Method and system for establishing trust in downloaded proxy code
First Claim
Patent Images
1. A method in a distributed system, comprising the steps of:
- downloading code from a server by a client;
determining a set of constraints specified by the client for conducting secure communication with the server via the downloaded code; and
using secure code verified locally by the client to determine whether the downloaded code will enforce the set of constraints specified by the client when the downloaded code is used to communicate with the server.
2 Assignments
0 Petitions
Accused Products
Abstract
A system consistent with the present invention enables a program in a distributed system to determine whether downloaded code is trustworthy before using the downloaded code to communicate with other programs or services in the distributed system. A client that downloads proxy code from a service can verify that both the service and the downloaded code are trustworthy before using the code to communicate with the service. “Trustworthy” code is code the client knows will enforce the client'"'"'s security constraints in communicating with the service, e.g., mutual authentication, confidentiality, and integrity.
261 Citations
13 Claims
-
1. A method in a distributed system, comprising the steps of:
-
downloading code from a server by a client;
determining a set of constraints specified by the client for conducting secure communication with the server via the downloaded code; and
using secure code verified locally by the client to determine whether the downloaded code will enforce the set of constraints specified by the client when the downloaded code is used to communicate with the server. - View Dependent Claims (2, 3)
-
-
4. A method in a distributed system for ensuring trustworthiness of a first proxy, comprising the steps of:
-
downloading the first proxy containing code for communication purposes;
using the first proxy to obtain a second proxy containing code for communication purposes;
determining whether the second proxy is trustworthy by using a trustworthiness verification routine;
determining whether a server is trustworthy by using the second proxy when it has been determined that the second proxy is trustworthy;
requesting the server to determine whether the first proxy is trustworthy by using the second proxy when it has been determined that the server is trustworthy; and
using the first proxy to invoke a method on the server when it has been determined that the first proxy is trustworthy, that the second proxy is trustworthy, and that the server is trustworthy. - View Dependent Claims (5)
-
-
6. A distributed system comprising:
-
a server computer, comprising;
a memory with a service; and
a processor that runs the service; and
a client computer, comprising;
a memory with a proxy that facilitates use of the service, a client program that invokes a method of the service using the proxy and specifies a set of constraints for conducting secure communication with the service, and a secure verifier that determines whether the proxy will enforce the set of constraints when communicating with the service; and
a processor that runs the client program. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A computer-readable medium containing instructions for controlling a data processing system to perform a method in a distributed system, the method comprising the steps of:
-
downloading code from a server by a client;
determining a set of constraints specified by the client for conducting secure communication with the server via the downloaded code; and
using secure code verified locally by the client to determine whether the downloaded code will enforce the set of constraints specified by the client when the downloaded code is used to communicate with the server. - View Dependent Claims (12)
-
-
13. A computer-readable medium containing instructions for controlling a data processing system to perform a method in a distributed system the method comprising the steps of:
-
downloading the first proxy containing code for communication purposes;
using the first proxy to obtain a second proxy containing code for communication purposes;
determining whether the second proxy is trustworthy by using a trustworthiness verification routine;
determining whether a server is trustworthy by using the second proxy when it has been determined that the second proxy is trustworthy;
requesting the server to determine whether the first proxy is trustworthy by using the second proxy when it has been determined that the server is trustworthy; and
using the first proxy to invoke a method on the server when it has been mined that the first proxy is trustworthy, that the second proxy is trustworthy, and that the server is trustworthy.
-
Specification