Method and system for coordinating client and host security modules

US 8,713,706 B2
Filed: 07/04/2011
Issued: 04/29/2014
Est. Priority Date: 07/30/2004
Status: Active Grant

First Claim

Patent Images

1. A method for coordinating a client security module with a host security module, wherein said client security module and said host security module are resident on a mobile electronic device with a client side and a host side, the method comprising:

the client security module receiving a user security input;

the client security module validating said received user security input;

the client security module implementing a client-side unlock of the client side;

the client security module passing control to the host security module with an unlock command;

the host security module implementing a host-side unlock of the host side in response to receiving said unlock command; and

when the client security module is not available on startup, the host security module receiving said user security input, the host security module validating said received user security input by calling a validation function.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and methods for coordinating the operation of a client security module and a host security module on a mobile electronic device. The modules communicate with each other through a platform abstraction layer using application programming interfaces to coordinate their activities. In particular, the client security module instructs the host security module when to lock and unlock the device, and the host security module alerts the client security module to attempts by the user to lock or unlock the device.

63 Citations

19 Claims

1. A method for coordinating a client security module with a host security module, wherein said client security module and said host security module are resident on a mobile electronic device with a client side and a host side, the method comprising:
- the client security module receiving a user security input;
  
  the client security module validating said received user security input;
  
  the client security module implementing a client-side unlock of the client side;
  
  the client security module passing control to the host security module with an unlock command;
  
  the host security module implementing a host-side unlock of the host side in response to receiving said unlock command; and
  
  when the client security module is not available on startup, the host security module receiving said user security input, the host security module validating said received user security input by calling a validation function.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method claimed in claim 1, wherein said sending comprises sending the unlock command through a platform abstraction layer.
  - 3. The method claimed in claim 2, wherein said platform abstraction layer comprises a plurality of application programming interfaces, and wherein said sending the unlock command comprises calling one of said application programming interfaces.
  - 4. The method claimed in claim 1, wherein said implementing the host-side unlock of the host side by the host security module comprises permitting user access to data stored on the device.
  - 5. The method claimed in claim 1, wherein said implementing the host-side unlock comprises permitting user access to host-side applications.
  - 6. The method claimed in claim 1, further including detecting an input event and, in response to said input event, displaying a dialog for receiving said user security input.
  - 7. The method claimed in claim 6, wherein said detecting an input event includes alerting the client security module to detection of the input event, and wherein said displaying said dialog is performed by said client security module.

8. A mobile electronic device, comprising:
- a processor, andmemory,and stored in memory to cause the processor to control the device;
  
  a host operating system resident on a host-side of the device;
  
  a host security module resident on the host-side of the device;
  
  a client application resident on a client-side of the device, the client application including a client security module; and
  
  an interface between the client-side and the host-side for exchanging communications between the client security module and the host security module,said client security module being configured to unlock the client-side of the device in response to receiving a password and pass control to the host security module with an instruction to unlock the host-side of the device; and
  
  when said client security module is not available on startup, the host security module is configured to receive said password and the host security module is configured to validate said password by calling a validation function.
- View Dependent Claims (9, 10, 11)
- - 9. The mobile electronic device claimed in claim 8, wherein said host security module is configured to unlock the host-side in response to said instruction from said client security module.
  - 10. The mobile electronic device claimed in claim 8, wherein said interface comprises an application programming interface for requesting validation of the password.
  - 11. The mobile electronic device claimed in claim 10, wherein said host security module includes an unlock component for operation on start-up of the device, wherein said unlock component receives an input password and calls said application programming interface for requesting validation of said input password.

12. A non-transitory computer-readable medium containing computer-executable instructions for coordinating a client security module with a host security module, wherein said client security module and said host security module are resident on a mobile electronic device with a client side and a host side, the instructions, when performed by a processor, cause said processor to:
- receive a user security input at said client security module;
  
  validate said received user security input at said client security module;
  
  implement a client-side unlock of the client side by the client security module;
  
  pass control, with an unlock command, from the client security module to the host security module; and
  
  implement a host-side unlock of the host side by the host security module in response to receiving said unlock command; and
  
  when the client security module is not available on startup;
  
  receive said user security input at the host security module, andvalidate said received user security input by the host security module by calling a validation function.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The non-transitory computer-readable medium of claim 12 wherein the instructions that cause the processor to pass comprise instructions that cause the processor to send the unlock command through a platform abstraction layer.
  - 14. The non-transitory computer-readable medium of claim 13 wherein the platform abstraction layer comprises a plurality of application programming interfaces, and wherein the instructions that cause the processor to send comprise instructions that cause the processor to call one of said application programming interfaces.
  - 15. The non-transitory computer-readable medium of claim 12 wherein the instructions that cause the host security module to implement the host-side unlock comprise instructions that cause the host security module to permit user access to data stored on the device.
  - 16. The non-transitory computer-readable medium of claim 12 wherein the instructions that cause the host security module to implement the host-side unlock comprise instructions that cause the host security module to permit user access to host-side applications.
  - 17. The non-transitory computer-readable medium of claim 12 wherein the instructions further include instructions that cause the processor to detect an input event and, in response to said input event, arrange display of a dialog for receiving said user security input.
  - 18. The non-transitory computer-readable medium of claim 17 wherein the instructions that cause the processor to detect an input event comprise instructions that cause the processor to alert the client security module to detection of the input event, and wherein the displaying the dialog is performed by the client security module.
  - 19. The non-transitory computer-readable medium of claim 12 wherein the instructions further include instructions that cause the processor to implement an interface between the client side and the host side for exchanging communications between the client security module and the host security module, wherein the interface comprises an application programming interface for requesting validation of the user security input.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Barker, Melanie, Hodgson, John
Primary Examiner(s)
Simitoski, Michael
Assistant Examiner(s)
LAVELLE, GARY E

Application Number

US13/175,925
Publication Number

US 20120174238A1
Time in Patent Office

1,030 Days
Field of Search

726/2, 726/4, 726/8, 726/29, 713/193
US Class Current

726/29
CPC Class Codes

G06F 21/31   User authentication

G06F 21/575   Secure boot

H04N 21/41407   embedded in a portable devi...

H04N 21/4181   for conditional access

H04N 21/4184   providing storage capabilit...

H04N 21/422   Input-only peripherals , i....

H04N 21/443   OS processes, e.g. booting ...

H04N 21/4753   for user identification, e....

Method and system for coordinating client and host security modules

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for coordinating client and host security modules

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links