Virtual machine with securely distributed bytecode verification

US 6,546,454 B1
Filed: 04/11/2000
Issued: 04/08/2003
Est. Priority Date: 04/15/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for controlling a device having an external port and a microcontroller configured to execute a virtual machine, the method comprising the steps of:

receiving through the external port, code including virtual machine code for use by the virtual machine;

determining whether the code is authentic in response to an indicator of authenticity provided within the code; and

if the code is determined to be authentic, then omitting verification that the virtual machine code conforms to at least some of a predetermined set of criteria, and operating the virtual machine according to the virtual machine code.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for executing a software application comprising a plurality of hardware independent bytecodes is provided comprising a computing system that generates bytecodes, a virtual machine, remote to the computing system, that receives a plurality of bytecodes from said computing system, and executes said plurality of bytecodes, a system for testing said bytecodes against a set of predetermined criteria in which the testing is securely distributed between said virtual machine and said computing system so that the bytecode verification completed by the computing system is authenticated by the virtual machine prior to the execution of the bytecodes by said virtual machine. A method for distributed bytecode verification is also provided.

Citations

63 Claims

1. A method for controlling a device having an external port and a microcontroller configured to execute a virtual machine, the method comprising the steps of:
- receiving through the external port, code including virtual machine code for use by the virtual machine;
  
  determining whether the code is authentic in response to an indicator of authenticity provided within the code; and
  
  if the code is determined to be authentic, then omitting verification that the virtual machine code conforms to at least some of a predetermined set of criteria, and operating the virtual machine according to the virtual machine code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said step of omitting at least some verification comprises omitting substantially all verification.
  - 3. The method of claim 1, wherein the virtual machine code comprises bytecode.
  - 4. The method of claim 3, said step of operating the virtual machine further comprising interpreting the bytecode.
  - 5. The method of claim 1, further comprising, if the code is determined to be authentic, verifying that the virtual machine code conforms to at least one other of the predetermined set of criteria.
  - 6. The method of claim 1, wherein said step of determining whether the code is authentic is performed by the virtual machine.
  - 7. The method of claim 1, wherein the device is a small footprint device.
  - 8. The method of claim 1, wherein the device is a portable product.
  - 9. The method of claim 1, wherein the device comprises a tamper-resistant package.
  - 10. The method of claim 1, further comprising the step of, if the code is determined to be not authentic, not operating the virtual machine according to the virtual machine code.
  - 11. The method of claim 1, wherein said step of determining whether the code is authentic comprises determining whether the code is from a trusted source.
  - 12. The method of claim 11, wherein said step of determining whether the code is authentic further comprises determining whether the code has not been corrupted since being sent by the trusted source.
  - 13. The method of claim 1, the step of operating the virtual machine comprising converting the virtual machine code to native code of the microcontroller with a just-in-time compiler.
  - 14. The method of claim 1, wherein the virtual machine code is a native code of the microcontroller.

15. A method for programming a device having a microcontroller configured to execute a virtual machine and a port to a communications link from a remote computer connected to the communications link, the method comprising the steps of:
- verifying at the remote computer that particular virtual machine code for use by the virtual machine conforms to at least some of a predetermined set of criteria;
  
  if the particular virtual machine code passes the step of verifying, then generating at least one indicator of authenticity, and sending code including the particular virtual machine code and the at least one indicator of authenticity from the remote computer to the device over the communications link.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, wherein the device is a small footprint device.
  - 17. The method of claim 15, wherein the device is a portable product.
  - 18. The method of claim 15, wherein the device comprises a tamper-resistant package.
  - 19. The method of claim 15, wherein the at least one indicator of authenticity comprises an indication that the code is from a trusted source and an indication that the particular virtual machine code has not been corrupted since being sent by the trusted source.
  - 20. The method of claim 15, wherein the particular virtual machine code comprises bytecode.
  - 21. The method of claim 15, wherein said step of verifying comprises verifying that the particular virtual machine code conforms to substantially all of the predetermined set of criteria.

22. A method for programming a device having a microcontroller configured to execute a virtual machine and a port to a communications link from a remote computer connected to the communications link, the method comprising the steps of:
- verifying at the remote computer that particular virtual machine code for use by the virtual machine conforms to at least some of a predetermined set of criteria;
  
  if the particular virtual machine code passes the step of verifying, then generating at least one indicator of authenticity, and sending code including the particular virtual machine code and the at least one indicator of authenticity from the remote computer to the device over the communications link;
  
  receiving the code through the port at the device;
  
  determining at the device whether the code is authentic in response to the at least one indicator of authenticity; and
  
  if the code is determined to be authentic, then omitting verification that the particular virtual machine code conforms to the at least some of the predetermined set of criteria, and operating the virtual machine according to the particular virtual machine code.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 23. The method of claim 22, wherein the device is a small footprint device.
  - 24. The method of claim 22, wherein the device is a portable product.
  - 25. The method of claim 22, wherein the device comprises a tamper-resistant package.
  - 26. The method of claim 22, wherein the virtual machine code comprises bytecode.
  - 27. The method of claim 22, wherein the at least one indicator of authenticity comprises an indication that the code is from a trusted source and an indication that the particular virtual machine code has not been corrupted since being sent by the trusted source.
  - 28. The method of claim 22, further comprising, if the code is determined to be authentic, verifying that the particular virtual machine code conforms to at least one other of the predetermined set of criteria.
  - 29. The method of claim 22, wherein said step of determining whether the code is authentic is performed by the virtual machine.
  - 30. The method of claim 22, further comprising the step of, if the code is determined to be not authentic, not operating the virtual machine according to the particular code.
  - 31. The method of claim 22, wherein the at least some of the predetermined set of criteria comprises substantially all of the predetermined set of criteria.

32. A programmable device comprising:
- an external port;
  
  an authenticator configured to determine whether code received through the port is authentic in response to an indicator of authenticity provided within the code; and
  
  a microcontroller configured to omit verification that particular code provided within the code conforms to at least some of a predetermined set of criteria, said particular code for execution using said microcontroller, and to execute the particular code, if the code is determined to be authentic.
- View Dependent Claims (33, 34, 35, 36, 37)
- - 33. The device of claim 32, said microcontroller further configured to verify that the particular code conforms to at least one other of the predetermined set of criteria, if the received code is determined to be authentic.
  - 34. The device of claim 32, wherein:
35. The device of claim 32, wherein the device is a small footprint device.
36. The device of claim 32, wherein the particular code comprises bytecode.
37. The device of claim 32, wherein the device is a small footprint device.

38. An apparatus for remotely programming a device having a microcontroller configured to execute a virtual machine and a port to a communications link, said apparatus comprising:
- a memory medium for storing particular code for operating the virtual machine;
  
  a port to a communications link; and
  
  a processor connected to the port and the memory medium, the processor configured to verify that the particular code conforms to at least some of a predetermined set of criteria, and if the particular code passes verification, to generate at least one indicator of authenticity, and to send code including the particular code and the at least one indicator of authenticity to the device through the port to the communications link.
- View Dependent Claims (39)
- - 39. The device of claim 38, wherein said processor is further configured to verify that the particular code conforms to substantially all of the predetermined set of criteria.

40. A system for remotely programming a programmable device having a microcontroller configured to run a virtual machine and an external port, said system comprising:
- a communications link;
  
  a remote computer comprising a memory medium for storing particular code for operating the virtual machine, a port connected to the communications link, and a processor connected to the port and the memory medium, the processor configured to verify that the particular code conforms to at least some of a predetermined set of criteria, and, if the particular code passes verification, to generate at least one indicator of authenticity, and to send code including the particular code and the at least one indicator of authenticity to the programmable device through the port to the communications link; and
  
  the programmable device comprisingan external port selectably connected to the communications link, an authenticator configured to determine whether the code received through the external port is authentic in response to the indicator of authenticity, and the microcontroller configured to omit verification that the particular code conforms to the at least some of the predetermined set of criteria, and to execute the particular code, if the authenticated code is determined to be authentic.
- View Dependent Claims (41, 42, 43, 44)
- - 41. The system of claim 40, wherein said processor is further configured to verify that the particular code conforms to substantially all of the predetermined set of criteria.
  - 42. The system of claim 40, wherein said microcontroller is further configured to verify that the particular code conforms to at least one other of the predetermined set of criteria, if the authenticated code is determined to be authentic.
  - 43. The system of claim 40, wherein the particular code comprises bytecode.
  - 44. The system of claim 40, wherein the device is a small footprint device.

45. A computer program product for a programmable device having a microcontroller and an external port, the computer program product comprising:
- a memory medium;
  
  instructions, stored on the memory medium, to cause the microcontroller to determine whether code received through the external port is authentic, to omit verification that particular code provided within the received code conforms to at least some of a predetermined set of criteria, and to execute the particular code, if the received code is determined to be authentic.
- View Dependent Claims (46, 47, 48)
- - 46. The computer program product of claim 45, said instructions further causing the microcontroller to verify that the particular code conforms to at least one other of the predetermined set of criteria, if the received code is determined to be authentic.
  - 47. The computer program product of claim 45, wherein:
48. The computer program product of claim 45, wherein the programmable device is a small footprint device.

