Systems and methods for enforcing security in mobile computing
First Claim
1. A method of securing inter-process communications in a device, comprising:
- operating an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism;
extending an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with;
performing inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and
adapting the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems described herein relate to enhancing security on a device by configuring one or more software functions in a trusted zone of a processor using object firewalls, IPC mechanisms, and/or a policy engine. An inter-process communication mechanism and inter-process communication bus enable secure inter-process communication between inter-process communication applications within the trusted zone and inter-process communication applications external to the trusted zone. Adapting, filtering, blocking, redirecting, or otherwise modifying inter-process communications is enabled by the inter-process communications mechanism. Modifications may be controlled by a policy engine within the trusted zone.
-
Citations
20 Claims
-
1. A method of securing inter-process communications in a device, comprising:
-
operating an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism; extending an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with; performing inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and adapting the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A device with secure inter-process communications, comprising:
-
a memory storing program instructions; a processor connected to the memory, wherein the processor is configured according to the program instructions to execute; a trusted code zone of the device, wherein code operating within the trusted code zone of the device is cryptographically guaranteed not to have been tampered with; an inter-process communications mechanism within the trusted code zone, wherein operation within the trusted code zone ensures that inter-process communications are not tampered with within the inter-process communications mechanism; an inter-process communications bus extending from outside the trusted code zone into the trusted code zone, wherein the inter-process communications bus allows inter-process communications between objects supporting inter-process communication located within the trusted code zone and objects supporting inter-process communication not located within the trusted code zone, within which code is cryptographically guaranteed not to have been tampered with; services on the device located within the trusted code zone of the device; and
user-space applications on the device not located within the trusted code zone, wherein inter-process communications between the services on the device and the user-space applications on the device are adapted by the inter-process communications mechanism. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium comprising:
-
instructions executable by one or more processors to cause the one or more processors to; operate an inter-process communications mechanism within a trusted code zone of the device, wherein operating within the trusted code zone of the device cryptographically guarantees the code within the trusted code zone has not been tampered with and thereby ensures that inter-process communications are not tampered with within the inter-process communications mechanism; extend an inter-process communications bus from outside the trusted code zone into the trusted code zone of the device, within which code is cryptographically guaranteed not to have been tampered with; perform inter-process communications on the inter-process communications bus between services on the device and user-space applications not within the trusted code zone of the device; and adapt the inter-process communications between services on the device and user-space applications using the inter-process communications mechanism within the trusted code zone of the device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification