System and method for managing application program access to a protected resource residing on a mobile device

摘要

A computer-implemented method for managing application program access to a protected resource residing on a mobile device is provided. The method includes receiving from an application program a request for a permission to access the protected resource, and receiving from a source external to the mobile device an authentication of the application program. An authorization to provide the permission to access the protected resource is received and permission to access the protected resource is provided to the application program in response to receiving the authorization. Data produced by the protected resource is cryptographically signed, and a notification is generated in response to at least one of the application program requesting the permission to access the protected resource and the application program accessing the protected resource. A system for managing application program access to a protected resource residing on a mobile device is further provided.

主权项

1. A computer-implemented method for managing application program access to a protected resource residing on a mobile device, the method performed by at least one network-connectable server, the method comprising:
associating a user identifier with a user account corresponding to identifying information of a user corresponding to the mobile device; receiving from an application residing on the mobile device via a network a request for the user identifier of the user via a module residing on the mobile device, the module separating an application program interface (API) layer for enabling the application from a protected resource layer comprising the protected resource on the mobile device; receiving from the user by redirection of a user agent by the module an identifier request authorization to provide the user identifier to the application; redirecting the user agent back to the module; providing the user identifier to the application via the module in response to receiving the identifier request authorization; receiving a request via the module for an authorization to provide the application permission to access a protected resource of the particular mobile device associated with the user identifier; receiving via the mobile device a resource access authorization from the user to transmit the authorization to provide the application permission to access the protected resource of the particular mobile device; and providing the authorization via the module to provide the application permission to access the protected resource of the particular mobile device responsive to receiving the resource access authorization from the user.