Assessing application authenticity and performing an action in response to an evaluation result
First Claim
Patent Images
1. A method, comprising:
- receiving, by a server, over a communication network from a second computing device, a known signing identifier of a known source;
storing, by the server, component data for at least one known component of the known source;
receiving, by the server, from a first computing device, a first signing identifier for a first application to be installed on the first computing device, wherein a third computing device provides the first application for installation on the first computing device;
receiving, by the server, from the third computing device, a first package identifier of the first application;
in response to receiving the first signing identifier from the first computing device;
challenging the known source to authenticate itself, the challenge comprising sending data to the second computing device to be signed with a private key, receiving the signed data from the second computing device, and confirming the signed data corresponds to the known signing identifier;
in response to confirming the signed data corresponds to the known signing identifier;
identifying a first plurality of applications other than the first application that are each signed with the known signing identifier, andidentifying a second plurality of applications that are each similar to the first application and are each signed with a signing identifier that is different from the known signing identifier, wherein the identifying comprises making a comparison between a characteristic of the component data attributable to a component associated with the first package identifier and a characteristic that has been identified in the first application, and determining that each of the second plurality of applications uses the at least one known component of the known source; and
evaluating, by the server, authenticity of the first application to provide a result, the evaluating comprising determining that the at least one known component is similar to at least one first component of the first application, the similarity based on comparing a structural characteristic of the at least one first component to the component data for the at least one known component, and determining that the first signing identifier is different from the known signing identifier, wherein the evaluating is further based on a plurality of inputs comprising a history of prior usage of the first signing identifier to sign a known bad application other than the first application; and
in response to the result, sending, by the server, over the communication network, at least one electronic communication to the first computing device to block installation of the first application on the first computing device, and sending at least one communication to the second computing device regarding usage of the at least one known component in the first application, wherein the at least one communication further identifies the first plurality of applications and the second plurality of applications.
8 Assignments
0 Petitions
Accused Products
Abstract
Authenticity of a new application being installed on a mobile device is evaluated to provide a result. The evaluation uses a plurality of inputs. In response to the result, an action is performed (e.g., on the mobile device itself and/or a server performing or assisting with the evaluation). For example, the evaluating may be done for an application that a user of the mobile device desires to install from an application marketplace. In another example, the action is sending of a notification to the mobile device, and the notification includes an assessment of authenticity of the new application.
-
Citations
26 Claims
-
1. A method, comprising:
-
receiving, by a server, over a communication network from a second computing device, a known signing identifier of a known source; storing, by the server, component data for at least one known component of the known source; receiving, by the server, from a first computing device, a first signing identifier for a first application to be installed on the first computing device, wherein a third computing device provides the first application for installation on the first computing device; receiving, by the server, from the third computing device, a first package identifier of the first application; in response to receiving the first signing identifier from the first computing device; challenging the known source to authenticate itself, the challenge comprising sending data to the second computing device to be signed with a private key, receiving the signed data from the second computing device, and confirming the signed data corresponds to the known signing identifier; in response to confirming the signed data corresponds to the known signing identifier; identifying a first plurality of applications other than the first application that are each signed with the known signing identifier, and identifying a second plurality of applications that are each similar to the first application and are each signed with a signing identifier that is different from the known signing identifier, wherein the identifying comprises making a comparison between a characteristic of the component data attributable to a component associated with the first package identifier and a characteristic that has been identified in the first application, and determining that each of the second plurality of applications uses the at least one known component of the known source; and evaluating, by the server, authenticity of the first application to provide a result, the evaluating comprising determining that the at least one known component is similar to at least one first component of the first application, the similarity based on comparing a structural characteristic of the at least one first component to the component data for the at least one known component, and determining that the first signing identifier is different from the known signing identifier, wherein the evaluating is further based on a plurality of inputs comprising a history of prior usage of the first signing identifier to sign a known bad application other than the first application; and in response to the result, sending, by the server, over the communication network, at least one electronic communication to the first computing device to block installation of the first application on the first computing device, and sending at least one communication to the second computing device regarding usage of the at least one known component in the first application, wherein the at least one communication further identifies the first plurality of applications and the second plurality of applications. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 15)
-
-
13. A system, comprising:
-
a data repository to store component data for at least one known component of a known source; at least one processor; and memory storing instructions configured to instruct the at least one processor to; receive, from a second computing device, a known signing identifier of the known source; receive, from a first computing device, a first signing identifier for a first application, wherein a third computing device provides the first application for installation on the first computing device; challenge the known source to authenticate itself, the challenge comprising sending data to the second computing device to be signed with a private key, receiving the signed data from the second computing device, and confirming the signed data corresponds to the known signing identifier; in response to confirming the signed data corresponds to the known signing identifier; identify a first plurality of applications that are each similar to the first application and are each signed with a signing identifier that is different from the known signing identifier, wherein the identifying comprises making a comparison between a characteristic of the component data and a characteristic that has been identified in the first application, and determining that each of the first plurality of applications uses the at least one known component of the known source; evaluate authenticity of the first application to provide a result, the evaluating comprising determining that the at least one known component is similar to at least one first component of the first application, the similarity based on comparing a structural characteristic of the at least one first component to the component data for the at least one known component, and determining that the first signing identifier is different from the known signing identifier, wherein the evaluating is further based on a plurality of inputs comprising a history of prior usage of the first signing identifier to sign a known bad application other than the first application; and in response to the result, sending at least one electronic communication to the first computing device to block installation of the first application on the first computing device, and sending at least one communication to the second computing device regarding usage of the at least one known component, wherein the at least one communication further identifies the first plurality of applications. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
14. A non-transitory computer-readable storage medium storing computer-readable instructions, which when executed, cause a computing system to:
-
receive, over a communication network from a second computing device, a known signing identifier of a known source; store component data for at least one known component of the known source; receive, from a first computing device, a first signing identifier for a first application to be installed on the first computing device, wherein a third computing device provides the first application for installation on the first computing device; challenge the known source to authenticate itself, the challenge comprising sending data to the second computing device to be signed with a private key, receiving the signed data from the second computing device, and confirming the signed data corresponds to the known signing identifier; in response to confirming the signed data corresponds to the known signing identifier; identify a first plurality of applications that are each similar to the first application and are each signed with a signing identifier that is different from the known signing identifier, wherein the identifying comprises making a comparison between a characteristic of the component data and a characteristic that has been identified in the first application, and determining that each of the first plurality of applications uses the at least one known component of the known source; evaluate authenticity of the first application to provide a result, the evaluating comprising determining that the at least one known component is similar to at least one first component of the first application, the similarity based on comparing a structural characteristic of the at least one first component to the component data for the at least one known component, and determining that the first signing identifier is different from the known signing identifier, wherein the evaluating is further based on a plurality of inputs comprising a history of prior usage of the first signing identifier to sign a known bad application other than the first application; and in response to the result, sending, over the communication network, at least one electronic communication to the first computing device to block installation of the first application on the first computing device, and sending at least one communication to the second computing device regarding usage of the at least one known component in the first application, wherein the at least one communication further identifies the first plurality of applications. - View Dependent Claims (23, 24, 25, 26)
-
Specification