System and method for providing assurance to a host that a piece of software possesses a particular property
First Claim
1. A method for receiving assurance at a host that a set of subject instructions possesses a particular property, comprising the steps of:
- a. receiving the set of subject instructions at the host;
b. receiving a certificate including a signature at the host;
c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;
d. determining integrity of the subject set of instructions based on the certificate and the statement; and
e. executing the subject set of instructions, if the integrity of the subject set of instructions is determined.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing assurance to a host executing a piece of software that the software possesses a particular property. A certifier determines if a piece of software possesses a particular property, and if it does, it cryptographically signs the software, producing a signature. The software and a certificate that includes the signature is then distributed to a host. The host checks the signature. If the signature is valid, then the host is provided with assurance that the software possesses the particular property. If the signature is not valid, then the host is provided with no such assurance.
116 Citations
23 Claims
-
1. A method for receiving assurance at a host that a set of subject instructions possesses a particular property, comprising the steps of:
-
a. receiving the set of subject instructions at the host;
b. receiving a certificate including a signature at the host;
c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;
d. determining integrity of the subject set of instructions based on the certificate and the statement; and
e. executing the subject set of instructions, if the integrity of the subject set of instructions is determined. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
-
a. receiving the set of subject instructions at the host;
b. receiving a certificate including a signature at the host, the certificate generated pursuant to certification instructions used by a certifier;
c. receiving a statement that contains the identity of the particular property possessed by the subject set in the certificate;
d. receiving an invalidation message containing an indication that the present version of the certification instructions used by the certifier to determine if the subject set of instructions possesses the particular property is outdated; and
e. determining not to execute the subject set of instructions based on the invalidation message. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
d. determining at the host if a threshold number of signatures is valid;
e. if the threshold number of signatures are valid, then determining at the host that the subject set of instructions possesses the particular property.
-
-
20. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
-
a. determining if the set of subject instructions possesses the particular property at a certifier; and
b. if the subject set of instructions is determined to possess the particular property, then;
I. signing the set of subject instructions at the certifier to obtain a signature; and
ii. distributing to the host the set of subject instructions, a certificate that includes the signature and an identifier of the certifier, and a statement that contains the identity of the particular property possessed by the set of subject instructions, wherein the subject set of instructions is in binary form.
-
-
21. A method for providing assurance to a host that a set of subject instructions possesses a particular property, comprising the steps of:
-
a. determining if the set of subject instructions possesses the particular property at a certifier; and
b. if the subject set of instructions is determined to possess the particular property, then;
i. signing the set of subject instructions at the certifier to obtain a signature; and
ii. distributing to the host the set of subject instructions, a certificate that includes the signature and an identifier of the certifier, and a statement that contains the identity of the particular property possessed by the set of subject instructions, wherein the subject set of instructions is in source code form.
-
-
22. A method for providing assurance that a piece of software possesses a particular property, including:
-
a. receiving a binary version of software containing annotations having a proof that the software possesses the particular property;
b. checking the proof to determine that the software possesses the particular property;
c. if the software is determined to have the particular property, then signing the software to obtain a signature; and
d. sending the signature and a statement identifying the particular property to a recipient. - View Dependent Claims (23)
-
Specification