Code signing system and method
First Claim
1. A code signing method comprising:
- receiving, by a code signing authority, code from a developer; and
signing, by the code signing authority, the code;
wherein the code signed by the code signing authority is authorized to access at least one sensitive application programming interface (API) on a mobile device on which said code is to be loaded and wherein the code signed by the code signing authority comprises a digital signature which is generated by a device external to the mobile device;
wherein the mobile device includes at least one sensitive API and at least one non-sensitive API; and
wherein access to the at least one sensitive API is further restricted relative to the at least one non-sensitive API.
2 Assignments
0 Petitions
Accused Products
Abstract
A novel code signing system, computer readable media, and method are provided. The code signing method includes receiving a code signing request from a requestor in order to gain access to one or more specific application programming interfaces (APIs). A digital signature is provided to the requestor. The digital signature indicates authorization by a code signing authority for code of the requestor to access the one or more specific APIs. In one example, the digital signature is provided by the code signing authority or a delegate thereof. In another example, the code signing request may include one or more of the following: code, an application, a hash of an application, an abridged version of the application, a transformed version of an application, a command, a command argument, and a library.
70 Citations
29 Claims
-
1. A code signing method comprising:
-
receiving, by a code signing authority, code from a developer; and signing, by the code signing authority, the code; wherein the code signed by the code signing authority is authorized to access at least one sensitive application programming interface (API) on a mobile device on which said code is to be loaded and wherein the code signed by the code signing authority comprises a digital signature which is generated by a device external to the mobile device; wherein the mobile device includes at least one sensitive API and at least one non-sensitive API; and wherein access to the at least one sensitive API is further restricted relative to the at least one non-sensitive API. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A device comprising:
-
one or more hardware processors enabled to receive, by a code signing authority, code from a developer and sign, by the code signing authority, the code; wherein the code signed by the code signing authority is authorized to access at least one sensitive application programming interface (API) on a mobile device on which said code is to be loaded and wherein the code signed by the code signing authority comprises a digital signature which is generated by a device external to the mobile device; wherein the mobile device includes at least one sensitive API and at least one non-sensitive API; and wherein access to the at least one sensitive API is further restricted relative to the at least one non-sensitive API. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. One or more non-transitory computer readable memories comprising instructions that when executed by one or more processors of a device cause the one or more processors to perform instructions comprising:
-
receiving, by a code signing authority, code from a developer; and signing, by the code signing authority, the code; wherein the code signed by the code signing authority is authorized to access at least one sensitive application programming interface (API) on a mobile device on which said code is to be loaded and wherein the code signed by the code signing authority comprises a digital signature which is generated by a device external to the mobile device; wherein the mobile device includes at least one sensitive API and at least one non-sensitive API; and wherein access to the at least one sensitive API is further restricted relative to the at least one non-sensitive API. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification