Method and apparatus for validating travelling object-oriented programs with digital signatures

US 6,105,072 A
Filed: 04/02/1997
Issued: 08/15/2000
Est. Priority Date: 08/10/1993
Status: Expired due to Term

First Claim

Patent Images

1. In a system having at least one computer and a memory, a method of operating said computer using at least one digital cell comprising the steps of:

determining whether a program being executed is processing an existing digital cell, said digital cell comprising a digital data structure that identifies at least one class definition and a plurality of related object instances that are bound to said class definition, at least part of said class definition having been digitally signed and said digital data structure including at least one class defining program with the plurality of object instances,placing said existing cell into an executable state if said determining step indicates that an existing cell is to be processed;

accessing digital information to be processed by said existing digital cell;

processing said digital information by one of said related object instances; and

monitoring security of related object instances by screening at least some of the instructions of the class definition of the related object instance by verifying at least one digital signature supplied to the cell during execution of the object.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of operating computers in accordance with an enhanced object-oriented programming methodology creates a framework for efficiently performing automated business transactions. The object-oriented programming methodology is used in conjunction with a travelling program, i.e., a digital data structure which includes a sequence of instructions and associated data which has the capability of determining at least one next destination or recipient for receiving the travelling program and for transmitting itself, together with all relevant data determined by the program to the next recipient or destination Using the methods described herein, the data is more closely bound to the program in such a way that objects may be most efficiently transferred from one computer user to another without the objects being previously known to the recipient computer user. The present invention utilizes object "cells" which are data structures stored, for example, on a disk that reflects a collection of (related) objects instances whose execution has been suspended, and which can be resumed later on the same or a different platform. The collection of object instances can be gathered together into cells (or "electronic forms") suitable for storage or transmission to another computer user in such a way that instances are unambiguously bound to their respective class definition. The present invention also creates improved tools for creating and using cells so that electronic forms can be defined using object-oriented techniques while allowing such forms to be easily transferred among a diverse population of computer users--without demanding that all users maintain compatible libraries of all object-class definition programs and without demanding that all users maintain identical synchronized versions of that class. The invention provides a digital signature methodology to insure security and integrity, so that electronic forms (i.e., cells) composed of a collection of objects can be received and executed by a user without putting the user at risk that some of the object classes embedded in the cell might be subversive "trojan horse" programs that might steal, destroy or otherwise compromise the security or integrity of the user'"'"'s system or data.

85 Citations

View as Search Results

34 Claims

1. In a system having at least one computer and a memory, a method of operating said computer using at least one digital cell comprising the steps of:
- determining whether a program being executed is processing an existing digital cell, said digital cell comprising a digital data structure that identifies at least one class definition and a plurality of related object instances that are bound to said class definition, at least part of said class definition having been digitally signed and said digital data structure including at least one class defining program with the plurality of object instances,placing said existing cell into an executable state if said determining step indicates that an existing cell is to be processed;
  
  accessing digital information to be processed by said existing digital cell;
  
  processing said digital information by one of said related object instances; and
  
  monitoring security of related object instances by screening at least some of the instructions of the class definition of the related object instance by verifying at least one digital signature supplied to the cell during execution of the object.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 2. A method according to claim 1, further including the step of verifying any digital signatures that have been supplied to said digital cell.
  - 3. A method according to claim 1, wherein said step of placing into an executable state step includes the step of accessing information relating to the cell based upon a predetermined cell name.
  - 4. A method according to claim 1, wherein said step of placing into an executable state includes the step of restoring variables associated with the existing digital cell.
  - 5. A method according to claim 1, wherein said step of placing into an executable state includes the step of reloading all classes associated with the existing digital cell.
  - 6. A method according to claim 1, wherein said step of placing into an executable state includes the step of identifying the instance for processing messages for the existing digital cell.
  - 7. A method according to claim 1, wherein said processing step includes the step of determining which of said plurality of related object instances is to be associated with an accessed message.
  - 8. A method according to claim 1, wherein said processing step includes the step of invoking one of said related object instances for performing a method of the invoked instance in response to an accessed message.
  - 9. A method according to claim 1, further including the step of retrieving a next message to be processed by said existing digital cell.
  - 10. A method according to claim 1, wherein the invoked instance performs a particular method in response to input parameters contained in the accessed message.
  - 11. A method according to claim 1, further including the step of creating a new object instance, andassociating said new object instance with said digital cell.
  - 12. A method according to claim 1, further including the step of associating an authorization data structure with a class definition identified in said digital cell.
  - 13. A method according to claim 1, wherein said digital data structure includes a hash of one of a source instruction, a p-code instruction resulting from compilation or a machine language code resulting from compilation, for the class definition program.
  - 14. A method according to claim 1, wherein said digital data structure includes a hash of the source program and a hash of the p-code program.
  - 15. A method according to claim 2, further including the step of verifying digital signatures associated with class definition programs operating in connection with the plurality of object instances.
  - 16. A method according to claim 2, wherein the verifying of digital signatures includes any signature of variable pools, variables and values.
  - 17. A method according to claim 15 including verifying any certificate associated with the digital signature.
  - 18. A method according to claim 15 including verifying said digital signature which is signed in p-code form, source code form or both.
  - 19. A method according to claim 18, wherein said verifying includes checking a hash of the p-code, source code or both.
  - 20. A method according to claim 7 wherein said step of determining which of said plurality of related object instances is to be associated with an accessed message includes the step of accessing a message reference table to determine which instance is to be associated.
  - 21. A method according to claim 8, wherein a method of the invoked instance is performed by accessing, using said digital cell, the first instruction of the method.
  - 22. A method according to claim 8, further including the step of adding new methods to those methods which may be performed by at least one object instance.
  - 23. A method according to claim 10, wherein an instance indicator in the received method is monitored and further including the step of accessing a routine for processing the accessed message based upon said instance indicator.
  - 24. A method according to claim 10, wherein a method table is searched associated with a class identified by said input parameters.
  - 25. A method according to claim 23, wherein said digital cell identifies a parent class and wherein a method belonging to a parent class is performed based upon the state of said instance indicator.
  - 26. A method according to claim 12, further including the step of testing the class authorization data structure prior to permitting the performance by said digital cell of predetermined operations.
  - 27. A method according to claim 21, wherein said first instruction is a p-code instruction.

