Software verification system, method and computer program element

US 7,496,757 B2
Filed: 01/14/2002
Issued: 02/24/2009
Est. Priority Date: 01/14/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A system for verification and installation of a virtual machine, comprising:

a processor;

a primary library file, the primary library file having a digital signature, wherein the primary library file is a virtual machine dynamic link library file;

a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the primary library file, wherein, if the public key cannot be obtained via the virtual machine provider, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider; and

a plurality of secondary files referenced by the primary library file, each of the plurality of secondary files having a digital signature;

wherein the loader program verifies and selectively loads the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file subsequently verifying and selectively loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files,at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file,at least one administrator-configurable file andthe digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software security system is arranged to verify the authenticity of each element of a Java Virtual Machine installation. A digital signature is attached to each file of the JVM installation. A loader (20) verifies the digital signature of the JVM DLL (30). The JVM DLL 30 then verifies the digital signature of each other DLL and configuration file to be loaded (40, 50, 60, 70), and only loads those files which have successfully verified digital signatures. In this way the security of the JVM is enhanced, a user has greater confidence that the Java applications will function correctly, and the detection of incorrect or damaged JVM installations is improved.

120 Citations

View as Search Results

13 Claims

1. A system for verification and installation of a virtual machine, comprising:
- a processor;
  
  a primary library file, the primary library file having a digital signature, wherein the primary library file is a virtual machine dynamic link library file;
  
  a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the primary library file, wherein, if the public key cannot be obtained via the virtual machine provider, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider; and
  
  a plurality of secondary files referenced by the primary library file, each of the plurality of secondary files having a digital signature;
  
  wherein the loader program verifies and selectively loads the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file subsequently verifying and selectively loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files,at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file,at least one administrator-configurable file andthe digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.
- View Dependent Claims (3, 5, 6, 10, 12)
- - 3. The system for verification and installation of a virtual machine of claim 1, further characterised by:
    - the virtual machine provider is accessed through an internet site to provide the public key.
  - 5. The system for verification and installation of a virtual machine of claim 1, wherein the loader program is a third-party application that initiates the virtual machine installation.
  - 6. The system for verification and installation of a virtual machine of claim 1, wherein the loader program is a virtual machine launcher that initiates the virtual machine installation.
  - 10. The system for verification and installation of a virtual machine of claim 5, wherein the third-party application launches the loader program through a native interface.
  - 12. The system for verification and installation of a virtual machine of claim 10, wherein a binary module is linked into the third-party application and performs verification.

2. A method for verification and installation of a virtual machine comprising:
- launching a loader program operated by a processor and arranged to load library files;
  
  checking for an availability of a public key from an internet site of a virtual machine provider;
  
  if the public key is available from the internet site of the virtual machine provider, using the public key as a digital signature key;
  
  if the public key is not available from the internet site of the virtual machine provider, using a hidden public key stored inside the loader program as the digital signature key;
  
  using the loader program to verify authenticity of a digital signature incorporated in a primary library file by comparing said digital signature with the digital signature key, wherein the primary library file is a virtual machine dynamic link library file;
  
  selectively loading the primary library file in dependence upon the successful verification of its digital signature;
  
  for each of a plurality of secondary files, using the primary library file to verify authenticity of a digital signature incorporated in corresponding one of the plurality of secondary files by calling the loader program to compare the digital signature incorporated in the corresponding one of the plurality of secondary files with the digital signature key; and
  
  ,selectively loading the plurality of secondary files in dependence upon the successful verification of their digital signatures,including at least one tertiary file referenced by at least one secondary file of the plurality of secondary files,after successful verification and selective loading of the at least one secondary file, using the at least one secondary file to manage the verification and selective loading of the at least one tertiary file, at least one administrator-configurable file andthe digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program further verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable file is loaded upon successful verification of any corresponding digital signatures, wherein the at least one administrator-configurable file includes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.
- View Dependent Claims (4, 7, 8, 11, 13)
- - 4. The method for verification and installation of a virtual machine of claim 2, further characterised by:
    - the virtual machine provider is accessed through an internet site to provide the public key.
  - 7. The method for verification and installation of a virtual machine of claim 2, wherein the loader program is a third-party application that initiates the virtual machine installation.
  - 8. The method for verification and installation of a virtual machine of claim 2, wherein the loader program is a virtual machine launcher that initiates the virtual machine installation.
  - 11. The method for verification and installation of a virtual machine of claim 7, wherein the third-party application launches the loader program through a native interface.
  - 13. The method for verification and installation of a virtual machine of claim 11, further comprising linking a binary module into the third-party application, the binary module performing verification.

9. A system for verification and installation of a virtual machine comprising:
- a processor;
  
  a virtual machine primary library file, the virtual machine primary library file having a digital signature;
  
  a loader program that, when operated by the processor, checks for a public key from a virtual machine provider to use as a digital signature key and, if the digital signature of the primary library file is verified against the digital signature key, further loads the virtual machine dynamic link library file; and
  
  a plurality of secondary files referenced by the virtual machine primary library file, each of the plurality of secondary files having a digital signature;
  
  wherein the loader program verifies and selectively loads the virtual machine primary library file by comparing the obtained digital signature key with the digital signature of the virtual machine primary library file, the virtual machine primary library file subsequently verifying and, if the digital signature of the primary library file is verified against the digital signature key, loading the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files, wherein, if the public key cannot be obtained via the virtual machine provider over the internet, the digital signature key is a hidden public key internal to the loader program and, if the public key can be obtained via an internet site of the virtual machine provider, the digital signature key is the public key obtained via the virtual machine provider over the internet;
  
  at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file manages the verification and selective loading of the at least one tertiary file;
  
  at least one administrator-configurable file; and
  
  the digital signature key comprising a number of keys including a private key provided by an administrator,wherein the loader program verifies the digital signature of the at least one administrator-configurable file using the private key, wherein the at least one administrator-configurable fileincludes at least one of a security file and a policy file that is updatable by use of the private key, wherein authenticity of each element of a virtual machine installation is verified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Abbott, Paul Harry, Nadalin, Anthony Joseph, Koved, Lawrence, Pistoia, Marco
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
WILLIAMS, JEFFERY L

Application Number

US10/050,083
Publication Number

US 20030135746A1
Time in Patent Office

2,598 Days
Field of Search

713/176, 713/2, 713164- 6, 713/187, 719331- 3
US Class Current

713/176
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

Software verification system, method and computer program element

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

Software verification system, method and computer program element

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others