System and method for code signing
First Claim
Patent Images
1. A method of signing code, the method performed at a code signing device, the method comprising:
- creating a key pair, the key pair comprising a private key and a public key;
storing the private key of the key pair;
deploying the public key of the key pair;
registering an entity, wherein an account record for the entity is created, andwherein credit card information associated with the entity is validated;
receiving, at the code signing device, a code signing request from the entity to sign a software application or hash thereof using the private key of the key pair, wherein the private key is associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device;
digitally signing the software application or hash thereof, wherein a digital signature is generated using the private key; and
returning the digital signature in response to the code signing request;
wherein the code signing request comprises a second digital signature associated with the entity, and wherein the method further comprises successfully verifying the second digital signature before the digitally signing the software application or hash thereof.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device.
117 Citations
27 Claims
-
1. A method of signing code, the method performed at a code signing device, the method comprising:
-
creating a key pair, the key pair comprising a private key and a public key; storing the private key of the key pair; deploying the public key of the key pair; registering an entity, wherein an account record for the entity is created, and wherein credit card information associated with the entity is validated; receiving, at the code signing device, a code signing request from the entity to sign a software application or hash thereof using the private key of the key pair, wherein the private key is associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device; digitally signing the software application or hash thereof, wherein a digital signature is generated using the private key; and returning the digital signature in response to the code signing request; wherein the code signing request comprises a second digital signature associated with the entity, and wherein the method further comprises successfully verifying the second digital signature before the digitally signing the software application or hash thereof. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A code signing device configured to sign code, the code signing device comprising:
-
a processor; and a memory; wherein the processor is configured to; create a key pair, the key pair comprising a private key and a public key; store the private key of the key pair; deploy the public key of the key pair; register an entity, wherein an account record for the entity is created, and wherein credit card information associated with the entity is validated; receive, at the code signing device, a code signing request from the entity to sign a software application or hash thereof using the private key of the key pair, wherein the private key is associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device; digitally sign the software application or hash thereof, wherein a digital signature is generated using the private key; and return the digital signature in response to the code signing request; wherein the code signing request comprises a second digital signature associated with the entity, and wherein the processor is configured to successfully verify the second digital signature before digitally signing the software application or hash thereof. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable device comprising instructions, which when executed by a processor of a code signing device, causes a method of signing code to be performed at the code signing device, the method comprising:
-
creating a key pair, the key pair comprising a private key and a public key; storing the private key of the key pair; deploying the public key of the key pair; registering an entity, wherein an account record for the entity is created, and wherein credit card information associated with the entity is validated; receiving, at the code signing device, a code signing request from the entity to sign a software application or hash thereof using the private key of the key pair, wherein the private key is associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device; digitally signing the software application or hash thereof, wherein a digital signature is generated using the private key; and
returning the digital signature in response to the code signing request;wherein the code signing request comprises a second digital signature associated with the entity, and wherein the method further comprises successfully verifying the second digital signature before the digitally signing the software application or hash thereof. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification