Method, electronic device, computer program product of determining a protection domain
First Claim
1. A method of assigning a signed application to a protection domain in an electronic device, the method comprising:
- storing on a memory of an electronic device at least one root certificate;
receiving a signed application with the electronic device;
authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;
determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
assigning the signed application to a respective protection domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A java implementation on an electronic device determines into which protection domain a downloaded java application belongs based on a root certificate to which the application was authenticated. The MIDP 2.0 specification says that manufacturer and trusted third party domain root certificates can exist on the device. If they both exist in the device there is no way presented in the specification how to distinguish them. So once the authentication is successful, the java implementation does not know into which domain the application belongs, because it does not know which root certificate is meant for the manufacturer domain and which root certificate is meant for the trusted third party domain. The invention discloses a solution in which at least one root certificate file attribute is used to determine whether the certificate is a manufacturer or trusted third party domain certificate. If the root certificate is read-only, the java application is assigned to the manufacturer domain.
15 Citations
16 Claims
-
1. A method of assigning a signed application to a protection domain in an electronic device, the method comprising:
-
storing on a memory of an electronic device at least one root certificate;
receiving a signed application with the electronic device;
authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;
determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
assigning the signed application to a respective protection domain. - View Dependent Claims (2, 3, 4)
-
-
5. A computer program product of assigning a signed application to a protection domain in an electronic device, comprising code stored on at least one data-processing device readable medium, the code adapted to perform the following steps when executed on a data-processing device:
-
storing on a memory of an electronic device at least one root certificate;
receiving a signed application with the electronic device;
authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;
determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
assigning the signed application to a respective protection domain. - View Dependent Claims (6, 7, 8)
-
-
9. An electronic device of assigning a signed application to a protection domain, wherein the electronic device comprises:
-
a memory configured to store at least one root certificate;
receiving means configured to receive a signed application with the electronic device;
authenticating means configured to authenticate the signed application to a root certificate stored on the memory by verifying a signer certificate and an application signature;
determining means configured to determine based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
assigning means configured to assign the signed application to a respective protection domain. - View Dependent Claims (10, 11)
-
-
12. An electronic device of assigning a signed application to a protection domain, wherein the electronic device comprises:
-
a memory configured to store at least one root certificate;
a receiver configured to receive a signed application with the electronic device;
a central processing unit configured to authenticate the signed application to a root certificate stored on the memory by verifying a signer certificate and an application signature, to determine based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate, and to assign the signed application to a respective protection domain. - View Dependent Claims (13, 14, 15, 16)
-
Specification