fig»;ch Ole/013%
`é Djwl’aww (ea/91,01)
`
`awn 3"! JAN 2002
`
`‘
`
`'Po
`
`.
`
`,. T
`
`
`
`
`
`PA 494424
`
`
`
`
`
`
`
`_: mm we;SAM—EQQAL«Ev-5
`
`UNITED STATES DEPARTMENT OF COMMERCE
`
`United States Patent and Trademark Office
`
`November 21, 2001
`
`
`
`
`THIS IS TO CERTIFY THAT ANNEXED HERETO ISDA TRUE COPY FROM
`THE RECORDS OF THE UNITED STATES PATENT AND TRADEMARK
`OFFICE OF THOSE PAPERS OF THE BELOW IDENTIFIED PATENT
`APPLICATION THAT MET THE REQUIREMENTS TO BE GRANTED A
`FILING DATE UNDER 35 USC 111.
`
`
`
`
`
`APPLICATION NUMBER: 60/234,152
`FILING DATE: September 21, 2000
`
`PRIORITY“
`DOCUMENT
`SUBMITTED OR TRANSMITTED IN
`
`COMPLIANCEWITHRULE17.1(a)OR(b)
`N]\\ , \/
`
`;
`
`‘
`
`27 By Authority of the
`7‘7COMMISSIONER OF PATENTS AND TRADEMARKS
`
`«77/%%/
`
`/
`
`N. WOODSON
`
`Certifying Officer
`
`
`
`
`
`
`
`
`
`Page 1 of 16
`
`GOOGLE EXHIBIT 1007
`
`

`

`’
`
`UU/IZ/EU
`
`llllllllllll
`
`III
`
`‘S’n1:38.11?
`‘'llllllllllllllllfilllll 01.5
`
`
`
`PTOISBI16(2-98)
`Please Iype a plus Sign (+) Inside this box ——) [3
`Approved for use through 01/31/2001. OMB 0651 *ODCI?
`Patent and Trademark OIfioe; U.S DEPARTMENT OF COMMERCE
`Under the Paperwork Reduction Act of 1995, no persons are required to respond to a colloctIon of Information unless it displays a
`valid OMB control number.
`
`PHD VISION/IL APPL/GA 770/V F0}? PA 7'EN7'00 V5]? SHEE7'
`THE Is a request for filing a PROVISIONAL APPLICATION FOR PATENT under 37 CFR 1.53
`
`Given Name (iirst and mrddle [ii any])
`
`Family Name or Surname
`
`Michael
`
`Brown
`
`Flesrdence
`(City and either State or Foreign Country)
`
`7 Danube Drive
`Heidelberg, Ontario NOB 1Y0
`CANADA
`
`E Aab'firana/mVe/rfa/sare 59/779namedon 1/79,1_ separatelynumbervdsheets Mashed/79mm
`TITLE OF THE INVENTION 280 characters max
`
`CODE SIGNING SYSTEM AND METHOD
`
`film.aham;spa”0,6,nas ,0.
`
`CORRESPONDENCE ADDRESS
`
`Place Customs/Nmbsr
`
`03
`
`Type CustomerNumbar/Iera
`.
`Firm or
`lndivmuamame Band B. Cochran, Esq.
`Jones, Day, Rem/is 8: Pogue
`North Point, 901 Lakeside Avenue
`
`44m
`
`ENCLOSED APPLICATION PARTS (abackaI/Illatapply)
`Specification NumberefPagasE}: D Small Entity Statement
`ti 0::
`METHOD OF PAYMENT OF FILING FEES FOR THIS PROVISIONAL APPLICATION FOR PATENT (choc/fan‘s)
`.
`..
`FILING FEE
`A check or money order Is enclosed to cover the tiling fees
`AMOUNT 5
`
`The Commissioner is hereby authorized to charge filing
`501 43 2
`tees or credit any overpayment to Deposit Account Number:
`account 555255012 173
`The invention was made by an agency of the United States Government or undera contract with an agency of the
`United States Government.
`'
`No.
`D Yes. the name DI the LLS. Government agency and the Government contract number are-
`
`$1 50 ' 00
`
`9 ’ 4
`
`ADDRESS. 5 D TO: Box Provmional Appllcation. Assistant Commissmner for Patents, Washlngton, 0.0., 20231.
`
`Respscrfy/alsoapy/flea;
`SIGNATUW
`REGISTRATION NO.
`.
`TYPED or PRINTEDNAME—W Mammy/bra)
`Docket Number:
`TELEPHONE
`USE Oil/L YFOI? HUNG A moVlS/OA/AL APPL/CA TIOIVFOR PA TEA/7'
`This coIIecIIon of Information is required by 37 CFR 1.51. The Information is used by the pUbIIc to file (and by the PTO to
`process) a provxslonal application. Confidentiality Is governed by 35 U.8.C. 122 and 37 CPR 1.14. This sensation is estimated
`to take 8 hours to complete, including ggttharing. preparing. and submctting the complete provisional application to the; PTO.
`TIme will vary depending upon the Indlwdual case. Any comments on the amount of time you rooms to complete this form
`and/or suggestions for redumng this burden! should be sent to the Chief lnformatlon Officer U.S. Patent and Trademark
`OItIce, U . Dgfianment of Commerce, Washington, D.C., 20231. DO NOT SEND FEES OH COMFLEI‘ED FORMS To THls
`
`Page 2 of 16
`
`

