1. Field of the Invention
The present invention generally relates to information security and more particularly to verifying the authenticity of software applications.
2. Related Art
The security of information in networked computing environments is an important concern for many users and providers of confidential information. To prevent the misuse of confidential information, various techniques have been developed to permit only authorized parties to access such information.
In one approach, a party's identity is authenticated before the party is granted access to confidential information. In this approach, a party may be prompted to enter a correct password, code, or other types of user credentials before being granted access to confidential information. However, such an approach does not preclude a party from accidentally providing confidential information to other unauthorized parties. For example, if a user of a client device inadvertently provides user credentials to an unauthorized party, the user credentials may be subsequently abused by the unauthorized party to access the user's confidential information or perform tasks without the user's permission. As a result, the security previously afforded by the user credentials will be compromised.
Such problems are particularly problematic in circumstances where a rogue software application has been installed on a device without a user's knowledge. For example, the software application may request user credentials or other confidential information from the user, or direct the user to a webpage for entering such information. Without the ability to independently verify the authenticity of the software application, the user may inadvertently provide the user credentials or other confidential information to the software application or an affiliated webpage and thus compromise the security of such information.
Conventional software authentication tools also fail to adequately address such problems. For example, in order to activate a software application for use, a user may be required to provide a preapproved hardware or software key to “unlock” a software application for use. However, such approaches are directed to determining whether a user is authorized to use a given software program. They are not directed to determining whether a software application is in fact a genuinely authentic software application which may be trusted by the user.
Accordingly, there is a need for an improved approach to information security that permits users to verify the authenticity of a software application. Such an improved approach is especially important for users engaged in transactions performed in networked computing environments.