`
`POT /GA 01/01344
`2 Qectmle, 209) (0b; /p01)
`
`
`
`PA 494424
`
`UNITED STATES DEPARTMENT OF COMMERCE
`
`United States Patent and Trademark Office
`
`November 21, 2001
`
`THIS IS TO CERTIFY THAT ANNEXED HERETOIS A TRUE COPY FROM
`THE RECORDSOF THE UNITED STATES PATENT AND TRADEMARK
`OFFICE OF THOSE PAPERS OF THE BELOW IDENTIFIED PATENT
`
`APPLICATION THAT MET THE REQUIREMENTSTO BE GRANTED A
`
`APPLICATION NUMBER: 60/235,354
`FILING DATE: September 26, 2000
`
`DOCUMENT
`SUBMITTED OR TRANSMITTED IN
`COMPLIANCE WITH RULE 17.1(a) OR (b)
`
`‘lL, By Authority of the
`: a,COMMISSIONEROF PATENTS AND TRADEMARKS
`
`\ 2
`
`‘ r
`
`éff
`N. WOODSON
`Certifying Officer
`
`
`
`Ero ==
`
`
`
`ae
`
`
`
`
`
`
`
`
` ggeeeS
`
`
`
`
`
`
`
`
`
`
`
`
`CoITE
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` TO ALE,TOWHOMTHESE; PRESENTS; SHAT,
`©
`
`
`
`
`
`°
`
`
`aeseenre
`
`
`
` eee
`
`
`
`
`=Seeeeeee
`
`
`Seeroes
`
`
`
`Seeoes=Sess
`
`
`<=SS
`Seetes
`EREERnE
`titeaires
`
`
`“ape
`[Ss
`
`FILING DATE UNDER35 USC 111.
`
`
`
`
`
`
`
`
`
`Teta(iotaenoTe ieeecatiarah
`TT HTT i eT TTULELES
`
`
`
`
`
`
`Page 1 of 16
`
`GOOGLEEXHIBIT 1006
`
`Page 1 of 16
`
`GOOGLE EXHIBIT 1006
`
`
`
`00/92/60HA
`
`Old‘S°fossoc
`
`Michael
`
`Brown
`
`OF AT - €A)
`
`A [fe
`
`tM
`60/2353AQ
`/26/0
`jc541u
`
`i
`
`a
`Please type a plus sign (+) inside this box—>|4. PTO/SB/16 (2-98)
`
`HI
`Approvedfor use through.01/31/2001. OMB 0651-0037
`Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Underthe Paperwork Reduction Act of 4995,no persons are required to respond to a collection of information unless it displays a
`valid OMB control number,
`PROVISIONAL APPLICATIONFOR PATENTCOVER SHEET
`This is a requestforfiling a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53(c).
`
`
`Residence
`
`
`PTO
`(City and either State or Foreign Country)
`
`Given Name(fist and middle [if any)
`Family Name or Sumame
`
`
`54
`7 Danube Drive
`
`
`Heidelberg, Ontario NOB iYq
`CANADA
`
`[x Additionalinventors arebeingnamedon the_1 separatelynumberedsheetsattachedhereta
`TITLE OF THE INVENTION (280 characters max)
`
`
`Directallcorrespondence to:
`
`[| Customer Number
`Type CustomerNumberhere
`OR
`
`
`"
`Tx Si
`Individual Name|David B. Cochran, Esq.
`
`Address
`Jones, Day, Reavis & Pogue
`
`Address
`North Point, 901 Lakeside Avenue
`
`
`
`
`Cleveland State|OF 44114
`Qz
`
`
`
`
`Country [Telephone|216/586-3939 FaxUS - 2
`
`ENCLOSED APPLICATION PARTS (checkal/thatapply)
`
`
`Specification numcerotrages|8|[| Small EntityStatement
`
`eeeea
`
`
`METHOD OF PAYMENTOFFILING FEES FOR THIS PROVISIONAL APPLICATION FOR PATENT (checkane)
`;
`.
`FILING FEE
`
`
`Acheck or money orderis enclosed to coverthe filing fees
`AMOUNT (3
`
`
`
`
`
`
`
`Aespecitullysubmitted, DateF127od
`
`
`nownne_)yen)Bee—
`TYPEDorPRINTEDNAME
`dit
`aporoorite) 39,142
`
`(itappropriate)
`David B. Cochran
`216/586-3939
`ocket
`Number:
`.
`TELEPHONE
`USE ONLYFOR FILINGA PROVISIONAL APPLICATIONFOR PA TENT
`This collection of information is required by 37 CFR 1.51. The information is used by the public to file (and by the PTO to
`procass) a provisional application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.14. This collection is estimated
`to take & hours to complete, including gathenng, preparing, and submitting the complete provisional application to the PTO,
`= Time will vary depending upon the individual case. Any comments on the amountof time you require to complete this form
`and/or Suggestions for reducing this burden, should be sent to the Chief Information Officer, U.S. Patent and Trademark
`Olfice, U.S. Department of Commerce, Washington, D.C,, 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`ADDRESS. SENDTO:Box Provisional Application, Assistant Commissioner for Patents, Washington, D.C., 20231.
`
`CODE SIGNING SYSTEM AND METHOD
`
`
`
`CORRESPONDENCE ADDRESS
`
`Place CustomerNumber
`
`—»>
`Bar Code Labelhere
`
`
`
`
`
`X_}
`
`$150.00
`
`The Commissioneris hereby authorized to charge tiling
`fees or credit any overpayment to Deposit Account Number] 501432
`account 555255012178
`The invention was made by an agencyof the United States Govemment or under a contract with an agencyof the
`
`
`“United States Government.
`£) No.
`
`
`
`2 Yas, ihe name of the U S, Government agency and the Government contract number af6¢.———_—_$$
`
`
`
`Page 2 of 16
`
`Page 2 of 16
`
`
`
`PROVISIONAL APPLICATION COVER SHEET
`AdditionalPage
`
`+
`
`INVENTOR(S)APPLICANT(S)
`
`CANADA 254 Castlefield Ave.
`
`PTO/SB/16 (2-98)
`Approvedfor use through 01/31/2001. OMB 0651-0037
`Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Actof 1995, no persons are required to respondto a colfectionof information unless it displays a
`valid OMB control number.
`Type a plus sign (+) =|Docket Number 55255012178 inside this box _—-> *
`amano|masse|comin
`
`Given Name(first and middle [# any!
`
`Family or Surname
`
`Cily and either State or Foreign Count
`
`523A Rosemeadow Crescent
`Waterloo, Ontario N2T 129
`
`Waterloo, Ontario N2K 2NI1
`CANADA
`
`
`
`
`
`Number
`
`1
`
`of
`
`1
`
`
`
`Page 3 of 16
`
`Page 3 of 16
`
`
`
`Title:
`
`Code Signing System and Method
`
`Inventor(s):
`
`Michael! Brown, Herb Little, David Yach
`
`Assignee:
`
`ResearchIn Motion Limited
`
`BACKGROUNDOF THE INVENTION
`
`10
`
`Field of the Invention
`
`
`
`This invention relates to security protocols with Java programs. Specifically
`
`this invention relates to assigning a digital signature to a Java program in orderto useit
`
`on a mobile communications device (herein collectively called devices).
`
`Description of the Prior Art
`
`When a Java application arrives on a device such as the RIM Wireless
`
`Handheld 957™, there is a need to control the access that the application has. For
`
`example,if a product is to be exported, accessto strong cryptographic routines must be
`
`restricted.
`
`Interfaces to a radio transmitter may be protected so that destructive
`
`applications are unable to flood the wireless network with data; similarly, interfaces to a
`
`databaseorfile system may be protected so that destructive applications are unableto fill
`
`a device's storage space with unwanted data.
`
`SUMMARY OF THE INVENTION
`
`It is an object of the invention is to provide an improved coding signing
`
`25
`
`system and method.
