System and method for registering entities for code signing services

US 7,797,545 B2
Filed: 09/29/2005
Issued: 09/14/2010
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of registering entities for code signing services, the method performed at a first computing device, the method comprising:

creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive;

deploying each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key;

registering at least one entity for code signing services;

receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface;

digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and

transmitting said digital signature to said requestor;

wherein said registering comprises;

receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity;

authenticating the identity of the entity by validating at least a subset of said data in said registration request;

generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity;

transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel;

receiving a registration file from said entity; and

confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request;

and wherein said registering is performed prior to said receiving the code signing request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for registering entities for code signing services. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device. In one embodiment, a method of registering entities for code signing services will comprise the step of transmitting at least some account data to the registering individual or entity using an out-of-band communication system. This provides added security that the individual or entity registering for a code signing service is who that individual or entity purports to be.

63 Citations

View as Search Results

17 Claims

1. A method of registering entities for code signing services, the method performed at a first computing device, the method comprising:
- creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive;
  
  deploying each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key;
  
  registering at least one entity for code signing services;
  
  receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface;
  
  digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and
  
  transmitting said digital signature to said requestor;
  
  wherein said registering comprises;
  
  receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity;
  
  authenticating the identity of the entity by validating at least a subset of said data in said registration request;
  
  generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity;
  
  transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel;
  
  receiving a registration file from said entity; and
  
  confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request;
  
  and wherein said registering is performed prior to said receiving the code signing request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the first identifier comprises a client identifier and wherein the second identifier comprises a personal identification number.
  - 3. The method of claim 2, further comprising generating the client identifier and the personal identification number.
  - 4. The method of claim 2, wherein at least one of the client identifier and the personal identification number are generated by the entity and included in the registration request.
  - 5. The method of claim 1, wherein the data associated with the identity of the entity comprises credit card information associated with the entity, and wherein authenticating the identity of the entity comprises validating said credit card information.
  - 6. The method of claim 1, wherein the first communication channel comprises a secure socket layer connection.
  - 7. The method of claim 6, wherein the second communication channel comprises one of telephone and fax.
  - 8. The method of claim 1, wherein the registration file comprises a public key associated with the entity, and wherein the method further comprises storing the public key for future verifications in which the public key is used to verify a digital signature received from the entity.

9. A non-volatile computer-readable storage medium comprising instructions, wherein said instructions are executable on a first computing device, wherein when said instructions are executed by a processor, the processor is configured to perform a plurality of acts comprising:
- creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive;
  
  deploying each public key key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key;
  
  registering at least one entity for code signing services;
  
  receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface;
  
  digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and
  
  transmitting said digital signature to said requestor;
  
  wherein said registering comprises;
  
  receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity;
  
  authenticating the identity of the entity by validating at least a subset of said data in said registration request;
  
  generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity;
  
  transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel;
  
  receiving a registration file from said entity; and
  
  confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request;
  
  and wherein said registering is performed prior to said receiving the code signing request.

10. A system for registering entities for code signing services, comprising a client information database for storing a plurality of account records, wherein said system comprises a processor of a first computing device configured to:
- create at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive;
  
  deploy each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and to store storing each corresponding private key;
  
  register at least one entity for code signing services;
  
  receive, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface;
  
  digitally sign the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and
  
  transmit said digital signature to said requestor;
  
  wherein to register said at least one entity, said processor is configured to;
  
  receive a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity;
  
  authenticate the identity of the entity by validating at least a subset of said data in said registration request;
  
  generate an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity;
  
  transmit one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel;
  
  receive a registration file from said entity; and
  
  confirm that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request;
  
  and wherein said processor is configured to register said at least one entity prior to receiving the code signing request.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the first identifier comprises a client identifier and wherein the second identifier comprises a personal identification number.
  - 12. The system of claim 11, wherein the processor is further configured to generate the client identifier and the personal identification number.
  - 13. The system of claim 11, wherein at least one of the client identifier and the personal identification number are generated by the entity and included in the registration request.
  - 14. The system of claim 10, wherein the data associated with the identity of the entity comprises credit card information associated with the entity, and wherein the processor is configured to authenticate the identity of the entity by validating said credit card information.
  - 15. The system of claim 10, wherein the first communication channel comprises a secure socket layer connection.
  - 16. The system of claim 15, wherein the second communication channel comprises one of telephone and fax.
  - 17. The system of claim 10, wherein the registration file comprises a public key associated with the entity, and wherein the processor is further configured to store the public key for future verifications in which the public key is used to verify a digital signature received from the entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Kirkup, Michael G., Little, Herbert A., Tapuska, David F.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
ARMOUCHE, HADI S

Application Number

US11/237,727
Publication Number

US 20070074034A1
Time in Patent Office

1,811 Days
Field of Search

726 2- 7, 726 16- 21, 713/150, 713/155, 713/156, 713/168, 713/175, 713/171, 713/179, 713/180, 380/44, 380/46, 380/55, 380/56, 708/250, 702/186
US Class Current

713/179
CPC Class Codes

G06F 21/629   to features or functions of...

H04L 2209/80   Wireless network architectu...

H04L 63/166   at the transport layer

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

System and method for registering entities for code signing services

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for registering entities for code signing services

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links