Authorizing access to an application library
US10044716B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Dec 29, 2015 |
| Grant date | Aug 7, 2018 |
| Priority date | — |
| Expiry date | Mar 5, 2036 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/80
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
To prevent malicious code from accessing security sensitive functions implemented in a private portion of an application, accesses to the private portion are performed using a secure session established within the application between the private portion and a public portion of the same application. An authorization key can be shared between the public portion and the private portion. When the public portion attempts to invoke a function implemented in the private portion, a secure session is set up by generating a session ID, combining the session ID and the authorization key in a key derivation function to generate a conversation key, and using the conversation key to encrypt the function call from the public portion. The private portion can then decrypt a properly encrypted function call and invoke the appropriate function.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.