Patents by Inventor Richard L. Hagy
Richard L. Hagy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230259548Abstract: Described herein are techniques to enable limited access to a photos library by enabling application specific virtual photo libraries. When an application requests access to the photos library, the user can select an option to enable or configure a virtual photos library, and then select specific assets (e.g., photos, videos) within the photos library to be selected for inclusion into an application specific virtual photos library.Type: ApplicationFiled: April 3, 2023Publication date: August 17, 2023Inventors: Matthew J. DICKOFF, Jessica ARANDA, Patrick COFFMAN, Richard L. HAGY, Stephen J. RHEE, Nicole R. RYAN, Adam C. SWIFT, Gavin B. THOMSON, Brandon J. VAN RYSWYK
-
Patent number: 11620329Abstract: Described herein are techniques to enable limited access to a photos library by enabling application specific virtual photo libraries. When an application requests access to the photos library, the user can select an option to enable or configure a virtual photos library, and then select specific assets (e.g., photos, videos) within the photos library to be selected for inclusion into an application specific virtual photos library.Type: GrantFiled: February 23, 2021Date of Patent: April 4, 2023Assignee: Apple Inc.Inventors: Matthew J. Dickoff, Jessica Aranda, Patrick Coffman, Richard L. Hagy, Stephen J. Rhee, Nicole R. Ryan, Adam C. Swift, Gavin B. Thomson, Brandon J. Van Ryswyk
-
Patent number: 11514157Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.Type: GrantFiled: April 20, 2020Date of Patent: November 29, 2022Assignee: Apple Inc.Inventors: Andrew S. Terry, Kelly B. Yancey, Pierre-Olivier J. Martel, Richard L. Hagy, Timothy P. Hannon, Alastair K. Fettes
-
Patent number: 11487890Abstract: This disclosure relates to systems, methods, and computer-readable media for identifying an asset privacy management trigger on an end-user device related to a third-party application. In response to identifying the asset privacy management trigger, a privacy selection interface to enable a user to select a limited asset access option is displayed. In response to the limited asset access option being selected, an asset selection interface is displayed, where the asset selection interface is configured to define a sub-set of assets of the end-user device as authorized for the third-party application based on user selection. In response to a subsequent request to access assets of the end-user device by the third-party application, the third-party application is able to access only the defined sub-set of assets. For different third-party applications or scenarios, the asset privacy management triggers and asset sub-set definitions may vary.Type: GrantFiled: June 19, 2020Date of Patent: November 1, 2022Assignee: Apple Inc.Inventors: Gavin B. Thomson, Richard L. Hagy, Patrick Coffman
-
Publication number: 20210397728Abstract: This disclosure relates to systems, methods, and computer-readable media for identifying an asset privacy management trigger on an end-user device related to a third-party application. In response to identifying the asset privacy management trigger, a privacy selection interface to enable a user to select a limited asset access option is displayed. In response to the limited asset access option being selected, an asset selection interface is displayed, where the asset selection interface is configured to define a sub-set of assets of the end-user device as authorized for the third-party application based on user selection. In response to a subsequent request to access assets of the end-user device by the third-party application, the third-party application is able to access only the defined sub-set of assets. For different third-party applications or scenarios, the asset privacy management triggers and asset sub-set definitions may vary.Type: ApplicationFiled: June 19, 2020Publication date: December 23, 2021Inventors: Gavin B. Thomson, Richard L. Hagy, Patrick Coffman
-
Publication number: 20210397647Abstract: Described herein are techniques to enable limited access to a photos library by enabling application specific virtual photo libraries. When an application requests access to the photos library, the user can select an option to enable or configure a virtual photos library, and then select specific assets (e.g., photos, videos) within the photos library to be selected for inclusion into an application specific virtual photos library.Type: ApplicationFiled: February 23, 2021Publication date: December 23, 2021Inventors: Matthew J. Dickoff, Jessica Aranda, Patrick Coffman, Richard L. Hagy, Stephen J. Rhee, Nicole R. Ryan, Adam C. Swift, Gavin B. Thomson, Brandon J. Van Ryswyk
-
Patent number: 11055438Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.Type: GrantFiled: March 4, 2016Date of Patent: July 6, 2021Assignee: Apple Inc.Inventors: Ivan Krstic, Austin G. Jennings, Richard L. Hagy
-
Patent number: 11017109Abstract: Embodiments described herein provide techniques to limit programmatic access to privacy related user data and system resources for applications that execute outside of a sandbox or other restricted operating environment while enabling a user to grant additional access to those applications via prompts presented to the user via a graphical interface. In a further embodiment, techniques are applied to limit the frequency in which a user is prompted by learning the types of files or resources to which a user is likely to permit or deny access.Type: GrantFiled: May 6, 2019Date of Patent: May 25, 2021Assignee: Apple Inc.Inventors: Kelly B. Yancey, Richard J. Cooper, Richard L. Hagy, Pierre-Olivier Martel, David P. Remahl, Jonathan A. Zdziarski
-
Publication number: 20200265157Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.Type: ApplicationFiled: April 20, 2020Publication date: August 20, 2020Inventors: Andrew S. TERRY, Kelly B. YANCEY, Pierre-Olivier J. MARTEL, Richard L. HAGY, Timothy P. HANNON, Alastair K. FETTES
-
