CODE SIGNING SYSTEM AND METHOD

US 20120179917A1
Filed: 03/06/2012
Published: 07/12/2012
Est. Priority Date: 09/21/2000
Status: Active Grant

First Claim

Patent Images

1. A method of controlling access to a plurality of sensitive application programming interfaces (APIs) on a device by an application signed with a private key, the method comprising:

verifying, by a processor of the device, a digital signature of the application using a public key;

after verifying the digital signature of the application using the public key, allowing the application to access a first sensitive API, the first sensitive API being associated with the public key; and

restricting the application from accessing a second sensitive API, the second sensitive API not being associated with the public key.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.

21 Citations

View as Search Results

30 Claims

1. A method of controlling access to a plurality of sensitive application programming interfaces (APIs) on a device by an application signed with a private key, the method comprising:
- verifying, by a processor of the device, a digital signature of the application using a public key;
  
  after verifying the digital signature of the application using the public key, allowing the application to access a first sensitive API, the first sensitive API being associated with the public key; and
  
  restricting the application from accessing a second sensitive API, the second sensitive API not being associated with the public key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The method of claim 1, wherein the second sensitive API is associated with a second public key different from the public key associated with the first sensitive API.
  - 3. The method of claim 1 wherein the device comprises a mobile device.
  - 4. The method of claim 1 wherein the public key is associated with an entity that classified the first sensitive API as sensitive.
  - 5. The method of claim 1 wherein the public key is associated with an author of the first sensitive API.
  - 6. The method of claim 1 wherein the public key is associated with a manufacturer of the device.
  - 7. The method of claim 1 wherein the first sensitive API is classified as sensitive by a manufacturer of the device.
  - 8. The method of claim 1 wherein the first sensitive API is classified as sensitive by an author of the first sensitive API.
  - 9. The method of claim 1 wherein the first sensitive API includes a user interface API.
  - 10. The method of claim 1 wherein the first sensitive API interfaces with an input/output (I/O) controller.
  - 11. The method of claim 1 wherein the first sensitive API includes a radio API.
  - 12. The method of claim 1 wherein the first sensitive API interfaces with one or more wireless communication functions.
  - 13. The method of claim 1 wherein the first sensitive API interfaces with address book data.
  - 14. The method of claim 1 wherein the first sensitive API interfaces with calendar data.
  - 15. The method of claim 1 wherein the public key is stored on the device.
  - 16. The method of claim 1 wherein the public key is obtained from a public key repository.
  - 17. The method of claim 1 wherein the first sensitive API is included in an API library.
  - 18. The method of claim 1 wherein the verifying includes:
    - generating a hash of the application;
      
      applying the public key to the digital signature to obtain an output; and
      
      determining that the hash and the output are equivalent.
  - 19. The method of claim 1 wherein the verifying includes:
    - generating an abridged version of the application;
      
      applying the public key to the digital signature to obtain an output; and
      
      determining that the abridged version and the output are equivalent.
  - 20. The method of claim 1 wherein the verifying includes:
    - generating a transformed version of the application;
      
      applying the public key to the digital signature to obtain an output; and
      
      determining that the transformed version and the output are equivalent.
  - 21. The method of claim 1 further comprising:
    - receiving user input regarding whether to grant the application access to at least one of the sensitive APIs.
  - 22. The method of claim 1 further comprising:
    - verifying a second digital signature of a second application using a second public key; and
      
      after verifying the second digital signature of the second application using the public key, allowing the second application to access the second sensitive API, the second sensitive API being associated with the second public key.
  - 23. The method of claim 1 further comprising:
    - failing to verify a second digital signature of a second application using the public key; and
      
      purging the second application.
  - 24. The method of claim 1 wherein the device further includes a non-sensitive API, the method further comprising:
    - allowing the application to access the non-sensitive API.
  - 25. The method of claim 1 wherein the device further includes a non-sensitive API, the method further comprising:
    - allowing an unsigned application to access the non-sensitive API.
  - 26. The method of claim 1 further comprising:
    - restricting an unsigned application from accessing the first sensitive API and the second sensitive API.
  - 27. The method of claim 26 further comprising:
    - executing the unsigned application on the device.
  - 28. The method of claim 1 further comprising:
    - determining that a second application is unsigned; and
      
      purging the second application from the device.
  - 29. The method of claim 1 further comprising:
    - on a second device, verifying a second digital signature of a duplicate of the application using a duplicate of the public key; and
      
      allowing the duplicate application to access a duplicate of the first sensitive API on the second device, the duplicate of the first sensitive API being associated with the duplicate of the public key.

30. A device capable of controlling access to a plurality of sensitive application programming interfaces (APIs) on the device by an application signed with a private key, the device comprising:
- a processor capable of executing machine readable instructions for;
  
  verifying a digital signature of the application using a public key;
  
  after verifying the digital signature of the application using the public key, allowing the application to access a first sensitive API, the first sensitive API being associated with the public key; and
  
  restricting the application from accessing a second sensitive API, the second sensitive API not being associated with the public key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
YACH, David P., BROWN, Michael S., LITTLE, Herbert A.

Granted Patent

US 9,633,178 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/51   at application loading time...

G06F 21/629   to features or functions of...

H04L 63/067   using one-time keys cryptog...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/1483   service impersonation, e.g....

H04L 9/321   involving a third party or ...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 4/60   Subscription-based services...

CODE SIGNING SYSTEM AND METHOD

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

CODE SIGNING SYSTEM AND METHOD

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links