28. In a system having at least one computer and a memory, a method of operating said computer using at least one digital cell comprising the steps of:
- determining whether a program being executed is processing an existing digital cell, said digital cell comprising a digital data structure that identifies at least one class definition and a plurality of related object instances that are bound to said class definition, at least part of said class definition having been digitally signed and said digital data structure including at least one class defining program with the plurality of object instances,placing said existing cell into an executable state if said determining step indicates that an existing cell is to be processed;
  
  accessing digital information to be processed by said existing digital cell;
  
  processing said digital information by one of said related object instances; and
  
  monitoring security by verifying at least one digital signature supplied to the cell and performing at least one of;
  
  screening at least one of said related object instances before executing said object instance;
  
  screening at least one of said related object instances during execution of said object instance; and
  
  screening operations invoked by said object instance as a result of the execution of the object instance.

29. In a communications system having at least one computer and a memory, a method of operating said computer comprising the steps of:
- loading a digital cell in said memory, said digital cell comprising a digital data structure that identifies a collection of related programs, each of which are bound by a class definition;
  
  processing a received function by accessing said digital cell to determine which program is to perform said received function;
  
  executing a program for performing the received function; and
  
  monitoring the security of the program during execution thereof, based on security information associated with the digital cell, said security information including a digital signature associated with the digital cell, wherein said monitoring step includes verifying the digital signature supplied to said digital cell.

30. In a system having at least one computer and being operable to receive programs from at least one other computer, a method of operating said computer using at least one digital cell comprising a collection of data including indicia of at least one class definition program and a digital signature, the method comprising the steps of:
- processing the digital cell by;
  
  receiving said digital cell from another computer;
  
  loading at least part of the class definition program into memory;
  
  verifying the digital signature of the digitally signed material;
  
  placing the class definition program into execution using data from at least one of;
  
  data received from another computer, and data available within the system performing the execution; and
  
  monitoring said program during its execution by screening at least some of the instructions of the program by verifying the digital signature supplied to the cell.
- View Dependent Claims (31, 32, 33, 34)
- - 31. A method according to claim 30, wherein the digital signature is computed based on information depending from at least part of the class definition program, indicia of at least one digital rule used to govern the execution of said class definition program, and indicia indicating an entity associated with performing the digital signature.
  - 32. A method according to claim 30, wherein an absence of indicia of rules governing execution of the program is treated as indicia of default rules.
  - 33. A method according to claim 31, further including the step of verifying the digital signature was performed by a trusted entity.
  - 34. A method according to claim 33, further including the step of verifying digital signatures associated with the class definition programs operating in connection with the plurality of object instances.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Addison M. Fischer
Original Assignee
Addison M. Fischer
Inventors
Fischer, Addison M.
Primary Examiner(s)
Banankhah, Majid A.
Assistant Examiner(s)
COURTENAY III, ST JOHN

Application Number

US08/831,958
Time in Patent Office

1,231 Days
Field of Search

395/188.01, 395/186, 395/187.01, 395/680, 395/683, 709/300-305, 713/200-202
US Class Current

719/315
CPC Class Codes

G06F 21/33   using certificates

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 9/4488   Object-oriented

G06F 9/465   Distributed object oriented...

G06F 9/4862   the task being a mobile age...

H04L 63/168   above the transport layer

Method and apparatus for validating travelling object-oriented programs with digital signatures

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for validating travelling object-oriented programs with digital signatures

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links