`
`(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)~
`
`(19) World Intellectual Property
`Organization
`International Bureau
`
`(43) International Publication Date
`28 May 2015 (28.05.2015)
`
`~~
`
`ANY
`
`WIPO! PCT
`
`(51)
`
`International Patent Classification:
`HO4W 8/18 (2009.01)
`H04W 12/08 (2009.01)
`HO4W 12/06 (2009.01)
`HO4AW 4/26 (2009.01)
`
`(8L
`
`(21)
`
`International Application Number:
`
`PCT/CA20 14/05 1109
`
`International Filing Date:
`20 November 2014 (20.1 1.2014)
`
`Filing Language:
`
`Publication Language:
`Priority Data:
`61/907,082
`21 November 2013 (21.11.2013)
`
`English
`
`English
`
`(84)
`
`US
`
`(22)
`
`(25)
`
`(26)
`
`(39)
`
`(71)
`
`(72)
`
`Applicant: GRAPHITE SOFTWARE CORPORATION
`[CA/CA]; 555 Legget Drive, Suite 740, Ottawa, Ontario
`K2K 2X3 (CA).
`
`James; 3590 Torwood
`Inventors: MAIN, Alexander
`Drive, Ottawa, Ontario KOA 1T0O (CA). VANDERGEEST,
`Ron; 221 Sunnyside Avenue, Ottawa, Ontario K1S OR4
`(CA). LITVA, Paul; 118 Marsh Sparrow Private, Ottawa,
`Ontario K2K 3P3 (CA).
`
`(74)
`
`Jason et al; Borden
`Agents: MUELLER-NEUHAUS,
`Ladner Gervais LLP, World Exchange Plaza, 100 Queen
`Street, Suite 1300, Ottawa, Ontario KTP 119 (CA).
`
`(10) International Publication Number
`WO 2015/074150 Al
`
`Designated States (unless otherwise indicated, for every
`kind o national protection available): AE, AG, AL, AM,
`AO, AT, AU, AZ, BA, BB, BG, BH, BN, BR, BW, BY,
`BZ, CA, CH, CL, CN, CO, CR, CU, CZ, DE, DK, DM,
`DO, DZ, EC, EE, EG, ES, FI, GB, GD, GE, GH, GM, GT,
`HN, HR, HU,ID, IL, IN, IR, IS, JP, KE, KG, KN, KP, KR,
`KZ, LA, LC, LK, LR, LS, LU, LY, MA, MD, ME, MG,
`MK, MN, MW, Mx, MY, MZ, NA, NG, NI, NO, NZ, OM,
`PA, PE, PG, PH, PL, PT, QA, RO, RS, RU, RW, SA, SC,
`SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, TN,
`TR, TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW.
`
`Designated States (unless otherwise indicated, for every
`kind od regional protection available): ARIPO (BW, GH,
`GM, KE, LR, LS, MW, MZ, NA, RW, SD, SL, ST, SZ,
`TZ, UG, ZM, ZW), Eurasian (AM, AZ, BY, KG, KZ, RU,
`TJ, TM), European (AL, AT, BE, BG, CH, CY, CZ, DE,
`DK, EE, ES, FI, FR, GB, GR, HR, HU,IE, IS, IT, LT, LU,
`LV, MC, MK, MT, NL, NO, PL, PT, RO, RS, SE, SI, SK,
`SM, TR), OAPI (BF, BJ, CF, CG, CI, CM, GA, GN, GQ,
`GW, KM, ML, MR, NE, SN, TD, TG).
`
`Declarations under Rule 4.17:
`
`d inventorship (Rule 4.17(iv))
`Published:
`
`with international search report (Art. 21(3))
`
`(54) Titles MANAGED DOMAINS FOR REMOTE CONTENT AND CONFIGURATION CONTROL ON MOBILE INFORMA-
`TION DEVICES
`
`ACO -—
`
`Domain Management
`Service
`
`:
`
`Fy
`
`430
`
`435
`
`Subscribing
`Mobiie Device
`Iniftate add
`managed domain
`
`
` “425
`
` Launch demain
`Validate request
`
`Determine domain
`
`Sendrequestto
`configuration
`add managed
`domain
`
`Send damain
`
`
`IT von
`
`(57) Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the
`mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy con -
`trolling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to
`be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration
`of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to in -
`stantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful
`for advertising and brand promotion on mobile deviccs as it simultancously cnables detailed control over the presentation of content
`by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.
