film 01/0134“
`0 6 945mg MW (’1) 6/275”)
`
`FR 494424
`
`
`
`
`mmuwmmmJflsI AL2 We.
`
`UNITED STATES DEPARTMENT OF COMMERCE
`
`
`
`United States Patent and Trademark Office
`
`November 21, 2001
`
`THIS IS TO CERTIFY THAT ANNEXED HERETO IS A TRUE COPY FROM
`
`THE RECORDS OF THE UNITED STATES PATENT AND TRADEMARK
`
`OFFICE OF THOSE PAPERS OF THE BELOW IDENTIFIED PATENT
`
`APPLICATION THAT MET THE REQUIREMENTS TO BE GRANTED A
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`‘IIIIIIIIIIIIII
`IIIIIIIIHII
`I mu
`I
`ll nu H“
`I
`v
`I
`
`
`
`
`
`
`
`
`
`
`FILING DATE UNDER 35 USC 111.
`
`APPLICATION NUMBER: 60/235,354
`
`FILING DATE: September 26, 2000
`
`DOCUMENT
`SUBMITTED OR TRANSMITTED IN
`COMPLIANCE WITH RULE 17.1(a) OR (b)
`
`m. 12 By Authority of the
`2/COMMISSIONER OF PATENTS AND TRADEMARKS
`
`N.
`
`DSON
`
`Certifying Officer
`
`
`
`
`
`
`
`Page 1 of 16
`
`GOOGLE EXHIBIT 1006
`
`

`

`
`
`,//liliiliiiiiiiilililiiII
`
`0.1.6“S‘fl.DSLOL‘V
`
`©6137 ’ OD
`
`Pleaset pa 9 Ius SIgn (+) Inside this box
`y
`p
`
`PTO/SB/I 6 (2—95)
`Approved for use throughm 131/2001 . 0MB 0551-0037
`Patent and Trademark Otirce: U.S. DEPARTMENT OF COMMERCE
`Underthe Paperwork ReductIon Act at 1995, no persons are requlred to respond to a collection 01 information unless It displays a
`vaIId OMB control number.
`IVFOH PA TEA/7' COVER SHEET
`This Is a request for filing a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53 (c).
`
`—) E
`
`Gwen Name (lust and mIddle [If any])
`
`Family Name or Sumame
`
`(my and euher State or Fomlgn Comm
`
`Residence
`
`Mlchael
`
`'
`
`Brown
`
`7 Danube Drive
`Heidelberg, Ontario N03 1'!
`CANADA
`
`IIIIIIIIII
`ill
`6/0
`IIIIIIIIIill
`/2
`
`[2 Adtfifiofla/1271/317!sz ale beingnamedan the__l separatelynumberedshoals arias/redIra/191a
`TITLE OF THE INVENTION 280 characters max
`
`CODE SIGNING SYSTEM AND METHOD
`
`CORRESPONDENCE ADDRESS
`.
`
`Pm? CustomerNumber
`BarCodeLabel/rare
`
`D/MCrE/lcafrespofldeflce ’0‘,
`D Customer Number
`0/;
`E] Firm or
`Individual Name
`Address
`Address
`City
`Country
`
`mos CUstome/Numberhere
`_
`Dav1d B . Cochran , Esq .
`Jones, Day, Reavis & Pogue
`North Point, 901 Lakeside Avenue
`cleveland
`US
`
`ADDRESS. SEND TO: Box ProVIsional Application, Assistant Commisswner for Patents, Washington.
`
`m>
`Hespsctfu/éfsabmfifaof
`
`REGISTRATION NO.m
`TYPED or PRINTED NAME—-——'——'"— gaggle/1:11;;
`TELEPHONE
`USE Oil/L YFOI-i’ FIN/VGA PROVISIONAL APPLICA 770NF01-7 PA TENT
`Sand by the PTO to
`This collection of inlormation is required by 37 CFR 1.51. The information is used by the public to file
`_
`ticn. Confidentiality is governed by 35 U.S.C. 122 and 37 CPR 1.14. This co lection Is estimated
`process) a pmVISIonal applica.
`‘
`Iete prowslonal application to the PTO.
`V
`to take 8 hours to complete, Including gathering. preparing. and submitting the comp
`comments on the amount of time you require to complete this form
`TIme wrlI vary dependmg upon the individual case. Any
`and/or suggestions for reducing this burden. should be sent to the Chief Information Officer, U.S. Patent and Trademark
`.
`.
`ton. 0.0., 20231. DO NOT SEND FEES OR COMPLETED FORMS TO THIS
`Office. U Department of Commerce. Washing
`
`2 1 5/ 585-393 ‘ Fax
`Telephone
`-
`ENCLOSED APPLICATION PARTS {ckecka/lthatapp/fl
`SpecificatIon NumberofPagas
`1] Small Entlty Statement
`Drawmg(s)NumberafSfleeIs
`D Other(specify)::
`
`44114
`
`'
`
`METHOD OF PAYMENT OF FILING FEES FOR THIS PROVISIONAL AP
`
`PLICATION FOR PATENT (choc/rant?)
`FILING FEE
`AMOUNT ‘-
`
`D A check or money order is enclosed to cover the filing fees
`The Commisswner is hereby authorized to charge filing
`X fees or credit any overpayment to Deposn Account Number: 50 1432
`account 555255012 178
`The invention was made by an agency of the United States Government or under a contract With an agency of the
`'United States Government.
`E] No.
`D Yes, the name ot the U 8. Government agency and the Government contract number are._.___————
`
`$150 . 00
`
`SIGNATURE Mr. .WDavid B Cochran
`
`Page 2 of 16
`
`