`

`—m_
`
`Given Name firs! and middle :1 an
`
`Famfly 0" Surname
`
`cn and either staxe or Foreln Count
`523A Rosemsadow Crescent
`Waterloo, Ontario NZT 129
`CANADA
`
`254 Castlefield Ave.
`Waterloo, Ontario N2K 2N1
`CANADA
`
`of
`
`Number
`
`]
`
`P30VISION/1L APPLICA 770A! COVER SHEET
`AdwY/bna/ Page
`
`.
`
`INVENTOH(S)IAPPLICANT(S)
`
`+
`PTO/$5116 (2-93)
`Approved tor use ihrough 01 131/2001. 0MB 0651-0037
`Patent and Trademark Ofllce; U_.S. DEPARTMENT OF COMMERCE
`to respond to acollechon of Information uniess \t dusplaysa
`Under the Paperwork Heduchon Act of 1995, no persons are required
`vahd OMB control number.
`Docket Number 555255012173 ,TV‘.” fluz‘g’fl
`
`1
`
`Page 3 of 16
`
`

`

`Title:
`
`‘
`
`Code Signing System and Method
`
`lnventor(s):
`
`Michael Brown, Herb Little, David Yach
`
`Assignee:
`
`Research in Motion Limited
`
`BACKGROUND OF THE INVENTION
`
`10
`
`Field of the Invention
`This invention relates to security protocols with Java programs. Specifically
`
`this invention relates to assigning a digital signature to a Java program in order to use it
`
`on a mobile communications device (herein collectively called devices).
`
`Description of the Prior Art
`When a Java application arrives on a device such as the RIM Wireless
`
`Handheld 957T“, there is a need to control the access that the application has. For
`
`-1-
`
`example, if a product is to be exported, access to strong cryptographic routines must be
`restricted.
`interfaces to a radio transmitter may be protected so that destructive
`
`applications are unable to flood the wireless network with data; similarly, interfaces to a
`database or file system may be protected so that destructive applications are unable to fill
`
`a device's storage space with unwanted data.
`
`SUMMARY OF THE INVENTION
`
`it is an object of the invention is to provide an improved coding signing
`
`system and method.
`It is an object of the invention to oversee the management and execution of
`
`Page 4 of 16
`
`

`

`Java applications arriving to the device;
`It is an object of the invention to verify that any application has been digitally
`
`signed as having permission to carry out its intended function;
`It is an object of the invention to prevent unacceptable applications from
`
`5
`
`gaining access strong cryptographic routines and any other application programming
`
`interface (API) designated by its author as “sensitive”;
`
`In the present invention, digital signatures are used to control access to
`
`sensitive APls, thereby allowing access to only those applications that have been digitally
`
`signed by the author of a sensitive API.
`In the invention, a Java application, which will access an API, is developed
`
`to run on a device.
`
`in order to run on the device and access the sensitive APl, the author
`
`of the API must approve the application by attaching a digital signature using the author’s
`
`private key. Whenever the application on the device is executed the signed application
`will be verified. The author of any API may decide that the APl should not be exposed to
`
`-2-
`
`every application on the device, but only to those that have been verified to be non-
`
`destructive, or for which some business arrangement pre—exists, for example.
`
`Further features of the invention will be described or will become apparent
`
`in the course of the following detailed description.
`
`BRIEF DESCRIPTION OF THE DRAWlNGS
`
`In order that the invention may be more clearly understood, at least one
`
`embodiment thereof will now be described in detail by way of example, with reference to
`
`Page 5 of 16
`
`