`
`
`
`
`
`wo2015/7415A1|IMTIMNMNAILIATATAA
`
`
`Receive domain
`conf.guration
`
` Switch to
`445°|menaged domain
`
`
`
`
`Provision domain
`according to
`demain
`configuration
`
`FIGURE 4
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`MANAGED DOMAINS FOR REMOTE CONTENT AMD CONFIGURATION
`
`CONTROL_ON MOBILE INFORMATION DEVICES
`
`FIELD
`
`[0001]
`
`The present disclosure relates to advertising, brand promotion, and
`
`trusted content discovery and distribution on mobile information devices.
`
`BACKGROUND
`
`[0002]
`
`Online advertising and marketing currently employs
`
`a number
`
`of
`
`10
`
`different methods in connection with mobile and fixed electronic information devices.
`
`For example, web search engines such as Google™ , Yahoo!™, and Bing™ support
`
`ad placement based on search string key word searches as well as contextual
`
`
`
`advertisements. Web pages and emails may include banner ads, paid_links,
`
`advertiser sponsorship content,
`
`links to social media websites, and the like. Social
`
`15
`
`media websites such as Facebook™ and Linkedin™ are commonly used for brand
`
`and product promotion.
`
`[0003]
`
`One challenge faced by advertisers in general
`
`is
`
`the overwhelming
`
`volume of advertising messages and media that compete for consumer attention.
`
`Consumer attention is a scarce resource and attracting consumer attention and
`
`20
`
`disseminating
`
`information to consumers
`
`is a fundamental
`
`challenge faced by
`
`advertisers generally.
`
`In online advertising,
`
`this has spawned the use of rich media
`
`advertising formats such asfloating ads, expandable ads, video ads,
`
`interactive ads,
`
`expandable banner ads, and so forth, to capture the interest of consumers.
`
`[0004]
`
`A relatively new segment of online advertising is mobile advertising.
`
`25
`
`The increased capabilities (for example, high resolution displays, touch screens, app
`
`support, and so forth), high adoption rates, and large installed base of smartphones,
`
`tablets,
`
`and other mobile devices have resulted in
`
`the rapid growth of mobile
`
`advertising. For example,
`
`spending on mobile advertising increased 83% from
`
`US$5.3 billion in 201 1
`
`to $8.9 billion in 2012: see IAB Global Mobile Advertising
`
`30
`
`Revenue Report, http:/Avww.iab.net/globalmobile. Mobile advertising has typically
`
`-1-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`taken the form of display ads, text messaging ads, paid search ads, mobile apps, and
`
`banners within mobile apps.
`
`[0005]
`
`In this connection,
`
`the model of online advertising and marketing is
`
`changing with respect to mobile device usage. The number of mobile apps is growing
`
`rapidly (for example,
`
`there are currently over
`
`1 million apps available on Google
`
`Play™,
`
`the largest app store for Android devices) and consumers already spend
`
`much more time using mobile apps than they spend browsing the web via mobile
`
`browsers. Mobile apps have become or are quickly becoming the principal means for
`
`consumers
`
`to find, discover, package,
`
`and present
`
`information,
`
`services,
`
`and
`
`10
`
`experiences on mobile devices.
`
`[0006]
`
`In keeping with this trend, companies are increasingly leveraging apps
`
`for mobile advertising and marketing. For example,
`
`in most developed nations,
`
`consumers are more likely to receive mobile advertising via apps than via a mobile
`
`browser. Additionally companies may develop and distribute multiple apps for the
`
`15
`
`purpose of mobile advertising and marketing,
`
`and mobile advertising
`
`is also
`
`distributed to consumers via banner ads within apps, such as games, video apps, or
`
`social networking apps,
`
`such as those developed by Facebook™. LinkedIn™,
`
`Instagram™ , TumbIr™, Twitter™, and YouTube™. Each social network app hasits
`
`own user interfaces which have been optimized for the particular information being
`
`20
`
`displayed (e.g. short messages, pictures, videos, etc.).
`
`[0007] While advertisers and companies that provide apps to consumers for
`
`the
`
`purposes of mobile advertising and marketing often promote the apps on websites,
`
`consumers are more likely to use an app, such as Google Play™,
`
`to discover and
`
`download apps on mobile devices. With millions of mobile apps available on various
`
`25
`
`app stores,
`
`it
`
`is difficult for consumers to discover apps and to recognize the apps
`
`that are authentic (meaning they were developed and distributed by the corporation
`
`of
`
`interest to the consumer rather than some potentially illegitimate third party). A
`
`number of app recommendation and aggregation services have emerged that
`
`attempt to filter, rank and recommend apps to consumers, but these are often based
`
`30
`
`either on user supplied ratings, which are sparse or oversimplified recommendations
`
`-2-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`based on user profiles and previously downloaded apps. Similar
`
`issues exist
`
`in
`
`connection with social media apps: that
`
`is the problem of finding desirable brands,
`
`channels, or feeds, for example. Another approach taken by some original equipment
`
`manufacturers to overcome the app discovery problem is to provide pre-loaded apps
`
`or "bloatware".
`
`[0008]
`
`In addition to the above challenges facing advertisers is the increasing
`
`consumer concern and desire for privacy of personal
`
`information. Until
`
`recently,
`
`online advertising was typically viewed by consumers via web browsers on personal
`
`computers or laptops. Participants in the online advertising industry have been able
`
`10
`
`to collect and store a wealth of personal information about such consumers including,
`
`for example,
`
`Internet Protocol
`
`(IP) addresses, web sites visited,
`
`search words
`
`entered,
`
`and so forth, and use this
`
`information for
`
`the purposes
`
`of
`
`targeted
`
`advertising. Such information may also be sold to another advertiser.
`
`[0009]
`
`In
`
`response to the increasing concern of consumers over personal
`
`15
`
`privacy, some national governments have implemented privacy legislation, and some
`
`web browsers provide mechanisms to control
`
`the ‘leakage’ of personal
`
`information
`
`{e.g. private browsing modes). Moreover, efforts have been made to improve the
`
`transparency of how personal
`
`information is collected and used by corporations
`
`engaged in online advertising (e.g. website privacy policies).
`
`20
`
`[001 0]
`
`As such, personal privacy is also a pressing issue in connection with
`
`the use of personal electronic devices such as laptops, smartphones, personal digital
`
`assistants (PDA's), and the like. Concerns regarding consumer privacy are especially
`
`acute with
`
`respect
`
`to mobile devices because, as compared to a workplace
`
`workstation, or even a home PC, for example, users tend to store large amounts of
`
`25
`
`personal
`
`information
`
`on their mobile devices, mobile devices
`
`are constantly
`
`connected and mobile devices tend to be with consumers for the majority of their
`
`waking hours. No other device is more personal and linked to an individual
`
`than a
`
`personal mobile device. While users of such devices generally desire unimpeded and
`
`effortless access to online content,
`
`it
`
`is becoming increasingly desirable to control
`
`30
`
`and/or
`
`limit
`
`the collection of personal
`
`information
`
`in
`
`the process. While there
`
`-3-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`presently exists means to preventor limit the collection of personal information while
`
`accessing online content,
`
`they typically involve some interference with ready and
`
`effortless access to the online content, and are thus undesirable.
`
`[0011]
`
`Moreover,
`
`the increase in mobile advertising on mobile devices raises
`
`additional
`
`issues resulting from technological differences from online advertising on
`
`personal computers. For example.
`
`= personal computers personal
`
`information is
`
`typically better segregated than it
`
`is on mobile devices and internet browsers have
`
`features that address some privacy issues. Browsers typically operate in a security
`
`‘sandbox’ which limits the access of the browser to system resources and/or files
`
`10
`
`which may contain personal
`
`information on the persona! computer.
`
`In a browser
`
`environment, for a web page to obtain additional permissions generally requires the
`
`installation of
`
`‘plug-ins’ which then can have lower-level access to the operating
`
`system services than the sandbox. One of the issues with such plug-ins is that they
`
`can be very invasive and change the configuration of your browser and/or the
`
`15
`
`underlying operating system itself (e.g. change the default media player or search
`
`engine). As a result, users have become reluctant to download and install plug-ins.
`
`[0012]
`
`Mobile operating systems have simplified app development (compared
`
`to the PC environment), by providing standardized operating system services for
`
`apps to access contact
`
`information, device owner information, account
`
`information
`
`20
`
`(e.g. email account),
`
`location, e-mails, messaging,
`
`telephony services and payment
`
`services (e.g. various payment "wallets"). These services may also be accessed by
`
`apps used for mobile advertising and marketing. This further exacerbates user
`
`privacy concerns on mobile devices.
`
`[0013]
`
`In order to address concerns with respect to information privacy and
`
`25
`
`security,
`
`some operating systems,
`
`such as Android™, provide a permissions
`
`framework (or discretionary access control) whereby a consumer must grant
`
`the
`
`permissions requested by an app prior to installation (e.g. Internet access, access to
`
`contacts, global positioning system (GPS) location data, etc.). The permissions are
`
`not granular, however -
`
`for example,
`
`the user must either accept
`
`the requested
`
`30
`
`permissions or refrain from installing the app - and many mobile device users do not
`-4-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`understand the
`
`implications
`
`of granting such permissions or combinations
`
`of
`
`permissions to a mobile app.
`
`[0014]
`
`The permissions requested by apps may also be leveraged by in-app
`
`ad libraries that are incorporated into many free apps as a means for the developer to
`
`monetize their app. Certain in-app ad libraries have been found invasively to collect
`
`personal
`
`information such as a user's call
`
`logs, account
`
`information, and phone
`
`number: see, e.g. M. Grace, W. Zhou, X. Jiang, and A.-R. Sadeghi., "Analysis of
`
`Mobile In-App Advertisements", Proceedings of the 5th ACM Conference on Security
`
`and Privacy in Wireless and Mobile Networks, WiSec 12, 2012. Also see:
`
`10
`
`http:/Awww.symantecxom/content/en/us/enterprise/media/security_response/whitepa
`
`pers/madware_and_malware_analysis.pcf.
`
`[0015]
`
`Compounding these concerns associated with personal
`
`information
`
`privacy are general issues with app security. Developing applications that cannot be
`
`exploited by malware or hackers (secure applications) is a challenging task even for
`
`15
`
`experienced application security experts. Mobile app development
`
`is a relatively new
`
`field and there is a shortage of skilled programmers and mobile application security
`
`experts. The increasing use of apps for mobile marketing purposes combined with
`
`the large increase in mobile malware (including substantially on the Android™
`
`platform), make it more likely that apps developed by (or for) an advertiser or
`
`20
`
`company may contain vulnerabilities
`
`that can be leveraged by another app or
`
`malware to obtain private information; this may then affect consumer confidence in
`
`the company.
`
`[0016]
`
`Nevertheless,
`
`a_
`
`significant
`
`proportion
`
`of consumers
`
`tend to be
`
`accepting of advertising if
`
`it
`
`is engaging,
`
`low cost and if
`
`it originates from a trusted
`
`25
`
`brand, and are further content
`
`to provide personal
`
`information in order to receive
`
`custom advertising which matchestheir interests.
`
`[0017]
`
`A yet further issue with current methods concerns the overcrowding of
`
`mobile device homescreens.
`
`It
`
`is generally appreciated that
`
`there is value to a
`
`company in having content related to the company, such as an app, present on the
`
`30
`
`homescreen of a mobile device given that a user's attention is most often directed to
`-5-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`the homescreen.
`
`In practice, therefore, app developers and brand managers seek to
`
`have their content reside on device homescreens. Given the limited space on device
`
`homescreens (typically there is room for about 20 icons), however, overcrowding and
`
`message dilution is a problem. Some companies have attempted to overcome this
`
`home screen crowding by developing custom launchers that control
`
`the mobile
`
`device homescreen (e.g. equivalent to the desktop on a personal computer) including
`
`the placement of apps on the homescreen. Such efforts (e.g. Facebook™ Home™)
`
`have failed due to consumer concerns over privacy {e.g. the launcher can be used to
`
`gather information on which apps the consumer uses and how often they use them}
`
`10
`
`and the invasiveness of such efforts.
`
`[0018]
`
`There is
`
`thus an ongoing and pressing need for
`
`techniques which
`
`enable the effective provision of desired advertising, marketing, and other selected
`
`content
`
`to personal mobile devices, while minimizing security risks and providing
`
`maximal user control over the disclosure of private information that may be stored on
`
`15
`
`the device.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`[0019]
`
`Embodiments of the present disclosure will now be described, by way
`
`of example only, with reference to the attached drawings,
`
`asfollows.
`
`20
`
`[0020]
`
`FIG.
`
`1
`
`is a schematic diagram of an operating system configured to
`
`provide secure,
`
`isolated domains.
`
`[0021]
`
`FIG. 2 is a schematic diagram of an alternative operating system
`
`configured to provide secure,
`
`isolated domains using application containers.
`
`[0022]
`
`FIG. 3 is a schematic diagram of a system for providing domains
`
`25
`
`managed by a third party on subscribing mobile devices.
`
`[0023]
`
`FIG. 4 is a flowchart
`
`illustrating a method of adding a domain managed
`
`by a third party on a subscribing mobile device.
`
`[0024]
`
`FIG. 5 is a schematic diagram showing user interfaces of a subscribing
`
`mobile device for adding a domain managed by athird party on a subscribing mobile
`
`30
`
`device.
`
`-6-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`[0025]
`
`FIG. 6 is a flowchart
`
`illustrating a method of creating a managed
`
`domain policy including content and configuration.
`
`[0026]
`
`FIG. 7 is a flowchart
`
`illustrating a method of updating a managed
`
`domain policy with real-time information.
`
`[0027]
`
`FIG.
`
`8 is a flowchart
`
`illustrating
`
`a method of
`
`selecting
`
`access
`
`permissions of a managed domain ona subscribing mobile device.
`
`[0028]
`
`FIG. 9 is a flowchart
`
`illustrating a method of updating a managed
`
`domain on a subscribing mobile device.
`
`10
`
`DETAILED DESCRIPTION
`
`[0029]
`
`The inventive embodiments overcome the defects or disadvantages of
`
`conventional means of mobile advertising and marketing described above, provide
`
`further abilities or advantages, or provide alternatives to conventional means, by
`
`enabling the creation of secure,
`
`isolated domains on mobile devices, and by enabling
`
`15
`
`the provisioning and maintenance of
`
`the content of such isolated domains by an
`
`external
`
`third party. A user of
`
`the mobile device containing such an externally
`
`managed domain can be confident that any content added to the domain does not
`
`compromise the security or privacy of personal or other data that may exist outside of
`
`the externally managed domain on the device, and is thus comfortable with ceding
`
`20
`
`control over the content within that externally managed domain to a third party.
`
`In
`
`turn, by having such full or maximal content control over the externally managed
`
`domain, the third party is able to tailor the user experience of the content as precisely
`
`as desired,
`
`that
`
`is the content
`
`is presented to user in a manner which follows as
`
`closely as possible the intention of the third party.
`
`25
`
`[0030]
`
`[0031]
`
`Overview
`
`Techniques for providing multiple isolated domains on mobile devices
`
`are described in World
`
`Intellectual Property Organization
`
`International Patent
`
`Application Number PCT/CA20 14/050761 and United States Patent and Trademark
`
`Office application number 61/864,899 (the “domain isolation applications”), which are
`
`30
`
`incorporated herein by reference in their entireties. These techniques enable the
`
`-7y-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`creation of multiple secure,
`
`isolated domains on a mobile device wherein user
`
`processes
`
`run on the device within associated domains, and access by the
`
`processes to resources on the device (e.g. data, applications, services) is segregated
`
`by domain and controlled by a security policy associated with the domain. Control
`
`over the security policy, content, and content configuration of a particular domain can
`
`be exercised substantially or entirely by an external
`
`third party agent, such as a
`
`remote server, without compromising the security or information privacy of the other
`
`domains and the personal information that may reside in those other domains on the
`
`device.
`
`10
`
`[0032]
`
`By using
`
`the
`
`techniques described
`
`above,
`
`access
`
`to personal
`
`information stored on the mobile device in a first isolated domain by apps running ina
`
`second isolated domain can bereliably prevented.
`
`In view of this ability, a user of the
`
`device can confidently cede control over the security policy and content of
`
`the
`
`second domain to an external third party agent such as a remote server. Moreover,
`
`15
`
`given the reliable isolation of the second domain from other domains on the mobile
`
`device, the user can confidently grant control over content which is unrestricted or
`
`minimally restricted, and thus enables the third party maximum control over the
`
`content and presentation of content in the second domain.
`
`In addition, the user can
`
`readily delete the second domain if
`
`it becomes desirable to do so, without
`
`leaving
`
`20
`
`any artifacts on the device; this is in contrast to current techniques, such as browser
`
`plug-ins, for example, which often reconfigure the personal computer, and thus leave
`
`artifacts even after deletion.
`
`[0033]
`
`In such conditions,
`
`the second domain may be termed an ‘externally
`
`managed domain’. Similarly, the external agent may be termed the ‘external domain
`
`25
`
`manager’ or, where the functions of the external domain manager are performed by a
`
`server or other device, an ‘external managing server’ or ‘external managing device’,
`
`respectively. Since the content of the externally managed domain is selected by the
`
`external domain manager, who thus functions as a curator of
`
`the content,
`
`the
`
`externally managed domain may also be termed a ‘curated domain’. Where the
`
`30
`
`content is selected on the basis of a company or organization brand, for example, to
`-8-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`present information and/or apps relevant to a brand and the advertisement of goods
`
`and services associated with the brand, then the externally managed domain may be
`
`termed a ‘branded domain’, and the function of external domain manager may be
`
`performed by a ‘brand manager’.
`
`[0034]
`
`By using secure,
`
`isolated domains in
`
`this way, an external domain
`
`manager is provided maximum ability to tailor, update, and in general control a user's
`
`experience with respect to content provided by the external domain manager within
`
`the externally managed domain.
`
`[0035]
`
`For example, a mobile device user may be interested in a particular
`
`10
`
`topic, such as Formula 1™ car racing. Currently,
`
`the user can download Formula 1
`
`apps and information feeds, but
`
`this requires the user to engage in a discovery
`
`process to find the official version of the app within the millions of available apps,
`
`navigate to an official Formula 1 Facebook™ page, for example, or find and follow
`
`the Formula 1 Twitter™ feed. By using isolated domains, selected content such as
`
`15
`
`apps, videos,
`
`information feeds, pictures can be aggregated, distributed and made to
`
`reside in an externally managed domain. The user can select a desired content topic
`
`based on a brand or other topic of interest (e.g. Formula 1 racing, an NFL™ team, a
`
`particular celebrity, etc.) from a web site, bill board, or other media, and all of the
`
`pertinent content including apps,
`
`information feeds such as social networking or news
`
`20
`
`feeds,
`
`and other content associated with the topic would be downloaded or
`
`streamed into an externally managed domain on the mobile device. Common social
`
`networking apps can be pre-configured by the external domain manager based on
`
`the topic (e.g. a Formula 1™ Facebook™ page, Twitter™ feed, YouTube™ channel,
`
`or the like), enabling the device owner to use the best and most relevant content. The
`
`25
`
`external domain manager can also aggregate the apps for each Formula 1™ team,
`
`manufacturers, photos, wallpapers,
`
`theme songs, etc. When the user navigates to
`
`the externally managed domain,
`
`the notifications and alerts would pertain to the
`
`specific theme or topic or event, etc. notifications or real simple syndication (RSS)
`
`feeds could be used to promote certain events, such as live streaming, or other
`
`30
`
`offers, such as discounted items or sales.
`
`-9-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`[0036]
`
`Thus, ‘content’, as used herein with respect to managed domains, may
`
`be understood as designating a collection
`
`of
`
`resources
`
`such as data files,
`
`applications, and services, and may include,
`
`for example, pictures, videos,
`
`icons,
`
`apps,
`
`links to information sources,
`
`links for recommended apps and the like.
`
`In other
`
`words,
`
`‘content’ may be understood generally as including ail of the types of user
`
`resources ordinarily contained on a mobile information device. As used herein,
`
`‘content
`
`configuration’ may be understood as
`
`including
`
`any aspects
`
`of
`
`the
`
`configuration of the content which influence or affect a user's interaction with the
`
`content, and may include configuration aspects related to presentation of the content
`
`10
`
`{such as an arrangement of icons on the homepage or other screen, a wallpaper, a
`
`background , a lock screen, a font, a user interface behavior, the launcher app and so
`
`forth} or aspects relating to the function of the content (Such as a default webpage of
`
`a browser app, a default Facebook™ page, Twitter™ feed, YouTube™ channel, or
`
`the like).
`
`In general,
`
`‘content configuration’ may be understood to include any
`
`15
`
`aspects of the configuration of content on a mobile information device which a user,
`
`outside of a managed domain, can typically modify.
`
`[0037]
`
`Thus, use of externally managed domains enables an external domain
`
`manager to create, distribute, manage, and update an externally managed domain in
`
`order to provide a rich and tailored experience to the device user.
`
`20
`
`[0038]
`
`At the same time, users can confidently add such externally managed
`
`domains to their mobile devices because they know that
`
`the external domain
`
`manager and the apps within such an externally managed domain cannot access
`
`data in other domains on their mobile device which may contain personal information .
`
`Even if an app in the externally managed domain wants permissions to access
`
`25
`
`personal information (e.g. contacts or credentials),
`
`the user can be confident that the
`
`app cannot access any personal
`
`information stored in a different domain. The user
`
`does not have to compromise with respect to the value of the content as against the
`
`value of
`
`their personal
`
`information as is often the case for apps downloaded to
`
`mobile devices. Even if an external domain manager unknowingly includes malware
`
`30
`
`{e.g.
`
`that may target e-mail addresses to sell
`-10-
`
`to spammers or premium SMS
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`services), the apps and file system on the device are completely isolated from the
`
`apps in the externally managed domain due to the domain isolation technology used.
`
`[0039]
`
`[0040]
`
`Secure, isolated Domains
`
`A ‘domain’ may be considered herein to stand for a relationship
`
`between a set of similarly trusted resources - data files, applications, and services,
`
`for example - and a rule set, or ‘security policy’, whereby access by processes to the
`
`resources is controlled at least in part by the security policy. For example, a particular
`
`domain may be considered to include or contain a number of data files which are
`
`associated with that domain, and access to those data files is controlled at least in
`
`10
`
`part by a security policy defined in association with that domain. Similarly, an
`
`application may be installed or otherwise associated with a particular domain, and
`
`access to that application,
`
`including the ability to execute the application,
`
`for
`
`example,
`
`is controlled at least in part by a security policy defined in association with
`
`that domain.
