Christopher Lyle Bender ,  Michael Thomas Winkler ,  David Bukurak ,  Benjamin Altman

IPC: H04L29/06 ,  H04L12/911

CPC classification number: H04L63/101 ,  H04L47/70 ,  H04L63/08 ,  H04L63/10 ,  H04W12/08

Abstract: Some aspects of what is described here relate to managing the use of network resources on a mobile device. User input received at the device indicates whether to allow an application associated with a first perimeter on the device to access a network resource associated with a second perimeter on the device. For example, in some instances user input may indicate whether to allow data from applications associated with a personal perimeter on the device to be transmitted over an enterprise communication system. When outbound data associated with the first perimeter are received, the device determines, according to the indication from the user input, whether to route the outbound data to the network resource associated with the second perimeter.

Abstract translation: 这里描述的一些方面涉及管理移动设备上的网络资源的使用。 在设备处接收到的用户输入指示是否允许与设备上的第一周边相关联的应用访问与设备上的第二周边相关联的网络资源。 例如，在某些情况下，用户输入可以指示是否允许来自与设备上的个人周边相关联的应用的数据通过企业通信系统传输。 当接收到与第一周边相关联的出站数据时，设备根据用户输入的指示确定是否将出站数据路由到与第二周边相关联的网络资源。

公开(公告)号：US09384342B2

公开(公告)日：2016-07-05

申请号：US13891627

申请日：2013-05-10

Applicant: BLACKBERRY LIMITED

Inventor： Jeremy L. Kominar ,  Neil Patrick Adams ,  Alexander Truskovsky ,  Christopher Lyle Bender ,  Daryl Joseph Martin

IPC: G06F21/00 ,  G06F21/45

CPC classification number: G06F21/45

Abstract: Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.

Abstract translation: 本文公开了用于提供与要存储在计算设备上的凭证存储器中的凭证相关联的警告的方法和设备。 在一个广泛的方面，该方法包括接收在证书存储器中存储用于指定服务的至少一个凭证的请求，确定计算设备和指定服务之间的安全连接是否可用，将指定的服务与 基于安全连接的可用性或安全连接的一个或多个属性中的至少一个的安全级别，以及响应于确定存储在凭证存储库中的至少一个凭证对应于至少一个凭证而提供警告 用于指定的服务，并且用于与指定服务相关联的安全级别不同的安全级别相关联的服务。

公开(公告)号：US20140149739A1

公开(公告)日：2014-05-29

申请号：US14171389

申请日：2014-02-03

Applicant: BlackBerry Limited

Inventor： Robert Henderson Wood ,  Roger Paul Bowman ,  Christopher Lyle Bender ,  Ian Michael Robertson ,  Casey Jonathan Vandeputte

IPC: H04L9/32 ,  H04W12/06 ,  H04L29/06

CPC classification number: H04L9/3263 ,  H04L63/0823 ,  H04W12/06

Abstract: A mobile communications device having a digital certificate authenticating the device itself is proposed. A server for authenticating the device and a method of authenticating the device are also disclosed. The device comprises a transmitter, a processor, a memory and a computer readable medium. The memory includes a certificate certifying the authenticity of the mobile communications device, the certificate comprising device-specific data and a digital signature signed by an authority having control of the authenticity of the mobile communications device. The computer readable medium has computer readable instructions stored thereon that when executed configure the processor to instruct the transmitter to transmit a copy of the certificate to a service provider in response to a request to authenticate the mobile communications device with the service provider.

Abstract translation: 提出了具有认证该设备本身的数字证书的移动通信设备。 还公开了用于认证设备的服务器和认证设备的方法。 该装置包括发射器，处理器，存储器和计算机可读介质。 存储器包括证明移动通信设备的真实性的证书，该证书包括设备专用数据和由具有移动通信设备的真实性的控制权限的机构签名的数字签名。 计算机可读介质具有存储在其上的计算机可读指令，当执行时，响应于向服务提供商认证移动通信设备的请求，配置处理器以指示发送器将证书的副本发送给服务提供商。