Systems and methods for enforcing security in mobile computing

US 9,773,107 B2
Filed: 03/13/2014
Issued: 09/26/2017
Est. Priority Date: 01/07/2013
Status: Active Grant

First Claim

Patent Images

1. A method of securing inter-process communications in a device, comprising:

operating an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism;

extending an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with;

performing inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and

adapting the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems described herein relate to enhancing security on a device by configuring one or more software functions in a trusted zone of a processor using object firewalls, IPC mechanisms, and/or a policy engine. An inter-process communication mechanism and inter-process communication bus enable secure inter-process communication between inter-process communication applications within the trusted zone and inter-process communication applications external to the trusted zone. Adapting, filtering, blocking, redirecting, or otherwise modifying inter-process communications is enabled by the inter-process communications mechanism. Modifications may be controlled by a policy engine within the trusted zone.

Citations

20 Claims

1. A method of securing inter-process communications in a device, comprising:
- operating an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism;
  
  extending an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with;
  
  performing inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and
  
  adapting the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the inter-process communications adapted using the inter-process communications mechanism are filtered according to a policy determined by a policy engine.
  - 3. The method of claim 1, wherein the inter-process communications are blocked using the inter-process communications mechanism according to a policy determined by a policy engine.
  - 4. The method of claim 2, wherein the policy engine is within the trusted code zone of the device.
  - 5. The method of claim 1, wherein the service on the device is a user input service.
  - 6. The method of claim 1, wherein the inter-process communications include financial information.
  - 7. The method of claim 1, further comprising redirecting requests for inter-process communication with the user-space application not within the trusted code zone to a trusted version of the user-space application within the trusted code zone.

8. A device with secure inter-process communications, comprising:
- a memory storing program instructions;
  
  a processor connected to the memory, wherein the processor is configuredaccording to the program instructions to execute;
  
  a trusted code zone of the device, wherein code operating within the trusted code zone of the device is cryptographically guaranteed not to have been tampered with;
  
  an inter-process communications mechanism within the trusted code zone, wherein operation within the trusted code zone ensures that inter-process communications are not tampered with within the inter-process communications mechanism;
  
  an inter-process communications bus extending from outside the trusted code zone into the trusted code zone, wherein the inter-process communications bus allows inter-process communications between objects supporting inter-process communication located within the trusted code zone and objects supporting inter-process communication not located within the trusted code zone, within which code is cryptographically guaranteed not to have been tampered with;
  
  services on the device located within the trusted code zone of the device; and
  
  user-space applications on the device not located within the trusted code zone, wherein inter-process communications between the services on the device and the user-space applications on the device are adapted by the inter-process communications mechanism.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The device of claim 8, wherein the inter-process communications adapted using the inter-process communications mechanism are filtered according to a policy determined by a policy engine.
  - 10. The device of claim 8, wherein the inter-process communications adapted using the inter-process communications mechanism are blocked according to a policy determined by a policy engine.
  - 11. The device of claim 10, wherein the policy engine is within the trusted code zone of the device.
  - 12. The device of claim 8, wherein the service on the device is a user input service.
  - 13. The device of claim 12, wherein the user input service is a touch-screen input service for a touch-screen of the device.
  - 14. The device of claim 8, wherein the inter-process communications mechanism is configured to redirect requests for inter-process communication with the user-space application not within the trusted code zone to a trusted version of the user-space application within the trusted code zone.

15. A non-transitory computer readable medium comprising:
- instructions executable by one or more processors to cause the one or more processors to;
  
  operate an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism;
  
  extend an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with;
  
  perform inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and
  
  adapt the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The medium of claim 15, wherein a policy engine is located within the trusted code zone of the device.
  - 17. The medium of claim 16, wherein the policy engine controls the adaptation of the inter-process communications.
  - 18. The medium of claim 15, wherein the service on the device is a user input service.
  - 19. The medium of claim 18, wherein the user input service is a touch-screen user input service.
  - 20. The medium of claim 15, wherein the instructions are further executable to cause the one or more processors to redirect requests for inter-process communication with the user-space application not within the trusted code zone to a trusted version of the user-space application within the trusted code zone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Optio Labs
Original Assignee
Optio Labs, Inc.
Inventors
White, Christopher Jules, Dougherty, Brian, Hamrick, David Alexander, Sharpe, Grayson Gates, Hanlin, Robert Austin, Zienkiewicz, Krzysztof Kamil, Thompson, Christopher Michael, Clancy, III, Thomas Charles
Primary Examiner(s)
Waliullah, Mohammed

Application Number

US14/210,382
Publication Number

US 20140201807A1
Time in Patent Office

1,293 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/0227   Filtering policies mail mes...

H04L 63/20   for managing network securi...

Systems and methods for enforcing security in mobile computing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for enforcing security in mobile computing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links