Software code signing system and method

DC CAFC

US 8,489,868 B2
Filed: 09/20/2001
Issued: 07/16/2013
Est. Priority Date: 09/21/2000
Status: Active Grant

- Alert
- Pin

First Claim

Patent Images

1. A mobile device containing software instructions which when executed on the mobile device cause the mobile device to perform operations for controlling access to an application platform of the mobile device, the operations comprising:

storing a plurality of application programming interfaces (APIs) at the mobile device, wherein at least one API comprises a sensitive API to which access is restricted;

receiving, at the mobile device, an indication that a software application on the mobile device is requesting access to the sensitive API stored at the mobile device;

determining, at the mobile device, whether the software application is signed, wherein a signed software application includes a digital signature generated using a private key of a private key-public key pair, wherein the private key is not accessible to the mobile device;

the mobile device using a public key of the private key-public key pair to verify the digital signature of the software application; and

based upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to the sensitive API.

View all claims

2 Assignments

Timeline View

Assignment View

Litigations

2 Petitions

Accused Products

Abstract

A code signing system and method is provided. The code signing system operates in conjunction with a signed software application having a digital signature and includes an application platform, an application programming interface (API), and a virtual machine. The API is configured to link the software application with the application platform. The virtual machine verifies the authenticity of the digital signature in order to control access to the API by the software application.

48 Citations

View as Search Results

144 Claims

1. A mobile device containing software instructions which when executed on the mobile device cause the mobile device to perform operations for controlling access to an application platform of the mobile device, the operations comprising:
- storing a plurality of application programming interfaces (APIs) at the mobile device, wherein at least one API comprises a sensitive API to which access is restricted;
  
  receiving, at the mobile device, an indication that a software application on the mobile device is requesting access to the sensitive API stored at the mobile device;
  
  determining, at the mobile device, whether the software application is signed, wherein a signed software application includes a digital signature generated using a private key of a private key-public key pair, wherein the private key is not accessible to the mobile device;
  
  the mobile device using a public key of the private key-public key pair to verify the digital signature of the software application; and
  
  based upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to the sensitive API.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 101, 105, 109, 113, 114, 115, 116, 117, 118, 119, 120)
- - 2. The mobile device of claim 1, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - preventing execution of the software application.
  - 3. The mobile device of claim 1, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - denying the software application access to the sensitive API.
  - 4. The mobile device of claim 1, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - purging the software application from the mobile device.
  - 5. The mobile device of claim 1, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - preventing execution of the software application.
  - 6. The mobile device of claim 1, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - denying the software application access to the sensitive API.
  - 7. The mobile device of claim 1, wherein based upon a determination that the digital signature is not successfully verified the operations further comprise:
    - purging the software application from the mobile device.
  - 8. The mobile device of claim 1, wherein a global signature is associated with each of the plurality of APIs;
    - and wherein the global signature is verified prior to allowing the software application to access the sensitive API.
  - 9. The mobile device of claim 1, wherein at least some of the operations are performed by an application execution manager, and wherein the application execution manager is implemented by a virtual machine (VM) of the mobile device.
  - 10. The mobile device of claim 1, wherein the digital signature is generated by applying the private key to a first hash of the software application;
    - and the digital signature is verified by generating a second hash of the software application to obtain a generated hash, applying the public key to the digital signature to obtain a recovered hash, and verifying that the generated hash and the recovered hash are the same.
  - 11. The mobile device of claim 1, wherein the digital signature is generated by applying the private key to a first abridged version of the software application;
    - and the digital signature is verified by generating a second abridged version of the software application to obtain a generated abridged version, applying the public key to the digital signature to obtain a recovered abridged version, and verifying that the generated abridged version and the recovered abridged version are the same.
  - 12. The mobile device of claim 1, wherein the digital signature is generated by a code signing authority and included with the software application.
  - 13. The mobile device of claim 1, wherein the operations further comprise:
    - displaying a description string when the software application attempts to access the sensitive API.
  - 14. The mobile device of claim 1, wherein the application platform comprises an operating system.
  - 15. The mobile device of claim 1, wherein the application platform includes mobile device hardware.
  - 16. The mobile device of claim 1, wherein the application platform comprises a cryptographic module.
  - 17. The mobile device of claim 1, wherein the application platform comprises a data store.
  - 18. The mobile device of claim 1, wherein the application platform comprises a proprietary data model.
  - 19. The mobile device of claim 1, wherein the application platform comprises an input and output controller.
  - 20. The mobile device of claim 1, wherein the digital signature provides an audit trail identifying a developer of the software application requesting access to the sensitive API.
  - 21. The mobile device of claim 20, wherein a problematic software application is identified using the audit trail, and wherein the digital signature associated with the problematic software application is revocable.
  - 22. The mobile device of claim 21, wherein the digital signature associated with the problematic software application is revoked, and wherein the revoked digital signature is added to a signature revocation list.
  - 23. The mobile device of claim 1, wherein the digital signature is first verified each time the software application requesting access to the sensitive API is allowed to interact with the application platform.
  - 24. The mobile device of claim 1, wherein the software application further includes a signature identification, and wherein the digital signature and the signature identification correspond to a mobile device type.
  - 25. The mobile device of claim 1, wherein the operations further comprise obtaining the public key from a public key repository.
  - 101. The device of claim 1, wherein verifying the digital signature comprises:
    - hashing the software application to obtain a generated hash;
      
      applying the public key to the digital signature to obtain a recovered hash; and
      
      comparing the generated hash and the recovered hash.
  - 105. The device of claim 1, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein for each of the plurality of sensitive APIs, the mobile device allows access to the sensitive API upon verification of a digital signature unique to the sensitive API.
  - 109. The device of claim 1, wherein the operations further comprise:
    - upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to at least one non-sensitive API.
  - 113. The mobile device of claim 1, wherein the sensitive API is associated with the public key.
  - 114. The mobile device of claim 1, wherein the sensitive API and the public key are included in an API library.
  - 115. The mobile device of claim 1, wherein the plurality of APIs comprises at least one non-sensitive API.
  - 116. The mobile device of claim 115, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 117. The mobile device of claim 115, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 118. The mobile device of claim 1, wherein the software application includes a plurality of digital signatures.
  - 119. The mobile device of claim 1, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein one or more of the sensitive APIs is associated with a unique digital signature.
  - 120. The mobile device of claim 1, wherein the plurality of APIs comprises at least a second sensitive API, wherein the software application includes at least a second digital signature, wherein the operations further comprise:
    - using a second public key of a second private key-public key pair to verify the second digital signature of the software application; and
      
      based upon verifying the second digital signature at the mobile device, allowing the software application access to at least the second sensitive API.

26. A system for controlling access to an application platform on a mobile device, comprising:
- one or more processors;
  
  one or more computer-readable storage mediums containing software instructions executable on the one or more processors to cause the one or more processors to perform operations including;
  
  storing a plurality of application programming interfaces (APIs) at the mobile device, wherein at least one API comprises a sensitive API to which access is restricted;
  
  receiving, at the mobile device, an indication that a software application is requesting access to the sensitive API stored at the mobile device;
  
  determining, at the mobile device, whether the software application is signed, wherein a signed software application includes a digital signature generated using a private key of a private key-public key pair, wherein the private key is not accessible to the mobile device;
  
  the mobile device using a public key of the private key-public key pair to verify the digital signature of the signed software application; and
  
