Patent application number | Description | Published |
20090247124 | PROVISIONING MOBILE DEVICES BASED ON A CARRIER PROFILE - Systems and methods for provisioning computing devices are provided. Carrier provisioning profiles are distributed to computing devices via an activation service during the provisioning process. The carrier provisioning profiles specify access limitations to certain device resources which may otherwise be available to users of the device. | 10-01-2009 |
20090249064 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE BASED ON A TRUSTED CACHE - Embodiments include systems and methods for authorizing software code to be executed on a device based on a trusted cache. When receiving a request to execute software, this software may be checked for a digital signature by at least one trusted authority. According, a digest value indicative of at least a portion of the software module may be determined. A cache stored in trusted space of the device is then accessed for a matching digest value. If an entry is found, the device may allow execution of the software module; if an entry is not found, then the device may continue with the cryptographic operations for verifying the software's digital signature, or may be configured to block execution of the software. | 10-01-2009 |
20090249065 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE BASED ON AT LEAST ONE INSTALLED PROFILE - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The profiles allow entities to add software code to the device without reauthorizing each distribution by a trusted authority such as testing, quality assurance, or to limited groups of devices controlled or authorized by the other entities. | 10-01-2009 |
20090249071 | MANAGING CODE ENTITLEMENTS FOR SOFTWARE DEVELOPERS IN SECURE OPERATING ENVIRONMENTS - Systems and methods for managing access to restricted data and system resources in secure operating environments are disclosed. Developer access profiles are issued by trusted authorities to developers which define entitlements that provide limited access to system resources and data on specified computing devices. The developer access profiles allow software developers to write software which accesses parts of the target platform environment which are typically off limits to third party developers. | 10-01-2009 |
20090249075 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE IN A DEVICE BASED ON ENTITLEMENTS GRANTED TO A CARRIER - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities. | 10-01-2009 |
20090254753 | SYSTEM AND METHOD OF AUTHORIZING EXECUTION OF SOFTWARE CODE BASED ON ACCESSIBLE ENTITLEMENTS - Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement. | 10-08-2009 |
20110010699 | Methods and Systems for Upgrade and Synchronization of Securely Installed Applications on a Computing Device - Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application. | 01-13-2011 |
20110010701 | Methods and Systems for Archiving and Restoring Securely Installed Applications on a Computing Device - Embodiments of the present disclosure provide methods and systems of backing up applications and their associated data installed on a device, such as a mobile device. In particular, data for a backed-up application is stored on a remote archive host and can be restored to dynamically managed containers of securely installed applications on the device. Upon request, the archive host may provide a package of files to the device. The device may then restore the application based on the contents of the package. The package may comprise all the files needed to install the application including the program code, data, and documents. Alternatively, the package may simply comprise just some of the files, such as just the data or documents for an application. After installation, a secure installer framework may be used to verify the applications and authorize the application's execution on the device. | 01-13-2011 |
20130055341 | RESTRICTION OF PROGRAM PROCESS CAPABILITIES - This document describes systems and methods for restricting program process capabilities. In some implementations, the capabilities are restricted by limiting the rights or privileges granted to an application. A plurality of rules may be established for a program, or for a group of programs, denying that program the right to take actions which are outside of the actions needed to implement its intended functionality. A security policy is implemented to test actions initiated in response to an application against the rules to enable decisions restricting the possible actions of the program. Embodiments are disclosed which process the majority of decisions regarding actions against a security profile through use of a virtual machine. In some embodiments, the majority of decisions are resolved within the kernel space of an operating system. | 02-28-2013 |
20150082458 | METHODS AND SYSTEMS FOR UPGRADE AND SYNCHRONIZATION OF SECURELY INSTALLED APPLICATIONS ON A COMPUTING DEVICE - Embodiments of the present disclosure provide for upgrades and synchronization of applications installed on a device, such as a mobile device. In one embodiment, a device may include applications purchased and downloaded via a content management system. The device maintains a list or database of applications that are authorized for each device. This list is also replicated in a remote cache that is maintained by an archive host. The device may then synchronize and upgrade these applications across multiple platforms, such as one or more computers that can be coupled to the device or the archive host. The archive host allows for files of the application be provided back to the device. Upon installation, the device can then confirm the authorization and identity of the newly installed application. | 03-19-2015 |