SOURCE AUTHENTICATION OF A SOFTWARE PRODUCT

US 20170017798A1
Filed: 07/17/2015
Published: 01/19/2017
Est. Priority Date: 07/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating source code, the method comprising:

receiving, by one or more processors, at least one source file;

generating, by a key generator, a compound key, wherein the compound key comprises a set of keys generated from the at least one source file;

building, by one or more processors, a set of files, based on a source code from the at least one source file;

generating, by the key generator, a value associated with each file of the set of files; and

comparing, by a key validation tool, the compound key and the value to determine if said compound key is equivalent to said value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide systems and methods for authenticating the source code of a software end product. The method includes generating a compound key, which is composed of a set of unique keys generated from a source file. A set of files are separately build based on a received source code, and a key generated and embedded into the files at the time of the build. A validation tool is used to compare the values of the generated compound key to the values of the embedded key to determine if the values match.

Citations

20 Claims

1. A method for authenticating source code, the method comprising:
- receiving, by one or more processors, at least one source file;
  
  generating, by a key generator, a compound key, wherein the compound key comprises a set of keys generated from the at least one source file;
  
  building, by one or more processors, a set of files, based on a source code from the at least one source file;
  
  generating, by the key generator, a value associated with each file of the set of files; and
  
  comparing, by a key validation tool, the compound key and the value to determine if said compound key is equivalent to said value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - producing, by one or more processors, a final product, wherein the final product comprises;
      
      the key validation tool and the generated compound key.
  - 3. The method of claim 2, further comprising:
    - determining, by one or more processors, whether there is a difference between the compound key and the value; and
      
      in response to determining that there is not a difference between the compound key and the value, loading the final product to a repository.
  - 4. The method of claim 1, wherein comparing, by the key validation tool, the compound key and the value to determine if said compound key is equivalent to said value comprises:
    - scanning, by the key validation tool, the compound key;
      
      for a compound key entry, searching, by the key validation tool, the set of files for an entry which matches the entry in the compound key; and
      
      responsive to detecting an entry in the set of files which matches the entry in the compound key, comparing a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
  - 5. The method of claim 1, further comprising:
    - inserting, by the key generator, into the set of files, the generated value associated with each file of the set of files.
  - 6. The method of claim 1, further comprising:
    - extracting, by one or more processors, the source code from the at least one source file, wherein extracting, by one or more processors, the source code from the at least one source file comprises;
      
      adding, by a manager, a row to the compound key, wherein the row comprises;
      
      a source path; and
      
      information associated with the at least one source file.
  - 7. The method of claim 1, further comprising:
    - receiving, by a manager, the source code from the at least one source file; and
      
      generating, by the manager, a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.

8. A computer program product for authenticating source code, the computer program product comprising:
- a computer readable storage medium and program instructions stored on the computer readable storage medium, the program instructions comprising;
  
  program instructions to receive at least one source file;
  
  program instructions to generate a compound key, wherein the compound key comprises a set of keys generated from the at least one source file;
  
  program instructions to build a set of files, based on a source code from the at least one source file;
  
  program instructions to generate a value associated with each file of the set of files; and
  
  program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, further comprising:
    - program instructions to produce a final product, wherein the final product comprises;
      
      a key validation tool and the generated compound key.
  - 10. The computer program product of claim 9, further comprising:
    - program instructions to determine whether there is a difference between the compound key and the value; and
      
      program instructions to, in response to determining that there is not a difference between the compound key and the value, load the final product to a repository.
  - 11. The computer program product of claim 8, wherein the program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value comprise:
    - program instructions to scan the compound key;
      
      program instructions to, for a compound key entry, search the set of files for an entry which matches the entry in the compound key; and
      
      program instructions to, responsive to detecting an entry in the set of files which matches the entry in the compound key, compare a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
  - 12. The computer program product of claim 8, further comprising:
    - program instructions to insert into the set of files, the generated value associated with each file of the set of files.
  - 13. The computer program product of claim 8, further comprising:
    - program instructions to extract the source code from the at least one source file, wherein the program instructions to extract the source code from the at least one source file comprise;
      
      program instructions to add a row to the compound key, wherein the row comprises;
      
      a source path; and
      
      information associated with the at least one source file.
  - 14. The computer program product of claim 8, further comprising:
    - program instructions to receive the source code from the at least one source file; and
      
      program instructions to generate a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.

15. A system for authenticating source code, the system comprising:
- one or more computer processors;
  
  one or more computer readable storage media;
  
  program instructions stored on the one or more computer readable storage media for execution by at least one of the one or more processors, the program instructions comprising;
  
  program instructions to receive at least one source file;
  
  program instructions to generate a compound key, wherein the compound key comprises a set of keys generated from the at least one source file;
  
  program instructions to build a set of files, based on a source code from the at least one source file;
  
  program instructions to generate a value associated with each file of the set of files; and
  
  program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, further comprising:
    - program instructions to produce a final product, wherein the final product comprises;
      
      a key validation tool and the generated compound key.
  - 17. The system of claim 16, further comprising:
    - program instructions to determine whether there is a difference between the compound key and the value; and
      
      program instructions to, in response to determining that there is not a difference between the compound key and the value, load the final product to a repository.
  - 18. The system of claim 15, wherein the program instructions to compare the compound key and the value to determine if said compound key is equivalent to said value comprise:
    - program instructions to scan the compound key;
      
      program instructions to, for a compound key entry, search the set of files for an entry which matches the entry in the compound key; and
      
      program instructions to, responsive to detecting an entry in the set of files which matches the entry in the compound key, compare a value associated with the entry in the set of files to a value associated with the entry in the compound key, to determine if the value associated with the entry in the set of files is equivalent to the value associated with the entry in the compound key.
  - 19. The system of claim 15, further comprising:
    - program instructions to insert into the set of files, the generated value associated with each file of the set of files.
  - 20. The system of claim 15, further comprising:
    - program instructions to receive the source code from the at least one source file; and
      
      program instructions to generate a unique key for the at least one source file, wherein the unique key comprises information associated with the at least one source file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bhat, Badekila Ganesh Prashanth, Gokavarapu, Nageswararao V., Srinivasan, Raghavendran, Kurian, John

Granted Patent

US 9,965,639 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/44   Program or device authentic...

G06F 21/6209   to a single file or object,...

H04L 63/0823   using certificates cryptogr...

SOURCE AUTHENTICATION OF A SOFTWARE PRODUCT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SOURCE AUTHENTICATION OF A SOFTWARE PRODUCT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links