Method and computer program product for processing signed applets
First Claim
1. A method for executing a signed applet packaged in a given file, comprising:
- upon loading a class, determining whether a signature in the given file type applies to the class;
if so, executing a verification procedure to verify the signature and the identity of a signer that generated the signature;
following a successful verification, determining whether the signer is identified in a policy entry;
if the signer is identified in the policy entry, populating a permission set for the class;
wherein the signature is verified using a given algorithm used to sign the applet; and
wherein the step of populating the permission set for the class awards the class a permission as specified in the policy entry.
2 Assignments
0 Petitions
Accused Products
Abstract
A framework for processing signed applets that are distributed over the Internet. Using the framework, an applet that is packaged as a Netscape- or JDK-signed jar file, or as an Internet Explorer-signed cab file, is processed within the same Java runtime environment irrespective of the browser type (i.e. Netscape Communicator, Internet Explorer or JDK) used to execute the applet. When the applet is executed, the framework verifies one or more applet signatures using the same algorithm that was used to sign the applet, verifies the signer(s) of the applet, and stores information about the signers so that they can be honored by a security policy when permissions for the applet are determined.
59 Citations
21 Claims
-
1. A method for executing a signed applet packaged in a given file, comprising:
-
upon loading a class, determining whether a signature in the given file type applies to the class;
if so, executing a verification procedure to verify the signature and the identity of a signer that generated the signature;
following a successful verification, determining whether the signer is identified in a policy entry;
if the signer is identified in the policy entry, populating a permission set for the class;
wherein the signature is verified using a given algorithm used to sign the applet; and
wherein the step of populating the permission set for the class awards the class a permission as specified in the policy entry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for executing a signed applet packaged in a given file, comprising:
-
upon loading each class, determining whether any signatures in the given file applies to the class;
if so, executing a verification procedure to verify the signature and the identity of a signer that generated the signature;
following a successful verification, determining whether the signer is identified in a policy entry;
if the signer is identified in the policy entry, awarding the class a permission as identified in the policy entry;
responsive to a request that requires a permission, using the permission set for the class to determine whether the class has the permission; and
wherein the signature is verified using a given algorithm used to sign the applet. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product on a computer readable media including computer usable code for use in a Java runtime environment (JRE), comprising:
-
an applet class loader for loading a set of applet classes archived in a signed file;
a set of signature engine classes for verifying applet class signatures;
a security manager class callable by the applet class loader upon receipt of an initial request that requires a given permission and, in response thereto invoking a policy file class that verifies a signer based on the existence of a matching certificate in a set of keystores;
wherein at least one signature engine verifies signatures using a given algorithm used to sign the applet classes archived in a signed file; and
wherein for populating a permission set for the class, wherein the class is awarded a permission as specified in the policy file class managed by the security manager class. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A system, comprising:
-
a browser;
a Java runtime environment;
a set of keystores;
an applet class loader for loading a set of applet classes archived in a signed file;
a set of signature engine classes for verifying applet class signatures;
a security manager class callable by the applet class loader upon receipt of an initial request that requires a given permission and, in response thereto, invoking a policy file class that verifies a signer based on the existence of a matching certificate in the set of keystores;
a means for populating a permission set for the class, wherein the class is awarded a permission as specified in a policy entry in a database managed by the security manager class; and
wherein at least one signature engine verifies signatures using a given algorithm used to sign the applet. - View Dependent Claims (21)
-
Specification