`
`It is an objectof the invention to oversee the management and execution of
`
`-1-
`
`Page 4 of 16
`
`Page 4 of 16
`
`
`
`Java applications arriving to the device;
`It is an object of the invention to verify that any application has been.digitally
`
`5
`
`signed as having permission to carry outits intended function;
`it is an object of the invention to prevent unacceptable applications from
`gaining access strong cryptographic routines and any other application programming
`interface (API) designated byits author as “sensitive”;
`In the present invention, digital signatures are used to control access to
`
`sensitive APIs, thereby allowing accessto only those applications that have beendigitally
`
`signed by the author of a sensitive API.
`In the invention, a Java application, whichwill access an API, is developed
`
`to run on a device.
`
`In orderto run on the device and accessthe sensitive API, the author
`
` of the API must approve the application by attaching a digital signature using the author's
` will be verified. The author of any API may decide that the API should not be exposed to
`es on
`
`private key. Wheneverthe application on the device is executed the signed application
`
`every application on the device, but only to those that have been verified to be non-
`destructive, or for which some business arrangement pre-exists, for example.
`Further features of the invention will be described or will become apparent
`
`in the courseof the following detailed description.
`
`20
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`In order that the invention may be more clearly understood, at least one
`
`embodiment thereof will now be describedin detail by way of example, with reference to
`
`-9-
`
`
`
`Page 5 of 16
`
`Page 5 of 16
`
`
`
`the accompanying drawings,in which:
`
`Fig. 1 is a system diagram of the invention;
`Fig. 2 is a diagramillustrating the components of the invention on the device;
`Fig. 3 is a detailed flow diagram of the signing process; and,
`Fig. 4 is a detailed flow diagram of the handling of a signed application on
`
`the device.
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`The detailed description of the invention will now be described with
`
`reference to Figures 1-4.
`_ FIG 1
`is an overall system diagram of the invention. An application
`developmentfirm Y, 2, creates a Java application Y, 4, to run on the device 12 and access
`some sensitive API 6. Before the device application Y can be executed and granted
`access to the sensitive API, the author of the sensitive API must sign the application; that
`is, using the author's private key, the author of the API 6 must attach a digital signature to
`the application, creating the signed application 8. The signed application may now access
`the sensitive APIit requires whenit arrives on the device. The signed application may be
`sentvia the wireless network 9 orvia a seriallink (not shown) to the device. The Java
`virtual machine (as shownin Fig. 2) on the device will verify the digital signature of the
`signed application before allowing the signed application access to the sensitive API.
`
`Qe
`
`
` GahShestla©
`
`
`
`ao
`
`20
`
`
`
`|
`
`Page 6 of 16
`
`Page 6 of 16
`
`
`
`FIG 2 is a diagram of the basic componentsof the invention on the device.
`The basic components on the device include the Java virtual machine 20, applications 22,
`and libraries 24. The Java virtual machineis responsible for managing the linking and
`
`5
`
`execution ofall Java applications that are running on the device. The applications are
`those that have been sentto the device overthe wireless network or through a serial link;
`these applications may needto belinked with otherlibraries on the device before being
`run. Thelibraries are those with which the applications may need to be linked; these
`libraries may expose sensitive APIs.
`If a library exposes a sensitive API, it must contain
`
`the following three items:
`
` a) Astring 26 that provides a short description of the contents ofthelibrary;
`
` Any signed application 23 on the device must contain the following three items:
`
`b) A public key 28 corresponding to the private key held by the authorof the API; this
`public key will be used to verify signatures on signed applications that require
`
`access to the API;
`
`c) An API identifier 30 that uniquely identifies the API
`
`a) The Java byte codethatis to be run;
`
`b) One or moredigital signatures;
`c) An API identifier for each digital signature indicating which AP! the digital signature
`
`20
`
`protects.
`lf an application
`FIG 3 is a flow diagram of the code signing scheme.