`

`the accompanying drawings, in which:
`
`Fig. 1 is a system diagram of the invention;
`Fig. 2 is a diagram illustrating the components of the invention on the device;
`
`Fig. 3 is a detailed flow diagram of the signing process; and,
`
`Fig. 4 is a detailed flow diagram of the handling of a signed application on
`
`the device.
`
`-3-
`
`some sensitive API 6. Before the device application Y can be executed and granted
`access to the sensitive API. the author of the sensitive APl must sign the application; that
`is, using the author’s private key, the author of the API 6 must attach a digital signature to
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`The detailed description of the invention will now be described with
`
`reference to Figures 1—4.
`
`FIG 1
`
`is an overall system diagram of the invention. An application
`
`the application, creating the signed application 8. The signed application may now access
`the sensitive APl it requires when it arrives on the device. The signed application may be
`
`sent via the wireless network 9 or via a serial link (not shown) to the device. The Java
`
`virtual machine (as shown in Fig. 2) on the device will verify the digital signature of the
`
`signed application before allowing the signed application access to the sensitive API.
`
`Page 6 of 16
`
`

`

`FIG 2 is a diagram of the basic components of the invention on the device.
`
`The basic components on the device include the Java virtual machine 20; applications 22,
`
`and libraries 24. The Java virtual machine is responsible for managing the linking and
`
`execution of all Java applications that are running on the device. The applications are
`
`those that have been sent to the device over the wireless network or through a serial link;
`
`these applications may need to be linked with other libraries on the device before being
`
`run. The libraries are those with which the applications may need to be linked; these
`
`libraries may expose sensitive APls.
`
`if a library exposes a sensitive APl, it must contain
`
`the following three items:
`
`a) A string 26 that provides a short description of the contents of the library;
`
`b) A public key 28 corresponding to the private key held by the author of the API; this
`
`public key will be used to verify signatures on signed applications that require
`
`access to the API;
`
`c) An APl identifier 30 that uniquely identifies the API
`
`Any signed application 23 on the device must contain the following three items:
`
`a) The Java byte code that is to be run;
`
`b) One or more digital signatures;
`
`protects.
`
`FIG 3 is a flow diagram of the code signing scheme.
`
`it an application
`
`developer is writing an application that will require access to a sensitive APl on a device,
`
`the finished application will need to be signed before it can run on the device. The
`
`
`
`lzzl.ti???iii!M 0
`
`ill
`
`-4-
`
`c) An APl identifier for each digital signature indicating which APl the digital signature
`
`Page 7 of 16
`
`

`

`developer can write an application 4, and can test it using a device simulator (not shown)
`
`because signature checking is disabled in the device simulator environment. Once the
`
`developer is satisfied that the application is working properly, in step 44, he submits it to
`
`step 46, the author of the protected API is responsible for reviewing the application that
`
`has been sent to him and verifying that it may be granted access to the sensitive APl on
`
`the device. The author may have a plurality of criteria by which the author makes his
`
`decision. In step 48, the author makes a determination of whether or not to sign the
`
`submitted application. if the author is satisfied, in step 50, the author signs the application
`
`using the author’s private key, and appends the digital signature (including the API
`
`identifier) to the application. The signed application is then returned to the application
`
`developer as in step 52. The application developer may then send the signed application,
`
`as in step 54, to a real device for execution therein. In step 56,
`
`if the author does not
`
`accept the code, the developer receives a rejection notice and the submitted application
`
`the author of the protected API to have the application reviewed and possibly signed. in
`
`-5-
`
`will not run on the device, if sent to it.
`
`FIG 4 is a flow diagram of the method that the device uses to handle a
`
`signed application. Once an application has arrived on the device in step 60, the virtual
`
`machine may begin the verification process. Any libraries that the application requires
`
`must also be present on the device before the process can continue. Once the device has
`
`all of the libraries required by the application,
`
`it will determine whether the application
`
`needs access to a sensitive APl within one of these libraries in step 62.
`
`if not, the
`
`application can be linked with all of the libraries it requires, and executed in step 76.
`
`In
`
`Page 8 of 16
`
`

