PROVIDING SECURE INTER-APPLICATION COMMUNICATION FOR A MOBILE OPERATING ENVIRONMENT

US 20080215883A1
Filed: 11/29/2007
Published: 09/04/2008
Est. Priority Date: 12/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method for providing transmission of data between applications in a mobile operating environment, comprising:

initiating a handshake with a mobile application that includes a unique identifier of a primary mobile application and a random number generated for the handshake;

receiving and verifying a response to the handshake, the response includes at least a second number;

sending a data event to the mobile application that includes the second number or a version of the second number, if the response to the handshake is verified; and

freezing execution of the primary application until a data event response from the mobile application is received, the data event response includes at least the second number or the version of the second number.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Providing for secure and efficient communication for mobile applications executed in a mobile operating environment is described herein. As an example, a primary mobile application can initiate a handshake that includes a unique identifier of the primary application and a random number for signing and/or certifying responsive requests. A recipient application can reference the unique identifier with a list of certified primary applications to verify the primary application. If verified, the recipient responds with the random number and a second random number that can sign and/or certify data requests sent by the primary application. According to some embodiments, random numbers can be hashed and/or truncated to provide low power encryption for such numbers. Further, round-trip policies can be enforced to provide reliable transmission of data. Accordingly, reliable, secure and low power synchronous communication can be conducted in a mobile environment.

145 Citations

50 Claims

1. A method for providing transmission of data between applications in a mobile operating environment, comprising:
- initiating a handshake with a mobile application that includes a unique identifier of a primary mobile application and a random number generated for the handshake;
  
  receiving and verifying a response to the handshake, the response includes at least a second number;
  
  sending a data event to the mobile application that includes the second number or a version of the second number, if the response to the handshake is verified; and
  
  freezing execution of the primary application until a data event response from the mobile application is received, the data event response includes at least the second number or the version of the second number.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising re-transmitting the data event if the data event response is not received from the mobile application.
  - 3. The method of claim 1, further comprising executing a configurable number of data event re-transmissions until the data event response is received.
  - 4. The method of claim 3, further comprising determining a packet loss frequency or likelihood in an interface between the mobile application and the primary mobile application to establish the configurable number of data event re-transmissions.
  - 5. The method of claim 3, further comprising re-initiating the handshake if the data event response is not received after the configurable number of data event re-transmissions are executed.
  - 6. The method of claim 1, further comprising re-initiating the handshake if the response to the handshake or the data event response is not received from the mobile application within a threshold period.
  - 7. The method of claim 1, further comprising at least one of:
    - employing a hash function to transform the random number or to generate the version of the second number;
      
      truncating the random number or the second number to enable transmission of larger numbers than an application interface can otherwise accommodate;
      
      incrementing the second number to generate the version of the second number;
      
      orencrypting the second number to generate the version of the second number.
  - 8. The method of claim 1, further comprising initiating a handshake termination if the first number is not verified as the random number.
  - 9. The method of claim 1, further comprising employing a single mobile device to execute and communicatively couple the mobile application and the primary mobile application.
  - 10. The method of claim 1, further comprising employing a first device to store and execute the primary mobile application and a second device, remotely located from the first device, to store and execute the mobile application, wherein the first and second devices are communicatively coupled by a wired or wireless network, or both.
  - 11. The method of claim 1, further comprising:
    - computing an anticipated response time from the time required between initiating the handshake and receiving the response to the handshake; and
      
      if the data event response is not received within the anticipated response time, at least one of;
      
      terminating communication with the mobile application until a subsequent handshake is initiated and verified;
      
      orre-transmitting the data event.

12. An apparatus for providing transmission of data between applications in a mobile operating environment, comprising:
- a secure session module configured to initiate a handshake with a recipient application, wherein the handshake includes a unique ID of a primary application and a random number;
  
  a verification module configured to receive and verify a response to the handshake, the response includes at least a second number;
  
  a communication module configured to send a data event to the recipient application that includes the second number or a version of the second number, if the response to the handshake is verified; and
  
  a transmission management module configured to freeze execution of the primary application until a data event response from the mobile application is received, the data event response includes at least the second number or the version of the second number.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The apparatus of claim 12, wherein the communication module re-transmits the data event if the data event response is not received from the recipient application.
  - 14. The apparatus of claim 12, further comprising a transmission reliability module configured to determine a packet loss likelihood or frequency between the primary application and the recipient application and to establish a number of re-transmissions for unacknowledged data events based on the determined packet loss.
  - 15. The apparatus of claim 14, wherein the secure session module re-initiates the handshake if the data event response is not received after the number of re-transmissions are executed.
  - 16. The apparatus of claim 12, wherein the secure session module re-initiates the handshake if at least one of:
    - the response to the handshake or the data event response is not received from the mobile application within a threshold period;
      
      a handshake refresh time expires;
      
      ora handshake initiation command is received from a device user interface.
  - 17. The apparatus of claim 12, further comprising a hashing module configured to at least one of:
    - hash, truncate, encrypt, or increment, or a combination thereof, the random number;
      
