System and computer readable medium for verifying access to signed ELF objects
First Claim
Patent Images
1. A computer system for verifying an Executable and Linking File (ELF) object, comprising:
- a processor;
a memory;
a storage device; and
software instructions stored in the memory for enabling the computer system under control of the processor, to;
receive a request to verify an ELF object from a first client;
obtain the ELF object from the first clientextract, from the ELF object, an ELF signature and an ELF signer name associated with the ELF signature;
obtain, using the ELF signer name, an ELF certificate issued by a certificate authority;
verify the ELF certificate using a public key associated with the certificate authority;
determine, using the ELF certificate, that the ELF signature associated with the ELF object is valid;
determine that the ELF certificate comprises a usage restriction associated with the ELF object;
obtain a first activation file from the first client;
extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature;
obtain an first activation file certificate using the first activation file signer name;
determine, using the first activation file certificate, that the first activation file signature is not valid;
instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid;
obtain a second activation file from a second client;
extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature,obtain an second activation file certificate using the second activation file signer name;
determine, using the second activation file certificate, that the second activation file signature is valid; and
instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for verifying an Executable and Linking File (ELF) object, that includes receiving a request for an ELF object from a client, obtaining the ELF object, determining whether a signature associated with the ELF object is valid, determining whether a usage restriction is associated with the ELF object, if the signature is valid, and restricting access to the ELF object, if the usage restriction is associated with the ELF object.
-
Citations
17 Claims
-
1. A computer system for verifying an Executable and Linking File (ELF) object, comprising:
-
a processor;
a memory;
a storage device; andsoftware instructions stored in the memory for enabling the computer system under control of the processor, to; receive a request to verify an ELF object from a first client; obtain the ELF object from the first client extract, from the ELF object, an ELF signature and an ELF signer name associated with the ELF signature; obtain, using the ELF signer name, an ELF certificate issued by a certificate authority; verify the ELF certificate using a public key associated with the certificate authority; determine, using the ELF certificate, that the ELF signature associated with the ELF object is valid; determine that the ELF certificate comprises a usage restriction associated with the ELF object; obtain a first activation file from the first client; extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature; obtain an first activation file certificate using the first activation file signer name; determine, using the first activation file certificate, that the first activation file signature is not valid; instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid; obtain a second activation file from a second client; extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature, obtain an second activation file certificate using the second activation file signer name; determine, using the second activation file certificate, that the second activation file signature is valid; and instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer readable medium for verifying an Executable and Linking File (ELF) object, comprising software instructions to:
-
receive a request to verify an ELF object from a first client; obtain the ELF object, from the client extract, from the ELF object an ELF signature and an ELF signer name associated with the ELF signature; obtain, using the ELF signer name, an ELF certificate issued by a certificate authority; verify the ELF certificate using a public key associated with the certificate authority; determine, using the ELF certificate, that the signature associated with the ELF object is valid; determine that the ELF certificate comprises a usage restriction associated with the ELF object; obtain a first activation file from the first client; extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature; obtain an first activation file certificate using the first activation file signer name; determine, using the first activation file certificate, that the first activation file signature is not valid; instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid; obtain a second activation file from a second client, extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature; obtain an second activation file certificate using the second activation file signer name; determine, using the second activation file certificate, that the second activation file signature is valid; and instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
Specification