System and method for providing assurance to a host that a piece of software possesses a particular property

US 6,381,698 B1
Filed: 09/08/2000
Issued: 04/30/2002
Est. Priority Date: 05/21/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for receiving assurance at a host that a set of subject instructions possesses a particular property, comprising the steps of:

a. receiving the set of subject instructions at the host;

b. receiving a certificate including a signature at the host;

c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;

d. determining integrity of the subject set of instructions based on the certificate and the statement; and

e. executing the subject set of instructions, if the integrity of the subject set of instructions is determined.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.

116 Citations

23 Claims

1. A method for receiving assurance at a host that a set of subject instructions possesses a particular property, comprising the steps of:
- a. receiving the set of subject instructions at the host;
  
  b. receiving a certificate including a signature at the host;
  
  c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;
  
  d. determining integrity of the subject set of instructions based on the certificate and the statement; and
  
  e. executing the subject set of instructions, if the integrity of the subject set of instructions is determined.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the set of subject instructions are signed using a private cryptographic key at a certifier.
  - 3. The method of claim 1, wherein the set of subject instructions are signed using a symmetric cryptographic key at a certifier.
  - 4. The method of claim 1, wherein the set of subject instructions are distributed to the host from a provider.
  - 5. The method of claim 1, wherein the set of subject instructions are distributed to the host from a certifier.
  - 6. The method of claim 1, wherein the set of subject instructions and the certificate that includes the signature are received together at the host.
  - 7. The method of claim 1, wherein the statement containing the identity of the particular property includes a group of keys used for signing the certificate, and the host determines the identity of the particular property based on the group of keys received.

8. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
- a. receiving the set of subject instructions at the host;
  
  b. receiving a certificate including a signature at the host, the certificate generated pursuant to certification instructions used by a certifier;
  
  c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;
  
  d. receiving an invalidation message containing an indication that the present version of the certification instructions used by the certifier to determine if the subject set of instructions possesses the particular property is outdated; and
  
  e. determining not to execute the subject set of instructions based on the invalidation message.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 9. The method of claim 8, wherein the invalidation message indicates that a public key is invalid.
  - 10. The method of claim 8, further comprising the step of receiving a new authorization message at the host.
  - 11. The method of claim 10, wherein the new authorization message includes a new public key.
  - 12. The method of claim 10, wherein the new authorization message includes a new key for determining authenticity of certificates.
  - 13. The method of claim 8, wherein the particular property is the identity of the certifier of the set of subject instructions.
  - 14. The method of claim 8, wherein the particular property is the identity of a compiler used to generate the binary version of the subject set of instructions.
  - 15. The method of claim 8, wherein the particular property is the identity of the manufacturer of the subject set of instructions.
  - 16. The method of claim 8, wherein the particular property is the version of the certification instructions used to analyze the subject set of instructions.
  - 17. The method of claim 8, further comprising the step of determining at the host if the signature received in the certificate is valid.
  - 18. The method of claim 17 further comprising refraining from executing the subject set of instructions, if it is determined that the signature received in the certificate is invalid.
  - 19. The method of claim 8, wherein a first plurality of certifiers determine if the set of subject instructions possesses a particular property, and wherein a second plurality of certifiers each send a certificate including a signature to the host, and further comprising the steps of:

20. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
- a. determining if the set of subject instructions possesses the particular property at a certifier; and
  
  b. if the subject set of instructions is determined to possess the particular property, then;
  
  I. signing the set of subject instructions at the certifier to obtain a signature; and
  
  ii. distributing to the host the set of subject instructions, a certificate that includes the signature and an identifier of the certifier, and a statement that contains the identity of the particular property possessed by the set of subject instructions, wherein the subject set of instructions is in binary form.

21. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
- a. determining if the set of subject instructions possesses the particular property at a certifier; and
  
  b. if the subject set of instructions is determined to possess the particular property, then;
  
  i. signing the set of subject instructions at the certifier to obtain a signature; and
  
  ii. distributing to the host the set of subject instructions, a certificate that includes the signature and an identifier of the certifier, and a statement that contains the identity of the particular property possessed by the set of subject instructions, wherein the subject set of instructions is in source code form.

22. A method for providing assurance that a piece of software possesses a particular property, including:
- a. receiving a binary version of software containing annotations having a proof that the software possesses the particular property;
  
  b. checking the proof to determine that the software possesses the particular property;
  
  c. if the software is determined to have the particular property, then signing the software to obtain a signature; and
  
  d. sending the signature and a statement identifying the particular property to a recipient.
- View Dependent Claims (23)
- - 23. The method of claim 22 wherein a version of the software without the proof and without the annotations is sent to the recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Corporation (AT&T, Inc.)
Original Assignee
AT&T Corporation (AT&T, Inc.)
Inventors
Stubblebine, Stuart Gerald, Devanbu, Premkumar Thomas
Primary Examiner(s)
Peeso, Thomas R.
Assistant Examiner(s)
Darrow, Justin T.

Application Number

US09/657,776
Time in Patent Office

599 Days
Field of Search

713/170, 713/175, 713/176, 713/181, 713/189, 705/58, 380/28, 380/30
US Class Current

713/170
CPC Class Codes

G06F 21/51 at application loading time...

G06F 2211/007 Encryption, En-/decode, En-...

System and method for providing assurance to a host that a piece of software possesses a particular property

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing assurance to a host that a piece of software possesses a particular property

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links