System for Mobile Application Notary Service

1. A system, comprising: a computer platform configured as a notary server, for a mobile application notary service; and a computer platform configured as a validator server, for the mobile application notary service, wherein: 1) the notary server is configured to: provide, through a mobile communication network to a notary client running on a mobile device a challenge response, responsive to a challenge request from the notary client; receive, through the mobile communication network from the notary client on behalf of an application client running on the mobile device, a notarization token request including information from the challenge response and information corresponding to the application client running on the mobile device; and forward the notarization token request to the validator server; 2) the validator server is configured to: determine whether the notarization token request is valid based on at least some of information contained within the notarization token request; and advise the notary server of a valid validation status, when the notarization token request is determined to be valid; and 3) the notary server is further configured to: based upon the valid validation status of the notarization token request provided by the validator server, provide a notarization token through the mobile communication network to the notary client; receive, from an application server, a notarization token validation request corresponding to a request for service from the application client running on the mobile device and comprising a notarization token; and when the received notarization token corresponds to the provided notarization token, indicate to the application server that the received notarization token is valid as an indication that the information corresponding to the application client running on the mobile device is valid.

2. The system of claim 1 , wherein the notarization token request comprises: challenge data from the challenge response to the challenge request; package information corresponding to the application client running on the mobile device; and a notarization token request signature generated by an identity card of the mobile device based on the challenge data and package information.

3. The system of claim 2 , wherein the validator server is further configured to: generate a validation signature based on the challenge data and the package information corresponding to the application client running on the mobile device; and determine that the notarization token request is valid in response to determining that the validation signature generated by the validator server matches the notarization token request signature generated by the identity card of the mobile device.

4. The system of claim 3 , wherein the validator server is further configured to: generate a hash of the challenge data and the package information corresponding to the application client running on the mobile device; and generate the validation signature by encrypting the hash with a corresponding symmetric key shared in common by the validator server and the identity card of the mobile device, wherein the validator server determines the corresponding symmetric key based on the package information corresponding to the application client running on the mobile device.

5. The system of claim 2 , wherein the notarization token comprises: the challenge data from the challenge response to the challenge request; the package information corresponding to the application client running on the mobile device; and a notarization token signature generated by the notary server, wherein the challenge data and the package information corresponding to the application client running on the mobile device are contained within the notarization token request received from the notary client.

6. The system of claim 5 , wherein the notary server is further configured to generate the notarization token signature based on the challenge data and the package information corresponding to the application client running on the mobile device.

7. The system of claim 6 , wherein the notary server is further configured to: generate a hash of the challenge data and the package information corresponding to the application client running on the mobile device; and generate the notarization token signature by encrypting the hash with a secret key known only by the notary server.

8. The system of claim 6 , wherein the notary server is further configured to: generate a hash of the challenge data and the package information corresponding to the application client running on the mobile device; and generate the notarization token signature by encrypting the hash with a private key portion of a public key/private key pair of the notary server.

9. The system of claim 1 , wherein: the challenge response to the challenge request comprises: a time stamp; and random data; and the information corresponding to the application client comprises: a package name; and signing information of the application client.

10. A mobile device, comprising: a communication interface system, including at least one wireless communication transceiver configured to communicate via a wireless communications network; an identity module; at least one user interface element configured to receive user input and to provide output to a user of the mobile device; a processor coupled to the communication interface system and the at least one user interface element; a memory; an operating system stored in the memory; an application client program stored in the memory; and a notary client program stored in the memory, wherein execution of the notary client program by the processor configures the mobile device to perform functions, including functions to: receive, by the notary client program, a request for a notarization token from the application client program; obtain, by the notary client program and based on an identifier of the application client program provided by the operating system, package information corresponding to the application client program from a package manager of the operating system; transmit, by the notary client program and via the wireless communications network, a challenge request to a notary server; receive, by the notary client program and via the wireless communications network, a response to the challenge request from the notary server; generate, by the notary client program, a notarization token request for signature by the identity module, the notarization token request including information from the response to the challenge request and the package information; sign, by the identity module and based on commands issued by the notary client program and delivered to the identity module via a radio interface layer daemon of the mobile device, the notarization token request; send, by the notary client program and via the wireless communications network, the signed notarization token request to the notary server; receive, by the notary client program and via the wireless communications network, a notarization token from the notary server; and provide, by the notary client program, the notarization token to the application client program for inclusion in subsequent requests for service from an application server via the wireless communications network.

11. The mobile device of claim 10 , wherein the notarization token request comprises: the response to the challenge request; and the package information corresponding to the application client program.

12. The mobile device of claim 10 , wherein the signed notarization token request comprises: the response to the challenge request; the package information corresponding to the application client program; and the signature generated by the identity module.

13. The mobile device of claim 10 , wherein the function to sign the notarization token request further includes functions to: generate, by the identity module, a hash of the notarization token request; and encrypt, by the identity module, the hash of the notarization token request with a symmetric key shared in common with the identity module and a validator server.

14. The mobile device of claim 10 , wherein the notarization token comprises: the response to the challenge request; the package information corresponding to the application client; and a notarization token signature generated by the notary server.

15. The mobile device of claim 10 , wherein: the response to the challenge request from the notary server comprises: a time stamp; and random data; and the package information corresponding to the application client comprises: a package name; and signing information of the application client program.

16. A non-transitory machine-readable storage medium having instructions stored therein executable by a processor of a mobile device, wherein execution of the instructions by the processor configures the mobile device to perform functions, including functions to: receive, by a notary client running on the mobile device, a request for a notarization token from an application client running on the mobile device; obtain, by the notary client and based on an identifier of the application client provided by an operating system of the mobile device, package information corresponding to the application client; transmit, by the notary client and via a wireless communications network, a challenge request to a notary server; receive, by the notary client and via the wireless communications network, a response to the challenge request from the notary server; generate, by the notary client, a notarization token request for signature by an identity module, the notarization token request including information from the response to the challenge request and the package information; obtain, by the notary client and from the identity module, a signed notarization token request; send, by the notary client and via the wireless communications network, the signed notarization token request to the notary server; receive, by the notary client and via the wireless communications network, a notarization token from the notary server; and provide, by the notary client, the notarization token to the application client for inclusion in subsequent requests for service from an application server via the wireless communications network.

17. The storage medium of claim 16 , wherein the notarization token request comprises: the response to the challenge request; and the package information corresponding to the application client.

18. The storage medium of claim 16 , wherein the signed notarization token request comprises: the response to the challenge request; the package information corresponding to the application client; and the signature generated by the identity module.

19. The storage medium of claim 16 , wherein the notarization token comprises: the response to the challenge request; the package information corresponding to the application client; and a notarization token signature generated by the notary server.

20. The storage medium of claim 16 , wherein: the response to the challenge request from the notary server comprises: a time stamp; and random data; and the package information corresponding to the application client comprises: a package name; and signing information of the application client.