METHOD AND APPARATUS FOR PREVENTING ROGUE IMPLEMENTATIONS OF A SECURITY-SENSITIVE CLASS INTERFACE
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for preventing rogue implementations of a security-sensitive class interface are provided. With the method and apparatus, a unique identifier (UID) is created by a server process when the server process is started. Anytime the server process, i.e. a server runtime environment, instantiates a new credential object following start-up of the server process, the encrypted UID is placed into a private field within the new credential object. In addition, the UID is encrypted and stored in a private class of the server runtime environment. A verification class is provided within the server runtime environment which includes one or more methods that receive the credential object as a parameter and return true or false as to the validity of the credential object. These one or more methods determine the validity of the credential object by retrieving the encrypted UID from the private class stored in the server runtime environment, decrypting the UID and comparing it to the decrypted UID stored in the private field of the credential object. If the two UIDs match, a determination is made that the credential object was created by the server runtime environment rather than a rogue application. If the two UIDs do not match, or if there is no UID in the credential object, then a false result will be returned by the verification class.
12 Citations
20 Claims
-
1-7. -7. (canceled)
-
8. A computer program product in a computer recordable-type medium for securing a server runtime environment, comprising:
-
first instructions for generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment; second instructions encrypting the first unique identifier; third instructions for storing the first unique identifier in a private location of the server runtime environment; fourth instructions for receiving a request to instantiate a first credential object from a requestor; fifth instructions for instantiating the first credential object, wherein the first unique identifier is inserted in a private field of the first credential object; sixth instructions for returning the first credential object to the requestor; seventh instructions for receiving a second credential object, wherein the second credential object contains a second uniquely encrypted unique identifier stored in a private field of the second credential object; eighth instructions for passing the second credential object as parameters to a verification class, wherein the verification class retrieves the encrypted first unique identifier from the private location of the server runtime environment and retrieves the uniquely encrypted second unique identifier from the private field of the second credential object; ninth instructions for decrypting the encrypted first unique identifier and the uniquely encrypted second unique identifier; tenth instructions for comparing the second unique identifier to the first unique identifier; and eleventh instructions for validating the second credential object only if the second unique identifier matches the first unique identifier. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
9. (canceled)
-
15. An apparatus for securing a server runtime environment, comprising:
-
means for generating a first unique identifier at startup of the server runtime environment, the first unique identifier being an identifier that is valid for the server runtime environment; means for encrypting the first unique identifier; means for storing the first unique identifier in a private location of the server runtime environment; means for receiving a request to instantiate a first credential object from a requestor; means for instantiating the first credential object, wherein the first unique identifier is inserted in a private field of the first credential object; means for returning the first credential object to the requestor; means for receiving a second credential object, wherein the second credential object contains a second uniquely encrypted unique identifier stored in a private field of the second credential object; means for passing the second credential object as parameters to a verification class, wherein the verification class retrieves the encrypted first unique identifier from the private location of the server runtime environment and retrieves the uniquely encrypted second unique identifier from the private field of the second credential object; means for decrypting the encrypted first unique identifier and the uniquely encrypted second unique identifier; means for comparing the second unique identifier to the first unique identifier; and means for validating the second credential object only if the second unique identifier matches the first unique identifier. - View Dependent Claims (17, 18, 19, 20)
-
-
16. (canceled)
Specification
-
- Resources
-
Current AssigneeChing-Yun Chao, Hyen Vui Chung, Peter Daniel Birk
-
Original AssigneeChing-Yun Chao, Hyen Vui Chung, Peter Daniel Birk
-
InventorsChao, Ching-Yun, Birk, Peter Daniel, Chung, Hyen Vui
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current713/167
-
CPC Class CodesG06F 21/64 Protecting data integrity, ...
