发明名称 |
Application-level certificates for identity and authorization |
摘要 |
Disclosed is a method in which a portable device processor may generate an application-level certificate for an application installed on the portable device. The processor may, for example, insert an application name in a package name field of a self-signed device-level certificate of the portable device to generate an application-level self-signed certificate. A request to authenticate the application may be forwarded to the controller. The request may include the application-level certificate. The portable device processor may receive a request to form a secure communication channel between the portable device and the controller based on the authenticated application-level certificate. A controller may respond to a portable device request for services by authenticating an application-level certificate provided by the portable device so requested services may be securely provided to the portable device. |
申请公布号 |
US9294468(B1) |
申请公布日期 |
2016.03.22 |
申请号 |
US201313913572 |
申请日期 |
2013.06.10 |
申请人 |
Google Inc. |
发明人 |
Kilbourn Timothy |
分类号 |
G06F7/04;G06F15/16;G06F17/30;H04L29/06;H04L9/32;H04W12/06;H04L9/00;H04L9/08;G06F21/33;G06F21/00 |
主分类号 |
G06F7/04 |
代理机构 |
Morris & Kamlay LLP |
代理人 |
Morris & Kamlay LLP |
主权项 |
1. A method, comprising:
receiving a request from an application executing on a portable device, wherein the request includes an application-level certificate generated in the portable device by a portable device processor of the portable device, wherein the application-level certificate comprises at least a portion of a self-signed device-level certificate generated at the portable device and associated with the portable device, and wherein the request includes information obtained from the self-signed device-level certificate; authenticating the requesting application based on the application-level certificate, wherein the application-level certificate includes public key information for establishing a secure communication channel; in response to the authentication, beginning a handshaking process using the public key information in the application-level certificate to establish a secure communication channel with the portable device; and establishing a secure communication channel with the portable device. |
地址 |
Mountain View CA US |