  based upon verifying the digital signature, the mobile device allowing the software application access to the sensitive API.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 102, 106, 110, 121, 122, 123, 124, 125, 126, 127, 128)
- - 27. The system of claim 26, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - preventing execution of the software application.
  - 28. The system of claim 26, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - denying the software application access to the sensitive API.
  - 29. The system of claim 26, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - purging the software application from the mobile device.
  - 30. The system of claim 26, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - preventing execution of the software application.
  - 31. The system of claim 26, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - denying the software application access to the sensitive API.
  - 32. The system of claim 26, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - purging the software application from the mobile device.
  - 33. The system of claim 26, wherein a global signature is associated with each of the plurality of APIs;
    - and wherein the global signature is verified prior to allowing the signed software application to access the sensitive API.
  - 34. The system of claim 26, wherein at least some of the operations are performed by an application execution manager, and wherein the application execution manager is implemented by a virtual machine (VM) of the mobile device.
  - 35. The system of claim 26, wherein the digital signature is generated by applying the private key to a first hash of the software application;
    - and the digital signature is verified by generating a second hash of the software application to obtain a generated hash, applying the public key to the digital signature to obtain a recovered hash, and verifying that the generated hash and the recovered hash are the same.
  - 36. The system of claim 26, wherein the digital signature is generated by applying the private key to a first abridged version of the software application;
    - and the digital signature is verified by generating a second abridged version of the software application to obtain a generated abridged version, applying the public key to the digital signature to obtain a recovered abridged version, and verifying that the generated abridged version and the recovered abridged version are the same.
  - 37. The system of claim 26, further comprising:
    - a code signing authority, wherein the code signing authority determines whether the software application should be given access to the sensitive API, and based upon a determination that the software application should be given access to the sensitive API, the code signing authority accepts the software application and generates the digital signature that is included with the software application.
  - 38. The system of claim 26, wherein the operations further comprise:
    - displaying a description string when the software application attempts to access the sensitive API.
  - 39. The system of claim 26, wherein the application platform comprises an operating system.
  - 40. The system of claim 26, wherein the application platform includes mobile device hardware.
  - 41. The system of claim 26, wherein the application platform comprises a cryptographic module.
  - 42. The system of claim 26, wherein the application platform comprises a data store.
  - 43. The system of claim 26, wherein the application platform comprises a proprietary data model.
  - 44. The system of claim 26, wherein the application platform comprises an input and output controller.
  - 45. The system of claim 26, wherein the digital signature provides an audit trail identifying a developer of the software application requesting access to the sensitive API.
  - 46. The system of claim 45, wherein a problematic software application is identified using the audit trail, and wherein the digital signature associated with the problematic software application is revocable.
  - 47. The system of claim 46, wherein the digital signature associated with the problematic software application is revoked, and wherein the revoked digital signature is added to a signature revocation list.
  - 48. The system of claim 26, wherein the digital signature is first verified each time the software application requesting access to the sensitive API is allowed to interact with the application platform.
  - 49. The system of claim 26, wherein the software application further includes a signature identification, and wherein the digital signature and the signature identification correspond to a mobile device type.
  - 50. The system of claim 26, wherein the operations further comprise obtaining the public key from a public key repository.
  - 102. The system of claim 26, wherein verifying the digital signature comprises:
    - hashing the software application to obtain a generated hash;
      
      applying the public key to the digital signature to obtain a recovered hash; and
      
      comparing the generated hash and the recovered hash.
  - 106. The system of claim 26, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein for each of the plurality of sensitive APIs, the mobile device allows access to the sensitive API upon verification of a digital signature unique to the sensitive API.
  - 110. The system of claim 26, wherein the operations further comprise:
    - upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to at least one non-sensitive API.
  - 121. The system of claim 26, wherein the sensitive API is associated with the public key.
  - 122. The system of claim 26, wherein the sensitive API and the public key are included in an API library.
  - 123. The system of claim 26, wherein the plurality of APIs comprises at least one non-sensitive API.
  - 124. The system of claim 123, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the operations further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 125. The system of claim 123, wherein based upon a determination that the digital signature is not successfully verified, the operations further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 126. The system of claim 26, wherein the software application includes a plurality of digital signatures.
  - 127. The system of claim 26, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein one or more of the sensitive APIs is associated with a unique digital signature.
  - 128. The system of claim 26, wherein the plurality of APIs comprises at least a second sensitive API, wherein the software application includes at least a second digital signature, wherein the operations further comprise:
    - using a second public key of a second private key-public key pair to verify the second digital signature of the software application; and
      
      based upon verifying the second digital signature at the mobile device, allowing the software application access to at least the second sensitive API.

51. A non-transitory computer-readable storage medium encoded with instructions that when executed on one or more processors of a mobile device, cause the mobile device to perform instructions for controlling access to an application platform of the mobile device, the instructions comprising:
- storing a plurality of application programming interfaces (APIs) at the mobile device, wherein at least one API comprises a sensitive API to which access is restricted;
  
  receiving, at the mobile device, an indication that a software application on the mobile device is requesting access to the sensitive API stored at the mobile device;
  
  determining, at the mobile device, whether the software application is signed, wherein a signed software application includes a digital signature generated using a private key of a private key-public key pair, wherein the private key is not accessible to the mobile device;
  
  the mobile device using the public key of the private key-public key pair to verify the digital signature of the software application; and
  
  based upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to the sensitive API.
- View Dependent Claims (52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 103, 107, 111, 129, 130, 131, 132, 133, 134, 135, 136)
- - 52. The computer-readable storage medium of claim 51, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the instructions further comprising:
    - preventing execution of the software application.
  - 53. The computer-readable storage medium of claim 51, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the instructions further comprising:
    - denying the software application access to the sensitive API.
  - 54. The computer-readable storage medium of claim 51, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the instructions further comprising:
    - purging the software application from the mobile device.
  - 55. The computer-readable storage medium of claim 51, wherein based upon a determination that the digital signature is not successfully verified, the instructions further comprising:
    - preventing execution of the software application.
  - 56. The computer-readable storage medium of claim 51, wherein based upon a determination that the digital signature is not successfully verified, the instructions further comprising:
    - denying the software application access to the sensitive API.
  - 57. The computer-readable storage medium of claim 51, wherein based upon a determination that the digital signature is not successfully verified, the instructions further comprising:
    - purging the software application from the mobile device.
  - 58. The computer-readable storage medium of claim 51, wherein a global signature is associated with each of the plurality of APIs;
    - and wherein the global signature is verified prior to allowing the software application to access the sensitive API.
  - 59. The computer-readable storage medium of claim 51, wherein at least some of the instructions are performed by an application execution manager, and wherein the application execution manager is implemented by a virtual machine (VM) of the mobile device.
  - 60. The computer-readable storage medium of claim 51, wherein the digital signature is generated by applying the private key to a first hash of the software application;
    - and the digital signature is verified by generating a second hash of the software application to obtain a generated hash, applying the public key to the digital signature to obtain a recovered hash, and verifying that the generated hash and the recovered hash are the same.
  - 61. The computer-readable storage medium of claim 51, wherein the digital signature is generated by applying the private key to a first abridged version of the software application;
    - and the digital signature is verified by generating a second abridged version of the software application to obtain a generated abridged version, applying the public key to the digital signature to obtain a recovered abridged version, and verifying that the generated abridged version and the recovered abridged version are the same.
  - 62. The computer-readable storage medium of claim 51, wherein the digital signature is generated by a code signing authority and included with the software application.
  - 63. The computer-readable storage medium of claim 51, the instructions further comprising:
    - displaying a description string when the software application attempts to access the sensitive API.
  - 64. The computer-readable storage medium of claim 51, wherein the application platform comprises an operating system.
  - 65. The computer-readable storage medium of claim 51, wherein the application platform includes mobile device hardware.
  - 66. The computer-readable storage medium of claim 51, wherein the application platform comprises a cryptographic module.
  - 67. The computer-readable storage medium of claim 51, wherein the application platform comprises a data store.
  - 68. The computer-readable storage medium of claim 51, wherein the application platform comprises a proprietary data model.
  - 69. The computer-readable storage medium of claim 51, wherein the application platform comprises an input and output controller.
  - 70. The computer-readable storage medium of claim 51, wherein the digital signature provides an audit trail identifying a developer of the software application requesting access to the sensitive API.
  - 71. The computer-readable storage medium of claim 70, wherein a problematic software application is identified using the audit trail, and wherein the digital signature associated with the problematic software application is revocable.
  - 72. The computer-readable storage medium of claim 71, wherein the digital signature associated with the problematic software application is revoked, and wherein the revoked digital signature is added to a signature revocation list.
  - 73. The computer-readable storage medium of claim 51, wherein the digital signature is first verified each time the software application requesting access to the sensitive API is allowed to interact with the application platform.
  - 74. The computer-readable storage medium of claim 51, wherein the software application further includes a signature identification, and wherein the digital signature and the signature identification correspond to a mobile device type.
  - 75. The computer-readable storage medium of claim 51, the instructions further comprising obtaining the public key from a public key repository.
  - 103. The computer-readable storage medium of claim 51, wherein verifying the digital signature comprises:
    - hashing the software application to obtain a generated hash;
      
