Method, electronic device, computer program product of determining a protection domain

US 20050198496A1
Filed: 03/04/2004
Published: 09/08/2005
Est. Priority Date: 03/04/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of assigning a signed application to a protection domain in an electronic device, the method comprising:

storing on a memory of an electronic device at least one root certificate;

receiving a signed application with the electronic device;

authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;

determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and

assigning the signed application to a respective protection domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A java implementation on an electronic device determines into which protection domain a downloaded java application belongs based on a root certificate to which the application was authenticated. The MIDP 2.0 specification says that manufacturer and trusted third party domain root certificates can exist on the device. If they both exist in the device there is no way presented in the specification how to distinguish them. So once the authentication is successful, the java implementation does not know into which domain the application belongs, because it does not know which root certificate is meant for the manufacturer domain and which root certificate is meant for the trusted third party domain. The invention discloses a solution in which at least one root certificate file attribute is used to determine whether the certificate is a manufacturer or trusted third party domain certificate. If the root certificate is read-only, the java application is assigned to the manufacturer domain.

15 Citations

View as Search Results

16 Claims

1. A method of assigning a signed application to a protection domain in an electronic device, the method comprising:
- storing on a memory of an electronic device at least one root certificate;
  
  receiving a signed application with the electronic device;
  
  authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;
  
  determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
  
  assigning the signed application to a respective protection domain.
- View Dependent Claims (2, 3, 4)
- - 2. The method according to claim 1, further comprising:
    - determining whether the root certificate is a read-only certificate based on the at least one file attribute of the root certificate; and
      
      if it is read-only, assigning the signed application to a manufacturer domain.
  - 3. The method according to claim 1, further comprising:
    - determining whether the root certificate can be deleted based on the at least one file attribute of the root certificate; and
      
      if it can be deleted, assigning the signed application to a trusted third party domain.
  - 4. The method according to claim 1, wherein the root certificate is based on X.509 Public Key Infrastructure.

5. A computer program product of assigning a signed application to a protection domain in an electronic device, comprising code stored on at least one data-processing device readable medium, the code adapted to perform the following steps when executed on a data-processing device:
- storing on a memory of an electronic device at least one root certificate;
  
  receiving a signed application with the electronic device;
  
  authenticating the signed application to a root certificate stored on the electronic device by verifying a signer certificate and an application signature;
  
  determining based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
  
  assigning the signed application to a respective protection domain.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product according to claim 5, further comprising code stored on at least one data-processing device readable medium, the code adapted to perform the following steps when executed on the data-processing device:
    - determining whether the root certificate is a read-only certificate based on the at least one file attribute of the root certificate; and
      
      if it is read-only, assigning the signed application to a manufacturer domain.
  - 7. The computer program product according to claim 5, further comprising code stored on at least one data-processing device readable medium, the code adapted to perform the following steps when executed on the data-processing device:
    - determining whether the root certificate can be deleted based on the at least one file attribute of the root certificate; and
      
      if it can be deleted, assigning the signed application to a trusted third party domain.
  - 8. The computer program product according to claim 5, wherein the root certificate is based on X.509 Public Key Infrastructure.

9. An electronic device of assigning a signed application to a protection domain, wherein the electronic device comprises:
- a memory configured to store at least one root certificate;
  
  receiving means configured to receive a signed application with the electronic device;
  
  authenticating means configured to authenticate the signed application to a root certificate stored on the memory by verifying a signer certificate and an application signature;
  
  determining means configured to determine based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate; and
  
  assigning means configured to assign the signed application to a respective protection domain.
- View Dependent Claims (10, 11)
- - 10. The electronic device according to claim 9, wherein:
    - the determining means are configured to determined whether the root certificate is a read-only certificate based on the at least one file attribute of the root certificate; and
      
      if it is read-only, the assigning means are configured to assign the signed application to a manufacturer domain.
  - 11. The electronic device according to claim 9, wherein:
    - the determining means are configured to determine whether the root certificate can be deleted based on the at least one file attribute of the root certificate; and
      
      if it can be deleted, the assigning means are configured to assign the signed application to a trusted third party domain.

12. An electronic device of assigning a signed application to a protection domain, wherein the electronic device comprises:
- a memory configured to store at least one root certificate;
  
  a receiver configured to receive a signed application with the electronic device;
  
  a central processing unit configured to authenticate the signed application to a root certificate stored on the memory by verifying a signer certificate and an application signature, to determine based on at least one file attribute of the root certificate whether the root certificate is a manufacturer domain certificate or a trusted third party domain certificate, and to assign the signed application to a respective protection domain.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The electronic device according to claim 12, wherein:
    - the central processing unit is configured to determined whether the root certificate is a read-only certificate based on the at least one file attribute of the root certificate; and
      
      if it is read-only, the central processing unit is configured to assign the signed application to a manufacturer domain.
  - 14. The electronic device according to claim 12, wherein:
    - the central processing unit is configured to determine whether the root certificate can be deleted based on the at least one file attribute of the root certificate; and
      
      if it can be deleted, the central processing unit is configured to assign the signed application to a trusted third party domain.
  - 15. The electronic device according to claim 12, wherein the root certificate is based on X.509 Public Key Infrastructure.
  - 16. The electronic device according to claim 12, wherein the electronic device comprises at least one of a mobile phone, a personal digital assistant and a computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nokia Corporation
Original Assignee
Nokia Corporation
Inventors
Vaidyanathan, Krishnan

Application Number

US10/795,210
Publication Number

US 20050198496A1
Time in Patent Office

Days
Field of Search
US Class Current

713/157
CPC Class Codes

H04L 9/006 involving public key infras...

H04L 9/3263 involving certificates, e.g...

Method, electronic device, computer program product of determining a protection domain

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Method, electronic device, computer program product of determining a protection domain

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others