System and method for safety distributing executable objects

US 5,978,484 A
Filed: 04/25/1996
Issued: 11/02/1999
Est. Priority Date: 04/25/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method of distributing and executing executable code, comprising:

creating digital certificates for a plurality of distributing authorities, each such digital certificate indicating an authorized set of privileges for its distributing authority;

associating a privilege request code with the executable code, the privilege request code indicating a requested set of privileges that the executable code will potentially exercise during execution;

defining signer-specific privilege sets at a client computer for different ones of the plurality of distributing authorities, each signer-specific privilege set indicating privileges allowed to executable code signed by the corresponding distributing authority;

digitally signing the executable code and associated privilege request code by a particular one of the plurality of distributing authorities;

receiving the executable code, associated privilege request code, and digital signature at the client computer;

preventing the executable code from executing if the digital signature of the executable code and associated privilege request code cannot be verified;

preventing the executable code from executing if the privilege request code indicates privileges that are not in the signer-specific privilege set of the distributing authority that signed the executable code.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention includes a method and system for distributing and executing executable code. Before sending executable code to a client, a distributing authority associates a privilege request code with the executable code. The privilege request code indicates a requested set of privileges that the executable code will potentially exercise during execution. The distributing authority digitally signs the executable code and associated privilege request code and then distributes it for eventual execution by clients. Before executing the executable code, a client verifies the digital signature to confirm the authenticity and integrity of the executable code and associated privilege request code. This verification utilizes a hierarchy of certifying authorities. While the code executes, the client monitors it and prevents it from exercising privileges that are not in the requested set of privileges.

335 Citations

20 Claims

1. A method of distributing and executing executable code, comprising:
- creating digital certificates for a plurality of distributing authorities, each such digital certificate indicating an authorized set of privileges for its distributing authority;
  
  associating a privilege request code with the executable code, the privilege request code indicating a requested set of privileges that the executable code will potentially exercise during execution;
  
  defining signer-specific privilege sets at a client computer for different ones of the plurality of distributing authorities, each signer-specific privilege set indicating privileges allowed to executable code signed by the corresponding distributing authority;
  
  digitally signing the executable code and associated privilege request code by a particular one of the plurality of distributing authorities;
  
  receiving the executable code, associated privilege request code, and digital signature at the client computer;
  
  preventing the executable code from executing if the digital signature of the executable code and associated privilege request code cannot be verified;
  
  preventing the executable code from executing if the privilege request code indicates privileges that are not in the signer-specific privilege set of the distributing authority that signed the executable code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method as recited in claim 1, further comprising preventing the executable code from exercising privileges that are not indicated by the privilege request code.
  - 3. A method as recited in claim 1, further comprising:
    - digitally signing the digital certificate of said particular distributing authority by one or more certifying authorities;
      
      before executing the executable code, verifying the digital signature of at least one of the certifying authorities without relying on the trustworthiness of said particular distributing authority.
  - 4. A method as recited in claim 1, further comprising:
    - certifying the trustworthiness of said particular distributing authority with a chain of digital signatures by one or more certifying authorities;
      
      associating the chain of digital signatures with the executable code;
      
      before executing the executable code, tracing the chain of digital signatures to one that can be verified without relying on the trustworthiness of said particular distributing authority.
  - 5. A method as recited in claim 1, wherein said particular distributing authority is a memory of a hierarchy of authorities, further comprising the following step:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member.
  - 6. A method as recited in claim 1, wherein said particular distributing authority is a memory of a hierarchy of authorities, further comprising the following steps:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member;
      
      before executing the executable code, tracing the digital certificate of the distributing authority that signed the executable code to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of said particular distributing authority.
  - 7. A method as recited in claim 1, wherein said distributing authority is a memory of a hierarchy of authorities, further comprising the following steps:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member;
      
      before executing the executable code, tracing the digital certificate of said particular distributing authority to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of said particular distributing authority;
      
      when tracing the digital certificate of said particular distributing authority, verifying that each particular certificate'"'"'s indicated authorized set of privileges is a subset of the authorized set of privileges indicated in the digital certificate of the higher member that digitally signed the particular digital certificate.

8. A method of distributing and executing executable code, comprising:
- creating digital certificates for a plurality of distributing authorities, each such digital certificate indicating an authorized set of privileges for its distributing authority;
  
  defining signer-specific privilege sets at a client computer for different ones of the distributing authorities, each signer-specific privilege set indicating privileges allowed to executable code signed by the corresponding distributing authority;
  
  digitally signing the executable code by one of the plurality of distributing authorities;
  
  receiving the executable code and digital signature at the client computer;
  
  preventing the executable code from executing if the digital signature of the executable code cannot be verified;
  
  preventing the executable code from exercising privileges that are not in both (a) the authorized set of privileges from the digital certificate of the distributing authority that signed the executable code and (b) the signer-specific privilege set corresponding to the distributing authority that signed the executable code.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. A method as recited in claim 8, further comprising:
    - digitally signing the digital certificate by one or more certifying authorities;
      
