METHOD, SYSTEM AND COMPUTER PROGRAM FOR DEPLOYING SOFTWARE PACKAGES WITH INCREASED SECURITY
First Claim
1. A method for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
- providing a software package to be deployed to a set of selected target entities, associating a symmetric key with the software package, encrypting at least a portion of the software package with the symmetric key, for each selected target entity encrypting the symmetric key with the corresponding public key, and deploying the encrypted software package and the encrypted symmetric keys to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration.
1 Assignment
0 Petitions
Accused Products
Abstract
A software distribution method (300) with security add-on is proposed. Particularly, any software package to be deployed to selected target endpoints is encrypted (312-315) with a symmetric key (generated dynamically). The symmetric key is in turn encrypted (318-321) with a public key of each target endpoint. A multi-segment software package (embedding the encrypted software package and the encrypted symmetric keys) is then deployed (324-336, 360) to all the target endpoints. In this way, each target endpoint can decrypt (343-348) the encrypted symmetric key with a corresponding private key; it is then possible to decrypt (363-366) the encrypted software package with the symmetric key so obtained. As a result, the endpoint is able to apply (369) the decrypted software package. Therefore, the application of the software package can be restricted to the desired target endpoints only.
55 Citations
12 Claims
-
1. A method for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
-
providing a software package to be deployed to a set of selected target entities, associating a symmetric key with the software package, encrypting at least a portion of the software package with the symmetric key, for each selected target entity encrypting the symmetric key with the corresponding public key, and deploying the encrypted software package and the encrypted symmetric keys to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. (canceled)
-
10. (canceled)
-
11. A computer program product including a computer-usable medium embodying a computer program, the computer program when executed on a data processing system causing the system to perform a method for deploying software packages adapted to enforce software configurations in the system, the system including a plurality of target entities each one being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
-
providing a software package to be deployed to a set of selected target entities, associating a symmetric key with the software package, encrypting at least a portion of the software package with the symmetric key, for each selected target entity encrypting the symmetric key with the corresponding public key, and deploying the encrypted software package and the encrypted symmetric keys to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration.
-
-
12. A system for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the system includes:
-
means for providing a software package to be deployed to a set of selected target entities, means for associating a symmetric key with the software package, means for encrypting at least a portion of the software package with the symmetric key, means for encrypting the symmetric key with the corresponding public key for each selected target entity, and means for deploying the encrypted software package and the encrypted symmetric keys to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration.
-
Specification