CERTIFIED DEPLOYMENT OF APPLICATIONS ON TERMINALS
First Claim
1. At a terminal key management server, a method for electronically certifying an application for installation at a transaction terminal, the method comprising:
- an act of receiving one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
an act of receiving an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;
an act of comparing the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment, if the application complies with the one or more transaction terminal constraints, an act of issuing a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;
an act of digitally signing the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
an act of encrypting the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and
an act of making the digitally signed certificate and the encrypted application available to the transaction terminal.
0 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present invention relate to secure deployment of software applications on transaction terminals using keys and certificates. In one embodiment, a method for electronically certifying an application for installation at a transaction terminal is accomplished at a terminal key management server by receiving an application along with a request to certify the application, comparing the application to one or more terminal constraints, issuing a certificate that corresponds to the application, digitally signing the certificate, and making the digitally signed certificate and the encrypted application available to the transaction terminal. In another embodiment, a method for validating a certified application for installation on the transaction terminal is accomplished by receiving a notification, downloading an encrypted version of the application, downloading a digitally signed certificate, decrypting the application, verifying the digital signature of the certificate, and installing the application on the transaction terminal.
-
Citations
20 Claims
-
1. At a terminal key management server, a method for electronically certifying an application for installation at a transaction terminal, the method comprising:
-
an act of receiving one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
an act of receiving an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;
an act of comparing the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment, if the application complies with the one or more transaction terminal constraints, an act of issuing a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;
an act of digitally signing the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
an act of encrypting the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and
an act of making the digitally signed certificate and the encrypted application available to the transaction terminal. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 20)
-
-
10. At a transaction terminal, a method for validating a certified application for installation on the transaction terminal, the method comprising:
-
an act of advertising available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
an act of sending one or more transaction terminal constraints representing the advertised available resources to a management server;
an act of receiving a notification that a certified application is ready to be installed, the notification indicative of the management server having compared the certified application to the one or more transaction terminal constraints to determine that the certified application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment;
in response to receiving the notification, an act of downloading an encrypted version of the application at the transaction terminal, the encrypted version of the application being encrypted with a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal;
an act of downloading a digitally signed certificate that corresponds to the encrypted version of the application, the digitally signed certificate certifying that the application complies with one or more transaction terminal constraints, the certificate being digitally signed using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
an act of decrypting the encrypted version of the application using the terminal master private key to reveal an unencrypted version of the application;
an act of verifying the digital signature of the certificate using the application management public; and
an act of automatically installing the application on the transaction terminal for use within the purchasable operating environment in response to verifying the digital signature. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer program product of ruse at a terminal key management server, the computer program product for implementing a method for electronically certifying an application for installation at a transaction terminal, the computer program product comprising one or more computer-readable media having stored thereon computer-executable instructions that, when executed at a processor, cause the terminal key management server to perform the method including the following:
-
receive one or more transaction terminal constraints representing advertised available resources of a purchasable operating environment at the transaction terminal, the advertised available resources advertised to application servers to indicate to the application servers that the purchasable operating environment is available for purchase to run applications at the transaction terminal;
receive an application along with a request to certify the application for use within the purchasable operating environment, the application and request to certify the application received from an application server in response to the advertised available resources of the purchasable operating environment being advertised at the application server;
compare the application to the received one or more transaction terminal constraints to determine whether the application complies with the one or more transaction terminal constraints and can be compatibly executed using the advertised available resources within the purchasable operating environment if the application complies with the one or more transaction terminal constraints, issue a certificate that corresponds to the application and certifies that the application complies with the one or more transaction terminal constraints;
digitally sign the certificate using an application management private key, the application management private key being part of a public/private key pair, the corresponding application management public key being accessible to the transaction terminal;
encrypt the application using a terminal master public key, the terminal master public key being part of a public/private key pair, the corresponding terminal master private key being accessible to the transaction terminal; and
make the digitally signed certificate and the encrypted application available to the transaction terminal.
-
Specification