      before executing the executable code, verifying the digital signature of at least one of the certifying authorities without relying on the trustworthiness of the distributing authority.
  - 10. A method as recited in claim 8, further comprising;
    - certifying the trustworthiness of the distributing authority that signs the executable code with a chain of digital signatures by one or more certifying authorities;
      
      associating the chain of digital signatures with the executable code;
      
      before executing the executable code, tracing the chain of digital signatures to one that can be verified without relying on the trustworthiness of the distributing authority that signs the executable code.
  - 11. A method as recited in claim 8, wherein the distributing authority that signs the executable code is a memory of a hierarchy of authorities, further comprising the following step:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member.
  - 12. A method as recited in claim 8, wherein the distributing authority that signs the executable code is a memory of a hierarchy of authorities, further comprising the following steps:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member;
      
      before executing the executable code, tracing the digital certificate of the distributing authority that signed the executable code to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of the distributing authority that signed the executable code.
  - 13. A method as recited in claim 8, wherein the distributing authority that signs the executable code is a memory of a hierarchy of authorities, further comprising the following steps:
    - creating digital certificates for members of the hierarchy, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member;
      
      before executing the executable code, tracing the digital certificate of the distributing authority that signed the executable code to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of the distributing authority that signed the executable code;
      
      when tracing the digital certificate of the distributing authority that signed the executable code, verifying that each particular certificate'"'"'s indicated authorized set of privileges is a subset of the authorized set of privileges indicated in the digital certificate of the higher member that digitally signed the particular digital certificate.

14. One or more computer programs stored on one or more computer-readable storage media for execution by a client computer, the one or more programs comprising the following steps:
- defining signer-specific privilege sets at the client computer for different ones of a plurality of distributing authorities, each signer-specific privilege set indicating privileges allowed to executable code signed by the corresponding distributing authority;
  
  receiving executable code and an associated privilege request code, the executable code and associated privilege request code being digitally signed by a particular one of the distributing authorities;
  
  preventing the executable code from executing if the digital signature of the executable code and associated privilege request code cannot be verified;
  
  preventing the executable code from executing if the privilege request code indicates privileges that are not in the signer-specific privilege set corresponding to the distributing authority that signed the executable code.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. One or more computer programs stored on one or more computer-readable storage media as recited in claim 14, the one or more programs further comprising a step of preventing the executable code from exercising privileges that are not indicated by the privilege request code.
  - 16. One or more computer programs stored on one or more computer-readable storage media as recited in claim 14, wherein said particular one of the distributing authorities produces a digital certificate indicating an authorized set of privileges, the one or more programs further comprising a step of preventing the executable code from exercising privileges that are not in the authorized set of privileges indicated by the digital certificate.
  - 17. One or more computer programs stored on one or more computer-readable storage media as recited in claim 16, wherein the digital certificate is digitally signed by one or more certifying authorities, said one or more computer programs further comprising:
    - before executing the executable code, verifying the digital signature of at least one of the certifying authorities without relying on the trustworthiness of said particular one of the distributing authorities.
  - 18. One or more computer programs stored on one or more computer-readable storage media as recited in claim 16, wherein the trustworthiness of said particular one of the distributing authorities is certified with a chain of digital signatures by one or more certifying authorities, the chain of digital signatures being associated with the executable code, said one or more computer programs further comprising:
    - before executing the executable code, tracing the chain of digital signatures to one that can be verified without relying on the trustworthiness of the distributing authority.
  - 19. One or more computer programs stored on one or more computer-readable storage media as recited in claim 16, wherein the distributing authority that signs the executable code is a memory of a hierarchy of authorities, the members of the hierarchy having digital certificates, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member, said one or more computer programs further comprising the following step:
    - before executing the executable code, tracing the digital certificate of the distributing authority that signed the executable code to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of the distributing authority that signed the executable code.
  - 20. One or more computer programs stored on one or more computer-readable storage media as recited in claim 16, wherein the distributing authority that signs the executable code is a memory of a hierarchy of authorities, the members of the hierarchy having digital certificates, wherein the digital certificate of a particular member is signed by a higher member of the hierarchy and refers to the signed digital certificate of said higher member, said one or more computer programs further comprising the following step:
    - before executing the executable code, tracing the digital certificate of the distributing authority that signed the executable code to an upper member of the hierarchy of authorities whose digital signature can be verified without relying on the trustworthiness of the distributing authority that signed the executable code;
      
      when tracing the digital certificate of the distributing authority that signed the executable code, verifying that each particular certificate'"'"'s indicated authorized set of privileges is a subset of the authorized set of privileges indicated in the digital certificate of the higher member that digitally signed the particular digital certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Beckman, Brian C., Apperson, Norman
Primary Examiner(s)
Fuller, Benjamin R.
Assistant Examiner(s)
CLARK, ROBIN C

Application Number

US08/639,290
Time in Patent Office

1,286 Days
Field of Search

380/25, 380/24, 380/23, 380/4, 395/157
US Class Current

705/54
CPC Class Codes

G06F 21/125   by manipulating the program...

G06F 21/54   by adding security routines...

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2149   Restricted operating enviro...

System and method for safety distributing executable objects

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

335 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

System and method for safety distributing executable objects

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

335 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others