Updating digitally signed active content elements without losing attributes associated with an original signing user
First Claim
1. A method of updating an original version of a unit of active content, comprising:
- receiving, by an updating entity, a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user;
determining, by said updating entity, the identity of said originally signing user from said digital signature contained in said original version of said unit of active content;
storing, by said updating entity, an indication of said identity of said originally signing user in a field within a new version of said unit of active content, wherein said field associates said new version of said unit of active content with at least one privilege associated with said originally signing user;
writing, by said updating entity, said new version of program code into said new version of said unit of active content; and
digitally signing, by said updating entity, said new version of said unit of active content, including generating a digital signature using a private encryption key belonging to said updating entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for updating digitally signed active elements without losing attributes associated with an originally signing user. An updating entity determines the identity of an originally signing user from the original digital signature of an active content unit to be updated. Privileges associated with the original active content unit are determined from the original contents of the active content unit, or based on the identity of the originally signing user. The updating entity updates the active content unit with the new software version, and associates the original privileges for the active content unit with the new version of the active content unit. The updating entity stores the identity of the originally creating user in an On Behalf of: field of the updated active content unit. The updated active content unit is digitally signed by the updating entity. When a subsequent software update is received for the previously updated digitally signed active content unit, the updating entity determines that the On Behalf of: field is non-empty, and can then determine whether the previous signer has privileges allowing it to digitally sign for other users, and whether any privileges associated with (e.g. indicated within) the active content unit are available to the user identified in the On Behalf of: field. The privileges associated with subsequent updated version of the active content unit can advantageously be based on the identity of the user contained in the On Behalf of: field.
22 Citations
17 Claims
-
1. A method of updating an original version of a unit of active content, comprising:
-
receiving, by an updating entity, a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user; determining, by said updating entity, the identity of said originally signing user from said digital signature contained in said original version of said unit of active content; storing, by said updating entity, an indication of said identity of said originally signing user in a field within a new version of said unit of active content, wherein said field associates said new version of said unit of active content with at least one privilege associated with said originally signing user; writing, by said updating entity, said new version of program code into said new version of said unit of active content; and digitally signing, by said updating entity, said new version of said unit of active content, including generating a digital signature using a private encryption key belonging to said updating entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system including a non-transitory computer readable storage medium, said non-transitory computer readable storage medium having program code stored thereon for updating an original version of a unit of active content, wherein said program code, when executed, is operable to cause a computer system to:
-
receive, by an updating entity, a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user; determine, by said updating entity, the identity of said originally signing user from said digital signature contained in said original version of said unit of active content; store, by said updating entity, an indication of said identity of said originally signing user in a field within a new version of said unit of active content, wherein said field associates said new version of said unit of active content with at least one privilege associated with said originally signing user; write said new version of program code into said new version of said unit of active content; and
digitally sign, by the updating entity, said new version of said unit of active content, including generation of a digital signature using a private encryption key belonging to said updating entity. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product including a non-transitory computer readable storage medium, said non-transitory computer readable storage medium having program code stored thereon for updating an original version of a unit of active content, wherein said program code, when executed, is operable to cause a computer system to:
-
receive, by an updating entity, a new version of program code for replacing at least a portion of said original version of said unit of active content, wherein said original version of said unit of active content contains a digital signature generated using a private encryption key belonging to said originally signing user; determine, by said updating entity, the identity of said originally signing user from said digital signature contained in said original version of said unit of active content, wherein said field associates said new version of said unit of active content with at least one privilege associated with said originally signing user; store, by said updating entity, an indication of said identity of said originally signing user in a field within a new version of said unit of active content; write said new version of program code into said new version of said unit of active content; and
digitally sign, by said updating entity, said new version of said unit of active content, including generation of a digital signature using a private encryption key belonging to said updating entity.
-
Specification