Designation of classes for certificates and keys
First Claim
1. A method of creating a certificate store in a memory of a device, the method comprising:
- receiving, at a space management module, a command to create a memory space, the memory space associated with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation;
designating, at the space management module, a range of addresses in a memory for the memory space; and
initializing, at a certificate manager, a certificate store in the memory of the device, the certificate store associated with the designation of the class.
8 Assignments
0 Petitions
Accused Products
Abstract
Plural modes of operation may be established on a mobile device. Specific modes of operation of the mobile device may be associated with specific spaces in memory. By using a “class” designation within the existing certificate store structure and key store structure, certificates and keys can be assigned to one space among plural spaces. Accordingly, a personal certificate store and a personal key store may exist in a personal space. Similarly, a corporate certificate store and a corporate key store may exist in a corporate space. APIs designed to work within such a system may be arranged to employ a “class” attribute when managing certificates and cryptographic keys.
63 Citations
27 Claims
-
1. A method of creating a certificate store in a memory of a device, the method comprising:
-
receiving, at a space management module, a command to create a memory space, the memory space associated with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; designating, at the space management module, a range of addresses in a memory for the memory space; and initializing, at a certificate manager, a certificate store in the memory of the device, the certificate store associated with the designation of the class. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A mobile communication device comprising:
-
a memory; a processor adapted to; receive a command to create a memory space, the memory space associated with a designation of a class identifying a first mode of operation of the mobile communication device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; designate a range of addresses in the memory for the memory space; and initialize a certificate store in the memory, the certificate store associated with the designation of the class.
-
-
7. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile communication device, cause said processor to:
-
receive a command to create a memory space, the memory space associated with a designation of a class identifying a first mode of operation of the mobile communication device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; designate a range of addresses in a memory for the memory space; and initialize a certificate store in the memory, the certificate store associated with the designation of the class.
-
-
8. A method of managing space in a memory of a device, the method comprising:
-
receiving, at a space management module, a command to delete a given memory space among a plurality of memory spaces, the given memory space associated with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and deleting, at the space management module, application code associated with the designation of the class. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A mobile communication device comprising:
-
a memory; a processor adapted to; receive a command to delete a given memory space among a plurality of memory spaces, the given memory space associated with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and delete application code associated with the designation of the class.
-
-
15. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile communication device, cause said processor to:
-
receive a command to delete a given memory space among a plurality of memory spaces, the given memory space associated with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and delete application code associated with the designation of the class.
-
-
16. A method of handling certificate validation, the method comprising:
-
receiving a certificate validation command, the certificate validation command specifying a certificate and a certificate store with a designation of a class identifying a first mode of operation of the device, such that data in the memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; building a certificate chain for the certificate; attempting to validate the certificate chain to a root certification authority certificate in the certificate store; and replying to a source of the certificate validation command with an indication of validation status. - View Dependent Claims (17, 18, 19)
-
-
20. A mobile communication device comprising:
-
a memory; and a processor adapted to; receive a certificate validation request, the certificate validation request specifying a certificate store with a designation of a class identifying a first mode of operation of the device, such that data in a memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; build a certificate chain for the certificate; attempt to validate the certificate chain to a root certification authority certificate in the certificate store; and reply to a source of the certificate validation command with an indication of validation status.
-
-
21. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile communication device, cause said processor to:
-
receive a certificate validation request, the certificate validation request specifying a certificate store with a designation of a class identifying a first mode of operation of the device, such that data in a memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; build a certificate chain for the certificate; attempt to validate the certificate chain to a root certification authority certificate in the certificate store; and
reply to a source of the certificate validation command with an indication of validation status.
-
-
22. A method of creating a certificate store in a memory of a device, the method comprising:
-
receiving a command to create a certificate store, the command indicating a designation of a class identifying a first mode of operation of the device, such that data in a memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and initializing a certificate store in the memory of the device, the certificate store associated with the designation of the class. - View Dependent Claims (23, 24, 25)
-
-
26. A mobile communication device comprising:
- a memory;
a processor adapted to;receive a command to create a certificate store, the command indicating a designation of a class identifying a first mode of operation of the mobile communication device, such that data in a memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and initialize a certificate store in the memory of the device, the certificate store associated with the designation of the class.
- a memory;
-
27. A non-transitory computer-readable medium containing computer-executable instructions that, when performed by a processor in a mobile communication device, cause said processor to:
-
receive a command to create a certificate store, the command indicating a designation of a class identifying a first mode of operation of the mobile communication device, such that data in a memory space can not be accessed by applications executed on the device when the device is operating in a second mode of operation; and initialize a certificate store in the memory of the device, the certificate store associated with the designation of the class.
-
Specification