Updating applications using migration signatures
First Claim
Patent Images
1. A computer-implemented method for improving security by securely changing certificate information of an installed software application, the method comprising:
- receiving an installation file to update the installed software application, wherein the installed software application is digitally signed with a first signature that certifies a previous application publisher, and further includes certificate information that identifies the previous application publisher, and wherein the installation file is digitally signed with at least a second signature that certifies a new application publisher;
determining that the received installation file digitally signed with at least the second signature is further digitally signed with a migration signature that matches the first signature to confirm that the received installation file includes a valid update signed by the previous application publisher;
updating the installed software application based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, wherein the updated software application is digitally signed with at least the second signature that certifies the new application publisher; and
changing the certificate information that identifies the previous application publisher to updated certificate information that identifies the new application publisher, based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, such that valid updates to the updated software application can only be signed by the new application publisher.
2 Assignments
0 Petitions
Accused Products
Abstract
In general, in one aspect, an installation file digitally signed with a first package signature is received. It is determined whether the received installation file includes a migration signature that covers the first package signature and that matches a second signature associated with an installed software application, to confirm that the received installation file includes a valid update related to the installed software application. The installed software application is updated from the received installation file when the migration signature is included.
-
Citations
27 Claims
-
1. A computer-implemented method for improving security by securely changing certificate information of an installed software application, the method comprising:
-
receiving an installation file to update the installed software application, wherein the installed software application is digitally signed with a first signature that certifies a previous application publisher, and further includes certificate information that identifies the previous application publisher, and wherein the installation file is digitally signed with at least a second signature that certifies a new application publisher; determining that the received installation file digitally signed with at least the second signature is further digitally signed with a migration signature that matches the first signature to confirm that the received installation file includes a valid update signed by the previous application publisher; updating the installed software application based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, wherein the updated software application is digitally signed with at least the second signature that certifies the new application publisher; and changing the certificate information that identifies the previous application publisher to updated certificate information that identifies the new application publisher, based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, such that valid updates to the updated software application can only be signed by the new application publisher. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for securely changing certification information of an installed software application configured to operate within an application runtime environment, the system comprising:
-
a processor; and a non-transitory storage medium coupled with the processor, the non-transitory storage medium including instructions operable to cause the processor to perform operations comprising; receiving an installation file to update an installed software application, wherein the installed software application is digitally signed with a first signature that certifies a previous application publisher, and further includes certificate information that identifies the previous application publisher so that valid updates to the installed software application can only be signed by the previous application publisher, and wherein the installation file is digitally signed with at least a second signature that certifies a new application publisher; determining, within the application runtime environment, that the received installation file digitally signed with at least the second signature is further signed with a migration signature that matches the first signature to confirm that the received installation file includes a valid update related to the installed software application signed by the previous application publisher; updating the installed software application based on the received installation file being digitally signed with the migration signature that matches the first signature, wherein updating includes changing the certificate information to identify the new application publisher instead of the previous application publisher based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, so as to validate future installation files digitally signed with the second signature. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product, encoded on a non-transitory storage medium, operable to cause a data processing apparatus to perform operations for improving security by securely changing certification information of an installed software application, the operations comprising:
-
receiving an installation file to update the installed software application, the installation file being digitally signed with a first signature that certifies a previous application publisher, and further includes certificate information that identifies the previous application publisher so that only updates signed by the previous application publisher are valid, and wherein the installation file is digitally signed with at least a second signature that certifies a new application publisher; determining that the received installation file digitally signed with the second signature is further digitally signed with a migration signature that matches the first signature to confirm that the received installation file includes a valid update signed by the previous application publisher; updating the installed software application based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature; and changing the certificate information that identifies the previous application publisher to updated certificate information that identifies the new application publisher, based on the determination that the received installation file is digitally signed with the migration signature that matches the first signature, so that only updates signed by the new application publisher are valid. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification