`
`UNITED STATES PATENT AND TRADEMARK OFFICE
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIONER FOR PATENTS
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`www uspto.gov
`
`PATENT NO.
`
`ATTORNEY DOCKET NO.
`
`CONFIRMATION NO.
`
`10/381,219
`
`ISSUE DATE
`
`07/16/2013
`
` APPLICATION NO.
`
`8489868
`
`13210-1465/RT.
`
`9761
`
`95866
`
`7590
`
`06/26/2013
`
`Fleit Gibbons Gutman Bongini & Bianco P.L.
`551 NW77th street
`Suite 111
`Boca Raton, FL 33487
`
`The projected patent numberand issue date are specified above.
`
`ISSUE NOTIFICATION
`
`Determination of Patent Term Adjustment under 35 U.S.C, 154 (b)
`(application filed on or after May 29, 2000)
`
`The Patent Term Adjustment is 1974 day(s). Any patent to issue from the above-identified application will
`include an indication of the adjustment on the front page.
`
`If a Continued Prosecution Application (CPA) wasfiled in the above-identified application, the filing date that
`determines Patent Term Adjustmentis the filing date of the most recent CPA.
`
`Applicant will be able to obtain more detailed information by accessing the Patent Application Information
`Retrieval (PAIR) WEBsite (http://pair.uspto.gov).
`
`Any questions regarding the Patent Term Extension or Adjustment determination should be directed to the
`Office of Patent Legal Administration at (571)-272-7702. Questions relating to issue and publication fee
`payments should be directed to the Application Assistance Unit (AAU) of the Office of Data Management
`(ODM)at (571)-272-4200.
`
`APPLICANT(s) (Please see PAIR WEBsite http://pair.uspto.govfor additional applicants):
`
`David P Yach, Waterloo, ON, CANADA;
`Michael S Brown, Waterloo, ON, CANADA;
`Herbert A Little, Watcrloo, ON, CANADA;
`
`The United States represents the largest, most dynamic marketplace in the world and is an unparalleled location
`for business investment, innovation, and commercialization of new technologies. The USA offers tremendous
`resources and advantages for those who invest and manufacture goods here. Through SelectUSA, our nation
`works to encourage and facilitate business investment. To learn more about why the USAis the best country in
`the world to develop technology, manufacture products, and grow yourbusiness, visit SelectUSA. gov.
`
`TR103 (Rev. 10/09)
`
`Page 1 of 1415
`
`GOOGLEEXHIBIT 1004
`Part 1 of 3
`
`Page 1 of 1415
`
`GOOGLE EXHIBIT 1004
`Part 1 of 3
`
`

`

`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Application No.
`Applicant
`Filed
`TC/A.U.
`Examiner
`Docket No.
`Customer No.
`Confirmation No.
`For
`
`10/381,219
`:
`David P. YACH etal.
`:
`: March 20, 2003
`:
`2431
`:
`Jeremiah L. AVERY
`>
`10289-US-PCT
`:
`95866
`:
`9761
`:
`SOFTWARE CODE SIGNING SYSTEM AND METHOD
`
`AMENDMENT AFTER ALLOWANCE
`
`VIA USPTO ELECTRONIC FILE SYSTEM
`Mail Stop Amendment
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`ATTENTION: Examiner Jeremiah L. AVERY,Tel. No. 571-272-8627
`
`Sir:
`
`In response to the Notice of Allowance dated March 28, 2013, please enter and
`
`consider the following response with amendmentand remarksasfollows:
`
`Amendment to Claims begins on page 2
`
`Remarks begin on page 26
`
`OK TOENTER: ALA/
`
`CERTIFICATE OF TRANSMISSION
`| hereby certify that this correspondence is being deposited with the United States
`In accordance with 37 CFR 1.8,
`Postal Service with sufficient postage asfirst class mail in an envelope addressed to: Commissioner for Patents, P.O.
`Box 1450, Alexandria, VA 22313-1450 or facsimile transmitted or submitted under electronic filing system to the U.S.
`Patent and Trademark Office on the date: June 3, 2013.
`By: Jon A. Gibbons
`
`Signature:/ Jon A. Gibbons/
`(Applicant, Assignee, or Representative)
`
`1 of 26
`
`Page 2 of 1415
`
`Page 2 of 1415
`
`

`

`
`
`UNITED STATES DEPARTMENT OF COMMERCE
`United States Patent and Trademark Office
`Address: COMMISSIONER FOR PATENTS
`P.O. Box 1459
`Alexandria, Virginia 22313-1450
`WWww.Usplo.gov
`
`APPLICATION NO.
`
`FILING DATE
`
`FIRST NAMED INVENTOR
`
`ATTORNEYDOCKETNO.
`
`CONFIRMATION NO.
`
`10/381,219
`
`03/20/2003
`
`David P Yach
`
`13210-1465/KL
`
`9761
`
`EXAMINER
`;
`as
`Ficit Gibbons Gutman Bongini & Bianco P.L. Lae
`PAINE
`&Bian
`itn
`Fieit
`551 NW 77thstreet
`AVERY,JEREMIAII L
`Suite 111
`ARTUNIT
`PAPER NUMBER
`Boca Raton, FL, 33487|eros
`2431
`
`_.
`
`NOTIFICATION DATR
`
`DELIVERY MODE
`
`06/17/2013
`
`FLECTRONIC
`
`Please find below and/or attached an Office communication concerning this application or proceeding.
`
`The time period for reply, if any, is set in the attached communication.
`
`Notice of the Office communication was sent electronically on above-indicated "Notification Date” to the
`following e-mail address(es):
`ptoboca @fgegbb.com
`portfolioprosecution @blackberry.com
`
`PTOL-90A (Rev. 04/07)
`
`Page 3 of 1415
`
`Page 3 of 1415
`
`

`

`
` _o., 10/381,219 YACH ET AL.
`
`Responseto Rule 312 Communication
`Examiner
`Art Unit
`
`
`
`JEREMIAH AVERY 2431
`
`
`
`
`
`Application No.
`
`Applicant(s)
`
`-- The MAILING DATEof this communication appears on the cover sheet with the correspondence address —
`
`1. K The amendmentfiled on 03 June 2013 under 37 CFR 1.312 has been considered, and has been:
`
`a) KX]
`
`entered.
`
`b) 1] entered as directed to matters of form not affecting the scope of the invention.
`
`c)[]_ disapproved because the amendmentwasfiled after the paymentofthe issue fee.
`
`Any amendment filed after the date the issue fee is paid must be accompaniedbya petition under 37 CFR 1.313(c)(1)
`
`and the required fee to withdraw the application from issue.
`
`d)( disapproved. See explanation below.
`
`e)( entered in part. See explanation below.
`
`/NATHAN FLYNN/
`Supervisory Patent Examiner, Art Unit 2431
`
` U.S. Patent and Trademark Office
`
`/Jeremiah Avery/
`Examiner, Art Unit 2431
`
`PTOL-271 (Rev. 04-01)
`
`Reponseto Rule 312 Communication
`
`Part of Paper No. 20130606
`
`Page 4 of 1415
`
`Page 4 of 1415
`
`

`

`PART B - FEE(S) TRANSMITTAL
`
`Complete and send this form, together with applicable fee(s), to: Mail Mail Stop ISSUE FEE
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, Virginia 22313-1450
`or Fax (571)-273-2885
`
`INSTRUCTIONS: This form should be used for transmitting the ISSUE FEE and PUBLICATION FEE (if required). Blocks 1 through 5 should be completed where
`appropriate. All further correspondence including the Patent, advance orders and notification of maintenance fees will be mailed to the current correspondence address as
`indicated unless corrected below or directed otherwise in Block 1, by (a) specifying a new correspondence address; and/or (b) indicaling a separate "FEF ADDRESS" for
`maintenance fee notifications.
`
`CURRENT CORRESPONDENCE ADDRESS(Note: Use Block 1 for any change of address)
`
`03/2812013
`390
`95866.
`Fleit Gibbons Gutman Bongini & Bianco P.L.
`551 NW 77thstreet
`5
`sree
`Suite 111
`Boca Raton, FL 33487
`
`can only be used for domestic mailings of the
`Note: A certificate of mailing
`Fee(s) Transmittal. This certificate cannot be used for any other accompanying
`apers. Each additional paper, such as an assignment or formal drawing, must
`have its own certificate of mailing or transmission.
`Certificate of Mailing or Transmission
`I hereby certify that this Pee(s) Transmittal is being deposited with the United
`States Postal Service with sufficient postagefor first class mail in an envelope
`addressed to the Mail Stop ISSUE PEE address above, or being facsimile
`transmitted to the USPTO (571) 273-2885, on the date indicated below.
`(Depesitor's naive)
`(Signature)
`
`(Date)
`
`APPLICATION NO.
`
`FILING DATE
`
`FIRST NAMED INVENTOR
`
`ATTORNEY DOCKET NO.
`
`CONFIRMATION NO.
`
`David P Yach
`03/20/2003
`10/381,219
`
`
`
`TITLE OF INVENTION: SOFTWARE CODESIGNING SYSTEM AND METHOD
`
`13210-1465/KL
`
`9761
`
`
`
`
`
`APPLN. ‘TYPE PUBLICATION FEE DUE|PREV. PAID ISSUE FEEENITTLY STATUS ISSUE FEE DUB ‘TOTAL KER(S) DUE
`
`
`
`
`
`DATE DUE
`
`nonprovisional
`
`UNDISCOUNTED
`
`$1780
`
`$300
`
`SO
`
`$2080
`
`06/28/2013
`
`AVERY,JEREMIAH L
`
`2431
`
`1. Change of correspondence address orindication of "Fee Address" (37
`CFR 1.363).
`I Change ofcorrespondence address (or Change of Correspondence
`Address form PTO/SB/122) attached.
`LL] “Fee Address” indication (or "Fee Address" Indication form
`PTO/SB/47, Rev 03-02 or morc recent) attached. Use of a Customer
`Numberis required.
`
`
`
`
`
`713-001000
`
`2. For printing on the patent front page, list
`(1) the names of up to 3 registered patent attorneys
`or agents OR,alternatively,
`(2) the nameofa single firm (having as a member a
`registered attorney or agent) and the names of up to
`2 registered patent attorneys or agents. If no nameis
`listed, no name will be printed.
`
`iJon A. Gibbons
`
`2Fleit Gibbons Gutman
`
`
`
`Bongini
`& Bianco PL
`
`ioe)
`
`
`
`3. ASSIGNEE NAME AND RESIDENCE DATA TO BE PRINTED ON THE PATENT(printor type)
`If an assignee is identified below, the document has been filed for
`PLEASE NOTE: Unless an assignee is identified below, no assignee data will appear on the patent.
`recordation as set forth in 37 CFR 3.11. Completion of this form is NOTa substitute for filing an assignment.
`(A) NAMEOF ASSIGNEF.
`(B) RESIDENCE:(CITYand STATE OR COUNTRY)
`Research In Motion Limited
`Waterloo Ontario Canada
`
`Please check the appropriate assignee category or categories (will not be printed on the patent) :
`
`Ld individual BPcorporation or other private group entity LJ Government
`
`4a. The following fec(s) are submitted:
`sue Fee
`EFPublication Fee (No small entity discount permitted)
`| Advance Order- # of Copies
`
`4b. Payment of Fee(s): (Please first reapply any previously paid issue fee shown above)
`
`LL] A checkis enclosed.
`J Paymentby credit card. Form PTO-2038is attached.
`KKhe Director is hereby authorized to charge the required fee(s), any deficiency, or credit any
`overpayment, to Deposit Account Number 5(
`4 56
`(enclose an extra copy of this form).
`
`PTOL-85 (Rev. 02/11)
`
`Page 5 of 1415
`
`Page 2 of 4
`
`Page 5 of 1415
`
`

`

`5. Change in Entity Status (from status indicated above)
`
`I Applicant asserting small entity status. See 37 CFR 1.27
`
`LI Applicant changing to regular undiscounted fee status.
`
` LI Applicant certifying micro entity status. See 37 CI'R 1.29
`
`
`NOTE:Absenta valid certification of Micro Entity Status (see form PTO/SB/15A and 15B),issue
`fee payment in the micro entily amount will not be accepted at the risk of application abandonment.
`
`NOTE:If the application was previously under micro entity status, checking this box will be taken
`to be a notification ofloss of entitlement to micro entity status.
`
`NOTE: Checkingthis box will be taken to be a notification of loss of entitlementto small or micro
`entity status, as applicable.
`NOTE: TheIssue Fee and Publication Fee (if required) will not be accepted from anyoneother than the applicant; a registered attorney or agent; or the assignee or other party in
`interest as shown by the records of the United States Patent and ‘l'rademark Office.
`
`Authorized Signature
`
`Jon A. Gibbons
`
`Typed or printedname
`
`JON A. G ibbons
`
`
`Date 6/3/2013
`
`Registration No. 37333
`
`This collection of information is required by 37 CFR 1.311. The information is required to obtain orretain a benefit by the public whichis to file (and by the USPTOto process)
`an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimatedto take 12 minules to complete, including gathering, preparing, and
`submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any comments on the amountof time you require to complete
`
`
`this form and/or suggestionsfor reducingthis burden, should be sent to the Chief Information Officer, U.S. Patent and Trademark Office, U.S. Department of Commerce, P.O.
`
`
`
`Box 1450, ‘Alexandiia, Virginia 22313-1450. DO NOT SEND FEES OR COMPLETED FORMS TO THIS ADDRESS. SEND TO: Commissionerfor Patents, P.O. Box 1450,
`Alexandria, Virginia 22313-1450.
`Underthe Paperwork Reduction Act of 1995, no persons are required to respond to a collection of information unless it displays a valid OMB control number.
`
`PTOL-85 (Rev. 02/11) Approved for use through 08/31/2013.
`
`OMB 0651-0033
`
`
`US. Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`
`Page 3 of 4
`
`Page 6 of 1415
`
`Page 6 of 1415
`
`

`

`
`
`Electronic Patent Application Fee Transmittal
`
`Application Number:
`
`10381219
`
`Title of Invention:
`
`SOFTWARE CODE SIGNING SYSTEM AND METHOD
`
`
`
`First Named Inventor/Applicant Name:
`
`David P Yach
`
`
`
`recnts|en oe
`
`Basic Filing:
`
`Pages:
`
`a
`
`Publ. Fee- Early, Voluntary, or Normal
`
`Claims:
`
`Miscellaneous-Filing:
`
`Patent-Appeals-and-Interference:
`
`Post-Allowance-and-Post-Issuance:
`
`
`Utility Appl Issue Fee
`
`Page 7 of 1415
`
`Page 7 of 1415
`
`

`

`
`
` Quantity
`
`Description
`
`Fee Code
`
`
`
`Amount
`
`Sub-Total in
`USD($)
`
`Extension-of-Time:
`
`Miscellaneous:
`
`Total in USD (5S)
`
`Page 8 of 1415
`
`Page 8 of 1415
`
`

`

`
`
`Electronic AcknowledgementReceipt
`
`
`15935273
`EFS ID:
`
`
`Application Number:
`
`10381219
`
`Title of Invention:
`
`SOFTWARE CODE SIGNING SYSTEM AND METHOD
`
`First Named Inventor/Applicant Name:
`
`David P Yach
`
`
`
`Filer Authorized By: Jon A. Gibbons
`
`
`
`Attorney Docket Number: 13210-1465/KL
`
`Receipt Date:
`
`03-JUN-2013
`
`
`
`Application Type:
`
`U.S. National Stage under 35 USC 371
`
`Paymentinformation:
`
`
`Submitted with Payment
`
`yes
`
`
`
`Payment Type Deposit Account
`
`Payment was successfully received in RAM
`
`RAM confirmation Number
`
`Deposit Account
`
`$2080
`
`4734
`
`501556
`
`Charge any Additional Fees required under 37 C.F.R. Section 1.21 (Miscellaneous fees and charges)
`
`The Director of the USPTOis hereby authorized to charge indicated fees and credit any overpayment as follows:
`
`Page 9 of 1415
`
`Page 9 of 1415
`
`

`

`
`
`File Listing:
`
`Pages
`Multi
`File Size(Bytes)/
`DocumentDescription
`Document
`
`
`
`Number Message Digest|Part/.zip|P (if appl.)
`.
`10289-US-
`75819
`Amendmentafter Notice of Allowance
`PCT_312Amendment_6-3+13.
`(Rule 312)
`pdf
`
`daf3b
`€819923b035ed1ed8673586545 3535 a3.
`
`Warnings:
`Information:
`
`Information:
`
`Issue Fee Payment (PTO-85B)
`
`10289-US-
`
`106194
`
`PCT_IssueFeeTransmittal_6-3-1
`3.pdf
`
`443ea
`8e271a5564399c5d960628d06df72006976
`
`Fee Worksheet (SB06)
`
`fee-info.pdf
`
`49585b5e12237621 ffbecf607649585 1380a
`00b4
`
`the application.
`
`NewInternational Application Filed with the USPTO as a Receiving Office
`If a new international application is being filed and the international application includes the necessary components for
`an international filing date (see PCT Article 11 and MPEP 1810), a Notification of the International Application Number
`and of the International Filing Date (Form PCT/RO/105) will be issued in due course, subject to prescriptions concerning
`national security, and the date shown on this Acknowledgement Receiptwill establish the international filing date of
`
`This Acknowledgement Receipt evidences receipt on the noted date by the USPTOofthe indicated documents,
`characterized by the applicant, and including page counts, where applicable.It serves as evidence of receipt similar to a
`Post Card, as described in MPEP 503.
`
`New Applications Under 35 U.S.C. 111
`If a new application is being filed and the application includes the necessary componentsfor a filing date (see 37 CFR
`1.53(b)-(d) and MPEP 506), a Filing Receipt (37 CFR 1.54) will be issued in due course and the date shownon this
`Acknowledgement Receiptwill establish the filing date of the application.
`
`
`National Stage of an International Application under 35 U.S.C. 371
`If a timely submission to enter the national stage of an international application is compliant with the conditions of 35
`U.S.C. 371 and other applicable requirements a Form PCT/DO/EO/903indicating acceptance of the application as a
`national stage submission under 35 U.S.C. 371 will be issued in addition to the Filing Receipt, in due course.
`
`Page 10 of 1415
`
`Page 10 of 1415
`
`

