Security for software in a computing system

US 8,826,005 B1
Filed: 08/21/2008
Issued: 09/02/2014
Est. Priority Date: 08/21/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, at a computer, a request to install an application associated with a developer of the application, the request to install being received from a potential user of the application;

in response to the request to install, requesting, by the computer, trust information corresponding to the application and indicating whether a trusted entity trusts the application, the trusted entity being another user who trusts the application, is trusted by the potential user and is different than the developer;

receiving the trust information at the computer, wherein the received trust information corresponding to the application and indicating whether the trusted entity trusts the application comprises a public key of the trusted entity and a digital signature relating to the application and generated by the trusted entity;

validating, by the computer, the digital signature relating to the application using the public key of the trusted entity, wherein the validating results in an indication that the trusted entity trusts the application; and

installing the application on the computer based on the indication that the trusted entity trusts the application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-program products enable a security system. Trust information is received, at a computer, where the trust information corresponds to an application and wherein the trust information comprising a digital signature from a trusted entity that is different than the developer of the application. A determination is made whether a user associated with the computer trusts the trusted entity. The digital signature is used to install the application on the computer if the user trusts the trusted entity.

Citations

35 Claims

1. A computer-implemented method comprising:
- receiving, at a computer, a request to install an application associated with a developer of the application, the request to install being received from a potential user of the application;
  
  in response to the request to install, requesting, by the computer, trust information corresponding to the application and indicating whether a trusted entity trusts the application, the trusted entity being another user who trusts the application, is trusted by the potential user and is different than the developer;
  
  receiving the trust information at the computer, wherein the received trust information corresponding to the application and indicating whether the trusted entity trusts the application comprises a public key of the trusted entity and a digital signature relating to the application and generated by the trusted entity;
  
  validating, by the computer, the digital signature relating to the application using the public key of the trusted entity, wherein the validating results in an indication that the trusted entity trusts the application; and
  
  installing the application on the computer based on the indication that the trusted entity trusts the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - updating a local cache, retained by the computer, with the trust information.
  - 3. The method of claim 1, further comprising:
    - querying the potential user to obtain user confirmation that the potential user trusts the trusted entity.
  - 4. The method of claim 1, wherein the digital signature relating to the application from the trust information corresponding to the application and indicating whether the trusted entity trusts the application is generated by the trusted entity by signing with a private key of the trusted entity the application to be installed on the computer.
  - 5. The method of claim 1, wherein the trust information corresponding to the application and indicating whether the trusted entity trusts the application further comprises:
    - a certificate associated with a developer and signed by a private key of the developer.
  - 6. The method of claim 1, wherein receiving the trust information comprises:
    - receiving at least some of the trust information at the computer from a network based information server system remote from the computer.
  - 7. The method of claim 1, wherein receiving trust information at a computer comprises:
    - receiving at least some of the trust information at the computer via e-mail.
  - 8. The method of claim 1, wherein receiving trust information at a computer comprises:
    - downloading at least some of the trust information at the computer from a web site.

9. A computer-implemented method, comprising:
- receiving, at a computer, a request to install an application associated with a developer of the application, the request to install being received from a potential user of the application;
  
  in response to the request to install, requesting, by the computer, trust information corresponding to the developer and indicating whether a trusted entity trusts the developer, the trusted entity being another user who trusts the developer, is trusted by the potential user and is different than the developer;
  
  receiving the trust information at the computer, wherein the received trust information corresponding to the developer and indicating whether the trusted entity trusts the developer comprises a public key of the trusted entity and a digital signature relating to the developer and generated by the trusted entity;
  
  validating, by the computer, the digital signature relating to the developer using the public key of the trusted entity, wherein the validating results in an indication that the trusted entity trusts the developer;
  
  querying the potential user by the computer to obtain user confirmation that the potential user trusts the trusted entity; and
  
  installing the application on the computer based on the indication that the trusted entity trusts the developer and the user confirmation that the potential user trusts the trusted entity.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9, further comprising:
    - updating a local cache, retained by the computer, with the trust information.
  - 11. The method of claim 9, wherein the digital signature relating to the developer from the trust information corresponding to the developer and indicating whether the trusted entity trusts the developer is generated by the trusted entity by signing a public key of the developer using a private key of the trusted entity.
  - 12. The method of claim 9, wherein the trust information corresponding to the developer and indicating whether the trusted entity trusts the developer further comprises:
    - a certificate associated with the developer and signed by a private key of the developer.
  - 13. The method of claim 9, wherein receiving trust information comprises:
    - receiving at least some of the trust information from a network based information server system remote from the computer.
  - 14. The method of claim 9, wherein receiving trust information comprises:
    - receiving at least some of the trust information via e-mail.
  - 15. The method of claim 9, wherein receiving trust information comprises:
    - downloading at least some of the trust information from a web site.

