ACHIEVING CERTIFICATE PINNING SECURITY IN REDUCED TRUST NETWORKS

摘要

Achieving certificate pinning security in reduced trust networks. A client receives a second certificate from a server over a first secured communications channel. The first secured communications channel is established based at least upon a first digital certificate associated with the first secured communications channel being certified by a pinned certificate. The client sends a request towards the server via a second communications channel with an untrusted computer system, and the request is received by the server. The server generates a response comprising a timestamp, a URI portion, and a signature that is generated using the second certificate. The server sends the response via the second communications channel. The client receives the response, and uses the second certificate to verify that the response is authentic and that the timestamp and URI portion are valid. The client then processes the payload.