Secure execution of unsecured apps on a device
First Claim
1. A method of inserting DRM features into an app during a process of securing the app on a mobile device, the method comprising:
- inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising;
segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device;
creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and
bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and
executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code.
3 Assignments
0 Petitions
Accused Products
Abstract
An app is secured on a mobile device by being deconstructed or unbundled into multiple modules, where a module is a segment of app code that performs a particular function. It is then determined which modules from the multiple modules perform some type of security function, for example, a function dealing with confidential or security-related data. These modules, forming a group of modules, are loaded into a trusted execution environment. The app is then re-bundled so that it has the first plurality of modules and the second plurality of modules. The app executes in a manner where the high security functions execute so that break points cannot be inserted into the app code. The re-bundling is done automatically in an app security wrapping process. Security constraints are added to the app.
49 Citations
8 Claims
-
1. A method of inserting DRM features into an app during a process of securing the app on a mobile device, the method comprising:
-
inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising; segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device; creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable medium containing program instructions for inserting DRM features into an app during a process of securing the app on a mobile device, wherein execution of the program instructions by one or more processors of a computer system causes the one or more processors to carry out the steps of:
-
inserting DRM features into the app via an app wrapping process, by the mobile device, using a key share that has a data lease and that is split into two portions, a first portion residing in a trusted execution environment on the mobile device, wherein the trusted execution environment cannot be tampered or examined by external entities, the app wrapping process comprising; segmenting an app into a first plurality of logical modules, wherein a logical module varies in size and is a segment of app code for a particular function, said segmenting triggered automatically when the app is secured on the mobile device; creating a second plurality of logical modules based upon a determination of which modules from the first plurality of logical modules perform high security functions; and bundling the app so that the app has the first plurality of logical modules and the second plurality of logical modules; and executing the app, wherein the first plurality of logical modules execute in the operating system of the mobile device and the second plurality of logical modules execute in the trusted execution environment so that break points cannot be inserted into the app code.
-
Specification