Patent number: 10628580Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.Type: GrantFiled: September 22, 2016Date of Patent: April 21, 2020Assignee: APPLE INC.Inventors: Andrew S. Terry, Kelly B. Yancey, Pierre-Olivier J. Martel, Richard L. Hagy, Timothy P. Hannon, Alastair K. Fettes
-
Patent number: 10216928Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.Type: GrantFiled: July 28, 2017Date of Patent: February 26, 2019Assignee: Apple Inc.Inventors: Pierre-Olivier J. Martel, Kelly B. Yancey, Richard L. Hagy
-
Patent number: 10019598Abstract: When an application is launched, a framework scanning module scans a plurality of frameworks linked against by the application to generate a list of available services. When the application makes a request of a particular service, a service verification module compares the requested service to the list of available services and if the requested service is found in the list of available services, sends a signal to the application, the signal allowing access to the requested service for the application. Otherwise, access to the requested service is denied.Type: GrantFiled: September 30, 2015Date of Patent: July 10, 2018Assignee: Apple Inc.Inventors: Kevin J. Van Vechten, Damien Pascal Sorresso, Richard L. Hagy, Ivan Krstic
-
Publication number: 20180012017Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.Type: ApplicationFiled: July 28, 2017Publication date: January 11, 2018Inventors: Pierre-Olivier J. Martel, Kelly B. Yancey, Richard L. Hagy
-
Patent number: 9734327Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.Type: GrantFiled: May 23, 2016Date of Patent: August 15, 2017Assignee: Apple Inc.Inventors: Pierre-Olivier J Martel, Kelly B. Yancey, Richard L. Hagy
-
Publication number: 20170199883Abstract: Some embodiments provide a method for a device having multiple users. The method identifies a process installed on the device that requires an isolated storage in a file system of the device. For each of a set of the users of the electronic device, the method assigns at least one container for use by the process within a user-specific section of the file system. The containers assigned to the process in a section of the file system specific to a particular user are only accessible by the process when the particular user is logged into the device. The method assigns at least one container for use by the process within a non-user-specific section of the file system. The containers assigned to the process within the non-user-specific section of the file system are accessible by the process irrespective of which user is logged into the device.Type: ApplicationFiled: September 22, 2016Publication date: July 13, 2017Inventors: Andrew S. Terry, Kelly B. Yancey, Pierre-Olivier J. Martel, Richard L. Hagy, Timothy P. Hannon, Alastair K. Fettes
-
Publication number: 20170053113Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.Type: ApplicationFiled: May 23, 2016Publication date: February 23, 2017Inventors: Pierre-Olivier J. Martel, Kelly B. Yancey, Richard L. Hagy
-
Publication number: 20160321471Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.Type: ApplicationFiled: March 4, 2016Publication date: November 3, 2016Inventors: Ivan Krstic, Austin G. Jennings, Richard L. Hagy
-
Patent number: 9361454Abstract: In response to a request for launching an application within an operating system of a data processing system, one or more extended entitlements are extracted from the application, where the one or more extended entitlements specify one or more resources the application is entitled to access. One or more security profile extensions corresponding to the one or more extended entitlements are dynamically generated. A security profile specifically for the application is created based on the one or more security profile extensions and a base security profile that has been previously compiled, where the base security profile specifies a list of a plurality of base resources. The application is then launched in a sandboxed operating environment that is configured based on the security profile specifically generated for the application.Type: GrantFiled: May 30, 2014Date of Patent: June 7, 2016Assignee: Apple Inc.Inventors: Pierre-Olivier J. Martel, Kelly B. Yancey, Richard L. Hagy
-
Publication number: 20160125194Abstract: When an application is launched, a framework scanning module scans a plurality of frameworks linked against by the application to generate a list of available services. When the application makes a request of a particular service, a service verification module compares the requested service to the list of available services and if the requested service is found in the list of available services, sends a signal to the application, the signal allowing access to the requested service for the application. Otherwise, access to the requested service is denied.Type: ApplicationFiled: September 30, 2015Publication date: May 5, 2016Inventors: Kevin J. Van Vechten, Damien Pascal Sorresso, Richard L. Hagy, Ivan Krstic
-
Patent number: 9280644Abstract: In response to a request for launching a program, a list of one or more application frameworks to be accessed by the program during execution of the program is determined. Zero or more entitlements representing one or more resources entitled by the program during the execution are determined. A set of one or more rules based on the entitlements of the program is obtained from at least one of the application frameworks. The set of one or more rules specifies one or more constraints of resources associated with the at least one application framework. A security profile is dynamically compiled for the program based on the set of one or more rules associated with the at least one application framework. The compiled security profile is used to restrict the program from accessing at least one resource of the at least one application frameworks during the execution of the program.Type: GrantFiled: June 19, 2013Date of Patent: March 8, 2016Assignee: Apple Inc.Inventors: Ivan Krstić, Austin G. Jennings, Richard L. Hagy