Method and system for controlled distribution of application code and content data within a computer network
First Claim
1. A method for secure communication between a client and a server in a database processing system, the method comprising:
- generating a client message at the client;
retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client, the read-only memory structure having an embedded client private key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, the embedded client private key being associated with a client public key generated and stored exclusively outside the client;
encrypting the client message with the embedded server public key;
sending the client message to the server;
receiving a server message including application code from the server at the client in response to the client message, the application code having a first portion encrypted with a server private key and a second portion which is not encrypted by a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code;
authenticating the first portion of the application code with the embedded server public key; and
authenticating the second portion of the application code using an integrity checking algorithm that is less computationally expensive than a public key algorithm,wherein the application code is either program source code or compiled program source code.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server'"'"'s private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.
-
Citations
5 Claims
-
1. A method for secure communication between a client and a server in a database processing system, the method comprising:
-
generating a client message at the client; retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client, the read-only memory structure having an embedded client private key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, the embedded client private key being associated with a client public key generated and stored exclusively outside the client; encrypting the client message with the embedded server public key; sending the client message to the server; receiving a server message including application code from the server at the client in response to the client message, the application code having a first portion encrypted with a server private key and a second portion which is not encrypted by a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code; authenticating the first portion of the application code with the embedded server public key; and authenticating the second portion of the application code using an integrity checking algorithm that is less computationally expensive than a public key algorithm, wherein the application code is either program source code or compiled program source code. - View Dependent Claims (2, 3)
-
-
4. A method for secure communication between a client and a server in a data processing system, the method comprising:
-
receiving a client message from the client; retrieving a server private key; decrypting the client message with the server private key; retrieving a client serial number from the decrypted client message; retrieving a client public key that is associatively stored with the retrieved client serial number, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client and is generated and stored exclusively outside the client; and generating a server message including application code at the server in response to the client message, the application code having a first portion encrypted with the server private key and a second portion which is not encrypted by a public key algorithm, the first portion being authenticable with a server public key and the second portion being authenticable with an integrity checking algorithm that is less computationally expensive than a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code; wherein the read-only memory structure has an embedded server public key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, wherein the application code is either program source code or compiled program source code. - View Dependent Claims (5)
-
Specification