System and method for registering entities for code signing services
First Claim
1. A method of registering entities for code signing services, the method performed at a first computing device, the method comprising:
- creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive;
deploying each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key;
registering at least one entity for code signing services;
receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface;
digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and
transmitting said digital signature to said requestor;
wherein said registering comprises;
receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity;
authenticating the identity of the entity by validating at least a subset of said data in said registration request;
generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity;
transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel;
receiving a registration file from said entity; and
confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request;
and wherein said registering is performed prior to said receiving the code signing request.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for registering entities for code signing services. The entities may be software application developers or other individuals or entities that wish to have applications digitally signed. Signing of the applications may be required in order to enable the applications to access sensitive APIs and associated resources of a computing device when the applications are executed on the computing device. In one embodiment, a method of registering entities for code signing services will comprise the step of transmitting at least some account data to the registering individual or entity using an out-of-band communication system. This provides added security that the individual or entity registering for a code signing service is who that individual or entity purports to be.
63 Citations
17 Claims
-
1. A method of registering entities for code signing services, the method performed at a first computing device, the method comprising:
-
creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive; deploying each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key; registering at least one entity for code signing services; receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface; digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and transmitting said digital signature to said requestor; wherein said registering comprises; receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity; authenticating the identity of the entity by validating at least a subset of said data in said registration request; generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity; transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel; receiving a registration file from said entity; and confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request; and wherein said registering is performed prior to said receiving the code signing request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-volatile computer-readable storage medium comprising instructions, wherein said instructions are executable on a first computing device, wherein when said instructions are executed by a processor, the processor is configured to perform a plurality of acts comprising:
-
creating at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive; deploying each public key key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and storing each corresponding private key; registering at least one entity for code signing services; receiving, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface; digitally signing the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and transmitting said digital signature to said requestor; wherein said registering comprises; receiving a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity; authenticating the identity of the entity by validating at least a subset of said data in said registration request; generating an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity; transmitting one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel; receiving a registration file from said entity; and confirming that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request; and wherein said registering is performed prior to said receiving the code signing request.
-
-
10. A system for registering entities for code signing services, comprising a client information database for storing a plurality of account records, wherein said system comprises a processor of a first computing device configured to:
-
create at least one public key and at least one corresponding private key, wherein each public key and corresponding private key is associated with an application programming interface that has been identified as sensitive; deploy each public key so that the public key is attached to a sensitive application programming interface or sent to a requestor to embed in the sensitive application programming interface, and to store storing each corresponding private key; register at least one entity for code signing services; receive, from a second computing device remote from said first computing device, a code signing request to sign a software application or hash thereof from the requestor, the software application accessing the sensitive application programming interface when run on a mobile device, said requestor being an entity registered at said registering, and wherein the code signing request comprises the software application or hash thereof that the requestor is requesting to have signed with that private key, amongst the at least one private key created, that is associated with said sensitive application programming interface; digitally sign the software application or hash thereof, wherein a digital signature is generated using said private key associated with said sensitive application programming interface; and transmit said digital signature to said requestor; wherein to register said at least one entity, said processor is configured to; receive a registration request from an entity requesting registration for code signing services, wherein said registration request comprises data associated with an identity of said entity; authenticate the identity of the entity by validating at least a subset of said data in said registration request; generate an account record for the entity, wherein said account record comprises at least a first and a second identifier associated with said entity; transmit one of the first and second identifiers to said entity via a first communication channel and the other of the first and second identifiers via a different, second communication channel; receive a registration file from said entity; and confirm that said registration file comprises at least both of said first and second identifiers prior to accepting said registration request; and wherein said processor is configured to register said at least one entity prior to receiving the code signing request. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification