	US 11,947,709 B2
	Electronic device for controlling access to device resource and operation method thereof
Hyungseok Yu, Gyeonggi-do (KR); Taeho Kim, Gyeonggi-do (KR); Kwangsik Choi, Gyeonggi-do (KR); and Seyoung Choi, Gyeonggi-do (KR)
Assigned to Samsung Electronics Co., Ltd, (KR)
Filed by Samsung Electronics Co., Ltd., Gyeonggi-do (KR)
Filed on Aug. 28, 2020, as Appl. No. 17/006,229.
Claims priority of application No. 10-2019-0106729 (KR), filed on Aug. 29, 2019.
Prior Publication US 2021/0064770 A1, Mar. 4, 2021
Int. Cl. G06F 21/62 (2013.01); G06F 9/455 (2018.01); G06F 21/57 (2013.01); G06F 21/74 (2013.01)

CPC G06F 21/629 (2013.01) [G06F 9/45558 (2013.01); G06F 21/575 (2013.01); G06F 21/74 (2013.01); G06F 2009/45587 (2013.01); G06F 2221/2141 (2013.01)]

14 Claims

1. An electronic device comprising:

a memory; and

a processor configured to:

execute at least one operating system executed in a first region of the processor allowing an operation based on a first authority,

execute at least one application executed in a second region of the processor allowing an operation based on a second authority,

in response to detection of access to at least one device resource by the at least one application, configure authority of access to the at least one device resource by using an authority determination module executed in a third region of the processor allowing an operation based on a third authority,

store an authority policy defining a device resource restricted from being accessed by the at least one application, in the third region allowing an operation based on the third authority, and

provide the authority policy through a secure region of the processor to a non-secure region of the processor allowing an operation based on the third authority, wherein the third region allowing an operation based on the third authority comprises a region in which at least one of a hypervisor which is a non-secure region, or a secure exception level, is executed.