VERIFICATION OF UN-TRUSTED CODE FOR CONSUMPTION ON AN INSECURE DEVICE

US 20100011446A1
Filed: 07/11/2008
Published: 01/14/2010
Est. Priority Date: 07/11/2008
Status: Active Grant

First Claim

Patent Images

1. A computer readable storage medium including computer executable instructions for securing a computing device, the computer readable storage medium comprising:

instructions for granting, to a managed library, access to native resources of an operating system in response to validating a digital certificate associated with the managed library; and

instructions for denying, to a managed application, access to native resources of the operating system, wherein the managed application includes a digital certificate authorizing the managed application to access a specific native resource of the operating system through the managed library.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a code verification service that detects malformed data in an automated process and rejects submission and distribution if any malicious code is found. Once the submission is verified it may be packaged in container. The container may then be deployed to a mobile device, and the public key may be used to verify that the container authentic. The device can load trusted managed libraries needed to execute the application and a manager can ensure that only trusted libraries access native resources of the device.

80 Citations

View as Search Results

20 Claims

1. A computer readable storage medium including computer executable instructions for securing a computing device, the computer readable storage medium comprising:
- instructions for granting, to a managed library, access to native resources of an operating system in response to validating a digital certificate associated with the managed library; and
  
  instructions for denying, to a managed application, access to native resources of the operating system, wherein the managed application includes a digital certificate authorizing the managed application to access a specific native resource of the operating system through the managed library.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer readable storage medium of claim 1, wherein the managed library comprises instructions generated by a trusted developer.
  - 3. The computer readable storage medium of claim 1, further comprising:
    - instructions for verifying a digital signature associated with a container that includes the managed application; and
      
      instructions for loading the managed application.
  - 4. The computer readable storage medium of claim 1, wherein the native functions of the operating system are accessed through instructions for a runtime host, further wherein the instructions for the runtime host are effectuated by native instructions.
  - 5. The computer readable storage medium of claim 1, further comprising:
    - instructions for verifying a digital signature associated with the managed library; and
      
      instructions for loading the managed library.
  - 6. The computer readable storage medium of claim 1, wherein the managed application includes instructions verified by a remote device, further wherein the verified instructions are type safe.

7. A method for protecting a closed computing device from executing un-trusted instructions, the method comprising:
- receiving, by a manager, a request from a managed application to access a native system resource through a managed library;
  
  authorizing, by the manager, the request to access the native system resource through the managed library, wherein the manager includes information that identifies managed libraries that the managed application is authorized to access, further wherein the manager is effectuated by native instructions;
  
  authorizing, by the manager, the request to access the native system resource by the managed library, wherein information that identifies that the managed library is authorized to access the native system resource was obtained from a digital certificate associated with the managed library;
  
  sending, by the managed library, a request to access the native system resource to a runtime host, wherein the runtime host is effectuated by native instructions; and
  
  accessing, by the runtime host, the native system resource.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 8. The method of claim 7, wherein the native system resource is accessed from a platform invoke.
  - 9. The method of claim 7, further comprising:
    - executing a title player, wherein the title player is effectuated by native instructions.
  - 10. The method of claim 7, further comprising:
    - determining, by the manager, that the managed application is permitted to access a premium native system resource, wherein information that identifies that the managed application is permitted to access the premium native system resource was obtained from a premium certificate associated with the managed application.
  - 11. The method of claim 7, wherein the managed application is stored in a container that includes a digital signature.
  - 12. The method of claim 9, further comprising:
    - validating, by the title player, a digital signature associated with the runtime host; and
      
      executing the runtime host.
  - 13. The method of claim 9, further comprising:
    - validating, by the title player, a digital signature associated with the manager; and
      
      executing the manager.
  - 14. The method of claim 9, further comprising:
    - loading, by the title player, the managed application;
      
      determining, by the title player, that the managed application is un-trusted; and
      
      denying, by the manager, the managed application access to native system resources.
  - 15. The method of claim 10, further comprising:
    - transmitting the container to a remote mobile device.
  - 16. The method of claim 10, wherein the managed application includes instructions verified by a service provider, further wherein the verified instructions are type safe instructions.

17. A computer system for publishing videogames configured to execute on a mobile device, the system comprising:
- circuitry for receiving a package from a networked computer system;
  
  circuitry for identifying an executable in the package;
  
  circuitry for verifying managed metadata associated with the executable, wherein the managed metadata describes the structure of executable, further wherein verifying the managed metadata includes inspecting the managed metadata at runtime to determine that the executable includes type safe code; and
  
  circuitry for storing the verified executable in a digitally signed container.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, further comprising:
    - circuitry for transmitting the digitally signed container to a mobile device.
  - 19. The system of claim 17, further comprising:
    - circuitry for determining that the executable in the file includes managed dependencies.
  - 20. The system of claim 17, further comprising:
    - circuitry for validating header fields of the executable.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Klucher, Michael, Brown, Joerg Raymound, Unoki, Robert S., Bleisch, Paul L.

Granted Patent

US 8,196,213 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/27
CPC Class Codes

G06F 21/1064   Restricting content process...

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 21/575   Secure boot

VERIFICATION OF UN-TRUSTED CODE FOR CONSUMPTION ON AN INSECURE DEVICE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

VERIFICATION OF UN-TRUSTED CODE FOR CONSUMPTION ON AN INSECURE DEVICE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others