Network accessible trusted code

US 8,006,281 B2
Filed: 12/21/2006
Issued: 08/23/2011
Est. Priority Date: 12/21/2006
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising one or more computer-readable storage media, not including signals, having stored thereon computer-executable instructions that, when executed by one or more processors of a computer system, cause the computer system to perform a method for accessing a trusted assembly from a virtualized location, the method comprising:

an act of detecting receipt of a request from the computer system to access an assembly comprising a library that is shared by a plurality of software programs, wherein the address of the assembly is expressed in the request as a virtualized location, the assembly being stored on a separate computer system in a trusted assembly cache;

an act of resolving the virtualized location to a physical location where the assembly is physically stored on the separate computer system, the resolving comprising accessing an information store that maintains the current physical location corresponding to the requested assembly'"'"'s virtualized location;

an act of determining whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly; and

upon determining that the requested assembly is trusted, an act of accessing the requested assembly from the physical location.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In one embodiment, a computer system performs a method for accessing a trusted assembly from a virtualized location. A computer system detects receipt of a request to access an assembly. The address of the assembly is expressed in the request as a virtualized location. The computer system resolves the virtualized location to a physical location where the assembly is physically stored. The resolving includes accessing an information store that maintains the current physical location corresponding to the requested assembly'"'"'s virtualized location. The computer system determines whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly. Lastly, upon determining that the requested assembly is trusted, the computer system accesses the requested assembly from the physical location.

Citations

20 Claims

1. A computer program product comprising one or more computer-readable storage media, not including signals, having stored thereon computer-executable instructions that, when executed by one or more processors of a computer system, cause the computer system to perform a method for accessing a trusted assembly from a virtualized location, the method comprising:
- an act of detecting receipt of a request from the computer system to access an assembly comprising a library that is shared by a plurality of software programs, wherein the address of the assembly is expressed in the request as a virtualized location, the assembly being stored on a separate computer system in a trusted assembly cache;
  
  an act of resolving the virtualized location to a physical location where the assembly is physically stored on the separate computer system, the resolving comprising accessing an information store that maintains the current physical location corresponding to the requested assembly'"'"'s virtualized location;
  
  an act of determining whether the requested assembly qualifies as a trusted assembly by verifying that the assembly sufficiently complies with information encoded within the assembly; and
  
  upon determining that the requested assembly is trusted, an act of accessing the requested assembly from the physical location.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The computer program product of claim 1, wherein the trusted assembly cache is stored on a plurality of computer systems.
  - 3. The computer program product of claim 2, wherein the method further comprises an act of dividing the requested assembly into one or more portions and storing each portion on at least one of the plurality of computer systems.
  - 4. The computer program product of claim 3, wherein the plurality of computer systems is geographically dispersed so as to increase fault tolerance.
  - 5. The computer program product of claim 1, wherein a string identifier is used to identify the physical location of the requested assembly.
  - 6. The computer program product of claim 1, wherein the method further comprises trusting all assemblies or portions of assemblies located at a trusted virtualized location.
  - 7. The computer program product of claim 1, wherein the information encoded within the assembly comprises information in the assembly'"'"'s string identifier.
  - 8. The computer program product of claim 1, wherein the information encoded within the assembly comprises security metadata.
  - 9. The computer program product of claim 1, wherein the information encoded within the assembly comprises rules and/or policies that are used to resolve the assembly'"'"'s physical location.
  - 10. The computer program product of claim 9, wherein the rules and policies are user customizable.
  - 11. The computer program product of claim 10, wherein customizing a customizable rule includes selecting the names of trusted assemblies.
  - 12. The computer program product of claim 10, wherein customizing a customizable rule includes selecting the number of assemblies that are to be trusted.
  - 13. The computer program product of claim 1, wherein the information encoded within the assembly comprises a digital certificate.
  - 14. The computer program product of claim 1, wherein the physical location is a network location.
  - 15. The computer program product of claim 1, wherein the method further comprises changing the physical location of the assembly while maintaining the same virtualized location.
  - 16. The computer program product of claim 1, wherein the method further comprises automatically requesting file updates transparent to the user.

17. A computer program product comprising one or more computer-readable storage media, not including signals, having stored thereon computer-executable instructions that, when executed by one or more processors of a computer system, cause the computer system to perform a method for accessing trusted assemblies from a virtualized location, the method comprising:
- an act of installing a software program, wherein the act of installing the software program results in an installation of a subset, but not all, of files helpful to implement one or more portions of the software program'"'"'s functionality;
  
  an act of receiving from the software program a request for an assembly comprising a library that is shared by a plurality of software programs;
  
  an act of querying a local assembly cache for the requested assembly;
  
  upon determining that the requested assembly is not stored in the local assembly cache, an act of using a network protocol to retrieve the requested assembly from a virtualized location, the virtual location representing a location in an assembly cache on a separate computer system;
  
  an act of using the network protocol to determine whether an updated version of the requested assembly exists; and
  
  upon determining that an updated version of the requested assembly exists, an act of accessing the updated version of the requested assembly.
- View Dependent Claims (18, 19)
- - 18. The computer program product of claim 17, wherein the method further comprises locally caching the retrieved assembly.
  - 19. The computer program product of claim 17, wherein the protocol is HTTP.

20. A method for accessing a trusted program file from an addressable location, the method comprising:
- an act of receiving a communication at a first computer system, wherein the communication includes a request to access a program file, the address of the program file being expressed in the request as a first addressable location, the program file comprising a library that is shared by a plurality of software programs;
  
  an act of resolving the first addressable location to a second addressable location, wherein the program file is physically stored at the second addressable location in an assembly cache, the second addressable location being a second computer system separate from the first computer system, the resolving comprising accessing an information store that maintains the current physical location of a program file corresponding to the requested program file'"'"'s first addressable location;
  
  an act of determining whether the requested program file qualifies as a trusted program file by verifying that the program file at least sufficiently complies with information encoded within the program file; and
  
  if it is determined that the requested program file is trusted, an act of accessing the requested program file from the second location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Schackow, Stefan N., Kothari, Nikhil
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US11/614,943
Publication Number

US 20080155642A1
Time in Patent Office

1,706 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/51 at application loading time...

Network accessible trusted code

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Network accessible trusted code

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links