      orhash, truncate, encrypt or increment, or a combination thereof, the second number to generate the version of the second number.
  - 18. The apparatus of claim 12, wherein the secure session module is configured to initiate a handshake termination if at least one of:
    - the first number is not verified as the random number;
      
      a handshake response is not received to a predetermined number of handshakes;
      
      ora communication session is complete.
  - 19. The apparatus of claim 12, wherein a single mobile device executes and communicatively couples the mobile application and the primary mobile application.
  - 20. The apparatus of claim 12, wherein a first and a second remote processing device communicatively coupled via a wired or wireless network, at least one of which is a mobile device, execute the recipient application and the primary application, respectively.
  - 21. The apparatus of claim 12, further comprising a timing component configured to compute an anticipated response time between the primary and recipient applications based at least in part on a time between receiving and initiating the handshake, wherein the communication module re-transmits the data event if the data event response is not received within the anticipated response time.
  - 22. The apparatus of claim 12, further comprising a processing buffer configured to enable the primary application to receive and buffer a data event response or a handshake response without interrupting other operations of the primary application.

23. At least one processor that provides transmission of data between applications in a mobile operating environment, comprising:
- a first module that initiates a handshake with a mobile application that includes a unique identifier of a primary mobile application and a random number generated for the handshake;
  
  a second module that receives and verifies a response to the handshake, the response includes at least a second number;
  
  a third module that sends a data event to the mobile application that includes the second number or a version of the second number, if the response to the handshake is verified; and
  
  a fourth module that freezes execution of the primary mobile application until a data event response is received that includes at least the increment of the second number.

24. An apparatus that provides transmission of data between applications in a mobile operating environment, comprising:
- means for initiating a handshake with a mobile application that includes a unique identifier of a primary mobile application and a random number generated for the handshake;
  
  means for receiving and verifying a response to the handshake, the response includes at least a second number;
  
  means for sending a data event to the mobile application that includes the second number or a version of the second number, if the response to the handshake is verified; and
  
  means for freezing execution of the primary mobile application until a data event response is received that includes at least the increment of the second number.

25. A computer program product, comprising:
- a computer-readable medium containing instructions for providing data transmission security for mobile environment applications, comprising;
  
  a first set of instructions configured to cause a computer to initiate a handshake with a mobile application that includes a unique identifier of a primary mobile application and a random number generated for the handshake;
  
  a second set of instructions configured to cause a computer to receive and verify a response to the handshake, the response includes at least a second number;
  
  a third set of instructions configured to cause a computer to send a data event to the mobile application that includes the second number or a version of the second number, if the response to the handshake is verified; and
  
  a fourth set of instructions configured to cause a computer to freeze execution of the primary mobile application until a data event response is received that includes at least the second number or the version of the second number.

26. A method for providing data transmission between applications in a mobile operating environment, comprising:
- receiving a handshake request from a primary application that includes a unique ID of the primary application or a random number generated by the primary application;
  
  referencing the unique ID against a list of trusted primary application identifiers;
  
  sending a handshake response to the primary application if the unique ID matches an ID of the list of trusted primary application identifiers;
  
  receiving a data event request; and
  
  responding to the data event request prior to receiving or processing additional data event requests.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 27. The method of claim 26, further comprising including the random number or a second random number generated to identify communication originating from a recipient application, or both, within the handshake response.
  - 28. The method of claim 27, further comprising:
    - allocating a data buffer for the data event;
      
      copying data included within the data event to the data buffer;
      
      setting a process timer based at least in part on an estimated time to complete a current process; and
      
      refraining from processing the data included within the data event until expiration of the process timer.
  - 29. The method of claim 27, further comprising receiving an increment of the second random number within the data event request.
  - 30. The method of claim 27, further comprising including an increment of the second random number or an application ID of the recipient application, or both, within a response to the data event request.
  - 31. The method of claim 26, further comprising including an increment of the random number in conjunction with data responsive to the data event request within a response to the data event request.
  - 32. The method of claim 26, further comprising ignoring the data event request and subsequent data event requests until a subsequent handshake event with a trusted unique ID is received if the data event request does not include a current increment of the second random number.
  - 33. The method of claim 26, further comprising:
    - receiving a handshake re-initiation message that includes a new random number and either the unique ID or a second unique ID;
      
      storing the new random number in a temporary buffer;
      
      verifying the unique ID or the second unique ID matches an ID of the list of trusted primary application identifiers; and
      
      one of replacing the random number with the new random number if the unique ID or the second unique ID is verified or clearing the new random number from the temporary buffer if the unique ID or the second unique ID is not verified.
  - 34. The method of claim 26, further comprising:
    - sending a recipient data event request to the primary application; and
      
      delaying sending of a second recipient data event request at least until a response to the recipient data event request is received.
  - 35. The method of claim 34, further comprising receiving a response from the primary application that includes the increment of the random number or the unique ID of the primary application, or both.
  - 36. The method of claim 34, further comprising at least one of:
    - re-sending the recipient data event request a configurable number of times unless a response to the recipient data event request is received;
      
      orrefrain from sending the recipient data event request until a subsequent handshake is received that has at least a verified primary application class ID, if no response to the recipient data event request is received after a configurable number of requests are sent.

