Maintaining Code Integrity in a Central Software Development System

US 20080148060A1
Filed: 12/19/2006
Published: 06/19/2008
Est. Priority Date: 12/19/2006
Status: Active Grant

First Claim

Patent Images

1. A method of maintaining code integrity in a central software development system, comprising:

converting modified free source code received by the system to program code; and

selectively signing the program code using an encryption key associated with one or more devices for which the program code is designed.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A central software development system comprises a code processor and a code authenticator. The code processor converts modified free source code received by the system to program code such as executable code or bytecode. The code authenticator selectively signs the program code using an encryption key associated with one or more devices for which the program code is designed, e.g., a computer or mobile phone. The central system may also include a code scanner. The code scanner verifies the modified free source code, e.g., by scanning the modified free source code or intermediate code generated by the code processor for impermissible code patterns. The code authenticator signs the program code if the modified free source code is verified. The impermissible code patterns may correspond to at least one of proprietary, malicious or virulent code sequences.

32 Citations

View as Search Results

23 Claims

1. A method of maintaining code integrity in a central software development system, comprising:
- converting modified free source code received by the system to program code; and
  
  selectively signing the program code using an encryption key associated with one or more devices for which the program code is designed.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - verifying the modified free source code; and
      
      signing the program code if the modified free source code is verified.
  - 3. The method of claim 2, wherein verifying the modified free source code comprises scanning at least one of the modified free source code or intermediate code generated by the system for impermissible code patterns.
  - 4. The method of claim 3, wherein scanning for impermissible code patterns comprises comparing at least one of the modified free source code or the intermediate code to one or more groups of regular expressions.
  - 5. The method of claim 3, wherein scanning for impermissible code patterns comprises scanning at least one of the modified free source code or the intermediate code for at least one of proprietary, malicious or virulent code sequences.
  - 6. The method of claim 3, wherein scanning the intermediate code for impermissible code patterns comprises scanning one of bytecode, an intermediate representation of the modified free source code, or an optimized version of the intermediate representation.
  - 7. The method of claim 3, further comprising taking action against an entity that provided the modified free source code to the system responsive to one or more of the impermissible code patterns being detected.
  - 8. The method of claim 1, wherein selectively signing the program code using the encryption key comprises:
    - selectively calculating a hash value based on the program code; and
      
      encrypting the hash value using the encryption key.
  - 9. The method of claim 1, wherein converting the modified free source code to the program code comprises converting the modified free source code to one of executable code or bytecode.

10. A central software development system, comprising:
- a code processor configured to convert modified free source code received by the system to program code; and
  
  a code authenticator configured to selectively sign the program code using an encryption key associated with one or more devices for which the program code is designed.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, further comprising a code scanner configured to verify the modified free source code, and wherein the code authenticator is configured to sign the program code if the modified free source code is verified.
  - 12. The system of claim 11, wherein the code scanner is configured to scan at least one of the modified free source code or intermediate code generated by the code processor for impermissible code patterns.
  - 13. The system of claim 12, wherein the code scanner is configured to compare at least one of the modified free source code or the intermediate code to one or more groups of regular expressions.
  - 14. The system of claim 12, wherein the impermissible code patterns correspond to at least one of proprietary, malicious or virulent code sequences.
  - 15. The system of claim 12, wherein the intermediate code comprises one of bytecode, an intermediate representation of the modified free source code, or an optimized version of the intermediate representation.
  - 16. The system of claim 12, wherein the system is configured to take action against an entity that provided the modified free source code to the system responsive to the code scanner detecting one or more of the impermissible code patterns.
  - 17. The system of claim 10, wherein the code authenticator is configured to selectively calculate a hash value based on the program code and encrypt the hash value using the encryption key.
  - 18. The system of claim 10, wherein the program code comprises one of executable code or bytecode.

19. A computer program product for maintaining code integrity in a central software development system, comprising:
- computer readable program code for converting modified free source code received by the system to program code; and
  
  computer readable program code for selectively signing the program code using an encryption key associated with one or more devices for which the program code is designed.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The computer program product of claim 19, further comprising computer readable program code for verifying the modified free source code before the program code is signed.
  - 21. The computer program product of claim 20, wherein the computer readable program code for verifying the modified free source code comprises computer readable program code for scanning at least one of the modified free source code or intermediate code generated by the system for impermissible code patterns.
  - 22. The computer program product of claim 21, further comprising computer readable program code for taking action against an entity that provided the modified free source code to the system responsive to one or more of the impermissible code patterns being detected.
  - 23. The computer program product of claim 19, wherein the computer readable program code for selectively signing the program code using the encryption key comprises computer readable program code for selectively calculating a hash value based on the program code and encrypting the hash value using the encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Thorell, Per

Granted Patent

US 7,934,197 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 21/51 at application loading time...

Maintaining Code Integrity in a Central Software Development System

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Maintaining Code Integrity in a Central Software Development System

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links