VERIFICATION OF SOFTWARE APPLICATION AUTHENTICITY

US 20090328207A1
Filed: 06/30/2008
Published: 12/31/2009
Est. Priority Date: 06/30/2008
Status: Active Grant

First Claim

Patent Images

1. A method of verifying authenticity of a software application, the method comprising:

maintaining a set of application identifiers associated with a plurality of authenticated software applications;

receiving a verification request comprising an application identifier associated with an unverified software application;

generating a token in response to the verification request if the application identifier is in the set of application identifiers;

passing the generated token to the unverified software application;

receiving a user token;

processing the user token to determine whether the unverified software application is one of the authenticated software applications; and

sending a verification response based on the processing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various techniques are provided for verifying the authenticity of software applications. Such techniques are particularly useful for verifying the authenticity of software applications used in online transactions involving users, payment service providers, and/or merchants. In one example, a set of application identifiers associated with a plurality of authenticated software applications are maintained and a verification request is received comprising an application identifier associated with an unverified software application. A token is generated in response to the verification request if the application identifier is in the set of application identifiers. The generated token is passed to the unverified software application. A user token is received and processed to determine whether the unverified software application is one of the authenticated software applications. A verification request is sent based on the processing. Additional methods and systems are also provided.

44 Citations

View as Search Results

34 Claims

1. A method of verifying authenticity of a software application, the method comprising:
- maintaining a set of application identifiers associated with a plurality of authenticated software applications;
  
  receiving a verification request comprising an application identifier associated with an unverified software application;
  
  generating a token in response to the verification request if the application identifier is in the set of application identifiers;
  
  passing the generated token to the unverified software application;
  
  receiving a user token;
  
  processing the user token to determine whether the unverified software application is one of the authenticated software applications; and
  
  sending a verification response based on the processing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the receiving a verification request comprises receiving the verification request from the unverified software application running on a client device, wherein the passing the generated token comprises passing the generated token to the client device.
  - 3. The method of claim 2, wherein the generating comprises generating the token using a device identifier associated with the client device, the application identifier associated with the unverified software application, and/or a user identifier associated with a user of the unverified software application.
  - 4. The method of claim 1, wherein the generated token is configured to expire after a limited time period.
  - 5. The method of claim 1, wherein the processing the user token comprises comparing the user token and the generated token to determine whether the unverified software application is one of the authenticated software applications based on whether the user token matches the generated token.
  - 6. The method of claim 1, further comprising maintaining a plurality of generated tokens associated with a plurality of verification requests, wherein the processing the user token comprises comparing the user token to any of the generated tokens to determine whether the unverified software application is one of the authenticated software applications based on whether the user token matches any of the generated tokens.
  - 7. The method of claim 1, wherein the verification request is received from a first client device, the user token is received from a second client device, and the verification response is sent to the second client device.
  - 8. The method of claim 1, wherein the method is performed by a payment service provider device, wherein the authenticated software applications are approved by the payment service provider device to direct a user to provide user credentials recognized by the payment service provider device.
  - 9. The method of claim 1, wherein the method is performed by an application developer device.

10. A system comprising:
- one or more processors; and
  
  one or more memories adapted to store a plurality of machine-readable instructions which when executed by the one or more processors are adapted to cause the system to;
  
  maintain a set of application identifiers associated with a plurality of authenticated software applications,receive a verification request comprising an application identifier associated with an unverified software application,generate a token in response to the verification request if the application identifier is in the set of application identifiers,pass the generated token to the unverified software application,receive a user token,process the user token to determine whether the unverified software application is one of the authenticated software applications, andsend a verification response based on the processing.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the verification request is provided by the unverified software application on a client device, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to pass the generated token to the client device.
  - 12. The system of claim 11, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to generate the token using a device identifier associated with the client device, the application identifier associated with the unverified software application, and/or a user identifier associated with a user of the unverified software application.
  - 13. The system of claim 10, wherein the generated token is configured to expire after a limited time period.
  - 14. The system of claim 10, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to compare the user token and the generated token to determine whether the unverified software application is one of the authenticated software applications based on whether the user token matches the generated token.
  - 15. The system of claim 10, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to:
    - maintain a plurality of generated tokens associated with a plurality of verification requests; and
      
      compare the user token to any of the generated tokens to determine whether the unverified software application is one of the authenticated software applications based on whether the user token matches any of the generated tokens.
  - 16. The system of claim 10, wherein the verification request is received from a first client device, the user token is received from a second client device, and the verification response is sent to the second client device.
  - 17. The system of claim 10, wherein the system is a payment service provider device, wherein the authenticated software applications are approved by the payment service provider device to direct a user to provide user credentials recognized by the payment service provider device.
  - 18. The system of claim 10, wherein the system is an application developer device.

19. A method of verifying authenticity of a software application, the method comprising:
- generating a verification request comprising an application identifier associated with an unverified software application;
  
  receiving a generated token in response to the verification request, wherein the generated token is provided by a third party if the application identifier is in a set of application identifiers associated with a plurality of authenticated software applications approved by the third party; and
  
  displaying the generated token to a user.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The method of claim 19, further comprising:
    - receiving a user token;
      
      passing the user token to the third party; and
      
      receiving a verification response that confirms whether the unverified software application is one of the authenticated software applications, wherein the verification response is based on processing of the user token performed by the third party.
  - 21. The method of claim 19, wherein the generating a verification request is performed in response to a user-initiated selection.
  - 22. The method of claim 19, wherein the method is performed by the unverified software application.
  - 23. The method of claim 19, wherein the unverified software application runs on a client device associated with the user.
  - 24. The method of claim 19, wherein the generated token is configured to expire after a limited time period.
  - 25. The method of claim 19, wherein the third party is a payment service provider device, wherein the authenticated software applications are approved by the payment service provider device to direct the user to provide user credentials recognized by the payment service provider device.
  - 26. The method of claim 19, wherein the third party is an application developer device.

27. A system comprising:
- one or more processors; and
  
  one or more memories adapted to store a plurality of machine-readable instructions which when executed by the one or more processors are adapted to cause the system to;
  
  generate a verification request comprising an application identifier associated with an unverified software application,receive a generated token in response to the verification request, wherein the generated token is provided by a third party if the application identifier is in a set of application identifiers associated with a plurality of authenticated software applications approved by the third party, anddisplay the generated token to a user.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
- - 28. The system of claim 27, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to:
    - receive a user token;
      
      pass the user token to the third party; and
      
      receive a verification response that confirms whether the unverified software application is one of the authenticated software applications, wherein the verification response is based on a process performed by the third party on the user token.
  - 29. The system of claim 27, wherein the machine-readable instructions when executed by the one or more processors are adapted to cause the system to generate the verification request in response to a user-initiated selection.
  - 30. The system of claim 27, wherein the machine-readable instructions comprise the unverified software application.
  - 31. The system of claim 27, wherein the system is a client device associated with the user.
  - 32. The system of claim 27, wherein the generated token is configured to expire after a limited time period.
  - 33. The system of claim 27, wherein the third party is a payment service provider device, wherein the authenticated software applications are approved by the payment service provider device to direct the user to provide user credentials recognized by the payment service provider device.
  - 34. The system of claim 27, wherein the third party is an application developer device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
PayPal, Inc. (PayPal Holdings, Inc.)
Original Assignee
eBay Inc.
Inventors
Patel, Amol

Granted Patent

US 8,079,082 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/10 Protecting distributed prog...

VERIFICATION OF SOFTWARE APPLICATION AUTHENTICITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

VERIFICATION OF SOFTWARE APPLICATION AUTHENTICITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links