49. A computer program product for remotely programming a programmable device having an external port and a microcontroller configured to run a virtual machine, the computer program product comprising:
- a memory medium; and
  
  instructions, stored on the memory medium, to cause one or more processors to verify that particular code for operating the virtual machine conforms to at least some of a predetermined set of criteria, and, if the particular code passes verification, to generate at least one indicator of authenticity, and to send code including the particular code and the at least one indicator of authenticity through a port connected to the processor to a communications link with the external port of the programmable device.
- View Dependent Claims (50, 51, 52)
- - 50. The computer program product of claim 49, said instructions further causing the one or more processors to verify that the particular code conforms to substantially all of the predetermined set of criteria.
  - 51. The computer program product of claim 49, wherein the particular code comprises bytecode.
  - 52. The computer program product of claim 49, wherein the programmable device is a small footprint device.

53. A transmission of instructions for controlling a programmable device having an external port and a microcontroller configured to run a virtual machine, the transmission comprising:
- a carrier wave;
  
  instructions, transmitted as signals on the carrier wave, for a virtual machine running on the microcontroller; and
  
  at least one indicator, transmitted as signals on the carrier wave, that the transmission is authentic and that said instructions conform to at least some of a predetermined set of criteria.
- View Dependent Claims (54, 55)
- - 54. The transmission of claim 53, wherein the instructions comprise bytecode.
  - 55. The transmission of claim 54, wherein the programmable device is a small footprint device.

56. A transmission of instructions for remotely controlling a programmable device having an external port and a microcontroller configured to run a virtual machine, the transmission comprising:
- a carrier wave; and
  
  instructions, transmitted as signals on the carrier wave, to cause one or more processors to verify that particular code for the virtual machine conforms to at least some of a predetermined set of criteria, and, if the particular code passes verification, to generate at least one indicator of authenticity, and to send code including the particular code and the at least one indicator of authenticity through a port connected to the one or more processors to a communications link with the external port of the programmable device.
- View Dependent Claims (57, 58, 59)
- - 57. The transmission of claim 56, said instructions further causing the one or more processors to verify that the particular code conforms to substantially all of the predetermined set of criteria.
  - 58. The transmission of claim 56, wherein the particular code comprises bytecode.
  - 59. The transmission of claim 56, wherein the programmable device is a small footprint device.

60. A method for controlling a device having an external port and a microcontroller configured to run a virtual machine, the method comprising the steps of:
- receiving through the port, code including virtual machine code for use by the virtual machine;
  
  determining whether the code is authentic in response to an indicator of authenticity provided within the code; and
  
  if the code is determined to be authentic, then omitting processing of the virtual machine code according to at least some of a predetermined set of processes, and operating the device in response to the virtual machine code.

61. A programmable device comprising:
- an external port;
  
  an authenticator configured to determine whether code received through the port is authentic in response to an indicator of authenticity provided within the code; and
  
  a microcontroller configured to omit processing of particular code provided within the received code according to at least some of a predetermined set of processes, said particular code for execution using said microcontroller, and to execute the particular code, if the received code is determined to be authentic.

62. A computer program product for a programmable device having an external port and a microcontroller configured to run a virtual machine, the computer program product comprising:
- a memory medium;
  
  instructions, stored on the memory medium, to cause the microcontroller to determine whether code received through the external port is authentic in response to an indicator of authenticity provided within the received code, to omit processing of particular code provided within the received code according to at least some of a predetermined set of processes, and to execute the particular code, if the received code is determined to be authentic.

63. A transmission of instructions for remotely controlling a programmable device having an external port and a microcontroller configured to run a virtual machine, the transmission comprising:
- a carrier wave; and
  
  instructions, transmitted as signals on the carrier wave, to cause one or more processors to process particular code for the virtual machine according to at least some of a predetermined set of processes, and, after processing the particular code, to generate at least one indicator of authenticity, and to send code including the processed particular code and the at least one indicator of authenticity through a port connected to the one or more processors to a communications link with the external port of the programmable device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Schwabe, Judy, Levy, Moshe
Primary Examiner(s)
Hudspeth, David
Assistant Examiner(s)
TZENG, FRED

Application Number

US09/547,225
Time in Patent Office

1,092 Days
Field of Search

711/6, 711/156, 711/163, 717/5, 717/4, 707/103, 380/49
US Class Current

711/6
CPC Class Codes

G06F 21/125   by manipulating the program...

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06F 9/44589   Program code verification, ...

Virtual machine with securely distributed bytecode verification

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

63 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual machine with securely distributed bytecode verification

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

63 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links