American Express Company
Decoupling and updating pinned certificates on a mobile device

Abstract:

Systems for decoupling and updating pinned certificates on a user device are disclosed. A mobile application having a hardcoded pinned certificate may be installed on a user device. The pinned certificate may be decoupled from the mobile application and stored on the user device. In response to the mobile application attempting to establish a secure connection with a server, the system may check whether the decoupled pinned certificate is current by querying a certificate repository. In response to determining that the pinned certificate is out of date, the system may transmit the current certificate to the user device to update the decoupled pinned certificate.