WO2012139903A2 - A method and a system to generate and manage native applications - Google Patents

A method and a system to generate and manage native applications Download PDF

Info

Publication number
WO2012139903A2
WO2012139903A2 PCT/EP2012/055792 EP2012055792W WO2012139903A2 WO 2012139903 A2 WO2012139903 A2 WO 2012139903A2 EP 2012055792 W EP2012055792 W EP 2012055792W WO 2012139903 A2 WO2012139903 A2 WO 2012139903A2
Authority
WO
WIPO (PCT)
Prior art keywords
application
per
apis
developer
native
Prior art date
Application number
PCT/EP2012/055792
Other languages
French (fr)
Other versions
WO2012139903A3 (en
Inventor
Michael Schneider
Daniel Jesús COLOMA
Original Assignee
Telefonica, S.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonica, S.A. filed Critical Telefonica, S.A.
Priority to EP12728413.1A priority Critical patent/EP2697731A2/en
Priority to US14/111,871 priority patent/US20140109197A1/en
Priority to BR112013026486A priority patent/BR112013026486A2/en
Publication of WO2012139903A2 publication Critical patent/WO2012139903A2/en
Publication of WO2012139903A3 publication Critical patent/WO2012139903A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/70Software maintenance or management
    • G06F8/71Version control; Configuration management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present invention generally relates, in a first aspect, to a method to generate and manage native applications, based on the bundling of a generic application with adequate runtimes, and more particularly to a method comprising using runtimes handling Network APIs.
  • a second aspect of the invention concerns to a system to generate and manage native applications adapted for implementing the method of the first aspect.
  • Runtimes supplied by different ISV or OEMs are implemented in different manners.
  • Network APIs The usage of resources available in the network is one of the features developers are also interested in (e.g. in-app billing, user identity... ). In this case, the handling of the security (authentication and authorization) is especially critical, as the flows may be security sensitive, complex and extremely difficult to be managed by developers.
  • the present invention concerns, in a first aspect, to a method to generate and manage native applications, comprising:
  • step b) further comprises bundling said generic application together with a runtime handling Network APIs.
  • a second aspect of the invention relates to a system to generate and manage native applications, comprising means for performing at least steps b) and c) of the method of the first aspect
  • Figure 1 shows a prior art mechanism regarding Native Apps development where multiple versions of the same application are originally created
  • Figure 2 shows another prior art proposal concerning Runtime Apps Development where runtimes are provisioned in the targeted devices
  • Figure 3 illustrates another prior art scenario where the runtimes are embedded with the application by the developer
  • Figure 4 schematically shows a prior art system which differs from the one of Figure 3 in that the runtimes embedding is performed by means of an application builder receiving the application from the developer;
  • Figure 5 shows, at a schematic level, the architecture of the system of the second aspect of the invention used for implementing the method of the first aspect, for an embodiment;
  • Figure 6 shows a High Level Workflow representative of an embodiment of the method of the first aspect of the invention
  • Figure 7 to 11 sequentially show steps 1 to 5 of an application generation process according to the method of the first aspect of the invention, for an embodiment, ending, at step 5 of Figure 11 , with the creation of a native application;
  • Figure 12 schematically shows the created native application once installed on the device/OS after an application download process followed according to an embodiment of the method of the invention
  • Figure 13 shows the security configuration shown to the device user when the application is executed for the first time, as per an embodiment of the method of the first aspect of the invention
  • Figure 14 schematically shows the usage of the Device APIs by the application as per an embodiment of the method of the first aspect of the invention
  • Figure 15 shows the usage of Network APIs by the downloaded application according to an embodiment of the method of the first aspect of the invention.
  • Figure 16 shows an example of a Network API Authentication/Authorization workflow as per an embodiment of the method of the first aspect of the invention, in order to access the Network APIs as shown in Figure 15.
  • the developer can create the application based on the runtime specifications (developer application) and using only the technology the runtime provides.
  • the developer can submit the application to the system that, for an elaborated embodiment:
  • the system may expose the application to end-users: when a user wants to download an app, the system, based on the device being used, serves the right application version.
  • Figure 5 represents graphically the system of the second aspect of the invention, used for implementing the method of the first aspect.
  • Runtimes DB Database in which the different runtimes to be embedded in the native applications are available.
  • o Rules DB Database in which the rules to be applied for the native application generation are available. For instance, the rules for a particular OS may indicate whether application signing is needed or not or which APIs are supported.
  • o Devices DB Database in which the information about the supported OS and devices is stored
  • Developers DB Database in which developer information and credentials (e.g. developer keys) are available,
  • o Applications DB Database in which all the applications (either authored by developers or generated by the system) are available.
  • App Translator responsible for converting the developer application (authored in the Runtime) to multiple native versions (one per supported OS).
  • o Device APIs RT Includes the component that binds the RT
  • Device APIs calls to the native OS.
  • o Device APIs RT Security Includes the layer that restricts the access to the Device APIs depending on the administrator choices and level of trust of the developer,
  • o Network APIs RT adder Includes the component that binds the RT Network APIs calls to the APIs exposed in the network (e.g. from JavaScript to HTTP REST),
  • o Signing Signs the application with the developer credentials or/and the distributor signature.
  • App Distributor responsible for handling application download requests. Based on the request headers identifies the application that should be deployed in the customers' device.
  • Figure 6 depicts a high level diagram of the flow that is performed when an application is submitted by the developer to the distributor, according to an embodiment of the method of the invention, where legends indicated therein must be textually interpreted as actions performed between the device user, a builder distributor (part of the system of the invention), the application developer, and other distributors, according to a sequence going from up to down in the diagram, and following the directions of the depicted arrows.
