Populating binary compatible resource-constrained devices with content verified using API definitions
First Claim
1. A method for remote incremental program verification, said method comprising:
- receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations;
installing said content on a resource-constrained device;
issuing said resource-constrained device to an end user; and
allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance.
0 Assignments
0 Petitions
Accused Products
Abstract
Remote incremental program verification may be achieved by receiving content verified by at least one content provider, installing the content on a resource-constrained device, issuing the resource-constrained device to an end user, and allowing post-issuance installation of verified content on the resource-constrained device by a trusted post-issuance installer. The at least one content provider includes an applet provider, a device manufacturer, a device issuer, and a trusted post-issuance installer. The content includes at least one program unit, where each program unit comprises an Application Programming Interface (API) definition file and an implementation. Each API definition file defines items in its associated program unit that are made accessible to one or more other program units, and each implementation includes executable code corresponding to the API definition file. The executable code includes type-specific instructions and data. The verification includes determining binary compatibility of earlier program unit implementations with later program unit implementations.
121 Citations
85 Claims
-
1. A method for remote incremental program verification, said method comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance.
-
-
2. A method for remote incremental program verification, said method comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said verification further comprising; receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; verifying said second version of said first program unit implementation, including indicating a verification error when said second version of said first program unit implementation is not internally consistent; and indicating a verification error when said second version of said first program unit implementation is inconsistent with said second version of said first program unit API definition file; and verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation, including indicating a verification error when said first version of said first program unit API definition file is incompatible with said second version of said first program unit API definition file; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for remote incremental program verification, said method comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance.
-
-
24. A method for remote incremental program verification, said method comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said verification further comprising; receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; and verifying said second version of said first program unit implementation, including determining whether said second version of said first program unit implementation is internally consistent; and determining whether said second version of said first program unit implementation is consistent with said second version of said first program unit API definition file; and verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation by comparing said first version of said first program unit API definition file and said second version of said first program unit API definition file; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform program verification, comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance.
-
-
46. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform program verification, comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said verification further comprising; receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; verifying said second version of said first program unit implementation, including indicating a verification error when said second version of said first program unit implementation is not internally consistent; and indicating a verification error when said second version of said first program unit implementation is inconsistent with said second version of said first program unit API definition file; and verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation including indicating a verification error when said first version of said first program unit API definition file is incompatible with said second version of said first program unit API definition file; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53)
-
-
54. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform program verification, comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance.
-
-
55. A program storage device readable by a machine, embodying a program of instructions executable by the machine to perform program verification, comprising:
-
receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said verification further comprising; receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; and verifying said second version of said first program unit implementation, including indicating a verification error when said second version of said first program unit implementation is not internally consistent; and indicating a verification error when said second version of said first program unit implementation is inconsistent with said second version of said first program unit API definition file; and verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation including indicating a verification error when said first version of said first program unit API definition file is incompatible when said second version of said first program unit API definition file; installing said content on a resource-constrained device; issuing said resource-constrained device to an end user; and allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62)
-
-
63. A system for executing a software application, the system comprising:
-
a computing system that generates executable code, comprising means for receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; means for installing said content on a resource-constrained device; means for issuing said resource-constrained device to an end user; and means for allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installation installer, said post-installation occurring after said issuance.
-
-
64. A system for executing a software application, the system comprising:
-
a computing system that generates executable code, comprising means for receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said computing system further comprising; means for receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; means for verifying said second version of said first program unit implementation, including means for indicating a verification error when said second version of said first program unit implementation is not internally consistent; and means for indicating a verification error when said second version of said first program unit implementation is inconsistent with said second version of said first program unit API definition file; and means for verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation including indicating a verification error when said first version of said first program unit API definition file is incompatible with said second version of said first program unit API definition file; means for installing said content on a resource-constrained device; means for issuing said resource-constrained device to an end user; and means for allowing post-issuance installation of verified content on said resource-constrained device by said trusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (65, 66, 67, 68, 69, 70, 71, 72)
-
-
73. A system for executing a software application, the system comprising:
-
a computing system that generates executable code, comprising means for receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; means for installing said content on a resource-constrained device; means for issuing said resource-constrained device to an end user; and means for allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance.
-
-
74. A system for executing a software application, the system comprising:
-
a computing system that generates executable code, comprising means for receiving content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations, said computing system further comprising; means for receiving a second version of first program unit implementation and a second version of first program unit API definition file, said second version being a revised version of first version; means for verifying said second version of said first program unit implementation, including means for indicating a verification error when said second version of said first program unit implementation is not internally consistent; and means for indicating a verification error when said second version of said first program unit implementation is inconsistent with said second version of said first program unit API definition file; and means for verifying said second version of said first program unit implementation is binary compatible with said first version of said first program unit implementation including indicating a verification error when said first version of said first program unit API definition file is incompatible with said second version of said first program unit API definition file; means for installing said content on a resource-constrained device; means for issuing said resource-constrained device to an end user; and means for allowing post-issuance installation of verified content on said resource-constrained device by said untrusted post-issuance installer, said post-issuance installation occurring after said issuance. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81)
-
-
82. A resource-constrained device, comprising:
-
memory for providing content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and a trusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; an installer device for installation of said content on said resource-constrained device, said installation including installation of initial content and installation of additional content by said trusted post-issuance installer after said resource-constrained device is issued to an end user; and a virtual machine that is capable of executing instructions included within said content. - View Dependent Claims (83)
-
-
84. A resource-constrained device, comprising:
-
memory for providing content verified by at least one content provider, said at least one content provider including an applet provider, a device manufacturer, a device issuer and an untrusted post-issuance installer, said content including at least one program unit, each program unit comprising an Application Programming Interface (API) definition file and an implementation, each API definition file defining items in its associated program unit that are made accessible to one or more other program units, each implementation including executable code corresponding to said API definition file, said executable code including type specific instructions and data, said verification including determining binary compatibility of earlier program unit implementations with later program unit implementations; an installer device for installation of said content on said resource-constrained device, said installation including installation of initial content and installation of additional content by said untrusted post-issuance installer after said resource-constrained device is issued to an end user; and a virtual machine that is capable of executing instructions included within said content. - View Dependent Claims (85)
-
Specification