      applying the public key to the digital signature to obtain a recovered hash; and
      
      comparing the generated hash and the recovered hash.
  - 107. The computer-readable storage medium of claim 51, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein for each of the plurality of sensitive APIs, the mobile device allows access to the sensitive API upon verification of a digital signature unique to the sensitive API.
  - 111. The computer-readable storage medium of claim 51, wherein the instructions further comprises:
    - upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to at least one non-sensitive API.
  - 129. The computer-readable storage medium of claim 51, wherein the sensitive API is associated with the public key.
  - 130. The computer-readable storage medium of claim 51, wherein the sensitive API and the public key are included in an API library.
  - 131. The computer-readable storage medium of claim 51, wherein the plurality of APIs comprises at least one non-sensitive API.
  - 132. The computer-readable storage medium of claim 131, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the instructions further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 133. The computer-readable storage medium of claim 131, wherein based upon a determination that the digital signature is not successfully verified, the instructions further comprise:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 134. The computer-readable storage medium of claim 51, wherein the software application includes a plurality of digital signatures.
  - 135. The computer-readable storage medium of claim 51, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein one or more of the sensitive APIs is associated with a unique digital signature.
  - 136. The computer-readable storage medium of claim 51, wherein the plurality of APIs comprises at least a second sensitive API, wherein the software application includes at least a second digital signature, wherein the operations further comprise:
    - using a second public key of a second private key-public key pair to verify the second digital signature of the software application; and
      
      based upon verifying the second digital signature at the mobile device, allowing the software application access to at least the second sensitive API.

76. A method for controlling access to an application platform of a mobile device, comprising:
- storing a plurality of application programming interfaces (APIs) at the mobile device, wherein at least one API comprises a sensitive API to which access is restricted;
  
  receiving, at the mobile device, an indication that a software application on the mobile device is requesting access to the sensitive API stored at the mobile device;
  
  determining, at the mobile device, whether the software application is signed, wherein a signed software application includes a digital signature generated using a private key of a private key-public key pair, wherein the private key is not accessible to the mobile device;
  
  mobile device using a public key of the private key-public key pair to verify of the digital signature of the software application; and
  
  based upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to the sensitive API.
- View Dependent Claims (77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 104, 108, 112, 137, 138, 139, 140, 141, 142, 143, 144)
- - 77. The method of claim 76, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the method further comprises:
    - preventing execution of the software application.
  - 78. The method of claim 76, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the method further comprises:
    - denying the software application access to the sensitive API.
  - 79. The method of claim 76, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the method further comprises:
    - purging the software application from the mobile device.
  - 80. The method of claim 76, wherein based upon a determination that the digital signature is not successfully verified, the method further comprises:
    - preventing execution of the software application.
  - 81. The mobile device of claim 76, wherein based upon a determination that the digital signature is not successfully verified, the method further comprises:
    - denying the software application access to the sensitive API.
  - 82. The method of claim 76, wherein based upon a determination that the digital signature is not successfully verified, the method further comprises:
    - purging the software application from the mobile device.
  - 83. The method of claim 76, wherein a global signature is associated with each of the plurality of APIs;
    - and wherein the global signature is verified prior to allowing the software application to access the sensitive API.
  - 84. The method of claim 76, wherein at least some operations of the method are performed by an application execution manager, and wherein the application execution manager is implemented by a virtual machine (VM) of the mobile device.
  - 85. The method of claim 76, wherein the digital signature is generated by applying the private key to a first hash of the software application;
    - and the digital signature is verified by generating a second hash of the software application to obtain a generated hash, applying the public key to the digital signature to obtain a recovered hash, and verifying that the generated hash and the recovered hash are the same.
  - 86. The method of claim 76, wherein the digital signature is generated by applying the private key to a first abridged version of the software application;
    - and the digital signature is verified by generating a second abridged version of the software application to obtain a generated abridged version, applying the public key to the digital signature to obtain a recovered abridged version, and verifying that the generated abridged version and the recovered abridged version are the same.
  - 87. The method of claim 76, further comprising:
    - determining by a code signing authority, whether the software application should be given access to the sensitive API, wherein based upon a determination that the software application should be given access to the sensitive API, the code signing authority accepts the software application and generates the digital signature that is included with the software application.
  - 88. The method of claim 76, further comprisinq:
    - displaying a description string when the software application attempts to access the sensitive API.
  - 89. The method of claim 76, wherein the application platform comprises an operating system.
  - 90. The method of claim 76, wherein the application platform includes mobile device hardware.
  - 91. The method of claim 76, wherein the application platform comprises a cryptographic module.
  - 92. The method of claim 76, wherein the application platform comprises a data store.
  - 93. The method of claim 76, wherein the application platform comprises a proprietary data model.
  - 94. The method of claim 76, wherein the application platform comprises an input and output controller.
  - 95. The method of claim 76, wherein the digital signature provides an audit trail identifying a developer of the software application requesting access to the sensitive API.
  - 96. The method of claim 95, wherein a problematic software application is identified using the audit trail, and wherein the digital signature associated with the problematic software application is revocable.
  - 97. The method of claim 96, wherein the digital signature associated with the problematic software application is revoked, and wherein the revoked digital signature is added to a signature revocation list.
  - 98. The method of claim 76, wherein the digital signature is first verified each time the software application requesting access to the sensitive API is allowed to interact with the application platform.
  - 99. The method of claim 76, wherein the software application further includes a signature identification, and wherein the digital signature and the signature identification correspond to a mobile device type.
  - 100. The method of claim 76, further comprising obtaining the public key from a public key repository.
  - 104. The method of claim 76, wherein verifying the digital signature comprises:
    - hashing the software application to obtain a generated hash;
      
      applying the public key to the digital signature to obtain a recovered hash; and
      
      comparing the generated hash and the recovered hash.
  - 108. The method of claim 76, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein for each of the plurality of sensitive APIs, the mobile device allows access to the sensitive API upon verification of a digital signature unique to the sensitive API.
  - 112. The method of claim 76, further comprising:
    - upon verifying the digital signature at the mobile device, the mobile device allowing the software application access to at least one non-sensitive API.
  - 137. The method of claim 76, wherein the sensitive API is associated with the public key.
  - 138. The method of claim 76, wherein the sensitive API and the public key are included in an API library.
  - 139. The method of claim 76, wherein the plurality of APIs comprises at least one non-sensitive API.
  - 140. The method of claim 139, wherein based upon a determination that the software application requesting access to the sensitive API does not include a signature, the method further comprising:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 141. The method of claim 139, wherein based upon a determination that the digital signature is not successfully verified, the method further comprising:
    - denying the software application access to the sensitive API; and
      
      allowing the software application access to the at least one non-sensitive API.
  - 142. The method of claim 76, wherein the software application includes a plurality of digital signatures.
  - 143. The method of claim 76, wherein the plurality of APIs comprises a plurality of sensitive APIs, wherein one or more of the sensitive APIs is associated with a unique digital signature.
  - 144. The method of claim 76, wherein the plurality of APIs comprises at least a second sensitive API, wherein the software application includes at least a second digital signature, the method further comprising:
    - using a second public key of a second private key-public key pair to verify the second digital signature of the software application; and
      
      based upon verifying the second digital signature at the mobile device, allowing the software application access to at least the second sensitive API.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Blackberry Limited
Original Assignee
Blackberry Limited
Inventors
Yach, David P., Brown, Michael S., Little, Herbert A.
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
AVERY, JEREMIAH L

Application Number

US10/381,219
Publication Number

US 20040025022A1
Time in Patent Office

4,317 Days
Field of Search

None
US Class Current

713/1
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/121   Restricting unauthorised ex...

G06F 21/51   at application loading time...

G06F 21/629   to features or functions of...

H04L 63/067   using one-time keys cryptog...

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/1483   service impersonation, e.g....

H04L 9/321   involving a third party or ...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

H04W 4/60   Subscription-based services...

Software code signing system and method

First Claim

2 Assignments

Litigations

2 Petitions

Accused Products

Abstract

48 Citations

144 Claims

Specification

Use Cases

Quick Links

Others

Software code signing system and method

First Claim

2 Assignments

Subscription Required

Subscription Required

Litigations

2 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

144 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others