SECURITY APPARATUS SESSION SHARING

US 20150339473A1
Filed: 05/23/2014
Published: 11/26/2015
Est. Priority Date: 05/23/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

establishing, by a first application executing on an electronic device, a session with a security apparatus of the electronic device;

receiving, by the first application, a token enabling the first application to utilize the security apparatus; and

providing, by the first application, the token to a second application executing on the electronic device, wherein the token enables the second application to utilize the security apparatus.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An electronic device includes multiple applications that can access a smart card or other security apparatus. A first application that is to use the security apparatus prompts a user for a security string such as a PIN or password. Upon receipt of the PIN or password, the first application unlocks the security apparatus for use. Additionally, the first application receives a token from a security service that interfaces with the security apparatus. The token can be shared by the first application with other applications. For example, the first application can share the token with other trusted applications. The other applications that receive the token can refrain from issuing a prompt for a security string and receiving a response from the user. The token can be used instead of the security string to obtain access to the security apparatus.

28 Citations

20 Claims

1. A method comprising:
- establishing, by a first application executing on an electronic device, a session with a security apparatus of the electronic device;
  
  receiving, by the first application, a token enabling the first application to utilize the security apparatus; and
  
  providing, by the first application, the token to a second application executing on the electronic device, wherein the token enables the second application to utilize the security apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first application and the second application are associated with an operating system domain of the electronic device.
  - 3. The method of claim 1, further comprising:
    - issuing, by the second application, a request for a security operation to be performed on the security apparatus, the request including the token.
  - 4. The method of claim 1, further comprising:
    - receiving a request to close the session; and
      
      invalidating the token in response to closing the session.
  - 5. The method of claim 1, further comprising:
    - receiving, by the first application, a security string; and
      
      providing the security string to the security apparatus.
  - 6. The method of claim 5, wherein the second application refrains from providing the security string to the security apparatus.
  - 7. The method of claim 5, further comprising:
    - generating the token by a security service executing on the electronic device, wherein the token is generated in response to the security apparatus validating the security string.

8. A machine readable storage medium having stored thereon executable instructions for causing one or more processors to perform operations comprising:
- establishing, by a first application executing on an electronic device, a session with a security apparatus of the electronic device;
  
  receiving, by the first application, a token enabling the first application to utilize security apparatus; and
  
  providing, by the first application, the token to a second application executing on the electronic device, wherein the token enables the second application to utilize the security apparatus.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The machine readable storage medium of claim 8, wherein the first application and the second application are associated with an operating system domain of the electronic device.
  - 10. The machine readable storage medium of claim 8, wherein the operations further comprise:
    - issuing, by the second application, a request for a security operation to be performed on the security apparatus, the request including the token.
  - 11. The machine readable storage medium of claim 10, wherein the operations further comprise receiving a response to the security operation from the security apparatus in response to validating the token.
  - 12. The machine readable storage medium of claim 8, wherein the operations further comprise:
    - receiving a request to close the session; and
      
      invalidating the token in response to closing the session.
  - 13. The machine readable storage medium of claim 8, wherein the operations further comprise:
    - receiving, by the first application, a security string; and
      
      providing the security string to the security apparatus.
  - 14. The machine readable storage medium of claim 13, wherein the operations further comprise:
    - generating the token by a security service executing on the electronic device, wherein the token is generated in response to the security apparatus validating the security string.

15. An apparatus comprising:
- one or more processors; and
  
  a machine readable storage medium communicably coupled to the one or more processors, the machine readable storage medium configured to store instructions, that when executed by the one or more processors cause the apparatus to;
  
  establish, by a first application, a session with a security apparatus;
  
  receive, by the first application, a token enabling the first application to utilize the security apparatus; and
  
  provide, by the first application, the token to a second application, wherein the token enables the second application to utilize the security apparatus.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the first application and the second application are associated with an operating system domain of the apparatus.
  - 17. The apparatus of claim 16, wherein the first application comprises a domain manager for the operating system domain.
  - 18. The apparatus of claim 15, wherein the session is shared by the first application and the second application.
  - 19. The apparatus of claim 15, wherein the instructions further cause the apparatus to:
    - receive, by the first application, a security string; and
      
      receive, by the first application, the token from a security service, wherein the token is generated by the security service in response to the security apparatus validating the security string.
  - 20. The apparatus of claim 19, wherein the security string comprises a Personal Identification Number (PIN).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Sherkin, Alexander

Granted Patent

US 9,760,704 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/44 Program or device authentic...

SECURITY APPARATUS SESSION SHARING

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURITY APPARATUS SESSION SHARING

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links