Code certification for network transmission

US 5,892,904 A
Filed: 12/06/1996
Issued: 04/06/1999
Est. Priority Date: 12/06/1996
Status: Expired due to Term

First Claim

Patent Images

1. A network code certification system for establishing at a receiving computer a source of an executable file accessed from a remote site on a computer network, comprising:

a keyed source signature having a secure representation of the executable file;

a keyed source certification by a certification agency and having an identifier for the source and a key to the source signature;

a key to the source certification stored at the receiving computer; and

computer-executable instructions stored on a computer-readable medium for confirming the executable file against its secure representation and selectively providing a certification notification indicating that the executable file is provided by the source according to the certification agency.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A certification or signing method ensures the authenticity and integrity of a computer program, an executable file, or code received over a computer network. The method is used by a publisher or distributor to "sign" an executable file so it can be transmitted with confidence to a recipient over an open network like the Internet. The executable file may be of any executable form, including an executable or portable executable .exe file format, a .cab cabinet file format, an .ocx object control format, or a Java class file. The code signing method assures the recipient of the identity of the publisher as the source of file (i.e., its authenticity) and that the file has not been modified after being transmitted by the publisher (i.e., the integrity of the file). As a result, the code signing method allows an executable file to be transmitted over open computer networks like the Internet with increased certainty in the identity of the source of the file and minimized risk of contracting a computer virus or other malicious executable computer files.

592 Citations

31 Claims

1. A network code certification system for establishing at a receiving computer a source of an executable file accessed from a remote site on a computer network, comprising:
- a keyed source signature having a secure representation of the executable file;
  
  a keyed source certification by a certification agency and having an identifier for the source and a key to the source signature;
  
  a key to the source certification stored at the receiving computer; and
  
  computer-executable instructions stored on a computer-readable medium for confirming the executable file against its secure representation and selectively providing a certification notification indicating that the executable file is provided by the source according to the certification agency.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The certification system of claim 1 in which the certification notification includes a network link to a description of the executable file.
  - 3. The certification system of claim 2 in which the network link to the description of the executable file is included in the source signature.
  - 4. The certification system of claim 1 in which the certification notification includes a network link to the certification agency.
  - 5. The certification system of claim 4 in which the network link to the certification agency is included in the source certification.
  - 6. The certification system of claim 1 in which the computer network includes the Internet.
  - 7. The certification system of claim 1 in which the computer-executable instructions are stored at the receiving computer.
  - 8. The certification system of claim 1 in which the computer-executable instructions are included in an application programming interface.
  - 9. The certification system of claim 1 in which the receiving computer includes a browser for browsing the computer network, the executable file is accessed accessed from the remote site by the browser, and the browser calls the computer-executable instructions.
  - 10. The certification system of claim 1 in which the key to the source certification is stored at the receiving computer in association with the browser.

11. A method of identifying at a local computer a source of an executable file accessed from a remote site on a computer network, comprising:
- delivering to the local computer a keyed source signature having a secure representation of the executable file and a keyed source certification by a certification agency and having an identifier for the source and a key to the source signature;
  
  obtaining the key to the source signature from the source certification with a key available on the local computer; and
  
  confirming the executable file against its secure representation.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 12. The method of claim 11 further comprising upon confirmation of the executable file against its secure representation selectively providing a certification notification indicating that the executable file is provided by the source indicated by the identifier according to the certification agency.
  - 13. The method of claim 12 further comprising rendering the certification notification as a certification dialog with a network link to a description of the executable file.
  - 14. The method of claim 12 further comprising rendering the certification notification as a certification dialog with a network link to the certification agency.
  - 15. The method of claim 11 further comprising delivering to the local computer a network link to a description of the executable file.
  - 16. The method of claim 15 in which the network link to the description of the executable file is delivered in the source signature.
  - 17. The method of claim 11 further comprising delivering to the local computer a network link to the certification agency.
  - 18. The method of claim 17 in which the network link to the certification agency is delivered in the source certification.
  - 19. The method of claim 11 in which the computer network includes the Internet.
  - 20. The method of claim 11 further comprising:
    - delivering to the local computer at least one keyed agency certification by at least one certification meta-agency and having an identifier for the agency and a key to the source certification; and
      
      obtaining the key to the source certification with the key available on the local computer.
  - 21. The method of claim 20 further comprising upon confirmation of the executable file against its secure representation selectively providing a certification notification indicating that the executable file is provided by the source indicated by the identifier according to the certification agency.
  - 22. The method of claim 20 further comprising upon confirmation of the executable file against its secure representation selectively providing a certification notification indicating that the executable file is provided by the source indicated by the identifier according to the certification agency and without reference to the at least one meta-agency.

23. A keyed source digital certificate for identifying at a local computer a source of an electronic document accessed from a remote site on a computer network, the source digital certificate comprising:
- a keyed source signature having a secure representation of the executable file; and
  
  a keyed source certification by a certification agency and having an identifier for the source and a key to the source signature, such certification formed with a private key having a corresponding well-known public key;
  
  wherein the certification agency validates the source by issuing the keyed certification, and such certification is decoded with the well-known public key to allow validation of the certificate at the local computer.
- View Dependent Claims (24, 25, 26)
- - 24. The digital certificate of claim 23 further comprising in the source signature a network link to a description of the executable file.
  - 25. The digital certificate of claim 23 further comprising in the source certification a network link to the certification agency.
  - 26. The certification system of claim 23 in which a network link to the certification agency is included in the source certification.

27. A network code certification system for validating at a receiving computer a publisher of a plain-text source, such as an executable file, accessed from a remote site on a computer network, comprising:
- a first encoding key for generating a signature for the plaint-text, such signature being a secure representation of the plain-text;
  
  a second encoding key by a certification agency for generating a certificate, such certificate having an identifier for the publisher and a first decoding key for the signature;
  
  a second decoding key stored at the receiving computer for decoding the certificate; and
  
  computer-executable instructions for validating the executable file against the secure representation of the plain-text and selectively providing a certification notification indicating that the executable file is provided by the source according to the certification agency.
- View Dependent Claims (28, 29, 30, 31)
- - 28. A system according to claim 27, wherein the network is the Internet.
  - 29. A system according to claim 27, wherein the certificate further includes:
    - an expiration date, to identify a validity period for the certificate;
      
      a first field for storing a first hyperlink to a policy statement for the certification agency; and
      
      a second field for storing a second hyperlink to an identifier for the certification agency.
  - 30. A system According to claim 27, wherein the plain-text source is retrieved over the computer network with an Internet browser application program having the second decoding key embedded therein.
  - 31. A system according to claim 30, further comprising a host computer, wherein the browser application program is embedded into an operating system for the host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Price, Robert M., Atkinson, Robert G., Contorer, Aaron M.
Primary Examiner(s)
DeCady, Albert

Application Number

US08/761,484
Time in Patent Office

851 Days
Field of Search

395/186, 395/187.01, 395/188.01, 380/4, 380/21, 380/23, 380/25, 380/29, 380/30, 380/43
US Class Current

726/22
CPC Class Codes

G06F 21/33   using certificates

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

Code certification for network transmission

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

592 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Code certification for network transmission

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

592 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links