Robust and secure updates of certificate pinning software
US11765155B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Sep 29, 2020 |
| Grant date | Sep 19, 2023 |
| Priority date | — |
| Expiry date | Nov 20, 2041 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2009/45595
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Systems and methods are disclosed to implement an application that can automatically download new digital certificates to verify signed code updates received by the application. In embodiments, under normal circumstances, the application uses a pinned certificate in the application's executable code to verify received updates signed using the certificate. However, if the code signing certificate changes, the application will automatically retrieve the new certificate from a certificate publishing service. Accordingly, the new certificate does not have to be included as part of the code update package, and the retrieval of the new certificate can be managed more robustly by the application updater. In embodiments, downloads from the certificate publishing service may be secured using a nonce and a shared secret that is known to the service and also pinned to the application. In this way, the download process can be protected from hijacking attacks.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.