Managing application access to certificates and keys
First Claim
1. A method of handling, at a resource manager, a file system request for a data item in a store, the method comprising:
- receiving, from an application, the file system request, the file system request specifying a path;
parsing the path to isolate a store identifier for the store;
detecting an identity for the application;
determining, based on the identity and the store identifier, that the store is in a namespace of the application, wherein the namespace comprises a list of all stores to which the application has access; and
responsive to the determining, obtaining the data item from a manager of the data item.
4 Assignments
0 Petitions
Accused Products
Abstract
Plural modes of operation, each associated with a class attribute, may be established on a mobile device. The present application discloses a method of handling an application launch request, a computing device for carrying out the method and a computer readable medium for adapting a processor to carry out the method. The method includes receiving a launch request identifying an application that is to be launched, acquiring an identity for the application, acquiring a class for the application, labeling the application with the identity and the class and launching the application. The application'"'"'s identity and class may then be taken into consideration when processing a request to access a store or create a new store. Notably, an application may request access to a store managed by a certificate manager, rather than accessing the store directly. Conveniently, a resource manager may handle parsing of a file path to the store.
-
Citations
17 Claims
-
1. A method of handling, at a resource manager, a file system request for a data item in a store, the method comprising:
-
receiving, from an application, the file system request, the file system request specifying a path; parsing the path to isolate a store identifier for the store; detecting an identity for the application; determining, based on the identity and the store identifier, that the store is in a namespace of the application, wherein the namespace comprises a list of all stores to which the application has access; and responsive to the determining, obtaining the data item from a manager of the data item. - View Dependent Claims (2, 3, 4)
-
-
5. A computing device comprising:
-
a memory; a processor adapted to execute a resource manager to; receive, from an application, a file system request, the file system request specifying a path for a data item in a store; parse the path to isolate a store identifier for the store; detect an identity for the application; determine, based on the identity and the store identifier, that the store is in a namespace of the application, wherein the namespace comprises a list of all stores to which the application has access; and responsive to the determining, obtain the data item from a manager of the data item. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a computing device, cause the processor to:
-
receive, from an application, a file system request, the file system request specifying a path for a data item in a store; parse the path to isolate a store identifier for the store; detect an identity for the application; determine, based on the identity and the store identifier, that the store is in a namespace of the application, wherein the namespace comprises a list of all stores to which the application has access; and responsive to the determining, obtain the data item from a manager of the data item. - View Dependent Claims (10, 11, 12)
-
-
13. A method of handling access to a certificate or cryptographic key in a store, in a memory of a mobile device, managed by a certificate manager, the mobile device having a plurality of modes of operation and having a plurality of applications stored thereon, each application being labeled with an identity attribute and a class attribute, the class attribute being associated with a mode of operation of the mobile device, the method comprising:
-
downloading certificates and cryptographic keys from an enterprise server; storing the certificates and cryptographic keys by initializing a respective certificate, cryptographic key store for each of the modes of operation of the device; receiving, from an application, a file system request for access to one of the stores; detecting an identity for the application; detecting a class for the application; determining, based on the identity and the class, whether the one of the stores is in a namespace of the application; and based on the determining, allowing or denying the application access to the one of the stores. - View Dependent Claims (14, 15)
-
-
16. A computing device comprising:
-
a memory; and a processor adapted to execute a resource manager to; download certificates and cryptographic keys from an enterprise server; store the certificates and cryptographic keys by initializing a respective certificate, cryptographic key store for each of a plurality of modes of operation of the computing device; receive, from an application, a file system request for access to one of the stores; detect an identity for the application; detect a class for the application; determine, based on the identity and the class, whether the one of the stores is in a namespace of the application; and based on the determining, process the request allow or deny the application access to the one of the stores.
-
-
17. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a computing device, cause the processor to:
-
download certificates and cryptographic keys from an enterprise server; store the certificates and cryptographic keys by initializing a respective certificate, cryptographic key store for each of a plurality of modes of operation of the computing device; receive, from an application, a file system request for access to one of the stores; detect an identity for the application; detect a class for the application; determine, based on the identity and the class, whether the one of the stores is in a namespace of the application; and based on the determining, allow or deny the application access to the one of the stores.
-
Specification