  • Step 0 The system reads the developer profile, the supported OS, RTs and security settings and based on that, it determines what is the workflow that the application should go through.
  • Step 1 For every supported OS (according to the workflow determined in step 0), the right runtime that "translates" the RT application API calls to the OS APIs is applied. After this step, the original application has led to N versions of the application, one for every supported OS/Platform.
  • Step 2 The system adds, for every application version the security framework determined during STEP 0 and that has a consistent UX for every OS.
  • the framework to be applied may depend on the level of trust of the developer (e.g. apps developed by the distributor itself may have fewer prompts). This framework may still be adapted/customized depending on the end-user choices.
  • Step 3 The system adds, for every application version the appropriate libraries to bind the calls that the runtime app makes to network resources to the implementation of the network resources that the distributor has. For instance, a JavaScript call in the runtime may need a translation to the native OS and then link to the Network resources (e.g. HTTP calls).
  • Step 4 The system adds, for every application version the appropriate security framework for performing network API and application authentication and authorization. This framework may handle things such as validity of tokens, prompting regime, user authentication needed. During this step the developer credentials as well as the distributor certificates/credentials, are added.
  • Step 5 If any destination OS requires application signing (according to the workflow defined in the step 0), the app is signed for that OS.
  • Step 6 All the generated apps will be stored in the system in the applications database. The applications are also returned to the developer in case he is interested in uploading them directly to other application distributors.
  • Step 0 A user requests an application from the store; a unique ID identifies the application.
  • the device provides in the request the information about the platform/OS used by device.
  • Step 1 The App distributor module finds the right application version for the targeted device/platform.
  • Step 2 The App is delivered to the device, which installs the application on top of the targeted OS.
  • Step 0 When the application is executed the first time, it notifies the user about the network and device APIs the app is going to use and might allow him (depending on build system settings) to customize the prompting regime linked to them (figure 13).
  • Step 1 When the application tries to use a device API, it checks whether prompting is needed. If so, the Device APIs RT Sec Framework asks the user for authorization. In case he allows it or no prompting is needed, the API usage will be authorized and the native capability will be granted and used (figure 14).
  • Step 2 When the application tries to use a network API, the security framework checks if the usage of that API has been authorized before by the end-user (figure 15).
  • Step 2A If the usage has been authorized before, the framework already knows the developer token as well as the authorization token. Both are included in the network request that is created based on the original developer call.
  • Step 2B If the usage has not been authorized or the authorization has expired the framework needs to check the usage authorization of the APIs, in order to do so, for instance, the framework may prompt the user and ask him for his credentials for accessing that network resource. If the credentials are authenticated, an authorization code is returned to the runtime network security framework. If the authorization is not successful the request is rejected, if it is successful the developer request is further processed as specified in step 2A.
  • Figure 16 describes an example of this security authentication flow, according to an embodiment of the method of the invention, where legends indicated therein must be textually interpreted as actions performed between the device user, the application, the Network Security Framework, the Network APIs Runtime and the Network APIs, according to a sequence going from up to down in the diagram, and following the directions of the depicted arrows.
  • the solution defined in this invention is flexible enough to accommodate the desired security flow, as it will be injected in the application generation step according to the needs of the application distributor.
  • the applications that can be developed by this system are richer than the ones other similar solutions are allowing today:
  • the apps can use not only device APIs but also Network APIs with a very simple User Experience.
  • the solution is extremely simple for developers, they create one application using a single technology and multiple variants of that application are created. Additionally the runtime handles all the security, which is usually one of the most complicated areas to deal with by developers (especially in the network APIs).
  • the security is also strengthened: the application developer does not need to take care of application signing, authentication or authorization.
  • the builder and distributor manage all those aspects, which minimize the opportunity for malware development and proliferation.
  • Developer Application Is the applications that are directly authored by the developer.
  • the developer applications are built using a Runtime technology.
  • Native Application Application that is built using the native capabilities of a device (e.g. Dalvik in Android Devices or iOS in iPhones).
  • Runtime Element that allows the execution of applications.
  • a runtime is typically built in a cross-platform manner, so that the same app can be deployed in any device equipped with the adequate runtime.
  • Network APIs APIs that allow usage of network resources, those resources are typically exposed through HTTP Interfaces. However, different shim layers can be built on top of them to facilitate access to them (e.g. JavaScript APIs or Native libraries).
  • Authentication It is a process by which it is verified that someone is who he or she claims they are. For instance, in the case of network APIs, it is required that the application user is authenticated in order to allow the application to use the end-user account (e.g. charging him for message sending).
  • Authorization It is a process by which its checked if someone has the right to access a resource. For instance, in the case of network APIs it may be achieved to the use of an authorization token that is linked to the developer. I.e. if the token is valid, that means that the developer has the right to Access that resource.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The method comprises: a) creating, an application developer, a run time based generic application; b) generating a plurality of native applications for different corresponding operating systems by bundling said generic application together with a runtime for every supported operating system, or OS, said runtimes handling OS Device APIs and Network APIs; and c) managing said native applications by at least their storage in a database and/or their distribution to computing devices. The system comprising means for performing said steps b) and c) of the method of the invention.