37. An apparatus that provides data transmission between applications in a mobile operating environment, comprising:
- a security module configured to receive a handshake request from a primary application that includes a unique ID of the primary application or a random number generated by the primary application;
  
  a reference module configure to verify the unique ID against a list of trusted primary application identifiers;
  
  an interface module configured to send a handshake response to the primary application if the unique ID matches an ID of the list of trusted primary application identifiers and configured to receive a data event request; and
  
  a management module configured require the interface module to respond to the data event request prior to receiving additional data event requests.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
- - 38. The apparatus of claim 37, wherein the handshake response includes the random number, or a second random number generated to identify communication responsive to a recipient application, or both.
  - 39. The apparatus of claim 38, wherein the management module is further configured to at least one of:
    - allocate a data buffer for the data event;
      
      copy data included within the data event to the data buffer;
      
      set a process timer based at least in part on an estimated time to complete a current process; and
      
      prevent a recipient application from processing the data included within the data event until expiration of the process timer.
  - 40. The apparatus of claim 38, wherein the data event request includes at least an increment of the random number.
  - 41. The apparatus of claim 38, wherein the management module permits a response to the data event request that includes an increment of the second random number or an application ID of the recipient application, or both.
  - 42. The apparatus of claim 37, wherein the management module permits the interface module to send a data event request that includes an increment of the random number in conjunction with a request for data or an instruction for execution by the primary application, or both.
  - 43. The apparatus of claim 37, wherein the management module ignores the data event request and subsequent data event requests until a subsequent handshake event with a trusted unique ID is received if the data event request does not include a current increment of the second random number.
  - 44. The apparatus of claim 37, wherein the management module is further configured to at least one of:
    - receive a handshake re-initiation message that includes a new random number and either the unique ID or a second unique ID;
      
      store the new random number in a temporary buffer;
      
      verify the unique ID or the second unique ID matches an ID of the list of trusted primary application identifiers;
      
      orone of replace the random number with the new random number if the unique ID or the second unique ID is verified or clear the new random number from the temporary buffer if the unique ID or the second unique ID is not verified.
  - 45. The apparatus of claim 37, wherein:
    - the interface module sends a recipient data event request to the primary application; and
      
      the management module delays sending of a second recipient data event request at least until a response to the recipient data event request is received by the interface.
  - 46. The apparatus of claim 45, wherein the response to the recipient data event request received by the interface module includes the increment of the random number or the unique ID of the primary application, or both.
  - 47. The apparatus of claim 46, wherein at least one of:
    - the interface module re-sends the recipient data event request a configurable number of times unless a response to the recipient data event request is received;
      
      orthe management module prevents the interface from sending the recipient data event request until a subsequent handshake is received that has at least a verified primary application class ID, if no response to the recipient data event request is received after a configurable number of requests are sent.

48. At least one processor that provides data transmission between applications in a mobile operating environment, comprising:
- a first module that receives a handshake request from a primary application that includes a unique ID of the primary application or a random number generated by the primary application;
  
  a second module that references the unique ID against a list of trusted primary application identifiers;
  
  a third module that sends a handshake response to the primary application if the unique ID matches an ID of the list of trusted primary application identifiers;
  
  a fourth module that receives a data event request; and
  
  a fifth module that responds to the data event request prior to receiving additional data event requests.

49. An apparatus that provides data transmission between applications in a mobile operating environment, comprising:
- means for receiving a handshake request from a primary application that includes a unique ID of the primary application or a random number generated by the primary application;
  
  means for referencing the unique ID against a list of trusted primary application identifiers;
  
  means for sending a handshake response to the primary application if the unique ID matches an ID of the list of trusted primary application identifiers;
  
  means for receiving a data event request; and
  
  means for delaying receipt of additional data event requests until a response to the data event request is initiated.

50. A computer program product, comprising:
- a computer-readable medium containing instructions for providing data transmission between applications in a mobile operating environment, comprising;
  
  a first set of instructions configured to cause a computer to receive a handshake request from a primary application that includes a unique ID of the primary application or a random number generated by the primary application;
  
  a second set of instructions configured to cause a computer to reference the unique ID against a list of trusted primary application identifiers;
  
  a third set of instructions configured to cause a computer to send a handshake response to the primary application if the unique ID matches an ID of the list of trusted primary application identifiers;
  
  a fourth set of instructions configured to cause a computer to receive a data event request; and
  
  a fifth set of instructions configured to cause a computer to respond to the data event request prior to receiving additional data event requests.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Yip, Eric Chi Chung, Fok, Kenny, Hwang, Jihyun, Lushin (Misha), Mikhail A.

Granted Patent

US 8,225,093 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/167
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/168   above the transport layer

H04W 12/06   Authentication

Y02D 30/70   in wireless communication n...

PROVIDING SECURE INTER-APPLICATION COMMUNICATION FOR A MOBILE OPERATING ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

145 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

PROVIDING SECURE INTER-APPLICATION COMMUNICATION FOR A MOBILE OPERATING ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

145 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links