`developeris writing an application that will require access to a sensitive API ona device,
`the finished application will need to be signed before it can run on the device. The
`
`-4-
`
`
`
`Page 7 of 16
`
`Page 7 of 16
`
`
`
`developer can write an application 4, and cantest it using a device simulator (not shown)
`
`because signature checking is disabled in the device simulator environment. Once the
`
`developeris satisfied that the application is working properly, in step 44, he submits it to
`
`the author of the protected API to have the application reviewed and possibly signed.In
`
`5
`
`step 46, the authorof the protected API is responsible for reviewing the application that
`
`has been sent to him andverifying that it may be granted access to the sensitive API on
`the device. The author may have a plurality of criteria by which the author makes his
`
`decision.
`
`In step 48, the author makes a determination of whether or not to sign the
`
`submitted application.If the authoris satisfied, in step 50, the author signs the application
`
`
`
`otkaal o
`
`using the author’s private key, and appends the digital signature (including the API
`
`identifier) to the application. The signed application is then returned to the application
`
`developer as in step 52. The application developer may then send the signed application,
`
`as in step 54, to a real device for execution therein. In step 56,
`
`if the author does not
`
`accept the code, the developerreceives a rejection notice and the submitted application
`
` will not run on the device,if sent to it.
`
`FIG 4 is a flow diagram of the method that the device uses to handle a
`
`signed application. Once an application has arrived on the device in step 60, the virtual
`
`machine may begin the verification process. Anylibraries that the application requires
`
`must also be present on the device before the process can continue. Once the device has
`
`20
`
`all of the libraries required by the application, it will determine whether the application
`
`needs access to a sensitive API within one of theselibraries in step 62.
`
`If not, the
`
`application can be linked with all of the libraries it requires, and executed in step 76.
`
`In
`
`-5-
`
`
`
`Page 8 of 16
`
`Page 8 of 16
`
`
`
`step 64,if the application doesrequire accessto a protected API, the virtual machine can
`
`extract the public key and APIidentifier from the library exposing the API. Then, in step
`
`66,the virtual machine looks throughall of the signatures appended to the application, and
`
`tries to find one with an identifier matching the APIidentifier extracted from thelibrary. The
`
`5
`
`virtual machine determines if there is a match in step 68.If the signature cannot be
`
`verified, in step 74, the application is not loaded or executed.
`
`In one embodiment, the non-
`
`verified application is purged from the device.If the signature is verified properly in step
`70, the application must have been signed usingthe private key matching the public key
`
`in the library; only the authorof the sensitive AP! has access to that private key, thus the
`
`authorof the API must have beensatisfied that this application should be granted access
`
` application, the virtual machine will continue to link the application. Once the linking
`
`to the sensitive API. The virtual machinewill display a notification message to the user,
`
`including the description of the API required by the application, similar to: “Application X
`requires accessto the ‘strong cryptographic primitives’ API.” The userwill then be asked
`if the application should be allowed to proceed.
`If the user chooses to execute the
`
`process is complete, the application will be executed as in step 72; otherwise, the
`
`application will be executed.
`.
`It will be appreciated that the above description relates to the preferred
`
`embodiment by way of example only. Many variations on the invention will be within the
`
`20—scopeof those knowledgeablein the field, and such variations are within the scope of the
`
`invention as described and claimed, whether or not expressly described.
`
`
`
`Page 9 of 16
`
`Page 9 of 16
`
`
`
`WHATIS CLAIMED AS THE INVENTIONIS:
`
`1. Asystem for assigning a digital signature comprising:
`
`a) an application written in Java that will access the device;
`b) a code signing program that will maintain a public/private key pair and API
`
`5
`
`identifier and assign a digital signature to the application.
`
`2. Amethod for assigning and certifying a digital signature comprising steps of:
`
`a) compiling an application to be run ona device;
`
` using the private key corresponding to a sensitive API, and an uniqueidentifier which
`
`b) reviewing the application;
`
`¢) accepting or rejecting the application,
`
`d) assigning a signature to the application using the code signing program,
`
`3 The method of claim 2d) wherein the signature is comprised of a signature generated
`
`identifies the sensitive AP!.
`
`4. Asystem for certifying a digital signature comprising:
`a) an application sent to the device with an associatedlibrary;
`
`20
`
`b) a virtual machine which manages and executes the application;
`¢) a public key and APIidentifier attached to thelibrary to verify the signature on
`
`the application;
`
`
`
`I P
`
`age 10 of 16
`
`Page 10 of 16
`
`
`
`d) a digital signature and APIidentifier attachedto the application;
`
`5. Amethodforcertifying a digital signature comprising stepsof:
`
`a) receiving a signed application on the device;
`
`5
`
`b) determining whetherthe application requires secure access;
`
`c) obtaining the public key and API identifier from the library;
`d) matching the API identifier from the library with an API identifier from the
`
`application;
`
`e— verifying that the corresponding signature on the application is correct;
`
`f)
`
`linking the signed application with the library;
`
`g) executing the signed application.
`
`6. The methodof claim 5 wherein the signature cannotbe verified further comprising the
`step of rejecting the application;
`
`7. The method of claim 5 wherein the application does not require secure access further
`
`comprising the step oflinking the application with the associatedlibrary and executing
`
`the application without attempting to verify a signature.
`
` 3
`
`
`
`
`
`Page 11 of 16
`
`Page 11 of 16
`
`
`
`application Y
`
`
`Application
`developerY
`Code signer
`
`10
`
`
`
`
`
`signed
`
`applicationY
`
`
`
`
`
`
`<o
`
`\
`
`9 W
`
`ireless Network
`
`Signed application
`Y
`oa
`p
`
`
`
`Device
`
`
`12
`
`Fig. 1
`
`’ P
`
`age 12 of 16
`
`Page 12 of 16
`
`
`
`Worary ¥with sensitiva API
`
`Public key to verity
`signature
`28
`
`sga4o<aG
`
`te2=aSazB
`
`Apphcation
`
`Descnption string
`
`o>=S&=SzS
`
`Device
`
`Fig 2A
`
`provencneneecwenenee
`
`
`
`Page 13 of 16
`
`Page 13 of 16
`
`
`
`
`
`
`FIG 2B
`
`
`
`Signed
` Application 3
`
`
`Application 1
`
`Application 2
`
`
`Application 4
`Application 5
`
`Signed
`
`
`
`
`
`||}| P
`
`age 14 of 16
`
`Page 14 of 16
`
`
`
`Application Y uses
`library X
`
`
`
`Test application Y in
`device simulator
`wherein simulator has
`ho signature checking
`schame
`
`Forward
`Application Y to code
`signer
`
`Codesigner reviews.
`code of application Y
`
`Fig. 3
`
` |
`
`56
`
`‘
`Send rejection
`notification to developer — No:
`Y
`
`Accept code 7
`
` 40
`
`i
`
`Code signer signs
`application Y with his
`signing authority
`
`appended signature
`
`50
`
`52
`
`Return application Y to
`developer Y with
`
`!
`
`Send signed application
`Y to device
`
`
`
`Page 15 of 16
`
`Page 15 of 16
`
`
`
`60
`
`62
`
`64
`
`66
`
`Signed application
`Y arrive on device
`
`application
`
`needs access
`
`to sensitive API
`No
`{ibrary?
`
`
`
`
`
`
`
`Virtual Machine
`
`
`looks for signature
`
`
`with that identity
`
`
`on application ¥
`
`
`Virtual Machine gets
`
`public key and signing
`identity frorn library,
`
`76
`
`
`
`
`
`Virtual Machine links
`
`appleation Y with
`library X and executes
`
`
`applwation ¥
`
`
`
`
`
`No
`
`68
`
`Signature
`verified?
`
`
`
`Yes
`
`70FUser prompted
`
`
`
`Application ¥ not
`toaded or
`loadedof
`
`
`ecute signe!
`
`:
`application
`|
`
`Fig. 4
`
`
`
`Page 16 of 16
`
`Page 16 of 16
`
`