Description

A method and a system to generate and manage native applications
Field of the art
The present invention generally relates, in a first aspect, to a method to generate and manage native applications, based on the bundling of a generic application with adequate runtimes, and more particularly to a method comprising using runtimes handling Network APIs.
A second aspect of the invention concerns to a system to generate and manage native applications adapted for implementing the method of the first aspect.
Prior State of the Art
Developing applications for mobile devices has been an extremely time consuming task because developers needed to create multiple versions of the same application for different devices and/or Operating Systems (Figure 1).
Due to this situation, the concept of cross-OS or cross-device Runtime was created. A runtime allows the same application to be developed once and deployed in multiple OS/devices provided the appropriate runtime is provisioned in the targeted devices (Figure 2).
However, the paradigm that was pushed by JavaME [1] firstly and now by WAC [2] has suffered some practical problems:
Not all the devices have the appropriate Runtime provisioned.
Runtimes supplied by different ISV or OEMs are implemented in different manners.
Due to those factors, when a developer created an application for a runtime, he was not sure if the application was going to run on the targeted device because of the lack of runtime or the differences with the runtime he tested and verified the application.
In order to avoid those problems, some initiatives have been created in order to bundle the application with the required runtime (e.g. Phonegap [3]) and creating (based on a unique developer application) multiple native applications (one per platform). By delivering a bundle including the two components, the developer ensures that the application will run on the device regardless of the OS, model and the provisioning of the WRT (Figure 3). Although the solution depicted in Figure 3 could look like a good approach, it is again bringing back to the developer the problem of OS and device heterogeneity: Developers need to use different versions of the runtime for every OS and device.
In order to mitigate that problem, another iteration called "Phonegap Build" [4] has been created by PhoneGap (Figure 4). Developers can just submit their application created for the runtime, that application will be converted and packaged for the different operating systems.
Problems with existing solutions:
Although developers can now get native apps based on a unique runtime application, the current solutions are only considering the inclusion of runtimes that abstract the heterogeneity of Device APIs. However, developers are not only interested in an abstraction layer in that area, but in some others such as:
Network APIs: The usage of resources available in the network is one of the features developers are also interested in (e.g. in-app billing, user identity... ). In this case, the handling of the security (authentication and authorization) is especially critical, as the flows may be security sensitive, complex and extremely difficult to be managed by developers.
Security: Different OSs have different security models, and some of them are not secure enough to satisfy the user needs. None of the current solutions provide a common security experience on top of different OS.
Description of the Invention
It is necessary to offer an alternative to the state of the art which covers the gaps found therein, particularly those existing in runtimes used for generating native applications regarding the abstraction layers they don't include in the above mentioned proposals.
To that end, the present invention concerns, in a first aspect, to a method to generate and manage native applications, comprising:
a) creating, an application developer, a run time based generic application; b) generating a plurality of native applications for different corresponding operating systems by bundling said generic application together with a runtime for every supported operating system, or OS, said runtimes handling OS Device APIs; and c) managing said native applications by at least their storage in a database and/or their distribution to computing devices. In the method of the first aspect of the invention, differently from known proposals, said step b) further comprises bundling said generic application together with a runtime handling Network APIs.
For different embodiments of the method of the first aspect of the invention, it further comprises, for the generation of each of said native applications at step b), performing one or more of the next further actions:
- adding a security framework for restricting the access to said OS Device APIs;
- adding a security framework for controlling the authentication and authorization of the usage of said Network APIs; and
- applying at least one of a set of transformation rules including: application signing and embedding developer credentials for Network APIs usage.
Other embodiments of the method of the first aspect of the invention are described with reference to appended claims 3 to 14, and in a subsequent section related to the detailed description of several embodiments.
A second aspect of the invention relates to a system to generate and manage native applications, comprising means for performing at least steps b) and c) of the method of the first aspect
Some embodiments of the system of the second aspect of the invention are described with reference to appended claims 16 to 18, and in a subsequent section related to the detailed description of several embodiments.
Brief Description of the Drawings
The previous and other advantages and features will be more fully understood from the following detailed description of embodiments, with reference to the attached drawings, which must be considered in an illustrative and non-limiting manner, in which:
Figure 1 shows a prior art mechanism regarding Native Apps development where multiple versions of the same application are originally created;
Figure 2 shows another prior art proposal concerning Runtime Apps Development where runtimes are provisioned in the targeted devices;
Figure 3 illustrates another prior art scenario where the runtimes are embedded with the application by the developer;
Figure 4 schematically shows a prior art system which differs from the one of Figure 3 in that the runtimes embedding is performed by means of an application builder receiving the application from the developer; Figure 5 shows, at a schematic level, the architecture of the system of the second aspect of the invention used for implementing the method of the first aspect, for an embodiment;
