公开(公告)号：US09088556B2

公开(公告)日：2015-07-21

申请号：US13891258

申请日：2013-05-10

Applicant: BLACKBERRY LIMITED

Inventor： Alexander Truskovsky ,  Christopher Lyle Bender ,  Daryl Joseph Martin

IPC: H04L29/06

CPC classification number: H04L63/08 ,  G06F21/45 ,  G06F21/554 ,  G06F2221/2135

Abstract: Methods and devices for detecting unauthorized access to credentials of a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises monitoring a plurality of credentials of the credential store accessed within a period associated with a first setting, and responsive to determining that a number of credentials accessed within the period exceeds a threshold associated with a second setting, outputting, in a user interface, an indication of potential unauthorized access to the credential store. In at least one embodiment, each of the credentials accessed within the period is associated with a different user account.

Abstract translation: 本文公开了用于检测未经授权访问计算设备上的证书存储的凭证的方法和设备。 在一个广泛的方面，该方法包括监视在与第一设置相关联的时段内访问的凭证存储的多个凭证，并且响应于确定在该周期内访问的凭证的数量超过与第二设置相关联的阈值，输出 在用户界面中，指示潜在的未授权访问凭证存储。 在至少一个实施例中，在该周期内访问的每个凭证与不同的用户帐户相关联。

公开(公告)号：US08909934B2

公开(公告)日：2014-12-09

申请号：US13952816

申请日：2013-07-29

Applicant: BlackBerry Limited

Inventor： Alexander Sherkin ,  Michael Anthony Carrara ,  Alexander Truskovsky

IPC: H04L9/32 ,  H04L9/00 ,  H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/006 ,  H04L9/321 ,  H04L9/3268 ,  H04L63/0823 ,  H04L63/083

Abstract: A certificate enrollment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrollment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.

Abstract translation: 可以提供证书注册助理模块，以将来自计算设备的挑战密码注入要发送到证书颁发机构的证书签名请求。 因此，证书注册助理模块充当可信代理，以帮助计算设备构建有效的证书签名请求，而不使计算设备能够访问挑战密码。

公开(公告)号：US09473309B2

公开(公告)日：2016-10-18

申请号：US13793166

申请日：2013-03-11

Applicant: BlackBerry Limited ,  Certicom Corp.

Inventor： Sean Alexander Courtney ,  Matthew John Campagna ,  George Ross Staikos ,  Alexander Truskovsky

IPC: H04L29/06 ,  H04L9/32 ,  H04W12/04

CPC classification number: H04L9/3268 ,  H04L63/0281 ,  H04L63/18 ,  H04W12/04

Abstract: A system for providing security services to a mobile device where the mobile device is in communication with a public network through a first network path that is subject to interference by a third party. The system includes a security server and a private network. The security server is operative to communicate with the mobile device through the private network. The security server is also operative to communicate with the public network through a second network path that is less susceptible to the interference by the third party than is the first network path. The security server communicates with the public network through the second network path to provide security services to the mobile device that are delivered over the private network.

Abstract translation: 一种用于向移动设备提供安全服务的系统，其中移动设备通过受第三方干扰的第一网络路径与公共网络通信。 该系统包括一个安全服务器和一个专用网络。 安全服务器可操作以通过专用网络与移动设备进行通信。 安全服务器还可操作以通过第二网络路径与公共网络进行通信，该第二网络路径比第一网络路径更不易受到第三方的干扰。 安全服务器通过第二网络路径与公共网络进行通信，以向通过专用网络传送的移动设备提供安全服务。

公开(公告)号：US20130311779A1

公开(公告)日：2013-11-21

申请号：US13952816

申请日：2013-07-29

Applicant: BlackBerry Limited

Inventor： Alexander SHERKIN ,  Michael Anthony CARRARA ,  Alexander Truskovsky

IPC: H04L29/06

CPC classification number: H04L63/0428 ,  H04L9/006 ,  H04L9/321 ,  H04L9/3268 ,  H04L63/0823 ,  H04L63/083

Abstract: A certificate enrolment assistant module may be provided to inject a challenge password into a certificate signing request to be sent, to a Certificate Authority, from a computing device. The certificate enrolment assistant module, thereby, acts as a trusted proxy to assist the computing device in building a valid certificate signing request without the computing device having access to the challenge password.

