Secure authentication using attestation tokens and inviolable quotes to validate request origins
US-2023131060-A1 · Apr 27, 2023 · US
Attestation of application identity for inter-app communications
US11977620B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11977620-B2 |
| Application number | US-202217648362-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 19, 2022 |
| Priority date | Jan 19, 2022 |
| Publication date | May 7, 2024 |
| Grant date | May 7, 2024 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application providing the attestation payload.
First claim
Opening claim text (preview).
Therefore, the following is claimed: 1. A system, comprising: a client device comprising at least one processor; and a sending application executable by the client device that, when executed, direct the client device to at least: generate a key pair comprising a public key and a private key; transmit a request for an attestation payload from an attestation service executed remotely from the client device, the request for the attestation payload comprising the public key or an identifier corresponding to the public key; obtain the attestation payload from the attestation service, the attestation payload comprising an identifier identifying the sending application; and provide the attestation payload to a receiving application executed on the client device, wherein the receiving application validates an identity of the sending application based upon the attestation payload obtained from the attestation service. 2. The system of claim 1 , wherein the attestation payload comprises a hash value based upon an application identifier associated with the sending application. 3. The system of claim 1 , wherein the attestation payload is signed using an attestation certificate associated with an operating system platform provider that is verifiable by the receiving application. 4. The system of claim 1 , wherein the sending application provides the attestation payload in an OpenURL request generated by the sending application, wherein the attestation payload is provided as a parameter to the OpenURL request. 5. The system of claim 4 , wherein the OpenURL request is signed by the private key of the sending application. 6. The system of claim 4 , wherein the OpenURL request further comprises a device secret, wherein the device secret comprises an uptime counter obtained from an operating system of the client device. 7. The system of claim 1 , wherein the receiving application provides a token in response to validating the identity of the sending application. 8. A non-transitory computer-readable medium embodying instructions executed by a client device, the instructions, when executed, causing the client device to at least: generate a key pair comprising a public key and a private key; transmit a request for an attestation payload from an attestation service executed remotely from the client device, the request for the attestation payload comprising the public key or an identifier corresponding to the public key; obtain the attestation payload from the attestation service, the attestation payload comprising an identifier identifying a sending application; and provide the attestation payload to a receiving application executed on the client device, wherein the receiving application validates an identity of the sending application based upon the attestation payload obtained from the attestation service. 9. The non-transitory computer-readable medium of claim 8 , wherein the attestation payload comprises a hash value based upon an application identifier associated with the sending application. 10. The non-transitory computer-readable medium of claim 8 , wherein the attestation payload is signed using an attestation certificate associated with an operating system platform provider that is verifiable by the receiving application. 11. The non-transitory computer-readable medium of claim 8 , wherein the instructions provide the attestation payload in an OpenURL request generated by the sending application, wherein the attestation payload is provided as a parameter to the OpenURL request. 12. The non-transitory computer-readable medium of claim 11 , wherein the OpenURL request is signed by the private key of the sending application. 13. The non-transitory computer-readable medium of claim 11 , wherein the OpenURL request further comprises a device secret, wherein the device secret comprises an uptime counter obtained from an operating system of the client device. 14. The non-transitory computer-readable medium of claim 8 , wherein the receiving application provides a token in response to validating the identity of the sending application. 15. A method, comprising: generating, on a client device, a key pair comprising a public key and a private key; transmitting, on the client device, a request for an attestation payload from an attestation service executed remotely from the client device, the request for the attestation payload comprising the public key or an identifier corresponding to the public key; obtaining, on the client device, the attestation payload from the attestation service, the attestation payload comprising an identifier identifying a sending application; and providing, on the client device, the attestation payload to a receiving application executed on the client device, wherein the receiving application validates an identity of the sending application based upon the attestation payload obtained from the attestation service. 16. The method of claim 15 , wherein the attestation payload comprises a hash value based upon an application identifier associated with the sending application. 17. The method of claim 15 , wherein the attestation payload is signed using an attestation certificate associated with an operating system platform provider that is verifiable by the receiving application. 18. The method of claim 15 , further comprising providing, on the client device, the attestation payload in an OpenURL request generated by the sending application, wherein the attestation payload is provided as a parameter to the OpenURL request. 19. The method of claim 18 , wherein the OpenURL request is signed by the private key of the sending application. 20. The method of claim 18 , wherein the OpenURL request further comprises a device secret, wherein the device secret comprises an uptime counter obtained from an operating system of the client device.
Assignees
Inventors
Classifications
- G06F21/44Primary
Program or device authentication · CPC title
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
- H04L67/60Primary
Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources (admission control or resource allocation H04L47/70) · CPC title
the source of the received data · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11977620B2 cover?
- Examples for validating the identify of an application in an inter-app communication protocol are described. An attestation payload is obtained from a third party attestation service that is executed remotely from a device on which the application is running. The attestation payload can be validated by another application on the device in order to validate the identity of the application provid…
- Who is the assignee on this patent?
- Vmware Inc, VMware LLC
- What technology area does this patent fall under?
- Primary CPC classification G06F21/44. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue May 07 2024 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).