SYSTEM AND METHOD FOR CODE SIGNING

US 20100332848A1
Filed: 09/02/2010
Published: 12/30/2010
Est. Priority Date: 09/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of signing code, the method performed at code signing server, the method comprising:

receiving, at the code signing server, a code signing request to sign a software application or hash thereof using a private key of a key pair associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device, wherein a public key of the key pair is attached to or embedded in the sensitive application programming interface to control access to the sensitive application programming interface;

digitally signing the software application or hash thereof, wherein a digital signature is generated using the private key; and

outputting the digital signature in response to the code signing request.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for code signing. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device.

112 Citations

View as Search Results

20 Claims

1. A method of signing code, the method performed at code signing server, the method comprising:
- receiving, at the code signing server, a code signing request to sign a software application or hash thereof using a private key of a key pair associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device, wherein a public key of the key pair is attached to or embedded in the sensitive application programming interface to control access to the sensitive application programming interface;
  
  digitally signing the software application or hash thereof, wherein a digital signature is generated using the private key; and
  
  outputting the digital signature in response to the code signing request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising creating the key pair, the key pair comprising the public key and the public key.
  - 3. The method of claim 2, further comprising storing the private key of the key pair at the code signing server.
  - 4. The method of claim 2, further comprising deploying the public key of the key pair prior to the receiving, so that the public key is attached to the sensitive application programming interface provided on the mobile device or embedded in the sensitive application programming interface provided on the mobile device.
  - 5. The method of claim 1, wherein the code signing request comprises a second digital signature associated with a requestor making the code signing request, and wherein the method further comprises successfully verifying the second digital signature before the digitally signing the software application or hash thereof.
  - 6. The method of claim 5, further comprising retrieving a second public key associated with the requestor, and using the second public key to verify the second digital signature associated with the requestor.
  - 7. The method of claim 1, further comprising sending an e-mail notification to a requestor making the code signing request in response to the receiving.
  - 8. The method of claim 1, further comprising maintaining a record of a number of allowable signing requests for a requestor making the code signing request, verifying that there are allowable signing requests remaining, and updating the number of allowable signing requests, wherein the digitally signing the software application or hash thereof is performed after successfully verifying that there are allowable signing requests remaining.
  - 9. The method of claim 1, further comprising verifying that a requestor making the code signing request is registered with the code signing server, wherein the digitally signing the software application or hash thereof is performed after successfully verifying that the requestor making the code signing request is registered.
  - 10. The method of claim 1, further comprising verifying that an account of a requestor making the code signing request is not expired, wherein the digitally signing the software application or hash thereof is performed after successfully verifying that the account of the requestor making the code signing request is not expired.

11. A code signing server configured to sign code, the code signing server comprising:
- a processor; and
  
  a memory;
  
  wherein the processor is configured to;
  
  receive a code signing request to sign a software application or hash thereof using a private key of a key pair associated with a sensitive application programming interface provided on a mobile device, the software application programmed to access the sensitive application programming interface when the software application is run on the mobile device, wherein a public key of the key pair is attached to or embedded in the sensitive application programming interface to control access to the sensitive application programming interface;
  
  digitally sign the software application or hash thereof, wherein a digital signature is generated using the private key; and
  
  output the digital signature in response to the code signing request.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The server of claim 11, wherein the processor is further configured to create the key pair, the key pair comprising the public key and the public key.
  - 13. The server of claim 12, wherein the processor is further configured to store the private key of the key pair in the memory.
  - 14. The server of claim 12, wherein the processor is further configured to deploy the public key of the key pair prior to receiving the code signing request, so that the public key is attached to the sensitive application programming interface provided on the mobile device or embedded in the sensitive application programming interface provided on the mobile device.
  - 15. The server of claim 11, wherein the code signing request comprises a second digital signature associated with a requestor making the code signing request, and wherein the processor is further configured to verify the second digital signature before digitally signing the software application or hash thereof.
  - 16. The server of claim 15, wherein the processor is further configured to retrieve a second public key associated with the requestor, and use the second public key to verify the second digital signature associated with the requestor.
  - 17. The server of claim 11, wherein the processor is further configured to send an e-mail notification to a requestor making the code signing request in response to receiving the code signing request.
  - 18. The server of claim 11, wherein the processor is further configured to maintain a record of a number of allowable signing requests for a requestor making the code signing request, verify that there are allowable signing requests remaining, and update the number of allowable signing requests, and wherein the processor is configured to digitally sign the software application or hash thereof after successfully verifying that there are allowable signing requests remaining.
  - 19. The server of claim 11, wherein the processor is further configured to verify that a requestor making the code signing request is registered with the code signing server, and wherein the processor is configured to digitally sign the software application or hash thereof after successfully verifying that the requestor making the code signing request is registered.
  - 20. The server of claim 11, wherein the processor is further configured to verify that an account of a requestor making the code signing request is not expired, and wherein the processor is configured to digitally sign the software application or hash thereof after successfully verifying that the account of the requestor making the code signing request is not expired.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Malikie Innovations Limited (Key Patent Innovations Limited)
Original Assignee
Blackberry Limited
Inventors
Adams, Neil P., Kirkup, Michael G., Little, Herbert A., Tapuska, David F.

Granted Patent

US 8,452,970 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/629   to features or functions of...

H04L 2209/80   Wireless network architectu...

H04L 63/166   at the transport layer

H04L 9/3215   using a plurality of channe...

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

H04W 12/10   Integrity

H04W 12/35   Protecting application or s...

SYSTEM AND METHOD FOR CODE SIGNING

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

112 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR CODE SIGNING

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links