Abstract translation: 可以提供证书注册助理模块，以将来自计算设备的挑战密码注入要发送到证书颁发机构的证书签名请求。 因此，证书注册助理模块充当可信代理，以帮助计算设备构建有效的证书签名请求，而不使计算设备能够访问挑战密码。

公开(公告)号：US09384342B2

公开(公告)日：2016-07-05

申请号：US13891627

申请日：2013-05-10

Applicant: BLACKBERRY LIMITED

Inventor： Jeremy L. Kominar ,  Neil Patrick Adams ,  Alexander Truskovsky ,  Christopher Lyle Bender ,  Daryl Joseph Martin

IPC: G06F21/00 ,  G06F21/45

CPC classification number: G06F21/45

Abstract: Methods and devices for providing a warning associated with credentials to be stored in a credential store on a computing device are disclosed herein. In one broad aspect, the method comprises receiving a request to store, in the credential store, at least one credential for a specified service, determining whether a secure connection between the computing device and the specified service is available, associating the specified service with a level of security based on at least one of an availability of the secure connection or one or more properties of the secure connection, and providing a warning in response to determining that at least one credential stored in the credential store corresponds to the at least one credential for the specified service and is for a service that is associated with a level of security different from the level of security with which the specified service is associated.

Abstract translation: 本文公开了用于提供与要存储在计算设备上的凭证存储器中的凭证相关联的警告的方法和设备。 在一个广泛的方面，该方法包括接收在证书存储器中存储用于指定服务的至少一个凭证的请求，确定计算设备和指定服务之间的安全连接是否可用，将指定的服务与 基于安全连接的可用性或安全连接的一个或多个属性中的至少一个的安全级别，以及响应于确定存储在凭证存储库中的至少一个凭证对应于至少一个凭证而提供警告 用于指定的服务，并且用于与指定服务相关联的安全级别不同的安全级别相关联的服务。

公开(公告)号：US10075438B2

公开(公告)日：2018-09-11

申请号：US15174226

申请日：2016-06-06

Applicant: BlackBerry Limited

Inventor： Alexander Truskovsky ,  Daryl Joseph Martin

IPC: G06F15/16 ,  H04L29/06 ,  H04W12/06 ,  H04L29/08 ,  H04L12/911 ,  H04W88/02

CPC classification number: H04L63/0869 ,  H04L47/70 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/1458 ,  H04L67/04 ,  H04W12/06 ,  H04W88/02

Abstract: Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request to establish a wireless communication service relationship between the device and the server is pushed from the server to the device. After the device verifies the server, a mutually authenticated communication session is established between the device and the server for activation of the device on the server.

公开(公告)号：US20160285869A1

公开(公告)日：2016-09-29

申请号：US15174226

申请日：2016-06-06

Applicant: BlackBerry Limited

Inventor： Alexander Truskovsky ,  Daryl Joseph Martin

IPC: H04L29/06 ,  H04L29/08 ,  H04L12/911 ,  H04W12/06

CPC classification number: H04L63/0869 ,  H04L47/70 ,  H04L63/0823 ,  H04L63/10 ,  H04L63/1458 ,  H04L67/04 ,  H04W12/06 ,  H04W88/02

Abstract: Methods and systems for enabling activation of a wireless communication device to operate with a server on a wireless communication network. An activation request to establish a wireless communication service relationship between the device and the server is pushed from the server to the device. After the device verifies the server, a mutually authenticated communication session is established between the device and the server for activation of the device on the server.

Abstract translation: 用于使无线通信设备能够激活以在无线通信网络上与服务器一起操作的方法和系统。 用于在设备和服务器之间建立无线通信服务关系的激活请求被从服务器推送到设备。 在设备验证服务器之后，在设备和服务器之间建立相互认证的通信会话以激活服务器上的设备。

公开(公告)号：US09384341B2

公开(公告)日：2016-07-05

申请号：US14485855

申请日：2014-09-15

Applicant: BlackBerry Limited

Inventor： Alexander Truskovsky ,  Neil Patrick Adams ,  Alexander Sherkin

IPC: G06F17/30 ,  H04L29/06 ,  G06F21/44 ,  G06F21/31 ,  G06F21/33 ,  G06F21/40 ,  H04L9/32

CPC classification number: G06F21/44 ,  G06F21/31 ,  G06F21/335 ,  G06F21/40 ,  H04L9/3213 ,  H04L2209/80 ,  H04W12/08

