METHOD AND SYSTEM FOR UPDATING DIGITALLY SIGNED ACTIVE CONTENT ELEMENTS WITHOUT LOSING ATTRIBUTES ASSOCIATED WITH AN ORIGINAL SIGNING USER

US 20080244554A1
Filed: 03/28/2007
Published: 10/02/2008
Est. Priority Date: 03/28/2007
Status: Active Grant

First Claim

Patent Images

1. A method of updating an original version of a unit of active content without losing attributes associated with an originally signing user, comprising:

receiving a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;

determining the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;

storing an indication of said identity of said originally signing user in a field within a new version of said unit of active content;

writing said new version of program code into said new version of said unit of active content; and

digitally signing, by an updating entity, said new version of said unit of active content, including generating a digital signature using a private encryption key belonging to said updating entity.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for updating digitally signed active elements without losing attributes associated with an originally signing user. An updating entity determines the identity of an originally signing user from the original digital signature of an active content unit to be updated. Privileges associated with the original active content unit are determined from the original contents of the active content unit, or based on the identity of the originally signing user. The updating entity updates the active content unit with the new software version, and associates the original privileges for the active content unit with the new version of the active content unit. The updating entity stores the identity of the originally creating user in an On Behalf of: field of the updated active content unit. The updated active content unit is digitally signed by the updating entity. When a subsequent software update is received for the previously updated digitally signed active content unit, the updating entity determines that the On Behalf of: field is non-empty, and can then determine whether the previous signer has privileges allowing it to digitally sign for other users, and whether any privileges associated with (e.g. indicated within) the active content unit are available to the user identified in the On Behalf of: field. The privileges associated with subsequent updated version of the active content unit can advantageously be based on the identity of the user contained in the On Behalf of: field.

41 Citations

View as Search Results

19 Claims

1. A method of updating an original version of a unit of active content without losing attributes associated with an originally signing user, comprising:
- receiving a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
  
  determining the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
  
  storing an indication of said identity of said originally signing user in a field within a new version of said unit of active content;
  
  writing said new version of program code into said new version of said unit of active content; and
  
  digitally signing, by an updating entity, said new version of said unit of active content, including generating a digital signature using a private encryption key belonging to said updating entity.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein said updating entity comprises application server software associated with an application program.
  - 3. The method of claim 1, wherein said updating entity comprises an application platform server software for execution of at least one application program.
  - 4. The method of claim 1, further comprising:
    - wherein said new version of program code is received from a program code distribution source;
      
      wherein said new version of program code is digitally signed with a digital signature generated using a private encryption key belonging to said program code distribution source; and
      
      authenticating said new version of program code, based on said digital signature generated using a private encryption key belonging to said program code distribution source, prior to updating said digitally signed unit of active content.
  - 5. The method of claim 1, further comprising:
    - determining a set of privileges associated with said original version of said unit of active content; and
      
      storing indication of said set of privileges associated with said original version of said unit of active content prior to said digitally signing said new version of said unit of active content by updating entity.
  - 6. The method of claim 1, wherein said unit of active content comprises a software agent operable to automatically respond to electronic mail messages sent to said originally signing user.
  - 7. The method of claim 1, further comprising:
    - receiving a second new version of program code for replacing at least a portion of said updated version of said unit of active content;
      
      determining said identity of said originally signing user from said indication of said identity of said originally signing user in said field within said new version of said unit of active content; and
      
      determining a set of privileges to be associated with a second new version of said unit of active content including said second new version of program code based on said identity of said originally signing user.
  - 8. The method of claim 7, further comprising:
    - determining, responsive to said digital signature in said new version of said unit of active content generated using said private encryption key belonging to said updating entity, an identity of said updating entity; and
      
      prior to generating said second new version of said unit of active content, determining whether said updating entity has sufficient privileges to digitally sign said unit of active content on behalf of said originally signing user.