Figure 6 shows a High Level Workflow representative of an embodiment of the method of the first aspect of the invention;
Figure 7 to 11 sequentially show steps 1 to 5 of an application generation process according to the method of the first aspect of the invention, for an embodiment, ending, at step 5 of Figure 11 , with the creation of a native application;
Figure 12 schematically shows the created native application once installed on the device/OS after an application download process followed according to an embodiment of the method of the invention;
Figure 13 shows the security configuration shown to the device user when the application is executed for the first time, as per an embodiment of the method of the first aspect of the invention;
Figure 14 schematically shows the usage of the Device APIs by the application as per an embodiment of the method of the first aspect of the invention;
Figure 15 shows the usage of Network APIs by the downloaded application according to an embodiment of the method of the first aspect of the invention; and
Figure 16 shows an example of a Network API Authentication/Authorization workflow as per an embodiment of the method of the first aspect of the invention, in order to access the Network APIs as shown in Figure 15.
Detailed Description of Several Embodiments
This proposal goes beyond the existing solutions by defining an application processor and distributor that based on a universal application format creates different bundles that comprise the application and runtime for every targeted OS.
The developer can create the application based on the runtime specifications (developer application) and using only the technology the runtime provides. When the application is ready, the developer can submit the application to the system that, for an elaborated embodiment:
Checks the validity of the application.
Bundles the developer application together with the runtime for every supported OS. The runtime handles:
• The binding to the OS Device APIs.
· A consistent security model for accessing the Device APIs. • The binding to the Network APIs.
• The Authentication and Authorization for accessing the Network APIs.
Applies a set of transformation rules that prepare the bundles created as defined above so they are ready for installation in every supported OS/device.
For instance, application signing and embedding developer credentials for Network APIs usage.
Returns the native applications generated to the developers so that they can upload them to the stores they are interested in. Additionally, the system may expose the application to end-users: when a user wants to download an app, the system, based on the device being used, serves the right application version.
Figure 5 represents graphically the system of the second aspect of the invention, used for implementing the method of the first aspect.
The components that make up the system, for the illustrated embodiment, are:
• Databases: Manage different information needed for the right behaviour of the system.
o Runtimes DB: Database in which the different runtimes to be embedded in the native applications are available.
o Rules DB: Database in which the rules to be applied for the native application generation are available. For instance, the rules for a particular OS may indicate whether application signing is needed or not or which APIs are supported.
o Devices DB: Database in which the information about the supported OS and devices is stored,
o Developers DB: Database in which developer information and credentials (e.g. developer keys) are available,
o Applications DB: Database in which all the applications (either authored by developers or generated by the system) are available.
• App Translator: Responsible for converting the developer application (authored in the Runtime) to multiple native versions (one per supported OS). o Device APIs RT: Includes the component that binds the RT
Device APIs calls to the native OS.
o Device APIs RT Security: Includes the layer that restricts the access to the Device APIs depending on the administrator choices and level of trust of the developer,
o Network APIs RT adder: Includes the component that binds the RT Network APIs calls to the APIs exposed in the network (e.g. from JavaScript to HTTP REST),
o Network APIs RT Security: Includes the layer that controls that is responsible for handling the authorization and authentication for Network API usage,
o Signing: Signs the application with the developer credentials or/and the distributor signature.
• App Distributor: Responsible for handling application download requests. Based on the request headers identifies the application that should be deployed in the customers' device.
Figure 6 depicts a high level diagram of the flow that is performed when an application is submitted by the developer to the distributor, according to an embodiment of the method of the invention, where legends indicated therein must be textually interpreted as actions performed between the device user, a builder distributor (part of the system of the invention), the application developer, and other distributors, according to a sequence going from up to down in the diagram, and following the directions of the depicted arrows.
Detailed Workflow:
Next, a more detailed description of the key workflows that are performed according to the method of the first aspect of the invention and by the system of the second aspect, or by the applications generated thereby, is given.
Application generation:
Step 0: The system reads the developer profile, the supported OS, RTs and security settings and based on that, it determines what is the workflow that the application should go through.
Step 1 : For every supported OS (according to the workflow determined in step 0), the right runtime that "translates" the RT application API calls to the OS APIs is applied. After this step, the original application has led to N versions of the application, one for every supported OS/Platform.
Step 2: The system adds, for every application version the security framework determined during STEP 0 and that has a consistent UX for every OS. The framework to be applied may depend on the level of trust of the developer (e.g. apps developed by the distributor itself may have fewer prompts). This framework may still be adapted/customized depending on the end-user choices.
Step 3: The system adds, for every application version the appropriate libraries to bind the calls that the runtime app makes to network resources to the implementation of the network resources that the distributor has. For instance, a JavaScript call in the runtime may need a translation to the native OS and then link to the Network resources (e.g. HTTP calls).
Step 4: The system adds, for every application version the appropriate security framework for performing network API and application authentication and authorization. This framework may handle things such as validity of tokens, prompting regime, user authentication needed. During this step the developer credentials as well as the distributor certificates/credentials, are added.
Step 5: If any destination OS requires application signing (according to the workflow defined in the step 0), the app is signed for that OS.
· Step 6: All the generated apps will be stored in the system in the applications database. The applications are also returned to the developer in case he is interested in uploading them directly to other application distributors.
Application download:
· Step 0: A user requests an application from the store; a unique ID identifies the application. The device provides in the request the information about the platform/OS used by device.
Step 1 : The App distributor module finds the right application version for the targeted device/platform.
· Step 2: The App is delivered to the device, which installs the application on top of the targeted OS.
Application execution:
Step 0: When the application is executed the first time, it notifies the user about the network and device APIs the app is going to use and might allow him (depending on build system settings) to customize the prompting regime linked to them (figure 13).
Step 1 : When the application tries to use a device API, it checks whether prompting is needed. If so, the Device APIs RT Sec Framework asks the user for authorization. In case he allows it or no prompting is needed, the API usage will be authorized and the native capability will be granted and used (figure 14).
Step 2: When the application tries to use a network API, the security framework checks if the usage of that API has been authorized before by the end-user (figure 15).
o Step 2A: If the usage has been authorized before, the framework already knows the developer token as well as the authorization token. Both are included in the network request that is created based on the original developer call.
o Step 2B: If the usage has not been authorized or the authorization has expired the framework needs to check the usage authorization of the APIs, in order to do so, for instance, the framework may prompt the user and ask him for his credentials for accessing that network resource. If the credentials are authenticated, an authorization code is returned to the runtime network security framework. If the authorization is not successful the request is rejected, if it is successful the developer request is further processed as specified in step 2A.
Figure 16 describes an example of this security authentication flow, according to an embodiment of the method of the invention, where legends indicated therein must be textually interpreted as actions performed between the device user, the application, the Network Security Framework, the Network APIs Runtime and the Network APIs, according to a sequence going from up to down in the diagram, and following the directions of the depicted arrows. Please note that the solution defined in this invention is flexible enough to accommodate the desired security flow, as it will be injected in the application generation step according to the needs of the application distributor.
A person skilled in the art could introduce changes and modifications in the embodiments described without departing from the scope of the invention as it is defined in the attached claims. Advantages of the Invention:
The applications that can be developed by this system are richer than the ones other similar solutions are allowing today: The apps can use not only device APIs but also Network APIs with a very simple User Experience.
The solution is extremely simple for developers, they create one application using a single technology and multiple variants of that application are created. Additionally the runtime handles all the security, which is usually one of the most complicated areas to deal with by developers (especially in the network APIs).
The Return of investment of application development also increases. Developers can upload the generated apps to multiple distributors and also use them in the distributor that the builder includes.
The security is also strengthened: the application developer does not need to take care of application signing, authentication or authorization. The builder and distributor manage all those aspects, which minimize the opportunity for malware development and proliferation.
Technical Definitions:
Developer Application: Is the applications that are directly authored by the developer. In the case of this invention, the developer applications are built using a Runtime technology.
Native Application: Application that is built using the native capabilities of a device (e.g. Dalvik in Android Devices or iOS in iPhones).
Runtime: Element that allows the execution of applications. A runtime is typically built in a cross-platform manner, so that the same app can be deployed in any device equipped with the adequate runtime.
Network APIs: APIs that allow usage of network resources, those resources are typically exposed through HTTP Interfaces. However, different shim layers can be built on top of them to facilitate access to them (e.g. JavaScript APIs or Native libraries).
Authentication: It is a process by which it is verified that someone is who he or she claims they are. For instance, in the case of network APIs, it is required that the application user is authenticated in order to allow the application to use the end-user account (e.g. charging him for message sending). Authorization: It is a process by which its checked if someone has the right to access a resource. For instance, in the case of network APIs it may be achieved to the use of an authorization token that is linked to the developer. I.e. if the token is valid, that means that the developer has the right to Access that resource.
ACRONYMS AND ABBREVIATIONS
API Application Programming Interface
App Application
HTTP Hyper Text Transfer Protocol
iOS iPhone Operating System
ISV Independent Software Vendor
JS JavaScript
OEM Original Equipment Manufacturer
OS Operating System
RT Runtime
UX User Experience
WAC Wholesale Application Community
REFERENCES
[1] Java ME:
http://www.oracle.com/technetwork java/javame/overview/index.html [2] WAC: http://wacapps.net
[3] Phonegap: http://www.phonegap.com/
[4] Phonegap Build: https://build.phonegap.com/

Claims

Claims
1. - A method to generate and manage native applications, comprising:
a) creating, an application developer, a run time based generic application; b) generating a plurality of native applications for different corresponding operating systems by bundling said generic application together with a runtime for every supported operating system, or OS, said runtimes handling OS Device APIs; and c) managing said native applications by at least their storage in a database and/or their distribution to computing devices;
wherein the method is characterized in that said step b) further comprises bundling said generic application together with a runtime handling Network APIs.
2. - A method as per claim 1 , further comprises for the generation of each of said native applications at step b), performing at least one of the next further actions:
- adding a security framework for restricting the access to said OS Device APIs;
- adding a security framework for controlling the authentication and authorization of the usage of said Network APIs; and
- applying at least one of a set of transformation rules including: application signing and embedding developer credentials for Network APIs usage.
3.- A method as per any of the previous claims, further comprising checking the validity of said generic application before and as a condition or start said step b).
4.- A method as per any of the previous claims, comprising creating said generic application at step a) based on runtime specifications and using only the technology runtime provides.
5.- A method a per any of the previous claims, comprising, for every of said native application generation, performing said step b) for carrying out said bundling of runtimes or said bundling of runtimes and further actions, according to a workflow .
6.- A method as per claim 5, comprising starting said workflow by reading a delivered developer profile, the supported OSs, runtimes and security settings, and based on that, determining what is the workflow that the generic application should go through, said determination including the selection of the runtimes, security frameworks and transformation rules to be applied, from a plurality of runtimes, security frameworks and transformation rules, and the order of their performing.
7. - A method as per claim 6 when depending on claim 2, wherein the selection of said OS device APIs security frameworks depends on the level of trust of the developer.
8. - A method as per claim 7, comprising adapting/customizing said security frameworks depending on computing device end-user choices.
9. - A method as per claim 1 , wherein said storage of step c) relates to a storage in a database of a system implementing steps b) and c) and/or in a database of said application developer.
10. - A method as per claim 9, wherein said distribution of step c) to computing devices comprises, for a computing device:
- requesting the user of said computing device an application, by sending, to said system, a request including information about the platform/OS used by the computing device;
- finding said system the right native application version for the targeted computing device/platform based on said request included information; and
- delivering, said system, to the computing the device said right native application, and
- installing, the computing device, the received native application on a memory.
11. - A method as per claim 10, comprising, once said native application is stored in said computing device memory, executing for first time the native application, said execution providing the notification notifies the computing device user about the network and device APIs the application is going to use.
12. - A method as per claim 11 , wherein said first execution also provides the computing device user means for allowing him to customize the prompting regime linked to the network and device APIs.
13. - A method as per claim 12, comprising when the native application tries to use a device API, checking whether prompting is needed, and if so, the Device APIs RT Security Framework asks the user for authorization, and in case he allows it or no prompting is needed, the API usage will be authorized and the native capability will be granted and used.
14. - A method as per claim 13, comprising when the native application tries to use a network API, the security framework checking if the usage of that API has been authorized before by the end-user, and: i) if the usage has been authorized before, the security framework already knowing a developer token as well as an authorization token, and including both in a network request that is created based on the original developer call;