Abstract: A system and method for controlling access to a secure resource in a device are disclosed. In some embodiments, the device may include a processor capable of receiving a first request from a first application of a plurality of applications executable by the processor, where the first request requests access to the secure resource, and the first request identifies the plurality of applications. In response to the first request, the processor is capable of generating a ticket associated with the secure resource and with each of the plurality of applications, and then storing the ticket in a memory. After receiving a second request from a second application requesting access to the secure resource, the processor is capable of granting the second application access to the secure resource, if the ticket associated with the secure resource exists and if the ticket is associated with the second application.

Abstract translation: 公开了一种用于控制对设备中的安全资源的访问的系统和方法。 在一些实施例中，设备可以包括能够从第一应用接收可由处理器执行的多个应用的​​第一请求的处理器，其中第一请求请求对安全资源的访问，并且第一请求标识多个应用 。 响应于第一请求，处理器能够生成与安全资源和多个应用程序中的每一个相关联的票据，然后将票据存储在存储器中。 在从第二应用程序接收到请求访问安全资源的第二请求之后，如果存在与安全资源相关联的票据，并且如果票据与第二应用程序相关联，则处理器能够授予对安全资源的第二应用访问 。

公开(公告)号：US09292314B2

公开(公告)日：2016-03-22

申请号：US14339723

申请日：2014-07-24

Applicant: BlackBerry Limited

Inventor： Neil Patrick Adams ,  Sean Alexander Courtney ,  Alexander Truskovsky

IPC: G06F1/24 ,  G06F9/445 ,  G06F21/53 ,  G06F21/54 ,  G06F21/60

CPC classification number: G06F9/44505 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F2221/2149

Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.

Abstract translation: 本文描述了用于控制计算设备的系统设置的方法和设备。 一个示例性实施例包括：确定与软件应用相关联的配置数据，其中所述配置数据识别在所述软件应用的执行期间在所述计算设备上临时执行的一个或多个新的系统设置，并且其中所述配置数据被数字签名; 并且响应于启动所述软件应用的执行，重新配置所述计算设备上的系统设置; 其中所述重新配置包括验证与所述经数字签名的配置数据相关联的至少一个数字签名; 其中如果与所述数字签名的配置数据相关联的所述至少一个数字签名成功地验证，则所述重新配置还包括在所述软件应用的执行期间暂时执行新的系统设置。

公开(公告)号：US20150019857A1

公开(公告)日：2015-01-15

申请号：US14339723

申请日：2014-07-24

Applicant: BlackBerry Limited

Inventor： Neil Patrick Adams ,  Sean Alexander Courtney ,  Alexander Truskovsky

IPC: G06F9/445 ,  G06F21/60

CPC classification number: G06F9/44505 ,  G06F21/53 ,  G06F21/54 ,  G06F21/602 ,  G06F2221/2149

Abstract: Methods and devices for controlling system settings of a computing device are described herein. One example embodiment comprises: determining configuration data associated with a software application, wherein the configuration data identifies one or more new system settings to be temporarily enforced on the computing device during an execution of the software application, and wherein the configuration data is digitally signed; and in response to an initiation of the execution of the software application, reconfiguring system settings on the computing device; wherein the reconfiguring comprises verifying at least one digital signature associated with the digitally signed configuration data; wherein if the at least one digital signature associated with the digitally signed configuration data successfully verifies, then the reconfiguring further comprises temporarily enforcing new system settings for the duration of the execution of the software application.

Abstract translation: 本文描述了用于控制计算设备的系统设置的方法和设备。 一个示例性实施例包括：确定与软件应用相关联的配置数据，其中所述配置数据识别在所述软件应用的执行期间在所述计算设备上临时执行的一个或多个新的系统设置，并且其中所述配置数据被数字签名; 并且响应于启动所述软件应用的执行，重新配置所述计算设备上的系统设置; 其中所述重新配置包括验证与所述经数字签名的配置数据相关联的至少一个数字签名; 其中如果与所述数字签名的配置数据相关联的所述至少一个数字签名成功地验证，则所述重新配置还包括在所述软件应用的执行期间暂时执行新的系统设置。