Secure execution of unsecured apps on a device

US 8,769,305 B2
Filed: 06/19/2012
Issued: 07/01/2014
Est. Priority Date: 03/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method of inserting DRM features into an app during a process of securing the app on a mobile device, the method comprising:

inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising;

segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device;

creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and

bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and

executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An app is secured on a mobile device by being deconstructed or unbundled into multiple modules, where a module is a segment of app code that performs a particular function. It is then determined which modules from the multiple modules perform some type of security function, for example, a function dealing with confidential or security-related data. These modules, forming a group of modules, are loaded into a trusted execution environment. The app is then re-bundled so that it has the first plurality of modules and the second plurality of modules. The app executes in a manner where the high security functions execute so that break points cannot be inserted into the app code. The re-bundling is done automatically in an app security wrapping process. Security constraints are added to the app.

49 Citations

View as Search Results

8 Claims

1. A method of inserting DRM features into an app during a process of securing the app on a mobile device, the method comprising:
- inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising;
  
  segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device;
  
  creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and
  
  bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and
  
  executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1 further comprising:
    - adding DRM-related app information to file headers in the app.
  - 3. A method as recited in claim 1 further comprising:
    - injecting DRM-related app information including user names, device identifiers, and app identifiers into the app when wrapped.
  - 4. A method as recited in claim 1 further comprising:
    - adding security constraints to the app.
  - 5. A method as recited in claim 1 further comprising:
    - inserting identifiers of one or more users into an app file, said one or more users authorized to use the app.
  - 6. A method as recited in claim 1 further comprising:
    - inserting identifiers of one or more devices into an app file, said one or more devices authorized to execute the app.
  - 7. A method as recited in claim 1 further comprising:
    - storing a key in the trusted execution environment.

8. A non-transitory computer readable medium containing program instructions for inserting DRM features into an app during a process of securing the app on a mobile device, wherein execution of the program instructions by one or more processors of a computer system causes the one or more processors to carry out the steps of:
- inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising;
  
  segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device;
  
  creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and
  
  bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and
  
  executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Blue Cedar Networks, Inc.
Original Assignee
Moncana Corporation
Inventors
Blaisdell, James
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US13/527,321
Publication Number

US 20120304310A1
Time in Patent Office

742 Days
Field of Search

713/189
US Class Current

713/189
CPC Class Codes

G06F 21/52   during program execution, e...

H04W 12/12   Detection or prevention of ...

H04W 12/37   Managing security policies ...

Secure execution of unsecured apps on a device

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

8 Claims

Specification

Use Cases

Quick Links

Others

Secure execution of unsecured apps on a device

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

8 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others