ii) if the usage has not been authorized or the authorization has expired the security framework checking the usage authorization of the APIs for said user, and if the authorization is not successful rejecting the request to access the Network APIs, and if it is successful the developer request is further processed as specified in i).
15. - A system to generate and manage native applications, comprising means for performing at least said steps b) and c) of the method as per any of the previous claims.
16. - A system as per claim 15, comprising at least one of the next databases for managing different information needed for implementing the method:
o Runtimes Database, in which said runtimes are available;
o Rules Database, in which the transformation rules are available;
o Devices Database, in which information about the supported OS and devices is stored;
o Developers Database, in which developer information and credentials are available; and
o Applications Database, in which generic and native applications are available.
17. - A system as per claim 16, further comprising an application translator unit for performing said workflow of the method as per claim 6.
18. - A system as per claim 17, further comprising an application distributor unit for handling application download requests, and performing said finding and delivery of the right native applications as per the method of claim 10.
PCT/EP2012/055792 2011-04-15 2012-03-30 A method and a system to generate and manage native applications WO2012139903A2 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
EP12728413.1A EP2697731A2 (en) 2011-04-15 2012-03-30 Method and system to generate and manage native applications
US14/111,871 US20140109197A1 (en) 2011-04-15 2012-03-30 Method and a system to generate and manage native applications
BR112013026486A BR112013026486A2 (en) 2011-04-15 2012-03-30 method and system for generating and handling native applications

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
ES201130603A ES2402977B1 (en) 2011-04-15 2011-04-15 METHOD AND SYSTEM FOR GENERATING AND MANAGING NATIVE APPLICATIONS
ESP201130603 2011-04-15

Publications (2)

Publication Number Publication Date
WO2012139903A2 true WO2012139903A2 (en) 2012-10-18
WO2012139903A3 WO2012139903A3 (en) 2013-03-07

Family

ID=46320890

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2012/055792 WO2012139903A2 (en) 2011-04-15 2012-03-30 A method and a system to generate and manage native applications

Country Status (6)

Country Link
US (1) US20140109197A1 (en)
EP (1) EP2697731A2 (en)
AR (1) AR085967A1 (en)
BR (1) BR112013026486A2 (en)
ES (1) ES2402977B1 (en)
WO (1) WO2012139903A2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105493063A (en) * 2013-06-13 2016-04-13 微软技术许可有限责任公司 Event-based versioning and visibility for content releases
US10331765B2 (en) 2013-05-24 2019-06-25 Sourcecode Technology Holdings, Inc. Methods and apparatus for translating forms to native mobile applications

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8955067B2 (en) * 2012-09-12 2015-02-10 Capital One, Na System and method for providing controlled application programming interface security
KR20140095903A (en) * 2013-01-25 2014-08-04 한국전자통신연구원 Method and apparatus for providing mash up service based on user device
US9787665B2 (en) * 2013-07-02 2017-10-10 Verizon Patent And Licensing Inc. System and method for providing single sign on interface for applications on mobile devices
AU2014353151B2 (en) * 2013-11-19 2018-03-08 Visa International Service Association Automated account provisioning
US20150205581A1 (en) * 2014-01-22 2015-07-23 Bejoynath L. Narayanapillai Method for creating a centrally located enterprise service application framework
KR102208631B1 (en) * 2014-02-19 2021-01-28 삼성전자 주식회사 Method for inputting/outputting security information and Electronic device using the same
US9692879B1 (en) 2014-05-20 2017-06-27 Invincea, Inc. Methods and devices for secure authentication to a compute device
US9208284B1 (en) * 2014-06-27 2015-12-08 Practice Fusion, Inc. Medical professional application integration into electronic health record system
US10459600B2 (en) 2015-06-24 2019-10-29 Microsoft Technology Licensing, Llc Conversion of platform-independent accessibility logic into platform-specific accessibility functionality

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6460074B1 (en) * 2000-02-10 2002-10-01 Martin E. Fishkin Electronic mail system
US20060069605A1 (en) * 2004-09-29 2006-03-30 Microsoft Corporation Workflow association in a collaborative application
US20070180509A1 (en) * 2005-12-07 2007-08-02 Swartz Alon R Practical platform for high risk applications
US7735116B1 (en) * 2006-03-24 2010-06-08 Symantec Corporation System and method for unified threat management with a relational rules methodology
CA2698066A1 (en) * 2009-07-31 2011-01-31 Nitobi Software Inc. System and method for remotely compiling multi-platform native applications for mobile devices
US8566956B2 (en) * 2010-06-23 2013-10-22 Salesforce.Com, Inc. Monitoring and reporting of data access behavior of authorized database users
US20120042016A1 (en) * 2010-08-10 2012-02-16 Google Inc. Exposing resource capabilities to web applications

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10331765B2 (en) 2013-05-24 2019-06-25 Sourcecode Technology Holdings, Inc. Methods and apparatus for translating forms to native mobile applications
CN105493063A (en) * 2013-06-13 2016-04-13 微软技术许可有限责任公司 Event-based versioning and visibility for content releases
EP3008611A4 (en) * 2013-06-13 2016-12-28 Microsoft Technology Licensing Llc Event-based versioning and visibility for content releases
CN105493063B (en) * 2013-06-13 2019-07-05 微软技术许可有限责任公司 The Version Control and visibility based on event for content publication
US10423992B2 (en) 2013-06-13 2019-09-24 Microsoft Technology Licensing, Llc Method, system, and medium for event based versioning and visibility for content releases

Also Published As

Publication number Publication date
BR112013026486A2 (en) 2016-12-27
WO2012139903A3 (en) 2013-03-07
US20140109197A1 (en) 2014-04-17
ES2402977A2 (en) 2013-05-10
ES2402977B1 (en) 2014-02-11
ES2402977R1 (en) 2013-07-05
AR085967A1 (en) 2013-11-06
EP2697731A2 (en) 2014-02-19

Similar Documents

Publication Publication Date Title
US20140109197A1 (en) Method and a system to generate and manage native applications
US20210271472A1 (en) Application Wrapping for Application Management Framework
US9658871B2 (en) Providing configurable bootstrapping of software execution
CN108810894A (en) Authorization terminal method, apparatus, computer equipment and storage medium
US8661420B2 (en) System and method for runtime interface versioning
US9513936B2 (en) Dynamically loadable composite software application
US20030233483A1 (en) Executing software in a network environment
US20110154441A1 (en) Online development environment server, online marketplace server, online development environment constituting method, and developed application providing method
CN104363264A (en) Multi-channel SDK (software development kit) access system and multi-channel SDK access system for mobile terminal software
CN104077160B (en) A kind of method, apparatus and system for upgrading Android software
JP2013545152A (en) Integrated workspace for thin, remote, and SaaS applications
US10855675B2 (en) Managed open source medical device
Anisetti et al. A certification framework for cloud-based services
JP2008257674A (en) Knowledge management system, method for implementing management software using it, and computer readable recording medium
KR101832535B1 (en) Trustworthy device claims as a service
CN106663174A (en) Restricting system calls using protected storage
US20170286652A1 (en) Security model for network information service
WO2014150753A2 (en) Method and system for restricting the operation of applications to authorized domains
CN103368927B (en) A kind of security configuration inspecting device and method
WO2014150737A2 (en) Method and system for enabling the federation of unrelated applications
WO2008026168A2 (en) Predicting trustworthiness for component software
US9354849B2 (en) Modification of compiled applications and application management using retrievable policies
CN113282303A (en) Application management method and device based on double-core intelligent electric meter and computer equipment
CN111095206B (en) Method for verifying medical application program, end user device and medical system
CN106326723A (en) Method and device for certifying APK (Android Package) signature

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12728413

Country of ref document: EP

Kind code of ref document: A2

DPE1 Request for preliminary examination filed after expiration of 19th month from priority date (pct application filed from 20040101)
NENP Non-entry into the national phase

Ref country code: DE

REEP Request for entry into the european phase

Ref document number: 2012728413

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 2012728413

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: 14111871

Country of ref document: US

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112013026486

Country of ref document: BR

ENP Entry into the national phase

Ref document number: 112013026486

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20131014