System and method for incorporating an originating site into a security protocol for a downloaded program object

US 9,137,024 B2
Filed: 06/23/2010
Issued: 09/15/2015
Est. Priority Date: 06/23/2010
Status: Active Grant

First Claim

Patent Images

1. A method for securing a manner in which objects are accessed by a computing device, the method comprising:

at the computing device;

receiving a first object from a first remote source, wherein the first remote source is associated with at least one first property and a first cryptographic identity;

generating a first security key based on the first object, the at least one first property, and the first cryptographic identity;

upon identifying that the first object is not known to the computing device;

identifying a first access level to be granted to the first object,encrypting the first access level based on at least one of the first object, the at least one first property, and the first cryptographic identity, to produce an encrypted first access level,associating the first security key with the encrypted first access level, andgranting the first access level to the first object; and

subsequent to granting the first access level to the first object;

receiving a second object from a second remote source, wherein second remote source is associated with at least one second property and a second cryptographic identity;

generating a second security key based on the second object, the at least one second property, and the second cryptographic identity;

when the second security key matches the first security key;

identifying the first access level in accordance with the encrypted first access level associated with the first security key, andgranting the first access level to the second object; and

when the second security key does not match the first security key;

identifying a second access level to be granted to the second object.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are systems, methods, and non-transitory computer-readable storage media for verifying a digital object obtained from a remote host. A system configured to practice the method downloads a first object from a first remote source and presents the user with a first request to allow access to the first object. Upon user approval, a multitude of characteristics associated with the object are stored to facilitate future uses of the object. When a second object is downloaded from a second remote source, the system checks the database for a stored user approval. Access to the second object is allowed if the multitude of characteristics associated with the first and second objects match. If the system does not find a match, the user is presented with a second request to allow access to the object.

15 Citations

View as Search Results

20 Claims

1. A method for securing a manner in which objects are accessed by a computing device, the method comprising:
- at the computing device;
  
  receiving a first object from a first remote source, wherein the first remote source is associated with at least one first property and a first cryptographic identity;
  
  generating a first security key based on the first object, the at least one first property, and the first cryptographic identity;
  
  upon identifying that the first object is not known to the computing device;
  
  identifying a first access level to be granted to the first object,encrypting the first access level based on at least one of the first object, the at least one first property, and the first cryptographic identity, to produce an encrypted first access level,associating the first security key with the encrypted first access level, andgranting the first access level to the first object; and
  
  subsequent to granting the first access level to the first object;
  
  receiving a second object from a second remote source, wherein second remote source is associated with at least one second property and a second cryptographic identity;
  
  generating a second security key based on the second object, the at least one second property, and the second cryptographic identity;
  
  when the second security key matches the first security key;
  
  identifying the first access level in accordance with the encrypted first access level associated with the first security key, andgranting the first access level to the second object; and
  
  when the second security key does not match the first security key;
  
  identifying a second access level to be granted to the second object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the second security key matches the first security key when:
    - the first object, the first remote source, the at least one first property, and the first cryptographic identity, when compared to the second object, the second remote source, the at least one second property, and the second cryptographic identity, respectively, satisfy a threshold degree of similarity.
  - 3. The method of claim 1, wherein one or more of the first object and the second object comprises a set of executable instructions.
  - 4. The method of claim 1, wherein at least one of the first cryptographic identity and the second cryptographic identity comprises a digital certificate that is digitally signed by one or more signing authorities.
  - 5. The method of claim 1, wherein identifying the first access level to be granted to the first object comprises:
    - presenting, via a user interface and to a user, a plurality of access levels associated with the first object, wherein the plurality of access levels includes the first access level, andreceiving, via the user interface and from the user, a selected access level from the plurality of access levels, wherein the selected access level corresponds to first access level.
  - 6. The method of claim 5, wherein the user interface enables the user to review information associated with one or more of the at least one first property and the first cryptographic identity associated with the first remote source.
  - 7. The method of claim 1, wherein, when the second security key does not match the first security key, the method further comprises:
    - presenting, via a user interface and to a user, a plurality of access levels associated with the second object, wherein the plurality of access levels includes an access level that, when selected by the user, causes the computing device to disable functionality associated with the second object.

8. A non-transitory computer readable storage medium configured to store instructions that, when executed by a processor included in a computing device, cause the computing device to secure a manner in which objects are accessed by a computing device, by carrying out steps that include:
- receiving a first object from a first remote source, wherein the first remote source is associated with at least one first property and a first cryptographic identity;
  
  generating a first security key based on the first object, the at least one first property, and the first cryptographic identity;
  
  upon identifying that the first object is not known to the computing device;
  
  identifying a first access level to be granted to the first object,encrypting the first access level based on at least one of the first object, the at least one first property, and the first cryptographic identity, to produce an encrypted first access level,associating the first security key with the encrypted first access level, andgranting the first access level to the first object; and
  
  subsequent to granting the first access level to the first object;
  
  receiving a second object from a second remote source, wherein second remote source is associated with at least one second property and a second cryptographic identity;
  
  generating a second security key based on the second object, the at least one second property, and the second cryptographic identity;
  
  when the second security key matches the first security key;
  
  identifying the first access level in accordance with the encrypted first access level associated with the first security key, andgranting the first access level to the second object; and
  
  when the second security key does not match the first security key;
  
  identifying a second access level to be granted to the second object.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer readable storage medium of claim 8, wherein the second security key matches the first security key when:
    - the first object, the first remote source, the at least one first property, and the first cryptographic identity, when compared to the second object, the second remote source, the at least one second property, and the second cryptographic identity, respectively, satisfy a threshold degree of similarity.
  - 10. The non-transitory computer readable storage medium of claim 8, wherein one or more of the first object and the second object comprises a set of executable instructions.
  - 11. The non-transitory computer readable storage medium of claim 8, wherein at least one of the first cryptographic identity and the second cryptographic identity comprises a digital certificate that is digitally signed by one or more signing authorities.
  - 12. The non-transitory computer readable storage medium of claim 8, wherein identifying the first access level to be granted to the first object comprises:
    - presenting, via a user interface and to a user, a plurality of access levels associated with the first object, wherein the plurality of access levels includes the first access level, andreceiving, via the user interface and from the user, a selected access level from the plurality of access levels, wherein the selected access level corresponds to first access level.
  - 13. The non-transitory computer readable storage medium of claim 12, wherein the user interface enables the user to review information associated with one or more of the at least one first property and the first cryptographic identity associated with the first remote source.
  - 14. The non-transitory computer readable storage medium of claim 8, wherein, when the second security key does not match the first security key, the steps further include:
    - presenting, via a user interface and to a user, a plurality of access levels associated with the second object, wherein the plurality of access levels includes an access level that, when selected by the user, causes the computing device to disable functionality associated with the second object.

15. A computing device configured to secure a manner in which objects are accessed by the computing device, the computing device comprising:
- a hardware processor, wherein the hardware processor is configured to cause the computing device to carry out steps that include;
  
  receiving a first object from a first remote source, wherein the first remote source is associated with at least one first property and a first cryptographic identity;
  
  generating a first security key based on the first object, the at least one first property, and the first cryptographic identity;
  
  upon identifying that the first object is not known to the computing device;
  
  identifying a first access level to be granted to the first object,encrypting the first access level based on at least one of the first object, the at least one first property, and the first cryptographic identity, to produce an encrypted first access level,associating the first security key with the encrypted first access level, andgranting the first access level to the first object; and
  
  subsequent to granting the first access level to the first object;
  
  receiving a second object from a second remote source, wherein second remote source is associated with at least one second property and a second cryptographic identity;
  
  generating a second security key based on the second object, the at least one second property, and the second cryptographic identity;
  
  when the second security key matches the first security key;
  
  identifying the first access level in accordance with the encrypted first access level associated with the first security key, andgranting the first access level to the second object; and
  
  when the second security key does not match the first security key;
  
  identifying a second access level to be granted to the second object.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computing device of claim 15, wherein the second security key matches the first security key when:
    - the first object, the first remote source, the at least one first property, and the first cryptographic identity, when compared to the second object, the second remote source, the at least one second property, and the second cryptographic identity, respectively, satisfy a threshold degree of similarity.
  - 17. The computing device of claim 15, wherein one or more of the first object and the second object comprises a set of executable instructions.
  - 18. The computing device of claim 15, wherein at least one of the first cryptographic identity and the second cryptographic identity comprises a digital certificate that is digitally signed by one or more signing authorities.
  - 19. The computing device of claim 15, wherein identifying the first access level to be granted to the first object comprises:
    - presenting, via a user interface and to a user, a plurality of access levels associated with the first object, wherein the plurality of access levels includes the first access level, andreceiving, via the user interface and from the user, a selected access level from the plurality of access levels, wherein the selected access level corresponds to first access level.
  - 20. The computing device of claim 19, wherein the user interface enables the user to review information associated with one or more of the at least one first property and the first cryptographic identity associated with the first remote source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apple Inc.
Original Assignee
Apple Inc.
Inventors
Swingler, Michael Alan, O'Brien, Thomas John
Primary Examiner(s)
Desrosiers, Evans
Assistant Examiner(s)
POTRATZ, DANIEL B

Application Number

US12/821,656
Publication Number

US 20110320808A1
Time in Patent Office

1,910 Days
Field of Search

713187-189, 723/1, 723/26, 723/27, 723/30
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

H04L 63/12   Applying verification of th...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 9/007   involving hierarchical stru...

H04L 9/3265   using certificate chains, t...

System and method for incorporating an originating site into a security protocol for a downloaded program object

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for incorporating an originating site into a security protocol for a downloaded program object

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others