Application identification

US 8,219,805 B1
Filed: 12/11/2007
Issued: 07/10/2012
Est. Priority Date: 12/11/2007
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for identifying an application having a corresponding digital signature and certificates, the method comprising:

obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates;

generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains; and

wherein the obtaining and the generating are performed by at least one computer comprising a processor and a memory device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems, and apparatus, including medium-encoded computer program products, for identifying applications. In general, in one aspect, a method includes: obtaining a first certificate chain from certificates corresponding to a digitally signed application, and a second certificate chain from a successful validation of the digital signature using the certificates; and generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain. Generating the identifier for the application can include finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains, and comparing the one or more certificate owner names found in both the first certificate chain and the second certificate chain, starting or ending with the root and the location.

Citations

25 Claims

1. A computer-implemented method for identifying an application having a corresponding digital signature and certificates, the method comprising:
- obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates;
  
  generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains; and
  
  wherein the obtaining and the generating are performed by at least one computer comprising a processor and a memory device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein generating the identifier for the application comprises comparing the one or more certificate owner names found in both the first certificate chain and the second certificate chain, starting or ending with the root and the location.
  - 3. The method of claim 1, wherein finding the location comprises finding a certificate in the one certificate chain having public key information matching that found in the root of the other certificate chain.
  - 4. The method of claim 1, wherein generating the identifier for the application comprises using the first certificate chain to generate the identifier.
  - 5. The method of claim 1, wherein generating the identifier for the application comprises combining the one or more certificate owner names with public key information corresponding to a root of the first certificate chain.
  - 6. The method of claim 1, wherein generating the identifier for the application comprises combining public key information corresponding to a root of the first certificate chain, the one or more certificate owner names and an application name assigned to the application.
  - 7. The method of claim 1, further comprising saving the identifier for use in identifying the application for application services provided by a cross-operating system runtime environment.

8. A non-transitory computer-readable medium encoding a computer program product operable to cause data processing apparatus to perform operations for identifying an application having a corresponding digital signature and certificates, the operations comprising:
- obtaining a first certificate chain from the certificates and a second certificate chain from a successful validation of the digital signature using the certificates; and
  
  generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The non-transitory computer-readable medium of claim 8, wherein generating the identifier for the application comprises comparing the one or more certificate owner names found in both the first certificate chain and the second certificate chain, starting or ending with the root and the location.
  - 10. The non-transitory computer-readable medium of claim 8, wherein finding the location comprises finding a certificate in the one certificate chain having public key information matching that found in the root of the other certificate chain.
  - 11. The non-transitory computer-readable medium of claim 8, wherein generating the identifier for the application comprises using the first certificate chain to generate the identifier.
  - 12. The non-transitory computer-readable medium of claim 8, wherein generating the identifier for the application comprises combining the one or more certificate owner names with public key information corresponding to a root of the first certificate chain.
  - 13. The non-transitory computer-readable medium of claim 8, wherein generating the identifier for the application comprises combining public key information corresponding to a root of the first certificate chain, the one or more certificate owner names and an application name assigned to the application.
  - 14. The non-transitory computer-readable medium of claim 8, the operations further comprising saving the identifier for use in identifying the application for application services provided by a cross-operating system runtime environment.

15. A system comprising:
- a user interface device; and
  
  one or more computers operable to interact with the user interface device and to perform operations comprising;
  
  validating a digital signature for an application using certificates associated with the application;
  
  obtaining a first certificate chain from the certificates and a second certificate chain from the validating; and
  
  generating an identifier for the application based on one or more certificate owner names found in both the first certificate chain and the second certificate chain, wherein generating the identifier for the application comprises finding a location in one of the first and second certificate chains that corresponds to a root of the other of the first and second certificate chains.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The system of claim 15, wherein generating the identifier for the application comprises comparing the one or more certificate owner names found in both the first certificate chain and the second certificate chain, starting or ending with the root and the location.
  - 17. The system of claim 15, wherein finding the location comprises finding a certificate in the one certificate chain having public key information matching that found in the root of the other certificate chain.
  - 18. The system of claim 15, wherein generating the identifier for the application comprises using the first certificate chain to generate the identifier.
  - 19. The system of claim 15, wherein generating the identifier for the application comprises combining the one or more certificate owner names with public key information corresponding to a root of the first certificate chain.
  - 20. The system of claim 15, wherein generating the identifier for the application comprises combining public key information corresponding to a root of the first certificate chain, the one or more certificate owner names and an application name assigned to the application.
  - 21. The system of claim 15 the one or more computers including a cross-operating system runtime environment and the operations further comprising saving the identifier for use in identifying the application for application services provided by the cross-operating system runtime environment.
  - 22. The system of claim 15 wherein the one or more computers comprises one personal computer, and the personal computer comprises the user interface device.

23. A computer-implemented method, performed by at least one computer comprising a processor and a memory device, the method comprising:
- identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates;
  
  obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate;
  
  validating the digital signature for the application using the digital certificates;
  
  obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate;
  
  finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains;
  
  comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and
  
  generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.

24. A non-transitory computer-readable medium encoding a computer program product operable to cause data processing apparatus to perform operations for identifying an application, the operations comprising:
- identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates;
  
  obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate;
  
  validating the digital signature for the application using the digital certificates;
  
  obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate;
  
  finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains;
  
  comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and
  
  generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.

25. A system comprising:
- a user interface device; and
  
  one or more computers operable to interact with the user interface device and to perform operations comprising;
  
  identifying a digital signature corresponding to an application, wherein the digital signature includes digital certificates;
  
  obtaining a first certificate chain from the digital certificates included with the digital signature, wherein the first certificate chain begins with a root certificate;
  
  validating the digital signature for the application using the digital certificates;
  
  obtaining a second certificate chain from a successful validation of the digital signature, wherein the second certificate chain begins with a root certificate;
  
  finding a location in one of the first or second certificate chains that corresponds to the root certificate of the other of the first or second certificate chains;
  
  comparing owner names found in the first certificate chain and the second certificate chain, starting with the found location and the corresponding root certificate; and
  
  generating an identifier for the application using one or more of the owner names found in both the first certificate chain and the second certificate chain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Ie, William, Agrawal, Sunil C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US12/001,497
Time in Patent Office

1,673 Days
Field of Search

713/157
US Class Current

713/157
CPC Class Codes

G06F 21/44 Program or device authentic...

H04L 9/3265 using certificate chains, t...

Application identification

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Application identification

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links