As computing and communication devices become increasingly pervasive and as they are relied upon to store and communicate information that is intended to be confidential or trustworthy, the security of such devices becomes increasingly important. This is particularly the case for computing and communication devices that are designed to be mobile. For such devices, such as laptop computers and handheld wireless communication devices, security is often provided using password-protection and encryption of data and communications, as well as other security techniques.
In most cases, such devices permit applications to be executed on the devices and the applications will typically obtain authorization to access data or information to allow the applications to carry out secure operations on the device. One approach to authorization of application execution is to store authorization information in a key store on the device. An application seeking to carry out an operation that requires a key that is in the device key store will typically need to obtain a password from the device user to permit the key store to be accessed.
It is often the case that a single application will carry out repeated steps that require authorization. In such situations, the application may require repeated access to the device key store, with the consequential repeated prompting to the device user to provide a password to allow access to the key store. Such an approach will maintain the security of the device and prevent malicious access by unauthorized users. However, for trusted users of the device the approach potentially results in repeated requests for password information that can make the operation of the device cumbersome or inefficient for the user.
It is therefore desirable to have a method and system to permit an application executing on a device to carry out repeated steps that require authorization without repeatedly prompting the user of the device for password information.