`

`PATENT
`
`IN THE UNITED STATES PATENT AND TRADEMARK OFFICE
`
`Application No.
`Applicant
`Filed
`TC/A.U.
`Examiner
`Docket No.
`Customer No.
`Confirmation No.
`For
`
`10/381,219
`:
`David P. YACH etal.
`:
`: March 20, 2003
`:
`2431
`:
`Jeremiah L. AVERY
`>
`10289-US-PCT
`:
`95866
`:
`9761
`:
`SOFTWARE CODE SIGNING SYSTEM AND METHOD
`
`AMENDMENT AFTER ALLOWANCE
`
`VIA USPTO ELECTRONIC FILE SYSTEM
`Mail Stop Amendment
`Commissioner for Patents
`P.O. Box 1450
`Alexandria, VA 22313-1450
`ATTENTION: Examiner Jeremiah L. AVERY,Tel. No. 571-272-8627
`
`Sir:
`
`In response to the Notice of Allowance dated March 28, 2013, please enter and
`
`consider the following response with amendmentand remarksasfollows:
`
`Amendment to Claims begins on page 2
`
`Remarks begin on page 26
`
`CERTIFICATE OF TRANSMISSION
`| hereby certify that this correspondence is being deposited with the United States
`In accordance with 37 CFR 1.8,
`Postal Service with sufficient postage asfirst class mail in an envelope addressed to: Commissioner for Patents, P.O.
`Box 1450, Alexandria, VA 22313-1450 or facsimile transmitted or submitted under electronic filing system to the U.S.
`Patent and Trademark Office on the date: June 3, 2013.
`By: Jon A. Gibbons
`
`Signature:/ Jon A. Gibbons/
`(Applicant, Assignee, or Representative)
`
`1 of 26
`
`Page 11 of 1415
`
`Page 11 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`IN THE CLAIMS
`
`This listing of claims will replace all prior versions, and listings, of claims in the
`
`application:
`
`1-165 (Cancelled without prejudice).
`
`166. (Previously Presented) A mobile device containing software instructions which
`
`when executed on the mobile device cause the mobile device to perform operations for
`
`controlling access to an application platform of the mobile device, the operations
`
`comprising:
`
`storing a plurality of application programming interfaces (APIs) at the mobile
`
`device, wherein at least one API comprises a sensitive API to which accessis
`
`restricted;
`
`receiving, at the mobile device, an indication that a software application on the
`
`mobile device is requesting accessto the sensitive API stored at the mobile device;
`
`determining, at the mobile device, whether the software application is signed,
`
`wherein a signed software application includes a digital signature generated using a
`
`private key of a private key-public key pair, wherein the private key is not accessible to
`
`the mobile device;
`
`the mobile device using a public key of the private key-public key pair to verify
`
`the digital signature of the software application; and
`
`based upon verifying the digital signature at the mobile device, the mobile device
`
`allowing the software application access to the sensitive API.
`
`167. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the software application requesting access to the sensitive AP! does
`
`not include a signature, the operations further comprise: preventing execution of the
`
`software application.
`
`2 of 26
`
`Page 12 of 1415
`
`Page 12 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`168. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the software application requesting access to the sensitive AP! does
`
`not include a signature, the operations further comprise: denying the software
`
`application access to the sensitive API.
`
`169. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the software application requesting accessto the sensitive API does
`
`not include a signature, the operations further comprise: purging the software
`
`application from the mobile device.
`
`170. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: preventing execution of the software application.
`
`171. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: denying the software application accessto the sensitive API.
`
`172. (Previously Presented) The mobile device of claim 166, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: purging the software application from the mobile device.
`
`173. (Previously Presented) The mobile device of claim 166, wherein a global signature
`
`is associated with each of the plurality of APIs; and wherein the global signatureis
`
`verified prior to allowing the software application to access the sensitive API.
`
`174. (Previously Presented) The mobile device of claim 166, wherein at least some of
`
`the operations are performed by an application execution manager, and wherein the
`
`application execution manager is implemented by a virtual machine (VM) of the mobile
`
`device.
`
`3 of 26
`
`Page 13 of 1415
`
`Page 13 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`175. (Previously Presented) The mobile device of claim 166, wherein the digital
`
`signature is generated by applying the private key to a first hash of the software
`
`application; and the digital signature is verified by generating a second hash of the
`
`software application to obtain a generated hash, applying the public key to the digital
`
`signature to obtain a recovered hash, and verifying that the generated hash and the
`
`recovered hash are the same.
`
`176. (Previously Presented) The mobile device of claim 166, wherein the digital
`
`signature is generated by applying the private keyto a first abridged version of the
`
`software application; and the digital signature is verified by generating a second
`
`abridged version of the software application to obtain a generated abridged version,
`
`applying the public key to the digital signature to obtain a recovered abridged version,
`
`and verifying that the generated abridged version and the recovered abridged version
`
`are the same.
`
`177. (Previously Presented) The mobile device of claim 166, wherein the digital
`
`signature is generated by a code signing authority and included with the software
`
`application.
`
`178. (Previously Presented) The mobile device of claim 166, wherein the operations
`
`further comprise:
`
`displaying a description string when the software application attempts to access
`
`the sensitive API.
`
`179. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform comprises an operating system.
`
`180. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform includes mobile device hardware.
`
`181. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform comprises a cryptographic module.
`4 of 26
`
`Page 14 of 1415
`
`Page 14 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`182. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform comprises a data store.
`
`183. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform comprises a proprietary data model.
`
`184. (Previously Presented) The mobile device of claim 166, wherein the application
`
`platform comprises an input and output controller.
`
`185. (Previously Presented) The mobile device of claim 166, wherein the digital
`
`signature provides an audittrail identifying a developer of the software application
`
`requesting accessto the sensitive API.
`
`186. (Previously Presented) The mobile device of claim 185, wherein a problematic
`
`software application is identified using the audit trail, and wherein the digital signature
`
`associated with the problematic software application is revocable.
`
`187. (Previously Presented) The mobile device of claim 186, wherein the digital
`
`signature associated with the problematic software application is revoked, and wherein
`
`the revoked digital signature is added to a signature revocation list.
`
`188. (Currently Amended) The mobile device of claim 166, wherein the digital
`
`signatureis first verified each time the software application requesting accessto the
`
`sensitive API is allowed to interact with the application platform.
`
`189. (Previously Presented) The mobile device of claim 166, wherein the software
`
`application further includes a signature identification, and wherein the digital signature
`
`and the signature identification correspond to a mobile device type.
`
`190. (Previously Presented) The mobile device of claim 166, wherein the operations
`
`further comprise obtaining the public key from a public key repository.
`5 of 26
`
`Page 15 of 1415
`
`Page 15 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`191. (Previously Presented) A system for controlling access to an application platform
`
`on a mobile device, comprising:
`
`one or more processors;
`
`one or more computer readable storage mediums containing software
`
`instructions executable on the one or more processors to cause the one or more
`
`processors to perform operations including:
`
`storing a plurality of application programming interfaces (APIs) at the mobile
`
`device, wherein at least one API comprises a sensitive API to which accessis
`
`restricted;
`
`receiving, at the mobile device, an indication that a software application is
`
`requesting accessto the sensitive API stored at the mobile device;
`
`determining, at the mobile device, whether the software application is signed,
`
`wherein a signed software application includes a digital signature generated using a
`
`private key of a private key-public key pair, wherein the private key is not accessible to
`
`the mobile device;
`
`the mobile device using a public key of the private key-public key pair to verify
`
`the digital signature of the software application; and
`
`based upon verifying the digital signature, the mobile device allowing the
`
`software application access to the sensitive API.
`
`192. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the software application requesting accessto the sensitive AP! does
`
`not include a signature, the operations further comprise: preventing execution of the
`
`software application.
`
`6 of 26
`
`Page 16 of 1415
`
`Page 16 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`193. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the software application requesting access to the sensitive AP! does
`
`not include a signature, the operations further comprise: denying the software
`
`application access to the sensitive API.
`
`194. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the software application requesting accessto the sensitive API does
`
`not include a signature, the operations further comprise: purging the software
`
`application from the mobile device.
`
`195. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: preventing execution of the software application.
`
`196. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: denying the software application accessto the sensitive API.
`
`197. (Previously Presented) The system of claim 191, wherein based upon a
`
`determination that the digital signature is not successfully verified, the operations further
`
`comprise: purging the software application from the mobile device.
`
`198. (Previously Presented) The system of claim 191, wherein a global signatureis
`
`associated with each of the plurality of APIs; and wherein the global signatureis verified
`
`prior to allowing the software application to access the sensitive API.
`
`199. (Previously Presented) The system of claim 191, wherein at least some of the
`
`operations are performed by an application execution manager, and wherein the
`
`application execution manager is implemented by a virtual machine (VM) of the mobile
`
`device.
`
`7 of 26
`
`Page 17 of 1415
`
`Page 17 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`200. (Previously Presented) The system of claim 191, wherein the digital signature is
`
`generated by applying the private key to a first hash of the software application; and
`
`the digital signature is verified by generating a second hash of the software application
`
`to obtain a generated hash, applying the public key to the digital signature to obtain a
`
`recovered hash, and verifying that the generated hash and the recovered hash are the
`
`same.
`
`201. (Previously Presented) The system of claim 191, wherein the digital signatureis
`
`generated by applying the private key to a first abridged version of the software
`
`application; and the digital signature is verified by generating a second abridged version
`
`of the software application to obtain a generated abridged version, applying the public
`
`key to the digital signature to obtain a recovered abridged version, and verifying that the
`
`generated abridged version and the recovered abridged version are the same.
`
`202. (Previously Presented) The system of claim 191, further comprising:
`
`a code signing authority, wherein the code signing authority determines whether
`
`the software application should be given access to the sensitive API, and based upon a
`
`determination that the software application should be given accessto the sensitive API,
`
`the code signing authority accepts the software application and generatesthe digital
`
`signature that is included with the software application.
`
`203. (Previously Presented) The system of claim 191, wherein the operations further
`
`comprise:
`
`displaying a description string when the software application attempts to access
`
`the sensitive API.
`
`204. (Previously Presented) The system of claim 191, wherein the application platform
`
`comprises an operating system.
`
`205. (Previously Presented) The system of claim 191, wherein the application platform
`
`includes mobile device hardware.
`
`8 of 26
`
`Page 18 of 1415
`
`Page 18 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`206. (Previously Presented) The system of claim 191, wherein the application platform
`
`comprises a cryptographic module.
`
`207. (Previously Presented) The system of claim 191, wherein the application platform
`
`comprisesa data store.
`
`208. (Previously Presented) The system of claim 191, wherein the application platform
`
`comprises a proprietary data model.
`
`209. (Previously Presented) The system of claim 191, wherein the application platform
`
`comprises an input and output controller.
`
`210. (Previously Presented) The system of claim 191, wherein the digital signature
`
`provides an audit trail identifying a developer of the software application requesting
`
`access to the sensitive API.
`
`211. (Previously Presented) The system of claim 210, wherein a problematic software
`
`application is identified using the audit trail, and wherein the digital signature associated
`
`with the problematic software application is revocable.
`
`212. (Previously Presented) The system of claim 211, wherein the digital signature
`
`associated with the problematic software application is revoked, and wherein the
`
`revokeddigital signature is added to a signature revocation list.
`
`213. (Previously Presented) The system of claim 191, wherein the digital signature is
`
`first verified each time the software application requesting access to the sensitive API is
`
`allowed to interact with the application platform.
`
`214. (Previously Presented) The system of claim 191, wherein the software application
`
`further includes a signature identification, and wherein the digital signature and the
`
`signature identification correspond to a mobile device type.
`
`9 of 26
`
`Page 19 of 1415
`
`Page 19 of 1415
`
`

`

`Appl. No. 10/381,219
`Docket No. 10289-US-PCT
`Reply to Notice of Allowance March 28 2013
`
`215. (Previously Presented) The system of claim 191, wherein the operations further
`
`comprise obtaining the public key from a public key repository.
`
`216. (Previously Presented) A non-transitory computer-readable storage medium
`
`encoded with instructions that when executed on one or more processors of a mobile
`
`device, cause the mobile device to perform instructions for controlling access to an
`
`application platform of the mobile device, the instructions comprising:
`
`storing a plurality of application programming interfaces (APIs) at the mobile
`
`device, wherein at least one API comprises a sensitive API to which accessis
`
`restricted;
`
`receiving, at the mobile device, an indication that a software application on the
`
`mobile device is requesting accessto the sensitive API stored at the mobile device;
`
`determining, at the mobile device, whether the software application is signed,
`
`wherein a signed software application includes a digital signature gener