We're Hiring!
We're Hiring!
Request Demo

Patent v3-1-1

Approov Patents

Client Software Attestation

This patent describes a computer-implemented method for a server computing device to verify the integrity of a software application running on a client computing device. The process involves executing software on the server that communicates with an attestation server device. A client software application on the client computing device calculates a cryptographic hash fingerprint of its code image, sending it to the attestation server to prove integrity. The attestation server generates a pass/fail result and communicates it to the server using a signed token. This communication happens indirectly via the client computing device, using a shared secret key to sign the token. The server, upon receiving a service/data request and signed token from the client, adjusts its behaviour based on the prior attestation result. If attestation fails, the server denies requested services/data.

 

US Patent 11,163,858 B2

The invention claimed is:

1. A computer-implemented method of enabling a server computing device to determine if a client software application executing on a client computing device has not been tampered, the method comprising the steps of:

software executing on the server computing device, the software communicating either directly or indirectly with an attestation server;

the client software application running on the client computing device, the client software application communicating with the same said attestation server;

the client software application calculating a cryptographic hash fingerprint of its executing code image, wherein the cryptographic hash fingerprint is communicated to the attestation server to prove that the client software application is untampered;

the attestation server generating a pass or fail attestation result;

communicating the attestation result between the attestation server and the server computing device;

controlling the behaviour of the server computing device in a way that is conditional on whether a prior attestation of the client software application was a pass or fail attestation result,

wherein the communication between the attestation server and the server computing device is communicated indirectly via the client computing device by use of a signed token provided from the attestation server to the client computing devices, in which:

a shared secret key is known by the attestation server and the server computing device but not by the client computing device;

said shared secret key being used to sign the token such that it proves that the signer is in possession of the secret key.

 

Client Software Attestation - Patent diagram Version 2

Source: Approov

 

Learn more details about Approov's patents: US 11,163,858 B2 and EPO 3 295 352 B1.

The items listed above are protected by patents held by Approov Ltd or CriticalBlue Ltd. 

Please note that the enumeration of products and patents provided might not be exhaustive. Some of the products listed here could potentially be encompassed by patents within the United States and other regions, which might not be explicitly mentioned.

US Headquarters

165 University Avenue

Suite 200

Palo Alto, CA 94301 USA

P: +1 (650) 322-5300

UK Headquarters

181 The Pleasance

Edinburgh, Midlothian

EH8 9RU, United Kingdom

P: +44 0131 655 1500

newsletter icon

Request a Demo

Give us 30 minutes and our security experts will show you how to protect your revenue and business data by deploying Approov to secure your mobile apps and your APIs

 

Get a Trial

Approov offers a complimentary 30 day trial (no credit card necessary) to give you immediate and valuable insight into the security risks of your mobile apps and the devices they run on.