`
`15
`
`[0041]
`
`At any given time, a domain will have associated with it a corresponding
`
`security policy and contain content having a corresponding content configuration, all
`
`as defined above. Accordingly, each domain may be characterized by a ‘domain
`
`configuration’
`
`including the security policy, the content, and the content configuration
`
`corresponding to that domain.
`
`20
`
`[0042]
`
`It
`
`is sometimes desirable in a single-user device to be able to provide
`
`multiple domains having different
`
`security policies providing different access to
`
`selected applications and other resources.
`
`In one case,
`
`it may be desirable to provide
`
`a restricted domain which requires user authentication for access and contains data
`
`or applications which are intended to be inaccessible to children or otherthird parties,
`
`25
`
`and an open, or ‘kids mode’, domain which does not require authentication and is
`
`intended to be accessible to children (to play games, for example). When operating in
`
`the open domain, therefore,
`
`it is desirable for the data or applications of the restricted
`
`domain to be inaccessible to processes associated with the open domain.
`
`[0043]
`
`In some embodiments, domain awareness is provided via modification
`
`30
`
`to existing components or services of the operating system or the introduction of new
`-11-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`components or services.
`
`In some embodiments, at
`
`least some of the components
`
`and services are provided in the operating system outside of the kernel, that is in the
`
`middleware {used herein to mean the operating system outside of the kernel, and
`
`between the kernel and user applications).
`
`In some embodiments, at least some of
`
`the components and services are provided in the operating system kernel.
`
`In some
`
`embodiments, domain creation and management
`
`is enabled by modified or new
`
`components
`
`or
`
`services
`
`of
`
`the operating
`
`system middleware,
`
`and
`
`domain
`
`enforcement
`
`is performed by the operating system kernel, and modified or new
`
`kernel modules, or kernel modifications, are provided for this purpose.
`
`10
`
`[0044]
`
`Accordingly, an exemplary system 100 for providing isolated domains is
`
`now described with reference to FIG.
`
`1. The system may be implemented in any
`
`computing device including a mobile information device such as a smartphone,
`
`tablet,
`
`laptop, or a desktop, or any other electronic device having a volatile memory
`
`and a processor,
`
`the volatile memory containing computer code executable by the
`
`15
`
`processor to provide an operating system and software applications (or ‘applications’
`
`or ‘apps'). The computing device may further include an interface, which may include
`
`a user input device such as a keyboard, pointing device,
`
`touchscreen,
`
`and may
`
`further
`
`include a communications
`
`interface such as a radio and associated control
`
`circuitry for communicating over a wired or wireless communications network, which
`
`20
`
`may be the Internet and/or a cellular or WiFi
`
`link or Bluetooth, or near
`
`field
`
`communication (NFC).
`
`[0045]
`
`The operating system may be characterized as including a kernel,
`
`which manages and provides input/output (I/O) services to software applications from
`
`the processor and other hardware components of the device, and middleware which
`
`25
`
`provides services additional to those provided by the kernel.
`
`[0046]
`
`In general, the system 100 includes modifications to operating-system -
`
`level protocols to enable domain-awareness. A plurality of domains may be created
`
`on the mobile device.
`
`In some embodiments
`
`the operating system is Android™,
`
`although such selection should not be construed as limiting; Android is used only as
`
`-12-
`
`

`

`WO 2015/074150
`
`PCT/CA2014/051109
`
`an example and is
`
`similar
`
`to other multi-user operating systems {e.g. QNX™.,
`
`Microsoft Windows™).
`
`[0047]
`
`Thus, as shown in FIG. 1, the system 100 includes a kernel, which is
`
`the Linux™ kernel 110 when the system 100 is
`
`implemented in a mobile device
`
`running the Android™ operating system. The kernel 100 includes: a secure data
`
`store 112, a Domain Kerne! Module 116, and a Linux Security Module 114, which in
`
`one embodiment
`
`is an Enhanced Linux Security Module, whose respective functions
`
`will be discussed further below.
`
`It will be understood by persons of ordinary skill
`
`in
`
`the art that the kernel 110 may further have further conventional components (e.g.
`
`10
`
`drivers), or other comp