`

`—n—leen Name first and middle :1 an 1
`
`Clt and either State or Forern Count
`
`Family Of surnam9
`
`523A Rosemeadow Crescent
`Waterloo, Ontario NZT 129
`CANADA
`
`254 Castlefield Ave.
`Waterloo, Ontario NZK 2N1
`CANADA
`
`PRO VlS/O/VAL APFL/CA 770/V 00V5]? SHEET
`Ada’IY/bna/Page
`
`+
`
`INVENTOR(S)IAPPL1CANT(S)
`
`Type a plus st n (+)
`
`PTO/SB/‘ts (2-98)
`Approved tor use through 01/81/2001. OMB 0651-0037
`Patent and Trademark Office; U.S. DEPARTMENT OF COMMERCE
`ectron of Information unless It displays a
`Under the Paperwork Reduction Act of 1995, no persons are requrred to respond to a colt
`valid OMB control number.
`
`
`
`Page 3 of 16
`
`

`

`3
`
`Title:
`
`Code Signing System and Method
`
`lnventor(s):
`
`Michael Brown, Herb Little, David Yach
`
`Assignee:
`
`Research In Motion Limited
`
`BACKGROUND OF THE INVENTION
`
`Field of the Invention
`
`This invention relates to security protocols with Java programs. Specifically
`
`this invention relates to assigning a digital signature to a Java program in order to use it
`
`on a mobile communications device (herein collectively called devices).
`
`Description of the Prior Art
`
`When a Java application arrives on a device such as the RIM Wireless
`
`Handheld 957T“, there is a need to control the access that the application has. For
`
`-1-
`
`example. if a product is to be exported, access to strong cryptographic routines must be
`
`restricted.
`
`Interfaces to a radio transmitter may be protected so that destructive
`
`applications are unable to flood the wireless network with data; similarly, interfaces to a
`
`database or file system may be protected so that destructive applications are unable to fill
`
`a device's storage space with unwanted data.
`
`SUMMARY OF THE INVENTION
`
`It is an object of the invention is to provide an improved coding signing
`
`system and method.
`
`It is an object of the invention to oversee the management and execution of
`
`Page 4 of 16
`
`

`

`Java applications arriving to the device;
`
`It is an object of the invention to verify that any application has beendigitally
`
`signed as having permission to carry out its intended function;
`
`It is an object of the invention to prevent unacceptable applications from
`
`interface (API) designated by its author as “sensitive”;
`
`In the present invention, digital signatures are used to control access to
`
`sensitive APIs, thereby allowing access to only those applications that have been digitally
`
`signed by the author of a sensitive API.
`
`In the invention, a Java application, which will access an API, is developed
`
`to run on a device.
`
`In order to run on the device and access the sensitive API, the author
`
`of the API must approve the application by attaching a digital signature using the author’s
`
`private key. Whenever the application on the device is executed the signed application
`
`will be verified. The author of any API may decide that the API should not be exposed to
`
`every application on the device, but only to those that have been verified to be non-
`
`destructive, or for which some business arrangement pre—exists, for example.
`
`Further features of the invention will be described or will become apparent
`
`in the course of the following detailed description.
`
`gaining access strong cryptographic routines and any other application programming
`
`-2-
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`In order that the invention may be more clearly understood, at least one
`
`embodiment thereof will now be described in detail by way of example, with reference to
`
`Page 5 of 16
`
`