`

`step 64, if the application does require access to a protected API, the virtual machine can
`
`extract the public key and API identifier from the library exposing the API. Then, in step
`
`66, the virtual machine looks through all of the signatures appended to the application, and
`
`tries to find one with an identifier matching the API identifier extracted from the library. The
`
`virtual machine determines if there is a match in step 68. If the signature cannot be
`
`verified, in step 74, the application is not loaded or executed.
`
`in one embodiment, the non—
`
`verified application is purged from the device. if the signature is verified properly in step
`
`70, the application must have been signed using the private key matching the public key
`
`in the library; only the author of the sensitive API has access to that private key, thus the
`
`author of the API must have been satisfied that this application should be granted access
`
`to the sensitive API. The virtual machine will display a notification message to the user,
`
`including the description of the API required by the application, similar to: “Application X
`
`requires access to the ‘strong cryptographic primitives’ API.” The user will then be asked
`
`if the application should be allowed to proceed.
`
`if the user chooses to execute the
`
`L4:
`
`asas:
`
`as;:2:
`E '12?
`{—n
`.w-xf"
`2-...5
`S
`5
`
`—-L 0'
`
`invention as described and claimed, whether or not expressly described.
`
`application, the virtual machine will continue to link the application. Once the linking
`process is complete, the application will be executed as in step 72; otherwise, the
`
`application will be executed.
`
`it will be appreciated that the above description relates to the preferred
`
`embodiment by way of example only. Many variations on the invention will be within the
`
`scope of those knowledgeable in the field, and such variations are within the scope of the
`
`Page 9 of 16
`
`

`

`
`
`Page 10 of 16
`
`

`

`WHAT IS CLAIMED AS THE INVENTION IS:
`
`1. A system for assigning a digital signature comprising:
`
`a) an application written in Java that will access the device;
`
`b) a code signing program that will maintain a public/private key pair and APl
`
`identifier and assign a digital signature to the application.
`
`2. A method for assigning and certifying a digital signature comprising steps of:
`
`a) compiling an application to be run on a device;
`
`b) reviewing the application;-
`
`0) accepting or rejecting the application;
`
`d) assigning a signature to the application using the code signing program;
`
`3. The method of claim 2d) wherein the signature is comprised of a signature generated
`
`the application;
`
`using the private key corresponding to a sensitive APl, and an unique identifier which
`
`identifies the sensitive API.
`
`4. A system for certifying a digital signature comprising:
`
`a) an application sent to the device with an associated library;
`
`b) a virtual machine which manages and executes the application ;
`
`c) a public key and APl identifier attached to the library to verify the signature on
`
`Page 11 of 16
`
`

`

`d) a digital signature and AP! identifier attached to the application;
`
`5. A method for certifying a digital signature comprising steps of:
`
`a) receiving a signed application on the device;
`
`b) determining whether the application requires secure access;
`
`0) obtaining the public key and API identifier from the library;
`
`d) matching the API identifier from the library with an API identifier from the
`
`application;
`
`e) verifying that the corresponding signature on the application is correct;
`
`f)
`
`linking the signed application with the library;
`
`9) executing the signed application.
`
`6. The method of claim 5 wherein the signature cannot be verified further comprising the
`
`the application without attempting to verify a signature.
`
`step of rejecting the application;
`
`. The method of claim 5 wherein the application does not require secure access further
`
`comprising the step of linking the application with the associated library and executing
`
`Page 12 of 16
`
`

`

`r._.”
`
`.
`Code Signer
`
`Signed application
`
`application Y
`
`Application
`deVeloperY
`
`signed
`applicationY
`
`Y
`
`Page 13 of 16
`
`

`

`Dascnptlon smug
`
`Pubhc key ko vanfy
`Slgnalure
`
`
`
`Virtual Machine
`
`library X wAh sensmve API
`
`
`
`Application
`
`HHhmaMawanm»S
`
`/
`
`Page 14 of 16
`
`

`

`Application Y uses
`library X
`
`Applicatlnn Y forwarded
`to code signer
`
`Code signer reviews
`code of applicalian Y _
`
`Tes‘l application Y in
`device simulator
`wherein simulator has
`no signature checking
`scheme
`
`Y in device
`
`Send rejection
`nolilication lo developer
`Y
`
`Accepl code ?
`
`Code signer signs
`application Y wllh his
`signing authority
`
`Relurn application Yta
`developer Y with
`appended signature
`
`Send signed application
`
`Page 15 of 16
`
`

`

`lerary X and
`sngned apphcahon
`Y amve on demce
`
`=
`
`Virtual Machine links
`applica’lmn Y wrth
`Itbrary X and executes
`
`Appllcatlon Y not
`loaded or
`executed
`
`cute sign -
`application
`
`Virtual Machine gets
`public key and signing
`Identh from library,
`looks for signalura With
`that idehtlty on
`application Y
`
`applicahon Y
`
`Page 16 of 16
`
`