System and computer readable medium for verifying access to signed ELF objects

US 8,312,431 B1
Filed: 09/19/2005
Issued: 11/13/2012
Est. Priority Date: 09/17/2004
Status: Active Grant

First Claim

Patent Images

1. A computer system for verifying an Executable and Linking File (ELF) object, comprising:

a processor;

a memory;

a storage device; and

software instructions stored in the memory for enabling the computer system under control of the processor, to;

receive a request to verify an ELF object from a first client;

obtain the ELF object from the first clientextract, from the ELF object, an ELF signature and an ELF signer name associated with the ELF signature;

obtain, using the ELF signer name, an ELF certificate issued by a certificate authority;

verify the ELF certificate using a public key associated with the certificate authority;

determine, using the ELF certificate, that the ELF signature associated with the ELF object is valid;

determine that the ELF certificate comprises a usage restriction associated with the ELF object;

obtain a first activation file from the first client;

extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature;

obtain an first activation file certificate using the first activation file signer name;

determine, using the first activation file certificate, that the first activation file signature is not valid;

instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid;

obtain a second activation file from a second client;

extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature,obtain an second activation file certificate using the second activation file signer name;

determine, using the second activation file certificate, that the second activation file signature is valid; and

instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for verifying an Executable and Linking File (ELF) object, that includes receiving a request for an ELF object from a client, obtaining the ELF object, determining whether a signature associated with the ELF object is valid, determining whether a usage restriction is associated with the ELF object, if the signature is valid, and restricting access to the ELF object, if the usage restriction is associated with the ELF object.

Citations

17 Claims

1. A computer system for verifying an Executable and Linking File (ELF) object, comprising:
- a processor;
  
  a memory;
  
  a storage device; and
  
  software instructions stored in the memory for enabling the computer system under control of the processor, to;
  
  receive a request to verify an ELF object from a first client;
  
  obtain the ELF object from the first clientextract, from the ELF object, an ELF signature and an ELF signer name associated with the ELF signature;
  
  obtain, using the ELF signer name, an ELF certificate issued by a certificate authority;
  
  verify the ELF certificate using a public key associated with the certificate authority;
  
  determine, using the ELF certificate, that the ELF signature associated with the ELF object is valid;
  
  determine that the ELF certificate comprises a usage restriction associated with the ELF object;
  
  obtain a first activation file from the first client;
  
  extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature;
  
  obtain an first activation file certificate using the first activation file signer name;
  
  determine, using the first activation file certificate, that the first activation file signature is not valid;
  
  instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid;
  
  obtain a second activation file from a second client;
  
  extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature,obtain an second activation file certificate using the second activation file signer name;
  
  determine, using the second activation file certificate, that the second activation file signature is valid; and
  
  instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein obtaining the activation file certificate comprises:
    - verifying the first activation file certificate using the public key associated with the certificate authority.
  - 3. The system of claim 2, wherein the software instructions further enable the computer system to:
    - report to the client that the ELF object is usage restricted when the first activation file certificate is not valid.
  - 4. The system of claim 1, wherein overriding the usage restriction comprises allowing the second client to execute the ELF object.
  - 5. The system of claim 1, wherein enforcing the usage restriction of the ELF object comprises not allowing the first client to execute the ELF object.
  - 6. The system of claim 1, wherein determining, using the ELF certificate, that the ELF signature associated with, the ELF object is valid comprises:
    - performing a hash function using at least one non-signature section of the ELF object to obtain a hash value; and
      
      performing a verification operation on the hash value using the public key.
  - 7. The system of claim 6, wherein the verification operation is an RSA verify operation.
  - 8. The computer system of claim 1,wherein overriding the usage restriction comprises allowing the second client to access to the ELF object.

9. A non-transitory computer readable medium for verifying an Executable and Linking File (ELF) object, comprising software instructions to:
- receive a request to verify an ELF object from a first client;
  
  obtain the ELF object, from the clientextract, from the ELF object an ELF signature and an ELF signer name associated with the ELF signature;
  
  obtain, using the ELF signer name, an ELF certificate issued by a certificate authority;
  
  verify the ELF certificate using a public key associated with the certificate authority;
  
  determine, using the ELF certificate, that the signature associated with the ELF object is valid;
  
  determine that the ELF certificate comprises a usage restriction associated with the ELF object;
  
  obtain a first activation file from the first client;
  
  extract, from the first activation file, a first activation file signature and a first activation file signer name associated with the first activation file signature;
  
  obtain an first activation file certificate using the first activation file signer name;
  
  determine, using the first activation file certificate, that the first activation file signature is not valid;
  
  instruct the first client to enforce the usage restriction of the ELF object in response to the determination that the first activation file signature is not valid;
  
  obtain a second activation file from a second client,extract, from the second activation file, a second activation file signature and a second activation file signer name associated with the second activation file signature;
  
  obtain an second activation file certificate using the second activation file signer name;
  
  determine, using the second activation file certificate, that the second activation file signature is valid; and
  
  instruct the second client to override the usage restriction of the ELF object using the second activation file in response to the determination that the second activation file signature is valid.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The computer readable medium of claim 9, wherein the usage restriction prevents the first client from executing the ELF object.
  - 11. The computer readable medium of claim 9, wherein the ELF object is received from a framework executing on the first client.
  - 12. The computer readable medium of claim 9, wherein the activation file overrides the usage restriction associated with the ELF object, by allowing the second client to execute the ELF object.
  - 13. The computer readable medium of claim 9, wherein the ELF object further comprises:
    - a distinguished name of the ELF certificate associated with the ELF object; and
      
      a name of a process used to sign the ELF object.
  - 14. The computer readable medium of claim 13, wherein the ELF signature is stored in the ELF object in RSA Public-Key Cryptography Standards (PKCS) #1 format.
  - 15. The computer readable medium of claim 13, wherein the process is an RSA Public-Key Cryptography Standards (PKCS) #1 algorithm.
  - 16. The computer readable medium of claim 9, wherein the request is received by the first client using a remote procedure call.
  - 17. The computer readable medium of claim 9,wherein overriding the usage restriction comprises allowing the second client to access to the ELF object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Oracle America, Inc. (Oracle Corporation)
Inventors
Belgaied, Kais, Sangster, Paul, Moffat, Darren J.
Primary Examiner(s)
Zhen, Li B
Assistant Examiner(s)
Pan, Hang

Application Number

US11/230,083
Time in Patent Office

2,612 Days
Field of Search

717/140, 717/174, 717/177, 717/120, 717/126, 713/155, 713/164, 713/168, 713/189, 710/200, 726/27
US Class Current

717/126
CPC Class Codes

G06F 21/335 for accessing specific reso...

G06F 9/445 Program loading or initiati...

System and computer readable medium for verifying access to signed ELF objects

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and computer readable medium for verifying access to signed ELF objects

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links