بعض محتويات هذا التطبيق غير متوفرة في الوقت الحالي.
إذا استمرت هذه الحالة ، يرجى الاتصال بنا علىتعليق وإتصال
1. (WO2018011775) METHOD FOR PROVIDING AN ENHANCED LEVEL OF AUTHENTICATION RELATED TO A SECURE SOFTWARE CLIENT APPLICATION PROVIDED BY AN APPLICATION DISTRIBUTION ENTITY IN ORDER TO BE TRANSMITTED TO A CLIENT COMPUTING DEVICE; SYSTEM, APPLICATION DISTRIBUTION ENTITY, SOFTWARE CLIENT APPLICATION, AND CLIENT COMPUTING DEVICE FOR PROVIDING AN ENHANCED LEVEL OF AUTHENTICATION RELATED TO A SECURE SOFTWARE CLIENT APPLICATION, PROGRAM AND COMPUTER PROGRAM PRODUCT
ملاحظة: نص مبني على عمليات التَعرف الضوئي على الحروف. الرجاء إستخدام صيغ PDF لقيمتها القانونية

PATENT CLAIMS

1. Method for providing an enhanced level of authentication related to a secure software client application that is provided, by an application distribution entity (200), in order to be transmitted, using a telecommunications network (100), to a client computing device (20) in view of software code of the software client application being executed by the client computing device (20),

wherein a first secure communication channel (251) is established - in view of transmitting an instance (121) of the software client application to the client computing device (20) - between the client computing device (20) and the application distribution entity (200), and wherein a second secure communication channel (252) is established between the application distribution entity (200) and a third party server entity (400),

wherein the method comprises the following steps:

- in a first step, a security token information (401) is generated in view of subsequently allowing for an authenticated transmission of data - provided by the software client application instance (121) upon it being executed by the client computing device (20) - to the third party server entity (400),

the security token information (401) being generated by a trusted entity (300) and transmitted from the trusted entity (300) to both the client computing device (20) and the third party server entity (400) using the first secure communication channel (251) and/or using the second secure communication channel (252), and wherein - besides the security token information (401) - the software client application instance (121) is transmitted, using at least the first secure communication channel (251), to the client computing device (20) as well,

- in a second step, subsequent to the first step, a cryptographic key information is generated by the client computing device (20), and a client response information (402), comprising at least part of the cryptographic key information, is transmitted, from the client computing device (20), to the third party server entity (400).

2. Method according to claim 1 , wherein a unique identity information (221) is

assigned to the software client application instance (121), the identity information (221) being specific to the software client application instance (121) or to the combination of the software client application instance (121) and the client computing device (20),

wherein during the first step, the identity information (221) is transmitted to the client computing device (20) as part of the security token information (401), using at least the first secure communication channel (251), wherein preferably the identity information (221) is transmitted to the third party server entity (400) using the second secure communication channel (252) and/or wherein preferably the identity information (221) is transmitted, during the second step and as part of the client response information (402), to the third party server entity (400).

Method according to one of the preceding claims, wherein the cryptographic key information corresponds to a symmetric cryptographic key (223), and wherein the symmetric cryptographic key (223) is transmitted as at least part of the client response information (402), wherein especially the symmetric cryptographic key (223) is used as a pre-shared cryptographic key in order to establish a TLS (Transport Layer Security) tunnel between the client computing device (20) and the third party server entity (400).

Method according to one of the preceding claims, wherein the cryptographic key information corresponds to an asymmetric pair of cryptographic keys, comprising a specific private cryptographic key (222) and a specific public cryptographic key (223), and wherein the specific public cryptographic key (223) is transmitted as at least part of the client response information (402).

Method according to one of the preceding claims, wherein the client response information (402) is transmitted using a third secure communication channel (253) between the client computing device (20) and the third party server entity (400), wherein especially the third secure communication channel (253) is established after the second step with the use of the security token information (401), or wherein the client response information (402) is transmitted using a

communication channel between the client computing device (20) and the third party server entity (400).

Method according to one of the preceding claims, wherein a server certificate (423) is transmitted to the client computing device (20), using the first secure communication channel (251), wherein the server certificate (423) is especially transmitted during the first step and as part of the security token information (401), wherein the server certificate (423) is especially specific to the software client application instance (121) or to the combination of the software client application instance (121) and the client computing device (20),

wherein especially a TLS (Transport Layer Security) tunnel is established using the server certificate (424) and/or wherein especially a certificate pinning is realized using the server certificate (424).

Method according to one of the preceding claims, wherein a further cryptographic key information is generated by the third party server entity (400), the further cryptographic key information comprising a further asymmetric pair of

cryptographic keys, comprising a further specific private cryptographic key (422) and a further specific public cryptographic key (423), and wherein the further specific public cryptographic key (423) is especially transmitted as at least part of the security token information (401) during the first step.

Method according to one of the preceding claims, wherein the client response information (402) comprises a challenge information, especially in encrypted form, and especially by means of the client computing device (20) encrypting, prior to the second step, the specific public cryptographic key (223) and the challenge information using the further specific public cryptographic key (423), wherein, subsequent to the second step, the third party server entity (400) especially generates a further response information (403), especially by means of the third party server entity (400) encrypting a signature of the challenge information using the specific public cryptographic key (223), and transmits the further response information (403) to the client computing device (20), wherein the client computing device (20) especially verifies the challenge information, after having received the further response information (403), and especially establishes a fourth secure communication channel, especially based on a TLS tunnel.

Method according to one of the preceding claims, wherein in a third step, subsequent to the second step, client application data, generated by and/or involving the software client application instance (121) are transmitted, from the client computing device (20), to the third party server entity (400) and/or to a further client computing device (50) and/or to a further software client application instance (151) and/or wherein in a fourth step, subsequent to the second step, the software client application instance (121) using the cryptographic key information is used to securely communicate with the application distribution entity (200) and/or with the third party server entity (400) and/or with a further client computing device (50) and/or with a further software client application instance (151).

10. Method according to one of the preceding claims, wherein the application

distribution entity (200) is an application store, wherein especially the trusted entity is identical to the third party server entity (400).

1 1. System for providing an enhanced level of authentication related to a secure software client application that is provided, by an application distribution entity (200), in order to be transmitted, using a telecommunications network (100), to a client computing device (20) in view of software code of the software client application being executed by the client computing device (20), the system comprising the client computing device (20), the application distribution entity (200) and a third party server entity (400),

wherein a first secure communication channel (251) is established - in view of transmitting an instance (121) of the software client application to the client computing device (20) - between the client computing device (20) and the application distribution entity (200), and wherein a second secure communication channel (252) is established between the application distribution entity (200) and a third party server entity (400),

wherein the system is configured such that:

- a security token information (401) is generated in view of subsequently allowing for an authenticated transmission of data - provided by the software client application instance (121) upon it being executed by the client computing device (20) - to the third party server entity (400),

the security token information (401) being generated by a trusted entity (300) and transmitted from the application distribution entity (200) to both the client computing device (20) and the third party server entity (400) using the first secure communication channel (251) and/or using the second secure communication channel (252), and wherein - besides the security token information (401) - the software client application instance (121) is transmitted, using at least the first secure communication channel (251), to the client computing device (20) as well,

- a cryptographic key information is generated by the client computing device (20), and a client response information (402), comprising at least part of the cryptographic key information, is transmitted, from the client computing device (20), to the third party server entity (400).

12. Application distribution entity (200) for providing an enhanced level of

authentication related to a secure software client application that is provided, by an application distribution entity (200), in order to be transmitted, using a telecommunications network (100), to a client computing device (20) in view of software code of the software client application being executed by the client computing device (20),

wherein a first secure communication channel (251) is established - in view of transmitting an instance (121) of the software client application to the client computing device (20) - between the client computing device (20) and the application distribution entity (200), and wherein a second secure communication channel (252) is established between the application distribution entity (200) and a third party server entity (400),

wherein the application distribution entity (200) is configured such that:

- a security token information (401) is generated in view of subsequently allowing for an authenticated transmission of data - provided by the software client application instance (121) upon it being executed by the client computing device (20) - to the third party server entity (400),

the security token information (401) being generated by a trusted entity (300) and transmitted from the application distribution entity (200) to both the client computing device (20) and the third party server entity (400) using the first secure communication channel (251) and/or using the second secure communication channel (252), and wherein - besides the security token information (401) - the software client application instance (121) is transmitted, using at least the first secure communication channel (251), to the client computing device (20) as well, - a cryptographic key information is generated by the client computing device

(20), and a client response information (402), comprising at least part of the cryptographic key information, is transmitted, from the client computing device (20), to the third party server entity (400).

13. Software client application instance (121) or client computing device (20) for providing an enhanced level of authentication related to a secure software client application that is provided, by an application distribution entity (200), in order to be transmitted, using a telecommunications network (100), to a client computing device (20) in view of software code of the software client application being executed by the client computing device (20),

wherein a first secure communication channel (251) is established - in view of transmitting an instance (121) of the software client application to the client

computing device (20) - between the client computing device (20) and the application distribution entity (200), and wherein a second secure communication channel (252) is established between the application distribution entity (200) and a third party server entity (400),

wherein the software client application (121) or the client computing device (20) is configured such that:

- a security token information (401) is generated in view of subsequently allowing for an authenticated transmission of data - provided by the software client application instance (121) upon it being executed by the client computing device (20) - to the third party server entity (400),

the security token information (401) being generated by a trusted entity (300) and transmitted from the application distribution entity (200) to both the client computing device (20) and the third party server entity (400) using the first secure communication channel (251) and/or using the second secure communication channel (252), and wherein - besides the security token information (401) - the software client application instance (121) is transmitted, using at least the first secure communication channel (251), to the client computing device (20) as well,

- a cryptographic key information is generated by the client computing device (20), and a client response information (402), comprising at least part of the cryptographic key information, is transmitted, from the client computing device

(20), to the third party server entity (400).

14. Program comprising a computer readable program code which, when executed on a computer or on a client computing device (20) or as part of a software client application instance (121) or on an application distribution entity (200) or on a trusted entity (300), or in part on a client computing device (20) and/or in part as part of a software client application instance (121) and/or in part on an application distribution entity (200) and/or in part on a trusted entity (300), causes the computer and/or the client computing device (20) and/or the software client application instance (121) and/or the application distribution entity (200) and/or the trusted entity (300) to perform a method according one of claims 1 to 10.

15. Computer program product for providing an enhanced level of authentication

related to a secure software client application provided by an application distribution entity (200), the computer program product comprising a computer program stored on a storage medium, the computer program comprising program code which, when executed on a computer or on a client computing device (20) or as part of a software client application instance (121) or on an application distribution entity (200) or on a trusted entity (300), or in part on a client computing device (20) and/or in part as part of a software client application instance (121) and/or in part on an application distribution entity (200) and/or in part on a trusted entity (300), causes the computer and/or the client computing device (20) and/or the software client application instance (121) and/or the application distribution entity (200) and/or the trusted entity (300) to perform a method according one of claims 1 to 10.