`

`the accompanying drawings, in which:
`
`Fig. 1 is a system diagram of the invention;
`
`Fig. 2 is a diagram illustrating the components of the invention on the device;
`
`Fig. 3 is a detailed flow diagram of the signing process; and,
`
`Fig. 4 is a detailed flow diagram of the handling of a signed application on
`
`the device.
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`-3-
`
`signed application before allowing the signed application access to the sensitive API.
`
`The detailed description of the invention will now be described with
`
`“1
`
`reference to Figures 1-4.
`
`a i":3..“
`..,___
`
`z.
`
`..
`
`. FIG 1
`
`is an overall system diagram of the invention. An application
`
`development firm Y, 2, creates a Java application Y, 4, to run on the device 12 and access
`
`some sensitive API 6. Before the device application Y can be executed and granted
`
`access to the sensitive API, the author of the sensitive API must sign the application; that
`
`is, using the author’s private key, the author of the API 6 must attach a digital signature to
`
`the application, creating the signed application 8. The signed application may now access
`
`the sensitive APl it requires when it arrives on the device. The signed application may be
`
`sent via the wireless network 9 or via a serial link (not shown) to the device. The Java
`
`virtual machine (as shown in Fig. 2) on the device will verify the digital signature of the
`
`Page 6 of 16
`
`

`

`FIG 2 is a diagram of the basic components of the invention on the device.
`
`The basic components on the device include the Java virtual machine 20, applications 22,
`
`and libraries 24. The Java virtual machine is responsible for managing the linking and
`
`execution of all Java applications that are running on the device. The applications are
`
`those that have been sent to the device over the wireless network or through a serial link;
`
`run. The libraries are those with which the applications may need to be linked; these
`
`libraries may expose sensitive APls.
`
`If a library exposes a sensitive API, it must contain
`
`the following three items:
`
`a) A string 26 that provides a short description of the contents of the library;
`
`b) A public key 28 corresponding to the private key held by the author of the API; this
`
`public key will be used to verify signatures on signed applications that require
`
`these applications may need to be linked with other libraries on the device before being
`
`-4-
`
`access to the API;
`
`c) An APl identifier 30 that uniquely identifies the APl
`
`Any signed application 23 on the device must contain the following three items:
`
`a) The Java byte code that is to be run;
`
`b) One or more digital signatures;
`
`c) An APl identifier for each digital signature indicating which APl the digital signature
`
`protects.
`
`FIG 3 is a flow diagram of the code signing scheme.
`
`it an application
`
`developer is writing an application that will require access to a sensitive APl on a device,
`
`the finished application will need to be signed before it can run on the device. The
`
`Page 7 of 16
`
`

`

`developer Can write an application 4, and can test it using a device simulator (not shown)
`
`because signature checking is disabled in the device simulator environment. Once the
`
`developer is satisfied that the application is working properly, in step 44, he submits it to
`
`the author of the protected API to have the application reviewed and possibly signed. In
`
`step 46, the author of the protected API is responsible for reviewing the application that
`
`has been sent to him and verifying that it may be granted access to the sensitive API on
`
`decision.
`
`in step 48, the author makes a determination of whether or not to sign the
`
`submitted application. If the author is satisfied, in step 50, the author signs the application
`
`using the author’s private key, and appends the digital signature (including the API
`
`identifier) to the application. The signed application is then returned to the application
`
`developer as in step 52. The application developer may then send the signed application,
`
`as in step 54, to a real device for execution therein. In step 56,
`
`if the author does not
`
`accept the code, the developer receives a rejection notice and the submitted application
`
`will not run on the device, if sent to it.
`
`the device. The author may have a plurality of criteria by which the author makes his
`
`_5_
`
`FIG 4 is a flow diagram of the method that the device uses to handle a
`
`signed application. Once an application has arrived on the device in step 60, the virtual
`
`machine may begin the verification process. Any libraries that the application requires
`
`must also be present on the device before the process can continue. Once the device has
`
`all of the libraries required by the application, it will determine whether the application
`
`needs access to a sensitive API within one of these libraries in step 62.
`
`If not, the
`
`application can be linked with all of the libraries it requires, and executed in step 76.
`
`in
`
`Page 8 of 16
`
`

