| CPC H04L 9/0819 (2013.01) [H04L 9/0866 (2013.01); H04L 9/3249 (2013.01)] | 14 Claims |
|
1. A method for protecting an application resource file when a client device uses an application on a host device, comprising the steps by the host or the application on the host of:
binding the application resource file to the host device during an installation and subsequent execution of the application on the host device by:
creating, during said installation, an asymmetric key pair including a private key and a public key;
obtaining a device fingerprint of the host device;
signing together both the application resource file and the device fingerprint of the host device using the private key to provide a signature;
saving the signature and the public key; and
deleting, during said installation, both the private key and the device fingerprint, thereby completing said installation,
wherein the method further binds the host device by including the steps at the application provider of:
creating by the application provider a key pair for digital signature;
providing a public key of the application provider with the application; and
including or defining the device fingerprint of the client device or host device or both within the application, wherein the client device provided the host device finger print to the application provider via user interface or via an application programming interface,
wherein the method, after completing said installation, further comprises the steps during said execution of the application on the host device of:
obtaining the device fingerprint of the host device;
verifying the signature by using the application resource file, the device fingerprint of the host device, and the public key; and
using the application resource file if the verification succeeded,
wherein the application resource file is accessible only if a verification of the signature is successful.
|