Security apparatus session sharing
First Claim
1. A method comprising:
- establishing, by a first application executing on an electronic device, a session with a security apparatus physically coupled to the electronic device upon receiving a valid security string to unlock the security apparatus, wherein the security apparatus comprises a smart card;
receiving, by the first application, a token in response to unlocking the security apparatus, the token enabling the first application to utilize the security apparatus;
providing, by the first application, the token to a second application executing on the electronic device using a file system on the electronic device in response to identifying the second application on a whitelist indicating that the first application is allowed to share the token with the second application, wherein the token authenticates the second application with the security apparatus, wherein the token is shared with a plurality of applications on the whitelist through the file system on the electronic device, and wherein the file system is accessible to the applications on the whitelist that are allowed to share the token; and
invalidating the token in response to locking the security apparatus, wherein the security apparatus is locked at least upon a power reset of the electronic device.
6 Assignments
0 Petitions
Accused Products
Abstract
An electronic device includes multiple applications that can access a smart card or other security apparatus. A first application that is to use the security apparatus prompts a user for a security string such as a PIN or password. Upon receipt of the PIN or password, the first application unlocks the security apparatus for use. Additionally, the first application receives a token from a security service that interfaces with the security apparatus. The token can be shared by the first application with other applications. For example, the first application can share the token with other trusted applications. The other applications that receive the token can refrain from issuing a prompt for a security string and receiving a response from the user. The token can be used instead of the security string to obtain access to the security apparatus.
55 Citations
21 Claims
-
1. A method comprising:
-
establishing, by a first application executing on an electronic device, a session with a security apparatus physically coupled to the electronic device upon receiving a valid security string to unlock the security apparatus, wherein the security apparatus comprises a smart card; receiving, by the first application, a token in response to unlocking the security apparatus, the token enabling the first application to utilize the security apparatus; providing, by the first application, the token to a second application executing on the electronic device using a file system on the electronic device in response to identifying the second application on a whitelist indicating that the first application is allowed to share the token with the second application, wherein the token authenticates the second application with the security apparatus, wherein the token is shared with a plurality of applications on the whitelist through the file system on the electronic device, and wherein the file system is accessible to the applications on the whitelist that are allowed to share the token; and invalidating the token in response to locking the security apparatus, wherein the security apparatus is locked at least upon a power reset of the electronic device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory machine readable storage medium having stored thereon executable instructions for causing one or more processors to perform operations comprising:
-
establishing, by a first application executing on an electronic device, a session with a security apparatus physically coupled to the electronic device upon receiving a valid security string to unlock the security apparatus, wherein the security apparatus comprises a smart card; receiving, by the first application, a token in response to unlocking the security apparatus, the token enabling the first application to utilize security apparatus; providing, by the first application, the token to a second application executing on the electronic device using a file system on the electronic device in response to identifying the second application on a whitelist indicating that the first application is allowed to share the token with the second application, wherein the token authenticates the second application with the security apparatus, wherein the token is shared with a plurality of applications on the whitelist through the file system on the electronic device, and wherein the file system is accessible to the applications on the whitelist that are allowed to share the token; and invalidating the token in response to locking the security apparatus, wherein the security apparatus is locked at least upon a power reset of the electronic device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. An apparatus comprising:
-
one or more processors; and a non-transitory machine readable storage medium communicably coupled to the one or more processors, the non-transitory machine readable storage medium configured to store instructions, that when executed by the one or more processors cause the apparatus to; establish, by a first application, a session with a security apparatus upon receiving a valid security string to unlock the security apparatus, wherein the security apparatus comprises a smart card physically coupled to the electronic device; receive, by the first application, a token in response to unlocking the security apparatus, the token enabling the first application to utilize the security apparatus; provide, by the first application, the token to a second application using a file system on the apparatus in response to identifying the second application on a whitelist indicating that the first application is allowed to share the token with the second application, wherein the token authenticates the second application with the security apparatus, wherein the token is shared with a plurality of applications on the whitelist through the file system on the apparatus, and wherein the file system is accessible to the applications on the whitelist that are allowed to share the token; and invalidate the token in response to locking the security apparatus, wherein the security apparatus is locked at least upon a power reset of the electronic device. - View Dependent Claims (17, 18, 19, 20, 21)
-
Specification