| 发明名称 | System and method for controlling access to secure resources | ||
| 摘要 | A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application. | ||
| 申请公布号 | US8844026(B2) | 申请公布日期 | 2014.09.23 |
| 申请号 | US201213486145 | 申请日期 | 2012.06.01 |
| 申请人 | BlackBerry Limited | 发明人 | Truskovsky Alexander;Adams Neil Patrick;Sherkin Alexander |
| 分类号 | G06F12/00;G06F17/30 | 主分类号 | G06F12/00 |
| 代理机构 | Bereskin & Parr LLP/S.E.N.C.R.L., s.r.l. | 代理人 | Bereskin & Parr LLP/S.E.N.C.R.L., s.r.l. |
| 主权项 | 1. A system for controlling access to a secure resource in a device, the device comprising a processor and a memory, wherein the processor is capable of: receiving a first request from a first application of a plurality of applications executable by the processor, the first request requesting access to the secure resource, and the first request identifying the plurality of applications; in response to the first request and to determining that each one of the plurality of applications is signed by a key associated with a same developer certificate, generating a first ticket associated with the secure resource and with each of the plurality of applications, wherein generating the first ticket comprises generating a message authentication code (MAC) for the first ticket using a key, an application identifier associated with the plurality of applications, and a secure resource identifier; storing the first ticket in the memory; receiving a second request from a second application of the plurality of applications, the second request requesting access to the secure resource, wherein a second ticket is not generated in response to the second request from the second application; and after receiving the second request, granting the second application access to the secure resource in response to determining that the first ticket associated with the secure resource exists and that the first ticket is associated with the second application. | ||
| 地址 | Waterloo, Ontario CA | ||