Hybrid encryption method and system for protecting reusable software components
First Claim
1. In a network of computers comprising at least one computer, the method for reusing software components that maintains the integrity and authenticity of the software components, said method comprising:
- generating an software component record using the following substeps;
(a) encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key;
(b) hashing the encrypted software component to generate a first hash digest;
(c) encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key type and said second key is the private key associated with at least one public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key;
storing the software component record in a reuse library;
retrieving the software component record from the reuse library;
generating the plaintext representation of the software component using the following substeps;
(a) obtaining a public key associated with the second key from a public key directory;
(b) decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm;
(c) hashing the encrypted software component to generate a second hash digest;
(d) comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted;
(e) decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm.
3 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a system and method for providing a reuser of a software reuse library with an indication of whether or not a software component from the reuse library is authentic and whether or not the software component has been modified. The system and method disclosed provides a reuser with assurance that the software component retrieved was placed in the reuse library by the original publisher and has not modified by a third party. The system and method disclosed uses a hybrid cryptographic technique that combines a conventional or private key algorithm with a public key algorithm.
525 Citations
20 Claims
-
1. In a network of computers comprising at least one computer, the method for reusing software components that maintains the integrity and authenticity of the software components, said method comprising:
-
generating an software component record using the following substeps; (a) encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key; (b) hashing the encrypted software component to generate a first hash digest; (c) encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key type and said second key is the private key associated with at least one public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key;
storing the software component record in a reuse library;retrieving the software component record from the reuse library; generating the plaintext representation of the software component using the following substeps; (a) obtaining a public key associated with the second key from a public key directory; (b) decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm; (c) hashing the encrypted software component to generate a second hash digest; (d) comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted; (e) decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. The computer system comprising:
-
a reuse library having a plurality of encrypted software components each software component record having an encrypted software component, an encrypted hash digest, and an encrypted first key; said reuse library having a storage means for storing encrypted software components; said reuse library having a retrieval means for retrieving encrypted software components; a directory containing a list of publishers and an associated list of public keys; at least one publisher'"'"'s workstation coupled to the reuse library, said publishers workstation having an first encrypting means for encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key; an hashing means for hashing the encrypted software component to generate a first hash digest; a second encrypting means for encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key algorithm type and said second key is the publisher'"'"'s private key associated with a publisher'"'"'s public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key; a communications means for sending the software component record to the reuse library for storage by the storage means; at least one reuser workstation coupled to the reuse library, said reuser workstation having a requesting means for sending a request to the reuse library for a desired encrypted software component, wherein said request causes the retrieval means of the reuse library to retrieve the desired software component and send it to the requesting workstation; a means for obtaining the public key from the directory, said public key associated with the second key of the desired encrypted software component; a first decrypting means for decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm; an hashing means for hashing the encrypted software component to generate a second hash digest; a comparing means for comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted; a second decrypting means for decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification