Method, system and computer program for deploying software packages with increased security
First Claim
1. A method for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
- providing, from a server computer over a data network, a software package to be deployed to a set of selected target entities, each of the selected target entities being an endpoint computer;
associating a symmetric key with the software package;
encrypting at least a portion of the software package with the symmetric key;
for each selected target entity encrypting the symmetric key with the corresponding public key of the selected target entity;
building a further software package, the further software package including a plurality of encrypted symmetric keys, each encrypted symmetric key in the plurality of encrypted keys being associated with an indication of a corresponding selected target entity; and
deploying the encrypted software package and the further software package to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration, wherein for each selected target entity the further software package includes a command for decrypting the corresponding encrypted symmetric key with the associated private key, the command being conditioned to an identification of the selected target entity using run-time parameters of the selected target entity for enforcing a software configuration from the software configurations on the selected target entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A software distribution method (300) with security add-on is proposed. Particularly, any software package to be deployed to selected target endpoints is encrypted (312-315) with a symmetric key (generated dynamically). The symmetric key is in turn encrypted (318-321) with a public key of each target endpoint. A multi-segment software package (embedding the encrypted software package and the encrypted symmetric keys) is then deployed (324-336, 360) to all the target endpoints. In this way, each target endpoint can decrypt (343-348) the encrypted symmetric key with a corresponding private key; it is then possible to decrypt (363-366) the encrypted software package with the symmetric key so obtained. As a result, the endpoint is able to apply (369) the decrypted software package. Therefore, the application of the software package can be restricted to the desired target endpoints only.
-
Citations
15 Claims
-
1. A method for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
-
providing, from a server computer over a data network, a software package to be deployed to a set of selected target entities, each of the selected target entities being an endpoint computer; associating a symmetric key with the software package; encrypting at least a portion of the software package with the symmetric key;
for each selected target entity encrypting the symmetric key with the corresponding public key of the selected target entity;building a further software package, the further software package including a plurality of encrypted symmetric keys, each encrypted symmetric key in the plurality of encrypted keys being associated with an indication of a corresponding selected target entity; and deploying the encrypted software package and the further software package to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration, wherein for each selected target entity the further software package includes a command for decrypting the corresponding encrypted symmetric key with the associated private key, the command being conditioned to an identification of the selected target entity using run-time parameters of the selected target entity for enforcing a software configuration from the software configurations on the selected target entity. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product including a computer-usable storage device embodying a computer program, the computer program when executed on a data processing system causing the system to perform a method for deploying software packages adapted to enforce software configurations in the system, the system including a plurality of target entities each one being associated with a corresponding pair of private key and public key, wherein the method includes the steps of:
-
providing, from a server computer over a data network, a software package to be deployed to a set of selected target entities, each of the selected target entities being an endpoint computer; associating a symmetric key with the software package; encrypting at least a portion of the software package with the symmetric key;
for each selected target entity encrypting the symmetric key with the corresponding public key of the selected target entity;building a further software package, the further software package including a plurality of encrypted symmetric keys, each encrypted symmetric key in the plurality of encrypted keys being associated with an indication of a corresponding selected target entity; and deploying the encrypted software package and the further software package to the selected target entities to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration, wherein for each selected target entity the further software package includes a command for decrypting the corresponding encrypted symmetric key with the associated private key, the command being conditioned to an identification of the selected target entity using run-time parameters of the selected target entity for enforcing a software configuration from the software configurations on the selected target entity. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system for deploying software packages adapted to enforce software configurations in a data processing system including a plurality of target entities, each target entity being associated with a corresponding pair of private key and public key, wherein the system includes:
-
a storage device including a storage medium, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises; computer usable code for providing, from a server computer over a data network, a software package to be deployed to a set of selected target entities, each of the selected target entities being an endpoint computer; computer usable code for associating a symmetric key with the software package; computer usable code for encrypting at least a portion of the software package with the symmetric key; computer usable code for encrypting the symmetric key with the corresponding public key for each selected target entity; computer usable code for building a further software package, the further software package including a plurality of encrypted symmetric keys, each encrypted symmetric key in the plurality of encrypted keys being associated with an indication of a corresponding selected target entity; and computer usable code for deploying the encrypted software package and the further software package to enable each selected target entity to decrypt the corresponding encrypted symmetric key with the associated private key, to decrypt the encrypted software package with the decrypted symmetric key, and to apply the decrypted software package for enforcing the corresponding software configuration, wherein for each selected target entity the further software package includes a command for decrypting the corresponding encrypted symmetric key with the associated private key, the command being conditioned to an identification of the selected target entity using run-time parameters of the selected target entity for enforcing a software configuration from the software configurations on the selected target entity. - View Dependent Claims (12, 13, 14, 15)
-
Specification