Abstract: Disclosed are various approaches for secure inter-application communication with unmanaged applications using certificate enrollment. A certificate signing request can be received from an unmanaged application via an inter-application communication method supported by an operating system of a computing device, and an identity of the unmanaged application can be verified. The certificate signing request can be provided to a certifying authority, and a certificate can be received from the certifying authority. The certificate can be provided to the unmanaged application.

Abstract: Disclosed are various approaches for secure inter-application communication with unmanaged applications using certificate enrollment. A certificate signing request can be received from an unmanaged application via an inter-application communication method supported by an operating system of a computing device, and an identity of the unmanaged application can be verified. The certificate signing request can be provided to a certifying authority, and a certificate can be received from the certifying authority. The certificate can be provided to the unmanaged application.

Abstract: Disclosed are various embodiments for replacing hard-coded certificate pinning with blockchain based certificate pinning. A signing device can obtain a public key from an endpoint device, produce a signature for the public key, and store the public key on a distributed data store, such as a blockchain. A client device can obtain and validate the public keys from the distributed data store and use the public keys to establish a secure connection between the client device and the endpoint device.

Abstract: Disclosed are various embodiments for implementing an multi-service simple certificate enrollment protocol (SCEP) based authentication system. First, a computing device can send a certificate signing request (CSR) for a token signing certificate to a simple certificate enrollment protocol (SCEP) server. Then the computing device can receive the token signing certificate from the SCEP server. Next, the computing device can generate a authentication token that authenticates a user of the computing device with an authentication service. Subsequently, the computing device can sign the authentication token with the token signing certificate to create a signed authentication token. Finally, the computing device can send the signed authentication token to the authentication service to authenticate the user of the computing device with the authentication service.

Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.

Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.

Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.