公开(公告)号：WO2009111411A2

公开(公告)日：2009-09-11

申请号：PCT/US2009/035755

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于基于至少一个载体简档来授权在安全操作环境中执行软件代码或访问能力的系统和方法。 运营商简档可以由可信实体发布以将信任扩展到其他实体，以允许这些其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 运营商配置文件允许实体向设备添加软件代码，而不必由可信管理机构重新授权每个分发，或由其他实体控制或授权的有限的设备组。

公开(公告)号：WO2009111409A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035752

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. A request in a first program may be received from a second program. A profile is then identified. The profile includes at least one entitlement associated with the second program. The profile is authenticated based on a first digest indicative of the profile and the second program is authenticated based on a second digest indicative of the second program. The request is then executed based on the entitlement.

Abstract translation: 实施例包括用于授权在安全操作环境中执行软件代码或访问能力的系统和方法。 配置文件可以由受信任的实体发布以将信任扩展到其他实体，以允许其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 可以从第二程序接收第一程序中的请求。 然后识别配置文件。 该简档包括与第二程序相关联的至少一个授权。 基于指示简档的第一摘要来鉴定简档，并且基于指示第二程序的第二摘要对第二程序进行认证。 然后根据授权执行该请求。

公开(公告)号：WO2009111408A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035750

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51 ,  G06F21/31 ,  G06F21/33 ,  G06F21/44 ,  G06F21/50 ,  G06F21/53

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments. Profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The profiles allow entities to add software code to the device without reauthorizing each distribution by a trusted authority such as testing, quality assurance, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于授权在安全操作环境中执行软件代码或访问能力的系统和方法。 配置文件可以由受信任的实体发布以将信任扩展到其他实体，以允许其他实体在诸如特定计算设备的安全操作环境中提供或控制应用的执行。 配置文件允许实体向设备添加软件代码，而不必由受信任的机构（例如测试，质量保证）或由其他实体控制或授权的有限的设备组重新授权每个分发。

公开(公告)号：WO2009111401A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035736

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/6218 ,  G06F2221/2141

Abstract: Systems and methods for managing access to restricted data and system resources in secure operating environments are disclosed. Developer access profiles are issued by trusted authorities to developers which define entitlements that provide limited access to system resources and data on specified computing devices. The developer access profiles allow software developers to write software which accesses parts of the target platform environment which are typically off limits to third party developers.

Abstract translation: 公开了用于在安全操作环境中管理对受限数据和系统资源的访问的系统和方法。 开发人员访问配置文件由受信任的权限发布给开发人员，这些开发人员定义了对指定计算设备上的系统资源和数据的有限访问权限。 开发人员访问配置文件允许软件开发人员编写访问目标平台环境部分的软件，这些部分通常不受第三方开发人员的限制。

公开(公告)号：WO2009111411A3

公开(公告)日：2009-11-12

申请号：PCT/US2009035755

申请日：2009-03-02

Applicant: APPLE INC ,  DE ATLEY DALLAS ,  PANTHER HEIKO ,  ADLER MITCHELL ,  COOPER SIMON ,  BROUWER MICHAEL ,  REDA MATT

Inventor： DE ATLEY DALLAS ,  PANTHER HEIKO ,  ADLER MITCHELL ,  COOPER SIMON ,  BROUWER MICHAEL ,  REDA MATT

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed or access capabilities in secure operating environments based on at least one carrier profile. Carrier profiles may be issued by trusted entities to extend trust to other entities to allow those other entities to provide or control execution of applications in a secure operating environment such as on particular computing devices. The carrier profiles allow entities to add software code to a device without reauthorizing each distribution by the trusted authority, or to limited groups of devices controlled or authorized by the other entities.

Abstract translation: 实施例包括用于基于至少一个载波配置文件授权要在安全操作环境中执行的软件代码或访问能力的系统和方法。 运营商简档可由可信实体发布以将信任扩展到其他实体以允许那些其他实体提供或控制诸如特定计算设备之类的安全操作环境中的应用的执行。 载体配置文件允许实体向设备添加软件代码，而无需由可信管理机构重新授权每个分发，或允许其他实体控制或授权的有限设备组。

公开(公告)号：WO2009111405A1

公开(公告)日：2009-09-11

申请号：PCT/US2009/035744

申请日：2009-03-02

Applicant: APPLE INC. ,  DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

Inventor： DE ATLEY, Dallas ,  PANTHER, Heiko ,  ADLER, Mitchell ,  COOPER, Simon ,  BROUWER, Michael ,  REDA, Matt

IPC: G06F21/00

CPC classification number: G06F21/51

Abstract: Embodiments include systems and methods for authorizing software code to be executed on a device based on a trusted cache. When receiving a request to execute software, this software may be checked for a digital signature by at least one trusted authority. According, a digest value indicative of at least a portion of the software module may be determined. A cache stored in trusted space of the device is then accessed for a matching digest value. If an entry is found, the device may allow execution of the software module; if an entry is not found, then the device may continue with the cryptographic operations for verifying the software's digital signature, or may be configured to block execution of the software.

Abstract translation: 实施例包括用于授权在基于可信缓存的设备上执行软件代码的系统和方法。 当接收到执行软件的请求时，可以由至少一个可信管理机构检查该软件的数字签名。 据此，可以确定指示软件模块的至少一部分的摘要值。 存储在设备的可信空间中的缓存然后被访问以获得匹配的摘要值。 如果找到条目，则该设备可以允许执行该软件模块; 如果未找到条目，则设备可以继续用于验证软件的数字签名的加密操作，或者可以被配置为阻止软件的执行。