Code signing system and method
First Claim
Patent Images
1. A code signing system for operation in conjunction with a software application having a digital signature, comprising:
- an application platform;
an application programming interface (API) configured to link the software application with the application platform; and
a virtual machine that verifies the authenticity of the digital signature in order to control access to the API by the software application.
2 Assignments
0 Petitions
Accused Products
Abstract
A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.
-
Citations
56 Claims
-
1. A code signing system for operation in conjunction with a software application having a digital signature, comprising:
-
an application platform;
an application programming interface (API) configured to link the software application with the application platform; and
a virtual machine that verifies the authenticity of the digital signature in order to control access to the API by the software application. - View Dependent Claims (2, 3, 4, 5, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
6. A code signing system for operation in conjunction with a software application having a digital signature, comprising:
-
an application platform;
a plurality of application programming interfaces (APIs), each configured to link the software application with a resource on the application platform; and
a virtual machine that verifies the authenticity of the digital signature in order to control access to the API by the software application, wherein the virtual machine verifies the authenticity of the digital signature in order to control access to the plurality of APIs by the software application. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
29. A method of controlling access to sensitive application programming interfaces on a mobile device, comprising the steps of:
-
loading a software application on the mobile device that requires access to a sensitive application programming interface (API);
determining whether or not the software application includes a digital signature associated with the sensitive API; and
if the software application does not include a digital signature associated with the sensitive API, then denying the software application access to the sensitive API. - View Dependent Claims (30, 31, 32, 33, 34, 35, 36, 37)
-
-
38. A method of controlling access to an application programming interface (API) on a mobile device by a software application created by a software developer, comprising the steps of:
-
receiving the software application from the software developer;
reviewing the software application to determine if it may access the API;
if the software application may access the API, then appending a digital signature to the software application;
verifying the authenticity of a digital signature appended to a software application; and
providing access to the API to software applications for which the appended digital signature is authentic. - View Dependent Claims (39, 40, 41, 42, 43, 44)
-
-
45. A method of controlling access to a sensitive application programming interface (API) on a mobile device, comprising the steps of:
-
registering one or more software developers that are trusted to design software applications which access the sensitive API;
receiving a hash of a software application;
determining if the software application was designed by one of the registered software developers; and
if the software application was designed by one of the registered software developers, then generating a digital signature using the hash of the software application, wherein the digital signature may be appended to the software application; and
the mobile device verifies the authenticity of the digital signature in order to control access to the sensitive API by the software application. - View Dependent Claims (46, 47, 48)
-
-
49. A method of restricting access to application programming interfaces on a mobile device, comprising the steps of:
-
loading a software application on the mobile device that requires access to one or more application programming interface (API);
determining whether or not the software application includes an authentic digital signature associated with the mobile device; and
if the software application does not include an authentic digital signature associated with the mobile device, then denying the software application access to the one or more APIs. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56)
-
Specification