Preventing Misuse of Code Signing Certificates

US 20160212104A1
Filed: 01/19/2016
Published: 07/21/2016
Est. Priority Date: 01/21/2015
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating or controlling a software application on an end user device, the method comprising:

1) downloading software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer;

2) using said identity as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions;

3) authenticating said cryptographically derived signature using said application code and said public key; and

4) in the event that authentication is successful, performing authentication of the application code and/or controlling installation and/or operation of the application using said conditions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of authenticating or controlling a software application on an end user device. The method includes, at the end user device, downloading software application data from a remote server, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer. The identity is then used as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions. The cryptographically derived signature is authenticated using said application code and said public key, and, in the event that authentication is successful, authentication of the application code is performed and/or installation and/or operation of the application controlled using said conditions.

9 Citations

View as Search Results

21 Claims

1. A method of authenticating or controlling a software application on an end user device, the method comprising:
- 1) downloading software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer;
  
  2) using said identity as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions;
  
  3) authenticating said cryptographically derived signature using said application code and said public key; and
  
  4) in the event that authentication is successful, performing authentication of the application code and/or controlling installation and/or operation of the application using said conditions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18)
- - 2. A method according to claim 1, wherein said installation and/or operation conditions are secured by means other than said public key data or a private key corresponding to said public key.
  - 3. A method according to claim 1, wherein, in the event that authentication of said cryptographically derived signature is unsuccessful, installation of the software application is prevented.
  - 4. A method according to claim 1, steps 2) to 4) being performed by an antivirus service.
  - 5. A method according to claim 4, wherein, in the event that authentication of the application code using said conditions is unsuccessful, the antivirus service performs an antivirus scan of the application code using one or both of a signature based scan or a heuristic based scan and, in the event that authentication of the application code using said conditions is successful, no such antivirus scan is performed.
  - 6. A method according to claim 4, wherein the antivirus service detects downloading of the software application data and performs steps 2) to 4) prior to installation of the application on the end user device, the antivirus client preventing installation of the application if one of the authentication steps fails.
  - 7. A method according to claim 4, wherein the antivirus service detects downloading of the software application data and performs steps 2) to 4) prior to installation of the application on the end user device, the antivirus service controlling installation and/or operation of the application in accordance with one or more of said conditions.
  - 8. A method according to any one of claim 4, wherein said antivirus service employs an antivirus client installed on said end user device, the antivirus client performing steps 2) to 4).
  - 9. A method according to any one of claim 4, wherein steps 2) and 3) are performed by a remote server or server cloud.
  - 10. A method according to claim 1, steps 2) to 4) being performed by an application installer associated with a local operating system of the end user device.
  - 11. A method according to claim 10, wherein said application installer is a component of a local operating system of the end user device.
  - 12. A method according to claim 1, wherein step 2) comprises sending a query containing said identity or said public key, or a digest thereof, to a remote server, and receiving from the remote server a response containing the public key or an authentication of the public key.
  - 13. A method according to claim 1, wherein step 2) comprises performing a lookup on a local database of the end user device.
  - 14. A method according to claim 1, wherein said conditions comprise one or more of:
    - a specification of one or more allowed filenames or filename ranges;
      
      a specification of one or more allowed file installation locations;
      
      a specification of one or more operating behaviours;
      
      a specification of one or more user community prevalence thresholds or patterns.
  - 16. A method according to claim 14, wherein steps 1) to 3) are performed by an antivirus client installed on the end user device, optionally in cooperation with an antivirus support service provided by a remote. server or server cloud.
  - 17. A method according to claim 14, wherein steps 1) and 2) are performed by a remote server or server cloud, and optionally said step of determining whether or not code of the application satisfies the associated condition(s) is also performed by the remote server or server cloud or by a further remote server or server cloud.
  - 18. A non-transitory computer storage medium having stored thereon computer program code for implementing the method of claim 1.

15. A method of scanning an application downloaded to an end user device for malware, the method comprising:
- 1) maintaining a whitelist identifying authenticated certificates and respective authentication conditions;
  
  2) determining that the application has been signed with one of said authenticated certificates; and
  
  3) determining whether or not code of the application satisfies the associated condition(s) and, if yes, then flagging the application as trusted and, if no, then performing a further antivirus scan of the application.

19. Apparatus for authenticating or controlling a software application on an end user device, the apparatus comprising processor circuitry and a storage unit for storing instructions executable by the processor circuitry, whereby the apparatus is operative to:
- 1) download software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer;
  
  2) use said identity as a look-up key to obtain or authenticate a public key of the application data, and obtain one or more associated installation and/or operation conditions;
  
  3) authenticate said cryptographically derived signature using said application code and said public key; and
  
  4) in the event that authentication is successful, perform authentication of the application code and/or control installation and/or operation of the application using said conditions.
- View Dependent Claims (21)
- - 21. An end user device comprising the apparatus of claim 19.

20. Apparatus for authenticating or controlling a software application on an end user device, the apparatus comprising processor circuitry and a storage unit for storing instructions executable by the processor circuitry, whereby the apparatus is operative to:
- 1) maintain a whitelist identifying authenticated certificates and respective authentication conditions;
  
  2) determine that the application has been signed with one of said authenticated certificates; and
  
  3) determine whether or not code of the application satisfies the associated condition(s) and, if yes, then flagging the application as trusted and, if no, then performing a further antivirus scan of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Withsecure Corporation
Original Assignee
F-Secure Corporation (F-Secure Oyj)
Inventors
Niemela, Jarno

Granted Patent

US 10,050,977 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 8/60   Software deployment

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

H04L 63/1408   by monitoring network traff...

Preventing Misuse of Code Signing Certificates

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Preventing Misuse of Code Signing Certificates

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links