ACCESS TO SOFTWARE APPLICATIONS

US 20170310480A1
Filed: 09/23/2015
Published: 10/26/2017
Est. Priority Date: 09/26/2014
Status: Active Grant

First Claim

Patent Images

1. A computing device comprising one or more data stores and one or more processors, the one or more data stores being configured to store:

an operating system of the computing device; and

a set of executable code comprising first, second and third subsets of data, the first subset of data comprising first encrypted data and the second subset of data comprising second encrypted data, the first encrypted data being different from the second encrypted data, wherein, responsive to receipt of first authentication data for authenticating a first user, the computing device is arranged to decrypt said first encrypted data to generate first decrypted data, and to configure the third subset of data based on the first decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the first user; and

responsive to receipt of second authentication data for authenticating a second user, the second authentication data being different from the first authentication data, the computing device is arranged to decrypt said second encrypted data to generate second decrypted data, and to configure the third subset of data based on the second decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the second user.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computing device stores a set of executable code comprising first, second and third subsets of data. The first and second subsets of data comprise first and second encrypted data, respectively. Responsive to receipt of first authentication data for authenticating a respective user, the computing device is arranged to decrypt one of the first and second encrypted data to generate decrypted data, and to configure the third subset of data based on the decrypted data. The third subset of data, having been so configured, is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the respective user. Thus an application-level log in is provided.

Citations

24 Claims

1. A computing device comprising one or more data stores and one or more processors, the one or more data stores being configured to store:
- an operating system of the computing device; and
  
  a set of executable code comprising first, second and third subsets of data, the first subset of data comprising first encrypted data and the second subset of data comprising second encrypted data, the first encrypted data being different from the second encrypted data, wherein, responsive to receipt of first authentication data for authenticating a first user, the computing device is arranged to decrypt said first encrypted data to generate first decrypted data, and to configure the third subset of data based on the first decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the first user; and
  
  responsive to receipt of second authentication data for authenticating a second user, the second authentication data being different from the first authentication data, the computing device is arranged to decrypt said second encrypted data to generate second decrypted data, and to configure the third subset of data based on the second decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the second user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. A computing device according to claim 1, wherein the first set of encrypted data is associated with a first user identifier and the second set of encrypted data is associated with a second user identifier, different from the first user identifier.
  - 3. A computing device according to claim 1, wherein the first set of encrypted data is associated with a first user identifier and the second set of encrypted data is associated with a second user identifier, wherein the first user identifier is the same as the second user identifier.
  - 4. A computing device according to claim 1, wherein each of the first and second subsets of data comprises policy data indicative of a policy relating to a respective user identifier.
  - 5. A computing device according to claim 4, wherein the third subset of data comprises executable code for executing a software application and the policy data includes data indicative of an entitlement of a user to access the software application.
  - 6. A computing device according to claim 1, wherein each of the first and second subset of data includes communications keys for communicating with a remote server and/or data for logging in to a remote server.
  - 7. A computing device according to claim 1, wherein:
    - the one or more data stores includes data indicating an association between a first user identifier associated with the first user and the first subset of data;
      
      the firstauthentication information includes the first user identifier; and
      
      the computingdevice is arranged to identify the first subset of data on the basis of the first user identifier.
  - 8. A computing device according to claim 1, wherein at least one of the first authentication information and second authentication information comprises a password received from a user via a user interface.
  - 9. A computing device according to claim 1, wherein the one or more data stores is configured to store a first key encrypted on the basis of the first authentication information, the first subset of data being encrypted based on the first key, and wherein the computing device is configured, responsive to receipt of the first authentication data, to decrypt the first key and use the decrypted first key to decrypt the first encrypted data.
  - 10. A computing device according to claim 1, wherein the third subset of data comprises executable code for executing one or more software applications, and the computing device is arranged to generate a further subset of data, the further subset of data comprising further encrypted data, different from the first and second encrypted data, and wherein, responsive to receipt of further authentication data for authenticating a further user, the computing device is arranged to decrypt said further encrypted data, and to configure the further subset of data based on the further decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the further user.
  - 11. A computing device according to claim 1, wherein the first and second decrypted data each comprises application data relating to content and/or settings data associated with the first and second user identifiers, respectively.
  - 12. A computing device according to claim 11, wherein the application data comprises data indicative of a location of the content and/or settings data in a file system of the computing device.
  - 13. A computing device according to claim 11, wherein the first and second subsets of data each comprise a first part and a second part, wherein the first part includes a second key, and the second part includes the application data encrypted on the basis of the second key.
  - 14. A computing device according to claim 11, wherein, subsequent to performing said one or more tasks on behalf of the first user, the computing device is arranged to store the user data generated in relation to the performance of the one or more tasks on behalf of the first user, in response to receiving a request to authenticate the second user.
  - 15. A computing device according to claim 14, comprising retrieving the stored user data in response to a further receipt of the first authentication data.
  - 16. A computing device according to claim 1, wherein the set of executable code comprises at least one of an Android application package (APK) file and an iOS App Store Package (IPA) file.
  - 17. A computing device according to claim 1, wherein the one or more data stores is arranged to store:
    - a first plurality of subsets of encrypted data including the first subset of data;
      
      a first plurality of encryption keys stored in encrypted form, wherein each of the first plurality of subsets of encrypted data can be decrypted using a respective one of the first plurality of encryption keys;
      
      a second plurality of subsets of encrypted data, the second plurality of subsets of encrypted data including the second subset of data; and
      
      a second plurality of encryption keys stored in encrypted form, wherein each of the second plurality of subsets of encrypted data can be decrypted using a respective one of the second plurality of encryption keys,wherein responsive to receipt of the first authentication data, the computing device is arranged to;
      
      decrypt the first plurality of encryption keys;
      
      use the decrypted first plurality of encryption keys to decrypt each of the first plurality of subsets of encrypted data; and
      
      configure the third subset of data in a first configuration, based on the decrypted first plurality of subsets of data, so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the first user,wherein responsive to receipt of the second authentication data, the computing device is arranged to;
      
      decrypt the second plurality of encryption keys;
      
      use the decrypted second plurality of encryption keys to decrypt each of the second plurality of subsets of encrypted data; and
      
      configure the third subset of data in a second configuration, based on the decrypted second plurality of subsets of data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the second user.
  - 18. A computing device according to claim 16, wherein the one or more data stores is arranged to store a first further encryption key in encrypted form and a second further key in encrypted form, wherein, responsive to receipt of the first authentication data, the computing device is arranged to:
    - use the first authentication data to decrypt the first further encryption key; and
      
      use the decrypted first further encryption key to decrypt the first plurality of encryption keys,wherein, responsive to receipt of the second authentication data, the computing device is arranged to;
      
      use the second authentication data to decrypt the second further encryption key; and
      
      use the decrypted second further encryption key to decrypt the second plurality of encryption keys.
  - 19. A computing device according to claim 17, wherein the first plurality of subsets of encrypted data comprises at least one shared subset of encrypted data, the at least one shared subset of encrypted data being included in the second subset of encrypted data, wherein the shared subset of encrypted data can be decrypted using a common encryption key, each of the first and second plurality of encryption keys including the common encryption key.
  - 20. A computing device according to claim 18, arranged to:
    - encrypt, using the common key, an instruction to perform a service, the instruction being generated by the third subset of data configured according to the first configuration;
      
      store the encrypted instruction as data of the shared subset of encrypted data;
      
      decrypt the instruction using the common key when the third subset of data is configured according to the second configuration;
      
      perform a process to obtain result data resulting from the performance of the service using the third subset of data configured according to the second configuration;
      
      encrypt the result data using the common key;
      
      store the encrypted result data as data of the shared subset of encrypted data; and
      
      decrypt the encrypted result data using the common key when the third subset of data is configured according to the first configuration.
  - 21. A computing device according to claim 17, wherein the service is a service to be performed by a server remote from the computing device, and the process comprises sending the instruction to the server and receiving the result data from the server.
  - 22. A computing device according to claim 20, arranged to:
    - send, prior to generating said instruction, a request to the server to perform the service; and
      
      receive, from the server, authentication data associated with the request, wherein the instruction to perform the service includes said authentication data.

23. A non-transitory computer-readable storage medium comprising computer-executable instructions which, when executed by a processor, cause a computing device to perform a method of authenticating a user, the computing device comprising one or more data stores configured to store an operating system of the computing device, and the method comprising:
- storing, in the one or more data stores, a set of executable code comprising first, second and third subsets of data, the first subset of data comprising first encrypted data and the second subset of data comprising second encrypted data, the first encrypted data being different from the second encrypted data;
  
  responsive to receipt of first authentication data for authenticating a first user, decrypting said first encrypted data to generate first decrypted data, and to configure the third subset of data based on the first decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the first user; and
  
  responsive to receipt of second authentication data for authenticating a second user, the second authentication data being different from the first authentication data, decrypting said second encrypted data to generate second decrypted data, and to configure the third subset of data based on the second decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the second user.

24. A method of authenticating a user at a computing device, the computing device comprising one or more data stores configured to store an operating system of the computing device, and the method comprising:
- storing, in the one or more data stores, a set of executable code comprising first, second and third subsets of data, the first subset of data comprising first encrypted data and the second subset of data comprising second encrypted data, the first encrypted data being different from the second encrypted data;
  
  responsive to receipt of first authentication data for authenticating a first user, decrypting said first encrypted data to generate first decrypted data, and to configure the third subset of data based on the first decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the first user; and
  
  responsive to receipt of second authentication data for authenticating a second user, the second authentication data being different from the first authentication data, decrypting said second encrypted data to generate second decrypted data, and to configure the third subset of data based on the second decrypted data so that the third subset of data is executable by the one or more processors using the operating system to perform one or more tasks on behalf of the second user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Good Technology Holdings Limited (Blackberry Limited)
Inventors
SOMANI, Haniff, HAWKINS, Siavash James Joorabchian

Granted Patent

US 10,756,899 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

G06F 21/6245   Protecting personal data, e...

G06F 2221/2107   File encryption

H04L 9/14   using a plurality of keys o...

H04L 9/3226   using a predetermined code,...

H04W 12/06   Authentication

H04W 12/069   using certificates or pre-s...

H04W 12/08   Access security

H04W 12/084   using delegated authorisati...

ACCESS TO SOFTWARE APPLICATIONS

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

ACCESS TO SOFTWARE APPLICATIONS

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links