Method and system for conditional installation and execution of services in a secure computing environment
First Claim
1. A method for securely installing an applet on a computer system having a data storage and a secure processor, comprising:
- receiving an applet in a data storage;
determining from at least a portion of the applet whether the applet is capable of being executed by a secure processor; and
installing the applet on the secure processor if the secure processor is capable of executing the applet.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method are provided for installing and executing an applet in a secure processor. The system and method can receive the applet in non-secure data storage. The applet includes a meta-data portion and an executable portion. The meta-data portion includes a security meta-data portion, a resource meta-data portion, and a meta-data signature portion. The system and method determines whether the applet is capable of being executed by the secure processor based at least in part on the security meta-data portion and the resource meta-data portion of the applet, and if the applet can be executed by the secure processor, the applet is installed on the secure processor.
225 Citations
43 Claims
-
1. A method for securely installing an applet on a computer system having a data storage and a secure processor, comprising:
-
receiving an applet in a data storage;
determining from at least a portion of the applet whether the applet is capable of being executed by a secure processor; and
installing the applet on the secure processor if the secure processor is capable of executing the applet. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method for securely installing an applet on a computer system having a data storage and a secure processor, comprises:
-
receiving an applet in a non-secure data storage, said applet comprises;
a meta-data portion, said meta-data portion comprises;
a security meta-data portion;
a resource meta-data portion which designates any resources required by the applet for execution; and
a meta-data signature portion; and
an executable portion;
determining whether the applet is capable of being executed by a secure processor based at least in part on the security meta-data portion and the resource meta-data portion of the applet, comprises;
verifying that a secure processor security requirement of the security meta-data portion of the applet is met or exceeded by a secure processor security rating of the secure processor; and
verifying that the secure processor is capable of supplying the resources designated in the resource meta-data portion of the meta-data portion of the applet; and
installing the applet on the secure processor if the secure processor is capable of executing the applet. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for providing a list of alternative applets for a first applet which could not be installed in a computer having at least one resource and having a secure processor which is associated with a security rating, comprising:
-
receiving a request from a secure processor for a list of alternative applets;
the request comprising;
an applet serial number which identifies a first applet;
an identifier which identifies the secure processor;
a first indicator which identifies a security rating of the secure processor; and
a second indicator which identifies the at least one resource of the computer;
creating the list of alternative applets from the plurality of applets based at least in part on the first indicator and the second indicator; and
transmitting the list of alternative applets to the computer. - View Dependent Claims (31, 32)
-
-
33. A secure applet execution system, comprising:
-
a data storage element storing an applet received by the secure applet execution system; and
a secure processor determining from at least a portion of the applet whether the applet is capable of being executed by the secure processor, and installing the applet on the secure processor if the secure processor is capable of executing the applet. - View Dependent Claims (34, 35, 36)
-
-
37. A secure applet execution system, comprising:
-
a non-secure data storage element storing an applet received by the secure applet execution system;
said applet comprising;
a meta-data portion; and
an executable portion;
said meta-data portion, comprising;
a security meta-data portion;
a resource meta-data portion which designates any resources required by the applet for execution; and
a meta-data signature portion; and
a secure processor determining from at least a portion of the applet whether the applet is capable of being executed by the secure processor, and installing the applet on the secure processor if the secure processor is capable of executing the applet.
-
-
38. A secure applet configured to include a cryptographically secure executable, comprising:
-
a meta-data portion, said meta-data portion including;
a security meta-data portion;
a resource meta-data portion; and
a meta-data signature portion;
an executable portion, said encrypted executable portion including;
an encrypted executable portion; and
an unencrypted executable signature portion; and
a certificate portion. - View Dependent Claims (39, 40, 41, 42, 43)
-
Specification