16. A computer-implemented method comprising:
- storing, at a network-based information server system, trust information corresponding to an application associated with a developer of the application, the trust information received from a trusted entity and indicating whether the trusted entity trusts any version of the application associated with the developer, where the trusted entity is a user of the application who trusts both the application and the developer and who is different than the developer, wherein the stored trust information indicating whether the trusted entity trusts any version of the application associated with the developer comprises a public key of the trusted entity and a digital signature generated by the trusted entity and relating to the application and the developer;
  
  receiving, at the network-based information server system from a computer associated with another user who trusts the trusted entity, a request specifying a name of the application associated with the developer;
  
  identifying, based on the request, the stored trust information indicating whether the trusted entity trusts any version of the application associated with the developer; and
  
  transmitting the identified trust information to the computer associated with the other user who trusts the trusted entity for use in installing any version of the application associated with the developer and having the specified name.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, wherein the digital signature relating to the application and the developer from the trust information indicating whether the trusted entity trusts any version of the application associated with the developer is generated by the trusted entity by signing both a public key of the developer and the name of the application associated with the developer with a private key of the trusted entity.
  - 18. The method of claim 16, wherein the trust information indicating whether the trusted entity trusts any version of the application associated with the developer further comprises:
    - a certificate associated with the developer of the application and signed by a private key of the developer.
  - 19. The method of claim 16, wherein transmitting the stored trust information comprises transmitting the stored trust information via e-mail.
  - 20. The method of claim 16, where the network-based information server system comprises a web server.
  - 21. The method of claim 16, wherein receiving, at the network-based information server system, a request comprises receiving a request at a web site.

22. A system comprising:
- a user interface configured to receive input from a user associated with the system;
  
  a cache device;
  
  one or more processors communicatively coupled with the cache device; and
  
  a non-transitory storage medium storing instructions that, when executed by the one or more processors, cause the system to perform operations comprising;
  
  identifying an application associated with a developer of the application;
  
  receiving, from a network-based information server system, trust information corresponding to the developer and indicating whether a trusted entity trusts the developer, the trusted entity being another user of the application who trusts the application, is trusted by the user associated with the system and is different from the developer, wherein the received trust information corresponding to the developer and indicating whether the trusted entity trusts the developer comprises a public key of the trusted entity and digital signature relating to the developer and generated by the trusted entity;
  
  updating the cache device with the trust information received from the network-based information server system;
  
  determining that the trusted entity trusts the developer, at least in part, by validating the digital signature relating to the developer using the public key of the trusted entity; and
  
  installing either the application or any other application developed by the developer based on the determining that the trusted entity trusts the developer.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The system of claim 22, wherein the operations further comprise querying a user associated with the system to obtain confirmation that the user trusts the trusted entity.
  - 24. The system of claim 22, wherein the digital signature relating to the developer from the trust information corresponding to the developer and indicating whether the trusted entity trusts the developer is generated by the trusted entity by signing a public key of the developer using a private key of the trusted entity.
  - 25. The system of claim 22, wherein the trust information corresponding to the developer and indicating whether the trusted entity trusts the developer further comprises a certificate associated with the application developer.
  - 26. The system of claim 22, wherein receiving trust information comprises:
    - receiving at least some of the trust information via e-mail.
  - 27. The system of claim 22, wherein receiving trust information comprises:
    - downloading at least some of the trust information from a web site.

28. A non-transitory computer-readable storage medium encoding a computer program product operable to cause data processing apparatus to perform operations comprising:
- identifying, at a computer associated with a user, an application associated with a developer of the application;
  
  receiving trust information at the computer, the trust information corresponding to the application and indicating whether a trusted entity trusts the application, the trusted entity being another user who trusts the application, is trusted by the user and is different than the developer, wherein the received trust information corresponding to the application and indicating whether the trusted entity trusts the application comprises a public key of the trusted entity and a digital signature relating to the application and generated by the trusted entity;
  
  determining that the trusted entity trusts the application at least in part by validating the digital signature relating to the application using the public key associated with the trusted entity; and
  
  installing the application based on the determining that the trusted entity trusts the application.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- - 29. The non-transitory computer-readable storage medium of claim 28, further operable to cause data processing apparatus to perform operations comprising:
    - updating a local cache, retained by the computer, with the trust information received from a network-based information server system.
  - 30. The non-transitory computer-readable storage medium of claim 28, further operable to cause data processing apparatus to perform operations comprising:
    - querying the user to obtain user confirmation that the user trusts the trusted entity.
  - 31. The non-transitory computer-readable storage medium of claim 28, wherein the digital signature relating to the application from the trust information corresponding to the application and indicating whether the trusted entity trusts the application is generated by the trusted entity by signing with a private key of the trusted entity the application to be installed on the computer.
  - 32. The non-transitory computer-readable storage medium of claim 28, wherein the trust information corresponding to the application and indicating whether the trusted entity trusts the application further comprises:
    - a certificate associated with the developer of the application to be installed on the computer.
  - 33. The non-transitory computer-readable storage medium of claim 28, wherein receiving trust information at a computer comprises:
    - receiving at least some of the trust information at the computer from a network based information server system remote from the computer.
  - 34. The non-transitory computer-readable storage medium of claim 28, wherein receiving trust information at a computer comprises:
    - receiving at least some of the trust information via e-mail.
  - 35. The non-transitory computer-readable storage medium of claim 28, wherein receiving trust information at a computer comprises:
    - downloading at least some of the trust information from a web site.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Brichford, Christopher
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Peiliang

Application Number

US12/195,800
Time in Patent Office

2,203 Days
Field of Search

713/156, 713/176, 713/180, 726/2, 717/168, 717/178
US Class Current

713/156
CPC Class Codes

G06F 21/51   at application loading time...

G06F 8/61   Installation

H04L 63/0823   using certificates cryptogr...

H04L 63/123   received data contents, e.g...

Security for software in a computing system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

Security for software in a computing system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links