Access control for computers
First Claim
1. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
- receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S).
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a general and flexible mechanism for a secure access control on a computer. Cryptographic checksums are applied for the identification of a program to another program. These cryptographic checksums are generated automatically for the programs. Each program has its program-specific identifier which can be regarded as a substantially unique value or name. Such a program-specific identifier can be used to verify the validity of one program to another program. Mutual trust relationships between different programs can therewith be set up easily.
52 Citations
15 Claims
-
1. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
-
receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S). - View Dependent Claims (4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
2. A method for disclosing the identity of a message-originator program (D) to a message-receiver program (S), the method comprising:
sending from said message-originator program (D) to said message-receiver program (S) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB), said program-specific identifier (H(D)) being verifiable at said message-receiver program (S) whether it is known to said message-receiver program (S).
-
3. A method for verifying the identity of a message-originator program (D) by a message-receiver program (S), the method comprising the steps of:
-
providing a program-specific identifier (H(D)) for said message-originator program (D) by means of a trusted computing base (TCB);
sending from said message-originator program (D) to said message-receiver program (S) a message comprising said program-specific identifier (H(D));
receiving at said message-receiver program (S) said message; and
verifying whether said received program-specific identifier (H(D)) is known to said message-receiver program (S).
-
-
14. An apparatus for verifying the identity of a message-originator program (D) by a message-receiver program (S) on a computer, the apparatus comprising:
-
computing means;
a receiver-module for receiving from said message-originator program (D) a message comprising a program-specific identifier (H(D)), which has been provided for said message-originator program (D) by means of a trusted computing base (TCB); and
a verifier-module that verifies whether said program-specific identifier (H(D)) is known to said message-receiver program (S).
-
-
15. An apparatus for disclosing the identity of a message-originator program (D) by a message-receiver program (S) on a computer, the apparatus comprising:
-
computing means;
a trusted computing base (TCB) comprising a generator-module for creating a program-specific identifier (H(D)); and
a sender-module for sending from said message-originator program (D) a message comprising said program-specific identifier (H(D)), said program-specific identifier (H(D)) being verifiable at said message-receiver program (S) whether it is known to said message-receiver program (S).
-
Specification