Hybrid encryption method and system for protecting reusable software components

US 5,343,527 A
Filed: 10/27/1993
Issued: 08/30/1994
Est. Priority Date: 10/27/1993
Status: Expired due to Term

First Claim

Patent Images

1. In a network of computers comprising at least one computer, the method for reusing software components that maintains the integrity and authenticity of the software components, said method comprising:

generating an software component record using the following substeps;

(a) encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key;

(b) hashing the encrypted software component to generate a first hash digest;

(c) encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key type and said second key is the private key associated with at least one public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key;

storing the software component record in a reuse library;

retrieving the software component record from the reuse library;

generating the plaintext representation of the software component using the following substeps;

(a) obtaining a public key associated with the second key from a public key directory;

(b) decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm;

(c) hashing the encrypted software component to generate a second hash digest;

(d) comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted;

(e) decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed is a system and method for providing a reuser of a software reuse library with an indication of whether or not a software component from the reuse library is authentic and whether or not the software component has been modified. The system and method disclosed provides a reuser with assurance that the software component retrieved was placed in the reuse library by the original publisher and has not modified by a third party. The system and method disclosed uses a hybrid cryptographic technique that combines a conventional or private key algorithm with a public key algorithm.

525 Citations

20 Claims

1. In a network of computers comprising at least one computer, the method for reusing software components that maintains the integrity and authenticity of the software components, said method comprising:
- generating an software component record using the following substeps;
  
  (a) encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key;
  
  (b) hashing the encrypted software component to generate a first hash digest;
  
  (c) encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key type and said second key is the private key associated with at least one public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key;
  
  storing the software component record in a reuse library;
  
  retrieving the software component record from the reuse library;
  
  generating the plaintext representation of the software component using the following substeps;
  
  (a) obtaining a public key associated with the second key from a public key directory;
  
  (b) decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm;
  
  (c) hashing the encrypted software component to generate a second hash digest;
  
  (d) comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted;
  
  (e) decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the Data Encryption Standard is used as the first cryptographic algorithm and the Digital Signature Algorithm is used as the second cryptographic algorithm.
  - 3. The method of claim 1 wherein the Data Encryption Standard is used as the first cryptographic algorithm and the RSA is used as the second cryptographic algorithm.
  - 4. The method of claim 1 wherein the Skipjack is used as the first cryptographic algorithm and the Digital Signature Algorithm is used as the second cryptographic algorithm.
  - 5. The method of claim 1 wherein the Skipjack is used as the first cryptographic algorithm and the RSA is used as the second cryptographic algorithm.
  - 6. The method of claim 1 wherein the software component record includes a descriptive plaintext component containing a description of the software component.
  - 7. The method of claim 6 wherein the descriptive plaintext component includes information regarding data rights and ownership rights.
  - 8. The method of claim 6 wherein the plaintext representation of the software component also includes information defining the software components relationship to other software component records in the reuse library.
  - 9. The method of claim 7 wherein the plaintext representation of the software component also includes information defining the software components relationship to other software component records in the reuse library.

10. The computer system comprising:
- a reuse library having a plurality of encrypted software components each software component record having an encrypted software component, an encrypted hash digest, and an encrypted first key;
  
  said reuse library having a storage means for storing encrypted software components;
  
  said reuse library having a retrieval means for retrieving encrypted software components;
  
  a directory containing a list of publishers and an associated list of public keys;
  
  at least one publisher'"'"'s workstation coupled to the reuse library, said publishers workstation havingan first encrypting means for encrypting a plaintext representation of a software component into a encrypted software component with a first cryptographic algorithm using first key;
  
  an hashing means for hashing the encrypted software component to generate a first hash digest;
  
  a second encrypting means for encrypting the first hash digest and the first key using a second cryptographic algorithm with a second key, wherein said second cryptographic algorithm is of a public key algorithm type and said second key is the publisher'"'"'s private key associated with a publisher'"'"'s public key, said software component record consisting of the encrypted software component, the encrypted hash digest, and the encrypted first key;
  
  a communications means for sending the software component record to the reuse library for storage by the storage means;
  
  at least one reuser workstation coupled to the reuse library, said reuser workstation havinga requesting means for sending a request to the reuse library for a desired encrypted software component, wherein said request causes the retrieval means of the reuse library to retrieve the desired software component and send it to the requesting workstation;
  
  a means for obtaining the public key from the directory, said public key associated with the second key of the desired encrypted software component;
  
  a first decrypting means for decrypting the encrypted hash digest and the encrypted first key into the decrypted first key and the decrypted first hash digest using the public key and the second cryptographic algorithm;
  
  an hashing means for hashing the encrypted software component to generate a second hash digest;
  
  a comparing means for comparing the second hash digest with the decrypted first hash digest, and if not identical indicating that the software component is corrupted, if identical indicating that the software is not corrupted;
  
  a second decrypting means for decrypting the encrypted software component into the plaintext representation using the decrypted first key and the first encryption algorithm.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 11. The system of claim 10 wherein the reuser workstation also includes a display means for displaying the plaintext representation of the software component record and for providing an indication of corruption.
  - 12. The system of claim 10 wherein the reuser workstation also includes a browsing means for browsing encrypted software components stored in the reuse library.
  - 13. The system of claim 10 wherein the plurality of encrypted software components and the directory are stored in a relational database.
  - 14. The system of claim 10 wherein the plurality of encrypted software components and the directory are stored in a object oriented database.
  - 15. The system of claim 10 wherein the reuse library includes a catalogue means for assigning the software component record a unique identifier and for classifying the software component record.
  - 16. The system of claim 15 wherein the catalogue means classifies the software component record according to a set of classification criteria.
  - 17. The system of claim 10 wherein the Data Encryption Standard is used as the first cryptographic algorithm and the Digital Signature Algorithm is used as the second cryptographic algorithm.
  - 18. The system of claim 10 wherein the Data Encryption Standard is used as the first cryptographic algorithm and the RSA is used as the second cryptographic algorithm.
  - 19. The system of claim 10 wherein the Skipjack is used as the first cryptographic algorithm and the Digital Signature Algorithm is used as the second cryptographic algorithm.
  - 20. The system of claim 10 wherein the Skipjack is used as the first cryptographic algorithm and the RSA is used as the second cryptographic algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
International Business Machines Corporation
Inventors
Moore, James W.
Primary Examiner(s)
Swann, Tod R.

Application Number

US08/141,735
Time in Patent Office

307 Days
Field of Search

380/3, 380/4, 380/22, 380/23, 380/24, 380/25, 380/28, 380/29, 380/30, 380/49, 380/50
US Class Current

713/179
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/16   Program or content traceabi...

G06F 21/602   Providing cryptographic fac...

G06F 21/64   Protecting data integrity, ...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/008   Public Key, Asymmetric Key,...

Hybrid encryption method and system for protecting reusable software components

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

525 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid encryption method and system for protecting reusable software components

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

525 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links