Preventing Misuse of Code Signing Certificates
First Claim
1. A method of authenticating or controlling a software application on an end user device, the method comprising:
- 1) downloading software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer;
2) using said identity as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions;
3) authenticating said cryptographically derived signature using said application code and said public key; and
4) in the event that authentication is successful, performing authentication of the application code and/or controlling installation and/or operation of the application using said conditions.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of authenticating or controlling a software application on an end user device. The method includes, at the end user device, downloading software application data from a remote server, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer. The identity is then used as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions. The cryptographically derived signature is authenticated using said application code and said public key, and, in the event that authentication is successful, authentication of the application code is performed and/or installation and/or operation of the application controlled using said conditions.
9 Citations
21 Claims
-
1. A method of authenticating or controlling a software application on an end user device, the method comprising:
-
1) downloading software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer; 2) using said identity as a look-up key to obtain or authenticate a public key of the application data, and to obtain one or more associated installation and/or operation conditions; 3) authenticating said cryptographically derived signature using said application code and said public key; and 4) in the event that authentication is successful, performing authentication of the application code and/or controlling installation and/or operation of the application using said conditions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 18)
-
-
15. A method of scanning an application downloaded to an end user device for malware, the method comprising:
-
1) maintaining a whitelist identifying authenticated certificates and respective authentication conditions; 2) determining that the application has been signed with one of said authenticated certificates; and 3) determining whether or not code of the application satisfies the associated condition(s) and, if yes, then flagging the application as trusted and, if no, then performing a further antivirus scan of the application.
-
-
19. Apparatus for authenticating or controlling a software application on an end user device, the apparatus comprising processor circuitry and a storage unit for storing instructions executable by the processor circuitry, whereby the apparatus is operative to:
-
1) download software application data from a remote server to the end user device, the data including application code, a cryptographically derived signature obtained using said application code, and an identity of an application developer; 2) use said identity as a look-up key to obtain or authenticate a public key of the application data, and obtain one or more associated installation and/or operation conditions; 3) authenticate said cryptographically derived signature using said application code and said public key; and 4) in the event that authentication is successful, perform authentication of the application code and/or control installation and/or operation of the application using said conditions. - View Dependent Claims (21)
-
-
20. Apparatus for authenticating or controlling a software application on an end user device, the apparatus comprising processor circuitry and a storage unit for storing instructions executable by the processor circuitry, whereby the apparatus is operative to:
-
1) maintain a whitelist identifying authenticated certificates and respective authentication conditions; 2) determine that the application has been signed with one of said authenticated certificates; and 3) determine whether or not code of the application satisfies the associated condition(s) and, if yes, then flagging the application as trusted and, if no, then performing a further antivirus scan of the application.
-
Specification