Method and apparatus for preventing rogue implementations of a security-sensitive class interface
First Claim
1. A method of securing a server runtime environment, comprising:
- generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment;
storing the first unique identifier in a private location of the server runtime environment;
receiving a request to instantiate a first credential object; and
inserting the first unique identifier in a private field of the first credential object.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object. These one or more methods determine the validity of the credential object by retrieving the encrypted UID from the private class stored in the server runtime environment, decrypting the UID and comparing it to the decrypted UID stored in the private field of the credential object. If the two UIDs match, a determination is made that the credential object was created by the server runtime environment rather than a rogue application. If the two UIDs do not match, or if there is no UID in the credential object, then a false result will be returned by the verification class.
-
Citations
20 Claims
-
1. A method of securing a server runtime environment, comprising:
-
generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment;
storing the first unique identifier in a private location of the server runtime environment;
receiving a request to instantiate a first credential object; and
inserting the first unique identifier in a private field of the first credential object. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product in a computer readable medium for securing a server runtime environment, comprising:
-
first instructions for generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment;
second instructions for storing the first unique identifier in a private location of the server runtime environment;
third instructions for receiving a request to instantiate a first credential object; and
fourth instructions for inserting the first unique identifier in a private field of the first credential object. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for securing a server runtime environment, comprising:
-
means for generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment;
means for storing the first unique identifier in a private location of the server runtime environment;
means for receiving a request to instantiate a first credential object; and
means for inserting the first unique identifier in a private field of the first credential object. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification