System and method for remote code integrity in distributed systems
First Claim
1. A method of securing remote code at a client computer system, said method comprising:
- retrieving encrypted remote code from a storage area;
receiving a key agent from a server computer system, wherein the key agent includes a first key arid a second key, the first key and the second key generated at the server;
decrypting the encrypted remote code using the first key, the decrypting resulting in a decrypted remote code;
storing the decrypted remote code in a temporary storage area;
verifying the decrypted remote code;
executing the decrypted remote code at the client computer system;
removing the decrypted remote code from the temporary storage area;
re-encrypting the decrypted remote code using the second key, resulting in a re-encrypted remote code;
receiving, at the server computer system, an acknowledgement message indicating that the decrypted remote code was successfully loaded by the client computer system;
copying the second key that was included with the key agent to a first key location area in response to receiving the acknowledgement message, the first key location area residing on a non-volatile storage device located at the server computer system;
generating a third key in response to receiving the acknowledgement message;
overwriting the second key with the third key; and
storing the third key in the non-volatile storage device located at the server computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for remote code integrity in distributed systems is presented. A server sends encrypted remote code to a client. The client receives the encrypted remote code and a key agent from the server. The key agent includes a key to decrypt the remote code. The client uses the key to decrypt the encrypted remote code and stores the decrypted remote code in internal memory. The key agent uses a second key included in the key agent to re-encrypt the decrypted remote code and stores the re-encrypted remote code in non-volatile memory. The client executes the decrypted remote code located in internal memory. Once the client is finished executing the decrypted remote code, the client overwrites the keys and deletes the old encrypted code.
20 Citations
12 Claims
-
1. A method of securing remote code at a client computer system, said method comprising:
-
retrieving encrypted remote code from a storage area; receiving a key agent from a server computer system, wherein the key agent includes a first key arid a second key, the first key and the second key generated at the server; decrypting the encrypted remote code using the first key, the decrypting resulting in a decrypted remote code; storing the decrypted remote code in a temporary storage area; verifying the decrypted remote code; executing the decrypted remote code at the client computer system; removing the decrypted remote code from the temporary storage area; re-encrypting the decrypted remote code using the second key, resulting in a re-encrypted remote code; receiving, at the server computer system, an acknowledgement message indicating that the decrypted remote code was successfully loaded by the client computer system; copying the second key that was included with the key agent to a first key location area in response to receiving the acknowledgement message, the first key location area residing on a non-volatile storage device located at the server computer system; generating a third key in response to receiving the acknowledgement message; overwriting the second key with the third key; and storing the third key in the non-volatile storage device located at the server computer system. - View Dependent Claims (2, 3, 4)
-
-
5. An information handling system comprising:
-
one or more processors; a memory accessible by the processors; one or more nonvolatile storage devices accessible by the processors; and a remote code security tool to secure remote code, the remote code security tool including; means for retrieving encrypted remote code from one of the nonvolatile storage devices; means for receiving a key agent from a server computer system over a computer network, wherein the key agent includes a first key and a second key, the first key and the second key generated at the server; means for decrypting the encrypted remote code using the first key, resulting in a decrypted remote code; means for storing the decrypted remote code in the memory; means for verifying the decrypted remote code; means for executing the decrypted remote code at the information handling system; means for removing the decrypted remote code from the memory; means for re-encrypting the decrypted remote code using the second key, resulting in a re-encrypted remote code; means for receiving, at the server computer system, an acknowledgement message indicating that the decrypted remote code was successfully loaded by the client computer system; means for copying the second key that was included with the key agent to a first key location area in response to receiving the acknowledgement message, the first key location area residing on a non-volatile storage device located at the server computer system; means for generating a third key in response to receiving the acknowledgement message; means for overwriting the second key with the third key; and means for storing the third key in the non-volatile storage device located at the server computer system. - View Dependent Claims (6, 7, 8)
-
-
9. A computer program product stored on a computer operable media for performing remote code integrity at a client computer system, said computer program product comprising:
-
means for retrieving encrypted remote code from a storage area; means for receiving a key agent from a server computer system over a computer network, wherein the key agent includes a first key and a second key, the first key and the second key generated at the server; means for decrypting the encrypted remote code using the first key, resulting in a decrypted remote code; means for storing the decrypted remote code in a temporary storage area; means for verifying the decrypted remote code; means for executing the decrypted remote code at the client computer system; means for removing the decrypted remote code from the temporary storage area; means for re-encrypting the decrypted remote code using the second key, resulting in a re-encrypted remote code; means for receiving, at the server computer system, an acknowledgement message indicating that the decrypted remote code was successfully loaded by the client computer system; means for copying the second key that was included with the key agent to a first key location area in response to receiving the acknowledgement message, the first key location area residing on a non-volatile storage device located at the server computer system; means for generating a third key in response to receiving the acknowledgement message; means for overwriting the second key with the third key; and means for storing the third key in the non-volatile storage device located at the server computer system. - View Dependent Claims (10, 11, 12)
-
Specification