Application identification
First Claim
1. A computer-implemented method for identifying an application having a corresponding digital signature and certificates, the method comprising:
- obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates;
generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains; and
wherein the obtaining and the generating are performed by at least one computer comprising a processor and a memory device.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and apparatus, including medium-encoded computer program products, for identifying applications. In general, in one aspect, a method includes: obtaining a first certificate chain from certificates corresponding to a digitally signed application, and a second certificate chain from a successful validation of the digital signature using the certificates; and generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain. Generating the identifier for the application can include finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains, and comparing the one or more certificate owner names found in both the first certificate chain and the second certificate chain, starting or ending with the root and the location.
-
Citations
25 Claims
-
1. A computer-implemented method for identifying an application having a corresponding digital signature and certificates, the method comprising:
-
obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates; generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains; and wherein the obtaining and the generating are performed by at least one computer comprising a processor and a memory device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium encoding a computer program product operable to cause data processing apparatus to perform operations for identifying an application having a corresponding digital signature and certificates, the operations comprising:
-
obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates; and generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a user interface device; and one or more computers operable to interact with the user interface device and to perform operations comprising; validating a digital signature for an application using certificates associated with the application; obtaining a first certificate chain from the certificates and a second certificate chain from the validating; and generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
-
-
23. A computer-implemented method, performed by at least one computer comprising a processor and a memory device, the method comprising:
-
identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates; obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate; validating the digital signature for the application using the digital certificates; obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate; finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains; comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.
-
-
24. A non-transitory computer-readable medium encoding a computer program product operable to cause data processing apparatus to perform operations for identifying an application, the operations comprising:
-
identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates; obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate; validating the digital signature for the application using the digital certificates; obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate; finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains; comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.
-
-
25. A system comprising:
-
a user interface device; and one or more computers operable to interact with the user interface device and to perform operations comprising; identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates; obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate; validating the digital signature for the application using the digital certificates; obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate; finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains; comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.
-
Specification