Virtual machine with securely distributed bytecode verification

US 6,092,147 A
Filed: 04/15/1997
Issued: 07/18/2000
Est. Priority Date: 04/15/1997
Status: Expired due to Term

First Claim

Patent Images

1. A system for executing a software application comprising a plurality of hardware independent bytecodes, the system comprising:

a computing system data generates bytecodes;

a virtual machine, remote to the computing system, comprising means for receiving a plurality of authenticated bytecodes from said computing system, and means for executing said plurality of authenticated bytecodes;

means for testing said bytecodes against a set of predetermined criteria; and

means for securely distributing said testing means between said virtual machine and said computing system so that bytecode testing completed by the computing system is authenticated by the virtual machine prior to the execution of the authenticated bytecodes by said virtual machine.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for executing a software application comprising a plurality of hardware independent bytecodes is provided comprising a computing system that generates bytecodes, a virtual machine, remote to the computing system, that receives a plurality of bytecodes from said computing system, and executes said plurality of bytecodes, a system for testing said bytecodes against a set of predetermined criteria in which the testing is securely distributed between said virtual machine and said computing system so that the bytecode verification completed by the computing system is authenticated by the virtual machine prior to the execution of the bytecodes by said virtual machine. A method for distributed bytecode verification is also provided.

206 Citations

23 Claims

1. A system for executing a software application comprising a plurality of hardware independent bytecodes, the system comprising:
- a computing system data generates bytecodes;
  
  a virtual machine, remote to the computing system, comprising means for receiving a plurality of authenticated bytecodes from said computing system, and means for executing said plurality of authenticated bytecodes;
  
  means for testing said bytecodes against a set of predetermined criteria; and
  
  means for securely distributing said testing means between said virtual machine and said computing system so that bytecode testing completed by the computing system is authenticated by the virtual machine prior to the execution of the authenticated bytecodes by said virtual machine.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein said remote computing system comprises means for determining that the bytecodes comply with a predetermined set of criteria to generate verified bytecodes, and means for generating a proof of authenticity attached to said verified bytecodes to generate authenticated bytecodes so that the authenticated bytecodes are tamper-resistant.
  - 3. The system of claim 2, wherein said virtual machine comprises means for determining that the authenticated bytecodes are not corrupted comprising means for generating a proof of authenticity based on the received bytecodes, and means for comparing said generated proof of authenticity against said authenticated bytecodes.
  - 4. The system of claim 2, wherein said virtual machine comprises means for performing limited run-time testing of said authenticated bytecodes.
  - 5. The system of claim 4, wherein said performing means comprises means for testing the memory access of said authenticated bytecodes.
  - 6. The system of claim 2, wherein said virtual machine comprises means for storing authenticated bytecodes in a non-volatile manner so that the authenticated bytecodes are not repeatedly communicated with the virtual machine.

7. A virtual machine for executing a software application comprising a plurality of bytecodes, the virtual machine being executed by a hardware processor, the virtual machine comprising:
- means for receiving an authenticated bytecode, the authenticated bytecode being previously compared against a predetermined set of criteria and having a proof of authenticity;
  
  means for determining that the authenticated bytecode is not corrupted based on the proof of authenticity; and
  
  means for executing said bytecode.
- View Dependent Claims (8, 9, 10)
- - 8. The virtual machine of claim 7 further comprising means for checking, at run-time, said authenticated bytecode for memory access errors.
  - 9. The virtual machine of claim 7, wherein said determining means comprises means for generating a proof of authenticity, and means for comparing the generated proof of authenticity against the proof of authenticity attached to the received bytecode.
  - 10. The virtual machine of claim 7, wherein said virtual machine comprises means for storing authenticated bytecodes in a non-volatile manner so that the authenticated bytecodes are not repeatedly communicated with the virtual machine.

11. A system for executing a software application comprising a plurality of bytecodes, the system comprising:
- a computer system comprising means for verifying that a bytecode conforms to a predetermined set of criteria to generate a verified bytecode, and means for generating an authenticated bytecode from said verified bytecode; and
  
  a virtual machine, remote from said computer system, for executing said authenticated bytecodes, said virtual machine comprising means for receiving said authenticated bytecodes, means for determining that the authenticated bytecodes are not corrupted, and means for executing said authenticated bytecodes.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11, wherein said virtual machine comprises means for performing limited run-time testing of said received bytecodes.
  - 13. The system of claim 11, wherein said computing system comprises means for generating a proof of authenticity, and means for attaching said proof of authenticity to said bytecodes.
  - 14. The system of claim 12, wherein said virtual machine comprises means for generating a proof of authenticity, and means for comparing said generated proof of authenticity against said received proof of authenticity to determine that said received bytecode is not corrupted.

15. A smart card having a plastic card having a microcontroller embedded therein, the smart card comprising:
- a virtual machine being executed by a microcontroller, the virtual machine executing a software application comprising a plurality of previously verified bytecodes, the virtual machine comprising means for receiving an authenticated bytecode, the authenticated bytecode being previously compared against a predetermined set of criteria and having a proof of authenticity, means for determining that the authenticated bytecode is not corrupted based on the proof of authenticity, and means for executing said bytecode.
- View Dependent Claims (16, 17)
- - 16. The smart card of claim 15 further comprising means for checking, at run-time, said received bytecode for run-time memory access errors.
  - 17. The smart card of claim 15, wherein said authenticated bytecode comprises a proof of authenticity attached to said received bytecode, and wherein said determining means comprises means for generating a proof of authenticity, and means for comparing the generated proof of authenticity against the proof of authenticity attached to the received bytecode to determine if the authenticated bytecode is corrupted.

18. A method for executing a software application on a virtual machine, the application comprising a plurality of bytecodes, comprising:
- receiving an authenticated bytecode by a virtual machine, the authenticated bytecode being previously compared against a predetermined set of criteria and having a proof of authenticity;
  
  determining that the authenticated bytecode is not corrupted based on the proof of authenticity; and
  
  executing said bytecode.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18 further comprising checking, at run-time, said authenticated bytecode for memory access errors.
  - 20. The method of claim 18, wherein determining comprises generating a proof of authenticity, and comparing the generated proof of authenticity against the proof of authenticity attached to the received bytecode.
  - 21. The method of claim 18 further comprising storing authenticated bytecodes in a non-volatile manner so that the authenticated bytecodes are not repeatedly communicated with the virtual machine.

22. A virtual machine for executing a software application comprising a plurality of bytecodes, the virtual machine being executed by a hardware processor, the virtual machine comprising:
- means for receiving data comprising a plurality of authenticated bytecodes, the authenticated bytecodes being previously compared against a predetermined set of criteria to reduce the amount of data received by the virtual machine;
  
  means for determining that the authenticated bytecodes are not corrupted; and
  
  means for executing said bytecodes.
- View Dependent Claims (23)
- - 23. The virtual machine of claim 22, wherein said data received by said virtual machine excludes data used for verification of said bytecodes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Levy, Moshe, Schwabe, Judy
Primary Examiner(s)
Cabeca, John W.
Assistant Examiner(s)
TZENG, FRED

Application Number

US08/839,621
Time in Patent Office

1,190 Days
Field of Search

711/6, 711/203, 395/186, 395/740, 395/706, 395/183.14, 395/704, 380/25, 709/202, 709/303, 709/304, 713/200
US Class Current

711/6
CPC Class Codes

G06F 21/125   by manipulating the program...

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 9/44589   Program code verification, ...

Virtual machine with securely distributed bytecode verification

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

206 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual machine with securely distributed bytecode verification

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

206 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links