Access control for computers
First Claim
1. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
- receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S).
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a general and flexible mechanism for a secure access control on a computer. Cryptographic checksums are applied for the identification of a program to another program. These cryptographic checksums are generated automatically for the programs. Each program has its program-specific identifier which can be regarded as a substantially unique value or name. Such a program-specific identifier can be used to verify the validity of one program to another program. Mutual trust relationships between different programs can therewith be set up easily.
-
Citations
15 Claims
-
1. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
-
receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S). - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
2. A method for disclosing the identity of a message-originator program (D) to a message-receiver program (S), the method comprising:
sending from said message-originator program (D) to said message-receiver program (S) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB), said program-specific identifier (H(D)) being verifiable at said message-receiver program (S) whether it is known to said message-receiver program (S).
-
3. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
-
providing a program-specific identifier (H(D)) for said message-originator program (D) by means of a trusted computing base (TCB);
sending from said message-originator program (D) to said message-receiver program (S) a message comprising said program-specific identifier (H(D));
receiving at said message-receiver program (S) said message; and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S).
-
-
14. An apparatus for verifying the identity of a message-originator program (D) by a message-receiver program (S) on a computer, the apparatus comprising:
-
computing means;
a receiver-module for receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
a verifier-module that verifies whether said program-specific identifier (H(D)) is known to said message-receiver program (S).
-
-
15. An apparatus for disclosing the identity of a message-originator program (D) by a message-receiver program (S) on a computer, the apparatus comprising:
-
computing means;
a trusted computing base (TCB) comprising a generator-module for creating a program-specific identifier (H(D)); and
a sender-module for sending from said message-originator program (D) a message comprising said program-specific identifier (H(D)), said program-specific identifier (H(D)) being verifiable at said message-receiver program (S) whether it is known to said message-receiver program (S).
-
Specification