`

`step 64, if the application does' require access to a protected API,~ the virtual machine can
`
`extract the public key and API identifier from the library exposing the API. Then, in step
`
`66, the virtual machine looks through all of the signatures appended to the application, and
`
`tries to find one with an identifier matching the API identifier extracted from the library. The
`
`virtual machine determines if there is a match in step 68.
`
`If the signature cannot be
`
`verified, in step 74, the application is not loaded or executed.
`
`In one embodiment, the non-
`
`70, the application must have been signed using the private key matching the public key
`
`in the library; only the author of the sensitive API has access to that private key, thus the
`
`author of the API must have been satisfied that this application should be granted access
`
`to the sensitive API. The virtual machine will display a notification message to the user,
`
`including the description of the API required by the application, similar to: “Application X
`
`requires access to the ‘strong cryptographic primitives’ API." The user will then be asked
`
`if the application should be allowed to proceed.
`
`If the user chooses to execute the
`
`application, the virtual machine will continue to link the application. Once the linking
`
`process is complete, the application will be executed as in step 72; otherwise, the
`
`verified application is purged from the device. If the signature is verified properly in step
`
`invention as described and claimed, whether or not expressly described.
`
`application will be executed.
`
`It will be appreciated that the above description relates to the preferred
`
`embodiment by way of example only. Many variations on the invention will be within the
`
`scope of those knowledgeable in the field. and such variations are within the scope of the
`
`Page 9 of 16
`
`

`

`WHAT IS CLAIMED AS THE INVENTION IS:
`
`1. A system for assigning a digital signature comprising:
`
`a) an application written in Java that will access the device;
`
`b) a code signing program that will maintain a public/private key pair and API
`
`identifier and assign a digital signature to the application.
`
`2. A method for assigning and certifying a digital signature comprising steps of:
`
`a) compiling an application to be run on a device;
`
`b) reviewing the application;
`
`0) accepting or rejecting the application;
`
`d) assigning a signature to the application using the code signing program;
`
`the application;
`
`using the private key corresponding to a sensitive API, and an unique identifier which
`
`3. The method of claim 2d) wherein the signature is comprised of a signature generated
`
`identifies the sensitive API.
`
`4. A system for certifying a digital signature comprising:
`
`a) an application sent to the device with an associated library;
`
`b) a virtual machine which manages and executes the application ;
`
`c) a public key and API identifier attached to the library to verify the signature on
`
`Page 10 of 16
`
`

`

`d) a digital signature and API identifier attached to the application;
`
`5. A method for certifying a digital signature comprising steps of:
`
`a) receiving a signed application on the device;
`
`b) determining whether the application requires secure access;
`
`0) obtaining the public key and API identifier from the library;
`
`d) matching the API identifier from the library with an API identifier from the
`
`application;
`
`e) verifying that the corresponding signature on the application is correct;
`1‘)
`linking the signed application with the library;
`
`the application without attempting to verify a signature.
`
`9) executing the signed application.
`
`6. The method of claim 5 wherein the signature cannot be verified further comprising the
`
`step of rejecting the application;
`
`7. The method of claim 5 wherein the application does not require secure access further
`
`comprising the step of linking the application with the associated library and executing
`
`Page 11 of 16
`
`

`

`Appiication
`developer Y
`
`.
`00“ Signer
`
`signed
`applicationY
`
`éVVlrelessNam
`
`Y
`
`\
`
`Signed appllcation
`_
`
`Page 12 of 16
`
`

`

`Descnphon smng
`26
`
`VImJal Machine
`
`S1gl'lature Idenhfler
`SO
`
`Pubhc key to venfy
`signature
`
`HAamm5smmxw,mm Application
`
`Page 13 of 16
`
`

`

`Application 4
`
`Application 5
`Signed
`
`Application 1
`
`Application 2
`
`Application 3
`Signed
`
`
`
`Page 14 of 16
`
`

`

`g
`
`Forward
`Application Y to code
`signer
`
`Code signer reviews
`code of application Y
`
`Send rejection
`notification to developer
`Y
`
`:
`!
`
`No
`
`Accept code 7
`
`Code signer signs
`application Y with his
`signing authority
`
`Return application Y to
`developer Y with
`appended signature
`
`Send signed application
`
`Application Y uses
`library X
`
`5
`
`Test application Y in
`device Simulator
`wherein simulator has
`no signature checking
`scheme
`
`Y to device
`
`Page 15 of 16
`
`

`

`Signed applicatlon
`Y arrive on devrce
`
`- pplrca’tron
`needs access
`to sensrlive API
`library?
`
`Virtual Machine gels
`public key and Signing
`identity from Ilbmry,
`
`Virtual Machine links
`applrcalion Y wrth
`library X and execules
`
`Signature
`verified?
`
`E—User prompled
`
`A ute srgne
`application
`
`Application Y not
`loaded or
`executed
`
`Virtual Machine
`looks for signature
`wrth that identity
`on application Y
`
`application Y
`
`Page 16 of 16
`
`