Verification of un-trusted code for consumption on an insecure device
First Claim
Patent Images
1. A computer readable storage medium excluding signals including computer executable instructions for securing a computing device, the computer readable storage medium comprising:
- instructions for validating, by a title player effectuated by native instructions, a digital signature of a manager and a digital signature of a managed library;
instructions for granting, to the managed library, access to native functions of an operating system in response to validating a first digital certificate associated with the managed library; and
instructions for denying, by the manager, an attempt by a managed application to access a native function of the operating system in response to determining that a second digital certificate associated with the managed application indicates that the managed application is required to access native functions of the operating system through the managed library.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a code verification service that detects malformed data in an automated process and rejects submission and distribution if any malicious code is found. Once the submission is verified it may be packaged in container. The container may then be deployed to a mobile device, and the public key may be used to verify that the container authentic. The device can load trusted managed libraries needed to execute the application and a manager can ensure that only trusted libraries access native resources of the device.
-
Citations
19 Claims
-
1. A computer readable storage medium excluding signals including computer executable instructions for securing a computing device, the computer readable storage medium comprising:
-
instructions for validating, by a title player effectuated by native instructions, a digital signature of a manager and a digital signature of a managed library; instructions for granting, to the managed library, access to native functions of an operating system in response to validating a first digital certificate associated with the managed library; and instructions for denying, by the manager, an attempt by a managed application to access a native function of the operating system in response to determining that a second digital certificate associated with the managed application indicates that the managed application is required to access native functions of the operating system through the managed library. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for protecting a closed computing device from executing un-trusted instructions, the method comprising:
-
validating, by a title player effectuated by native instructions, a digital signature of a manager and a digital signature of a managed library; receiving, by the manager, a request from a managed application to access a native system resource through the managed library; authorizing, by the manager, the request to access the native system resource through the managed library, wherein the manager includes information that identifies managed libraries that the managed application is authorized to access, further wherein the manager is effectuated by native instructions; authorizing, by the manager, the request to access the native system resource by the managed library, wherein information that identifies that the managed library is authorized to access the native system resource was obtained from a digital certificate associated with the managed library; sending, by the managed library, a request to access the native system resource to a runtime host, wherein the runtime host is effectuated by native instructions; and accessing, by the runtime host, the native system resource. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer system for publishing videogames configured to execute on a mobile device, the system comprising:
-
a processor; and a memory coupled to the processor, the memory including instructions that upon execution cause the computer system to; validate, by a native executable that is configured to launch executables and host them within the native executable, a digital signature of a manager and a digital signature of a managed library; receive a package from a networked computer system; identify a package executable in the package; verify managed metadata associated with the package executable, wherein the managed metadata describes the structure of package executable, further wherein verifying the managed metadata includes inspecting the managed metadata at runtime to determine that the executable includes type safe code; store the verified executable in a digitally signed container; authorize, by the manager, a request by the package executable to access a native system resource through the managed library, wherein the manager includes information that identifies managed libraries that the managed application is authorized to access, further wherein the manager is effectuated by native instructions. - View Dependent Claims (17, 18, 19)
-
Specification