公开(公告)号：EP2312485A1

公开(公告)日：2011-04-20

申请号：EP10173426.7

申请日：2010-08-19

申请人： RESEARCH IN MOTION LIMITED

发明人： Whitehouse, Oliver ,  Kirkup, Michael Grant ,  Bender, Christopher Lyle ,  Brown, Michael Kenneth

IPC分类号： G06F21/00

CPC分类号： H04L63/145 ,  G06F21/53 ,  G06F21/56 ,  H04L63/14

摘要： Methods and systems for mitigating the effects of a malicious software application are disclosed. A dedicated module on the computing device receives from a malicious software detector a message indicating whether the application is malicious or has a malicious component. The dedicated module obtains a set of permissions to be granted to the application, and instructs software on the computing device that controls the permissions of the application to grant the set of permissions.

摘要翻译： 方法和系统用于减轻恶意软件应用程序的影响游离缺失盘。 计算设备上的专用模块从恶意软件检测器接收一个消息，表明应用程序是否是恶意的或具有恶意组件。 所述专用模块获得一组权限要授予所述应用，并且指示所述计算设备上的软件并控制应用程序的权限授予组权限。

公开(公告)号：EP2336937A1

公开(公告)日：2011-06-22

申请号：EP09178750.7

申请日：2009-12-10

申请人： RESEARCH IN MOTION LIMITED

发明人： Whitehouse, Oliver ,  Winston, Benjamin ,  McCallum, Michael E

IPC分类号： G06F21/00 ,  G06F9/445

CPC分类号： G06F9/4401 ,  G06F12/0223 ,  G06F12/1408 ,  G06F21/52

摘要： A method for dynamically (i.e., upon boot) rewriting, in a failure resistant manner, of part of, or the entirety of, the flash memory for a device allows for a changing of location for logical blocks of execute-in-place code. Conveniently, the rewriting results in a randomization, of varying degree, of the address space layout upon each boot up cycle.

摘要翻译： 动态地（即，在引导时）以设备的故障抵抗方式重写设备的闪速存储器的一部分或全部的方法允许改变现场执行代码的逻辑块的位置。 方便地，重写导致在每个启动周期上地址空间布局的不同程度的随机化。

公开(公告)号：EP2487618A3

公开(公告)日：2013-04-10

申请号：EP11154503.4

申请日：2011-02-15

申请人： Research In Motion Limited

发明人： Wood, Robert Henderson ,  Bowman, Roger Paul ,  Whitehouse, Oliver

IPC分类号： G06F21/57

摘要： Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a "factory mode" for the device. The "factory mode" allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the "factory mode". In contrast to the "factory mode", the secure mode of the device is referred to herein as a "product mode". There develops a need to manage, in a secure manner, transitions between the "product mode" and the "factory mode".

摘要翻译： 通常，在制造时，可以通过加密已被加密地签名的操作系统来向正在制造的设备提供安全性。 本申请公开了该设备的“工厂模式”。 “工厂模式”允许设备执行不受信任的操作系统代码，例如未签名的操作系统代码和已签名的操作系统代码，但证书颁发机构不受信任。 为了以安全的方式支持不可信操作系统代码的执行，该设备可以适于在设备处于“工厂模式”期间防止预定类型的数据被加载到设备上。 与“工厂模式”相反，设备的安全模式在这里被称为“产品模式”。 需要以安全的方式管理“产品模式”和“工厂模式”之间的过渡。

公开(公告)号：EP2592578A1

公开(公告)日：2013-05-15

申请号：EP11188696.6

申请日：2011-11-10

申请人： Research In Motion Limited ,  QNX Software Systems Limited

发明人： Ferguson, Geordon Thomas ,  Bender, Christopher Lyle ,  Zubiri, Alberto Daniel ,  Schneider, Kenneth Cyril ,  Whitehouse, Oliver ,  Hobbs, Christopher William Lewis

IPC分类号： G06F21/00

CPC分类号： G06F21/6236

摘要： In some implementations, a method of managing access to resources in a single device including receiving, from a first resource assigned to a first perimeter, a request to access a second resource assigned to a second perimeter different from the first perimeter. The single device includes the first perimeter and the second perimeter. Whether access to the second resource is prohibited is determined based on a management policy for the first perimeter. The management policy defining one or more rules for accessing resources assigned to the second perimeter including the second resource.

摘要翻译： 在一些实施方式中，一种管理对单个设备中资源的访问的方法，包括从分配给第一周边的第一资源接收访问分配给与第一周边不同的第二周边的第二资源的请求。 单个设备包括第一周边和第二周边。 是否禁止访问第二资源是基于第一周边的管理策略来确定的。 管理策略定义用于访问分配给包括第二资源的第二周边的资源的一个或多个规则。

公开(公告)号：EP2348762A3

公开(公告)日：2012-10-10

申请号：EP10195270.3

申请日：2010-12-15

申请人： Research In Motion Limited

发明人： Major, Daniel Jonas ,  Adams, Neil Patrick ,  Bender, Christopher Lyle ,  Tu, Van Quy ,  Whitehouse, Oliver

IPC分类号： H04W12/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04W12/08

摘要： An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed.

公开(公告)号：EP2336937B1

公开(公告)日：2012-04-04

申请号：EP09178750.7

申请日：2009-12-10

申请人： RESEARCH IN MOTION LIMITED

发明人： Whitehouse, Oliver ,  Winston, Benjamin ,  McCallum, Michael E

IPC分类号： G06F21/00 ,  G06F9/445

CPC分类号： G06F9/4401 ,  G06F12/0223 ,  G06F12/1408 ,  G06F21/52

公开(公告)号：EP2487618A2

公开(公告)日：2012-08-15

申请号：EP11154503.4

申请日：2011-02-15

申请人： Research In Motion Limited

发明人： Wood, Robert Henderson ,  Bowman, Roger Paul ,  Whitehouse, Oliver

IPC分类号： G06F21/00

摘要： Normally, at the time of manufacturing, security may be provided to a device being manufactured through the loading of an operating system that has been cryptographically signed. The present application discloses a "factory mode" for the device. The "factory mode" allows the device to execute untrusted operating system code, such as unsigned operating system code and operating system code that has been signed, but the certificate authority is not trusted. To support execution of untrusted operating system code in a secure manner, the device may be adapted to prevent data of predetermined type from being loaded on the device while the device is in the "factory mode". In contrast to the "factory mode", the secure mode of the device is referred to herein as a "product mode". There develops a need to manage, in a secure manner, transitions between the "product mode" and the "factory mode".

公开(公告)号：EP2348762A2

公开(公告)日：2011-07-27

申请号：EP10195270.3

申请日：2010-12-15

申请人： Research In Motion Limited

发明人： Major, Daniel Jonas ,  Adams, Neil Patrick ,  Bender, Christopher Lyle ,  Tu, Van Quy ,  Whitehouse, Oliver

IPC分类号： H04W12/00 ,  H04L29/06

CPC分类号： H04L63/20 ,  H04W12/08

摘要： An apparatus, and an associated method, facilitates security at a wireless device, such as a wireless device comprising a mobile computing platform. A security decision engine is provided that monitors for an event necessitating a security decision. When a security decision is required, request is made of a knowledge fetcher, provided by a trusted third-party, installed at the wireless device for the security decision. The knowledge fetcher obtains the security decision, such as by obtaining the security decision from a remote, trusted third-party server, and provides the security decision to the decision engine. Use is made of the security decision pursuant to a setting for which the security decision is needed.

摘要翻译： 的装置，和相关联的方法，在无线装置处，检查为包括移动计算平台的无线设备有助于安全性。 提供了用于监视的安全决策引擎的确到事件迫使安全决策。 当需要安全的决定请求是由知识提取程序的，由受信任的第三方，在安装了安全决策的无线设备提供。 知识获取器获得安全决策，：如通过从远程安全决策，可信的第三方服务器，并提供安全的决定决策引擎。 使用了安全的决定根据需要为其安全决策的一个设定。