9. A system including a computer readable storage medium, said computer readable storage medium having program code stored thereon for updating an original version of a unit of active content without losing attributes associated with an originally signing user, wherein said program code, when executed, is operable to cause a computer system to:
- receive a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
  
  determine the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
  
  store an indication of said identity of said originally signing user in a field within a new version of said unit of active content;
  
  write said new version of program code into said new version of said unit of active content; and
  
  digitally sign, by an updating entity, said new version of said unit of active content, including generation of a digital signature using a private encryption key belonging to said updating entity.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein said updating entity comprises application server software associated with an application program.
  - 11. The system of claim 9, wherein said updating entity comprises an application platform server software for execution of at least one application program.
  - 12. The system of claim 9, further comprising:
    - wherein said new version of program code is received from a program code distribution source;
      
      wherein said new version of program code is digitally signed with a digital signature generated using a private encryption key belonging to said program code distribution source; and
      
      wherein said program code, when executed, is further operable to cause said computer system to authenticate said new version of program code, based on said digital signature generated using a private encryption key belonging to said program code distribution source, prior to updating said digitally signed unit of active content.
  - 13. The system of claim 9, wherein said program code, when executed, is further operable to cause said computer system to:
    - determine a set of privileges associated with said original version of said unit of active content; and
      
      store indication of said set of privileges associated with said original version of said unit of active content prior to said digitally signing said new version of said unit of active content by updating entity.
  - 14. The system of claim 9, wherein said unit of active content comprises a software agent operable to automatically respond to electronic mail messages sent to said originally signing user.
  - 15. The system of claim 9, wherein said program code, when executed, is further operable to cause said computer system to:
    - receive a second new version of program code for replacing at least a portion of said updated version of said unit of active content;
      
      determine said identity of said originally signing user from said indication of said identity of said originally signing user in said field within said new version of said unit of active content; and
      
      determine a set of privileges to be associated with a second new version of said unit of active content including said second new version of program code based on said identity of said originally signing user.
  - 16. The system of claim 15, wherein said program code, when executed, is further operable to cause said computer system to:
    - determine, responsive to said digital signature in said new version of said unit of active content generated using said private encryption key belonging to said updating entity, an identity of said updating entity; and
      
      prior to generating said second new version of said unit of active content, determine whether said updating entity has sufficient privileges to digitally sign said unit of active content on behalf of said originally signing user.

17. A computer program product including a computer readable storage medium, said computer readable storage medium having program code stored thereon for updating an original version of a unit of active content without losing attributes associated with an originally signing user, wherein said program code, when executed, is operable to cause a computer system to:
- receive a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
  
  determine the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
  
  store an indication of said identity of said originally signing user in a field within a new version of said unit of active content;
  
  write said new version of program code into said new version of said unit of active content; and
  
  digitally sign, by an updating entity, said new version of said unit of active content, including generation of a digital signature using a private encryption key belonging to said updating entity.

18. A computer data signal embodied in a carrier wave, said computer data signal having program code stored thereon for updating an original version of a unit of active content without losing attributes associated with an originally signing user, wherein said program code, when executed, is operable to cause a computer system to:
- receive a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
  
  determine the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
  
  store an indication of said identity of said originally signing user in a field within a new version of said unit of active content;
  
  write said new version of program code into said new version of said unit of active content; and
  
  digitally sign, by an updating entity, said new version of said unit of active content, including generation of a digital signature using a private encryption key belonging to said updating entity.

19. A system for updating an original version of a unit of active content without losing attributes associated with an originally signing user, comprising:
- means for receiving a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
  
  means for determining the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
  
  means for storing an indication of said identity of said originally signing user in a field within a new version of said unit of active content;
  
  means for writing said new version of program code into said new version of said unit of active content; and
  
  means for digitally signing, by an updating entity, said new version of said unit of active content, including generating a digital signature using a private encryption key belonging to said updating entity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Kadashevich, A. Julie

Granted Patent

US 8,341,616 B2
Time in Patent Office

Days
Field of Search
US Class Current

717/168
CPC Class Codes

G06F 21/572 Secure firmware programming...

G06F 2221/2141 Access rights, e.g. capabil...

METHOD AND SYSTEM FOR UPDATING DIGITALLY SIGNED ACTIVE CONTENT ELEMENTS WITHOUT LOSING ATTRIBUTES ASSOCIATED WITH AN ORIGINAL SIGNING USER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

41 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR UPDATING DIGITALLY SIGNED ACTIVE CONTENT ELEMENTS WITHOUT LOSING ATTRIBUTES ASSOCIATED WITH AN ORIGINAL SIGNING USER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

41 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links